fixes:
* path traversal vulnerability in mod_http_files (CVE-2016-1231)
* use of weak PRNG in generation of dialback secrets (CVE-2016-1232)
Signed-off-by: heil <heil@terminal-consulting.de>
- Ensure only valid UTF-8 is passed to libidn. It was found
(CVE-2015-2059) that libidn can read beyond the boundaries of the
provided buffer when an input string contains invalid UTF-8 sequences.
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
recent changes in trunk allow us to specify the userid inside the openwrt makefile.
the info is stored int he meta data of the IPK contorl file and users are generated
by the new generic postinst trigger.
Signed-off-by: John Crispin <blogic@openwrt.org>
This adds the prosody package from the old svn tree. Ive updated
the licensing information and will maintain the package in the
future. This request also updates prosdoy to the latest version 0.9.4.
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>