GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
Make sure we force shutdown of UPS only when we should, and when
we should that shutdown happens.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The server and driver were not starting/restarting reliably. In
addition on interface changes NUT got very confused. So we fix
handling of restarts and add a reload trigger for interface
changes.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Extra parameters for the UPS driver were not being handled correctly.
Fix that (was wrong variable name).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The statepath was getting the wrong permission and/or not created
at the right time. This commit includes fixes for handling the
statepath (typically /var/run/nut).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Running as non-root was failing due to misplace local keyword
causing runas to be unset from calling value.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
1) For upsmon start and stop were at wrong position in rc.d
2) Stop needs more than just killing the procd instead but rather
needs a stop command to be issued.
3) Interface up/down was causing not to enter a crashloop (we fix this
with procd trigger on interface changes).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Running as non-root was failing due to misplace local keyword
causing runas to be unset from calling value.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
CONFIG_ARGS has --without-wrap so libwrap as a dependency is
extraneous as it is not actually used.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Needed to avoid error in case xxd is not installed:
[ 16%] Generating html.h from index.html
/bin/sh: 1: CMAKE_XXD-NOTFOUND: not found
CMakeFiles/ttyd.dir/build.make:61: recipe for target 'html.h' failed
make[6]: *** [html.h] Error 127
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 773c19afad)
The speedtest-netperf.sh script measures the network throughput while
monitoring latency under load and capturing key CPU usage and frequency
statistics. The script can emulate a web-based speed test by downloading
and then uploading from an internet server, or perform simultaneous
download and upload to mimic the stress of the FLENT test program.
It simplifies tasks such as validating ISP provisioned speeds or setting
up and fine-tuning SQM, directly on the router. The CPU usage details
can also help determine if the demands of SQM, routing and other tasks
such as the test itself are exhausting the device's CPUs.
This script leverages earlier scripts from the CeroWrt project used for
bufferbloat mitigation, betterspeedtest.sh and netperfrunner.sh. They are
used with the permission of the author, Rich Brown.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry-picked from 463590e2bc)
This project seems abandoned. Updated to latest version.
Also cleaned up the Makefile quite a bit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from dff6d2639e)
Fixes CVEs:
CVE-2018-5738
CVE-2018-5740
CVE-2018-5743
CVE-2018-5744
CVE-2018-5745
CVE-2019-6465
CVE-2019-6471
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[mention fixed CVEs;patches: refreshed and removed those which are in
upstream now]
Fixes CVE-2019-9923
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[mention CVE in commit message]
Do not inlcude <netinet/in.h> when using glibc to avoid various
redefinitions.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry-picked from 0c995cabe7)
