Includes fixes for:
* Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and
CVE-2019-12900
* CVE-2022-26488: Escalation of privilege via Windows Installer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes security issues:
* CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the
CLOSE_WAIT state blocking indefinitely when
out-of-order processing was disabled.
* CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside
the configured bailiwick.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.
Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e871318002)
Update nano to 6.2.
Remove inactive second maintainer.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a3f14c5114)
[removed AUTORELEASE]
The runtime testing always ran on master branch aka snapshots since the
branch wasn't passed over to the container execution!
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit f535d77090)
Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.
Add a new nano-plus variant that enables selected additional
features in the build config:
* multiple files (multibuffer)
* Unicode/utf8
* justify
* .nanorc support
* help
* also some key bindings get enabled as "tiny" configure option
is removed.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 85cb71d8d8)
Remove paxctl stuff. pax is not packaged in OpenWrt.
Add reload support.
Install lua cfg file as 644. It's needed to be readable as prosody user
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eb46e231cd)
The previous one was wrong, and it did not work. It could be checked
inside compiled package in control.tar.gz that there was missing
``conffiles`` file with content `/etc/config/tvheadend`
It is also possible to verify that the config is not overwritten on the router
by running ``opkg install tvheadend --force-reinstall``
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 752d1ffc28)
The current init script is using the deprecated -nd flag. This updates netdata to be started with -D.
Signed-off-by: James White <james@jmwhite.co.uk>
(cherry picked from commit cf9d5a8870)
The postrm script was missing shebang. Postrm scripts are packaged and
executed directly and not sourced by default script (as in case of prerm
and postinst).
Also move some indents around to not confuse reader. The section in
postinst was indented to same level as grep "condition" but is on same
level as initial grep (not part of that "condition").
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit d2d193d818)
Update nano editor to version 6.0
Version 6.0 enable toggling the display of the line numbers with
the shortcut key M-N (Alt-n). Also the cmdline option "-l" works.
Remove earlier patch regarding that.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from commits 0571f5400, 9023845d5 and ae7f62d63)
Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).
I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.
1. 809d5e8..44c009b.patch
Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Also bump the version in syslog-ng config file.
Removes this warning:
Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.33'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2d2fd36e28)
Details:
- Cleaned up whitespace and removed comments (refer to official PHP documentation for that)
- Removed directives that no longer exist as of PHP 7.2.34
- Added '~E_DEPRECATED' to 'error_reporting'
Directives removed that no longer exist as of PHP 7.2.34:
- zend.ze1_compatibility_mode
- y2k_compliance
- register_globals
- register_long_arrays
- magic_quotes_gpc
- magic_quotes_runtime
- magic_quotes_sybase
- always_populate_raw_post_data
Signed-off-by: Giovanni Giacobbi <giovanni@giacobbi.net>
