These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py
Links to Python issues:
https://bugs.python.org/issue34155https://bugs.python.org/issue38243
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora.
Also took the liberty to update the PKG_SOURCE_URL to a standard one.
Updated the home URL as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 32b23e28ad)
- Use HTTPS in their website
- Remove unnecessary space between PKG_SOURCE_URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
Make sure we force shutdown of UPS only when we should, and when
we should that shutdown happens.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The server and driver were not starting/restarting reliably. In
addition on interface changes NUT got very confused. So we fix
handling of restarts and add a reload trigger for interface
changes.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Extra parameters for the UPS driver were not being handled correctly.
Fix that (was wrong variable name).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The statepath was getting the wrong permission and/or not created
at the right time. This commit includes fixes for handling the
statepath (typically /var/run/nut).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Running as non-root was failing due to misplace local keyword
causing runas to be unset from calling value.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
1) For upsmon start and stop were at wrong position in rc.d
2) Stop needs more than just killing the procd instead but rather
needs a stop command to be issued.
3) Interface up/down was causing not to enter a crashloop (we fix this
with procd trigger on interface changes).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Running as non-root was failing due to misplace local keyword
causing runas to be unset from calling value.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
CONFIG_ARGS has --without-wrap so libwrap as a dependency is
extraneous as it is not actually used.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
