These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py
Links to Python issues:
https://bugs.python.org/issue34155https://bugs.python.org/issue38243
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Simplified the Makefile and fixes compilation with uClibc-ng. Also added
IPv6 support.
Took the time to clean up the Makefile with other useful options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit 012e4c1)
Additionally to the fix issued for #6923, we need to disable the docbook
usage also for the host build. This prevents the following error:
checking for docbook2man... docbook2man
configure: error: Your local docbook2man was found to work with SGML rather
than XML. Please install docbook2X and use variable DOCBOOK_TO_MAN to point
configure to command docbook2x-man of docbook2X.
Or use DOCBOOK_TO_MAN="xmlto man --skip-validation" if you have xmlto around.
You can also configure using --without-docbook if you can do without a man
page for xmlwf.
Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
CVE-2013-7459 and CVE-2018-6594. Both patches taken from Fedora.
Also took the liberty to update the PKG_SOURCE_URL to a standard one.
Updated the home URL as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 32b23e28ad)
- Use HTTPS in their website
- Remove unnecessary space between PKG_SOURCE_URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Fixes compilation with -Werror=implicit-function-declaration .
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
This patch updates OpenLDAP to 2.4.47, introduces new build
parameters and places openldap-server, openldap-utils and
libopenldap under a separate menu item in Network.
OpenLDAP is difficult to find in menuconfig at present. Making
a separate menu item for OpenLDAP for selection of packages and
enabling or disabling build parameters makes better sense.
To have access to the loglevel directive, OpenLDAP must be built
with debugging information. Having access to the loglevel directive
is essential during the initial configuration of OpenLDAP server.
International users may want to enable ICU support to have access
to international characters.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
Christian Lachner