Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 81629ba591.
So that we have a working ModemManager again and can look at the problem
revert the update to version 2.78.4 for now.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 08c7b0dfca.
changelogs: https://github.com/containers/netavark/releases
wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
efivar fails to build with mold linker, so it should
be opted out. I also added missing maintainer.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
For some strange reason, glib2 does not link properly with a static
pcre2. Work around by bundling own copy.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
softethervpn5: The softethervpn5 package is due for an update from recent source. This PR implements a Makefile update to pull December 2023 release, which includes fixes for recently-disclosed vulnerabilities. The build patches are also updated accordingly.
Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
libstrophe is dual-licensed as MIT OR GPL-3.0-only, which is also
reflected by the SPDX-License-Identifier lines in the source files.
Correct PKG_LICENSE in the Makefile accordingly.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
stlink is an open source toolset to program and debug STM32 devices
and boards manufactured by STMicroelectronics.
Resulting binary packages:
* stlink - library and shared chip info data
* st-info - a programmer and chip information tool
* st-flash - a flash manipulation tool
* st-trace - a logging tool to record information on execution
* st-util - a GDB server
Signed-off-by: Daniel Golle <daniel@makrotopia.org>