A check for python-ply has been added as this is a dependency of the
dnssec-keymgr script so install host-python-ply to avoid a build failure
if python-ply is not installed on host
Fixes:
- http://autobuild.buildroot.org/results/96815b1300547c976443bf74b762febdfcc8d3ba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 89e70a7077f772cafcc602d8b560e3c954419a06)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 76722342000d (gst1-plugins-base: bump version to 1.12.0), the unknown
options were removed, but the comment associated to --disable-gio_unix_2_0
was left out.
Drop it now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80a5217476c45e765db45acd8782f7f854783f93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.
For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c21edddec9043617f9a1d7fe8ad8ea1770846b82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate fragmentation reassembly state
properly for a case where an unexpected fragment could be received. This
could result in process termination due to NULL pointer dereference.
For details, see the advisory:
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b3adfacdb110fe5508284cf5159447492cffe944)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2019-7317: png_image_free in png.c in libpng 1.6.36 has a use-after-free
because png_image_free_function is called under png_safe_execute.
Update license hash for a change in copyright year and typo fixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit bc4ac7da33ca6605de4128fb22ce2258be0f551a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
https://kb.isc.org/docs/cve-2018-5743
- CVE-2019-6467: An error in the nxdomain redirect feature can cause
BIND to exit with an INSIST assertion failure in query.c
https://kb.isc.org/docs/cve-2019-6467
- CVE-2019-6468: BIND Supported Preview Edition can exit with an
assertion failure if nxdomain-redirect is used
https://kb.isc.org/docs/cve-2019-6468
Add an upstream patch to fix building on architectures where bind does not
implement isc_atomic_*.
Upstream moved to a 2019 signing key, so update comment in .hash file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fc8ace0938a0bcf2e9fa628a88853252eabc991d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during mail delivery when using invalid UTF8 in
From or Subject header when OX push notification driver is used.
https://dovecot.org/pipermail/dovecot-news/2019-April/000406.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 89c7e417ede23c9f3583391a882c10d825527727)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
