1. 23 Oct, 2021 2 commits
  2. 19 Oct, 2021 2 commits
  3. 08 Oct, 2021 4 commits
  4. 26 Sep, 2021 4 commits
    • wangmy's avatar
      apache2: upgrade 2.4.48 -> 2.4.49 · f44e1a2b
      wangmy authored
      
      Changes with Apache 2.4.49
      
        *) SECURITY: CVE-2021-40438 (cve.mitre.org)
           mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
      
        *) SECURITY: CVE-2021-39275 (cve.mitre.org)
           core: ap_escape_quotes buffer overflow
      
        *) SECURITY: CVE-2021-36160 (cve.mitre.org)
           mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
      
        *) SECURITY: CVE-2021-34798 (cve.mitre.org)
           core: null pointer dereference on malformed request
      
        *) SECURITY: CVE-2021-33193 (cve.mitre.org)
           mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
      
        *) core/mod_proxy/mod_ssl:
           Adding `outgoing` flag to conn_rec, indicating a connection is
           initiated by the server to somewhere, in contrast to incoming
           connections from clients.
           Adding 'ap_ssl_bind_outgoing()` function that marks a connection
           as outgoing and is used by mod_proxy instead of the previous
           optional function `ssl_engine_set`. This enables other SSL
           module to secure proxy connections.
           The optional functions `ssl_engine_set`, `ssl_engine_disable` and
           `ssl_proxy_enable` are now provided by the core to have backward
           compatibility with non-httpd modules that might use them. mod_ssl
           itself no longer registers these functions, but keeps them in its
           header for backward compatibility.
           The core provided optional function wrap any registered function
           like it was done for `ssl_is_ssl`.
           [Stefan Eissing]
      
        *) mod_ssl: Support logging private key material for use with
           wireshark via log file given by SSLKEYLOGFILE environment
           variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]
      
        *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
           "ProxyPassInterpolateEnv On" are configured.  PR 65549.
           [Joel Self <joelself gmail.com>]
      
        *) mpm_event: Fix children processes possibly not stopped on graceful
           restart.  PR 63169.  [Joel Self <joelself gmail.com>]
      
        *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
           protocols from mod_proxy_http, and a timeout triggering falsely when
           using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
           upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]
      
        *) mod_unique_id: Reduce the time window where duplicates may be generated
           PR 65159
           [Christophe Jaillet]
      
        *) mpm_prefork: Block signals for child_init hooks to prevent potential
           threads created from there to catch MPM's signals.
           [Ruediger Pluem, Yann Ylavic]
      
        *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
           PR 65159" added in 2.4.47.
           This causes issue on Windows.
           [Christophe Jaillet]
      
        *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]
      
        *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
           as successful or a staged renewal is replacing the existing certificates.
           This avoid potential mess ups in the md store file system to render the active
           certificates non-working. [@mkauf]
      
        *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
           [Yann Ylavic]
      
        *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
           connections. If ALPN protocols are provided and sent to the
           remote server, the received protocol selected is inspected
           and checked for a match. Without match, the peer handshake
           fails.
           An exception is the proposal of "http/1.1" where it is
           accepted if the remote server did not answer ALPN with
           a selected protocol. This accomodates for hosts that do
           not observe/support ALPN and speak http/1.x be default.
      
        *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
           with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
           [Yann Ylavic]
      
        *) mod_dav: Add method_precondition hook. WebDAV extensions define
           conditions that must exist before a WebDAV method can be executed.
           This hook allows a WebDAV extension to verify these preconditions.
           [Graham Leggett]
      
        *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
           modules apart from versioning implementations to handle the REPORT method.
           [Graham Leggett]
      
        *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
           dav_get_resource() to mod_dav.h. [Graham Leggett]
      
        *) core: fix ap_escape_quotes substitution logic. [Eric Covener]
      
        *) Easy patches: synch 2.4.x and trunk
           - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
           - mod_ldap: log and abort locking errors.
           - mod_ldap: style fix for r1831165
           - mod_ldap: build break fix for r1831165
           - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
           - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
           - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
           - mod_rewrite: Save a few cycles.
           - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
           - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
          [Christophe Jaillet]
      
        *) core/mpm: add hook 'child_stopping` that gets called when the MPM is
           stopping a child process. The additional `graceful` parameter allows
           registered hooks to free resources early during a graceful shutdown.
           [Yann Ylavic, Stefan Eissing]
      
        *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
           balancer-manager, which can lead to a crash.  [Yann Ylavic]
      
        *) mpm_event: Fix graceful stop/restart of children processes if connections
           are in lingering close for too long.  [Yann Ylavic]
      
        *) mod_md: fixed a potential null pointer dereference if ACME/OCSP
           server returned 2xx responses without content type. Reported by chuangwen.
           [chuangwen, Stefan Eissing]
      
        *) mod_md:
           - Domain names in `<MDomain ...>` can now appear in quoted form.
           - Fixed a failure in ACME challenge selection that aborted further searches
             when the tls-alpn-01 method did not seem to be suitable.
           - Changed the tls-alpn-01 setup to only become unsuitable when none of the
             dns names showed support for a configured 'Protocols ... acme-tls/1'. This
             allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
           [Stefan Eissing]
      
        *) Add CPING to health check logic. [Jean-Frederic Clere]
      
        *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
      
        *) core, h2: common ap_parse_request_line() and ap_check_request_header()
           code. [Yann Ylavic]
      
        *) core: Add StrictHostCheck to allow unconfigured hostnames to be
           rejected. [Eric Covener]
      
        *) htcacheclean: Improve help messages.  [Christophe Jaillet]
      Signed-off-by: default avatarWang Mingyu <wangmy@fujitsu.com>
      Signed-off-by: default avatarKhem Raj <raj.khem@gmail.com>
      (cherry picked from commit 54a96fa4
      
      )
      Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
      f44e1a2b
    • zangrc's avatar
      dash: upgrade 0.5.11.3 -> 0.5.11.5 · 135af4f1
      zangrc authored
      
      parser: Fix VSLENGTH parsing with trailing garbage
      eval: Do not cache value of eflag in evaltree
      Signed-off-by: default avatarZang Ruochen <zangrc.fnst@fujitsu.com>
      Signed-off-by: default avatarKhem Raj <raj.khem@gmail.com>
      (cherry picked from commit 633f2115
      
      )
      Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
      135af4f1
    • zangrc's avatar
      crash: upgrade 7.2.9 -> 7.3.0 · 929c2eeb
      zangrc authored
      
      Refresh the following patch:
      donnot-extract-gdb-during-do-compile.patch
      remove-unrecognized-gcc-option-m32-for-mips.patch
      
      0001-printk-add-support-for-lockless-ringbuffer.patch
      0002-printk-use-committed-finalized-state-values.patch
      Removed since these are included in 7.3.0.
      Signed-off-by: default avatarZang Ruochen <zangrc.fnst@fujitsu.com>
      Signed-off-by: default avatarKhem Raj <raj.khem@gmail.com>
      (cherry picked from commit c833f024
      
      )
      [Fixes issue with 5.10 kernel]
      Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
      929c2eeb
    • Alexander Kanavin's avatar
      can-utils: rrecommend iproute2 to make it possible to configure can interfaces · 62a8dfa7
      Alexander Kanavin authored
      
      This replicates the fix from canutils.bb, for the same issue. See the link
      in the comment for details.
      Signed-off-by: default avatarAlexander Kanavin <alex@linutronix.de>
      Signed-off-by: default avatarKhem Raj <raj.khem@gmail.com>
      (cherry picked from commit 020b87ad
      
      )
      Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
      62a8dfa7
  5. 20 Sep, 2021 1 commit
  6. 15 Sep, 2021 1 commit
  7. 14 Sep, 2021 1 commit
  8. 09 Sep, 2021 1 commit
  9. 07 Sep, 2021 5 commits
  10. 06 Sep, 2021 2 commits
  11. 04 Sep, 2021 1 commit
  12. 03 Sep, 2021 2 commits
  13. 27 Aug, 2021 2 commits
  14. 25 Aug, 2021 2 commits
    • Roland Hieber's avatar
      ldns: fix override syntax · 341fcf67
      Roland Hieber authored
      Commit 2e794f33 cherry-picked a fix from master, which used
      the new override syntax, which was introduced in poky commit
      2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new
      override syntax"). However, this change was merged after 3.4_M2 and is
      not part of hardknott, so bitbake complains about the new syntax:
      
          ERROR: ParseError at
          …/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb:20:
          unparsed line: 'do_install:append() {'
      
      Revert to the old syntax on the hardknott branch for now.
      
      Fixes: 2e794f33
      
       (2021-08-09, "ldns: fix QA Issue after LDFLAGS change")
      Signed-off-by: default avatarRoland Hieber <rhi@pengutronix.de>
      Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
      341fcf67
    • Roland Hieber's avatar
      curlpp: fix override syntax · 323f3356
      Roland Hieber authored
      Commit bca3bbbf cherry-picked a fix from master, which used
      the new override syntax, which was introduced in poky commit
      2abf8a699edd513405be (2021-07-25, "bitbake: bitbake: Switch to using new
      override syntax"). However, this change was merged after 3.4_M2 and is
      not part of hardknott, so bitbake complains about the new syntax:
      
          ERROR: ParseError at
          …/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb:20:
          unparsed line: 'do_install:append() {'
      
      Revert to the old syntax on the hardknott branch for now.
      
      Fixes: bca3bbbf
      
       (2021-08-09, "curlpp: fix QA Issue after LDFLAGS change")
      Signed-off-by: default avatarRoland Hieber <rhi@pengutronix.de>
      Signed-off-by: default avatarArmin Kuster <akuster808@gmail.com>
      323f3356
  15. 21 Aug, 2021 1 commit
  16. 15 Aug, 2021 2 commits
  17. 14 Aug, 2021 5 commits
  18. 10 Aug, 2021 1 commit
  19. 08 Aug, 2021 1 commit