Skip to content
Snippets Groups Projects
Select Git revision
  • devel default protected
  • pam
  • release-7.3 protected
  • release-7.4.2 protected
  • genxos-12
  • support-radius-ssh
  • roman-7.4.0a2-shsw-perl-noparallel
  • release-6.5 protected
  • iptv
  • nss
  • snmp
  • firewallmngr_uci
  • nw_firewallmngr
  • rt_fail2ban
  • agnau-nginx-lto
  • sshd_maxretries
  • release-7.4.0alpha2-shsw protected
  • rtsp_puse_res_timeout
  • rtsp_70_fix
  • platform-openwrt-23.05.1
  • v14.07
21 results
Search by author
  • Any Author
  • Amin Ben Romdhane Amin Ben Romdhane amin.benromdhane
  • Andreas Gnau Andreas Gnau AGnau
  • Anjan Chanda Anjan Chanda anjancx
  • Balalakshmi Arunachalam Rajendran Balalakshmi Arunachalam Rajendran arbala
  • Benjamin Larsson Benjamin Larsson benjamin
  • Dariusz Iwanoczko Dariusz Iwanoczko dariusz.iwanoczko
  • Divya Chandrasekaran Divya Chandrasekaran divya.c
  • Elena Vengerova Elena Vengerova helen
  • Erik Karlsson Erik Karlsson erik.karlsson
  • Filip Matusiak Filip Matusiak filmat
  • Fredrik Östling Fredrik Östling fredrik.ostling
  • George Yang George Yang gyang
  • Gouri Natarajan Gouri Natarajan gouri.natarajan
  • Grzegorz Sluja Grzegorz Sluja slujagrz
  • Hope Błaszkowska Hope Błaszkowska jakub.blaszk
  • IOPSYS DevOps Bot IOPSYS DevOps Bot devops_robot
  • Jakob Olsson Jakob Olsson jakob
  • Janusz Dziedzic Janusz Dziedzic janusz
  • Jenkins Inteno Jenkins Inteno jenkins
  • Jerome Rogon Jerome Rogon jerome.rogon
20 authors
  1. May 31, 2021
  3. May 10, 2021
    • Daniel Golle's avatar
      exim: update to version 4.94.2 · c241cb12
      Daniel Golle authored 
      
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.

Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      c241cb12
  5. Apr 20, 2021
  7. Apr 14, 2021
  9. Mar 26, 2021
  11. Mar 12, 2021
  13. Mar 04, 2021
  15. Mar 01, 2021
  17. Feb 23, 2021
  19. Feb 21, 2021
  21. Feb 03, 2021
  23. Jan 18, 2021
  25. Jan 11, 2021
  27. Jan 03, 2021
    • Daniel Golle's avatar
      exim: add package · cd587f37
      Daniel Golle authored 
      
Add Exim MTA variants:
 * exim
   plain variant without any TLS library which hence comes
   without TLS, DANE and DKIM.
 * exim-openssl
   linked against libopenssl
 * exim-gnutls
   linked against libgnutls
 * exim-ldap
   linked against libopenssl, libopenldap and libsasl2

Provide packages for lookup modules
 * cdb
 * dbmdb
 * dnsdb
 * json (depends on jansson)
 * mysql (depends on libmariadb)
 * passwd
 * pgsql (depends on libpq)
 * redis (depends on libhiredis)
 * sqlite (depends on libsqlite3)

Note:
As gnutls requires libunbound which depends on libopenssl to provide
libgnutls-dane, disable DANE by default when building with gnutls.

Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      cd587f37
  29. Dec 31, 2020
  31. Dec 14, 2020
  33. Nov 04, 2020
  35. Oct 12, 2020
  37. Oct 08, 2020
  39. Sep 23, 2020
    • Rosen Penev's avatar
      sendmail: update to 8.16.1 · aea52363
      Rosen Penev authored 
      
Refreshed patches and removed upstreamed ones.

Switched main URL and removed others. None of them have the proper
file. The first actually has a bad one. The changed URL is from the
official website.

Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      aea52363
  41. Sep 13, 2020
    • W. Michael Petullo's avatar
      pigeonhole: update to 0.5.11 · c502f261
      W. Michael Petullo authored 
      
This fixes an error in the previous package when building against recent
OpenWrt releases:

In file included from /builder/shared-workdir/build/sdk/staging_dir/target-x86_64_musl/usr/include/dovecot/lib.h:50,
                 from ext-variables-common.c:4:
ext-variables-common.c: In function 'ext_variables_load':
ext-variables-common.c:91:14: error: expected ')' before 'PRIuSIZE_T'
       "(>= %"PRIuSIZE_T" bytes)",

Signed-off-by: default avatarW. Michael Petullo <mike@flyn.org>
      c502f261
  43. Sep 12, 2020
  45. Sep 10, 2020
  47. Sep 08, 2020
  49. Aug 13, 2020
  51. Aug 11, 2020
  53. Aug 10, 2020
  55. Jul 23, 2020
  57. Jul 17, 2020
  59. Jul 08, 2020
  61. Jun 22, 2020
  63. May 29, 2020
  65. May 24, 2020
  67. Apr 29, 2020
  69. Apr 09, 2020
  71. Mar 31, 2020
    • Jeffery To's avatar
      mailman: Remove package · cec41bcc
      Jeffery To authored 
      
This version of mailman will cease to function once Python 2 is removed
from the feed. There does not appear to be any interest in updating this
package to a current version that uses Python 3.

This package will be added to the abandoned packages feed.

Signed-off-by: default avatarJeffery To <jeffery.to@gmail.com>
      cec41bcc
  73. Mar 25, 2020
  75. Mar 16, 2020