aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* packages: apply usign padding workarounds to package indexes if neededJo-Philipp Wich2019-08-071-2/+6
| | | | | | | | | | | | | | | Since usign miscalculates SHA-512 digests for input sizes of exactly 64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some white space padding to avoid triggering the hashing edge case. While usign itself has been fixed already, there is still many firmwares in the wild which use broken usign versions to verify current package indexes so we'll need to carry this workaround in the forseeable future. Ref: https://forum.openwrt.org/t/signature-check-failed/41945 Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit e1f588e446c7ceb696b644b37aeab9b3476e2a57)
* usign: update to latest Git HEADJo-Philipp Wich2019-08-061-4/+4
| | | | | | | | | | | | | | | This update fixes usign signature verification on files with certain file sizes triggering a bug in the shipped SHA-512 implementation. 5a52b37 sha512: fix bad hardcoded constant in sha512_final() 3e6648b README: replace unicode character 716c3f2 README: add reference to OpenBSD signify 86d3668 README: provide reference for ed25519 algorithm 939ec35 usign: main.c: describe necessary arguments for -G Ref: https://forum.openwrt.org/t/signature-check-failed/41945 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 991dd5a89340367920315a3fd0390a7423e6b34a)
* mac80211: brcm: improve brcmfmac debugging of firmware crashesRafał Miłecki2019-07-282-1/+39
| | | | | | | This provides a complete console messages dump. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f51e2d031e8125632487d2a0f56b9fa31b71e54f)
* mac80211: brcm: update brcmfmac 5.4 patchesRafał Miłecki2019-07-2811-25/+33
| | | | | | | Use commits from wireless-drivers-next.git. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 95745e26b319c630a49d2b8284f8afeaa30506da)
* mac80211: brcmfmac: backport fixes from kernel 5.4Rafał Miłecki2019-07-2211-2/+511
| | | | | | | | | | This fixes: 1) Crash during USB disconnect 2) Crash in brcmf_txfinalize() on rmmod with packets queued 3) Some errors in exit path Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 8231f67218e584be61d32b24bd17cc55e500638c)
* mac80211: brcmfmac: backport previously skipped USB fixesRafał Miłecki2019-07-223-1/+342
| | | | | | They were skipped due to missing BCDC patches that are backported now. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport BCDC layer changes from kernel 4.12Rafał Miłecki2019-07-2243-147/+1390
| | | | | | | | Those changes are needed for backporting more recent crash fixes. There are quite many BCDC patches but it's hopefully a very well tested code by now. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: rename v4.12 patches to allow more backportsRafał Miłecki2019-07-228-0/+0
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* LEDE v17.01.7: revert to branch defaultsJo-Philipp Wich2019-06-211-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* LEDE v17.01.7: adjust config defaultsv17.01.7Jo-Philipp Wich2019-06-211-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* perf: Fix build on aarch64Hauke Mehrtens2019-06-202-2/+2
| | | | | | | Somehow perf depended on libunwind, and libunwind also builds on aarch64. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.10Hauke Mehrtens2019-06-183-30/+30
| | | | | | | This fixes multiple bugs and this security problem: * CVE-2018-19608 Local timing attack on RSA decryption Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Update to version 4.4.182Hauke Mehrtens2019-06-181-0/+65
| | | | | | | | | | | | | | | | | | | | | | | Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 - CVE-2019-11833 - CVE-2019-11091 - CVE-2018-12126 - CVE-2018-12130 - CVE-2018-12127 - CVE-2019-3882 - CVE-2019-6974 - CVE-2019-3819 - CVE-2019-7221 - CVE-2019-7222 - CVE-2019-3701 - CVE-2018-19985 - CVE-2018-1120 And probably more Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: brcmfmac: backport important fixes from kernel 5.2Rafał Miłecki2019-06-169-2/+423
| | | | | | | | | | | 1) Crash/Oops fixes 2) One-line patch for BCM43456 support 3) Fix communication with some specific FullMAC firmwares 4) Potential fix for "Invalid packet id" errors 5) Important helper for reporting FullMAC firmware crashes Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 2cd234d96bd772119363a77a35bffa6a4931613e)
* openssl: update to 1.0.2sEneas U de Queiroz2019-06-012-3/+3
| | | | | | | | This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal, refreshed patches]
* openssl: bump to 1.0.2rDaniel Bailey2019-04-202-6/+6
| | | | | | | | | | | This fixes the following security problems: 1.0.2r: * CVE-2019-1559: 0-byte record padding oracle Signed-off-by: Daniel Bailey <dbailey@datto.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [fixed patch, refreshed patches]
* ca-certificates: update to version 20190110Josef Schlehofer2019-04-201-4/+3
| | | | | | | | | | | | - Tested on Turris MOX, OpenWrt master - Removed PKG_BUILD_DIR In build_dir there were two folders ca-certificates and ca-certificates-20190110 and it failed as files were in ca-certificates-20190110 Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry-picked from commit: f22c33b40cc7b542b3b31fa0d873d28d3a3482b5)
* ca-caertificates: remove myself as PKG_MAINTAINERChristian Schoenebeck2019-04-201-2/+2
| | | | | | | | remove myself as PKG_MAINTAINER Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry-picked from commit: c89195eb25a4dfd093f9d0d3b3adac896bb471ad)
* ca-certificates: ca-bundle: add symlink for openssl default settingYousong Zhou2019-04-201-0/+2
| | | | | | | | | | | | OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is needed for wget-ssl and possibly others to work seamlessly with fresh ca-bundle installation Fixes openwrt/packages#6152 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry-picked from commit: 191078e83d127f5ed9a38366d2edaac49f9333c5)
* ca-certificates: Update to Version 20180409Christian Schoenebeck2019-04-201-2/+2
| | | | | | | | ca-certificates: Update to Version 20180409 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry-picked from commit: 80cb5c5703d7778ee7390da1bcde4878a2349806)
* mac80211: brcmfmac: really add early fw crash recoveryRafał Miłecki2019-04-186-0/+271
| | | | | | | | | Previous commit backported USB fixes instead of firmware crash recovery patches. Fixes: eaef74279c8f ("mac80211: brcmfmac: early work on FullMAC firmware crash recovery") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 2d2e615dee0421e126af9d4ebd49a720e341e3af)
* mac80211: brcmfmac: early work on FullMAC firmware crash recoveryRafał Miłecki2019-04-186-0/+335
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 02aed76968d60d254ab9d0d8768f0c54dbfc6d9d)
* mac80211: brcmfmac: backport 5.0 & 5.1 important changes/fixesRafał Miłecki2019-02-2619-8/+6625
| | | | | | | | | This backports the most important brcmfmac commits that: 1) Fix some bugs 2) Help debugging bugs Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit d32bbd747733de5daeb63a8f2c1307f612422f87)
* mac80211: brcmfmac: pick few 4.17 cleanups required for further fixesRafał Miłecki2019-02-259-7/+633
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: fix a possible NULL pointer dereferenceRafał Miłecki2019-02-111-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a possible crash in the brcmf_fw_request_nvram_done(): [ 31.687293] Backtrace: [ 31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24) [ 31.698043] r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38 [ 31.705928] r4:c78e7d3c r3:00000000 [ 31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c) [ 31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac]) [ 31.726818] r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380 [ 31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60) [ 31.743607] r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300 [ 31.751493] r4:c67f4300 [ 31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318) [ 31.763365] r4:c72c3cc0 [ 31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448) [ 31.774107] r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300 [ 31.781993] r4:c72c3cc0 [ 31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114) [ 31.791949] r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000 [ 31.799836] r4:c735dc00 r3:c79ed540 [ 31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24) [ 31.810672] r7:00000000 r6:00000000 r5:c003974c r4:c735dc00 [ 31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000) [ 31.822487] ---[ end trace a0ffbb07a810d503 ]--- Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 83bcacb5215c21e1894fbe3d651d83948479ce91)
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (backport of commit 989060478ae270885727d91c25b9b52b0f33743c)
* opkg: update to latest Git headJo-Philipp Wich2019-01-221-4/+4
| | | | | | | | | | | | | | | | | | | | | | | d217daf libopkg: fix replacelist parsing and writing 9dd9a07 libopkg: fix segmentation fault when traversing conflicts 34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches() 18740e6 opkg_download: print error when fork() fails e3d7330 libopkg: don't print unresolved dependencies twice 3b417b9 opkg_download: decode file:/ URLs 71c27cb file_util: implement urldecode_path() d1fe095 file_util: consolidate hex/unhex routines ebdfc12 add opkg option http_timeout 9f003e3 opkg: encode archive filenames while constructing download URLs 73e6c81 file_util: implement urlencode_path() helper 468158f libopkg: fix SHA256 calculation for big endian system 4bd8601 pkg_parse: fix segfault when parsing descriptions with leading newlines 52fc006 pkg_alternatives: pass if the desired symlink already exists c668fce opkg: add --no-check-certificate argument 04e279e pkg_alternatives: use ERROR level for symlink failure 546bc72 pkg: alternatives support Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 1bd18f2b5cbf1c9c384e9725eff7804decf88c90)
* opkg: switch source url to git.openwrt.orgJo-Philipp Wich2019-01-221-2/+2
| | | | | | | | As LEDE is rebranding to OpenWrt now, adjust the Git source references accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit da95c9aa17814d691a7fed6e8297fb29c5600c27)
* opkg: drop argument from check_signature in opkg.confJonas Gorski2019-01-221-2/+2
| | | | | | | | | | | check_signature is a bool option and doesn't take any arguments. The presence of the 1 falsely suggests setting it to 0 disables the check, while the option actually needs to be removed or commented out to be disabled. So remove the argument to make it more clear. Fixes: beca028bd6bb ("build: add integration for managing opkg package feed keys") Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> (backported from commit d3bf5ff9bc7b55b2a3dab93853b33a0cd2c4ca47)
* base-files: install missing /etc/iproute2/ematch_mapTony Ambardar2019-01-221-0/+8
| | | | | | | | | This file is needed to properly use the tc ematch modules present in kmod-sched-core and kmod-sched. It is a read-only index file of ematch methods used only by tc. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> [cherry picked from commit 10a2ccb7fceef3a6dea4ece14e6141a807292d5f]
* base-files: fix postinstall uci-defaults removalTony Ambardar2019-01-221-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 7f694582 introduced a bug where default_postinst() often fails to remove a uci-defaults script after application, leaving it to run again after a reboot. (Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6) The subtle problem arises from the shell logical chain: [ -f "$i" ] && . "$i" && rm -f "$i" Most uci-defaults scripts contain a terminal 'exit 0' statement which, when sourced, results in the logic chain exiting before executing 'rm -f'. This was observed while testing upgrades of 'luci-app-sqm'. The solution is to wrap the shell sourcing in a subshell relative to the command 'rm -f': ( [ -f "$i" ] && . "$i" ) && rm -f "$i" Revert to using 'grep' to prefilter the list of entries from the control file, which yields the full path of uci-defaults scripts. This allows keeping the existence check, directory change and script sourcing inside the subshell, with the script removal correctly outside. This approach avoids adding a second subshell only around the "." (source) command. The change also preserves the fix FS#1021, since the full path is used to source the script, which is POSIX-portable irrespective of PATH variable or reference to the CWD. Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (backported from 4097ab6a975902b170dd7f7ac6c8025e5f32ef8d)
* mac80211: brcmfmac: fix use-after-free & possible NULL pointer dereferenceRafał Miłecki2019-01-081-2/+2
| | | | | | | | | | | 1) Using fwctx variable after brcmf_fw_request_done() was executed meant accessing freed memory. 2) Using fwctx->completion for the wait_for_completion_timeout() call could reuslt in NULL pointer dereference on fw loading error or if brcmf_fw_request_done() was executed quickly enough. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 529c95cc15dc9fcc7709400cc921f2a3c03cd263)
* rpcd: update to latest Git headJo-Philipp Wich2018-12-121-3/+3
| | | | | | | | | | | | | | | | 3aa81d0 file: access exec timeout via daemon ops structure 7235f34 plugin: store pointer to exec timeout value in the ops structure ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout c79ef22 main: fix logic bug when not specifying a timeout option 2cc4b99 file: use global exec timeout instead of own hardcoded limit ecd1660 exec: increase maximum execution time to 120s 41333ab uci: tighten uci reorder operation error handling f91751b uci: tighten uci delete operation error handling c2c612b uci: tighten uci set operation error handling 948bb51 uci: tighten uci add operation error handling 51980c6 uci: reject invalid section and option names Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: procd_send_signal use signal namesKevin Darbyshire-Bryant2018-12-112-1/+5
| | | | | | | | | | | | Usage documentation for 'procd_send_signal' states "The signal is SIGHUP by default, and must be specified by NAME." Make actual behaviour match the stated documented behaviour. https://wiki.openwrt.org/inbox/procd-init-scripts Suggested-by: Jo-Philip Wich <jow@mein.io> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 37bb463daa21e2c97365c6543b2bfdfe673c5baa)
* base-files: fix prerm return value, align with postinst codeTony Ambardar2018-11-291-5/+10
| | | | | | | | | | | | | | | | The return value of a package prerm script is discarded and not returned correctly by default_prerm(). This allows other operations like service shutdown to "leak" their return value, prompting workarounds like commit 48cfc826 which do not address the root cause. Preserve a package prerm script return value for use by default_prerm(), sharing the corresponding code from default_postinst() for consistency. Also use consistent code for handling of /etc/init.d/ scripts. Run Tested on: LEDE 17.01.4 running ar71xx. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 8806da86f5da3b1b1e4d24259d168e2219c01a26)
* uhttpd: update to latest Git headJo-Philipp Wich2018-11-281-3/+3
| | | | | | | | | | | | | | | | | | cdfc902 cgi: escape url in 403 error output 0bba1ce uhttpd: fix building without TLS and Lua support 2ed3341 help: document -A option fa5fd45 file: fix CPP syntax error 77b774b build: avoid redefining _DEFAULT_SOURCE b741dec lua: support multiple Lua prefixes 952bf9d build: use _DEFAULT_SOURCE 30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods 796d42b client: flush buffered SSL output when tearing down client ustream 393b59e proc: expose HTTP Origin header in process environment 8109b95 file: escape strings in HTML output d3b9560 utils: add uh_htmlescape() helper db86175 lua: honour size argument in recv() Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)
* base-files: fix unkillable processes after restartLinus Kardell2018-11-221-0/+1
| | | | | | | | | | | | | | | | When restart is run on an init script, the script traps SIGTERM. This is done as a workaround for scripts named the same name as the program they start. In that case, the init script process will have the same name as the program process, and so when the init script runs killall, it will kill itself. So SIGTERM is trapped to make the init script unkillable. However, the trap is retained when the init script runs start, and thus processes started by restart will not respond to SIGTERM, and will thus be unkillable unless you use SIGKILL. This fixes that by removing the trap before running start. Signed-off-by: Linus Kardell <linus@telliq.com> (cherry picked from commit 2ac1a57677ce4e21513dca2a8efab1eb6e0a9c58)
* libubox: update to latest git HEADRafał Miłecki2018-11-161-3/+3
| | | | | | 4382c76 switch from typeof to the more portable __typeof__ Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: add 2 more recent changesRafał Miłecki2018-11-093-0/+112
| | | | | | | | | | First one is a fix for reporting channels to the user space. Important for users as they could try setting invalid channel and fail to start an interface. Later is a support for newer FullMAC chipset firmwares. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmutil: backport chanspec debugging patchRafał Miłecki2018-11-071-0/+83
| | | | | | It helps debugging possible WARN-ings. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport the latest 4.20 changesRafał Miłecki2018-11-073-0/+187
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b50f162b3cce3d95874e4394f4765413f58765f1)
* mac80211: brcmfmac: rename 4.20 backport patchesRafał Miłecki2018-11-073-0/+0
| | | | | | Include kernel version to help tracking changes. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: add iw command wrapper with error loggingRafał Miłecki2018-11-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | Currently it's close to impossible to tell what part of mac80211 setup went wrong. Errors logged into system log look like this: radio0 (6155): command failed: No error information (-524) radio0 (6155): command failed: Not supported (-95) radio0 (6155): command failed: I/O error (-5) radio0 (6155): command failed: Too many open files in system (-23) With this commit change it's getting clear: command failed: No error information (-524) Failed command: iw dev wlan0 del command failed: Not supported (-95) Failed command: iw phy phy0 set antenna_gain 0 command failed: I/O error (-5) Failed command: iw phy phy0 set distance 0 command failed: Too many open files in system (-23) Failed command: iw phy phy0 interface add wlan0 type __ap Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit ffa80bf5a784a34b81e32144669f30560780bdb6)
* mac80211: brcmfmac: backport first important changes from the 4.20Rafał Miłecki2018-09-123-0/+170
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* LEDE v17.01.6: revert to branch defaultsHauke Mehrtens2018-09-021-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* LEDE v17.01.6: adjust config defaultsv17.01.6Hauke Mehrtens2018-09-021-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* grub2: rebase patchesJo-Philipp Wich2018-08-301-8/+4
| | | | | | | | | | Patch 300-CVE-2015-8370.patch was added without proper rebasing on the version used by OpenWrt, make it apply and refresh the patch to fix compilation. Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 9ffbe84ea49fc643f41bfdf687de99aee17c9154)
* bzip2: Fix CVE-2016-3189Rosen Penev2018-08-302-1/+12
| | | | | | | | | | | Issue causes a crash with specially crafted bzip2 files. More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)
* grub2: Fix CVE-2015-8370Rosen Penev2018-08-302-1/+45
| | | | | | | | | | | | This CVE is a culmination of multiple integer overflow issues that cause multiple issues like Denial of Service and authentication bypass. More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 7e73e9128f6a63b9198c88eea97c267810447be4)