net/asterisk22: Update 20.18.1 => 20.18.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
PR: 293361
[8 lines not shown]
net/asterisk22: Update 22.8.1 => 22.8.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html
PR: 293361
[8 lines not shown]
net/asterisk22: Update 20.18.1 => 20.18.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
PR: 293361
[6 lines not shown]
net/asterisk22: Update 22.8.1 => 22.8.2
Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
ast_debug_tools.conf from /etc/asterisk; potentially leading to
privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
page echos user supplied values(cookie and query string) without
sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
file to world writeable folder; leading to potential privilege
escalation.
Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html
PR: 293361
[6 lines not shown]
Prevent false ELOOP error in socket splicing.
To avoid endless splicing loops, the mbuf's lifetime is limited by
the ph_loopcnt counter. Each time somove() runs, it compares the
value to a maximum and increments.
In the unlikely case that the drain buffer is full, the mbuf stays
in the source buffer after incrementing. When more data arrives
and somove() is called, the counter at the same mbuf is incremented
again. Eventually the maxium could be reached and splicing dissolves
with ELOOP. This is not intended for mbufs which are never moved,
we want to count the moves.
Fix the race and increment just before sending the mbuf out to the
drain buffer.
OK mvs@
multimedia/tsduck: disable tsduck on 13
Mark tsduk broken on FreeBSD 13, OpenSSL 3.0 is required.
Also remove unnecessary dependencies and bump PORTREVSION
PR: 292353
PR: 292718
Reported-by: Thierry Lelegard <thierry at lelegard.fr> (maintainer)
(cherry picked from commit bf75792f904db2621d101aa4eab92184860d3325)
Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux
Pull fsverity fixes from Eric Biggers:
- Fix a build error on parisc
- Remove the non-large-folio-aware function fsverity_verify_page()
* tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux:
fsverity: fix build error by adding fsverity_readahead() stub
fsverity: remove fsverity_verify_page()
f2fs: make f2fs_verify_cluster() partially large-folio-aware
f2fs: remove unnecessary ClearPageUptodate in f2fs_verify_cluster()
Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux
Pull crypto library fix from Eric Biggers:
"Fix a big endian specific issue in the PPC64-optimized AES code"
* tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux:
lib/crypto: powerpc/aes: Fix rndkey_from_vsx() on big endian CPUs