Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

opennds: update to version 10.1.3 #1018

Merged
merged 1 commit into from
Aug 28, 2023
Merged

opennds: update to version 10.1.3 #1018

merged 1 commit into from
Aug 28, 2023

Conversation

bluewavenet
Copy link
Contributor

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.1.3)

Security Advisory. This version contains fixes for multiple potential security vulnerabilities Credit - Stanislav Dashevskyi - standash.github.io [standash] It also contains some minor bug fixes

  • Fix - Buffer overflow causing segfault - CVE-2023-41101 [bluewavenet]
  • Fix - Memory leaks due to passing allocated buffer into safe_asprintf() - CVE-2023-41102 [bluewavenet]
  • Fix - Remove deprecated preauth option [bluewavenet]
  • Fix - missing free in show_preauth_page if MHD does not respond [bluewavenet]
  • Fix - more safe_asprintf memory leaks [bluewavenet]
  • Fix - missing free for mark_auth [bluewavenet]
  • Fix - memory leak after starting authmon daemon [bluewavenet]
  • Fix - memory leak in encode_and_redirect_to_splashpage [bluewavenet]
  • Fix - Community themespec, voucher css and logo image [bluewavenet]
  • Fix - ThemeSpec, path to logo in page footer [bluewavenet]
  • Fix - ensure gatewayurl is urldecoded to fix broken css and images in themespec [bluewavenet]
  • Add - set default fas remote fqdn to disabled [bluewavenet]

Signed-off-by: Rob White rob@blue-wave.net

opennds/Makefile Outdated
@@ -30,7 +30,6 @@ define Package/opennds
DEPENDS:=+libmicrohttpd-no-ssl
TITLE:=open Network Demarcation Service
URL:=https://github.com/opennds/opennds
CONFLICTS:=nodogsplash
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was removed by a mistake, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops. Yes!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.1.3)

Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes

  * Fix - Buffer overflow causing segfault - CVE-2023-41101 [bluewavenet]
  * Fix - Memory leaks due to passing allocated buffer into safe_asprintf() - CVE-2023-41102 [bluewavenet]
  * Fix - Remove deprecated preauth option [bluewavenet]
  * Fix - missing free in show_preauth_page if MHD does not respond [bluewavenet]
  * Fix - more safe_asprintf memory leaks [bluewavenet]
  * Fix - missing free for mark_auth [bluewavenet]
  * Fix - memory leak after starting authmon daemon [bluewavenet]
  * Fix - memory leak in encode_and_redirect_to_splashpage [bluewavenet]
  * Fix - Community themespec, voucher css and logo image [bluewavenet]
  * Fix - ThemeSpec, path to logo in page footer [bluewavenet]
  * Fix - ensure gatewayurl is urldecoded to fix broken css and images in themespec [bluewavenet]
  * Add - set default fas remote fqdn to disabled [bluewavenet]

Signed-off-by: Rob White <rob@blue-wave.net>
@bluewavenet
Copy link
Contributor Author

@BKPepe @mwarning @PolynomialDivision
FYI CVE-2023-41101, CVE-2023-41102 and other issues are fixed by this.

@BKPepe BKPepe merged commit 88c98c9 into openwrt:master Aug 28, 2023
11 checks passed
@bluewavenet
Copy link
Contributor Author

@BKPepe
Thank you, much appreciated.
I will let this propagate before cherry picking to stable releases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants