[pull] master from buildroot:master#1084
Merged
Merged
Conversation
https://matt.ucc.asn.au/dropbear/CHANGES - Security: server: Don't allow -B (accept blank password) with -t (two factor auth). If run with -t and -B a user configured with a blank password would be allowed to log in without pubkey auth. mkj/dropbear@23ec782 Reported by nvidia - Security: server: Fix parsing of long authorized_keys lines. The remainder of a long line would be handled as the start of a new line. In the case where external programs add semi-trusted public keys to authorized_keys, a crafted key might bypass restrictions such as "command=". mkj/dropbear@8d8e193 Reported by nvidia Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
Add upstream commit to buildroot to fix build errors introduced by the upcoming bump of acl to 2.4.0: https://lists.nongnu.org/archive/html/acl-devel/2026-06/msg00000.html "Compatibility Notes - libacl now exports the new functions acl_get_file_at(), acl_set_file_at(), acl_delete_def_file_at(), and acl_extended_file_at(), which are declared in <sys/acl.h>. This may cause conflicts in programs that define functions of the same name and link against libacl. One such program is GNU tar which defines its own versions of functions like acl_get_file_at(). The fix is to rename those functions. (In the case if GNU tar, a fix is already on the way.)" This patch will also fix build errors seen on the autobuilders for host-tar on hosts which already provide acl >= 2.4.0. Fixes: https://autobuild.buildroot.net/results/478/478a9781f481df7cf2eecda80a4c13f900a0dc80/ Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.nongnu.org/archive/html/acl-devel/2026-06/msg00000.html Fixes CVE-2026-54369, CVE-2026-54370 and CVE-2026-54371. Removed patches which are included in this release. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.nongnu.org/archive/html/acl-devel/2026-06/msg00000.html Fixes CVE-2026-54369, CVE-2026-54370 and CVE-2026-54371. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )