Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.
Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
If specifiying the source address or interface to be used
when contacting upstream name servers such as:
server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
server=8.8.8.8@eth0 then all would use the same socket
bound to the explicitly configured port. Now only
server=8.8.8.8@1.2.3.4#66 will use the explicitly
configured port and the others random source ports.
Remove upstreamed patches and update remaining patch.
Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Co-authored-by: Alan Swanson <reiver@improbability.net>
默认情况下 SSR PLUS DNS结果根本无法缓存(由于引入拒绝ipv6结果导致的问题),nslookup & dig 延迟每次依然有200-300多.
dnsmasq处设置缓存依然无效,设置TTL也无效,应该是bug。
解决办法是手动指定缓存TTL为最大一小时。域名查询实测有效缓存0延迟。
此变更仅使开启dnsmasq缓存的情况下正常工作。
The can-dev.ko kernel module was moved in kernel 5.4.110 and 5.10.28.
Fixes: 5dcbd82 ("kernel: bump 5.4 to 5.4.110")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Also compatible with kernel 4.x]
Signed-off-by: AmadeusGhost <amadeus@jmu.edu.cn>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Co-authored-by: Magnus Kroken <mkroken@gmail.com>
This version fixes 2 security vulnerabilities, among other changes:
- CVE-2021-3450: problem with verifying a certificate chain when using
the X509_V_FLAG_X509_STRICT flag.
- CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
