a4c83c11e6
openssl: Updated (1.0.1i -> 1.0.1j) SECURITY! (CVE-2014-3513)
...
also (CVE-2014-3567) and (CVE-2014-3568) and other
non security bugfixes.
10 years ago
90a54a2acd
openssh: Updated (6.6p1 -> 6.7p1) See note!
...
NOTE:
This update mitigates the following security issue:
http://seclists.org/fulldisclosure/2014/Oct/35
also it contains updates that make it potentially
incompatible with previous versions, namingly:
Potentially-incompatible changes
* sshd(8): The default set of ciphers and MACs has been altered to
remove unsafe algorithms. In particular, CBC ciphers and arcfour*
are disabled by default.
The full set of algorithms remains available if configured
explicitly via the Ciphers and MACs sshd_config options.
* sshd(8): Support for tcpwrappers/libwrap has been removed.
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the specification
correctly. OpenSSH 6.7 disables this KEX method when speaking to
one of the affected versions.
10 years ago
725bc61f78
vserver: removed typo hotfix patch.
...
The patch is not obsolete as the typo that it fixes is still there
but the whole code gets disabled if CONFIG_USER_NS is set to n which
is a requirement for the vserver patch.
10 years ago
f5ca8678ec
vserver: added a typo hotfix and forcefuly disabled CONFIG_USER_NS.
10 years ago
25e8cea005
dropbear: Updated (2014.64 -> 2014.65)
...
Also remade the scp install Makefile patch.
10 years ago
87dc3e9e01
dropbear: Updated (2014.63 -> 2014.64)
10 years ago
9579f320eb
arptables: Updated (0.0.3-4 -> 0.0.4)
10 years ago
de2a77dede
vserver: Updated (2.3.6.8 -> 2.3.6.13)
10 years ago
Alejandro Mery
dcda944461
cyrus-sasl2: Updated (2.1.22 -> 2.1.25)
10 years ago
1ba83af33b
heimdal: don't download tag archives
10 years ago
Alejandro Mery
e005071123
openssl: Updated (1.0.1h -> 1.0.1i) [SECURITY]
...
https://www.openssl.org/news/secadv_20140806.txt
* CVE-2014-3505
* CVE-2014-3506
* CVE-2014-3507
* CVE-2014-3508
* CVE-2014-3509
* CVE-2014-3510
* CVE-2014-3511
* CVE-2014-3512
* CVE-2014-5139
Signed-off-by: Alejandro Mery <amery@geeks.cl>
10 years ago
53e58da362
util-vserver: Updated (0.30.216-pre3038 -> 0.30.216-pre3062)
11 years ago
c8732ec59f
vserver: Updated kernel patch (3.10.37-vs2.3.6.8 -> 3.10.43-vs2.3.6.8)
11 years ago
b890d78497
openssl: Updated (1.0.1g -> 1.0.1h) multiple security issues.
...
http://www.openssl.org/news/secadv_20140605.txt
11 years ago
f0c41d39f5
util-vserver: fixed shell scripts to not used getopt --long but -l
11 years ago
16cab7c752
ebtables: changed to use system kernel headers instead of the included ones
11 years ago
8c59745a02
ebtables: fixed installation when cross-compiling when DESTDIR is effective
11 years ago
59b04f6301
libprelude: fixed to build against gnutls 3.2.x
11 years ago
71525de3c5
vserver: Updated kernel patch (3.10.33-vs2.3.6.8 -> 3.10.37-vs2.3.6.8)
11 years ago
1d92510f5d
fail2ban: Updated (0.8.12 -> 0.9.0)
11 years ago
d0c22accac
openssh: Updated (6.2p2 -> 6.6p1)
11 years ago
24599ca39a
cryptsetup: Updated (1.6.3 -> 1.6.4)
...
Because Google doesn't provide any download capabilities for projects hosted
on google code, the downloads are provided on kernel.org servers now.
11 years ago
2e20b57df3
openssl: Updated (1.0.1f -> 1.0.1g) SECURITY! CVE-2014-0160
...
This fixes the TLS heartbeat read overrun (CVE-2014-0160) vulnerability
References:
[1] https://www.openssl.org/news/secadv_20140407.txt
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0160
11 years ago
f3719e7d11
gnupg: Updated (1.4.14 -> 1.4.16)
11 years ago
9efb6aadb6
gnutls: Updated (2.12.23 -> 3.2.12.1)
11 years ago
617fd93779
nettle: Updated (2.4 -> 2.7)
11 years ago
856e6349fa
vserver: updated kernel patch (3.10.27-vs2.3.6.8 -> patch-3.10.33-vs2.3.6.8)
11 years ago
39c85e3fbb
beecrypt: fixed to build and install python modules when cross-compiling
11 years ago
1c48bb6846
heimdal: add patch to use an available libcom_err provided by the system when cross-compiling
11 years ago
e2dfa6122a
heimdal: add patch to use an pre-installed slc from the build host toolchain when cross-compiling
11 years ago
f5316ff364
heimdal: fixed to only install krb5.conf when not at toolchain stage and to properly use $root
11 years ago
7d11f056b5
heimdal: changed to use custmain for toolchain build and also build slc
11 years ago
4dc34e6ff3
heimdal: added bugfix patch for the roken-h-process.pl script
11 years ago
227243a52e
heimdal: added toolchain patch so the tools get installed into bindir
11 years ago
07b56c5e10
heimdal: changed to build minimal tools like asn1_compile at toolchain stage
...
asn1_compile is needed at stage 1 when cross-compiling.
11 years ago
66aeac3e09
heimdal: Updated (1.5.2 -> 1.5.3)
11 years ago
eb9b27cb1c
heimdal: Updated (1.3.3 -> 1.5.2)
11 years ago
8b255bb1f1
krb5: improved to cross-compile if requested by the target
11 years ago
8b6107c665
krb5: Updated (1.10.7 -> 1.12.1)
11 years ago
0fe430aa6d
krb5: Updated (1.10.2 -> 1.10.7)
11 years ago
ec96cb697e
dropbear: Updated (2013.62 -> 2014.63)
11 years ago
11e79a6131
gnutls: Added patch to fix CVE-2014-0092.
11 years ago
b00f14379f
fix cache files to include util-linux instead of util-linux-ng
11 years ago
63d2a47d4e
libgpg-error: fixed to generate proper .pc file
...
I really wonder if that pkgconfig file was ever tested on yocto, but obviously
not. The typo is still present in yocto patch repository.
11 years ago
8a15dde321
vserver: updated kernel patch (3.10.21-vs2.3.6.8 -> 3.10.27-vs2.3.6.8)
11 years ago
fa9ac60572
fail2ban: Updated (0.8.6 -> 0.8.12)
11 years ago
efb0e161b3
cryptsetup: Updated (1.6.2 -> 1.6.3)
11 years ago
0c3986585b
openssl: Updated (1.0.1e -> 1.0.1f) (SECURITY UPDATE)
...
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
*) Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
11 years ago
7b34481173
cryptsetup: changed to cross-compile if requested
11 years ago
f41cbae0aa
vserver: Updated (3.10.9-vs2.3.6.6 -> 3.10.21-vs2.3.6.8)
11 years ago
Nagy Karoly Gabriel
Alejandro Mery
Alejandro Mery
Christian Wiese