Nagy Karoly Gabriel
879991d3c5
openssl: Updated (1.0.1j -> 1.0.1k) SECURITY! See note.
...
This update solves eight security issues namingly:
1. DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
2. DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
3. no-ssl3 configuration sets method to NULL (CVE-2014-3569)
4. ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
5. RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
6. DH client certificates accepted without verification [Server] (CVE-2015-0205)
7. Certificate fingerprints can be modified (CVE-2014-8275)
8. Bignum squaring may produce incorrect results (CVE-2014-3570)
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
10 years ago
Nagy Karoly Gabriel
58a90ab362
gnutls: Updated (3.2.12.1 -> 3.2.20) SECURITY! (CVE-2014-8564)
10 years ago
Nagy Karoly Gabriel
ec8aa8cb36
dropbear: Updated (2014.65 -> 2014.66)
10 years ago
Nagy Karoly Gabriel
a4c83c11e6
openssl: Updated (1.0.1i -> 1.0.1j) SECURITY! (CVE-2014-3513)
...
also (CVE-2014-3567) and (CVE-2014-3568) and other
non security bugfixes.
10 years ago
Nagy Karoly Gabriel
90a54a2acd
openssh: Updated (6.6p1 -> 6.7p1) See note!
...
NOTE:
This update mitigates the following security issue:
http://seclists.org/fulldisclosure/2014/Oct/35
also it contains updates that make it potentially
incompatible with previous versions, namingly:
Potentially-incompatible changes
* sshd(8): The default set of ciphers and MACs has been altered to
remove unsafe algorithms. In particular, CBC ciphers and arcfour*
are disabled by default.
The full set of algorithms remains available if configured
explicitly via the Ciphers and MACs sshd_config options.
* sshd(8): Support for tcpwrappers/libwrap has been removed.
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the specification
correctly. OpenSSH 6.7 disables this KEX method when speaking to
one of the affected versions.
10 years ago
Nagy Karoly Gabriel
725bc61f78
vserver: removed typo hotfix patch.
...
The patch is not obsolete as the typo that it fixes is still there
but the whole code gets disabled if CONFIG_USER_NS is set to n which
is a requirement for the vserver patch.
10 years ago
Nagy Karoly Gabriel
f5ca8678ec
vserver: added a typo hotfix and forcefuly disabled CONFIG_USER_NS.
10 years ago
Nagy Karoly Gabriel
25e8cea005
dropbear: Updated (2014.64 -> 2014.65)
...
Also remade the scp install Makefile patch.
10 years ago
Nagy Karoly Gabriel
87dc3e9e01
dropbear: Updated (2014.63 -> 2014.64)
10 years ago
Nagy Karoly Gabriel
9579f320eb
arptables: Updated (0.0.3-4 -> 0.0.4)
10 years ago
Nagy Karoly Gabriel
de2a77dede
vserver: Updated (2.3.6.8 -> 2.3.6.13)
10 years ago
Alejandro Mery
dcda944461
cyrus-sasl2: Updated (2.1.22 -> 2.1.25)
10 years ago
Alejandro Mery
1ba83af33b
heimdal: don't download tag archives
10 years ago
Alejandro Mery
e005071123
openssl: Updated (1.0.1h -> 1.0.1i) [SECURITY]
...
https://www.openssl.org/news/secadv_20140806.txt
* CVE-2014-3505
* CVE-2014-3506
* CVE-2014-3507
* CVE-2014-3508
* CVE-2014-3509
* CVE-2014-3510
* CVE-2014-3511
* CVE-2014-3512
* CVE-2014-5139
Signed-off-by: Alejandro Mery <amery@geeks.cl>
10 years ago
Nagy Karoly Gabriel
53e58da362
util-vserver: Updated (0.30.216-pre3038 -> 0.30.216-pre3062)
11 years ago
Nagy Karoly Gabriel
c8732ec59f
vserver: Updated kernel patch (3.10.37-vs2.3.6.8 -> 3.10.43-vs2.3.6.8)
11 years ago
Nagy Karoly Gabriel
b890d78497
openssl: Updated (1.0.1g -> 1.0.1h) multiple security issues.
...
http://www.openssl.org/news/secadv_20140605.txt
11 years ago
Christian Wiese
f0c41d39f5
util-vserver: fixed shell scripts to not used getopt --long but -l
11 years ago
Christian Wiese
16cab7c752
ebtables: changed to use system kernel headers instead of the included ones
11 years ago
Christian Wiese
8c59745a02
ebtables: fixed installation when cross-compiling when DESTDIR is effective
11 years ago
Christian Wiese
59b04f6301
libprelude: fixed to build against gnutls 3.2.x
11 years ago
Christian Wiese
71525de3c5
vserver: Updated kernel patch (3.10.33-vs2.3.6.8 -> 3.10.37-vs2.3.6.8)
11 years ago
Nagy Karoly Gabriel
1d92510f5d
fail2ban: Updated (0.8.12 -> 0.9.0)
11 years ago
Nagy Karoly Gabriel
d0c22accac
openssh: Updated (6.2p2 -> 6.6p1)
11 years ago
Christian Wiese
24599ca39a
cryptsetup: Updated (1.6.3 -> 1.6.4)
...
Because Google doesn't provide any download capabilities for projects hosted
on google code, the downloads are provided on kernel.org servers now.
11 years ago
Christian Wiese
2e20b57df3
openssl: Updated (1.0.1f -> 1.0.1g) SECURITY! CVE-2014-0160
...
This fixes the TLS heartbeat read overrun (CVE-2014-0160) vulnerability
References:
[1] https://www.openssl.org/news/secadv_20140407.txt
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0160
11 years ago
Christian Wiese
f3719e7d11
gnupg: Updated (1.4.14 -> 1.4.16)
11 years ago
Christian Wiese
9efb6aadb6
gnutls: Updated (2.12.23 -> 3.2.12.1)
11 years ago
Christian Wiese
617fd93779
nettle: Updated (2.4 -> 2.7)
11 years ago
Christian Wiese
856e6349fa
vserver: updated kernel patch (3.10.27-vs2.3.6.8 -> patch-3.10.33-vs2.3.6.8)
11 years ago
Christian Wiese
39c85e3fbb
beecrypt: fixed to build and install python modules when cross-compiling
11 years ago
Christian Wiese
1c48bb6846
heimdal: add patch to use an available libcom_err provided by the system when cross-compiling
11 years ago
Christian Wiese
e2dfa6122a
heimdal: add patch to use an pre-installed slc from the build host toolchain when cross-compiling
11 years ago
Christian Wiese
f5316ff364
heimdal: fixed to only install krb5.conf when not at toolchain stage and to properly use $root
11 years ago
Christian Wiese
7d11f056b5
heimdal: changed to use custmain for toolchain build and also build slc
11 years ago
Christian Wiese
4dc34e6ff3
heimdal: added bugfix patch for the roken-h-process.pl script
11 years ago
Christian Wiese
227243a52e
heimdal: added toolchain patch so the tools get installed into bindir
11 years ago
Christian Wiese
07b56c5e10
heimdal: changed to build minimal tools like asn1_compile at toolchain stage
...
asn1_compile is needed at stage 1 when cross-compiling.
11 years ago
Christian Wiese
66aeac3e09
heimdal: Updated (1.5.2 -> 1.5.3)
11 years ago
Christian Wiese
eb9b27cb1c
heimdal: Updated (1.3.3 -> 1.5.2)
11 years ago
Christian Wiese
8b255bb1f1
krb5: improved to cross-compile if requested by the target
11 years ago
Christian Wiese
8b6107c665
krb5: Updated (1.10.7 -> 1.12.1)
11 years ago
Christian Wiese
0fe430aa6d
krb5: Updated (1.10.2 -> 1.10.7)
11 years ago
Nagy Karoly Gabriel
ec96cb697e
dropbear: Updated (2013.62 -> 2014.63)
11 years ago
Nagy Karoly Gabriel
11e79a6131
gnutls: Added patch to fix CVE-2014-0092.
11 years ago
Christian Wiese
b00f14379f
fix cache files to include util-linux instead of util-linux-ng
11 years ago
Christian Wiese
63d2a47d4e
libgpg-error: fixed to generate proper .pc file
...
I really wonder if that pkgconfig file was ever tested on yocto, but obviously
not. The typo is still present in yocto patch repository.
11 years ago
Christian Wiese
8a15dde321
vserver: updated kernel patch (3.10.21-vs2.3.6.8 -> 3.10.27-vs2.3.6.8)
11 years ago
Nagy Karoly Gabriel
fa9ac60572
fail2ban: Updated (0.8.6 -> 0.8.12)
11 years ago
Christian Wiese
efb0e161b3
cryptsetup: Updated (1.6.2 -> 1.6.3)
11 years ago