[OpenWrt-Devel] [CC 15.05] curl: Security update (CVE-2016-0755)
The curl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to a reported security issue. VERSION 7.40.0-3 => 7.40.0-3.1 CHANGELOG [Wed, 2 Mar 2016 09:51:47 + 0914eea] Bump pkg revision [Tue, 1 Mar 2016 22:42:51 + 380df1a] This fixes the following security problem: CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use http://curl.haxx.se/docs/adv_20160127B.html backport of r48614. CHANGES package/network/utils/curl/Makefile |4 +- .../curl/patches/018-CVE-2016-0755.patch | 126 + 2 files changed, 128 insertions(+), 2 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=380df1a3bd556a21393706c5facb10c76657ea16 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=0914eeac49722a112ba6c4c70c8a86317ea6d29c ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] wolfssl: Security update (2 CVEs)
The wolfssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 3.3.0-2 => 3.8.0-2 CHANGELOG [Wed, 2 Mar 2016 10:01:48 + cb7a26c] Cyassl: disable Intel ASM for now With ASM support enabled, CyaSSL fails to build on all x86 subtargets. [Tue, 1 Mar 2016 22:50:29 + eaa864e] Backport of: r46167: cyassl: version bump to 3.4.6 r46168: cyassl: update to wolfssl 3.6.0 r46551: cyassl: the upstream package in version 4.6.0 changed r47791: cyassl: update to wolfSSL version 3.7.0 This version and version 3.6.8 are fixing the following security problems: * CVE-2015-7744 * CVE-2015-6925 r48616: cyassl: update to wolfssl version 3.8.0 CHANGES package/libs/cyassl/Makefile | 27 - .../cyassl/patches/100-respect_cflags.patch | 11 --- .../200-SSL_accept-handle-hello-garbage.patch | 13 .../300-SSL_set_tlsext_host_name.patch| 23 +- .../400-additional_compatibility.patch| 12 5 files changed, 47 insertions(+), 39 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6925 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7744 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=eaa864e6c0d081b9745a38f806a0f6822f47454d * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cb7a26ca69e85585227134fc0f4ff756baac43e3 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] openssl: Security update (9 CVEs)
The openssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 1.0.2f-1 => 1.0.2g-1 CHANGELOG [Tue, 1 Mar 2016 15:18:24 + f4368a7] CVE-2016-0704 s2_srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a Bleichenbacher oracle, and could potentially allow more efficient variants of the DROWN attack. CVE-2016-0703 s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they *displace* encrypted-key bytes. This leads to an efficient divide-and-conquer key recovery attack: if an eavesdropper has intercepted an SSLv2 handshake, they can use the server as an oracle to determine the SSLv2 master-key, using only 16 connections to the server and negligible computation. More importantly, this leads to a more efficient version of DROWN that is effective against non-export ciphersuites, and requires no significant computation. CVE-2016-0702 A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper- threaded core as the victim thread which is performing decryptions. CVE-2016-0799 The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0797 In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare. CVE-2016-0798 The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid
[OpenWrt-Devel] [BB 14.07] openssl: Security update (2 CVEs)
The openssl package has been rebuilt and was uploaded to the Barrier Breaker 14.07 repository due to multiple security issues. VERSION 1.0.2e-1 => 1.0.2f-1 CHANGELOG [Fri, 29 Jan 2016 13:25:24 + b763ba2] Openssl: update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197) CHANGES package/libs/openssl/Makefile|4 ++-- .../openssl/patches/110-optimize-for-size.patch |2 +- .../libs/openssl/patches/150-no_engines.patch|2 +- .../openssl/patches/160-disable_doc_tests.patch | 14 +++--- .../patches/190-remove_timestamp_check.patch |4 ++-- .../openssl/patches/200-parallel_build.patch | 14 +++--- 6 files changed, 20 insertions(+), 20 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701 * http://git.openwrt.org/?p=14.07/openwrt.git;a=commit;h=b763ba211deeab857ef7c2e5275e92c15dd5e249 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] openssl: Security update (2 CVEs)
The openssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 1.0.2e-1 => 1.0.2f-1 CHANGELOG [Thu, 28 Jan 2016 18:26:18 + 87e9837] Update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197) CHANGES package/libs/openssl/Makefile|4 ++-- .../openssl/patches/110-optimize-for-size.patch |2 +- .../libs/openssl/patches/150-no_engines.patch|2 +- .../openssl/patches/160-disable_doc_tests.patch | 14 +++--- .../patches/190-remove_timestamp_check.patch |4 ++-- .../openssl/patches/200-parallel_build.patch | 14 +++--- 6 files changed, 20 insertions(+), 20 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=87e9837a818a71f39c445ee33569279bd78451de ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] php: Security update (CVE-2016-1903)
The php package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to a reported security issue. VERSION 5.6.16-1 => 5.6.17-1 CHANGELOG [Sun, 24 Jan 2016 21:47:52 +0100 18d121b] Update to 5.6.17 Fixes CVE-2016-1903. CHANGES lang/php5/Makefile |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 * https://bugs.php.net/bug.php?id=70976 * https://github.com/openwrt/packages/commit/18d121b8542cff9734ac35bf1986bc1e3dbf7c05 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] php: Security update (7 CVEs)
The php package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 5.6.8-1 => 5.6.17-1 CHANGELOG [Sun, 24 Jan 2016 21:47:52 +0100 18d121b] Update to 5.6.17 Fixes CVE-2016-1903. [Wed, 23 Dec 2015 16:00:14 -0500 766cfcc] Update to 5.6.16 [Wed, 23 Dec 2015 16:00:04 -0500 41f541b] Update to 5.6.15 [Wed, 23 Dec 2015 15:59:54 -0500 0df349f] Update to 5.6.14 [Wed, 23 Dec 2015 15:59:43 -0500 196b622] Update to 5.6.13 [Wed, 23 Dec 2015 15:59:32 -0500 1cbcdf7] Fix the two different maintainer fields into one (fixes #1688) [Wed, 23 Dec 2015 15:59:21 -0500 9bbdad4] Update to 5.6.12 [Wed, 23 Dec 2015 15:59:10 -0500 6cba0bf] This fixes the following CVEs: - in PCRE: CVE-2015-2325, CVE-2015-2326 - in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 [Wed, 23 Dec 2015 15:58:46 -0500 559df39] This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability, a heap buffer overflow in unpack and a integer overflow in ftp_genlist, which also results in a heap overflow. For more details, see http://php.net/ChangeLog-5.php#5.6.9 Also sync the timezone patch with latest version from Debian and adopt this patch for the changes in this php release. Refresh 950-Fix-dl-cross-compiling-issue.patch. [Wed, 23 Dec 2015 15:58:27 -0500 f0a0448] This patch adds build infrastructure for PHP's OPcache extension. Compared with the other extension, this is a Zend module and it need a little workaround during cross-compiling. [Wed, 23 Dec 2015 15:57:57 -0500 f04165e] Pecl: move phpize into prepare stage This allows pecl modules to rely on PKG_FIXUP:=autoreconf. CHANGES lang/php5/Makefile| 24 ++- lang/php5/files/php.ini | 10 ++ ...bian_patches_use_embedded_timezonedb.patch | 136 -- ...xt-opcache-fix-detection-of-shm-mmap.patch | 159 + .../950-Fix-dl-cross-compiling-issue.patch| 23 ++- lang/php5/pecl.mk |7 +- 6 files changed, 277 insertions(+), 82 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 * https://github.com/openwrt/packages/commit/f04165e4e0ddf7f9e62321f808d27aafd7631007 * https://github.com/openwrt/packages/commit/f0a0448857e04884a7ad2ae5534ac2b2cb3948fc * https://github.com/openwrt/packages/commit/559df398ffc86fe386db79a937c61235c4b45ce0 * https://github.com/openwrt/packages/commit/6cba0bf5454034b9ac7e6dcf917ebefc75d9bb8e * https://github.com/openwrt/packages/commit/9bbdad4ed72559aa03ccd024d5a49aae12d6a2c6 * https://github.com/openwrt/packages/commit/1cbcdf7f9e2aad526e0a59247525321aefa25234 * https://github.com/openwrt/packages/commit/196b622bd660384adecfd75959e0111ba34fe5f6 * https://github.com/openwrt/packages/commit/0df349f8df0fbc5272b909fad1320f64de622884 * https://github.com/openwrt/packages/commit/41f541bd267969d7676571be56f8c1a5c71e5257 * https://github.com/openwrt/packages/commit/766cfcc77f3be9152e818dc5703204b607a5a405 * https://github.com/openwrt/packages/commit/18d121b8542cff9734ac35bf1986bc1e3dbf7c05 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] prosody: Security update (2 CVEs)
The prosody package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 0.9.8-1 => 0.9.9-1 CHANGELOG [Mon, 25 Jan 2016 13:31:29 +0100 bb23089] fixes: * path traversal vulnerability in mod_http_files (CVE-2016-1231) * use of weak PRNG in generation of dialback secrets (CVE-2016-1232) CHANGES net/prosody/Makefile |4 ++-- net/prosody/patches/010-fix-randomseed.patch | 12 2 files changed, 2 insertions(+), 14 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232 * https://github.com/openwrt/packages/commit/bb23089e84f2cc6030fbf21ed3fb667d31bb3a7b ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] pcre: Security update (18 CVEs)
The pcre package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 8.37-2 => 8.38-1 CHANGELOG [Mon, 25 Jan 2016 14:08:12 +0100 560cb22] fixes: * CVE 2015-2327 CVE 2015-2328 CVE 2015-8380 CVE 2015-8381 CVE * 2015-8382 * CVE 2015-8383 CVE 2015-8384 CVE 2015-8385 CVE 2015-8386 CVE * 2015-8387 * CVE 2015-8388 CVE 2015-8389 CVE 2015-8390 CVE 2015-8391 CVE * 2015-8392 * CVE 2015-8393 CVE 2015-8394 CVE 2015-8395 CHANGES libs/pcre/Makefile|8 ++--- .../pcre/patches/100-pcre-cve-2015-3210.patch | 32 - 2 files changed, 4 insertions(+), 36 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8381 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8383 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8384 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8389 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8392 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8395 * https://github.com/openwrt/packages/commit/560cb220d26f211d3ad50fc4fd172cc165b3b917 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] prosody: Security update (2 CVEs)
The prosody package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 0.9.8-1 => 0.9.9-1 CHANGELOG [Mon, 25 Jan 2016 13:31:29 +0100 bb23089] fixes: * path traversal vulnerability in mod_http_files (CVE-2016-1231) * use of weak PRNG in generation of dialback secrets (CVE-2016-1232) CHANGES net/prosody/Makefile |4 ++-- net/prosody/patches/010-fix-randomseed.patch | 12 2 files changed, 2 insertions(+), 14 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1231 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1232 * https://github.com/openwrt/packages/commit/bb23089e84f2cc6030fbf21ed3fb667d31bb3a7b ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] bind: Security update (4 CVEs)
The bind package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 9.9.7-P3-1 => 9.9.8-P3-1 CHANGELOG [Sun, 24 Jan 2016 12:43:29 +0100 41dcf83] Fixes: * CVE-2015-8704 * CVE-2015-3193 * CVE-2015-8000 * CVE-2015-8461 CHANGES net/bind/Makefile |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8461 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 * https://github.com/openwrt/packages/commit/41dcf83e53718bdb74aa9529f5713f4ef9703749 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] openssh: Security update (2 CVEs)
The openssh package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 6.8p1-1 => 7.1p2-1 CHANGELOG [Sat, 16 Jan 2016 11:46:32 +0100 fc7fc89] Version 7.1p2 Use version 7.1p2 due to several security bulletins. CHANGES net/openssh/Makefile |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778 * http://www.openssh.com/txt/release-7.1p2 * https://github.com/openwrt/packages/commit/fc7fc89ee7c3dfdfd60a649e83b245f5c50b4358 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] php: Security update (6 CVEs)
The php package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 5.6.8-1 => 5.6.16-1 CHANGELOG [Wed, 23 Dec 2015 16:00:14 -0500 766cfcc] Update to 5.6.16 [Wed, 23 Dec 2015 16:00:04 -0500 41f541b] Update to 5.6.15 [Wed, 23 Dec 2015 15:59:54 -0500 0df349f] Update to 5.6.14 [Wed, 23 Dec 2015 15:59:43 -0500 196b622] Update to 5.6.13 [Wed, 23 Dec 2015 15:59:32 -0500 1cbcdf7] Fix the two different maintainer fields into one (fixes #1688) [Wed, 23 Dec 2015 15:59:21 -0500 9bbdad4] Update to 5.6.12 [Wed, 23 Dec 2015 15:59:10 -0500 6cba0bf] This fixes the following CVEs: - in PCRE: CVE-2015-2325, CVE-2015-2326 - in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 [Wed, 23 Dec 2015 15:58:46 -0500 559df39] This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability, a heap buffer overflow in unpack and a integer overflow in ftp_genlist, which also results in a heap overflow. For more details, see http://php.net/ChangeLog-5.php#5.6.9 Also sync the timezone patch with latest version from Debian and adopt this patch for the changes in this php release. Refresh 950-Fix-dl-cross-compiling-issue.patch. [Wed, 23 Dec 2015 15:58:27 -0500 f0a0448] This patch adds build infrastructure for PHP's OPcache extension. Compared with the other extension, this is a Zend module and it need a little workaround during cross-compiling. [Wed, 23 Dec 2015 15:57:57 -0500 f04165e] Pecl: move phpize into prepare stage This allows pecl modules to rely on PKG_FIXUP:=autoreconf. CHANGES lang/php5/Makefile| 22 ++- lang/php5/files/php.ini | 10 ++ ...bian_patches_use_embedded_timezonedb.patch | 136 -- ...xt-opcache-fix-detection-of-shm-mmap.patch | 159 + .../950-Fix-dl-cross-compiling-issue.patch| 23 ++- lang/php5/pecl.mk |7 +- 6 files changed, 276 insertions(+), 81 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 * https://github.com/openwrt/packages/commit/f04165e4e0ddf7f9e62321f808d27aafd7631007 * https://github.com/openwrt/packages/commit/f0a0448857e04884a7ad2ae5534ac2b2cb3948fc * https://github.com/openwrt/packages/commit/559df398ffc86fe386db79a937c61235c4b45ce0 * https://github.com/openwrt/packages/commit/6cba0bf5454034b9ac7e6dcf917ebefc75d9bb8e * https://github.com/openwrt/packages/commit/9bbdad4ed72559aa03ccd024d5a49aae12d6a2c6 * https://github.com/openwrt/packages/commit/1cbcdf7f9e2aad526e0a59247525321aefa25234 * https://github.com/openwrt/packages/commit/196b622bd660384adecfd75959e0111ba34fe5f6 * https://github.com/openwrt/packages/commit/0df349f8df0fbc5272b909fad1320f64de622884 * https://github.com/openwrt/packages/commit/41f541bd267969d7676571be56f8c1a5c71e5257 * https://github.com/openwrt/packages/commit/766cfcc77f3be9152e818dc5703204b607a5a405 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] ruby: Security update (CVE-2015-7551)
The ruby package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to a reported security issue. VERSION 2.2.3-1 => 2.2.4-1 CHANGELOG [Mon, 11 Jan 2016 15:31:27 +0100 375f617] This release includes a security fix for Fiddle extension. * CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL There are also some bugfixes. In package, now LD_FLAGS is copied to DLD_FLAGS (used by ruby for libraries). The missing values from LD_FLAGS cause build error when gcc does not implicitly include staging/usr/lib. CHANGES lang/ruby/Makefile | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7551 * https://github.com/openwrt/packages/commit/375f6172457f21b39c553d2061bcf97fa6c3cec2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [BB 14.07] samba: Security update (3 CVEs)
The samba package has been rebuilt and was uploaded to the Barrier Breaker 14.07 repository due to multiple security issues. VERSION 3.6.25-1 => 3.6.25-1.1 CHANGELOG [Mon, 11 Jan 2016 11:57:36 + e483830] This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. CHANGES package/network/services/samba36/Makefile |2 +- .../patches/010-patch-cve-2015-5252.patch | 43 +++ .../patches/011-patch-cve-2015-5296.patch | 112 + .../patches/012-patch-cve-2015-5299.patch | 97 ++ 4 files changed, 253 insertions(+), 1 deletion(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299 * http://git.openwrt.org/?p=14.07/openwrt.git;a=commit;h=e48383023629a38ae42b81dc8c1d9f8c43102868 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] samba: Security update (3 CVEs)
The samba package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 3.6.25-4 => 3.6.25-5 CHANGELOG [Tue, 5 Jan 2016 11:01:00 + 98bacec] This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. CHANGES package/network/services/samba36/Makefile |2 +- .../patches/010-patch-cve-2015-5252.patch | 43 +++ .../patches/011-patch-cve-2015-5296.patch | 112 + .../patches/012-patch-cve-2015-5299.patch | 97 ++ 4 files changed, 253 insertions(+), 1 deletion(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=98bacec57cade6f2fc7b1c5813ffbf23f44af8dd ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] libpng: Security update (2 CVEs)
The libpng package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 1.2.54-1 => 1.2.56-1 CHANGELOG [Sat, 9 Jan 2016 13:54:46 +0100 b4a34de] Update to 1.2.56 Fixes CVE-2015-8126 and CVE-2015-8540. CHANGES libs/libpng/Makefile |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540 * https://github.com/openwrt/packages/commit/b4a34de7d87a4d136985075bb9dbac925228e2f1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [BB 14.07] openssl: Security update (3 CVEs)
The openssl package has been rebuilt and was uploaded to the Barrier Breaker 14.07 repository due to multiple security issues. VERSION 1.0.2d-1 => 1.0.2e-1 CHANGELOG [Mon, 7 Dec 2015 16:05:54 + e92cb47] Openssl: update to v1.0.2e (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195) CHANGES package/libs/openssl/Makefile|4 ++-- .../openssl/patches/110-optimize-for-size.patch |2 +- .../libs/openssl/patches/150-no_engines.patch|2 +- .../openssl/patches/160-disable_doc_tests.patch |6 +++--- .../patches/190-remove_timestamp_check.patch |2 +- .../openssl/patches/200-parallel_build.patch | 14 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) REFERENCES * http://openssl.org/news/secadv/20151203.txt * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 * http://git.openwrt.org/?p=14.07/openwrt.git;a=commit;h=e92cb472a3b9747b8763d3511c4a73947ef87f51 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] openssl: Security update (3 CVEs)
The openssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 1.0.2d-1 => 1.0.2e-1 CHANGELOG [Thu, 3 Dec 2015 21:08:28 + c5287f9] backport of r47726. This fixes the following security problems: * CVE-2015-3193 * CVE-2015-3194 * CVE-2015-3195) CHANGES package/libs/openssl/Makefile|4 ++-- .../openssl/patches/110-optimize-for-size.patch |2 +- .../libs/openssl/patches/150-no_engines.patch|2 +- .../openssl/patches/160-disable_doc_tests.patch |6 +++--- .../patches/190-remove_timestamp_check.patch |2 +- .../openssl/patches/200-parallel_build.patch | 14 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) REFERENCES * http://openssl.org/news/secadv/20151203.txt * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c5287f92027e9709262d2424bb0c121ab2a7597e ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
The polarssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to a reported security issue. VERSION 1.3.11-1 => 1.3.14-1 CHANGELOG [Sun, 18 Oct 2015 21:48:32 + ed8b245] Update to version 1.3.14 This fixes CVE-2015-5291 and some other smaller security issues. [Thu, 15 Oct 2015 22:12:13 + cef3ed6] Remove trailing whitespaces [Tue, 1 Sep 2015 18:48:15 + 56ac717] Bump to 1.3.12 [Tue, 18 Aug 2015 08:37:38 + c3eab1c] Packages that depend on PolarSSL fail to build because polarssl's InstallDev section never actually gets executed because (prior to this patch) the package name does not match the subdir the package is in (presumably due to upstream name change). As a workaround I have changed the package name back to polarssl and used a new variable SRC_PKG_NAME for the purposes of downloading the upstream tarball and creating PKG_BUILD_DIR. [Fri, 24 Jul 2015 22:26:44 + 72f741c] Package version 2.0, make polarssl compatible CHANGES package/libs/polarssl/Makefile| 21 --- .../polarssl/patches/100-disable_sslv3.patch |2 +- .../polarssl/patches/200-reduce_config.patch | 50 - 3 files changed, 38 insertions(+), 35 deletions(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291 * https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released * https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released * https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1.2.17-released * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] libpng: Security update (2 CVEs)
The libpng package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 1.2.52-1 => 1.2.54-1 CHANGELOG [Tue, 24 Nov 2015 16:21:37 +0100 c19bf27] Update to 1.2.54 Includes fixes for CVE-2015-7981 and CVE-2015-8126. CHANGES libs/libpng/Makefile |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126 * https://github.com/openwrt/packages/commit/c19bf27d8d5fd894f6858cb7b99c7a0ae81e838b ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] unzip: Security update (2 CVEs)
The unzip package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 6.0-2 => 6.0-3 CHANGELOG [Sun, 1 Nov 2015 16:21:56 +0100 8a70dde] Patch CVE-2015-7696, CVE-2015-7697 and integer underflow CHANGES utils/unzip/Makefile |2 +- .../005-CVE-2015-7696-heap-overflow.patch | 21 + .../006-CVE-2015-7697-infinite-loop.patch | 15 ...007-integer-underflow-csiz_decrypted.patch | 21 + 4 files changed, 58 insertions(+), 1 deletion(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 * https://github.com/openwrt/packages/commit/8a70ddefc782fd955080a6eba2cfc2578d057c6e ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] bind: Security update (2 CVEs)
The bind package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository due to multiple security issues. VERSION 9.9.6-P1-2 => 9.9.7-P3-1 CHANGELOG [Thu, 3 Sep 2015 14:03:41 +0200 ffda9cc] Update to 9.9.7-P3 to fix CVE-2015-5722 and CVE-2015-5986 [Thu, 3 Sep 2015 14:03:31 +0200 4e3085c] Update to version 9.9.7-p2 CHANGES net/bind/Makefile |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) REFERENCES * https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ * https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ * https://github.com/openwrt/packages/commit/4e3085cd058dc573988be8476751048bf203bce4 * https://github.com/openwrt/packages/commit/ffda9cc9c79ce55da93174025b31f057f7ccef64 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] libevent: Security update (CVE-2014-6272)
The libevent package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository due to a reported security issue. VERSION 1.4.14b-2 => 1.4.15-1 CHANGELOG [Tue, 1 Sep 2015 19:55:47 +0200 b721a1d] This update fixes CVE-2014-6272. Change of source URL was needed, because the older location does not contain the latest version. CHANGES libs/libevent/Makefile | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272 * https://github.com/openwrt/packages/commit/b721a1d8ccbdf5076021ca499aaa06d102fb4dc9 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [BB 14.07] libevent: Security update (CVE-2014-6272)
The libevent package has been rebuilt and was uploaded to the Barrier Breaker 14.07 repository due to a reported security issue. VERSION 1.4.14b-2 => 1.4.15-1 CHANGELOG [Tue, 1 Sep 2015 19:56:29 +0200 a77f672] This update fixes CVE-2014-6272. Change of source URL was needed, because the older location does not contain the latest version. CHANGES libs/libevent/Makefile | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272 * https://github.com/openwrt/packages/commit/a77f6728a4c5291e4780d8789b31a4dff383b7dd ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] mwan3: Update
The mwan3 package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 1.6-1 = 1.6-2 CHANGELOG [Thu, 23 Jul 2015 13:51:04 +0200 75f9788] Update to version 1.6-2 Fix malformed uci commands. (issue #1502) CHANGES net/mwan3/Makefile |2 +- net/mwan3/files/usr/sbin/mwan3 |8 2 files changed, 5 insertions(+), 5 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/75f978879e2b98065d86d4bcb377c0f3e677557d ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] knxd: Update
The knxd package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 2015-03-31-2c6c6732a684dffb87b391ea92cccdf07c8385b8-1 = 2015-07-19-be1fcfe85cc1dfcc41f791cd9a45c57fe18da6a0-1 CHANGELOG [Sun, 26 Jul 2015 18:27:01 +0200 805c6e6] Bump to newest version for CC CHANGES net/knxd/Makefile | 73 - 1 file changed, 12 insertions(+), 61 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/805c6e69242bc60a2d35793d312121dcc90ad1ea ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] oonf-olsrd2: Update
The oonf-olsrd2 package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 0.9.1-r1-eab3845089bc2410a3c115fb8274572b16a0e47d = 0.9.1-r2-eab3845089bc2410a3c115fb8274572b16a0e47d CHANGELOG [Thu, 6 Aug 2015 21:43:33 +0200 57658db] Unified openwrt init files for OONF [Wed, 5 Aug 2015 13:19:59 +0200 b13b00b] OONF v0.9.1 for chaos calmer CHANGES oonf-olsrd2/Makefile |4 +- oonf-olsrd2/files/olsrd2.hotplug | 11 +-- oonf-olsrd2/files/olsrd2.init| 122 +- 3 files changed, 6 insertions(+), 131 deletions(-) REFERENCES * https://github.com/openwrt-routing/packages/commit/b13b00b0eca838748dc95309f68091052f9074a2 * https://github.com/openwrt-routing/packages/commit/57658dbe2ad8d3c16e56116d4376ec4d4e3e654d ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] netperf: Update
The netperf package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 2.6.0-1 = 2.7.0-1 CHANGELOG [Mon, 3 Aug 2015 18:13:58 +0200 1ee31bd] Update to v2.7.0 [Mon, 3 Aug 2015 18:13:54 +0200 aa75904] Adopt the netperf package. CHANGES net/netperf/Makefile |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/aa75904c0b127254efec9467efbde80fbb437f9d * https://github.com/openwrt/packages/commit/1ee31bdfd26c53e41199c3d28cadca731d3bd372 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] bmx6: Update
The bmx6 package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION r2015061604-4 = r2015080701-4 CHANGELOG [Fri, 7 Aug 2015 20:44:02 +0200 c287113] Update to latest bmx6-master branch (fix rule corruption on the fly) CHANGES bmx6/Makefile |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) REFERENCES * https://github.com/openwrt-routing/packages/commit/c2871131b4bdd69ad9e658d9ddf295757bd09e4b ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] oonf-dlep-proxy: Update
The oonf-dlep-proxy package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 0.9.1-r1-eab3845089bc2410a3c115fb8274572b16a0e47d = 0.9.1-r2-eab3845089bc2410a3c115fb8274572b16a0e47d CHANGELOG [Thu, 6 Aug 2015 21:43:33 +0200 57658db] Unified openwrt init files for OONF [Wed, 5 Aug 2015 13:19:59 +0200 b13b00b] OONF v0.9.1 for chaos calmer CHANGES oonf-dlep-proxy/Makefile |4 +- oonf-dlep-proxy/files/dlep_proxy.hotplug | 11 +- oonf-dlep-proxy/files/dlep_proxy.init| 122 +- 3 files changed, 6 insertions(+), 131 deletions(-) REFERENCES * https://github.com/openwrt-routing/packages/commit/b13b00b0eca838748dc95309f68091052f9074a2 * https://github.com/openwrt-routing/packages/commit/57658dbe2ad8d3c16e56116d4376ec4d4e3e654d ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] oonf-dlep-radio: Update
The oonf-dlep-radio package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 0.9.1-r1-eab3845089bc2410a3c115fb8274572b16a0e47d = 0.9.1-r2-eab3845089bc2410a3c115fb8274572b16a0e47d CHANGELOG [Thu, 6 Aug 2015 21:43:33 +0200 57658db] Unified openwrt init files for OONF [Wed, 5 Aug 2015 13:19:59 +0200 b13b00b] OONF v0.9.1 for chaos calmer CHANGES oonf-dlep-radio/Makefile |4 +- oonf-dlep-radio/files/dlep_radio.hotplug | 11 +- oonf-dlep-radio/files/dlep_radio.init| 122 +- 3 files changed, 6 insertions(+), 131 deletions(-) REFERENCES * https://github.com/openwrt-routing/packages/commit/b13b00b0eca838748dc95309f68091052f9074a2 * https://github.com/openwrt-routing/packages/commit/57658dbe2ad8d3c16e56116d4376ec4d4e3e654d ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] oonf-init-scripts: Update
The oonf-init-scripts package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 0.9.1-r2-1 = 0.9.1-r2-1 CHANGELOG [Thu, 6 Aug 2015 21:43:33 +0200 57658db] Unified openwrt init files for OONF CHANGES REFERENCES * https://github.com/openwrt-routing/packages/commit/57658dbe2ad8d3c16e56116d4376ec4d4e3e654d ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] miniupnpd: Update
The miniupnpd package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 1.9.20150609-1 = 1.9.20150609-1 CHANGELOG [Wed, 15 Jul 2015 08:29:56 +0200 0a514a3] Shorten OS name to silence SSDP warnings CHANGES miniupnpd/Makefile |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) REFERENCES * https://github.com/miniupnp/miniupnp/issues/133 * https://github.com/openwrt-routing/packages/commit/0a514a34e7a371df99e7b48d831001130efbdbda ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] lighttpd: Security update (CVE-2015-3200)
The lighttpd package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository due to a reported security issue. VERSION 1.4.35-4 = 1.4.36-1 CHANGELOG [Sun, 26 Jul 2015 12:56:12 -0400 1e2bf20] Update to 1.4.36 [Sun, 26 Jul 2015 12:55:12 -0400 da756e2] Add liblua deps for lighttpd-mod-cml and lighttpd-mod-magnet CHANGES net/lighttpd/Makefile | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) REFERENCES * http://redmine.lighttpd.net/issues/2646 * https://github.com/openwrt/packages/commit/da756e239f23303dff1eb50d623a4252757dd513 * https://github.com/openwrt/packages/commit/1e2bf20acf9e4f9a89fb43697c28fd5627c79985 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [BB 14.07] hostapd: Update
The hostapd package has been rebuilt and was uploaded to the Barrier Breaker 14.07 repository. VERSION 2014-06-03.1-1 = 2014-06-03.1-3 CHANGELOG [Mon, 27 Jul 2015 13:29:08 + 1be3ce8] If the initial attempt at opening the socket connection to the RADIUS server failed due to missing IP connectivity during startup, e.g., with connect[radius]: Network is unreachable, hostapd did not try to reconnect when RADIUS messages were sent. Instead, it only reported No authentication server configured even if the configuration did have a server entry. Backport of upstream commit 94b39e5927e570e6b0fe41d455dde0a361c71c36 (RADIUS client: Fix server connection recovery after initial failure) [Wed, 6 May 2015 09:47:05 + 179bab8] Fix remote denial of service vulnerability in WMM action frame parsing CHANGES package/network/services/hostapd/Makefile |4 +- ...er-underflow-in-WMM-Action-frame-par.patch | 36 +++ .../patches/700-fix-radius-reconnect.patch| 41 + 3 files changed, 79 insertions(+), 2 deletions(-) REFERENCES * http://git.openwrt.org/?p=14.07/openwrt.git;a=commit;h=179bab8b1700d74b28cc6cd25322f9a1ad670107 * http://git.openwrt.org/?p=14.07/openwrt.git;a=commit;h=1be3ce89319ac912e83d942eb7a777ea4d92a6fe ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] vsftpd: Security update (CVE-2015-1419)
The vsftpd package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository due to a reported security issue. VERSION 3.0.2-4 = 3.0.2-4.1 CHANGELOG [Wed, 22 Jul 2015 09:47:48 +0200 bcedf17] Vsftpd: CVE-2015-1419 Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. CHANGES net/vsftpd/Makefile|4 +- net/vsftpd/patches/007-CVE-2015-1419.patch | 98 2 files changed, 100 insertions(+), 2 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/bcedf17632e6944edb999853de6beba8fa56624b ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] freeradius2: Security update (CVE-2015-4680)
The freeradius2 package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository due to a reported security issue. VERSION 2.2.7-1 = 2.2.8-1 CHANGELOG [Mon, 20 Jul 2015 10:14:31 +0200 64c458b] Update to 2.2.8 Fixes oCert CVE-2015-4680. CHANGES net/freeradius2/Makefile |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/64c458ba8cff5b5871827f3c69bd9b609d6bebe1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05-rc3] openldap: Update
The openldap package has been rebuilt and was uploaded to the Chaos Calmer 15.05 Release Candicate 3 repository. VERSION 2.4.39-2 = 2.4.41-2 CHANGELOG [Mon, 20 Jul 2015 19:01:24 -0400 5006684] Remove --without-cyrus-sasl to build SASL support [Mon, 20 Jul 2015 11:00:36 -0400 3a02d9e] Update copyright dates [Mon, 20 Jul 2015 11:00:20 -0400 c05dce1] Update to 2.4.41 CHANGES libs/openldap/Makefile |7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/c05dce18905aa034c111d1c792bc7103352d87b8 * https://github.com/openwrt/packages/commit/3a02d9e19ab85bee1bc6114496d0c684fe646a57 * https://github.com/openwrt/packages/commit/5006684e434a3d7c32254f156d92b2aa023ecc23 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 14.07] freeradius2: Security update (CVE-2015-4680)
The freeradius2 package has been rebuilt and was uploaded to the Barrier Breaker 14.07 repository due to a reported security issue. VERSION 2.2.5-2 = 2.2.5-2.1 CHANGELOG [Mon, 20 Jul 2015 10:38:03 +0200 de5e37a] Backport upstream commit 5e698b407dcac2bc45cf03484bac4398109d25c3 to fix missing intermediate certificate validation in Freeradius2. Advisory: The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Specifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate CRL checks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks on the complete trust chain. The FreeRADIUS project advises that the recommended configuration is to use self-signed CAs for all EAP-TLS methods. CHANGES net/freeradius2/Makefile |4 +- .../patches/012-CVE-2015-4680.patch | 71 + 2 files changed, 73 insertions(+), 2 deletions(-) REFERENCES * https://github.com/openwrt/packages/commit/de5e37ac5be3d44c335faa9652bf4ce15784f4ad ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
