[OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
The polarssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to a reported security issue. VERSION 1.3.12-1 => 1.3.14-1 CHANGELOG [Sun, 18 Oct 2015 21:48:32 + ed8b245] Update to version 1.3.14 This fixes CVE-2015-5291 and some other smaller security issues. [Thu, 15 Oct 2015 22:12:13 + cef3ed6] Remove trailing whitespaces CHANGES package/libs/polarssl/Makefile|6 +- .../polarssl/patches/100-disable_sslv3.patch |2 +- .../polarssl/patches/200-reduce_config.patch | 50 - 3 files changed, 29 insertions(+), 29 deletions(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291 * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
The polarssl package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to a reported security issue. VERSION 1.3.11-1 => 1.3.14-1 CHANGELOG [Sun, 18 Oct 2015 21:48:32 + ed8b245] Update to version 1.3.14 This fixes CVE-2015-5291 and some other smaller security issues. [Thu, 15 Oct 2015 22:12:13 + cef3ed6] Remove trailing whitespaces [Tue, 1 Sep 2015 18:48:15 + 56ac717] Bump to 1.3.12 [Tue, 18 Aug 2015 08:37:38 + c3eab1c] Packages that depend on PolarSSL fail to build because polarssl's InstallDev section never actually gets executed because (prior to this patch) the package name does not match the subdir the package is in (presumably due to upstream name change). As a workaround I have changed the package name back to polarssl and used a new variable SRC_PKG_NAME for the purposes of downloading the upstream tarball and creating PKG_BUILD_DIR. [Fri, 24 Jul 2015 22:26:44 + 72f741c] Package version 2.0, make polarssl compatible CHANGES package/libs/polarssl/Makefile| 21 --- .../polarssl/patches/100-disable_sslv3.patch |2 +- .../polarssl/patches/200-reduce_config.patch | 50 - 3 files changed, 38 insertions(+), 35 deletions(-) REFERENCES * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291 * https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released * https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released * https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1.2.17-released * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c * http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
Dear all Am 24.11.2015 um 16:43 schrieb j...@openwrt.org: > The polarssl package has been rebuilt and was uploaded to the Chaos > Calmer 15.05 repository due to a reported security issue. Why does this not show up in the CC git tree? > > REFERENCES > ... > * > http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d > * > http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b > * > http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd > * > http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c > * > http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0 all return '404 - Unknown commit object' With kind regards Stefan Peter ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
Probably because it's in the packages tree, which is separate. You'll find it in the log there. > Message: 3 > Date: Fri, 27 Nov 2015 10:39:12 +0100 > From: Stefan Peter > To: openwrt-devel@lists.openwrt.org > Subject: Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update > (CVE-2015-5291) > Message-ID: <565824c0.3020...@gmail.com> > Content-Type: text/plain; charset=windows-1252 > > Dear all > Am 24.11.2015 um 16:43 schrieb j...@openwrt.org: > > The polarssl package has been rebuilt and was uploaded to the Chaos > > Calmer 15.05 repository due to a reported security issue. > > Why does this not show up in the CC git tree? > > > > REFERENCES > > > ... > > > * > >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d > > > > * > >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b > > > > * > >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd > > > > * > >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c > > > > * > >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0 > > > > > all return '404 - Unknown commit object' > > > With kind regards > > Stefan Peter ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
Hi, > Why does this not show up in the CC git tree? [...] >> * >> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d >> * >> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b >> * >> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd >> * >> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c >> * >> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0 The script generating the mail used a wrong reference repository (http://git.openwrt.org/?p=openwrt.git). Relevant commit is: http://git.openwrt.org/?p=15.05/openwrt.git;a=commitdiff;h=4d47d61a5f59dc7a487248d6b43e2f536a6d794c ~ Jow signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)
Hi all On 30.11.2015 08:02, Jo-Philipp Wich wrote: > Hi, > > > The script generating the mail used a wrong reference repository > (http://git.openwrt.org/?p=openwrt.git). > > Relevant commit is: > http://git.openwrt.org/?p=15.05/openwrt.git;a=commitdiff;h=4d47d61a5f59dc7a487248d6b43e2f536a6d794c Thank you very much and sorry for the noise. With kind regards Stefan Peter ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel