subject:"\[OpenWrt\-Devel\] \[CC 15.05\] polarssl\: Security update \(CVE\-2015\-5291\)"

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

2015-11-30 Thread Stefan Peter

Hi all
On 30.11.2015 08:02, Jo-Philipp Wich wrote:
> Hi,
> 
> 
> The script generating the mail used a wrong reference repository
> (http://git.openwrt.org/?p=openwrt.git).
> 
> Relevant commit is:
> http://git.openwrt.org/?p=15.05/openwrt.git;a=commitdiff;h=4d47d61a5f59dc7a487248d6b43e2f536a6d794c

Thank you very much and sorry for the noise.

With kind regards

Stefan Peter
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

2015-11-29 Thread Jo-Philipp Wich

Hi,

> Why does this not show up in the CC git tree?
[...]
>>  * 
>> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d
>>  * 
>> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b
>>  * 
>> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd
>>  * 
>> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c
>>  * 
>> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0

The script generating the mail used a wrong reference repository
(http://git.openwrt.org/?p=openwrt.git).

Relevant commit is:
http://git.openwrt.org/?p=15.05/openwrt.git;a=commitdiff;h=4d47d61a5f59dc7a487248d6b43e2f536a6d794c


~ Jow



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

2015-11-27 Thread francesco . borromini

Probably because it's in the packages tree, which is separate. You'll find it 
in the log there.

> Message: 3 
> Date: Fri, 27 Nov 2015 10:39:12 +0100 
> From: Stefan Peter <st3fanp3...@gmail.com> 
> To: openwrt-devel@lists.openwrt.org 
> Subject: Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update 
> (CVE-2015-5291) 
> Message-ID: <565824c0.3020...@gmail.com> 
> Content-Type: text/plain; charset=windows-1252 
>
> Dear all 
> Am 24.11.2015 um 16:43 schrieb j...@openwrt.org: 
> > The polarssl package has been rebuilt and was uploaded to the Chaos 
> > Calmer 15.05 repository due to a reported security issue. 
>
> Why does this not show up in the CC git tree? 
> > 
> > REFERENCES 
> > 
> ... 
>
> >  * 
> >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d
> > 
> >  * 
> >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b
> > 
> >  * 
> >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd
> > 
> >  * 
> >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c
> > 
> >  * 
> >http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0
> > 
>
>
> all return '404 - Unknown commit object' 
>
>
> With kind regards 
>
> Stefan Peter 
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

2015-11-27 Thread Stefan Peter

Dear all
Am 24.11.2015 um 16:43 schrieb j...@openwrt.org:
> The polarssl package has been rebuilt and was uploaded to the Chaos
> Calmer 15.05 repository due to a reported security issue.

Why does this not show up in the CC git tree?
> 
> REFERENCES
> 
...

>  * 
> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d
>  * 
> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b
>  * 
> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd
>  * 
> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c
>  * 
> http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0


all return '404 - Unknown commit object'


With kind regards

Stefan Peter
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

2015-11-24 Thread jow

The polarssl package has been rebuilt and was uploaded to the Chaos
Calmer 15.05 repository due to a reported security issue.


VERSION

1.3.11-1 => 1.3.14-1


CHANGELOG

[Sun, 18 Oct 2015 21:48:32 + ed8b245]

Update to version 1.3.14

This fixes CVE-2015-5291 and some other smaller security issues.

[Thu, 15 Oct 2015 22:12:13 + cef3ed6]

Remove trailing whitespaces

[Tue, 1 Sep 2015 18:48:15 + 56ac717]

Bump to 1.3.12

[Tue, 18 Aug 2015 08:37:38 + c3eab1c]

Packages that depend on PolarSSL fail to build because polarssl's
InstallDev section never actually gets executed because (prior to this
patch) the package name does not match the subdir the package is in
(presumably due to upstream name change). As a workaround I have changed
the package name back to polarssl and used a new variable SRC_PKG_NAME
for the purposes of downloading the upstream tarball and creating
PKG_BUILD_DIR.

[Fri, 24 Jul 2015 22:26:44 + 72f741c]

Package version 2.0, make polarssl compatible


CHANGES

 package/libs/polarssl/Makefile|   21 ---
 .../polarssl/patches/100-disable_sslv3.patch  |2 +-
 .../polarssl/patches/200-reduce_config.patch  |   50 -
 3 files changed, 38 insertions(+), 35 deletions(-)


REFERENCES

 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291
 * 
https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released
 * 
https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released
 * 
https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.2-and-1.3.14-and-polarssl-1.2.17-released
 * 
http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=72f741c118ac89f4fb6f03211227ec86c2eb5f6d
 * 
http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=c3eab1cd32f7576a9aa21f7554cb31daeaab5e3b
 * 
http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=56ac71722f0d275a1f1a04b4a1bc0e00303ebfcd
 * 
http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=cef3ed688e2e7a8521ad386b64849258087f4f9c
 * 
http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=ed8b2452a211dc09c85e73f252d8922ee7e2efd0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

Re: [OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

[OpenWrt-Devel] [CC 15.05] polarssl: Security update (CVE-2015-5291)

5 matches

Site Navigation

Mail list logo

Footer information