Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add g_multi patch #1

Open
jadonk opened this issue Nov 7, 2013 · 0 comments
Open

Add g_multi patch #1

jadonk opened this issue Nov 7, 2013 · 0 comments

Comments

@jadonk
Copy link
Owner

jadonk commented Nov 7, 2013

No description provided.

jadonk pushed a commit that referenced this issue Jan 16, 2019
@baruchsiach @jacmet
psmisc: bump to version 23.2
d6f2fb1 
Drop patch #1; applied upstream.

Drop patch #2; not needed since we don't autoreconf, and the issue is
fixed upstream anyway.

Add license hash.

Signed-off-by: Baruch Siach <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
jadonk pushed a commit that referenced this issue Jan 16, 2019
@baruchsiach @jacmet
openssh: bump to version 7.9p1
458ad4d 
Drop patch #1. uClibc no longer includes pthreads.h indirectly.

Drop patch #2. The sys/param.h header is included indirectly through the
local includes.h header since version 6.8p1.

Signed-off-by: Baruch Siach <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
jadonk pushed a commit that referenced this issue Mar 19, 2019
@jacmet
package/wolfssl: security bump to version 3.5.17
4e1b3c6 
From the release notes:

This release of wolfSSL includes a fix for 1 security vulnerability.

Medium level fix for potential cache attack with a variant of
Bleichenbacher’s attack.  Earlier versions of wolfSSL leaked PKCS #1 v1.5
padding information during private key decryption that could lead to a
potential padding oracle attack.  It is recommended that users update to the
latest version of wolfSSL if they have RSA cipher suites enabled and have
the potential for malicious software to be ran on the same system that is
performing RSA operations.  Users that have only ECC cipher suites enabled
and are not performing RSA PKCS #1 v1.5 Decryption operations are not
vulnerable.  Also users with TLS 1.3 only connections are not vulnerable to
this attack.  Thanks to Eyal Ronen (Weizmann Institute), Robert Gillham
(University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir
(Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of
Adelaide and Data61) for the report.

The paper for further reading on the attack details can be found at
http://cat.eyalro.net/cat.pdf

Drop now upstreamed patch.

Signed-off-by: Peter Korsgaard <[email protected]>
jadonk pushed a commit that referenced this issue Mar 19, 2019
@baruchsiach @jacmet
libssh: fix some -Werror=strict-overflow build failures
9952e3b 
Add fixes for some of the build failures caused by strict-overflow
warnings. Patches #1, #2, and #4 are upstream. Patch #3 is pending
upstream.

Fixes:
http://autobuild.buildroot.net/results/923/9239f230629ca4e381af5e8f43989997d9bfde99/
http://autobuild.buildroot.net/results/618/6187b92bcdfd9281683c37906ae74f2e0c5e6d0e/
http://autobuild.buildroot.net/results/9eb/9eb5ed92a923f0c038e3d913289eddc1cda1b62f/

Cc: Scott Fan <[email protected]>
Signed-off-by: Baruch Siach <[email protected]>
Signed-off-by: Peter Korsgaard <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jadonk