ports/core
4
3
Fork 0
Code Issues 4 Pull Requests Activity
2,600 Commits 18 Branches 47 Tags
Commit Graph

2600 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juergen Daubert
8d09c07617 hdparm: update to 9.45 2014-09-29 12:25:22 +02:00
Fredrik Rinnestam
39b500ce4d bash: cleanup 2014-09-28 16:04:01 +02:00
Fredrik Rinnestam
f5cf6ed0d7 bash: updated to 4.3.27. (official patches) 2014-09-28 16:02:44 +02:00
Juergen Daubert
21401f4846 [notify] dhcpcd: update to 6.4.7 
includes the following addition:

   *  Sanitise the following characters using svis(3) with VIS_CTYLE and
      VIS_OCTAL:
          | ^ & ; < > ( ) $ ` \ " ' <tab> <newline>
      This allows a non buggy unvis(1) to decode it 100% and stays compatible
      with how dhcpcd used to handle encoding on most platforms.
      For systems that supply svis(3) there is a code reduction, for systems
      that do not, a slight code increase. This change mitigates systems
      affected by bash CVE-2014-6271 and CVE-2014-7169.

Obviously the last one is quite important as DHCP/RA is one of the attack
vectors the "shellshock" bug.
As dhcpcd cannot know if /bin/sh is vulnerable (and as of now, bash is *still*
vulnerable), it sanitises all the important shell characters as noted in IEEE
Std 1003.1, 2004 Edition, 2. Shell Command Language, 2.2 Quoting with the
exception of the space character.

Full change log:
http://roy.marples.name/archives/dhcpcd-discuss/2014/0811.html
 2014-09-27 11:48:05 +02:00
Juergen Daubert
c6e7bdd322 tzdata: update to 2014h 2014-09-27 11:47:54 +02:00
Fredrik Rinnestam
b3112c50f9 [notify] bash: added patch for CVE-2014-7169 (incomplete CVE-2014-6271 patch) 2014-09-26 17:40:59 +02:00
Juergen Daubert
ab953853d5 procps: update to 3.3.10 2014-09-24 17:26:47 +02:00
Juergen Daubert
552bb800c8 [notify] bash: update to 4.3.25 
Security fix for CVE-2014-6271, see
- http://seclists.org/oss-sec/2014/q3/650
- http://article.gmane.org/gmane.comp.shells.bash.bugs/21993
 2014-09-24 17:20:52 +02:00
Juergen Daubert
6e5075e225 man-pages: update to 3.73 2014-09-22 19:17:29 +02:00
Juergen Daubert
ae59a8f40f xz: update to 5.0.7 2014-09-22 19:17:09 +02:00
Juergen Daubert
a05dd53940 dhcpcd: update to 6.4.5 2014-09-19 10:55:45 +02:00
Juergen Daubert
ba5d35229b xz: update to 5.0.6 2014-09-18 16:17:31 +02:00
Fredrik Rinnestam
57c028aa04 [notify] curl: updated to 7.38.0. 
Security fixes for CVE-2014-3620, CVE-2014-3613
 2014-09-10 23:05:57 +02:00
Fredrik Rinnestam
d121dc955d man-pages: updated to 3.72 2014-09-08 23:33:49 +02:00
Juergen Daubert
9ef886fa0c util-linux: explicit disable chfn, chsh and runuser 2014-09-06 13:32:25 +02:00
Juergen Daubert
c37dc614a4 ca-certificates: update to 20140903 2014-09-06 12:06:49 +02:00
Juergen Daubert
673468a2cc util-linux: update to 2.25.1 2014-09-03 13:41:33 +02:00
Juergen Daubert
772bbba1dc sysklogd: rotatelog: don't truncate logfile if cp fails 2014-09-01 11:22:15 +02:00
Juergen Daubert
39c38fc371 tzdata: update to 2014g 2014-09-01 11:20:48 +02:00
Juergen Daubert
c1cda39572 libdevmapper: update to 1.02.90 2014-09-01 11:20:26 +02:00
Juergen Daubert
d761cd53a4 libdevmapper: update to 1.02.89 2014-08-29 09:36:24 +02:00
Fredrik Rinnestam
aca6c42165 glibc: added patch md5sum 2014-08-28 19:52:23 +02:00
Fredrik Rinnestam
f3ad616247 [notifty] glibc: added fix for CVE-2014-5119 2014-08-28 19:44:29 +02:00
Fredrik Rinnestam
5d7b65528d btrfs-progs: updated to 3.16 2014-08-26 20:21:05 +02:00
Juergen Daubert
511219084f eudev: add --disable-manpages to avoid net access if libxslt is installed 2014-08-26 07:48:05 +02:00
Juergen Daubert
7c97ef0167 eudev: install prebuild man-pages 2014-08-26 07:32:53 +02:00
Juergen Daubert
cb75886e06 vim: update to 7.4.417 2014-08-25 17:56:08 +02:00
Juergen Daubert
73a3dbb619 eudev: update to 1.10 2014-08-25 17:56:08 +02:00
Juergen Daubert
7846f17091 ca-certificates: update to 20140820 2014-08-25 17:56:08 +02:00
Fredrik Rinnestam
145eed9c8b man-pages: updated to 3.71 2014-08-20 19:31:47 +02:00
Juergen Daubert
cdf9a21cc0 util-linux: update to 2.25 2014-08-20 10:35:14 +02:00
Juergen Daubert
2930a95d33 bash: update to 4.3.24 2014-08-19 13:06:58 +02:00
Juergen Daubert
2255d2ebda xfsprogs: update to 3.2.1 2014-08-18 09:50:13 +02:00
Juergen Daubert
aa9115e03c man-pages: update to 3.70 2014-08-18 09:23:22 +02:00
Juergen Daubert
750bde0e04 kbd: update to 2.0.2 2014-08-18 09:23:22 +02:00
Fredrik Rinnestam
df6936fb6b time: FS#1020 hack 2014-08-17 13:58:09 +02:00
Juergen Daubert
7c0241cb98 iproute2: update to 3.16.0 2014-08-16 13:38:07 +02:00
Juergen Daubert
b7989cdc7d tzdata: update to 2014f 2014-08-16 13:38:07 +02:00
Juergen Daubert
9c9acbf418 readline: update to 6.3.8 2014-08-16 13:38:07 +02:00
Fredrik Rinnestam
21205ae8e8 exim: updated to 4.84 2014-08-14 22:09:35 +02:00
Juergen Daubert
85a604f6e3 ca-certificates: update to 20140715 2014-08-10 14:29:20 +02:00
Juergen Daubert
5db0adfc51 dhcpcd: update to 6.4.3 2014-08-10 14:29:20 +02:00
Juergen Daubert
a6b0081c1a bash: update to 4.3.22 2014-08-10 14:29:20 +02:00
Juergen Daubert
6e9c6a45ad eudev: update to 1.9 2014-08-10 14:29:20 +02:00
Fredrik Rinnestam
a1145af8eb [notify] ppp: updated to 2.4.7. Fix for CVE-2014-3158 2014-08-10 01:05:27 +02:00
Fredrik Rinnestam
a6e1f3352c [notify] openssl: updated to 1.0.1i. 
Release resolves nine security issues. Advisory: http://www.openssl.org/news/secadv_20140806.txt
 2014-08-07 01:32:42 +02:00
Matt Housh
bb593db047 libdevmapper: updated to version 1.02.88 2014-08-05 16:52:54 -05:00
Fredrik Rinnestam
b5811f168e file: updated to 5.19 2014-08-03 01:07:08 +02:00
Fredrik Rinnestam
9a74ce8ef0 libdevmapper: updated to 1.02.87 2014-08-03 01:06:33 +02:00
Fredrik Rinnestam
2450caa1f4 tar: updated to 1.28 2014-08-01 18:02:40 +02:00