Jan Lentfer [Sat, 16 Jun 2012 10:31:18 +0000 (12:31 +0200)]
asterisk: Update to 1.8.13.0.
The 1.4 branch of asterisk does not build with the new flex and bison.
Also, the 1.4 branch was EOL'ed April 2012. The 1.8 branch has long
term support until 2015.
This patch also update chan_capi to the most recent version (HEAD),
as this is the only one that compiles with asterisk 1.8.
Asterisk 1.8 ships addons as part of the main tarball.
Asterisk 1.8 has no build in mp3 support anymore, mp3 libs need to be
downloaded seperatly via svn
(see asterisk-1.8.13.0/contrib/scripts/get_mp3_source.sh).
This patch DOES NOT include mp3 support.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jan Lentfer [Sat, 16 Jun 2012 10:31:18 +0000 (12:31 +0200)]
asterisk: Update to 1.8.13.0.
The 1.4 branch of asterisk does not build with the new flex and bison.
Also, the 1.4 branch was EOL'ed April 2012. The 1.8 branch has long
term support until 2015.
This patch also update chan_capi to the most recent version (HEAD),
as this is the only one that compiles with asterisk 1.8.
Asterisk 1.8 ships addons as part of the main tarball.
Asterisk 1.8 has no build in mp3 support anymore, mp3 libs need to be
downloaded seperatly via svn
(see asterisk-1.8.13.0/contrib/scripts/get_mp3_source.sh).
This patch DOES NOT include mp3 support.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 15 Jun 2012 09:32:00 +0000 (11:32 +0200)]
libc-headers: Extract header files from kernel.
Previously, there have been header sanizied header files used
from kernel 2.6.12.0, which got harder to maintain over the
years and may cause unseen problems.
collectd hangs with 100% cpu usage if there is a very old entry
in the database. This was created at the first start without internet so
ntp cannot set the time.
strongswan: security update to 4.6.4 (fix CVE-2012-2388).
RSA signature verification vulnerability
see http://http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html for details.
Erik Kapfer [Thu, 24 May 2012 08:47:37 +0000 (10:47 +0200)]
openvpn: Change colour of N2N connections.
From https://bugzilla.ipfire.org/show_bug.cgi?id=10137:
The first patch i have made is to give the index.cgi the origin colour (the
same then for the roadwarrior) for OpenVPN N2N connections on IPFire. At this
time the colour is stated in IPSec colour, so i made a patch to change this.
Normally 576 is the smallest valid mtu but some cable provider set this
also if they support much higher mtu's. Fedora does not accept
this to prevent speed problems with such isp connections so we do the same.
If you really need mtu=576 you can still force at at the setup.
openssl: security update to 0.9.8x (CVE-2012-2333).
Invalid TLS/DTLS record attack (CVE-2012-2333)
===============================================
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers.
DTLS applications are affected in all versions of OpenSSL. TLS is only
affected in OpenSSL 1.0.1 and later.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing
as a service testing platform.
The fix was developed by Stephen Henson of the OpenSSL core team.
Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120510.txt
Normally 576 is the smallest valid mtu but some cable provider set this
also if they support much higher mtu's. Fedora does not accept
this to prevent speed problems with such isp connections so we do the same.
If you really need mtu=576 you can still force at at the setup.
openssl: security update to 0.9.8x (CVE-2012-2333).
Invalid TLS/DTLS record attack (CVE-2012-2333)
===============================================
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers.
DTLS applications are affected in all versions of OpenSSL. TLS is only
affected in OpenSSL 1.0.1 and later.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing
as a service testing platform.
The fix was developed by Stephen Henson of the OpenSSL core team.
Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120510.txt