ipfire-2.x.git
5 years agogeneral-functions.pl: Add function to get full country name.
Stefan Schantl [Sat, 3 Jan 2015 19:15:28 +0000 (20:15 +0100)] 
general-functions.pl: Add function to get full country name.

This function will return the full name a country specified by
it's country shortcut. It also will provide some additional names
which are not handled by the perl locale module but are parts of
ISO 3166.

5 years agoxtables-addons: New package.
Stefan Schantl [Sat, 3 Jan 2015 13:07:49 +0000 (14:07 +0100)] 
xtables-addons: New package.

The xtables-addons package provides many additional filter modules for iptables.
Currently we are only building the "geoip" module which can be used to create
firewall rules which will do actions based on the country membership of the senders/targets
address.

In order to build the required kernel modules I had to change build order for
several packages as well.

5 years agoperl-Text-CSV_XS: New package.
Stefan Schantl [Sat, 3 Jan 2015 13:03:20 +0000 (14:03 +0100)] 
perl-Text-CSV_XS: New package.

This perl module is required to convert the provided geoip databases in CSV format into
a useable binary format for the geoip module.

5 years agoperl-Locale-Country: Update country codes to version 3.33.
Stefan Schantl [Sat, 3 Jan 2015 13:01:43 +0000 (14:01 +0100)] 
perl-Locale-Country: Update country codes to version 3.33.

5 years agoperl-Text-CSV_XS: New package.
Stefan Schantl [Sat, 20 Dec 2014 15:02:29 +0000 (16:02 +0100)] 
perl-Text-CSV_XS: New package.

This is a dependency for the xtables-geoip module to convert the only in the cvs
provided geoip list into a compatible binary format.

5 years agorootfile updates (kernel, glibc, newt on arm). seventeen
Arne Fitzenreiter [Sun, 30 Nov 2014 11:17:56 +0000 (12:17 +0100)] 
rootfile updates (kernel, glibc, newt on arm).

5 years agokernel: rootfile updates.
Arne Fitzenreiter [Sun, 30 Nov 2014 10:59:29 +0000 (11:59 +0100)] 
kernel: rootfile updates.

5 years agolinux-initrd: skip initrd build of pae and rpi kernel.
Arne Fitzenreiter [Sun, 30 Nov 2014 08:30:58 +0000 (09:30 +0100)] 
linux-initrd: skip initrd build of pae and rpi kernel.

5 years agosamba: fix mode of winbindd_privileged folder.
Arne Fitzenreiter [Sun, 30 Nov 2014 08:25:56 +0000 (09:25 +0100)] 
samba: fix mode of winbindd_privileged folder.

5 years agoremove more enused patches.
Arne Fitzenreiter [Sun, 30 Nov 2014 00:45:15 +0000 (01:45 +0100)] 
remove more enused patches.

5 years agokenrel: fix build 2nd try.
Arne Fitzenreiter [Fri, 28 Nov 2014 06:27:45 +0000 (07:27 +0100)] 
kenrel: fix build 2nd try.

5 years agokernel: fix build.
Arne Fitzenreiter [Thu, 27 Nov 2014 06:57:54 +0000 (07:57 +0100)] 
kernel: fix build.

5 years agokernel: headers still not build with grsec patch on i586.
Arne Fitzenreiter [Thu, 27 Nov 2014 06:48:05 +0000 (07:48 +0100)] 
kernel: headers still not build with grsec patch on i586.

5 years agoMerge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen
Arne Fitzenreiter [Thu, 27 Nov 2014 06:34:41 +0000 (07:34 +0100)] 
Merge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen

5 years agokernel: remove obsolete modules and patches.
Arne Fitzenreiter [Thu, 27 Nov 2014 06:33:50 +0000 (07:33 +0100)] 
kernel: remove obsolete modules and patches.

5 years agotzdata: Fix build to include leap seconds
Michael Tremer [Sun, 23 Nov 2014 00:16:12 +0000 (01:16 +0100)] 
tzdata: Fix build to include leap seconds

5 years agotzdata: Update to 2014j
Michael Tremer [Sun, 23 Nov 2014 00:01:58 +0000 (01:01 +0100)] 
tzdata: Update to 2014j

5 years agokernel: update to 3.14.25.
Arne Fitzenreiter [Sat, 22 Nov 2014 22:13:49 +0000 (23:13 +0100)] 
kernel: update to 3.14.25.

5 years agou-boot: update pandaboard config.
Arne Fitzenreiter [Sat, 22 Nov 2014 22:13:18 +0000 (23:13 +0100)] 
u-boot: update pandaboard config.

5 years agokernel: update multiarm config for pandaboard.
Arne Fitzenreiter [Sat, 22 Nov 2014 22:12:28 +0000 (23:12 +0100)] 
kernel: update multiarm config for pandaboard.

5 years agokernel: fix rpi patches.
Arne Fitzenreiter [Mon, 17 Nov 2014 05:31:29 +0000 (06:31 +0100)] 
kernel: fix rpi patches.

5 years agokernel: update to 3.14.24.
Arne Fitzenreiter [Sun, 16 Nov 2014 14:49:51 +0000 (15:49 +0100)] 
kernel: update to 3.14.24.

5 years agocore86: Do all other fancy kernel updating stuff
Michael Tremer [Sun, 16 Nov 2014 13:09:50 +0000 (14:09 +0100)] 
core86: Do all other fancy kernel updating stuff

5 years agoMerge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Sun, 16 Nov 2014 10:38:45 +0000 (11:38 +0100)] 
Merge remote-tracking branch 'origin/seventeen' into seventeen

5 years agoinstaller: Power off instead of reboot after unattended install
Michael Tremer [Sun, 16 Nov 2014 10:37:47 +0000 (11:37 +0100)] 
installer: Power off instead of reboot after unattended install

5 years agokernel-pae: update un/install scripts for grub2.
Arne Fitzenreiter [Sun, 16 Nov 2014 09:07:33 +0000 (10:07 +0100)] 
kernel-pae: update un/install scripts for grub2.

5 years agoinstaller: Only drop to a debug shell after a segmentation fault
Michael Tremer [Thu, 13 Nov 2014 23:02:41 +0000 (00:02 +0100)] 
installer: Only drop to a debug shell after a segmentation fault

5 years agoinstaller: Fix umounting destination
Michael Tremer [Thu, 13 Nov 2014 22:58:05 +0000 (23:58 +0100)] 
installer: Fix umounting destination

5 years agoMerge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Mon, 10 Nov 2014 16:36:01 +0000 (17:36 +0100)] 
Merge remote-tracking branch 'origin/seventeen' into seventeen

5 years agokernel: update netdev ledtrigger patch.
Arne Fitzenreiter [Thu, 6 Nov 2014 19:16:58 +0000 (20:16 +0100)] 
kernel: update netdev ledtrigger patch.

5 years agokernel: disable crashing sensor drivers on arm.
Arne Fitzenreiter [Wed, 5 Nov 2014 23:09:19 +0000 (00:09 +0100)] 
kernel: disable crashing sensor drivers on arm.

5 years agoMerge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen
Arne Fitzenreiter [Wed, 5 Nov 2014 23:08:55 +0000 (00:08 +0100)] 
Merge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen

5 years agokernel: kirkwood: fix legacy boot patch for dreamplug.
Arne Fitzenreiter [Wed, 5 Nov 2014 23:08:13 +0000 (00:08 +0100)] 
kernel: kirkwood: fix legacy boot patch for dreamplug.

5 years agoflash-images: use third partition again as root.
Arne Fitzenreiter [Wed, 5 Nov 2014 23:06:43 +0000 (00:06 +0100)] 
flash-images: use third partition again as root.

5 years agoinstaller: Improve check for serial console option
Michael Tremer [Wed, 5 Nov 2014 22:43:01 +0000 (23:43 +0100)] 
installer: Improve check for serial console option

5 years agohttpscert: Create certificate with SHA256 hash
Timmothy Wilson [Wed, 5 Nov 2014 21:08:02 +0000 (22:08 +0100)] 
httpscert: Create certificate with SHA256 hash

5 years agopart/fsresize: fix on systems without initrd.
Arne Fitzenreiter [Wed, 5 Nov 2014 13:27:59 +0000 (14:27 +0100)] 
part/fsresize: fix on systems without initrd.

/proc/mounts has no correct entry for / on such systems.
Use mount instead.

5 years agokernel: arm-multi: disable hanging sunxi_ss crypto module.
Arne Fitzenreiter [Wed, 5 Nov 2014 13:26:37 +0000 (14:26 +0100)] 
kernel: arm-multi: disable hanging sunxi_ss crypto module.

udev loads the problematic module automaticly.

5 years agoinstaller: Fix download of the ISO image
Michael Tremer [Wed, 5 Nov 2014 00:34:27 +0000 (01:34 +0100)] 
installer: Fix download of the ISO image

5 years agoinstaller: Don't try to install /etc/hosts which does not exist
Michael Tremer [Wed, 5 Nov 2014 00:33:59 +0000 (01:33 +0100)] 
installer: Don't try to install /etc/hosts which does not exist

5 years agoinstaller: Show better helpline in unattended mode
Michael Tremer [Wed, 5 Nov 2014 00:33:29 +0000 (01:33 +0100)] 
installer: Show better helpline in unattended mode

5 years agoMerge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Tue, 4 Nov 2014 22:52:28 +0000 (23:52 +0100)] 
Merge remote-tracking branch 'origin/seventeen' into seventeen

5 years agofireinfo: Import latest fixes for ARM
Michael Tremer [Tue, 4 Nov 2014 22:52:02 +0000 (23:52 +0100)] 
fireinfo: Import latest fixes for ARM

5 years agokernel: build sunxi crypto driver as module.
Arne Fitzenreiter [Tue, 4 Nov 2014 19:24:17 +0000 (20:24 +0100)] 
kernel: build sunxi crypto driver as module.

5 years agokernel: readd kirkwood legacy boot code.
Arne Fitzenreiter [Tue, 4 Nov 2014 19:21:05 +0000 (20:21 +0100)] 
kernel: readd kirkwood legacy boot code.

5 years agokernel: enable carl97xx hwrng.
Arne Fitzenreiter [Tue, 4 Nov 2014 19:16:17 +0000 (20:16 +0100)] 
kernel: enable carl97xx hwrng.

5 years agoMerge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen
Arne Fitzenreiter [Tue, 4 Nov 2014 19:12:50 +0000 (20:12 +0100)] 
Merge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen

5 years agoCreate Core Update 86
Michael Tremer [Mon, 3 Nov 2014 22:41:09 +0000 (23:41 +0100)] 
Create Core Update 86

5 years agonagios+icinga plugins: removed ipv6 support
Sascha Kilian [Fri, 31 Oct 2014 15:15:54 +0000 (16:15 +0100)] 
nagios+icinga plugins: removed ipv6 support

5 years agofix typo
David Kleuker [Mon, 3 Nov 2014 16:43:25 +0000 (17:43 +0100)] 
fix typo

5 years agouse bash instead of sh
David Kleuker [Mon, 3 Nov 2014 16:33:27 +0000 (17:33 +0100)] 
use bash instead of sh

5 years agoMerge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Mon, 3 Nov 2014 17:36:31 +0000 (18:36 +0100)] 
Merge remote-tracking branch 'origin/seventeen' into seventeen

5 years agoinstaller: Correctly position buttons in dialogs
Michael Tremer [Mon, 3 Nov 2014 17:35:56 +0000 (18:35 +0100)] 
installer: Correctly position buttons in dialogs

5 years agokernel: arm multiarch: enanble xhci.
Arne Fitzenreiter [Sun, 2 Nov 2014 20:45:03 +0000 (21:45 +0100)] 
kernel: arm multiarch: enanble xhci.

5 years agoMerge branch 'kernel-test-next' into seventeen
Arne Fitzenreiter [Sun, 2 Nov 2014 08:38:44 +0000 (09:38 +0100)] 
Merge branch 'kernel-test-next' into seventeen

5 years agoMerge branch 'seventeen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen
Arne Fitzenreiter [Sun, 2 Nov 2014 08:38:23 +0000 (09:38 +0100)] 
Merge branch 'seventeen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen

5 years agokernel: use correct external modules at initrd build.
Arne Fitzenreiter [Sat, 1 Nov 2014 18:57:51 +0000 (19:57 +0100)] 
kernel: use correct external modules at initrd build.

5 years agokernel: patches and preliminary 3.14 config for arm.
Arne Fitzenreiter [Sat, 1 Nov 2014 16:26:09 +0000 (17:26 +0100)] 
kernel: patches and preliminary 3.14 config for arm.

5 years agoflash-images: distro image is not compressed on arm.
Arne Fitzenreiter [Sat, 1 Nov 2014 16:23:40 +0000 (17:23 +0100)] 
flash-images: distro image is not compressed on arm.

5 years agokernel: rootfile update (i586).
Arne Fitzenreiter [Sat, 1 Nov 2014 16:19:09 +0000 (17:19 +0100)] 
kernel: rootfile update (i586).

5 years agoglibc: rootfile update (i586)
Arne Fitzenreiter [Sat, 1 Nov 2014 16:18:43 +0000 (17:18 +0100)] 
glibc: rootfile update (i586)

5 years agoMerge remote-tracking branch 'origin/seventeen' into kernel-test-next
Arne Fitzenreiter [Fri, 31 Oct 2014 16:32:58 +0000 (17:32 +0100)] 
Merge remote-tracking branch 'origin/seventeen' into kernel-test-next

5 years agoinstaller: Create locale archive to save space in the initrd
Michael Tremer [Thu, 30 Oct 2014 22:18:31 +0000 (23:18 +0100)] 
installer: Create locale archive to save space in the initrd

5 years agoNew Addon: tmux
Erik Kapfer [Thu, 30 Oct 2014 15:42:47 +0000 (16:42 +0100)] 
New Addon: tmux

5 years agosquidclamav: Fix an error when parsing the client IP address
Michael Tremer [Thu, 30 Oct 2014 16:49:43 +0000 (17:49 +0100)] 
squidclamav: Fix an error when parsing the client IP address

5 years agoUpdate some stuff for the Italian translation
Michael Tremer [Tue, 28 Oct 2014 01:04:05 +0000 (02:04 +0100)] 
Update some stuff for the Italian translation

5 years agoAdd an Italian translation
Umberto Parma [Thu, 23 Oct 2014 12:09:19 +0000 (14:09 +0200)] 
Add an Italian translation

file web interface in Italian

5 years agoinstaller: Initialize console font
Michael Tremer [Mon, 27 Oct 2014 23:49:19 +0000 (00:49 +0100)] 
installer: Initialize console font

5 years agoSet LatArCyrHeb-16 as default font
Michael Tremer [Mon, 27 Oct 2014 22:52:55 +0000 (23:52 +0100)] 
Set LatArCyrHeb-16 as default font

5 years agostrongswan: Update to 5.2.1
Michael Tremer [Sun, 26 Oct 2014 20:00:08 +0000 (21:00 +0100)] 
strongswan: Update to 5.2.1

5 years agoglibc: Fix build on x86
Michael Tremer [Sun, 26 Oct 2014 19:51:14 +0000 (20:51 +0100)] 
glibc: Fix build on x86

Some files that are patched for ARM are not available
on the x86 source tree. Hence the sed command should not
be executed.

5 years agoMerge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Sun, 26 Oct 2014 19:11:57 +0000 (20:11 +0100)] 
Merge remote-tracking branch 'origin/seventeen' into seventeen

Conflicts:
make.sh

5 years agoinstaller: Implement option to run a postinstall script in the installer
Michael Tremer [Sun, 26 Oct 2014 19:11:04 +0000 (20:11 +0100)] 
installer: Implement option to run a postinstall script in the installer

5 years agokernel: update to 3.14.22 (intel only yet).
Arne Fitzenreiter [Sun, 26 Oct 2014 15:40:04 +0000 (16:40 +0100)] 
kernel: update to 3.14.22 (intel only yet).

5 years agocryptodev: update to unreleased 1.7 from git.
Arne Fitzenreiter [Sun, 26 Oct 2014 15:38:38 +0000 (16:38 +0100)] 
cryptodev: update to unreleased 1.7 from git.

5 years agoglibc: fix build on intel platform.
Arne Fitzenreiter [Sun, 26 Oct 2014 15:37:44 +0000 (16:37 +0100)] 
glibc: fix build on intel platform.

5 years agoinstaller: Allow to disable creation of swap space on command line
Michael Tremer [Sun, 26 Oct 2014 15:00:03 +0000 (16:00 +0100)] 
installer: Allow to disable creation of swap space on command line

5 years agoinstaller: Fix loads of compiler warnings
Michael Tremer [Sat, 25 Oct 2014 13:54:45 +0000 (15:54 +0200)] 
installer: Fix loads of compiler warnings

5 years agoinstaller: Rework downloading ISO and allow using a custom URL
Michael Tremer [Sat, 25 Oct 2014 12:56:23 +0000 (14:56 +0200)] 
installer: Rework downloading ISO and allow using a custom URL

5 years agoMerge branch 'kernel-test' into seventeen
Arne Fitzenreiter [Fri, 24 Oct 2014 10:00:34 +0000 (12:00 +0200)] 
Merge branch 'kernel-test' into seventeen

5 years agokernel: fix build on rpi.
Arne Fitzenreiter [Fri, 24 Oct 2014 09:58:00 +0000 (11:58 +0200)] 
kernel: fix build on rpi.

5 years agokernel: fix uInit ramdisk build.
Arne Fitzenreiter [Thu, 23 Oct 2014 19:58:23 +0000 (21:58 +0200)] 
kernel: fix uInit ramdisk build.

5 years agoglibc: fix build with new patches.
Michael Tremer [Thu, 23 Oct 2014 19:57:36 +0000 (21:57 +0200)] 
glibc: fix build with new patches.

5 years agoinstaller: Simplify kernel command line parsing
Michael Tremer [Wed, 22 Oct 2014 23:05:56 +0000 (01:05 +0200)] 
installer: Simplify kernel command line parsing

5 years agoset toolchain to 8 and version to 2.17.
Arne Fitzenreiter [Wed, 22 Oct 2014 19:35:13 +0000 (21:35 +0200)] 
set toolchain to 8 and version to 2.17.

5 years agotzdata: fix build with new coreutils.
Arne Fitzenreiter [Wed, 22 Oct 2014 19:34:42 +0000 (21:34 +0200)] 
tzdata: fix build with new coreutils.

5 years agoRevert "Revert "toolchain: Fix compiling due to Stack Protector changes.""
Arne Fitzenreiter [Wed, 22 Oct 2014 11:49:54 +0000 (13:49 +0200)] 
Revert "Revert "toolchain: Fix compiling due to Stack Protector changes.""

This reverts commit 4ec728f840372f61d61c5019d766f453231eb706.

5 years agoinstaller: Create a config struct
Michael Tremer [Tue, 21 Oct 2014 20:30:36 +0000 (22:30 +0200)] 
installer: Create a config struct

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen
Michael Tremer [Tue, 21 Oct 2014 19:14:19 +0000 (21:14 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen

5 years agoUpdate Turkish translation
Ersan Yildirim [Mon, 20 Oct 2014 09:59:31 +0000 (11:59 +0200)] 
Update Turkish translation

5 years agocore85: set version to core85.
Arne Fitzenreiter [Thu, 16 Oct 2014 09:34:20 +0000 (11:34 +0200)] 
core85: set version to core85.

5 years agoMerge branch 'install-raid' into seventeen
Michael Tremer [Wed, 15 Oct 2014 21:39:20 +0000 (23:39 +0200)] 
Merge branch 'install-raid' into seventeen

Conflicts:
make.sh

5 years agoinstaller: Make restoring the backup interactive
Michael Tremer [Wed, 15 Oct 2014 21:38:05 +0000 (23:38 +0200)] 
installer: Make restoring the backup interactive

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 15 Oct 2014 20:55:54 +0000 (22:55 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoapache: Disable SSLv3 by default for the IPFire webinterface
Michael Tremer [Wed, 15 Oct 2014 20:55:26 +0000 (22:55 +0200)] 
apache: Disable SSLv3 by default for the IPFire webinterface

5 years agoopenssl-compat: update to 0.9.8zc
Arne Fitzenreiter [Wed, 15 Oct 2014 19:44:29 +0000 (21:44 +0200)] 
openssl-compat: update to 0.9.8zc

5 years agokernel: fix build for rpi.
Arne Fitzenreiter [Wed, 15 Oct 2014 18:42:38 +0000 (20:42 +0200)] 
kernel: fix build for rpi.

the eMMC patch is also inside of the rpi patchset from rpi-foundation so it cannot applied again.

5 years agoCreate Core Update 85
Michael Tremer [Wed, 15 Oct 2014 17:48:16 +0000 (19:48 +0200)] 
Create Core Update 85

5 years agoopenssl: Update to version 1.0.1j
Michael Tremer [Wed, 15 Oct 2014 17:19:15 +0000 (19:19 +0200)] 
openssl: Update to version 1.0.1j

OpenSSL Security Advisory [15 Oct 2014]
=======================================

SRTP Memory Leak (CVE-2014-3513)
================================

Severity: High

A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Session Ticket Memory Leak (CVE-2014-3567)
==========================================

Severity: Medium

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

This issue was reported to OpenSSL on 8th October 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL 3.0 Fallback protection
===========================

Severity: Medium

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.

Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
https://www.openssl.org/~bodo/ssl-poodle.pdf

Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.

Build option no-ssl3 is incomplete (CVE-2014-3568)
==================================================

Severity: Low

When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.

The fix was developed by Akamai and the OpenSSL team.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv_20141015.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

5 years agokernel: uodate to 3.10.58.
Arne Fitzenreiter [Wed, 15 Oct 2014 14:11:27 +0000 (16:11 +0200)] 
kernel: uodate to 3.10.58.