[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dragora-bug] Dragora 2.2 updates #006
From: |
Matias A. Fonzo |
Subject: |
[Dragora-bug] Dragora 2.2 updates #006 |
Date: |
Mon, 23 Jun 2014 22:47:34 -0300 |
User-agent: |
SquirrelMail/1.5.2 [SVN] |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Dragora team is happy in announcing the security updates #006,
security issues involving the following packages are:
curl
file
gnupg1
gnupg2
gnutls
gpgme
libgpg-error
libtasn1
mutt
nspr
openssl
pidgin
We recommend that you upgrade your packages as soon as possible.
Details
- -------
Most packages have been updated to the latest version, which cover a
wide range of security advisories (and bug-fixes) that is long to list here.
However, special emphasis has been put on the building to not break
compatibility with the version number from the packages of Dragora 2. This
includes the update of libgpg-error and libtasn1, dependencies for the
last gnupg. nspr has been rebuilt to solve CVE-2013-5607. openssl-1.0.0m
corrects: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198,
CVE-2010-5298, and CVE-2014-3470. For more information, visit:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
Obtain the packages from
* 32 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/curl-7.37.0-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/file-5.19-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/gnupg1-1.4.17-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/gnupg2-2.0.23-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/gnutls-2.12.23-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/gpgme-1.3.2-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/libgpg-error-1.13-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/libtasn1-2.14-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/mutt-1.5.23-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/nspr-4.8.9-i486-2.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/openssl-1.0.0m-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/pidgin-2.10.9-i486-1.tlz
* 64 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/curl-7.37.0-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/file-5.19-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/gnupg1-1.4.17-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/gnupg2-2.0.23-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/gnutls-2.12.23-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/gpgme-1.3.2-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/libgpg-error-1.13-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/libtasn1-2.14-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/mutt-1.5.23-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/nspr-4.8.9-x86_64-2.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/openssl-1.0.0m-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/pidgin-2.10.9-x86_64-1.tlz
Checksums (SHA1)
- ----------------
6839f39e9096c2e9322c8913eab33a31e68ffb59 curl-7.37.0-i486-1.tlz
ef03f559ac86f66d1fcf43aae91435645de24ba3 file-5.19-i486-1.tlz
8bd9002fd057546894b7f96fbc0b9c6ee813961f gnupg1-1.4.17-i486-1.tlz
ee9b4a287f921bb39f0ca99e4c7c0c05744f7875 gnupg2-2.0.23-i486-1.tlz
98378ffb9ff1a1155dc5884421c6ce97b702dbaa gnutls-2.12.23-i486-1.tlz
201b04a5648cef742cce806674f78345e1eea97e gpgme-1.3.2-i486-1.tlz
247d400cbfcf4e94a49d5d20036023bfa9a62479 libgpg-error-1.13-i486-1.tlz
adca3eb63817153c1135874acc79126070056448 libtasn1-2.14-i486-1.tlz
5788eb3fc8714be474d6e1d6dbfcb6cc235332f7 mutt-1.5.23-i486-1.tlz
6a6bc386fc1f6e6e367d5b047b5782af12525c69 nspr-4.8.9-i486-2.tlz
d7e5bb93deb08a0651e73275264869d418d1dda5 openssl-1.0.0m-i486-1.tlz
1d05f693dd49948af2df282d8624724718612d23 pidgin-2.10.9-i486-1.tlz
8c71d33b14e8acb097eb386e20869d0fc116c594 curl-7.37.0-x86_64-1.tlz
89acd42b8930096302075936a2f8ac6def951c71 file-5.19-x86_64-1.tlz
1be0d2524126532c434025053ec5eefb07955481 gnupg1-1.4.17-x86_64-1.tlz
587bfe9239e24dc7080a3b63c349d72fd5a5d6fd gnupg2-2.0.23-x86_64-1.tlz
845035e936cc248d4415466ed9bc003562c3a33b gnutls-2.12.23-x86_64-1.tlz
b9802d559edcba08eb22cd886c156bfc500285fc gpgme-1.3.2-x86_64-1.tlz
f5fbf54724223d5ccbb1d8e48de80643a098d51a libgpg-error-1.13-x86_64-1.tlz
a83fe26ace933ed5c032d552f10ac0fac03fff5a libtasn1-2.14-x86_64-1.tlz
4b5f2c15865720609382de98a0c4fb0292a2597e mutt-1.5.23-x86_64-1.tlz
bccfbcb4e5dc2a375c28caaccd238937b39c0097 nspr-4.8.9-x86_64-2.tlz
6cdd36a629242da6d6c236fb7ddd273f0638b6ab openssl-1.0.0m-x86_64-1.tlz
0fc84c161dbaa03c3fbab8bec71474a85853e1e7 pidgin-2.10.9-x86_64-1.tlz
If you need the detached GPG signatures[1] just append .sig to the URLs
above.
Upgrading
- ---------
To upgrade a package you issue the following command:
pkg upgrade <package.tlz>
To upgrade multiple packages, simply type:
pkg upgrade curl-7.37.0-i486-1.tlz pidgin-2.10.9-i486-1.tlz ...
Notes
=====
You can get all the upgrades via RSYNC, for example, to obtain 32-bit
packages, type:
# rsync -aviz gungre.ch::dragora/dragora-2.2/upgrades/packages/32b .
Then use the sha1sum(1) tool for a complete checksumming:
# sha1sums -c SHA1SUMS
`pkg upgrade' can be used to upgrade all the packages (installed or not
installed); for more information, take a look at:
http://dragora.org/wiki/doku.php/guides/d2/pkgmanager
Footnotes:
[1] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify pidgin-2.10.9-i486-1.tlz.sig
If that command fails because you don't have the required public key,
then run these commands to import it:
wget http://gungre.ch/dragora/mirror/dragora-2.2/KEY
gpg --import KEY
and re-run the `gpg --verify' sequence.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJTqNhMAAoJEKpCZu9BMdKoaWAH/3pT9Y7W5FAQFmTkrxihNd0n
wcqhTiwAV845qyL5xJE+U5x2WClQYk6jWmsDmJub8MKwl7L+bgjXAVNMfBO/mthv
0KHtcsB+HSalLBmDHrkN5epYjYW7uGmKT1fSxZ6oHRP2krN/cySvBcaO7x6/Ls/I
EsNA76l+T6Ye5Qc4WmXog9RNS+fg32Rj73nBtYfkid6Vanf8YUa9lP5IOjQUCHpg
t/5df4Qy4V09qPDH5kgrx8d42ljRf4CrnjG5jUV9mRL8/y+qQySYis6LdLf0ZNcG
4pt45HW9xJLfDt2MMO0WI0ZOsj/vs/xSUozg2s+97JeDBJmhexocpCxik5T+H1s=
=bsID
-----END PGP SIGNATURE-----
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dragora-bug] Dragora 2.2 updates #006,
Matias A. Fonzo <=