This project is archived. Its data is read-only.

Commit 4cefe929 authored Nov 11, 2014 by Gustavo Zacarias Committed by Peter Korsgaard Nov 11, 2014

zeromq: security bump to version 4.0.5



Fixes:
CVE-2014-7202 - stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5
before 4.0.5 allows man-in-the-middle attackers to conduct downgrade
attacks via a crafted connection request.
CVE-2014-7203 - libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not
ensure that nonces are unique, which allows man-in-the-middle attackers
to conduct replay attacks via unspecified vectors.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent f26ffd7a

package/zeromq/zeromq-0001-tests-disable-test_fork-if-fork-is-not-available.patch→package/zeromq/0001-tests-disable-test_fork-if-fork-is-not-available.patch

+0 −0

File moved.

package/zeromq/zeromq.hash

0 → 100644

+2 −0

Original line number	Diff line number	Diff line
		# Locally calculated from download (no sig, hash)
		sha256 3bc93c5f67370341428364ce007d448f4bb58a0eaabd0a60697d8086bc43342b zeromq-4.0.5.tar.gz

package/zeromq/zeromq.mk

+2 −1

Original line number	Diff line number	Diff line
		@@ -4,12 +4,13 @@
		#
		################################################################################

		ZEROMQ_VERSION = 4.0.4
		ZEROMQ_VERSION = 4.0.5
		ZEROMQ_SITE = http://download.zeromq.org
		ZEROMQ_INSTALL_STAGING = YES
		ZEROMQ_DEPENDENCIES = util-linux
		ZEROMQ_LICENSE = LGPLv3+ with exceptions
		ZEROMQ_LICENSE_FILES = COPYING COPYING.LESSER
		# For 0001-tests-disable-test_fork-if-fork-is-not-available.patch
		ZEROMQ_AUTORECONF = YES

		# Only tools/curve_keygen.c needs this, but it doesn't hurt to pass it