zeromq: security bump to version 4.0.5
Fixes: CVE-2014-7202 - stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. CVE-2014-7203 - libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
f26ffd7afd
commit
4cefe929fa
|
@ -0,0 +1,2 @@
|
||||||
|
# Locally calculated from download (no sig, hash)
|
||||||
|
sha256 3bc93c5f67370341428364ce007d448f4bb58a0eaabd0a60697d8086bc43342b zeromq-4.0.5.tar.gz
|
|
@ -4,12 +4,13 @@
|
||||||
#
|
#
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
ZEROMQ_VERSION = 4.0.4
|
ZEROMQ_VERSION = 4.0.5
|
||||||
ZEROMQ_SITE = http://download.zeromq.org
|
ZEROMQ_SITE = http://download.zeromq.org
|
||||||
ZEROMQ_INSTALL_STAGING = YES
|
ZEROMQ_INSTALL_STAGING = YES
|
||||||
ZEROMQ_DEPENDENCIES = util-linux
|
ZEROMQ_DEPENDENCIES = util-linux
|
||||||
ZEROMQ_LICENSE = LGPLv3+ with exceptions
|
ZEROMQ_LICENSE = LGPLv3+ with exceptions
|
||||||
ZEROMQ_LICENSE_FILES = COPYING COPYING.LESSER
|
ZEROMQ_LICENSE_FILES = COPYING COPYING.LESSER
|
||||||
|
# For 0001-tests-disable-test_fork-if-fork-is-not-available.patch
|
||||||
ZEROMQ_AUTORECONF = YES
|
ZEROMQ_AUTORECONF = YES
|
||||||
|
|
||||||
# Only tools/curve_keygen.c needs this, but it doesn't hurt to pass it
|
# Only tools/curve_keygen.c needs this, but it doesn't hurt to pass it
|
||||||
|
|
Loading…
Reference in New Issue