[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dragora-bug] Dragora 2.2 updates #009
|
From: |
Matias A. Fonzo |
|
Subject: |
[Dragora-bug] Dragora 2.2 updates #009 |
|
Date: |
Mon, 29 Sep 2014 20:05:18 -0300 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following packages have been updated (#009):
bash
curl
lua
We recommend that you upgrade your packages as soon as possible.
Details
- -------
The upgraded for bash has the patch level number 50. Including a
vast number of bug fixes and the corresponding fixes for the security
advisories:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
Curl version 7.38.0 contains two security issues:
* http://curl.haxx.se/docs/adv_20140910A.html
* http://curl.haxx.se/docs/adv_20140910B.html
For more information, see: http://curl.haxx.se/changes.html#7_38_0
The release for lua 5.2.3 fix a number of bugs and the security issue:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461
For more information, see: http://www.lua.org/bugs.html#5.2.2-1
Thanks to Lucas Sköldqvis (aka frusen) for updating the packages for
curl and lua, synchronizing the mirror. ;-)
Obtain the packages from
* 32 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/bash-4.2-i486-8.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/curl-7.38.0-i486-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/32b/lua-5.2.3-i486-1.tlz
* 64 bit *
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/bash-4.2-x86_64-8.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/curl-7.38.0-x86_64-1.tlz
http://gungre.ch/dragora/mirror/dragora-2.2/upgrades/packages/64b/lua-5.2.3-x86_64-1.tlz
Checksums (SHA1)
- ----------------
9ae235aaf9798b6d69e2b802b1e48025674259af bash-4.2-i486-8.tlz
d43e02b0536c2293c0a480ba9330512c0ff56418 curl-7.38.0-i486-1.tlz
855135e44702d58120a6d248ba1b6553f0461b93 lua-5.2.3-i486-1.tlz
678ba1dca4a9a876aaba27391bee7678c072763c bash-4.2-x86_64-8.tlz
44ce31b5aa4a544cc9aac1bd19a639a682cce24a curl-7.38.0-x86_64-1.tlz
492f20780fb970da5cbb6c8ba58adede428a2791 lua-5.2.3-x86_64-1.tlz
If you need the detached GPG signatures[1] just append .sig to the URLs above.
Upgrading
- ---------
To upgrade a package you issue the following command:
pkg upgrade <package.tlz>
To upgrade multiple packages, simply type:
pkg upgrade bash-4.2-i486-8.tlz curl-7.38.0-i486-1.tlz ...
Notes
=====
You can get all the upgrades via RSYNC, for example, to obtain 32-bit
packages, type:
# rsync -avPiz gungre.ch::dragora/dragora-2.2/upgrades/packages/32b .
Then use the sha1sum(1) tool for a complete checksumming:
# sha1sums -c SHA1SUMS
`pkg upgrade' can be used to upgrade all the packages (installed or not
installed); for more information, take a look at:
http://dragora.org/wiki/doku.php/guides/d2/pkgmanager
Footnotes:
[1] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify bash-4.2-i486-8.tlz.sig
If that command fails because you don't have the required public key,
then run these commands to import it:
wget http://gungre.ch/dragora/mirror/dragora-2.2/KEY
gpg --import KEY
and re-run the `gpg --verify' sequence.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUKeVbAAoJEKpCZu9BMdKoeRwIAJsbQr6w7l9+7vvoPyX2kKmk
P6YWEOG/ieCP75tnG+DG25UdMD6YtdZV1u9RR8fC4MdSJc51qHqeZZVX9KVbJ4jn
wIvZEPT1f+MfDuFQGRg+Cr05dFCnG5HPbcRYnM66punfY7YiMeXeV0cUEknmzhrC
BNfViVd3DMLmnNi2PXMDLgP0HwKV0fKYv4siZVGQNhLWOcocyafX48MHhUZuhuok
jmMAsb1bwnfToyJHxx5ZSkl3T2NzKDT17b+2pBLFZpeArjsEYc5FpkEOIHIWPe0Y
wJZYOggb9PXwUaA83MTk+siXgkgMsDRXnvj71s7ckswTqbNhxQEuyL3kWnb8sgE=
=9Q17
-----END PGP SIGNATURE-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dragora-bug] Dragora 2.2 updates #009,
Matias A. Fonzo <=