Commit Graph

90007 Commits

Author SHA1 Message Date
maxice8 1b83b520e3 ldns: fix CVE-2017-100231 CVE-2017-100232 2018-10-02 18:18:29 -03:00
maxice8 8534a735a9 libusbmuxd: fix CVE-2016-5104 2018-10-02 18:18:23 -03:00
maxice8 ae98224001
procmail: mark as nocross 2018-10-02 16:58:15 -03:00
maxice8 a0f160973d libvorbis: fix CVE-2018-10392 2018-10-02 16:06:49 -03:00
maxice8 2271575216 bcal: drop libquadmath-devel, add bc 2018-10-02 16:06:43 -03:00
maxice8 1681cd0182 procmail: fix CVE-2014-3618 CVE-2017-16844 2018-10-02 16:06:35 -03:00
maxice8 62cb04acc2 libpgf: fix CVE-2015-6673 2018-10-02 16:06:25 -03:00
maxice8 af3969db07 libimobiledevice: fix CVE-2016-5104 2018-10-02 16:06:17 -03:00
Rasmus Thomsen f1faa09244 jq: add upstream patch to fix CVE-2016-4074 2018-10-02 13:34:05 -03:00
Rasmus Thomsen 833bdd032e flac: add upstream patch to fix CVE-2018-6888
- cleanup template
2018-10-02 13:34:00 -03:00
Rasmus Thomsen 8a2c6e2c43 exempi: add upstream patch fixing CVE-2018-12648 2018-10-02 13:33:55 -03:00
maxice8 a9cded343d
bcal: update to 2.0. 2018-10-02 13:17:40 -03:00
maxice8 54a55e5737 squid: disable processing of ESI responses
fixes:
    CVE-2018-1000027
    CVE-2018-1172
    CVE-2018-1000024
2018-10-02 17:10:30 +02:00
maxice8 db41b7577d lrzip: apply applicable security patches from upstream
Upstream has a few more CVEs but didn't make a new release yet.

In the meantime we patch what we can

Fixes:
    - CVE-2017-8842
    - CVE-2017-8844
    - CVE-2017-8845
    - CVE-2018-5650

The CVEs left remaining to be fixed by upstream are

( Removed CVE- prefix as to not confuse tools that grep for those
values)

CVE: 2017-8843 SEVERITY: 4.3
CVE: 2017-8846 SEVERITY: 4.3
CVE: 2017-8847 SEVERITY: 4.3
CVE: 2017-9928 SEVERITY: 4.3
CVE: 2017-9929 SEVERITY: 4.3
CVE: 2018-11496 SEVERITY: 4.3
CVE: 2018-5747 SEVERITY: 4.3
2018-10-02 12:05:21 -03:00
maxice8 aeb0a3e1d3 libsass: apply security fixes from upstream
fixes:
    - CVE-2018-11693
    - CVE-2018-11696
    - CVE-2018-11697
    - CVE-2018-11698

Remain unfixed upstream:

( CVE prefix removed to not confuse tools that grep for those values )

CVE: 2018-11499 SEVERITY: 7.5
CVE: 2018-11694 SEVERITY: 6.8
2018-10-02 12:05:13 -03:00
maxice8 c9cd8c875e taglib: fix CVE-2017-12678 CVE-2018-11439 2018-10-02 12:05:04 -03:00
maxice8 6783314672 liblouis: fix CVE-2018-12085 2018-10-02 12:04:56 -03:00
John d385dc4a6b duplicity: add gnupg runtime dependency; fix license 2018-10-02 11:44:19 -03:00
maxice8 b32db33430 libsndfile: apply security fixes from upstream
fixes:
    CVE-2017-12562
    CVE-2017-14245
    CVE-2017-14246
    CVE-2017-14634
    CVE-2017-6892
    CVE-2017-8362
    CVE-2017-8363
    CVE-2017-8365
    CVE-2018-13139
2018-10-02 11:44:10 -03:00
Helmut Pozimski 544e32f183 smplayer: update to 18.9.0. 2018-10-02 15:49:28 +02:00
Helmut Pozimski 1036740357 gscan2pdf: update to 2.1.6. 2018-10-02 15:44:48 +02:00
Duncaen 012c46d754 syncthing: update to 0.14.51. 2018-10-02 15:10:01 +02:00
cr6git e37bb36b76
anki: update to 2.1.5. 2018-10-02 15:03:42 +02:00
cr6git 0cd58240ef re2: update to 2018.10.01. 2018-10-02 14:41:44 +02:00
Helmut Pozimski 952f86f356 monero: add patch for the burning bug 2018-10-02 14:37:42 +02:00
Helmut Pozimski 239689baa8 libvirt: update to 4.8.0. 2018-10-02 14:12:25 +02:00
Helmut Pozimski 7e42bdf4a7 filezilla: update to 3.37.3. 2018-10-02 13:41:25 +02:00
John Zimmermann 0d616085c0 unrar: update to 5.6.7. 2018-10-02 12:26:15 +02:00
maxice8 0a15872612 python-hypothesis: update to 3.74.0. 2018-10-02 07:08:46 -03:00
maxice8 47f6ff12d2 telepathy-qt: remove.
No packages use it and there is a qt5 version on telepathy-qt5 which has
users.

[ci skip]
2018-10-02 11:38:49 +02:00
maxice8 ec98d890a7 qoauth: remove.
Was used as part of

kdeplasma-addons-4.14.3_3

which is already removed

[ci skip]
2018-10-02 11:38:24 +02:00
maxice8 9cf12a7d58 tiff: Apply security patches from debian
Before

$ ./cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17095 SEVERITY: 6.8
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2017-18013 SEVERITY: 4.3
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-10963 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
CVE: CVE-2018-5784 SEVERITY: 4.3
CVE: CVE-2018-7456 SEVERITY: 4.3
CVE: CVE-2018-8905 SEVERITY: 6.8

After

$ cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
2018-10-02 11:37:56 +02:00
maxice8 19047cf745 libxml2: fix CVE-2018-14404 CVE-2018-9251 CVE-2018-14567 2018-10-02 11:36:06 +02:00
maxice8 550d5c18d5 patch: fix CVE-2018-1000156 CVE-2018-6951 2018-10-02 11:35:30 +02:00
maxice8 dad6e1a600 mupdf: fix CVE-2018-10289
https://nvd.nist.gov/vuln/detail/CVE-2018-10289
http://git.ghostscript.com/?p=mupdf.git;h=2e43685dc8a8a886fc9df9b3663cf199404f7637
https://bugs.ghostscript.com/show_bug.cgi?id=699271
2018-10-02 11:34:55 +02:00
newbluemoon de83d6fdb1 xbps-src/shutils/update-check.sh: accept RSS MIME type
This fixes update-check for sourceforge.net.
2018-10-02 11:34:16 +02:00
newbluemoon 4ada4eac43 residualvm: add update file
[ci skip]
2018-10-02 11:26:57 +02:00
cr6git d5c3bb0e0c
tryton: update to 5.0.0.
switch to Python3.
2018-10-02 10:52:56 +02:00
cr6git eecf3e55a6
postgis: update to 2.5.0 & adopt package
* postgis: update to 2.5.0 & adopt package (resolves #3227)

* geos: update to 3.7.0.
2018-10-02 10:29:00 +02:00
Daniel A. Maierhofer 62d176a848 New package: olsrd-0.9.6.2 2018-10-02 10:04:54 +02:00
maxice8 f914ff69a5 mercurial: update to 4.7.2. 2018-10-01 22:53:30 -03:00
John Zimmermann 0a9a09eb20 kea: update to 1.4.0.P1. 2018-10-01 22:53:23 -03:00
Johannes cf05e8811a synfigstudio: update to 1.2.2. 2018-10-02 00:05:24 +02:00
Johannes 83cc3a93ce synfig: update to 1.2.2. 2018-10-02 00:05:24 +02:00
Johannes 89bc5f34c0 ETL: update to 1.2.2. 2018-10-02 00:05:24 +02:00
Johannes 84daa15548 boost: revbump to add boost-build to aarch64[-musl] repodata
previous change wasn't enough to trigger a rebuild
2018-10-01 21:59:00 +02:00
Johannes 21fcb63f3d boost: trigger rebuild
boost-build is missing in the aarch64 and aarch64-musl repodata
this should trigger a rebuild to re-add it

[ci skip]
2018-10-01 21:49:59 +02:00
maxice8 b90fc83e59 R-cran-Rcpp: update to 0.12.19. 2018-10-01 16:07:45 -03:00
Leah Neukirchen 3fef792cef audacity: update to 2.3.0. 2018-10-01 18:46:49 +02:00
Andrea Brancaleoni 5dd47d229f calibre: update to 3.32.0. 2018-10-01 18:46:26 +02:00