62cb04acc2
libpgf: fix CVE-2015-6673
2018-10-02 16:06:25 -03:00
af3969db07
libimobiledevice: fix CVE-2016-5104
2018-10-02 16:06:17 -03:00
f1faa09244
jq: add upstream patch to fix CVE-2016-4074
2018-10-02 13:34:05 -03:00
833bdd032e
flac: add upstream patch to fix CVE-2018-6888
...
- cleanup template
2018-10-02 13:34:00 -03:00
8a2c6e2c43
exempi: add upstream patch fixing CVE-2018-12648
2018-10-02 13:33:55 -03:00
a9cded343d
bcal: update to 2.0.
2018-10-02 13:17:40 -03:00
54a55e5737
squid: disable processing of ESI responses
...
fixes:
CVE-2018-1000027
CVE-2018-1172
CVE-2018-1000024
2018-10-02 17:10:30 +02:00
db41b7577d
lrzip: apply applicable security patches from upstream
...
Upstream has a few more CVEs but didn't make a new release yet.
In the meantime we patch what we can
Fixes:
- CVE-2017-8842
- CVE-2017-8844
- CVE-2017-8845
- CVE-2018-5650
The CVEs left remaining to be fixed by upstream are
( Removed CVE- prefix as to not confuse tools that grep for those
values)
CVE: 2017-8843 SEVERITY: 4.3
CVE: 2017-8846 SEVERITY: 4.3
CVE: 2017-8847 SEVERITY: 4.3
CVE: 2017-9928 SEVERITY: 4.3
CVE: 2017-9929 SEVERITY: 4.3
CVE: 2018-11496 SEVERITY: 4.3
CVE: 2018-5747 SEVERITY: 4.3
2018-10-02 12:05:21 -03:00
aeb0a3e1d3
libsass: apply security fixes from upstream
...
fixes:
- CVE-2018-11693
- CVE-2018-11696
- CVE-2018-11697
- CVE-2018-11698
Remain unfixed upstream:
( CVE prefix removed to not confuse tools that grep for those values )
CVE: 2018-11499 SEVERITY: 7.5
CVE: 2018-11694 SEVERITY: 6.8
2018-10-02 12:05:13 -03:00
c9cd8c875e
taglib: fix CVE-2017-12678 CVE-2018-11439
2018-10-02 12:05:04 -03:00
6783314672
liblouis: fix CVE-2018-12085
2018-10-02 12:04:56 -03:00
d385dc4a6b
duplicity: add gnupg runtime dependency; fix license
2018-10-02 11:44:19 -03:00
b32db33430
libsndfile: apply security fixes from upstream
...
fixes:
CVE-2017-12562
CVE-2017-14245
CVE-2017-14246
CVE-2017-14634
CVE-2017-6892
CVE-2017-8362
CVE-2017-8363
CVE-2017-8365
CVE-2018-13139
2018-10-02 11:44:10 -03:00
544e32f183
smplayer: update to 18.9.0.
2018-10-02 15:49:28 +02:00
1036740357
gscan2pdf: update to 2.1.6.
2018-10-02 15:44:48 +02:00
012c46d754
syncthing: update to 0.14.51.
2018-10-02 15:10:01 +02:00
e37bb36b76
anki: update to 2.1.5.
2018-10-02 15:03:42 +02:00
0cd58240ef
re2: update to 2018.10.01.
2018-10-02 14:41:44 +02:00
952f86f356
monero: add patch for the burning bug
2018-10-02 14:37:42 +02:00
239689baa8
libvirt: update to 4.8.0.
2018-10-02 14:12:25 +02:00
7e42bdf4a7
filezilla: update to 3.37.3.
2018-10-02 13:41:25 +02:00
0d616085c0
unrar: update to 5.6.7.
2018-10-02 12:26:15 +02:00
0a15872612
python-hypothesis: update to 3.74.0.
2018-10-02 07:08:46 -03:00
47f6ff12d2
telepathy-qt: remove.
...
No packages use it and there is a qt5 version on telepathy-qt5 which has
users.
[ci skip]
2018-10-02 11:38:49 +02:00
ec98d890a7
qoauth: remove.
...
Was used as part of
kdeplasma-addons-4.14.3_3
which is already removed
[ci skip]
2018-10-02 11:38:24 +02:00
9cf12a7d58
tiff: Apply security patches from debian
...
Before
$ ./cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17095 SEVERITY: 6.8
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2017-18013 SEVERITY: 4.3
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-10963 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
CVE: CVE-2018-5784 SEVERITY: 4.3
CVE: CVE-2018-7456 SEVERITY: 4.3
CVE: CVE-2018-8905 SEVERITY: 6.8
After
$ cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
2018-10-02 11:37:56 +02:00
19047cf745
libxml2: fix CVE-2018-14404 CVE-2018-9251 CVE-2018-14567
2018-10-02 11:36:06 +02:00
550d5c18d5
patch: fix CVE-2018-1000156 CVE-2018-6951
2018-10-02 11:35:30 +02:00
dad6e1a600
mupdf: fix CVE-2018-10289
...
https://nvd.nist.gov/vuln/detail/CVE-2018-10289
http://git.ghostscript.com/?p=mupdf.git;h=2e43685dc8a8a886fc9df9b3663cf199404f7637
https://bugs.ghostscript.com/show_bug.cgi?id=699271
2018-10-02 11:34:55 +02:00
de83d6fdb1
xbps-src/shutils/update-check.sh: accept RSS MIME type
...
This fixes update-check for sourceforge.net.
2018-10-02 11:34:16 +02:00
4ada4eac43
residualvm: add update file
...
[ci skip]
2018-10-02 11:26:57 +02:00
d5c3bb0e0c
tryton: update to 5.0.0.
...
switch to Python3.
2018-10-02 10:52:56 +02:00
eecf3e55a6
postgis: update to 2.5.0 & adopt package
...
* postgis: update to 2.5.0 & adopt package (resolves #3227 )
* geos: update to 3.7.0.
2018-10-02 10:29:00 +02:00
62d176a848
New package: olsrd-0.9.6.2
2018-10-02 10:04:54 +02:00
f914ff69a5
mercurial: update to 4.7.2.
2018-10-01 22:53:30 -03:00
0a9a09eb20
kea: update to 1.4.0.P1.
2018-10-01 22:53:23 -03:00
cf05e8811a
synfigstudio: update to 1.2.2.
2018-10-02 00:05:24 +02:00
83cc3a93ce
synfig: update to 1.2.2.
2018-10-02 00:05:24 +02:00
89bc5f34c0
ETL: update to 1.2.2.
2018-10-02 00:05:24 +02:00
84daa15548
boost: revbump to add boost-build to aarch64[-musl] repodata
...
previous change wasn't enough to trigger a rebuild
2018-10-01 21:59:00 +02:00
21fcb63f3d
boost: trigger rebuild
...
boost-build is missing in the aarch64 and aarch64-musl repodata
this should trigger a rebuild to re-add it
[ci skip]
2018-10-01 21:49:59 +02:00
b90fc83e59
R-cran-Rcpp: update to 0.12.19.
2018-10-01 16:07:45 -03:00
3fef792cef
audacity: update to 2.3.0.
2018-10-01 18:46:49 +02:00
5dd47d229f
calibre: update to 3.32.0.
2018-10-01 18:46:26 +02:00
ce9910895d
terragrunt: update to 0.16.13.
2018-10-01 18:17:42 +02:00
886624beb0
Adapta: update to 3.95.0.1.
2018-10-01 18:17:42 +02:00
e38504387e
inadyn: update to 2.5.
2018-10-01 16:23:03 +02:00
179bd592b9
libgdal: update to 2.3.2
...
Signed-off-by: Jürgen Buchmüller <pullmoll@t-online.de>
2018-10-01 15:14:40 +02:00
af37426809
python3-zeroconf: update to 0.21.3
2018-10-01 13:15:17 +02:00
f84875f92c
New package: python3-ifaddr-0.1.4
2018-10-01 13:14:14 +02:00
maxice8
Rasmus Thomsen
John
Helmut Pozimski
Duncaen
cr6git
newbluemoon
Daniel A. Maierhofer
Johannes
Leah Neukirchen
Andrea Brancaleoni
Jürgen Buchmüller
Alessio Sergi