Johannes
2a5cd3b725
openexr: update to 2.3.0.
2018-10-02 23:28:11 +02:00
Johannes
095c69d21f
ilmbase: update to 2.3.0.
2018-10-02 23:28:11 +02:00
maxice8
43d048bdb4
vorbis-tools: import CVE fixes
...
fixes:
- CVE-2014-9638
- CVE-2014-9639
- CVE-2014-9640
- CVE-2015-6749
2018-10-02 18:18:42 -03:00
maxice8
3e18fc9774
jasper: fix CVE-2018-9055
2018-10-02 18:18:35 -03:00
maxice8
1b83b520e3
ldns: fix CVE-2017-100231 CVE-2017-100232
2018-10-02 18:18:29 -03:00
maxice8
8534a735a9
libusbmuxd: fix CVE-2016-5104
2018-10-02 18:18:23 -03:00
maxice8
ae98224001
procmail: mark as nocross
2018-10-02 16:58:15 -03:00
maxice8
a0f160973d
libvorbis: fix CVE-2018-10392
2018-10-02 16:06:49 -03:00
maxice8
2271575216
bcal: drop libquadmath-devel, add bc
2018-10-02 16:06:43 -03:00
maxice8
1681cd0182
procmail: fix CVE-2014-3618 CVE-2017-16844
2018-10-02 16:06:35 -03:00
maxice8
62cb04acc2
libpgf: fix CVE-2015-6673
2018-10-02 16:06:25 -03:00
maxice8
af3969db07
libimobiledevice: fix CVE-2016-5104
2018-10-02 16:06:17 -03:00
Rasmus Thomsen
f1faa09244
jq: add upstream patch to fix CVE-2016-4074
2018-10-02 13:34:05 -03:00
Rasmus Thomsen
833bdd032e
flac: add upstream patch to fix CVE-2018-6888
...
- cleanup template
2018-10-02 13:34:00 -03:00
Rasmus Thomsen
8a2c6e2c43
exempi: add upstream patch fixing CVE-2018-12648
2018-10-02 13:33:55 -03:00
maxice8
a9cded343d
bcal: update to 2.0.
2018-10-02 13:17:40 -03:00
maxice8
54a55e5737
squid: disable processing of ESI responses
...
fixes:
CVE-2018-1000027
CVE-2018-1172
CVE-2018-1000024
2018-10-02 17:10:30 +02:00
maxice8
db41b7577d
lrzip: apply applicable security patches from upstream
...
Upstream has a few more CVEs but didn't make a new release yet.
In the meantime we patch what we can
Fixes:
- CVE-2017-8842
- CVE-2017-8844
- CVE-2017-8845
- CVE-2018-5650
The CVEs left remaining to be fixed by upstream are
( Removed CVE- prefix as to not confuse tools that grep for those
values)
CVE: 2017-8843 SEVERITY: 4.3
CVE: 2017-8846 SEVERITY: 4.3
CVE: 2017-8847 SEVERITY: 4.3
CVE: 2017-9928 SEVERITY: 4.3
CVE: 2017-9929 SEVERITY: 4.3
CVE: 2018-11496 SEVERITY: 4.3
CVE: 2018-5747 SEVERITY: 4.3
2018-10-02 12:05:21 -03:00
maxice8
aeb0a3e1d3
libsass: apply security fixes from upstream
...
fixes:
- CVE-2018-11693
- CVE-2018-11696
- CVE-2018-11697
- CVE-2018-11698
Remain unfixed upstream:
( CVE prefix removed to not confuse tools that grep for those values )
CVE: 2018-11499 SEVERITY: 7.5
CVE: 2018-11694 SEVERITY: 6.8
2018-10-02 12:05:13 -03:00
maxice8
c9cd8c875e
taglib: fix CVE-2017-12678 CVE-2018-11439
2018-10-02 12:05:04 -03:00
maxice8
6783314672
liblouis: fix CVE-2018-12085
2018-10-02 12:04:56 -03:00
John
d385dc4a6b
duplicity: add gnupg runtime dependency; fix license
2018-10-02 11:44:19 -03:00
maxice8
b32db33430
libsndfile: apply security fixes from upstream
...
fixes:
CVE-2017-12562
CVE-2017-14245
CVE-2017-14246
CVE-2017-14634
CVE-2017-6892
CVE-2017-8362
CVE-2017-8363
CVE-2017-8365
CVE-2018-13139
2018-10-02 11:44:10 -03:00
Helmut Pozimski
544e32f183
smplayer: update to 18.9.0.
2018-10-02 15:49:28 +02:00
Helmut Pozimski
1036740357
gscan2pdf: update to 2.1.6.
2018-10-02 15:44:48 +02:00
Duncaen
012c46d754
syncthing: update to 0.14.51.
2018-10-02 15:10:01 +02:00
cr6git
e37bb36b76
anki: update to 2.1.5.
2018-10-02 15:03:42 +02:00
cr6git
0cd58240ef
re2: update to 2018.10.01.
2018-10-02 14:41:44 +02:00
Helmut Pozimski
952f86f356
monero: add patch for the burning bug
2018-10-02 14:37:42 +02:00
Helmut Pozimski
239689baa8
libvirt: update to 4.8.0.
2018-10-02 14:12:25 +02:00
Helmut Pozimski
7e42bdf4a7
filezilla: update to 3.37.3.
2018-10-02 13:41:25 +02:00
John Zimmermann
0d616085c0
unrar: update to 5.6.7.
2018-10-02 12:26:15 +02:00
maxice8
0a15872612
python-hypothesis: update to 3.74.0.
2018-10-02 07:08:46 -03:00
maxice8
47f6ff12d2
telepathy-qt: remove.
...
No packages use it and there is a qt5 version on telepathy-qt5 which has
users.
[ci skip]
2018-10-02 11:38:49 +02:00
maxice8
ec98d890a7
qoauth: remove.
...
Was used as part of
kdeplasma-addons-4.14.3_3
which is already removed
[ci skip]
2018-10-02 11:38:24 +02:00
maxice8
9cf12a7d58
tiff: Apply security patches from debian
...
Before
$ ./cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17095 SEVERITY: 6.8
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2017-18013 SEVERITY: 4.3
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-10963 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
CVE: CVE-2018-5784 SEVERITY: 4.3
CVE: CVE-2018-7456 SEVERITY: 4.3
CVE: CVE-2018-8905 SEVERITY: 6.8
After
$ cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
2018-10-02 11:37:56 +02:00
maxice8
19047cf745
libxml2: fix CVE-2018-14404 CVE-2018-9251 CVE-2018-14567
2018-10-02 11:36:06 +02:00
maxice8
550d5c18d5
patch: fix CVE-2018-1000156 CVE-2018-6951
2018-10-02 11:35:30 +02:00
maxice8
dad6e1a600
mupdf: fix CVE-2018-10289
...
https://nvd.nist.gov/vuln/detail/CVE-2018-10289
http://git.ghostscript.com/?p=mupdf.git;h=2e43685dc8a8a886fc9df9b3663cf199404f7637
https://bugs.ghostscript.com/show_bug.cgi?id=699271
2018-10-02 11:34:55 +02:00
newbluemoon
de83d6fdb1
xbps-src/shutils/update-check.sh: accept RSS MIME type
...
This fixes update-check for sourceforge.net.
2018-10-02 11:34:16 +02:00
newbluemoon
4ada4eac43
residualvm: add update file
...
[ci skip]
2018-10-02 11:26:57 +02:00
cr6git
d5c3bb0e0c
tryton: update to 5.0.0.
...
switch to Python3.
2018-10-02 10:52:56 +02:00
cr6git
eecf3e55a6
postgis: update to 2.5.0 & adopt package
...
* postgis: update to 2.5.0 & adopt package (resolves #3227 )
* geos: update to 3.7.0.
2018-10-02 10:29:00 +02:00
Daniel A. Maierhofer
62d176a848
New package: olsrd-0.9.6.2
2018-10-02 10:04:54 +02:00
maxice8
f914ff69a5
mercurial: update to 4.7.2.
2018-10-01 22:53:30 -03:00
John Zimmermann
0a9a09eb20
kea: update to 1.4.0.P1.
2018-10-01 22:53:23 -03:00
Johannes
cf05e8811a
synfigstudio: update to 1.2.2.
2018-10-02 00:05:24 +02:00
Johannes
83cc3a93ce
synfig: update to 1.2.2.
2018-10-02 00:05:24 +02:00
Johannes
89bc5f34c0
ETL: update to 1.2.2.
2018-10-02 00:05:24 +02:00
Johannes
84daa15548
boost: revbump to add boost-build to aarch64[-musl] repodata
...
previous change wasn't enough to trigger a rebuild
2018-10-01 21:59:00 +02:00