Commit graph

90011 commits

Author SHA1 Message Date
Johannes
2a5cd3b725 openexr: update to 2.3.0. 2018-10-02 23:28:11 +02:00
Johannes
095c69d21f ilmbase: update to 2.3.0. 2018-10-02 23:28:11 +02:00
maxice8
43d048bdb4 vorbis-tools: import CVE fixes
fixes:
    - CVE-2014-9638
    - CVE-2014-9639
    - CVE-2014-9640
    - CVE-2015-6749
2018-10-02 18:18:42 -03:00
maxice8
3e18fc9774 jasper: fix CVE-2018-9055 2018-10-02 18:18:35 -03:00
maxice8
1b83b520e3 ldns: fix CVE-2017-100231 CVE-2017-100232 2018-10-02 18:18:29 -03:00
maxice8
8534a735a9 libusbmuxd: fix CVE-2016-5104 2018-10-02 18:18:23 -03:00
maxice8
ae98224001
procmail: mark as nocross 2018-10-02 16:58:15 -03:00
maxice8
a0f160973d libvorbis: fix CVE-2018-10392 2018-10-02 16:06:49 -03:00
maxice8
2271575216 bcal: drop libquadmath-devel, add bc 2018-10-02 16:06:43 -03:00
maxice8
1681cd0182 procmail: fix CVE-2014-3618 CVE-2017-16844 2018-10-02 16:06:35 -03:00
maxice8
62cb04acc2 libpgf: fix CVE-2015-6673 2018-10-02 16:06:25 -03:00
maxice8
af3969db07 libimobiledevice: fix CVE-2016-5104 2018-10-02 16:06:17 -03:00
Rasmus Thomsen
f1faa09244 jq: add upstream patch to fix CVE-2016-4074 2018-10-02 13:34:05 -03:00
Rasmus Thomsen
833bdd032e flac: add upstream patch to fix CVE-2018-6888
- cleanup template
2018-10-02 13:34:00 -03:00
Rasmus Thomsen
8a2c6e2c43 exempi: add upstream patch fixing CVE-2018-12648 2018-10-02 13:33:55 -03:00
maxice8
a9cded343d
bcal: update to 2.0. 2018-10-02 13:17:40 -03:00
maxice8
54a55e5737 squid: disable processing of ESI responses
fixes:
    CVE-2018-1000027
    CVE-2018-1172
    CVE-2018-1000024
2018-10-02 17:10:30 +02:00
maxice8
db41b7577d lrzip: apply applicable security patches from upstream
Upstream has a few more CVEs but didn't make a new release yet.

In the meantime we patch what we can

Fixes:
    - CVE-2017-8842
    - CVE-2017-8844
    - CVE-2017-8845
    - CVE-2018-5650

The CVEs left remaining to be fixed by upstream are

( Removed CVE- prefix as to not confuse tools that grep for those
values)

CVE: 2017-8843 SEVERITY: 4.3
CVE: 2017-8846 SEVERITY: 4.3
CVE: 2017-8847 SEVERITY: 4.3
CVE: 2017-9928 SEVERITY: 4.3
CVE: 2017-9929 SEVERITY: 4.3
CVE: 2018-11496 SEVERITY: 4.3
CVE: 2018-5747 SEVERITY: 4.3
2018-10-02 12:05:21 -03:00
maxice8
aeb0a3e1d3 libsass: apply security fixes from upstream
fixes:
    - CVE-2018-11693
    - CVE-2018-11696
    - CVE-2018-11697
    - CVE-2018-11698

Remain unfixed upstream:

( CVE prefix removed to not confuse tools that grep for those values )

CVE: 2018-11499 SEVERITY: 7.5
CVE: 2018-11694 SEVERITY: 6.8
2018-10-02 12:05:13 -03:00
maxice8
c9cd8c875e taglib: fix CVE-2017-12678 CVE-2018-11439 2018-10-02 12:05:04 -03:00
maxice8
6783314672 liblouis: fix CVE-2018-12085 2018-10-02 12:04:56 -03:00
John
d385dc4a6b duplicity: add gnupg runtime dependency; fix license 2018-10-02 11:44:19 -03:00
maxice8
b32db33430 libsndfile: apply security fixes from upstream
fixes:
    CVE-2017-12562
    CVE-2017-14245
    CVE-2017-14246
    CVE-2017-14634
    CVE-2017-6892
    CVE-2017-8362
    CVE-2017-8363
    CVE-2017-8365
    CVE-2018-13139
2018-10-02 11:44:10 -03:00
Helmut Pozimski
544e32f183 smplayer: update to 18.9.0. 2018-10-02 15:49:28 +02:00
Helmut Pozimski
1036740357 gscan2pdf: update to 2.1.6. 2018-10-02 15:44:48 +02:00
Duncaen
012c46d754 syncthing: update to 0.14.51. 2018-10-02 15:10:01 +02:00
cr6git
e37bb36b76
anki: update to 2.1.5. 2018-10-02 15:03:42 +02:00
cr6git
0cd58240ef re2: update to 2018.10.01. 2018-10-02 14:41:44 +02:00
Helmut Pozimski
952f86f356 monero: add patch for the burning bug 2018-10-02 14:37:42 +02:00
Helmut Pozimski
239689baa8 libvirt: update to 4.8.0. 2018-10-02 14:12:25 +02:00
Helmut Pozimski
7e42bdf4a7 filezilla: update to 3.37.3. 2018-10-02 13:41:25 +02:00
John Zimmermann
0d616085c0 unrar: update to 5.6.7. 2018-10-02 12:26:15 +02:00
maxice8
0a15872612 python-hypothesis: update to 3.74.0. 2018-10-02 07:08:46 -03:00
maxice8
47f6ff12d2 telepathy-qt: remove.
No packages use it and there is a qt5 version on telepathy-qt5 which has
users.

[ci skip]
2018-10-02 11:38:49 +02:00
maxice8
ec98d890a7 qoauth: remove.
Was used as part of

kdeplasma-addons-4.14.3_3

which is already removed

[ci skip]
2018-10-02 11:38:24 +02:00
maxice8
9cf12a7d58 tiff: Apply security patches from debian
Before

$ ./cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17095 SEVERITY: 6.8
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2017-18013 SEVERITY: 4.3
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-10963 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
CVE: CVE-2018-5784 SEVERITY: 4.3
CVE: CVE-2018-7456 SEVERITY: 4.3
CVE: CVE-2018-8905 SEVERITY: 6.8

After

$ cve-check tiff
using srcpkgs/tiff/cve-check.
CVE: CVE-2017-17942 SEVERITY: 6.8
CVE: CVE-2018-10126 SEVERITY: 4.3
CVE: CVE-2018-12900 SEVERITY: 6.8
2018-10-02 11:37:56 +02:00
maxice8
19047cf745 libxml2: fix CVE-2018-14404 CVE-2018-9251 CVE-2018-14567 2018-10-02 11:36:06 +02:00
maxice8
550d5c18d5 patch: fix CVE-2018-1000156 CVE-2018-6951 2018-10-02 11:35:30 +02:00
maxice8
dad6e1a600 mupdf: fix CVE-2018-10289
https://nvd.nist.gov/vuln/detail/CVE-2018-10289
http://git.ghostscript.com/?p=mupdf.git;h=2e43685dc8a8a886fc9df9b3663cf199404f7637
https://bugs.ghostscript.com/show_bug.cgi?id=699271
2018-10-02 11:34:55 +02:00
newbluemoon
de83d6fdb1 xbps-src/shutils/update-check.sh: accept RSS MIME type
This fixes update-check for sourceforge.net.
2018-10-02 11:34:16 +02:00
newbluemoon
4ada4eac43 residualvm: add update file
[ci skip]
2018-10-02 11:26:57 +02:00
cr6git
d5c3bb0e0c
tryton: update to 5.0.0.
switch to Python3.
2018-10-02 10:52:56 +02:00
cr6git
eecf3e55a6
postgis: update to 2.5.0 & adopt package
* postgis: update to 2.5.0 & adopt package (resolves #3227)

* geos: update to 3.7.0.
2018-10-02 10:29:00 +02:00
Daniel A. Maierhofer
62d176a848 New package: olsrd-0.9.6.2 2018-10-02 10:04:54 +02:00
maxice8
f914ff69a5 mercurial: update to 4.7.2. 2018-10-01 22:53:30 -03:00
John Zimmermann
0a9a09eb20 kea: update to 1.4.0.P1. 2018-10-01 22:53:23 -03:00
Johannes
cf05e8811a synfigstudio: update to 1.2.2. 2018-10-02 00:05:24 +02:00
Johannes
83cc3a93ce synfig: update to 1.2.2. 2018-10-02 00:05:24 +02:00
Johannes
89bc5f34c0 ETL: update to 1.2.2. 2018-10-02 00:05:24 +02:00
Johannes
84daa15548 boost: revbump to add boost-build to aarch64[-musl] repodata
previous change wasn't enough to trigger a rebuild
2018-10-01 21:59:00 +02:00