aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* main/wavpack: add secfixesprspkt2018-06-113-2/+143
| | | | | | | | | | | fixes for: -CVE-2018-10536 -CVE-2018-10537 -CVE-2018-10538 -CVE-2018-10539 -CVE-2018-10540 Fixes #8912
* main/wavpack: security fixesLeonardo Arena2018-06-114-14/+231
| | | | | | CVE-2018-6767, CVE-2018-7253, CVE-2018-7254 Fixes #8592
* community/wireshark: security upgrade to 2.4.7Leonardo Arena2018-06-111-2/+9
| | | | | | | CVE-2018-11356, CVE-2018-11357, CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11362 Fixes #8932
* main/strongswan: security upgrade to 5.6.3 (CVE-2018-5388)Leonardo Arena2018-06-111-2/+4
| | | | Fixes #8955
* community/nextcloud: upgrade to 12.0.8Leonardo Arena2018-06-081-2/+2
|
* main/sdl2_image: security fixes. Fixes #8941Francesco Colista2018-06-0611-3/+361
| | | | | | | | | | | | | | Security fixes for the following CVEs: CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14450 CVE-2018-3837 CVE-2018-3838 CVE-2018-3839
* main/xfsprogs: fix owner of filesNatanael Copa2018-06-061-1/+2
| | | | fixes #8967
* main/busybox: rebuild to make sure package is signedNatanael Copa2018-06-061-1/+1
| | | | | | | The -r10 package got not properly signed due to ABI breakage in openssl (commit 1b2b08e28cbf2539b23cd4fc487cf00caaf19163) Bump pkgrel so we rebuild it.
* main/abuild: fix race when strippingNatanael Copa2018-06-012-2/+39
|
* main/git: security upgrade to 2.15.2 (CVE-2018-11233,CVE-2018-11235)Natanael Copa2018-05-301-3/+6
| | | | fixes #8947
* main/binutils: backport fix for ppc64leNatanael Copa2018-05-302-1/+96
| | | | | | | | | | This fixes clang testsuite. Patch was taken from upstream binutils-2_30-branch https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=shortlog;h=refs/heads/binutils-2_30-branch Upstream report: https://sourceware.org/ml/binutils/2018-03/msg00183.html
* main/binutils: upgrade to 2.30Natanael Copa2018-05-303-439/+3
| | | | ref #7314
* Revert "main/libressl: add options -verify_{hostname,email,ip} to s_client"Natanael Copa2018-05-303-109/+2
| | | | | | | | | | This patch introduced new symbols that broke pip cryptography=2.2.2. The busybox wget issue was fixed by implementing ssl_client so this backport is no longer needed. ref #8939 This reverts commit 3cf23fc4eefde870de2c80c0dae5a3f48d676c1f.
* main/busybox: properly fix wget https supportNatanael Copa2018-05-307-170/+307
| | | | | | | | | | | | | | | | | | | | | fix busybox wget https support by using an external ssl_client helper for https. Disable the use of external openssl. This was fixed to check certificates as a temporary solution. openssl can not produce any useful error messages on certificate errors. It is big. So we simply disable its use. For dynamic busybox we disable the internal ssl_client and the internal (broken) tls code, and build our own ssl_client which properly verifies the certificates. For the static busybox we enable the internal ssl_client and tls code, but we only allow its use with --no-check-certificates. This is so we still can fetch things from https in an emergency situation. We auto-install ssl_client if both libssl and busybox are installed. This is to keep backwards compatibility.
* community/nextcloud: upgrade to 12.0.7Leonardo Arena2018-05-302-48/+2
|
* community/lua-cqueues-pushy: upgrade to 20180530 snapshotTimo Teräs2018-05-301-3/+3
|
* main/busybox: wget: verify certificate when openssl helper is usedJakub Jirutka2018-05-282-1/+74
|
* main/busybox: wget: print warning when internal TLS code is usedJakub Jirutka2018-05-282-0/+90
|
* main/libressl: add options -verify_{hostname,email,ip} to s_clientJakub Jirutka2018-05-283-2/+109
|
* main/libressl: upgrade to 2.6.4Natanael Copa2018-05-281-2/+2
|
* main/curl: fix crashes due to LibreSSL/OpenSSL engines conflictsJakub Jirutka2018-05-252-2/+47
|
* main/tiff: fix CVE-2018-8905prspkt2018-05-242-2/+57
|
* main/tiff: fix CVE-2018-7456prspkt2018-05-242-2/+176
|
* main/bind: security upgrade to 9.11.3Jakub Jirutka2018-05-241-2/+8
|
* main/bmd-tools: upgrade to 1.0.2Timo Teräs2018-05-241-2/+2
|
* community/tor: security upgrade to 0.3.1.10 (CVE-2018-0490)Natanael Copa2018-05-231-2/+4
| | | | fixes #8854
* community/quassel: security upgrade to 0.12.5 ↵Natanael Copa2018-05-231-9/+8
| | | | | | (CVE-2018-1000178,CVE-2018-1000179) fixes #8927
* community/firefox-esr: security upgrade to 52.8.0Natanael Copa2018-05-211-2/+2
| | | | | | | | | | | | | | fixes #8892 CVE-2018-5150: Memory safety bugs CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer CVE-2018-5159: Integer overflow and out-of-bounds write in Skia CVE-2018-5168: Lightweight themes can be installed without user interaction CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension CVE-2018-5183: Backport critical security fixes in Skia
* main/xen: security fixes XSA 260-262Henrik Riomar2018-05-218-1/+1078
| | | | | | CVE-2018-8897 XSA-260 (depends x86-XPTI-reduce-.text.entry.patch) CVE-2018-10982 XSA-261 CVE-2018-10981 XSA-262
* main/sqlite: fix CVE-2018-8740Jakub Jirutka2018-05-202-1/+43
| | | | Ref #8786 (https://bugs.alpinelinux.org/issues/8786)
* main/curl: security upgrade to 7.60.0prspkt2018-05-201-3/+6
|
* community/lua-cqueues-pushy: upgrade to 20180221 snapshotTimo Teräs2018-05-171-3/+3
|
* community/stunnel: upgrade to 5.44 and enable SO_ORIGINAL_DSTNatanael Copa2018-05-151-3/+8
| | | | | Support for SO_ORIGINAL_DST will be silently disabled if linux-headers are missing at build time.
* main/darkhttpd: Add svg support to default mimetypesCarlo Landmeter2018-05-142-3/+33
|
* community/zoneminder: add missing dependencyKaarle Ritvanen2018-05-141-2/+2
|
* main/postgresql: security upgrade to 10.4Jakub Jirutka2018-05-141-10/+12
| | | | | Fixes CVE-2018-1115 See https://www.postgresql.org/about/news/1851/
* main/wget: security upgrade to 1.19.5Andy Postnikov2018-05-101-3/+5
|
* community/php7: security upgrade to 7.1.17Andy Postnikov2018-05-031-3/+7
| | | | CVE-2018-5712
* community/wireshark: security upgrade to 2.4.6Leonardo Arena2018-04-301-2/+13
| | | | | | | | CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9267, CVE-2018-10194 Fixes #8822
* main/jq: security fix (CVE-2016-4074). Fixes #8808Leonardo Arena2018-04-302-3/+45
|
* main/xen: security fixesHenrik Riomar2018-04-303-1/+146
| | | | | CVE-2018-10472, XSA-258 CVE-2018-10471, XSA-259
* main/mkinitfs: virtio_net depends on virtio_pciCarlo Landmeter2018-04-292-2/+27
|
* main/mkinitfs: features add virtio_net to network modulesCarlo Landmeter2018-04-292-2/+25
|
* community/php5: security upgrade to 5.6.36Andy Postnikov2018-04-281-2/+6
| | | | CVE-2018-5712
* community/drupal7: security upgrade to 7.59Andy Postnikov2018-04-281-2/+4
| | | | CVE-2018-7602 https://www.drupal.org/SA-CORE-2018-004
* community/firefox-esr: upgrade to 52.7.3Leonardo Arena2018-04-241-2/+2
|
* community/nextcloud: upgrade to 12.0.6Jakub Jirutka2018-04-182-17/+2
| | | | Problem with iconv has been fixed in upstream: https://github.com/nextcloud/server/pull/8674.
* main/perl: security upgrade to 5.26.2Leonardo Arena2018-04-171-7/+10
| | | | | | CVE-2018-6797, CVE-2018-6798, CVE-2018-6913 Fixes #8802
* community/roundcubemail: security upgrade to 1.3.6 (CVE-2018-9846)Leonardo Arena2018-04-122-14/+28
|
* main/clamav: security upgrade 0.99.4Leonardo Arena2018-04-112-28/+9
| | | | | | CVE-2018-0202, CVE-2018-1000085 Fixes #8694
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 00:18:42 +0000