aboutsummaryrefslogtreecommitdiffstats
path: root/main
Commit message (Collapse)AuthorAgeFilesLines
* main/ruby: security upgrade to 2.4.4Natanael Copa2018-03-291-2/+9
| | | | | | | | | | | | | | | | | | | CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir fixes #8747
* main/uwsgi: security upgrade to 2.0.17 (CVE-2018-6758,CVE-2018-7490)Natanael Copa2018-03-271-3/+5
| | | | fixes #8734
* main/apache2: security upgrade to 2.4.33Kaarle Ritvanen2018-03-271-3/+11
| | | | fixes #8729
* main/rsync: security upgrade to 3.1.3 (CVE-2018-5764)Natanael Copa2018-03-205-144/+6
| | | | fixes #8676
* main/kamailio: version bump 5.0.6Nathan Angelacos2018-03-201-3/+3
|
* main/curl: upgrade to 7.59.0prspkt2018-03-191-3/+7
| | | | fixes #8644
* main/samba: security upgrade to 4.7.6Jakub Jirutka2018-03-151-3/+6
|
* Revert "main/nodejs: upgrade to 8.10.0"Jakub Jirutka2018-03-151-2/+2
| | | | | | | | | | This reverts commit 0fec1f8393961c474ddc240c8f94f13c9002103f. It fails to build on v3.7 (but works on edge): ../src/node.cc: In function 'void node::SetupProcessObject(node::Environment*, int, const char* const*, int, const char* const*)': ../src/node.cc:3495:63: error: 'uv_os_getpid' was not declared in this scope Integer::New(env->isolate(), uv_os_getpid()));
* main/nodejs: upgrade to 8.10.0Tim Brust2018-03-141-2/+2
|
* main/ruby-bundler: upgrade to 1.16.1Jakub Jirutka2018-03-141-2/+2
|
* main/mqtt-exec: upgrade to 0.4Natanael Copa2018-03-131-7/+3
|
* main/py-django: security upgrade to 1.11.11Leonardo Arena2018-03-121-3/+6
| | | | | | CVE-2018-7536, CVE-2018-7537 Fixes #8637
* main/memcached: extstore remains utterly broken on non-x86_64, reverse the logicWilliam Pitcock2018-03-061-3/+3
|
* main/memcached: Upgrade to 1.5.6tcely2018-03-062-7/+135
| | | | Add patch for seccomp musl fixes.
* main/libmemcached: Add depend on cyrus-sasl-dev to libmemcached-devtcely2018-03-061-23/+17
|
* main/xen: security fixesLeonardo Arena2018-03-065-1/+390
| | | | | | | | CVE-2018-7540, XSA-252 CVE-2018-7541, XSA-255 CVE-2018-7542, XSA-256 Fixes #8614
* main/dovecot: security upgrade to 2.2.34Andy Postnikov2018-03-061-3/+8
| | | | https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
* main/alpine-conf: fix update-kernel to handle -vanilla suffixNatanael Copa2018-03-052-4/+42
|
* main/mosquitto: security upgrade to 1.4.15Jakub Jirutka2018-03-041-3/+6
|
* main/postgresql: upgrade to 10.3Jakub Jirutka2018-03-021-2/+4
|
* main/patch: security fix (CVE-2018-6951)Leonardo Arena2018-02-282-5/+40
| | | | | | | Partially fixes #8563 Patch for CVE-2018-6952 not yet available: https://savannah.gnu.org/bugs/index.php?53133
* main/squid: security upgrade to 3.5.27Leonardo Arena2018-02-282-20/+13
| | | | | | CVE-2018-1000024, CVE-2018-1000027 Fixes #8551
* main/libseccomp: fix depends for -devNatanael Copa2018-02-281-3/+4
| | | | | | libseccomp-dev needs linux-headers fixes #8597
* main/libtasn1: security fix (CVE-2018-6003)Leonardo Arena2018-02-282-2/+70
| | | | Fixes #8527
* main/qemu: fix configure for s390xNatanael Copa2018-02-272-1/+60
| | | | | | | | the configure script assumes that grep handles binary data. Busybox grep does not when its compiled with musl so we filter the input with `strings`. Upstream: http://patchwork.ozlabs.org/patch/863654/
* main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)dai9ah2018-02-273-5/+34
| | | | Fixes #8515
* main/curl: re-enable ssh supportNatanael Copa2018-02-271-1/+2
| | | | | | This was unintentionally disabled with the 7.58 upgrade. fixes #8574
* main/asterisk: security upgrade to 15.2.2Timo Teräs2018-02-221-2/+2
| | | | | | | | | | | AST-2018-001 (CVE-2018-7285): Crash when receiving unnegotiated dynamic payload AST-2018-002: Crash when given an invalid SDP media format description AST-2018-003: Crash with an invalid SDP fmtp attribute AST-2018-004 (CVE-2018-7284): Crash when receiving SUBSCRIBE request AST-2018-005 (CVE-2018-7286): Crash when large numbers of TCP connections are closed suddenly AST-2018-006 (CVE-2018-7287): WebSocket frames with 0 sized payload causes DoS (cherry picked from commit f0ae460f0cc464900bdb9a9265254e00d0da42f1)
* main/asterisk: upgrade to 15.2.0Timo Teräs2018-02-221-3/+3
| | | | (cherry picked from commit b137d471e4ae63e37909accff94a30c4d4dfdc22)
* main/mkinitfs: fix netboot warningCarlo Landmeter2018-02-222-2/+32
|
* main/apk-tools: add missing solver patchWilliam Pitcock2018-02-211-0/+57
|
* main/apk-tools: upgrade to 2.9.1William Pitcock2018-02-211-2/+4
|
* main/bmd-tools: upgrade to 1.0.1Timo Teräs2018-02-211-2/+2
| | | | (cherry picked from commit f8b9271a13e370dc666a6b00bdf1ca1d3b69e53b)
* main/xen: XPTI xsa254Henrik Riomar2018-02-205-1/+1392
| | | | | | | | Add Xen page-table isolation (XPTI) for XEN 4.9.1 More info: http://xenbits.xen.org/xsa/xsa254/README.pti (cherry picked from commit f2f3a06de22b3f503815c79aeae8878b8320f5da)
* main/quagga: upgrade to 1.2.4Timo Teräs2018-02-201-2/+2
| | | | (cherry picked from commit cacf8c7b23a8bca8e1ae7bf9b8f4ee3c29fdd06d)
* main/irssi: security upgrade to 1.0.6Leonardo Arena2018-02-191-3/+13
| | | | | | | CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054 Fixes #8501
* main/quagga: security upgrade to 1.2.3Timo Teräs2018-02-161-2/+2
| | | | (cherry picked from commit 0ebf73b2c2c90ac66f1619b6104435d7ea730a3a)
* main/samba: upgrade to 4.7.4. Fixes #8485Leonardo Arena2018-02-151-2/+2
|
* main/chrony: update default configLeonardo Arena2018-02-152-5/+4
| | | | Fixes #8477
* main/uwsgi: security upgrade to 2.0.16 (CVE-2018-6758)Leonardo Arena2018-02-151-3/+8
|
* main/postgresql: security upgrade to 10.2Jakub Jirutka2018-02-092-4/+23
| | | | | | | | | | | This upgrade contains one incompatible change in contrib/cube (packaged in -contrib subpackage). Explanation from https://www.postgresql.org/docs/10/static/release-10-2.html: > This is an incompatible change, but since the point of the operator > was to be used in KNN searches, it seems rather useless as-is. After > installing this update, any expression indexes or materialized views > using this operator will need to be reindexed/refreshed.
* main/tiff: security fix CVE-2017-18013Leonardo Arena2018-02-082-2/+40
| | | | Fixes #8461
* main/curl: security upgrade to 7.58.0Leonardo Arena2018-02-081-4/+5
| | | | | | CVE-2018-1000005, CVE-2018-1000007 Fixes #8439
* main/musl: backport 2 fixes from upstreamNatanael Copa2018-02-073-1/+168
| | | | | - use UTC instead of GMT when no timezone is specified - fix sysconf for initite rlimits
* main/bash: fix jobs againNatanael Copa2018-02-072-10/+23
| | | | | | | | previous fix didnt solve the problem for 32 bit architectures. We fix it by capping childmax to 8192. ref #8447
* main/bash: upgrade to 4.4.19Natanael Copa2018-02-071-3/+10
| | | | (cherry picked from commit 8756c780bda76051ece619cab28acf83c63a920f)
* main/bind: Upgrade to 9.11.2-P1tcely2018-02-061-3/+5
| | | | (cherry picked from commit b3fd1eb4e8e0f578e1fbaf76d9903a9012274dee)
* main/mkinitfs: skip apk hooksHenrik Riomar2018-01-312-3/+35
| | | | | | Skip pre/post apk hooks on diskless initramfs installation. (cherry picked from commit 8c9aa20b2f1445d63a2923145fffca1b40f1470a)
* main/py-django-sorl-thumbnail: upgrade to 12.4.1Kaarle Ritvanen2018-01-301-4/+2
|
* main/busybox: make "source" work like bash again by searching current ↵William Pitcock2018-01-293-2/+54
| | | | | | directory for scripts See http://lists.busybox.net/pipermail/busybox/2018-January/086146.html for rationale.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 02:16:35 +0000