summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* main/jasper: security fixes (CVE-2011-4516, CVE-2011-4517)Natanael Copa2011-12-225-4/+998
| | | | fixes #878
* main/pidgin: security upgrade to 2.10.1 (CVE-2011-1091)Natanael Copa2011-12-161-3/+3
| | | | | fixes #864 fixes #867
* main/dhcp: security upgrade to 4.2.3_p1 (CVE-2011-4539)Natanael Copa2011-12-161-3/+3
| | | | fixes #875
* main/asterisk: upgrade to 1.8.8.0Timo Teräs2011-12-161-2/+2
| | | | ref #775
* main/ldns: build drill and example toolsNatanael Copa2011-12-151-4/+24
| | | | | fixes #861 (cherry picked from commit 55d08e35363c3ac6741723c20b3559002585ff6f)
* main/shorewall-shell: set all/rp_filter based on ROUTE_FILTERNatanael Copa2011-12-082-2/+21
| | | | | | | | | | | | | The kernel changed behavior around 2.6.31. We need a way to turn off rp_filter. details: http://article.gmane.org/gmane.comp.security.shorewall/23329/match=rp_filter This will disable routefilter if ROUTE_FILTER=no in /etc/shorewall/shorewall.conf default. To enable you will need set the routefilter option in /etc/shorewall/interfaces (cherry picked from commit 438e9609e25928bc0033ad9a29f628ee9b294af7)
* main/dahdi-tools: do not depend on firmware (dahdi-linux)Natanael Copa2011-12-051-2/+2
| | | | (cherry picked from commit dbd4006671bde2f1c12977827ae1ad853b00fba3)
* main/bitlbee: upgrade to 3.0.4Natanael Copa2011-12-051-3/+3
|
* main/zabbix: upgrade to 1.8.9Natanael Copa2011-12-031-3/+3
| | | | | fixes #851 (cherry picked from commit 1300bc42740a954a6c30d5f71c1240c214d6aa3d)
* Replace instances of "--chuid" to "--user" in initd scriptsJesse Young2011-12-0323-49/+49
| | | | | | | | | | | | | | | | | | | | | Fixes #776 Signed-off-by: Jesse Young <jlyo@jlyo.org> (cherry picked from commit ae1967b66eba132dd8c9fa5b5f57712d012b6647) Conflicts: main/open-vm-tools/APKBUILD main/transmission/APKBUILD testing/cherokee/APKBUILD testing/cherokee/cherokee.initd testing/cluster-glue/ha_logd.initd testing/drizzle/APKBUILD testing/drizzle/drizzle.initd testing/prosody/APKBUILD testing/prosody/prosody.initd testing/rrdbot/APKBUILD testing/rrdbot/rrdbotd.initd
* main/squid: update init.d script from gentooNatanael Copa2011-12-022-57/+72
| | | | | This should actually work and will enable support for multiple instances (cherry picked from commit 6554dce65a5d32c68a77484323c0450df8a613a0)
* main/squid: fix logdir and default userNatanael Copa2011-12-022-1/+25
| | | | | fixes #843 (cherry picked from commit 379338be8b4cd31b24080f7f01ae14fe124a84ae)
* main/apache2: security hotfix #844 (CVE-2011-4317)Leonardo Arena2011-11-282-3/+41
| | | | (cherry picked from commit 9f987f8ab1533bc6cdb29f36f144101bae980efe)
* main/ffmpeg: push leftover patchLeonardo Arena2011-11-241-0/+58
|
* main/ffmpeg: fix buffer overflow in qdm2 decoderLeonardo Arena2011-11-241-3/+5
|
* ==== release 2.3.2 ====v2.3.2Natanael Copa2011-11-221-1/+1
|
* main/*-vserver: upgrade to 3.0.10-vs2.3.2.1-unofficialNatanael Copa2011-11-224-9/+26526
| | | | (cherry picked from commit 972686408af9f0fd661213df86d37b77834b08e2)
* main/*-vserver: enable CRYPTO_DEV_GEODENatanael Copa2011-11-224-6/+6
| | | | (cherry picked from commit d00cfdd26717c0ca8a61d57197a7121eb1d3a138)
* main/*-vserver: upgrade to 3.0.9-vs2.3.2.1 and enable up to 32 CPUsNatanael Copa2011-11-226-28415/+14
| | | | (cherry picked from commit 50b5864e4fd1666f02f56cd8e9dbe1aa54731bd9)
* main/*-grsec: upgrade to kernel 3.0.10 and rebase grsecurity patchNatanael Copa2011-11-227-11293/+12811
| | | | | based on grsecurity-2.2.2-3.0.9-201111161802 (cherry picked from commit 16adb43e460bf8a7e8d3d34b5aee74e2e56c8088)
* main/*-grsec: enable CRYPTO_DEV_GEODENatanael Copa2011-11-226-7/+7
| | | | (cherry picked from commit 78ca6319638430577850e60eefa2ef6142777f58)
* main/*-grsec: bump _kpkgrelWilliam Pitcock2011-11-224-4/+4
| | | | (cherry picked from commit 341a0357c7f9a6a10b4a0dcd10716e55716097f4)
* main/linux-grsec: SMP-related bugfixes (see extended commit message)William Pitcock2011-11-223-9/+8
| | | | | | | | | | | | | | | | | | | | | [x86] - enable CONFIG_X86_BIGSMP - set CONFIG_NR_CPUS to 32 [x86_64] - set CONFIG_NR_CPUS to 32 With CONFIG_NR_CPUS > 8 on x86, the kernel may hang upon encountering more than 8 logical CPUs without CONFIG_X86_BIGSMP enabled. x86_64 does not have this problem, but as a side effect of the CONFIG_X86_BIGSMP change, needed to have CONFIG_NR_CPUS adjusted there as well. Discussions on various distribution lists: Alpine: http://lists.alpinelinux.org/alpine-devel/0496.html Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=480844 rPath: https://issues.rpath.com/browse/RPL-3022 (cherry picked from commit 762e510f082f422e3219c9ec270bcf5b48395adf)
* main/*-grsec: upgrade kernel to 3.0.9-201111121310Natanael Copa2011-11-2210-4828/+4589
| | | | (cherry picked from commit 4ba20c01bd90e5ed8719131447ef65dba0bc0d2a)
* main/freetype: security upgrade to 2.4.8 (CVE-2011-3439)Natanael Copa2011-11-221-2/+2
| | | | | fixes #832 (cherry picked from commit 30153ff3b13acd029a177a03c9fbe6ed6ec671b0)
* main/openldap: security fix (CVE-2011-4079)Natanael Copa2011-11-222-1/+58
| | | | fixes #838
* main/nss: security fix (CVE-2011-3640)Natanael Copa2011-11-212-3/+147
| | | | | | fixes #815 ref #816 (cherry picked from commit 4f73d2d7b4f2ba743c47e8be0248da03661af1d7)
* main/bind: security upgrade to 9.8.1_p1 (CVE-2011-4313)Natanael Copa2011-11-181-2/+2
| | | | | | fixes #820 (cherry picked from commit 6a159eecd21bcaf2262e2e28868a5d3674f055fc)
* main/acf-freeswitch-vmail: upgrade to 0.0.14Ted Trask2011-11-171-3/+3
| | | | (cherry picked from commit 7d3e5a10671257032ea0ae7fa01901652e1cf0c7)
* main/pingu: build fix. needs lua-devNatanael Copa2011-11-151-1/+1
| | | | (cherry picked from commit 9c0f229cc52f512c575e9160e73207ff0776805d)
* main/pingu: fix path to pid fileNatanael Copa2011-11-152-3/+3
| | | | (cherry picked from commit 9a44f34a9f1c7aa46b5270c4ecab8ccb6d0a1f11)
* main/shorewall-common: bump pkgrel so we get the previous commitNatanael Copa2011-11-151-1/+1
| | | | | fixes #813 (cherry picked from commit 197e5f72a68565e38e4111c2fa134dd498b656fa)
* main/shorewall-common: fix some deprecated iptables usageNatanael Copa2011-11-152-0/+24
| | | | | | | | | Fix a a few occurences of: Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`) Earlier it warned the above. Now it no longer works (cherry picked from commit 4d9a1fe10fa4d2f00152b08e06378c0081c38e40)
* main/mplayer: fix audio decoding with gcc-4.6Natanael Copa2011-11-133-11/+25
| | | | | | | http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2011-May/068495.html and remove unused patch (cherry picked from commit 5c9e8564ce71a8b229e70b4d54d748bfc7345fb1)
* ==== release 2.3.1 ====v2.3.1Natanael Copa2011-11-111-1/+1
|
* main/net-snmp: add some snmpd MIB implementation fixesTimo Teräs2011-11-113-1/+50
| | | | | | | | * IP-MIB::ipNetToPhysicalPhysAddress is fixed to display data properly even after first time * swinst patch prevents a crash during snmpwalk in default install (cherry picked from commit ac22212e8d4e2af30b3a2a2c898ae4664ea796f6)
* main/*-grsec: update to rebuilt kernelNatanael Copa2011-11-114-4/+4
| | | | (cherry picked from commit 548805549c97d3fcb7c07e581e85248844fa0ca1)
* main/linux-grsec: add patch from upstream align af specific flowi structs to ↵Natanael Copa2011-11-112-1/+53
| | | | | | long (cherry picked from commit aa5ae43b9507434a7a3609d7cd59ecaa8f117c36)
* main/linux-grsec: backport flow patch from upstreamNatanael Copa2011-11-116-7/+149
| | | | | fixes performance regression (cherry picked from commit 2d674ead26a228e6ae79d0ecf1d1bcf8748e5b7e)
* main/*-grsec: enable e_powersaver module and update 3rdpary module buildingNatanael Copa2011-11-116-31/+53
| | | | | | | | | We no need to manually edit every 3rd party module's kernel ver to match the kernel packages version. We need to do this because we will at some point allow building in a chroot whithout the entire aports tree beeing present. (cherry picked from commit 1a21bc3a35de32521b021cc16cacff9beee38382)
* main/openjdk6: security upgrade icedtea6 to 1.10.4Timo Teräs2011-11-112-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ref #802 icedtea6 1.10.4 includes patches for the following security issues: CVE-2011-3547: InputStream skip() information leak CVE-2011-3548: mutable static AWTKeyStroke.ctor CVE-2011-3551: Java2D TransformHelper integer overflow CVE-2011-3552: excessive default UDP socket limit under SecurityManager CVE-2011-3553: JAX-WS stack-traces information leak CVE-2011-3544: missing SecurityManager checks in scripting engine CVE-2011-3521: IIOP deserialization code execution CVE-2011-3554: insufficient pack200 JAR files uncompress error checks CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer CVE-2011-3556: RMI DGC server remote code execution CVE-2011-3557: RMI registry privileged code execution CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1): CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) CVE-2011-0865: Vulnerability in deserialization CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code CVE-2011-0867: NetworkInterface.toString can reveal bindings CVE-2011-0869: Vulnerability in SAAJ CVE-2011-0870: Vulnerability in SAAJ CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero CVE-2011-0871: ImageIcon creates Component with null acc CVE-2011-0864: JSR rewriting can overflow memory address size variables (cherry picked from commit 0389c0810effbe38de6d05d68e3ab6bb08a8aaef)
* main/libc0.9.32: improve the stack unwinding fixTimo Teräs2011-11-112-32/+92
| | | | | should now work with all syscalls (cherry picked from commit 6f8933ee7b806ed757664856433e47e315c4019a)
* main/libc0.9.32: fix stack unwinding and backtraces on x86Timo Teräs2011-11-112-1/+193
| | | | (cherry picked from commit 98616434d7117b42cf1b7c650104b937e084db52)
* main/libc0.9.32: add cabsf/cabsl() and cexp/cexpf/cexpl() functions to libmWilliam Pitcock2011-11-113-1/+143
| | | | (cherry picked from commit abdd5613c682e0c07d32ff3552d637b175e53b25)
* main/unbound: do not link libunbound to libpythonNatanael Copa2011-11-111-4/+7
| | | | (cherry picked from commit 4dafb4f192c8596ccf4d68bed7fa6373309ad321)
* main/acf-provisioning: upgrade to 0.1.1Ted Trask2011-11-102-2/+96
| | | | (cherry picked from commit 2962b2178b5ab294ca1b3d61e8e1037253ec85f4)
* main/alpine-baselayout: blacklist viafb and e_powersaverNatanael Copa2011-11-102-2/+34
| | | | (cherry picked from commit 00710ef81620c0239ed0aa5c144d77afcb1dced3)
* main/gcc: remove memory protection from gijNatanael Copa2011-11-101-1/+2
| | | | (cherry picked from commit ef4265d5191940fb1bf13ce91110488fc1fda219)
* main/gcc: upgrade to 4.6.2Natanael Copa2011-11-101-7/+7
| | | | (cherry picked from commit 441aae69606c30a554845023f0a9c090081357ee)
* main/*-vserver: upgrade to 3.0.8-vs2.1.3Natanael Copa2011-11-104-23/+28446
| | | | (cherry picked from commit 02cd2fa89b83e96a9073725a6efd94afe8cbc4f0)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-25 03:13:26 +0000