summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-09-19user/unbound: Bump to 1.9.3Luis Ressel1-2/+2
2019-09-19user/wireguard-*: Bump to 0.0.20190913Luis Ressel4-8/+8
2019-09-17user/opencv: patch CVE-2019-16249Max Rees2-2/+65
2019-09-17user/faad2: 2.8.8-r2 no longer existsMax Rees1-5/+4
2019-09-17user/wpa_supplicant: patch CVE-2019-16275Max Rees2-1/+78
2019-09-17system/openssl: [CVE] bump to 1.0.2t (#198)Max Rees1-7/+5
2019-09-17system/expat: [CVE] patch CVE-2019-15903 (#192)Max Rees2-3/+188
2019-09-17user/links: [NO CVE] bump to 2.20.1Max Rees1-2/+2
This update fixes a DNS leak when using tor. For more information, consult the changelog: http://links.twibright.com/download/ChangeLo
2019-09-17system/curl: enable libssh2 supportMax Rees1-0/+1
2019-09-17system/curl: [CVE] bump to 7.66.0, fix network access violationMax Rees2-35/+8
2019-09-17system/libgcrypt: [CVE] bump to 1.8.5 (#119)Max Rees1-8/+7
2019-09-17user/vlc: [CVE] bump to 3.0.8 (#182)Max Rees1-11/+20
2019-09-17user/mpg123: bump to 1.25.12Max Rees1-2/+2
This update fixes an out-of-bounds read and an invalid write. For more information, see http://www.mpg123.de/cgi-bin/news.cgi#2019-08-24
2019-09-17user/pango: patch for CVE-2019-1010238 (#133)Max Rees2-5/+43
2019-09-17user/libvorbis: new patch for CVE-2018-10392 (#157)Max Rees4-65/+62
Also, use upstream patch for CVE-2017-14160
2019-09-17user/dejagnu: merge into system/dejagnuMax Rees2-47/+7
2019-09-17user/spice-gtk: new packageMax Rees1-0/+69
2019-09-17experimental/patchelf: new packageMax Rees1-0/+34
At least one test fails on x86_64. GitHub indicates that there are probably other test failures on other arches. https://github.com/NixOS/patchelf/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+set-rpath-library.sh
2019-09-17user/irssi: [CVE] bump to 1.2.2Max Rees1-5/+4
2019-09-17user/faad2: [CVE] bump to 2.9.0Max Rees3-46/+37
2019-09-13user/tumbler: rebuild for popplerMax Rees1-1/+1
2019-09-13user/tellico: rebuild for popplerMax Rees1-1/+1
2019-09-13user/calligra: rebuild for popplerMax Rees1-1/+1
2019-09-13user/qpdfview: rebuild for popplerMax Rees1-1/+1
2019-09-13user/evince: [CVE] patch CVE-2019-11459 (#148)Max Rees2-6/+81
2019-09-13user/atril: [CVE] patch CVE-2019-11459 (#148)Max Rees3-27/+99
Also, add secfixes comment and use upstream patch for CVE-2019-1010006 (#178)
2019-09-13user/cups-filters: bump to 1.25.5Max Rees1-2/+2
2019-09-13user/cbindgen: bump to 0.9.0Molly Miller1-42/+38
2019-09-13user/poppler-qt5: [CVE] bump to 0.80.0 (#128)Max Rees1-3/+6
2019-09-13user/poppler: [CVE] bump to 0.80.0 (#128)Max Rees1-2/+5
2019-09-10user/perl-devel-nytprof: new packageA. Wilcox1-0/+31
2019-09-09user/grub: fix some mistakes in update-grubMax Rees2-3/+5
* If $ADELIE_MANUAL_CONFIG is empty or unset, the comparison will fail since it isn't a valid integer. use = instead of -eq * Make a backup of grub.cfg only if it exists
2019-09-09system/ruby: libedit compatibility patch [read:]A. Wilcox2-2/+26
Ruby pretends editline (libedit) is readline. This is normally fine. However, editline's readline emulation does not account for changes to rl_instream or rl_outstream. If a Ruby application using the Readline extension changes .input or .output, this will cause a use-after-free: ==32694== Invalid read of size 4 ==32694== at 0x4070A38: fwrite (fwrite.c:32) ==32694== by 0x406F707: fputs (fputs.c:7) ==32694== by 0x660EAC7: el_wgets (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x6607BDB: el_gets (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x6620EDB: readline (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x65DE3D3: readline_get (readline.c:346) ==32694== by 0x4DFA49B: rb_protect (eval.c:996) ==32694== by 0x65DE4FF: readline_readline (readline.c:507) ==32694== by 0x4F7AD4B: call_cfunc_m1 (vm_insnhelper.c:1723) ==32694== Address 0x67503dc is 140 bytes inside a block of size 1,264 free'd ==32694== at 0x490AFC0: free (in /usr/lib/valgrind/vgpreload_memcheck-ppc64be-linux.so) ==32694== by 0x406D44F: fclose (fclose.c:35) ==32694== by 0x65DE013: clear_rl_outstream (readline.c:365) ==32694== by 0x65DE0DF: readline_s_set_output (readline.c:599) ==32694== Block was alloc'd at ==32694== at 0x49092C0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-ppc64be-linux.so) ==32694== by 0x406BEC7: fdopen (__fdopen.c:21) ==32694== by 0x65DE103: readline_s_set_output (readline.c:603) Since rl_instream and rl_outstream are read on each rl_initialize, and editline's rl_initialize is smart enough to not leak memory if it is called multiple times during program execution, we use this as a way to force re-reading of rl_instream and rl_outstream. I hate this patch; I really do. Better fixes are highly welcome.
2019-09-09user/grub: add quirks system and radeon quirk (#49)Max Rees3-2/+42
2019-09-07user/rust: Bump to 1.37.0Samuel Holland17-113/+422
Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-09-05user/rust: Bump to 1.36.0Samuel Holland15-163/+138
Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-09-05user/llvm8: Additional powerpc fixesSamuel Holland2-25/+142
Two bugs found by running the rust 1.37.0 test suite: - Use the PIC sequence for getting the GOT address when resolving IE TLS in a PIE. The non-PIC code sequence creates bogus dynamic relocations. - Only use the PLT in PIC mode. Otherwise, calls to a DSO from a non-PIE dynamic executable force bss-plt, since secure-plt requires PIC. Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-09-03user/firefox-esr: [CVE] bump to 68.1.0Molly Miller1-4/+24
2019-08-27user/py3-paho-mqtt: new packageMax Rees2-0/+57
2019-08-27user/mosquitto: new packageMax Rees6-0/+200
In the future: * cunit may be added to run unit tests. * libwebsockets may be added for websocket support.
2019-08-23Merge branch 'kbd-fixes' into 'master'A. Wilcox1-3/+8
system/kbd: fix some regressions in newer releases See merge request adelie/packages!327
2019-08-23Merge branch 'xterm-tmux-2-electric-boogaloo' into 'master'A. Wilcox4-220/+30
Actually, fix tmux instead of xterm See merge request adelie/packages!326
2019-08-23user/pciutils: move lspci(8) to lspci(1)A. Wilcox1-1/+7
2019-08-23system/iproute2: move ip(8) to ip(1)A. Wilcox1-1/+6
2019-08-23system/kbd: fix some regressions in newer releasesMax Rees1-3/+8
Since kbd=2.0.4, three regressions have been discovered: * CFLAGS were being overriden. Fixed by https://github.com/legionus/kbd/commit/15a74479f904f6b15f31854455656710e9aa1942 * loadkeys -d would fail if defkeymap.map.gz was a symlink. Fixed by https://github.com/legionus/kbd/commit/acf93e44f6d036303f95555069031f6fb12ce9d1 * setfont would fail if its argument was a compressed font file. Fixed by https://github.com/legionus/kbd/commit/7e27102b6fc6991a6a4eca422b513781a26b1639 Since the last commit introduced new binary files for the test suite, use a handrolled tarball with the changes instead of patching.
2019-08-19Actually, fix tmux instead of xtermMax Rees4-220/+30
2019-08-19user/grub: add trigger to auto-update configurationMax Rees5-2/+68
2019-08-19Merge branch 'xterm-tmux-fix' into 'master'1.0-BETA4A. Wilcox2-2/+217
user/xterm: fix regression when using tmux horizontal splits See merge request adelie/packages!325
2019-08-18user/xterm: fix regression when using tmux horizontal splitsMax Rees2-2/+217
2019-08-18user/qt5-qtdeclarative: support Athlon XPA. Wilcox2-4/+125
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-07-31 03:18:49 +0000