summaryrefslogtreecommitdiff
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2019-09-28Merge branch 'cves.2019.08.29' into 'master'A. Wilcox6-53/+209
Misc. security updates See merge request adelie/packages!336
2019-09-17system/openssl: [CVE] bump to 1.0.2t (#198)Max Rees1-7/+5
2019-09-17system/expat: [CVE] patch CVE-2019-15903 (#192)Max Rees2-3/+188
2019-09-17system/curl: enable libssh2 supportMax Rees1-0/+1
2019-09-17system/curl: [CVE] bump to 7.66.0, fix network access violationMax Rees2-35/+8
2019-09-17system/libgcrypt: [CVE] bump to 1.8.5 (#119)Max Rees1-8/+7
2019-09-17user/dejagnu: merge into system/dejagnuMax Rees1-10/+7
2019-09-09system/ruby: libedit compatibility patch [read:]A. Wilcox2-2/+26
Ruby pretends editline (libedit) is readline. This is normally fine. However, editline's readline emulation does not account for changes to rl_instream or rl_outstream. If a Ruby application using the Readline extension changes .input or .output, this will cause a use-after-free: ==32694== Invalid read of size 4 ==32694== at 0x4070A38: fwrite (fwrite.c:32) ==32694== by 0x406F707: fputs (fputs.c:7) ==32694== by 0x660EAC7: el_wgets (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x6607BDB: el_gets (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x6620EDB: readline (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x65DE3D3: readline_get (readline.c:346) ==32694== by 0x4DFA49B: rb_protect (eval.c:996) ==32694== by 0x65DE4FF: readline_readline (readline.c:507) ==32694== by 0x4F7AD4B: call_cfunc_m1 (vm_insnhelper.c:1723) ==32694== Address 0x67503dc is 140 bytes inside a block of size 1,264 free'd ==32694== at 0x490AFC0: free (in /usr/lib/valgrind/vgpreload_memcheck-ppc64be-linux.so) ==32694== by 0x406D44F: fclose (fclose.c:35) ==32694== by 0x65DE013: clear_rl_outstream (readline.c:365) ==32694== by 0x65DE0DF: readline_s_set_output (readline.c:599) ==32694== Block was alloc'd at ==32694== at 0x49092C0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-ppc64be-linux.so) ==32694== by 0x406BEC7: fdopen (__fdopen.c:21) ==32694== by 0x65DE103: readline_s_set_output (readline.c:603) Since rl_instream and rl_outstream are read on each rl_initialize, and editline's rl_initialize is smart enough to not leak memory if it is called multiple times during program execution, we use this as a way to force re-reading of rl_instream and rl_outstream. I hate this patch; I really do. Better fixes are highly welcome.
2019-08-23Merge branch 'kbd-fixes' into 'master'A. Wilcox1-3/+8
system/kbd: fix some regressions in newer releases See merge request adelie/packages!327
2019-08-23system/iproute2: move ip(8) to ip(1)A. Wilcox1-1/+6
2019-08-23system/kbd: fix some regressions in newer releasesMax Rees1-3/+8
Since kbd=2.0.4, three regressions have been discovered: * CFLAGS were being overriden. Fixed by https://github.com/legionus/kbd/commit/15a74479f904f6b15f31854455656710e9aa1942 * loadkeys -d would fail if defkeymap.map.gz was a symlink. Fixed by https://github.com/legionus/kbd/commit/acf93e44f6d036303f95555069031f6fb12ce9d1 * setfont would fail if its argument was a compressed font file. Fixed by https://github.com/legionus/kbd/commit/7e27102b6fc6991a6a4eca422b513781a26b1639 Since the last commit introduced new binary files for the test suite, use a handrolled tarball with the changes instead of patching.
2019-08-18system/easy-kernel: disable x86 verbose, enable more AGPA. Wilcox3-10/+10
2019-08-18system/xfsprogs: split base utils from scrubA. Wilcox1-2/+12
2019-08-18system/adelie-base: Adélie Linux 1.0-BETA4A. Wilcox1-3/+3
2019-08-17system/vim: bump to 8.1.1866A. Wilcox1-2/+2
2019-08-17system/strace: bump to 5.2A. Wilcox4-62/+21
2019-08-17system/perl-test-simple: bump to 1.302166A. Wilcox1-2/+2
2019-08-17system/perl-dbd-sqlite: bump to 1.64A. Wilcox1-6/+2
2019-08-17system/iproute2: bump to 5.2.0A. Wilcox2-48/+3
2019-08-17system/help2man: bump to 1.47.11A. Wilcox1-4/+2
2019-08-16system/cryptsetup: bump to 2.2.0A. Wilcox1-2/+2
2019-08-16system/git: bump to 2.22.1A. Wilcox1-2/+2
2019-08-15system/vim: bump to 8.1.1842Max Rees1-5/+3
2019-08-13system/xfsprogs: bump to 5.2.0A. Wilcox2-5/+5
2019-08-13system/easy-kernel: update configs (fixes #177)A. Wilcox1-4/+4
2019-08-13system/easy-kernel: ALL the WiFi?A. Wilcox4-115/+317
2019-08-13Merge branch 'kernel-secfixes' into 'master'A. Wilcox1-0/+70
[merge on next easy-kernel bump] system/easy-kernel: add secfixes comment See merge request adelie/packages!303
2019-08-13Merge branch 'lr/env_dump' into 'master'A. Wilcox3-4/+32
Fix skalibs env_dump() See merge request adelie/packages!317
2019-08-12system/easy-kernel: add secfixes commentMax Rees1-0/+70
2019-08-11system/easy-kernel-power8-64k: Bump to 4.14.136-mc15Samuel Holland2-65/+88
Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-08-11system/easy-kernel-power8: Bump to 4.14.136-mc15Samuel Holland2-65/+88
Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-08-11system/easy-kernel: Bump to 4.14.136-mc15Samuel Holland8-497/+756
Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-08-10system/s6-linux-init: Revbump to rebuild against the fixed skalibsLuis Ressel1-1/+1
2019-08-10system/skalibs: Add patch for env_dump()Luis Ressel2-3/+31
This has already been applied upstream and fixes s6-linux-init's /run/kernel_env/ output.
2019-08-10system/cmake: bump to 3.15.2A. Wilcox1-2/+2
2019-08-09system/xfsprogs: bump to 5.1.0A. Wilcox1-2/+2
2019-08-09system/tzdata: bump to 2019bA. Wilcox1-4/+4
2019-08-09system/sqlite: bump to 3.29.0A. Wilcox1-9/+4
2019-08-09system/shadow: bump to 4.7A. Wilcox3-234/+4
2019-08-09system/pkgconf: bump to 1.6.3A. Wilcox1-2/+2
2019-08-09system/man-pages: bump to 5.02A. Wilcox1-2/+2
2019-08-09system/man-db: bump to 2.8.6.1A. Wilcox1-2/+2
2019-08-09system/kbd: bump to 2.2.0A. Wilcox1-6/+4
2019-08-08system/musl: update secfixes comment with assigned CVEA. Wilcox1-0/+2
2019-08-07system/debianutils: bump to 4.8.6.3A. Wilcox1-3/+2
2019-08-07system/console-setup: bump to 1.193A. Wilcox1-3/+3
2019-08-06system/cmake: bump to 3.15.1A. Wilcox1-2/+2
2019-08-06system/libarchive: add zst support (req'd for new CMake)A. Wilcox1-2/+2
2019-08-06user/zstd: -> system, bump to 1.4.2A. Wilcox1-0/+27
2019-08-06system/python3: [CVE] bump to 3.6.9Max Rees4-390/+10