| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
fix CVE-2022-41323
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| |\
| |
| | |
borgbackup: initial commit
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| | |
| |
| |
| | |
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
|
| |/
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |\
| |
| | |
golang: update to v1.19.2
|
| | |
| |
| |
| | |
Signed-off-by: Stanislav Petrashov <s@petrashov.ru>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Includes fixes for security vulnerabilities:
* [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) net/http: handle server errors after sending GOAWAY
* [CVE-2022-32190](https://github.com/golang/go/issues/54385) net/url: JoinPath does not strip relative path components in all circumstances
* [CVE-2022-2879](https://github.com/golang/go/issues/54853) archive/tar: unbounded memory consumption when reading headers
* [CVE-2022-2880](https://github.com/golang/go/issues/54663) net/http/httputil: ReverseProxy should not forward unparseable query parameters
* [CVE-2022-41715](https://github.com/golang/go/issues/55949) regexp/syntax: limit memory used by parsing regexps
Addresses the build failure:
* https://github.com/openwrt/packages/pull/19613
Signed-off-by: Stanislav Petrashov <s@petrashov.ru>
|
| |/
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following CVEs:
- CVE-2022-32189 (version 1.18.5 [1]]
- CVE-2022-27664 (version 1.18.6 [2])
- CVE-2022-32190 (version 1.18.6 [2])
- CVE-2022-2879 (version 1.18.7 [3])
- CVE-2022-2880 (version 1.18.7 [3])
- CVE-2022-41715 (version 1.18.7 [3])
- CVE-2022-41716 (version 1.18.8 [4])
and refreshed patch
[1] https://groups.google.com/g/golang-announce/c/YqYYG87xB10
[2] https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
[3] https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
[4] https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
| |
Found with modified Kconfiglib.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
| |
This fixes:
- CVE-2022-31630
- CVE-2022-37454
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
| |
Update to v16.18.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
| |
This version updates the CA bundle, and needs urllib as dependency.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
| |
Package does not currently build because of distutil dependency. Fix
this by updating to the latest version.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
| |
* fixes CVE-2021-28861
* adjust pip and setuptools versions
* refresh patches
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |\
| |
| | |
numpy: bump to version 1.23.3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also bump Cython version to 0.29.32
And yeeeey: zip -> tar.gz
And they fixed the Intel AVX extension stuff/detection.
Which is why I deferred updating it until now.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \
| | |
| | | |
python3-pytz: bump to version 2022.4
|
| | |/
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \
| |/
|/| |
qcsuper: add Package w/ necessary dependencies
|
| | |
| |
| |
| | |
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| | |
| |
| |
| | |
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
**** 1.35 Oct 4, 2022
Improve SVCB error reporting.
Fix rt.cpan.org #144328
accept_reply test fails with matched consecutive "random"
generated packet->id
Fix rt.cpan.org #144299
Spelling errors.
**** 1.34 May 30, 2022
Improve robustness of EDNS option compose/decompose functions.
Simplify code in Makefile.PL.
Fix rt.cpan.org #142426
Avoid "Useless use of a constant in void context" warning.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\
| |
| | |
php8-pecl-http: update to 4.2.3
|
| | |
| |
| |
| | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* Insufficient fix for macOS devices on v18.5.0
* CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
* CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
* Insufficient fix on v18.5.0
* CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
* CVE-2022-35255: Weak randomness in WebCrypto keygen
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.
llhttp updated to 6.0.10
llhttp is updated to 6.0.10 which includes fixes for the following vulnerabilities.
* HTTP Request Smuggling - CVE-2022-32213 bypass via obs-fold mechanic (Medium)(CVE-2022-32213 ): The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215): The llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
* HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)(CVE-35256): The llhttp parser in the http does not correctly handle header fields that are not terminated with CLRF. This can lead to HTTP Request Smuggling (HRS).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |\
| |
| | |
php8: update to 8.1.11
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This fixes:
- CVE-2022-31628
- CVE-2022-31629
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |/
|
|
| |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
| |
Oversight from when the expat host build was removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
libwolfsslcpu-crypto has to be taken into consideration when selecting
the default SSL backend.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
These are bugfix and feature releases.
Changes from 1.11->1.12:
https://github.com/lunarmodules/Penlight/blob/master/CHANGELOG.md#1120-2022-jan-10
Changes from 1.12->1.13:
https://github.com/lunarmodules/Penlight/blob/master/CHANGELOG.md#1130-2022-jul-22
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| |
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Improve the base URI behavior when resolving a $ref to a resolution
URI which is different from the resolved schema's declared $id.
- Accessing jsonschema.draftN_format_checker is deprecated. Instead,
if you want access to the format checker itself, it is exposed as
jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
jsonschema.protocols.Validator.
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |
|
|
| |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |
|
|
| |
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|