packages

Author	SHA1	Message	Date
Hirokazu MORIKAWA	2ac03c2372	node: July 7th 2022 Security Releases Update to v14.20.0 Release for the following issues: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213) HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214) HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215) DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212) https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>	2022-07-10 22:38:30 +02:00
Jeffery To	580926cb6c	python-cryptography: Fix failing build Fixes https://github.com/openwrt/packages/issues/18876. Fixes https://github.com/openwrt/packages/issues/18879. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `9e3b7d7883`)	2022-07-07 09:54:10 -07:00
Michael Heimpold	79af866bae	Merge pull request #18795 from mhei/21.02-php8-update [21.02] php8: update to 8.0.20	2022-06-23 07:37:40 +02:00
Michael Heimpold	8d5bfb3110	Merge pull request #18794 from mhei/21.02-php7-update [21.02] php7: update to 7.4.30	2022-06-23 07:37:11 +02:00
Rosen Penev	7be6cc19e0	luajit: backport softfloat ppc support Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `24c0007ea2`)	2022-06-23 05:08:08 +02:00
Sergey V. Lobanov	0f1599d2b4	luajit: fix build on macos (ldconfig issue) fix ldconfig build issue. This patch is a backport from upstream: `18c9cf7d37` Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> (cherry picked from commit `42c4d25455`)	2022-06-22 14:37:52 +02:00
Michael Heimpold	fc32551652	php8: update to 8.0.20 This fixes: - CVE-2022-31625 - CVE-2022-31626 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-06-22 00:03:28 +02:00
Michael Heimpold	adb76ab12a	php7: update to 7.4.30 This fixes: - CVE-2022-31625 - CVE-2022-31626 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-06-21 23:38:26 +02:00
Jeffery To	851e74107f	golang: Update to 1.17.11 Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1). Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-06-06 15:09:00 -07:00
Jeffery To	d53270bef3	python3: Update to 3.9.13 Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-06-06 20:47:16 +08:00
Michael Heimpold	9afd6ff023	Merge pull request #18630 from mhei/21.02-php8-update [21.02] php8: update to 8.0.19	2022-05-30 23:07:47 +02:00
Michael Heimpold	790036b75e	php8: update to 8.0.19 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-05-29 11:02:54 +02:00
Hirokazu MORIKAWA	174f05eb08	node: bump to v14.19.3 Updates OpenSSL to 1.1.1o (No impact in openwrt) Upgrade npm to v6.14.17. etc... Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>	2022-05-26 19:22:55 -07:00
Jeffery To	f46bbe6234	golang: Update to 1.17.10 Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-05-16 06:27:16 -07:00
Alexandru Ardelean	8b60367e15	django: bump to version 3.2.13 Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-28347 https://nvd.nist.gov/vuln/detail/CVE-2022-28346 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>	2022-04-29 15:27:56 -07:00
Michael Heimpold	a4cf6a8857	php8: update to 8.0.18 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-26 21:16:47 +02:00
Jeffery To	636342ee43	golang: Update to 1.17.9 Includes fixes for: * CVE-2022-24675 - encoding/pem: stack overflow * CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-04-25 13:52:56 +08:00
Luiz Angelo Daros de Luca	45426fa3d1	ruby: update to 3.0.4 Fixes: - CVE-2022-28738: Double free in Regexp compilation - CVE-2022-28739: Buffer overrun in String-to-Float conversion Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>	2022-04-23 10:31:37 +02:00
Matt Merhar	8995d3f025	python3-speedtest-cli: update to 2.1.3 This includes a fix for a breaking change in the Speedtest API. Signed-off-by: Matt Merhar <mattmerhar@protonmail.com> (cherry picked from commit `77ebd65f49`) Signed-off-by: James White <james@jmwhite.co.uk>	2022-04-18 19:55:53 +02:00
Michael Heimpold	25a2c9f702	php7-pecl-redis: update to 5.3.7 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-10 15:57:12 +02:00
Michael Heimpold	277f406b27	Merge pull request #18279 from mhei/21.02-php8-update [21.02] php8: update to 8.0.17	2022-04-10 15:53:53 +02:00
Michael Heimpold	3094dfadde	php7-pecl-http: update to 3.2.5 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-09 13:50:53 +02:00
Michael Heimpold	77dcb4c906	php8: update to 8.0.17 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-09 11:37:10 +02:00
Josef Schlehofer	3e53f0c881	vala: update to version 0.56.0 (LTS version) According, to the project website [1], we were not using long-term version, but stable one. Let's use LTS version. Changelog can be found on their GitLab [2]. [1] https://wiki.gnome.org/Projects/Vala [2] https://gitlab.gnome.org/GNOME/vala/raw/0.56/NEWS Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `189f078a35`)	2022-03-30 10:46:36 +02:00
Josef Schlehofer	384f983d53	vala: update to version 0.54.8 Changelog: https://gitlab.gnome.org/GNOME/vala/raw/0.54/NEWS Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `474414dff1`)	2022-03-30 10:45:59 +02:00
Rosen Penev	7be116683d	vala: update to 0.54.2 Remove shared libraries. Allows removing rpath hacks. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `575776cfa5`)	2022-03-30 10:45:33 +02:00
Rosen Penev	601bee7bf9	vala: update to 0.52.3 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `f42b5288f9`)	2022-03-30 10:45:28 +02:00
Rosen Penev	8359d159fe	vala: update to 0.52.1 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `d0b93ea224`)	2022-03-30 10:45:23 +02:00
Daniel Golle	78aa0f6cac	pynacl: fix build with updated sodium-minimal patch Commit `3da874371` ("libsodium: include ed25519_core in minimal build") broke the build of PyNaCl. Add patch to always include all ed25519 functions which are now always covered even if libsodium is built with the MINIMAL option. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit `ccd3b6c0a5`)	2022-03-29 20:56:47 +02:00
Jeffery To	e6330a60e7	python3: Update to 3.9.12 Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-03-27 12:40:55 -07:00
Jeffery To	a7a93cfcc8	python3: Update to 3.9.11, refresh patches Includes fixes for: * Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and CVE-2019-12900 * CVE-2022-26488: Escalation of privilege via Windows Installer Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-03-21 22:03:05 +08:00
Jeffery To	5f20a91711	golang: Update to 1.17.8 Includes fix for CVE-2022-24921 (regexp: stack overflow (process exit) handling deeply nested regexp). Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `9704e900da`)	2022-03-07 15:44:40 +08:00
Jeffery To	701ca25325	python-twisted: Update to 22.2.0 Includes fix for CVE-2022-21716 (The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier.) Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `630d6800f2`)	2022-03-06 23:37:33 +01:00
Jeffery To	4c07483961	python-twisted: Update to 22.1.0, refresh patches Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `9f3816d1c6`)	2022-03-06 23:37:28 +01:00
Josef Schlehofer	e2bf8e1d80	MarkupSafe: update to version 2.1.0 Changelog: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-0 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `2d10b0836d`)	2022-02-24 15:47:23 +01:00
Michael Heimpold	abb5b988cb	Merge pull request #17900 from mhei/21.02-php8-update [21.02] php8: update to 8.0.16	2022-02-19 13:22:38 +01:00
Michael Heimpold	f4a390c59b	php7: update to 7.4.28 This fixes: - CVE-2021-21708 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-02-18 22:40:53 +01:00
Michael Heimpold	5eb97e05e2	php8: update to 8.0.16 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-02-18 22:36:10 +01:00
Jeffery To	4919a791ae	golang: Update to 1.17.7, refresh patch This includes fixes for: * CVE-2022-23772: math/big: Rat.SetString may consume large amount of RAM and crash * CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid field elements Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `69c53fcb6c`)	2022-02-15 16:42:24 -08:00
Michal Vasilek	d18542ecf7	ruby: update to 3.0.3 * fixes CVE-2021-41817, CVE-2021-41816 and CVE-2021-41819 Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz> (cherry picked from commit 51cf0dc2cc4b159bc80b70c90ed1c1abe1f59936)	2022-02-06 08:54:38 -03:00
Josef Schlehofer	f921cc4b74	python-dns: update to version 2.1.0 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `447c6fd57b`)	2022-01-31 06:26:58 +01:00
Hirokazu MORIKAWA	2941963033	node: January 10th 2022 Security Releases Update to v14.18.3 January 10th 2022 Security Releases: Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532) Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) Prototype pollution via console.table properties (Low)(CVE-2022-21824) Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> (cherry picked from commit `8278998e48`)	2022-01-25 09:50:18 +01:00
Michael Heimpold	aa2c1a9937	Merge pull request #17677 from mhei/21.02-php8-update [21.02] php8: update to 8.0.15	2022-01-24 07:45:04 +01:00
Michael Heimpold	e29f386508	php8: update to 8.0.15 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-01-22 21:24:37 +01:00
Jeffery To	c7f25b25df	python3: Update to 3.9.10, refresh patches Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-01-20 20:48:55 -08:00
Kerma Gérald	3f88edfa54	2to3: add package host tool 2to3 is a Python program that reads Python 2.x source code and applies a series of fixers to transform it into valid Python 3.x code. The standard library contains a rich set of fixers that will handle almost all code. 2to3 supporting library lib2to3 is, however, a flexible and generic library, so it is possible to write your own fixers for 2to3. lib2to3 could also be adapted to custom applications in which Python code needs to be edited automatically. This tool is necessary for fail2ban package because of issue https://github.com/openwrt/packages/issues/17311 https://github.com/openwrt/packages/pull/17341 Simple 2to3.py script from Debian, thanks to Matthias Klose <doko@ubuntu.com> From: https://salsa.debian.org/cpython-team/python3-defaults (cherry picked from commit `2f91e1c9c5`) Co-authored-by: Jeffery To <jeffery.to@gmail.com> Signed-off-by: Kerma Gérald <gandalf@gk2.net>	2022-01-15 20:53:30 +01:00
Jeffery To	5f517cc584	golang: Update to 1.17.6 Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit 45208db29bd22238d355f4f8fdcc02fd2045c78a)	2022-01-11 16:23:10 -08:00
Jeffery To	2f52958e02	golang: Update to 1.17.5, add patch Includes fixes for: * CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization cache * CVE-2021-44717: syscall.ForkExec error can close file descriptor 0 Added patches: * 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch: https://github.com/golang/go/pull/49748 backported for Go 1.17, this removes the requirement for the gold linker when building Go programs that use Go plugins on arm/arm64 Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `eac2e91a28`)	2021-12-28 15:17:20 +08:00
Alexandru Ardelean	a877527123	python-lxml: update to version 4.6.5 Fixes: CVE-2021-43818 https://nvd.nist.gov/vuln/detail/CVE-2021-43818 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>	2021-12-21 14:39:09 +01:00
Michael Heimpold	944e937d93	php8: update to 8.0.14 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2021-12-20 16:44:29 +01:00

1 2 3 4 5 ...

3447 commits