packages

Author	SHA1	Message	Date
Michael Heimpold	0b9b8e5ae6	Merge pull request #19518 from mhei/21.02-php8-update-8.0.24 [21.02] php8: update to 8.0.24	2022-10-04 17:35:32 +02:00
Michael Heimpold	0498d79d74	php8: update to 8.0.24 This fixes: - CVE-2022-31629 - CVE-2022-31628 Also refresh patch to apply cleanly. Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-10-04 12:33:48 +02:00
Michael Heimpold	64f2ed8fbf	php7: update to 7.4.32 This fixes: - CVE-2022-31628 - CVE-2022-31629 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-10-04 07:41:38 +02:00
Michal Vasilek	690d8dfab5	python-flask-socketio: update to 5.3.1 Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz> (cherry picked from commit `7fd9d010a2`)	2022-09-16 14:45:45 +02:00
Josef Schlehofer	df67597ab6	python-uci: update to version 0.9.0 - Release notes: https://gitlab.nic.cz/turris/pyuci/-/tags/v0.9.0 - Update copyright while at it. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `e340fe8a12`)	2022-08-26 16:56:01 +02:00
Alexandru Ardelean	ec98bccb1d	django: bump to version 3.2.15 Fixes: https://nvd.nist.gov/vuln/detail/CVE-2022-36359 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>	2022-08-22 09:27:42 +03:00
Alexandru Ardelean	7b6094381a	numpy: bump to version 1.20.2 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> (cherry picked from commit `731bb0265d`)	2022-08-13 12:34:45 +02:00
Josef Schlehofer	da99ae7ec5	python-websockets: update to version 10.3 - Update copyright Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `ce1679a07f`)	2022-08-13 07:57:10 +02:00
Šimon Bořek	ec0bd2b964	luajit: patch: PPC/e500 SPE: use soft float instead of failing makes LuaJit builds for mpc85xx targets with SPE ISA extension enabled possible Quoting inner commit message: This allows building LuaJit for systems with Power ISA SPE extension[^1] support by using soft float on LuaJit side. While e500 CPU cores support SPE instruction set extension allowing them to perform floating point arithmetic natively, this isn't required. They can function with software floating point to integer arithmetic translation as well, just like FPU-less PowerPC CPUs without SPE support. Therefore I see no need to prevent them from running LuaJit explicitly. [^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf Signed-off-by: Pali Rohár <pali@kernel.org> Signed-off-by: Šimon Bořek <simon.borek@nic.cz> (cherry picked from commit `a4a484fbca`)	2022-08-06 19:43:34 +02:00
Alexandru Ardelean	72147f3b94	Merge pull request #18965 from commodo/django-update-21-02 [21.02] django: bump to version 3.2.14	2022-07-22 14:44:32 +03:00
Jeffery To	8a03e65655	golang: Update to 1.17.12 Includes fixes for: * CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: io/fs: stack exhaustion in Glob * CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: path/filepath: stack exhaustion in Glob * CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-07-20 02:38:16 -07:00
Alexandru Ardelean	c45f72086c	django: bump to version 3.2.14 Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-34265 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>	2022-07-18 17:42:45 +03:00
Hirokazu MORIKAWA	2ac03c2372	node: July 7th 2022 Security Releases Update to v14.20.0 Release for the following issues: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213) HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214) HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215) DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212) https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>	2022-07-10 22:38:30 +02:00
Jeffery To	580926cb6c	python-cryptography: Fix failing build Fixes https://github.com/openwrt/packages/issues/18876. Fixes https://github.com/openwrt/packages/issues/18879. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `9e3b7d7883`)	2022-07-07 09:54:10 -07:00
Michael Heimpold	79af866bae	Merge pull request #18795 from mhei/21.02-php8-update [21.02] php8: update to 8.0.20	2022-06-23 07:37:40 +02:00
Michael Heimpold	8d5bfb3110	Merge pull request #18794 from mhei/21.02-php7-update [21.02] php7: update to 7.4.30	2022-06-23 07:37:11 +02:00
Rosen Penev	7be6cc19e0	luajit: backport softfloat ppc support Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `24c0007ea2`)	2022-06-23 05:08:08 +02:00
Sergey V. Lobanov	0f1599d2b4	luajit: fix build on macos (ldconfig issue) fix ldconfig build issue. This patch is a backport from upstream: `18c9cf7d37` Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> (cherry picked from commit `42c4d25455`)	2022-06-22 14:37:52 +02:00
Michael Heimpold	fc32551652	php8: update to 8.0.20 This fixes: - CVE-2022-31625 - CVE-2022-31626 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-06-22 00:03:28 +02:00
Michael Heimpold	adb76ab12a	php7: update to 7.4.30 This fixes: - CVE-2022-31625 - CVE-2022-31626 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-06-21 23:38:26 +02:00
Jeffery To	851e74107f	golang: Update to 1.17.11 Includes fix for CVE-2022-30634 (crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1). Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-06-06 15:09:00 -07:00
Jeffery To	d53270bef3	python3: Update to 3.9.13 Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-06-06 20:47:16 +08:00
Michael Heimpold	9afd6ff023	Merge pull request #18630 from mhei/21.02-php8-update [21.02] php8: update to 8.0.19	2022-05-30 23:07:47 +02:00
Michael Heimpold	790036b75e	php8: update to 8.0.19 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-05-29 11:02:54 +02:00
Hirokazu MORIKAWA	174f05eb08	node: bump to v14.19.3 Updates OpenSSL to 1.1.1o (No impact in openwrt) Upgrade npm to v6.14.17. etc... Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>	2022-05-26 19:22:55 -07:00
Jeffery To	f46bbe6234	golang: Update to 1.17.10 Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-05-16 06:27:16 -07:00
Alexandru Ardelean	8b60367e15	django: bump to version 3.2.13 Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-28347 https://nvd.nist.gov/vuln/detail/CVE-2022-28346 Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>	2022-04-29 15:27:56 -07:00
Michael Heimpold	a4cf6a8857	php8: update to 8.0.18 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-26 21:16:47 +02:00
Jeffery To	636342ee43	golang: Update to 1.17.9 Includes fixes for: * CVE-2022-24675 - encoding/pem: stack overflow * CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-04-25 13:52:56 +08:00
Luiz Angelo Daros de Luca	45426fa3d1	ruby: update to 3.0.4 Fixes: - CVE-2022-28738: Double free in Regexp compilation - CVE-2022-28739: Buffer overrun in String-to-Float conversion Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>	2022-04-23 10:31:37 +02:00
Matt Merhar	8995d3f025	python3-speedtest-cli: update to 2.1.3 This includes a fix for a breaking change in the Speedtest API. Signed-off-by: Matt Merhar <mattmerhar@protonmail.com> (cherry picked from commit `77ebd65f49`) Signed-off-by: James White <james@jmwhite.co.uk>	2022-04-18 19:55:53 +02:00
Michael Heimpold	25a2c9f702	php7-pecl-redis: update to 5.3.7 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-10 15:57:12 +02:00
Michael Heimpold	277f406b27	Merge pull request #18279 from mhei/21.02-php8-update [21.02] php8: update to 8.0.17	2022-04-10 15:53:53 +02:00
Michael Heimpold	3094dfadde	php7-pecl-http: update to 3.2.5 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-09 13:50:53 +02:00
Michael Heimpold	77dcb4c906	php8: update to 8.0.17 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-04-09 11:37:10 +02:00
Josef Schlehofer	3e53f0c881	vala: update to version 0.56.0 (LTS version) According, to the project website [1], we were not using long-term version, but stable one. Let's use LTS version. Changelog can be found on their GitLab [2]. [1] https://wiki.gnome.org/Projects/Vala [2] https://gitlab.gnome.org/GNOME/vala/raw/0.56/NEWS Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `189f078a35`)	2022-03-30 10:46:36 +02:00
Josef Schlehofer	384f983d53	vala: update to version 0.54.8 Changelog: https://gitlab.gnome.org/GNOME/vala/raw/0.54/NEWS Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `474414dff1`)	2022-03-30 10:45:59 +02:00
Rosen Penev	7be116683d	vala: update to 0.54.2 Remove shared libraries. Allows removing rpath hacks. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `575776cfa5`)	2022-03-30 10:45:33 +02:00
Rosen Penev	601bee7bf9	vala: update to 0.52.3 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `f42b5288f9`)	2022-03-30 10:45:28 +02:00
Rosen Penev	8359d159fe	vala: update to 0.52.1 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit `d0b93ea224`)	2022-03-30 10:45:23 +02:00
Daniel Golle	78aa0f6cac	pynacl: fix build with updated sodium-minimal patch Commit `3da874371` ("libsodium: include ed25519_core in minimal build") broke the build of PyNaCl. Add patch to always include all ed25519 functions which are now always covered even if libsodium is built with the MINIMAL option. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit `ccd3b6c0a5`)	2022-03-29 20:56:47 +02:00
Jeffery To	e6330a60e7	python3: Update to 3.9.12 Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-03-27 12:40:55 -07:00
Jeffery To	a7a93cfcc8	python3: Update to 3.9.11, refresh patches Includes fixes for: * Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and CVE-2019-12900 * CVE-2022-26488: Escalation of privilege via Windows Installer Signed-off-by: Jeffery To <jeffery.to@gmail.com>	2022-03-21 22:03:05 +08:00
Jeffery To	5f20a91711	golang: Update to 1.17.8 Includes fix for CVE-2022-24921 (regexp: stack overflow (process exit) handling deeply nested regexp). Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `9704e900da`)	2022-03-07 15:44:40 +08:00
Jeffery To	701ca25325	python-twisted: Update to 22.2.0 Includes fix for CVE-2022-21716 (The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier.) Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `630d6800f2`)	2022-03-06 23:37:33 +01:00
Jeffery To	4c07483961	python-twisted: Update to 22.1.0, refresh patches Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit `9f3816d1c6`)	2022-03-06 23:37:28 +01:00
Josef Schlehofer	e2bf8e1d80	MarkupSafe: update to version 2.1.0 Changelog: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-0 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit `2d10b0836d`)	2022-02-24 15:47:23 +01:00
Michael Heimpold	abb5b988cb	Merge pull request #17900 from mhei/21.02-php8-update [21.02] php8: update to 8.0.16	2022-02-19 13:22:38 +01:00
Michael Heimpold	f4a390c59b	php7: update to 7.4.28 This fixes: - CVE-2021-21708 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-02-18 22:40:53 +01:00
Michael Heimpold	5eb97e05e2	php8: update to 8.0.16 Signed-off-by: Michael Heimpold <mhei@heimpold.de>	2022-02-18 22:36:10 +01:00

1 2 3 4 5 ...

3459 commits