Security

- v3.1.3 -> v3.2.5pre1 (fixes: CVE-2022-29154).
- Removed --noatime option added in 3.1.3-alt1
  in favour of --open-noatime option added in rsync 3.2.0.
- 1.22.0 (Fixes: CVE-2021-3618)
- Updated to 8.2.5172 (fixes CVE-2022-2129, CVE-2022-2126, CVE-2022-2125,
  CVE-2022-2124).
- Fixes: CVE-2021-43618.
- 2.4.54 (Fixes: CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, 
	  CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377)
- 7.4.28 -> 7.4.30 (Fixes: CVE-2022-31626, CVE-2022-31625)
- 8.1.6 -> 8.1.7 (Fixes: CVE-2022-31626, CVE-2022-31625)
- Fixes: CVE-2017-7875.
- 8.2204.1 (Fixes: CVE-2022-24903)
- Fixes: CVE-2020-22617
- Fixes: CVE-2021-33054
- Fixes: CVE-2022-30333
- 0.103.6
  + CVE-2022-20770
  + CVE-2022-20796
  + CVE-2022-20771
  + CVE-2022-20785
  + CVE-2022-20792
- Security (Fixes: CVE-2022-0547)
- 7.83.1
- Fixes:
  * CVE-2022-30115: HSTS bypass via trailing dot
  * CVE-2022-27782: TLS and SSH connection too eager reuse
  * CVE-2022-27781: CERTINFO never-ending busy-loop
  * CVE-2022-27780: percent-encoded path separator in URL host
  * CVE-2022-27779: cookie for trailing dot TLD
  * CVE-2022-27778: curl removes wrong file on error
- Security (Fixes: CVE-2021-28091).
- New version.
- Seciruty fixes:
  + JDK-8270504, CVE-2022-21426: Better XPath expression handling
  + JDK-8275151, CVE-2022-21443: Improved Object Identification
  + JDK-8277672, CVE-2022-21434: Better invocation handler handling
  + JDK-8278008, CVE-2022-21476: Improve Santuario processing
  + JDK-8278972, CVE-2022-21496: Improve URL supports
- Security update (Fixes: CVE-2021-31873, CVE-2021-31872, CVE-2021-31871, CVE-2021-31870).
- (Fixes: CVE-2021-4115)
- Backported upstream security fixes (fixes CVE-2019-6111, CVE-2019-6109).
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220).
- Backport fix from 1.18.5 (Fixes: CVE-2021-37750)
- 4.4.1 (Fixes: CVE-2021-45387, CVE-2021-45386)
- 3.6.2 (Fixes: CVE-2022-0586, CVE-2022-0585, CVE-2022-0583, CVE-2022-0582, CVE-2022-0581)
- 4.8.27 (CVE-2021-36370; ALT #40217)
- Security (Fixes: CVE-2017-2626)
- Security (Fixes: CVE-2020-12049)
- security fix CVE-2021-44228 and CVE-2021-45046
- 8.1.8 (Fixes: CVE-2021-43798, CVE-2021-39226)
- 4.3.3 (Fixes: CVE-2020-20446, CVE-2020-20450, CVE-2020-20453,
	CVE-2020-22015, CVE-2020-22019, CVE-2020-22021, CVE-2020-22037,
	CVE-2020-22042, CVE-2021-38114, CVE-2021-38171, CVE-2021-38291)

Branches
sisyphus
sisyphus_e2k
sisyphus_mipsel
sisyphus_riscv64
p10
p10_e2k
p9
p9_e2k
p9_mipsel
p8
c9f2
x86_64
i586
ppc64le
armh
aarch64
noarch
c7

rsync Aug 2, 2022, 04:51 AM	Aug 2, 2022, 04:51 AM
Version: 3.2.5-alt0.1
Summary: A program for synchronizing files over a network
Changelog:
- v3.1.3 -> v3.2.5pre1 (fixes: CVE-2022-29154). - Removed --noatime option added in 3.1.3-alt1 in favour of --open-noatime option added in rsync 3.2.0.

nginx Jul 12, 2022, 10:15 AM	Jul 12, 2022, 10:15 AM
Version: 1.22.0-alt1
Summary: Fast HTTP server
Changelog:
- 1.22.0 (Fixes: CVE-2021-3618)

vim Jun 28, 2022, 02:23 PM	Jun 28, 2022, 02:23 PM
Version: 8.2.5172-alt1
Summary: VIsual editor iMproved
Changelog:
- Updated to 8.2.5172 (fixes CVE-2022-2129, CVE-2022-2126, CVE-2022-2125, CVE-2022-2124).

gmp Jun 21, 2022, 05:26 PM	Jun 21, 2022, 05:26 PM
Version: 6.1.2-alt3.c9f2.1
Summary: GNU MP arbitrary precision arithmetic library
Changelog:
- Fixes: CVE-2021-43618.

apache2 Jun 19, 2022, 03:48 PM	Jun 19, 2022, 03:48 PM
Version: 2.4.54-alt1
Summary: The most widely used Web server on the Internet
Changelog:
- 2.4.54 (Fixes: CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377)

php7 Jun 17, 2022, 11:01 AM	Jun 17, 2022, 11:01 AM
Version: 7.4.30-alt1
Summary: The PHP7 scripting language
Changelog:
- 7.4.28 -> 7.4.30 (Fixes: CVE-2022-31626, CVE-2022-31625)

php8.1 Jun 16, 2022, 02:07 PM	Jun 16, 2022, 02:07 PM
Version: 8.1.7-alt1
Summary: The PHP scripting language
Changelog:
- 8.1.6 -> 8.1.7 (Fixes: CVE-2022-31626, CVE-2022-31625)

feh Jun 9, 2022, 08:34 AM	Jun 9, 2022, 08:34 AM
Version: 2.16-alt1.c9f2.1
Summary: Image viewer using Imlib 2
Changelog:
- Fixes: CVE-2017-7875.

rsyslog Jun 6, 2022, 04:31 PM	Jun 6, 2022, 04:31 PM
Version: 8.2204.1-alt1
Summary: Enhanced system logging and kernel message trapping daemon
Changelog:
- 8.2204.1 (Fixes: CVE-2022-24903)

ardour May 30, 2022, 05:22 PM	May 30, 2022, 05:22 PM
Version: 5.12-alt1.1.c9f2.1
Summary: Professional multi-track audio recording application
Changelog:
- Fixes: CVE-2020-22617

sogo May 25, 2022, 05:14 PM	May 25, 2022, 05:14 PM
Version: 5.0.0-alt1.c9f2.1
Summary: SOGo is a very fast and scalable modern collaboration suite (groupware)
Changelog:
- Fixes: CVE-2021-33054

graphviz May 25, 2022, 04:55 PM	May 25, 2022, 04:55 PM
Version: 2.40.1-alt7.c9f2.1
Summary: Graphs visualization tools
Changelog:
- Fixes: CVE-2022-30333

clamav May 20, 2022, 01:30 PM	May 20, 2022, 01:30 PM
Version: 0.103.6-alt1
Summary: Clam Antivirus scanner
Changelog:
- 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 + CVE-2022-20792

openvpn May 12, 2022, 05:33 PM	May 12, 2022, 05:33 PM
Version: 2.4.9-alt1.c9f2.2
Summary: a full-featured SSL VPN solution
Changelog:
- Security (Fixes: CVE-2022-0547)

klibc Apr 22, 2022, 04:44 PM	Apr 22, 2022, 04:44 PM
Version: 2.0.8-alt2.c9f2.1
Summary: A minimal libc subset for use with initramfs
Changelog:
- Security update (Fixes: CVE-2021-31873, CVE-2021-31872, CVE-2021-31871, CVE-2021-31870).

polkit Mar 28, 2022, 02:34 PM	Mar 28, 2022, 02:34 PM
Version: 0.116-alt2.M90P.5
Summary: PolicyKit Authorization Framework
Changelog:
- (Fixes: CVE-2021-4115)

openssh Mar 22, 2022, 07:40 PM	Mar 22, 2022, 07:40 PM
Version: 7.9p1-alt4.p10.1
Summary: OpenSSH free Secure Shell (SSH) implementation
Changelog:
- Backported upstream security fixes (fixes CVE-2019-6111, CVE-2019-6109).

tcpreplay Feb 23, 2022, 09:56 AM	Feb 23, 2022, 09:56 AM
Version: 4.4.1-alt1
Summary: A tool to replay captured network traffic
Changelog:
- 4.4.1 (Fixes: CVE-2021-45387, CVE-2021-45386)

curl May 11, 2022, 11:29 AM	May 11, 2022, 11:29 AM
Version: 7.83.1-alt1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- 7.83.1 - Fixes: * CVE-2022-30115: HSTS bypass via trailing dot * CVE-2022-27782: TLS and SSH connection too eager reuse * CVE-2022-27781: CERTINFO never-ending busy-loop * CVE-2022-27780: percent-encoded path separator in URL host * CVE-2022-27779: cookie for trailing dot TLD * CVE-2022-27778: curl removes wrong file on error

lasso May 5, 2022, 04:41 PM	May 5, 2022, 04:41 PM
Version: 2.6.0-alt2.c9f2.2
Summary: Liberty Alliance Single Sign On
Changelog:
- Security (Fixes: CVE-2021-28091).

java-1.8.0-openjdk Apr 25, 2022, 07:12 AM	Apr 25, 2022, 07:12 AM
Version: 1.8.0.332.b09-alt0_0.1.eajpp8
Summary: OpenJDK Runtime Environment 8
Changelog:
- New version. - Seciruty fixes: + JDK-8270504, CVE-2022-21426: Better XPath expression handling + JDK-8275151, CVE-2022-21443: Improved Object Identification + JDK-8277672, CVE-2022-21434: Better invocation handler handling + JDK-8278008, CVE-2022-21476: Improve Santuario processing + JDK-8278972, CVE-2022-21496: Improve URL supports

bind Mar 17, 2022, 04:28 PM	Mar 17, 2022, 04:28 PM
Version: 9.11.37-alt1
Summary: ISC BIND - DNS server
Changelog:
- 9.11.36 -> 9.11.37 (fixes: CVE-2021-25220).

krb5 Mar 15, 2022, 01:39 PM	Mar 15, 2022, 01:39 PM
Version: 1.17.2-alt3
Summary: The Kerberos network authentication system
Changelog:
- Backport fix from 1.18.5 (Fixes: CVE-2021-37750)

wireshark Feb 21, 2022, 11:53 AM	Feb 21, 2022, 11:53 AM
Version: 3.6.2-alt1
Summary: The BugTraq Award Winning Network Traffic Analyzer
Changelog:
- 3.6.2 (Fixes: CVE-2022-0586, CVE-2022-0585, CVE-2022-0583, CVE-2022-0582, CVE-2022-0581)

mc Jan 9, 2022, 01:28 AM	Jan 9, 2022, 01:28 AM
Version: 4.8.27-alt1
Summary: An user-friendly file manager and visual shell
Changelog:
- 4.8.27 (CVE-2021-36370; ALT #40217)

libICE Dec 23, 2021, 09:24 AM	Dec 23, 2021, 09:24 AM
Version: 1.0.9-alt1.c9f2.1
Summary: X Inter Client Exchange Library
Changelog:
- Security (Fixes: CVE-2017-2626)

dbus Dec 22, 2021, 11:12 AM	Dec 22, 2021, 11:12 AM
Version: 1.12.16-alt2.c9f2.1
Summary: D-BUS is a simple IPC framework based on messages.
Changelog:
- Security (Fixes: CVE-2020-12049)

log4j Dec 15, 2021, 11:35 PM	Dec 15, 2021, 11:35 PM
Version: 2.9.1-alt2.c9.1_4jpp8
Summary: Java logging package
Changelog:
- security fix CVE-2021-44228 and CVE-2021-45046

Repository: c9f2

Security

grafana Dec 9, 2021, 11:46 PM	Dec 9, 2021, 11:46 PM
Version: 8.1.8-alt1
Summary: Metrics dashboard and graph editor
Changelog:
- 8.1.8 (Fixes: CVE-2021-43798, CVE-2021-39226)

ffmpeg Dec 9, 2021, 01:51 PM	Dec 9, 2021, 01:51 PM
Version: 4.3.3-alt1
Summary: A command line toolbox to manipulate, convert and stream multimedia content
Changelog:
- 4.3.3 (Fixes: CVE-2020-20446, CVE-2020-20450, CVE-2020-20453, CVE-2020-22015, CVE-2020-22019, CVE-2020-22021, CVE-2020-22037, CVE-2020-22042, CVE-2021-38114, CVE-2021-38171, CVE-2021-38291)