J0WI authored 6 years ago and Natanael Copa committed 6 years ago

fixes #9891

CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628

Fixes #9763

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>

CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227

fixes #9602

CVE-2018-16056, CVE-2018-16057, CVE-2018-16058

fixes #9405

CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342,
CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368,
CVE-2018-14369, CVE-2018-14370

CVE-2018-11356, CVE-2018-11357, CVE-2018-11358,
CVE-2018-11359, CVE-2018-11360, CVE-2018-11362

Fixes #8931

CVE-2018-7320, CVE-2018-7321, CVE-2018-7322, CVE-2018-7323,
CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327,
CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331,
CVE-2018-7332, CVE-2018-7333, CVE-2018-7334, CVE-2018-7335,
CVE-2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418,
CVE-2018-7419, CVE-2018-7420

CVE-2018-5334, CVE-2018-5335, CVE-2018-5336

Fixes #8433

Enable check()

This commit updates $license variable in all APKBUILDs to comply with
short names specified by SPDX version 3.0 [1] where possible. It was
done using find-and-replace method on substrings inside $license
variables.

Only license names were updated, not "expressions" specifying relation
between the licenses (e.g. "X and Y", "X or Y", "X and (Y or Z)") or
exceptions (e.g. "X with exceptions").

Many licenses have a version or multiple variants, e.g. MPL-2.0,
BSD-2-Clause, BSD-3-Clause. However, $license in many aports do not
contain license version or variant. Since there's no way how to infer
this information just from abuild, it were left without the variant
suffix or version, i.e. non SPDX compliant.

GNU licenses (AGPL, GFDL, GPL, LGPL) are especially complicated. They
exist in two variants: -only (formerly e.g. GPL-2.0) and -or-later
(formerly e.g. GPL-2.0+). We did not systematically noted distinguish
between these variants, so GPL-2.0, GPL2, GPLv2 etc. may mean
GPL-2.0-only or GPL-2.0-or-later. Thus GNU licenses without "+" (e.g.
GPL2+) were left without the variant suffix, i.e. non SPDX compliant.

Note: This commit just fixes format of the license names, no
verification has been done if the specified license information is
actually correct!

[1]: https://spdx.org/licenses/

community/wireshark: security upgrade to 2.4.3 (CVE-2017-17083, CVE-2017-17084, CVE-2017-17085). Fixes #8268

(CVE-2017-15191, CVE-2017-15192, CVE-2017-15193)
(CVE-2017-13765, CVE-2017-13766, CVE-2017-13767)

fixes #8013 #7910

 CVE-2017-11406
 CVE-2017-11407
 CVE-2017-11408
 Fixes #7558

CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354

Fixes #7376

CVE-2017-6467: NetScaler file parser infinite loop
CVE-2017-6468: NetScaler file parser crash
CVE-2017-6469: LDSS dissector crash
CVE-2017-6470: IAX2 infinite loop
CVE-2017-6471: WSP infinite loop
CVE-2017-6472: RTMPT dissector infinite loop
CVE-2017-6473: K12 file parser crash
CVE-2017-6474: NetScaler file parser infinite loop
wnpa-sec-2017-06: STANAG 4607 file parser infinite loop

CVE-2017-6014: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file

Linux User authored 8 years ago and Timo Teräs committed 8 years ago

fixes #6480

CVE-2016-7957, CVE-2016-7958, CVE-2016-9372, CVE-2016-9374,
CVE-2016-9376, CVE-2016-9373, CVE-2016-9375

CVE-2016-6505, CVE-2016-6506, CVE-2016-6508, CVE-2016-6509, CVE-2016-6510, CVE-2016-6511

CVE-2016-5350
CVE-2016-5351
CVE-2016-5352
CVE-2016-5353
CVE-2016-5354
CVE-2016-5355
CVE-2016-5356
CVE-2016-5357
CVE-2016-5358

Since abuild v2.22.0, these are removed automatically unless 'libtool'
option has been specified.