summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-02-27dict-server: ++pkgrevision due to ABI change in libmaacheusov1-4/+4
2018-02-27dict-client: ++pkgrevision due to ABI change in libmaacheusov1-2/+2
2017-06-21Pullup tickets #5478 to #5490.bsiegert1-1/+40
2017-06-21Pullup ticket #5485 - requested by sevanbsiegert2-3/+14
lang/basic256: bugfix Revisions pulled up: - lang/basic256/distinfo 1.7 - lang/basic256/patches/patch-Interpreter.cpp 1.3 --- Module Name: pkgsrc Committed By: joerg Date: Sat Jun 17 19:42:58 UTC 2017 Modified Files: pkgsrc/lang/basic256: distinfo pkgsrc/lang/basic256/patches: patch-Interpreter.cpp Log Message: Fix portability.
2017-06-21Pullup ticket #5490 - requested by mayabsiegert5-5/+107
lang/g95: build fix Revisions pulled up: - lang/g95/Makefile 1.28 - lang/g95/distinfo 1.29-1.30 - lang/g95/patches/patch-gcc_config.gcc 1.5 - lang/g95/patches/patch-gcc_config_mips_netbsd.h 1.1 - lang/g95/patches/patch-gcc_config_rs600_netbsd.h 1.1 --- Module Name: pkgsrc Committed By: maya Date: Wed Jun 21 01:12:56 UTC 2017 Modified Files: pkgsrc/lang/g95: Makefile distinfo Added Files: pkgsrc/lang/g95/patches: patch-gcc_config_rs600_netbsd.h Log Message: g95: don't try to link against a non-existent file on netbsd/powerpc. untested but obvious change. currently showing up as a build failure of math/blas as it attempts to link with crtsavres which is a linux file. Bump PKGREVISION as the build succeeds. --- Module Name: pkgsrc Committed By: maya Date: Wed Jun 21 11:36:20 UTC 2017 Modified Files: pkgsrc/lang/g95: distinfo pkgsrc/lang/g95/patches: patch-gcc_config.gcc Added Files: pkgsrc/lang/g95/patches: patch-gcc_config_mips_netbsd.h Log Message: g95: Fix netbsd/mips64 builds NetBSD switched to n32 ABI for mips64el in NetBSD 6, and the build is failing due to the default ABI mismatch between linker and newly built compiler. Default to n32 and backport n32 size definitions from newer GCC. Small chance of a functional change for o32 builds (which should work), ride previous PKGREVISION bump for it.
2017-06-21Pullup ticket #5487 - requested by sevanbsiegert3-16/+23
www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.68-1.69 - www/wordpress/PLIST 1.34 - www/wordpress/distinfo 1.54-1.55 --- Module Name: pkgsrc Committed By: jklos Date: Tue May 30 07:20:15 UTC 2017 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update 4.7.5. Bugs fixed: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. --- Module Name: pkgsrc Committed By: morr Date: Sun Jun 18 18:01:42 UTC 2017 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to newest version 4.8. For changes, check https://codex.wordpress.org/Version_4.8.
2017-06-21Pullup ticket #5489 - requested by sevanbsiegert2-1/+44
net/transmission: build fix for Dragonfly Revisions pulled up: - net/transmission/distinfo 1.10-1.11 - net/transmission/patches/patch-libtransmission_platform-quota.c 1.4-1.5 --- Module Name: pkgsrc Committed By: maya Date: Mon Jun 19 13:21:35 UTC 2017 Modified Files: pkgsrc/net/transmission: distinfo Added Files: pkgsrc/net/transmission/patches: patch-libtransmission_platform-quota.c Log Message: Apply patch that reportedly fixes the build on DragonflyBSD >From Aleksej Lebedev (From dragonfly dports) in pkgsrc-users --- Module Name: pkgsrc Committed By: maya Date: Mon Jun 19 13:33:46 UTC 2017 Modified Files: pkgsrc/net/transmission: distinfo pkgsrc/net/transmission/patches: patch-libtransmission_platform-quota.c Log Message: Add last missing hunk for dflybsd build, missed in previous commit.
2017-06-21Pullup ticket #5488 - requested by sevanbsiegert2-19/+26
security/mozilla-rootcerts: build fix Revisions pulled up: - security/mozilla-rootcerts/Makefile 1.27-1.29 - security/mozilla-rootcerts/files/mozilla-rootcerts.sh 1.14-1.18 --- Module Name: pkgsrc Committed By: gdt Date: Mon Jun 19 00:10:21 UTC 2017 Modified Files: pkgsrc/security/mozilla-rootcerts: Makefile pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh Log Message: Substitute path to openssl more thoroughly This package can depend on builtin openssl or pkgsrc openssl. However, it had paths from the base system hardcoded. Be more thorough about using builtin vs pkgsrc paths. This is a minimal change to use builtin/pkgsrc paths; future commits will note latent issues uncovered in the process. Based on a report to pkgsrc-users by J. Lewis Muir. --- Module Name: pkgsrc Committed By: gdt Date: Mon Jun 19 00:20:15 UTC 2017 Modified Files: pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh Log Message: Add comments questioning many things Describe issues with touching the config file and the spurious directory check surrounding ca-certificates.crt. --- Module Name: pkgsrc Committed By: gdt Date: Mon Jun 19 00:32:38 UTC 2017 Modified Files: pkgsrc/security/mozilla-rootcerts: Makefile pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh Log Message: Rationalize directory handling around ca-certificates.crt Now, ca-certificates.crt is always in the main certs dir, because we have been careful about builtin vs pkgsrc paths. So the directory must exist (because it was checked earlier). Instead, check for the ca-certificates.crt file existing. Add more questioning comments. Based on a patch by J. Lewis Muir. --- Module Name: pkgsrc Committed By: gdt Date: Mon Jun 19 00:37:48 UTC 2017 Modified Files: pkgsrc/security/mozilla-rootcerts: Makefile pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh Log Message: Revert touching of openssl config file Earlier, code was added to "touch $conffile" to work around openssl issuing a warning if openssl.conf was not present. This is problematic because if the warning is appropriate, 1) we have no way of knowing that an empty config file is correct and 2) we should not silence it. If the warning is buggy, then openssl and/or the base system should be fixed. Further, this code changes the modification date of the config file on every run, even when there is a valid config file. (There was no discussion prior, three objections and no concurrences, and no response, so reverting seems ok.) --- Module Name: pkgsrc Committed By: gdt Date: Mon Jun 19 00:39:53 UTC 2017 Modified Files: pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh Log Message: Adjust comments around ca-certificates.crt (Ride earlier PKGREVISION.)
2017-06-21Pullup ticket #5483 - requested by sevanbsiegert3-2/+24
net/ndpi: SunOS build fix Revisions pulled up: - net/ndpi/Makefile 1.3 - net/ndpi/distinfo 1.3 - net/ndpi/patches/patch-src_include_ndpi__includes.h 1.1 --- Module Name: pkgsrc Committed By: fhajny Date: Thu Jun 15 10:06:39 UTC 2017 Modified Files: pkgsrc/net/ndpi: Makefile distinfo Added Files: pkgsrc/net/ndpi/patches: patch-src_include_ndpi__includes.h Log Message: Fix ndpi build on SunOS.
2017-06-21Pullup ticket #5486 - requested by sevanbsiegert4-7/+39
textproc/expat: security fix Revisions pulled up: - textproc/expat/Makefile 1.34 - textproc/expat/distinfo 1.27 - textproc/expat/patches/patch-configure 1.1 - textproc/expat/patches/patch-configure.ac 1.1 --- Module Name: pkgsrc Committed By: spz Date: Sun Jun 18 06:01:33 UTC 2017 Modified Files: pkgsrc/textproc/expat: Makefile distinfo Added Files: pkgsrc/textproc/expat/patches: patch-configure patch-configure.ac Log Message: update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup) Security issues fixed: CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300 fixed regression from fix to CVE-2016-0718 Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom, Visual Studio 6.0 and Pre-X Mac OS support
2017-06-21Pullup ticket #5484 - requested by sevanbsiegert2-12/+12
multimedia/adobe-flash-player: security fix Revisions pulled up: - multimedia/adobe-flash-player/Makefile 1.5 - multimedia/adobe-flash-player/distinfo 1.5 --- Module Name: pkgsrc Committed By: tsutsui Date: Fri Jun 16 16:53:55 UTC 2017 Modified Files: pkgsrc/multimedia/adobe-flash-player: Makefile distinfo Log Message: Update adobe-flash-player to 26.0.0.131. Upstream announcemnt: 26.0.0.131: https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html June 16, 2017 Flash Player * Buttons can't be clicked in some AS2 content (FP-4198473) --- 26.0.0.126: https://helpx.adobe.com/security/products/flash-player/apsb17-17.html Adobe Security Bulletin Security updates available for Flash Player | APSB17-17 Summary Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. (CVE numbers are now in HTML table as details so not copy-n-paste'd to commit log)
2017-06-21Pullup ticket #5482 - requested by sevanbsiegert2-6/+17
devel/gmp: build fix Revisions pulled up: - devel/gmp/distinfo 1.53-1.54 - devel/gmp/patches/patch-ab deleted - devel/gmp/patches/patch-acinclude.m4 1.1 --- Module Name: pkgsrc Committed By: msaitoh Date: Thu Jun 15 04:11:50 UTC 2017 Modified Files: pkgsrc/devel/gmp: distinfo Added Files: pkgsrc/devel/gmp/patches: patch-acinclude.m4 Removed Files: pkgsrc/devel/gmp/patches: patch-ab Log Message: Fix PR pkg/51788(fails in configure phase). Use calloc() instead of malloc(). This bug was observed with "ln -s J /etc/malloc.conf" --- Module Name: pkgsrc Committed By: msaitoh Date: Thu Jun 15 04:12:32 UTC 2017 Modified Files: pkgsrc/devel/gmp: distinfo Log Message: Fix distinfo.
2017-06-21Pullup ticket #5481 - requested by sevanbsiegert2-7/+7
net/tor: security fix Revisions pulled up: - net/tor/Makefile 1.122 - net/tor/distinfo 1.82 --- Module Name: pkgsrc Committed By: wiz Date: Wed Jun 14 16:16:04 UTC 2017 Modified Files: pkgsrc/net/tor: Makefile distinfo Log Message: Updated tor to 0.3.0.8. Changes in version 0.3.0.8 - 2017-06-08 Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-004 and TROVE-2017-005. Tor 0.3.0.8 also includes fixes for several key management bugs that sometimes made relays unreliable, as well as several other bugfixes described below. o Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha): - Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha): - When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha): - Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha. - When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha. o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha): - Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha. o Minor features (fallback directory list, backport from 0.3.1.3-alpha): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564. o Minor bugfixes (configuration, backport from 0.3.1.1-alpha): - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha. o Minor bugfixes (correctness, backport from 0.3.1.3-alpha): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha): - Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha. o Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha): - When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
2017-06-21Pullup ticket #5480 - requested by sevanbsiegert12-27/+160
net/hping3: build fix Revisions pulled up: - net/hping3/Makefile 1.8 - net/hping3/distinfo 1.5 - net/hping3/options.mk 1.2 - net/hping3/patches/patch-aa 1.2 - net/hping3/patches/patch-ab 1.3 - net/hping3/patches/patch-ac 1.3 - net/hping3/patches/patch-ars.c 1.1 - net/hping3/patches/patch-ars.h 1.1 - net/hping3/patches/patch-gethostname.c 1.1 - net/hping3/patches/patch-libpcap__stuff.c 1.1 - net/hping3/patches/patch-sbignum.c 1.1 - net/hping3/patches/patch-sendip.c 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Wed Jun 14 12:17:30 UTC 2017 Modified Files: pkgsrc/net/hping3: Makefile distinfo options.mk pkgsrc/net/hping3/patches: patch-aa patch-ab patch-ac Added Files: pkgsrc/net/hping3/patches: patch-ars.c patch-ars.h patch-gethostname.c patch-libpcap__stuff.c patch-sbignum.c patch-sendip.c Log Message: Various patches and cleanups to fix build on Darwin and SunOS.
2017-06-21Pullup ticket #5479 - requested by sevanbsiegert3-2/+20
net/dnstracer: build fix Revisions pulled up: - net/dnstracer/Makefile 1.18 - net/dnstracer/distinfo 1.8 - net/dnstracer/patches/patch-Makefile 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Wed Jun 14 09:30:20 UTC 2017 Modified Files: pkgsrc/net/dnstracer: Makefile distinfo Added Files: pkgsrc/net/dnstracer/patches: patch-Makefile Log Message: Fix build on Darwin and SunOS.
2017-06-21Pullup ticket #5478 - requested by sevanbsiegert3-3/+59
textproc/libxml2: security fix Revisions pulled up: - textproc/libxml2/Makefile 1.144 - textproc/libxml2/distinfo 1.115 - textproc/libxml2/patches/patch-valid.c 1.1 --- Module Name: pkgsrc Committed By: maya Date: Sun Jun 11 04:40:53 UTC 2017 Modified Files: pkgsrc/textproc/libxml2: Makefile distinfo Added Files: pkgsrc/textproc/libxml2/patches: patch-valid.c Log Message: libxml2: Apply upstream patch for CVE-2017-5969. (Minor issue, only a denial-of-service when using recover mode) bump PKGREVISION
2017-06-13Pullup tickets #5471 and #5472.bsiegert1-1/+7
2017-06-13Pullup ticket #5472 - requested by sevanbsiegert3-2/+68
security/libksba: bugfix Revisions pulled up: - security/libksba/Makefile 1.34 - security/libksba/distinfo 1.22 - security/libksba/patches/patch-src_cms.c 1.1 --- Module Name: pkgsrc Committed By: gdt Date: Tue May 30 22:40:17 UTC 2017 Modified Files: pkgsrc/security/libksba: Makefile distinfo Added Files: pkgsrc/security/libksba/patches: patch-src_cms.c Log Message: Add patch to resolve gpgsm S/MIME failures S/MIME messages encrypted with gpgsm are sometimes not decodable by other implementations. Discussion on gnupg-devel indicates that gpg (via libksba) is incorrectly dropping leading zeros from the encrypted session key. This commit adds a patch by Daiki Ueno from the mailinglist that appears to improve interoperability. Upstream has not yet applied it, but also has not said that it is wrong.
2017-06-13Pullup ticket #5471 - requested by sevanbsiegert3-2/+41
fonts/fontconfig: bugfix Revisions pulled up: - fonts/fontconfig/Makefile 1.98 - fonts/fontconfig/distinfo 1.56 - fonts/fontconfig/patches/patch-src_fccache.c 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Tue May 30 16:53:14 UTC 2017 Modified Files: pkgsrc/fonts/fontconfig: Makefile distinfo Added Files: pkgsrc/fonts/fontconfig/patches: patch-src_fccache.c Log Message: Apply upstream patch for https://bugs.freedesktop.org/show_bug.cgi?id=97546 which fixes cache generation on OSX. Raised in joyent/pkgsrc#506. Bump PKGREVISION.
2017-06-13Pullup tickets #5475 to #5477.bsiegert1-1/+12
2017-06-13Pullup ticket #5476 - requested by khorbenbsiegert5-375/+377
www/firefox45: security fix Revisions pulled up: - www/firefox45-l10n/Makefile 1.10 - www/firefox45-l10n/distinfo 1.11 - www/firefox45/Makefile 1.25-1.27 - www/firefox45/distinfo 1.14 - www/firefox45/mozilla-common.mk 1.7 --- Module Name: pkgsrc Committed By: ryoon Date: Wed May 10 14:13:26 UTC 2017 Modified Files: pkgsrc/www/firefox45: Makefile distinfo Log Message: Update to 45.9.0 Changelog: Security fixes: #CVE-2017-5433: Use-after-free in SMIL animation functions #CVE-2017-5435: Use-after-free during transaction processing in the editor #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS #CVE-2017-5459: Buffer overflow in WebGL #CVE-2017-5434: Use-after-free during focus handling #CVE-2017-5432: Use-after-free in text input selection #CVE-2017-5460: Use-after-free in frame selection #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing #CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing #CVE-2017-5441: Use-after-free with selection during scroll events #CVE-2017-5442: Use-after-free during style changes #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation #CVE-2017-5443: Out-of-bounds write during BinHex decoding #CVE-2017-5444: Buffer overflow while parsing application/http-index-format content #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data #CVE-2017-5447: Out-of-bounds read during glyph processing #CVE-2017-5465: Out-of-bounds read in ConvolvePixel #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor #CVE-2016-10196: Vulnerabilities in Libevent library #CVE-2017-5469: Potential Buffer overflow in flex-generated code #CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content #CVE-2017-5462: DRBG flaw in NSS #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 --- Module Name: pkgsrc Committed By: ryoon Date: Wed May 10 14:14:41 UTC 2017 Modified Files: pkgsrc/www/firefox45-l10n: Makefile distinfo Log Message: Update to 45.9.0 * Sync with firefox45-45.9.0 --- Module Name: pkgsrc Committed By: khorben Date: Fri May 12 20:21:27 UTC 2017 Modified Files: pkgsrc/www/firefox45: Makefile Log Message: Register more binaries as not safe for PaX mprotect This also reflects the current situation in www/firefox. Bumps PKGREVISION. --- Module Name: pkgsrc Committed By: khorben Date: Sat May 13 02:34:30 UTC 2017 Modified Files: pkgsrc/www/firefox45: Makefile mozilla-common.mk Log Message: Add dependency to multimedia/ffmpeg3 This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at the time. "commit" maya@
2017-06-13Pullup ticket #5477 - requested by sevanbsiegert2-7/+7
security/sudo: security fix Revisions pulled up: - security/sudo/Makefile 1.155 - security/sudo/distinfo 1.92 --- Module Name: pkgsrc Committed By: spz Date: Wed Jun 7 05:41:53 UTC 2017 Modified Files: pkgsrc/security/sudo: Makefile distinfo Log Message: update to version 1.8.20p2 upstream changelog: 2017-05-31 Todd C. Miller <Todd.Miller%courtesan.com@localhost> * NEWS, configure, configure.ac: Sudo 1.8.20p2 [47836f4c9834] * src/ttyname.c: A command name may also contain newline characters so read /proc/self/stat until EOF. It is not legal for /proc/self/stat to contain embedded NUL bytes so treat the file as corrupt if we see any. With help from Qualys. This is not exploitable due to the /dev traversal changes in sudo 1.8.20p1 (thanks Solar!). [15a46f4007dd] 2017-05-30 Todd C. Miller <Todd.Miller%courtesan.com@localhost> * src/ttyname.c: Use /proc/self consistently on Linux. As far as I know, only AIX doesn't support /proc/self. [6f3d9816541b]
2017-06-13Pullup ticket #5475 - requested by khorbenbsiegert7-24/+35
security/py-yara: security fix security/yara: security fix Revisions pulled up: - security/py-yara/Makefile 1.5 - security/py-yara/PLIST 1.2 - security/py-yara/distinfo 1.5-1.7 - security/yara/Makefile 1.3 - security/yara/Makefile.common 1.5-1.8 - security/yara/PLIST 1.3 - security/yara/distinfo 1.6-1.8 --- Module Name: pkgsrc Committed By: khorben Date: Mon May 15 15:27:31 UTC 2017 Modified Files: pkgsrc/security/py-yara: Makefile PLIST distinfo pkgsrc/security/yara: Makefile Makefile.common PLIST distinfo Log Message: Update security/{,py-yara} to version 3.5.0 The release notes mention: * Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length) * Performance improvements * Less memory consumption while scanning processes * Exception handling when scanning memory blocks * Negative integers in meta fields * Added the --stack-size command-argument * Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module * Functions rich_signature.toolid and rich_signature.version added to PE module * Lots of bug fixes The Python bindings are now released from a different tree, with the same versioning apparently though. "welcome to update" pettai@ --- Module Name: pkgsrc Committed By: khorben Date: Mon May 15 15:34:12 UTC 2017 Modified Files: pkgsrc/security/yara: Makefile.common Log Message: Set myself as the maintainer --- Module Name: pkgsrc Committed By: khorben Date: Wed Jun 7 20:11:42 UTC 2017 Modified Files: pkgsrc/security/py-yara: distinfo pkgsrc/security/yara: Makefile.common distinfo Log Message: Package yara 3.6.0 In the release notes: * .NET module (Wesley Shields) * New features for ELF module (Jacob Baines) * Fix endianness issues (Hilko Bengen) * Function yr_compiler_add_fd added to libyara * MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley) * Added --fail-on-warnings command-line option * Multiple bug fixes --- Module Name: pkgsrc Committed By: khorben Date: Wed Jun 7 20:27:37 UTC 2017 Modified Files: pkgsrc/security/py-yara: distinfo pkgsrc/security/yara: Makefile.common distinfo Log Message: Package yara 3.6.1 In the release notes: * BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304) * BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases. * BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara.
2017-06-11#5474spz1-1/+3
2017-06-11Pullup ticket #5474 - requested by bsiegertspz2-8/+7
devel/p5-File-Path; security update Revisions pulled up: - devel/p5-File-Path/Makefile 1.17 - devel/p5-File-Path/distinfo 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: bsiegert Date: Mon Jun 5 18:01:06 UTC 2017 Modified Files: pkgsrc/devel/p5-File-Path: Makefile distinfo Log Message: Security update for File::Path to 2.13. 2.13 2017-05-31 - Document security vulnerability reported as CVE-2017-6512. 2.12_008 2017-05-07 - Patch from John Lightsey. 2.12_007 2017-04-22 - Skip tests where filesystem doesn't support permissions (RT 121248). - Add AppVeyor configuration; thanks to Charlie Gonzalez and Hayo Baan. 2.12_006 2017-04-21 - Modernize README, Makefile.PL, updating of version number and release date in documentation. 2.12_005 2017-04-21 - Recommend use of 'safe => 1' in remove_tree() and rmtree(). - Warn if mkpath() or make_path() is passed implausible options on Windows. - Corrections to errors in previous release. 2.12_004 2017-04-18 - Certain functions used in tests are not available on Windows; skip them. - Move certain functions used in testing to t/FilePathTest.pm. 2.12_003 2017-04-07 - Add tests to improve coverage ratios as measured by Devel::Cover - No functional changes. 2.12_002 2017-03-12 - GH#41 RT 117019 Fixed File::Path::remove_tree option hash is auto populated and cannot be reused - GH#40 Unskip in path root t - GH#39 Remove superfluous assignment to $arg{perm} - GH#38 Minor grammatical doc fixes. - GH#37 Minor grammatical doc fixes. 2.12_001 2016-09-18 - RT 94209 document that the thread safety issue will not change and communicate alternative. - RT 85878 be more generous with error check regex given we could be dealing with a pre-1.25 Carp. - GH #33 Be more precise in documentation example for make_path error checking. - GH #34 Skip Windows 2000 and earlier unit tests (test change). - GH #36 Do not hardcode ENOENT (test change). To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/p5-File-Path/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/p5-File-Path/distinfo
2017-06-05Must ... pull ... up ... more ... stuff ...bsiegert1-1/+22
2017-06-05Pullup ticket #5418 - requested by sevanbsiegert1-2/+3
meta-pkgs/modular-xorg-drivers: build fix Revisions pulled up: - meta-pkgs/modular-xorg-drivers/Makefile 1.40 --- Module Name: pkgsrc Committed By: maya Date: Thu May 11 20:55:19 UTC 2017 Modified Files: pkgsrc/meta-pkgs/modular-xorg-drivers: Makefile Log Message: Need new ati on dragonfly too. old doesn't build and isn't interesting to fix
2017-06-05Pullup ticket #5417 - requested by sevanbsiegert3-4/+35
x11/matchbox-panel: SunOS build fix Revisions pulled up: - x11/matchbox-panel/Makefile 1.32 - x11/matchbox-panel/distinfo 1.4 - x11/matchbox-panel/patches/patch-po_Makefile.in 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Thu May 11 15:09:14 UTC 2017 Modified Files: pkgsrc/x11/matchbox-panel: Makefile distinfo Added Files: pkgsrc/x11/matchbox-panel/patches: patch-po_Makefile.in Log Message: Use PKGLOCALEDIR. Fix build on SunOS.
2017-06-05Pullup ticket #5416 - requested by sevanbsiegert1-2/+2
sysutils/libfm: build fix Revisions pulled up: - sysutils/libfm/Makefile 1.6 --- Module Name: pkgsrc Committed By: jperkin Date: Thu May 11 14:33:02 UTC 2017 Modified Files: pkgsrc/sysutils/libfm: Makefile Log Message: Requires msgfmt.
2017-06-05Pullup ticket #5467 - requested by sevanbsiegert7-54/+63
multimedia/vlc: security fix Revisions pulled up: - multimedia/vlc/Makefile 1.202-1.203 - multimedia/vlc/PLIST 1.60 - multimedia/vlc/distinfo 1.73-1.74 - multimedia/vlc/patches/patch-compat_Makefile.in 1.3 - multimedia/vlc/patches/patch-configure 1.8 - multimedia/vlc/patches/patch-include_vlc_atomic.h 1.3 - multimedia/vlc/patches/patch-modules_gui_qt4_qt4.hpp deleted --- Module Name: pkgsrc Committed By: jperkin Date: Mon May 15 11:10:00 UTC 2017 Modified Files: pkgsrc/multimedia/vlc: Makefile PLIST Log Message: Add a cdrom PLIST var and unset it on SunOS as the native cdio interface is unsupported. --- Module Name: pkgsrc Committed By: jperkin Date: Mon May 15 11:11:35 UTC 2017 Modified Files: pkgsrc/multimedia/vlc: distinfo Added Files: pkgsrc/multimedia/vlc/patches: patch-configure Log Message: Remove bogus exclusion of SunOS MMX/SSE2 support. --- Module Name: pkgsrc Committed By: maya Date: Fri May 26 13:26:37 UTC 2017 Modified Files: pkgsrc/multimedia/vlc: Makefile distinfo pkgsrc/multimedia/vlc/patches: patch-compat_Makefile.in patch-include_vlc_atomic.h Removed Files: pkgsrc/multimedia/vlc/patches: patch-modules_gui_qt4_qt4.hpp Log Message: vlc: update to 2.2.6. Includes significant security fixes allowing code execution via a crafted subtitles file (fixes CVE-2017-8310, CVE-2017-8311, CVE-2017-8312, CVE-2017-8313) pkgsrc changes: pull in <atomic> in a C++11 case rather than clang case, it's a C++11 header. however I couldn't build with -std=c++11 for other reasons. it builds and runs clang 4.0, but the mkv plugin dies on an undefined reference. Changes between 2.2.5.1 and 2.2.6: ---------------------------------- Video output: * Fix systematic green line on nvidia * Fix direct3d SPU texture offsets handling Demuxer: * Fix heap buffer overflows Changes between 2.2.5 and 2.2.5.1: ---------------------------------- Security hardening for DLL hijacking environments Translations updates Misc: * Update for Soundcloud, liveleak and Youtube scripts * Fix potential out-of-band dereference in flac decoder * Fix potential out-of-band reads in mpeg packetizers * Fix infinite loop in subtitles demuxer * Fix incorrect memory free in ogg demuxer * Fix potential out-of-band reads in subtitle decoders and demuxers * Fix green line on Windows with odd sizes Changes between 2.2.4 and 2.2.5: -------------------------------- Decoder: * Fix mp3 playback quality regression in libmad * Fix video scaling in VDPAU * Fix playback of palettized codecs * Fix ADPCM heap corruption (FG-VD-16-067) * Fix AES3 16bps decoding * Fix DVD/LPCM heap corruption (FG-VD-16-090) * Fix SCTE-27 colors Demuxer: * Fix possible ASF integer overflow * Fix MP4, VOC, XA, SMF divide-by-zero errors * Fix MP4 heap buffer overflows * Fix Flac metadata integer overflow * Fix NSVf and AIFF infinite loops * Fix flac null-pointer dereference * Fix vorbis and opus comments integer overflows and leaks Video output: * Fix green line on Windows with AMD drivers * Fix screenshots size Access: * Fix crash in screen recording on Windows * Fix FTP scan string injection * Fix HTTP size handling Mux: * Fix mp4 drift Lua: * Fix vimeo, youtube, dailymotion, cli, appletrailers, http, soundcloud scripts Audio filter: * Fix heap write in stereo_widen audio filter Windows: * The plugins loading will not load external DLLs by default. Plugins will need to LoadLibrary explicitely. * Fix uninstaller path handling * Fix taskbar buttons behavior MacOS: * Fix scrolling sensitivity on Sierra * Resume points are deleted now if the user clears the list of recent items
2017-06-05Pullup ticket #5444 - requested by sevanbsiegert1-2/+8
multimedia/vlc: build fix Revisions pulled up: - multimedia/vlc/options.mk 1.32 --- Module Name: pkgsrc Committed By: jperkin Date: Mon May 15 11:07:20 UTC 2017 Modified Files: pkgsrc/multimedia/vlc: options.mk Log Message: Don't enable the "live" option on SunOS by default, it requires libraries that aren't available.
2017-06-05Pullup ticket #5443 - requested by sevanbsiegert3-5/+23
multimedia/vlc: build fix Revisions pulled up: - multimedia/vlc/distinfo 1.72 - multimedia/vlc/patches/patch-include_vlc_atomic.h 1.2 - multimedia/vlc/patches/patch-modules_services__discovery_mtp.c 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Mon May 15 10:26:19 UTC 2017 Modified Files: pkgsrc/multimedia/vlc: distinfo pkgsrc/multimedia/vlc/patches: patch-include_vlc_atomic.h Added Files: pkgsrc/multimedia/vlc/patches: patch-modules_services__discovery_mtp.c Log Message: Fix includes.
2017-06-04Pullup ticket #5469 - requested by hebsiegert3-5/+17
lang/python36: macppc build fix Revisions pulled up: - lang/python36/Makefile 1.7 - lang/python36/distinfo 1.10 - lang/python36/patches/patch-configure 1.7 --- Module Name: pkgsrc Committed By: he Date: Mon May 29 23:06:45 UTC 2017 Modified Files: pkgsrc/lang/python36: Makefile distinfo pkgsrc/lang/python36/patches: patch-configure Log Message: Fix a build issue observed on NetBSD/macppc, in that alloca() is left as an unresolved undefined symbol, causing the install to fail due to PLIST issues. Change from -std=c99 to -std=gnu99 to work around this problem, based on hint from joerg@. Bump PKGREVISION.
2017-06-03More pullup ticketsbsiegert1-1/+22
2017-06-03Pullup ticket #5465 - requested by sevanbsiegert2-1/+17
lang/spidermonkey17: bugfix Revisions pulled up: - lang/spidermonkey17/distinfo 1.8 - lang/spidermonkey17/patches/patch-js_src_shell_jsoptparse.cpp 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Wed May 24 13:22:36 UTC 2017 Modified Files: pkgsrc/lang/spidermonkey17: distinfo Added Files: pkgsrc/lang/spidermonkey17/patches: patch-js_src_shell_jsoptparse.cpp Log Message: Pointer fix, found by GCC 7.1.
2017-06-03Pullup ticket #5464 - requested by sevanbsiegert3-10/+35
textproc/aspell: bugfix Revisions pulled up: - textproc/aspell/distinfo 1.29 - textproc/aspell/patches/patch-ac 1.7 - textproc/aspell/patches/patch-modules_filter_tex.cpp 1.1 --- Module Name: pkgsrc Committed By: jperkin Date: Wed May 24 09:13:09 UTC 2017 Modified Files: pkgsrc/textproc/aspell: distinfo pkgsrc/textproc/aspell/patches: patch-ac Added Files: pkgsrc/textproc/aspell/patches: patch-modules_filter_tex.cpp Log Message: Pointer fixes, found by GCC 7.1
2017-06-03Pullup ticket #5461 - requested by sevanbsiegert2-1/+32
net/powerdns-recursor: build fix Revisions pulled up: - net/powerdns-recursor/distinfo 1.18 - net/powerdns-recursor/patches/patch-ext_json11_json11.cpp 1.1 --- Module Name: pkgsrc Committed By: joerg Date: Mon May 22 23:41:52 UTC 2017 Modified Files: pkgsrc/net/powerdns-recursor: distinfo Added Files: pkgsrc/net/powerdns-recursor/patches: patch-ext_json11_json11.cpp Log Message: Merge patch from powerdns package to avoid ordering nullptrs.
2017-06-03Pullup ticket #5453 - requested by sevanbsiegert1-2/+1
lang/guile20: FreeSD build fix Revisions pulled up: - lang/guile20/Makefile 1.13 --- Module Name: pkgsrc Committed By: ryoon Date: Wed May 17 12:06:20 UTC 2017 Modified Files: pkgsrc/lang/guile20: Makefile Log Message: Fix packaging under FreeBSD/amd64 10.2 and 11.0 At least under 10.2, 10.3-RC3 and 11.0, GUILE_LIBNAME is so.22.8.1 like other platforms.
2017-06-03Pullup ticket #5451 - requested by sevanbsiegert3-3/+37
security/libtomcrypt: security fix Revisions pulled up: - security/libtomcrypt/Makefile 1.7 - security/libtomcrypt/distinfo 1.6 - security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c 1.1 --- Module Name: pkgsrc Committed By: snj Date: Tue May 16 21:55:50 UTC 2017 Modified Files: pkgsrc/security/libtomcrypt: Makefile distinfo Added Files: pkgsrc/security/libtomcrypt/patches: patch-src_pk_rsa_rsa__verify__hash.c Log Message: Fix CVE-2016-6129. Bump PKGREVISION to 3.
2017-06-03Pullup ticket #5441 - requested by sevanbsiegert3-3/+63
emulators/gxemul: bugfix Revisions pulled up: - emulators/gxemul/Makefile 1.56 - emulators/gxemul/distinfo 1.46 - emulators/gxemul/patches/patch-src_devices_dev__footbridge.cc 1.1 --- Module Name: pkgsrc Committed By: christos Date: Mon May 15 01:45:49 UTC 2017 Modified Files: pkgsrc/emulators/gxemul: Makefile distinfo Added Files: pkgsrc/emulators/gxemul/patches: patch-src_devices_dev__footbridge.cc Log Message: Fix cats interrupt issue, cosmetic addition to footbridge.
2017-06-03Pullup ticket #5436 - requested by sevanbsiegert2-11/+11
multimedia/adobe-flash-player: security fix Revisions pulled up: - multimedia/adobe-flash-player/Makefile 1.4 - multimedia/adobe-flash-player/distinfo 1.4 --- Module Name: pkgsrc Committed By: tsutsui Date: Sat May 13 04:11:46 UTC 2017 Modified Files: pkgsrc/multimedia/adobe-flash-player: Makefile distinfo Log Message: Update adobe-flash-player to 25.0.0.171. Upstream announcements: https://helpx.adobe.com/security/products/flash-player/apsb17-15.html Security updates available for Adobe Flash Player Release date: May 9, 2017 Vulnerability identifier: APSB17-15 CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074 Platform: Windows, Macintosh, Linux and Chrome OS
2017-06-02More security fixesbsiegert1-1/+7
2017-06-02Pullup ticket #5440 - requested by sevanbsiegert6-20/+79
graphics/gdk-pixbuf2: security fix Revisions pulled up: - graphics/gdk-pixbuf2/Makefile.version 1.16 - graphics/gdk-pixbuf2/PLIST 1.16 - graphics/gdk-pixbuf2/distinfo 1.33 - graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-icns.c 1.3 - graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-ico.c 1.1 - graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-tiff.c 1.1 --- Module Name: pkgsrc Committed By: spz Date: Sun May 14 12:55:16 UTC 2017 Modified Files: pkgsrc/graphics/gdk-pixbuf2: Makefile.version PLIST distinfo Added Files: pkgsrc/graphics/gdk-pixbuf2/patches: patch-gdk-pixbuf_io-icns.c patch-gdk-pixbuf_io-ico.c patch-gdk-pixbuf_io-tiff.c patch-thumbnailer_gnome-thumbnailer-skeleton.c Log Message: updating from version 2.36.4 to 2.36.6 adding patches for: CVE-2017-6311 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 from bugzilla.gnome.org
2017-06-02Pullup ticket #5439 - requested by sevanbsiegert4-12/+13
graphics/freetype2: security fix Revisions pulled up: - graphics/freetype2/Makefile 1.111 - graphics/freetype2/PLIST 1.24 - graphics/freetype2/distinfo 1.62 - graphics/freetype2/patches/patch-ab 1.19 --- Module Name: pkgsrc Committed By: spz Date: Sun May 14 11:02:15 UTC 2017 Modified Files: pkgsrc/graphics/freetype2: Makefile PLIST distinfo pkgsrc/graphics/freetype2/patches: patch-ab Log Message: Update from 2.7.1 to 2.8: 3 API additions, no deletions, no changes fixes CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 CVE-2017-8105 CVE-2017-8287 Upstream change announcement: I. IMPORTANT CHANGES - Support for OpenType Variation Fonts is now complete. The last missing part was handling the `VVAR' and `MVAR' tables, which is available with this release. - A new function `FT_Face_Properties' allows the control of some module and library properties per font. Currently, the following properties can be handled: stem darkening, LCD filter weights, and the random seed for the `random' CFF operator. - The PCF change to show more `colourful' family names (introduced in version 2.7.1) was too radical; it can now be configured with PCF_CONFIG_OPTION_LONG_FAMILY_NAMES at compile time. If activated, it can be switched off at run time with the new pcf property `no-long-family-names'. If the `FREETYPE_PROPERTIES' environment variable is available, you can say FREETYPE_PROPERTIES=pcf:no-long-family-names=1 - Support for the following scripts has been added to the auto-hinter. Adlam, Avestan, Bamum, Buhid, Carian, Chakma, Coptic, Cypriot, Deseret, Glagolitic, Gothic, Kayah, Lisu, N'Ko, Ol Chiki, Old Turkic, Osage, Osmanya, Saurashtra, Shavian, Sundanese, Tai Viet, Tifinagh, Unified Canadian Syllabics, Vai II. IMPORTANT BUG FIXES - `Light' auto-hinting mode no longer uses TrueType metrics for TrueType fonts. This bug was introduced in version 2.4.6, causing horizontal scaling also. Almost all GNU/Linux distributions (with Fedora as a notable exception) disabled the corresponding patch for good reasons; chances are thus high that you won't notice a difference. If optical backward compatibility for legacy applications is necessary, you might enable the AF_CONFIG_OPTION_TT_SIZE_METRICS configuration option. However, it is strongly recommended to avoid that, adjusting font sizes instead. - If a TrueType font gets loaded with FT_LOAD_NO_HINTING, FreeType now scales the font linearly again (bug introduced in version 2.4.6). - CVE-2017-8105, CVE-2017-8287: Older FreeType versions have out-of-bounds writes caused by heap-based buffer overflows related to Type 1 fonts. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 III. MISCELLANEOUS - A new function `FT_Set_Default_Properties' has been added to parse the `FREETYPE_PROPERTIES' environment variable (previously, it was internal only). `FT_Init_FreeType' always call this function, but `FT_New_Library' does not (similar to `FT_Add_Default_Modules'). - To be in sync with OpenType version 1.7 and newer, macros FT_PARAM_TAG_IGNORE_PREFERRED_FAMILY, FT_PARAM_TAG_IGNORE_PREFERRED_SUBFAMILY, TT_NAME_ID_PREFERRED_FAMILY TT_NAME_ID_PREFERRED_SUBFAMILY are renamed to FT_PARAM_TAG_IGNORE_TYPOGRAPHIC_FAMILY, FT_PARAM_TAG_IGNORE_TYPOGRAPHIC_SUBFAMILY, TT_NAME_ID_TYPOGRAPHIC_FAMILY TT_NAME_ID_TYPOGRAPHIC_SUBFAMILY The old macro names are deprecated (but still available). - Support for SFNT `name' tables has been improved. . Format 1 `name' tables are now supported. Use new function `FT_Get_Sfnt_LangTag' to access associated language tags. . Language, encoding, and name IDs have been updated to OpenType version 1.8.1. - The new CFF engine now handles the `random' operator. All CFF opcodes are now supported. - The CFF module has a new property `random-seed' to control the pseudo-random number generation for the `random' operator. - The `freetype-config' script is now a wrapper of `pkg-config' if this program is available in the path. - FT_LOAD_TARGET_LCD is now a variant of FT_LOAD_TARGET_LIGHT; this should provide better rendering results. - A mode to display light auto-hinting with sub-pixel positioning has been added to `ftdiff'.
2017-05-31LDAP EXOP patch fixmanu1-1/+2
A code repetition caused add and modify operations to be done twice.
2017-05-31Pullup ticket #5470 - requested by mayaspz7-52/+135
security/sudo: security update Revisions pulled up: - security/sudo/Makefile 1.154 - security/sudo/distinfo 1.89-1.91 - security/sudo/patches/patch-af 1.34 - security/sudo/patches/patch-ag 1.25-1.26 - security/sudo/patches/patch-include_sudo__compat.h 1.1 - security/sudo/patches/patch-include_sudo__event.h 1.1 - security/sudo/patches/patch-src_Makefile.in 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Tue May 30 16:14:56 UTC 2017 Modified Files: pkgsrc/security/sudo: Makefile distinfo pkgsrc/security/sudo/patches: patch-af patch-ag patch-src_Makefile.in Added Files: pkgsrc/security/sudo/patches: patch-include_sudo__event.h Log Message: sudo: update to 1.8.20p1. Fixes CVE-2017-1000367, local privilege escalation on linux. What's new in Sudo 1.8.20p1 * Fixed "make check" when using OpenSSL or GNU crypt. Bug #787. * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux when the process name contains spaces. Since the user has control over the command name, this could potentially be used by a user with sudo access to overwrite an arbitrary file on systems with SELinux enabled. Also stop performing a breadth-first traversal of /dev when looking for the device; only a hard-coded list of directories are checked, What's new in Sudo 1.8.20 * Added support for SASL_MECH in ldap.conf. Bug #764 * Added support for digest matching when the command is a glob-style pattern or a directory. Previously, only explicit path matches supported digest checks. * New "fdexec" Defaults option to control whether a command is executed by path or by open file descriptor. * The embedded copy of zlib has been upgraded to version 1.2.11. * Fixed a bug that prevented sudoers include files with a relative path starting with the letter 'i' from being opened. Bug #776. * Added support for command timeouts in sudoers. The command will be terminated if the timeout expires. * The SELinux role and type are now displayed in the "sudo -l" output for the LDAP and SSSD backends, just as they are in the sudoers backend. * A new command line option, -T, can be used to specify a command timeout as long as the user-specified timeout is not longer than the timeout specified in sudoers. This option may only be used when the "user_command_timeouts" flag is enabled in sudoers. * Added NOTBEFORE and NOTAFTER command options to the sudoers backend similar to what is already available in the LDAP backend. * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU crypt instead of the SHA2 implementation bundled with sudo. * Fixed a compilation error on systems without the stdbool.h header file. Bug #778. * Fixed a compilation error in the standalone Kerberos V authentication module. Bug #777. * Added the iolog_flush flag to sudoers which causes I/O log data to be written immediately to disk instead of being buffered. * I/O log files are now created with group ID 0 by default unless the "iolog_user" or "iolog_group" options are set in sudoers. * It is now possible to store I/O log files on an NFS-mounted file system where uid 0 is remapped to an unprivileged user. The "iolog_user" option must be set to a non-root user and the top-level I/O log directory must exist and be owned by that user. * Added the restricted_env_file setting to sudoers which is similar to env_file but its contents are subject to the same restrictions as variables in the invoking user's environment. * Fixed a use after free bug in the SSSD backend when the fqdn sudoOption is enabled and no hostname value is present in /etc/sssd/sssd.conf. * Fixed a typo that resulted in a compilation error on systems where the killpg() function is not found by configure. * Fixed a compilation error with the included version of zlib when sudo was built outside the source tree. * Fixed the exit value of sudo when the command is terminated by a signal other than SIGINT. This was broken in sudo 1.8.15 by the fix for Bug #722. Bug #784. * Fixed a regression introduced in sudo 1.8.18 where the "lecture" option could not be used in a positive boolean context, only a negative one. * Fixed an issue where sudo would consume stdin if it was not connected to a tty even if log_input is not enabled in sudoers. Bug #786. * Clarify in the sudoers manual that the #includedir directive diverts control to the files in the specified directory and, when parsing of those files is complete, returns control to the original file. Bug #775. What's new in Sudo 1.8.19p2 * Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address or network is used in a host-based Defaults entry. Bug #766 * Added a missing check for the ignore_iolog_errors flag when the sudoers plugin generates the I/O log file path name. * Fixed a typo in sudo's vsyslog() replacement that resulted in garbage being logged to syslog. What's new in Sudo 1.8.19p1 * Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong syslog priority and facility being used. What's new in Sudo 1.8.19 * New "syslog_maxlen" Defaults option to control the maximum size of syslog messages generated by sudo. * Sudo has been run against PVS-Studio and any issues that were not false positives have been addressed. * I/O log files are now created with the same group ID as the parent directory and not the invoking user's group ID. * I/O log permissions and ownership are now configurable via the "iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults variables. * Fixed configuration of the sudoers I/O log plugin debug subsystem. Previously, I/O log information was not being written to the sudoers debug log. * Fixed a bug in visudo that broke editing of files in an include dir that have a syntax error. Normally, visudo does not edit those files, but if a syntax error is detected in one, the user should get a chance to fix it. * Warnings about unknown or unparsable sudoers Defaults entries now include the file and line number of the problem. * Visudo will now use the file and line number information about an unknown or unparsable Defaults entry to go directly to the file with the problem. * Fixed a bug in the sudoers LDAP back-end where a negated sudoHost entry would prevent other sudoHost entries following it from matching. * Warnings from visudo about a cycle in an Alias entry now include the file and line number of the problem. * In strict mode, visudo will now use the file and line number information about a cycle in an Alias entry to go directly to the file with the problem. * The sudo_noexec.so file is now linked with -ldl on systems that require it for the wordexp() wrapper. * Fixed linking of sudo_noexec.so on macOS systems where it must be a dynamic library and not a module. * Sudo's "make check" now includes a test for sudo_noexec.so working. * The sudo front-end now passes the user's umask to the plugin. Previously the plugin had to determine this itself. * Sudoreplay can now display the stdin and ttyin streams when they are explicitly added to the filter list. * Fixed a bug introduced in sudo 1.8.17 where the "all" setting for verifypw and listpw was not being honored. Bug #762. * The syslog priority (syslog_goodpri and syslog_badpri) can now be negated or set to "none" to disable logging of successful or unsuccessful sudo attempts via syslog. What's new in Sudo 1.8.18p1 * When sudo_noexec.so is used, the WRDE_NOCMD flag is now added if the wordexp() function is called. This prevents commands from being run via wordexp() without disabling it entirely. * On Linux systems, sudo_noexec.so now uses a seccomp filter to disable execute access if the kernel supports seccomp. This is more robust than the traditional method of using stub functions that return an error. What's new in Sudo 1.8.18 * The sudoers locale is now set before parsing the sudoers file. If sudoers_locale is set in sudoers, it is applied before evaluating other Defaults entries. Previously, sudoers_locale was used when evaluating sudoers but not during the inital parse. Bug #748. * A missing or otherwise invalid #includedir is now ignored instead of causing a parse error. * During "make install", backup files are only used on HP-UX where it is not possible to unlink a shared object that is in use. This works around a bug in ldconfig on Linux which could create links to the backup shared library file instead of the current one. * Fixed a bug introduced in 1.8.17 where sudoers entries with long commands lines could be truncated, preventing a match. Bug #752. * The fqdn, runas_default and sudoers_locale Defaults settings are now applied before any other Defaults settings since they can change how other Defaults settings are parsed. * On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW flag is set, sudoedit now checks whether the file is a symbolic link before opening it as well as after the open. Bug #753. * Sudo will now only resolve a user's group IDs to group names when sudoers includes group-based permissions. Group lookups can be expensive on some systems where the group database is not local. * If the file system holding the sudo log file is full, allow the command to run unless the new ignore_logfile_errors Defaults option is disabled. Bug #751. * The ignore_audit_errors and ignore_iolog_errors Defaults options have been added to control sudo's behavior when it is unable to write to the audit and I/O logs. * Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler was not being restored when sudo directly executes the command. * Fixed a bug where "sudo -l command" would indicate that a command was runnable even when denied by sudoers when using the LDAP or SSSD backends. * The match_group_by_gid Defaults option has been added to allow sites where group name resolution is slow and where sudoers only contains a small number of groups to match groups by group ID instead of by group name. * Fixed a bug on Linux where a 32-bit sudo binary could fail with an "unable to allocate memory" error when run on a 64-bit system. Bug #755 * When parsing ldap.conf, sudo will now only treat a '#' character as the start of a comment when it is at the beginning of the line. * Fixed a potential crash when auditing is enabled and the audit function fails with an error. Bug #756 * Norwegian Nynorsk translation for sudo from translationproject.org. * Fixed a typo that broke short host name matching when the fqdn flag is enabled in sudoers. Bug #757 * Negated sudoHost attributes are now supported by the LDAP and SSSD backends. * Fixed matching entries in the LDAP and SSSD backends when a RunAsGroup is specified but no RunAsUser is present. * Fixed "sudo -l" output in the LDAP and SSSD backends when a RunAsGroup is specified but no RunAsUser is present. To generate a diff of this commit: cvs rdiff -u -r1.153 -r1.154 pkgsrc/security/sudo/Makefile cvs rdiff -u -r1.88 -r1.89 pkgsrc/security/sudo/distinfo cvs rdiff -u -r1.33 -r1.34 pkgsrc/security/sudo/patches/patch-af cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/sudo/patches/patch-ag cvs rdiff -u -r0 -r1.1 \ pkgsrc/security/sudo/patches/patch-include_sudo__event.h cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/sudo/patches/patch-src_Makefile.in ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Wed May 31 02:22:02 UTC 2017 Modified Files: pkgsrc/security/sudo: distinfo Added Files: pkgsrc/security/sudo/patches: patch-include_sudo__compat.h Log Message: sudo: workaround deficiencies in netbsd 6,7 NetBSD 7 doesn't define WCONTINUED or WIFCONTINUED, so provide failure fallback definitions. Thanks nonaka for the heads up. To generate a diff of this commit: cvs rdiff -u -r1.89 -r1.90 pkgsrc/security/sudo/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/security/sudo/patches/patch-include_sudo__compat.h ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Wed May 31 02:33:12 UTC 2017 Modified Files: pkgsrc/security/sudo: distinfo pkgsrc/security/sudo/patches: patch-ag Log Message: sudo: include the full regen of configure script. I tried to exclude a hunk that seemed new, but that is probably wrong. It didn't cause problems on my end at first, but does fail for others. To generate a diff of this commit: cvs rdiff -u -r1.90 -r1.91 pkgsrc/security/sudo/distinfo cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/sudo/patches/patch-ag
2017-05-29must ... do ... more ... tickets ...bsiegert1-1/+20
2017-05-29Pullup ticket #5434 - requested by sevanbsiegert23-48/+76
databases/postgresql92: security fix databases/postgresql93: security fix databases/postgresql94: security fix databases/postgresql95: security fix databases/postgresql96: security fix Revisions pulled up: - databases/postgresql92-docs/PLIST 1.21 - databases/postgresql92-server/PLIST 1.13 - databases/postgresql92/Makefile.common 1.28 - databases/postgresql92/distinfo 1.23 - databases/postgresql93-docs/PLIST 1.18 - databases/postgresql93-server/PLIST 1.11 - databases/postgresql93/Makefile.common 1.24 - databases/postgresql93/distinfo 1.23 - databases/postgresql94-client/PLIST 1.3 - databases/postgresql94-docs/PLIST 1.13 - databases/postgresql94-server/PLIST 1.8 - databases/postgresql94/Makefile.common 1.16 - databases/postgresql94/distinfo 1.15 - databases/postgresql95-client/PLIST 1.4 - databases/postgresql95-docs/PLIST 1.7 - databases/postgresql95-server/PLIST 1.6 - databases/postgresql95/Makefile.common 1.9 - databases/postgresql95/distinfo 1.8 - databases/postgresql96-client/PLIST 1.2 - databases/postgresql96-docs/PLIST 1.3 - databases/postgresql96-server/PLIST 1.3 - databases/postgresql96/Makefile.common 1.3 - databases/postgresql96/distinfo 1.4 --- Module Name: pkgsrc Committed By: adam Date: Fri May 12 19:37:55 UTC 2017 Modified Files: pkgsrc/databases/postgresql92: Makefile.common distinfo pkgsrc/databases/postgresql92-docs: PLIST pkgsrc/databases/postgresql92-server: PLIST pkgsrc/databases/postgresql93: Makefile.common distinfo pkgsrc/databases/postgresql93-docs: PLIST pkgsrc/databases/postgresql93-server: PLIST pkgsrc/databases/postgresql94: Makefile.common distinfo pkgsrc/databases/postgresql94-client: PLIST pkgsrc/databases/postgresql94-docs: PLIST pkgsrc/databases/postgresql94-server: PLIST pkgsrc/databases/postgresql95: Makefile.common distinfo pkgsrc/databases/postgresql95-client: PLIST pkgsrc/databases/postgresql95-docs: PLIST pkgsrc/databases/postgresql95-server: PLIST pkgsrc/databases/postgresql96: Makefile.common distinfo pkgsrc/databases/postgresql96-client: PLIST pkgsrc/databases/postgresql96-docs: PLIST pkgsrc/databases/postgresql96-server: PLIST Log Message: The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.6.3, 9.5.7, 9.4.12, 9.3.17, and 9.2.21. This release fixes three security issues. It also patches a number of other bugs reported over the last three months. Users who use the PGREQUIRESSL environment variable to control connections, and users who rely on security isolation between database users when using foreign servers, should update as soon as possible. Other users should plan to update at the next convenient downtime.
2017-05-29Pullup ticket #5452 - requested by sevanbsiegert2-7/+10
net/tor: security fix Revisions pulled up: - net/tor/Makefile 1.121 - net/tor/distinfo 1.81 --- Module Name: pkgsrc Committed By: adam Date: Wed May 17 07:13:37 UTC 2017 Modified Files: pkgsrc/net/tor: Makefile distinfo Log Message: Changes in version 0.3.0.7 - 2017-05-15 Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions of Tor 0.3.0.x, where an attacker could cause a Tor relay process to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; clients are not affected. o Major bugfixes (hidden service directory, security): - Fix an assertion failure in the hidden service directory code, which could be used by an attacker to remotely cause a Tor relay process to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. This security issue is tracked as TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. o Minor features: - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database. o Minor features (future-proofing): - Tor no longer refuses to download microdescriptors or descriptors if they are listed as "published in the future". This change will eventually allow us to stop listing meaningful "published" dates in microdescriptor consensuses, and thereby allow us to reduce the resources required to download consensus diffs by over 50%. Implements part of ticket 21642; implements part of proposal 275. o Minor bugfixes (Linux seccomp2 sandbox): - The getpid() system call is now permitted under the Linux seccomp2 sandbox, to avoid crashing with versions of OpenSSL (and other libraries) that attempt to learn the process's PID by using the syscall rather than the VDSO code. Fixes bug 21943; bugfix on 0.2.5.1-alpha.
2017-05-29Pullup ticket #5457 - requested by sevanbsiegert7-98/+176
security/crypto++: security fix Revisions pulled up: - security/crypto++/Makefile 1.21 - security/crypto++/PLIST 1.7 - security/crypto++/buildlink3.mk 1.13 - security/crypto++/distinfo 1.12 - security/crypto++/patches/patch-GNUmakefile 1.1 - security/crypto++/patches/patch-aa deleted - security/crypto++/patches/patch-config.h deleted --- Module Name: pkgsrc Committed By: adam Date: Thu May 18 21:20:23 UTC 2017 Modified Files: pkgsrc/security/crypto++: Makefile PLIST buildlink3.mk distinfo Added Files: pkgsrc/security/crypto++/patches: patch-GNUmakefile Removed Files: pkgsrc/security/crypto++/patches: patch-aa patch-config.h Log Message: Crypto++ 5.6.5 The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes. The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea. Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.