Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
lang/basic256: bugfix
Revisions pulled up:
- lang/basic256/distinfo 1.7
- lang/basic256/patches/patch-Interpreter.cpp 1.3
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat Jun 17 19:42:58 UTC 2017
Modified Files:
pkgsrc/lang/basic256: distinfo
pkgsrc/lang/basic256/patches: patch-Interpreter.cpp
Log Message:
Fix portability.
|
|
lang/g95: build fix
Revisions pulled up:
- lang/g95/Makefile 1.28
- lang/g95/distinfo 1.29-1.30
- lang/g95/patches/patch-gcc_config.gcc 1.5
- lang/g95/patches/patch-gcc_config_mips_netbsd.h 1.1
- lang/g95/patches/patch-gcc_config_rs600_netbsd.h 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Wed Jun 21 01:12:56 UTC 2017
Modified Files:
pkgsrc/lang/g95: Makefile distinfo
Added Files:
pkgsrc/lang/g95/patches: patch-gcc_config_rs600_netbsd.h
Log Message:
g95: don't try to link against a non-existent file on netbsd/powerpc.
untested but obvious change. currently showing up as a build failure of
math/blas as it attempts to link with crtsavres which is a linux file.
Bump PKGREVISION as the build succeeds.
---
Module Name: pkgsrc
Committed By: maya
Date: Wed Jun 21 11:36:20 UTC 2017
Modified Files:
pkgsrc/lang/g95: distinfo
pkgsrc/lang/g95/patches: patch-gcc_config.gcc
Added Files:
pkgsrc/lang/g95/patches: patch-gcc_config_mips_netbsd.h
Log Message:
g95: Fix netbsd/mips64 builds
NetBSD switched to n32 ABI for mips64el in NetBSD 6, and the build is
failing due to the default ABI mismatch between linker and newly built
compiler.
Default to n32 and backport n32 size definitions from newer GCC.
Small chance of a functional change for o32 builds (which should work), ride
previous PKGREVISION bump for it.
|
|
www/wordpress: security fix
Revisions pulled up:
- www/wordpress/Makefile 1.68-1.69
- www/wordpress/PLIST 1.34
- www/wordpress/distinfo 1.54-1.55
---
Module Name: pkgsrc
Committed By: jklos
Date: Tue May 30 07:20:15 UTC 2017
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Security update 4.7.5. Bugs fixed:
Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF) vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Jun 18 18:01:42 UTC 2017
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to newest version 4.8.
For changes, check https://codex.wordpress.org/Version_4.8.
|
|
net/transmission: build fix for Dragonfly
Revisions pulled up:
- net/transmission/distinfo 1.10-1.11
- net/transmission/patches/patch-libtransmission_platform-quota.c 1.4-1.5
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Jun 19 13:21:35 UTC 2017
Modified Files:
pkgsrc/net/transmission: distinfo
Added Files:
pkgsrc/net/transmission/patches:
patch-libtransmission_platform-quota.c
Log Message:
Apply patch that reportedly fixes the build on DragonflyBSD
>From Aleksej Lebedev (From dragonfly dports) in pkgsrc-users
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Jun 19 13:33:46 UTC 2017
Modified Files:
pkgsrc/net/transmission: distinfo
pkgsrc/net/transmission/patches:
patch-libtransmission_platform-quota.c
Log Message:
Add last missing hunk for dflybsd build, missed in previous commit.
|
|
security/mozilla-rootcerts: build fix
Revisions pulled up:
- security/mozilla-rootcerts/Makefile 1.27-1.29
- security/mozilla-rootcerts/files/mozilla-rootcerts.sh 1.14-1.18
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:10:21 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Substitute path to openssl more thoroughly
This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded. Be more
thorough about using builtin vs pkgsrc paths. This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.
Based on a report to pkgsrc-users by J. Lewis Muir.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:20:15 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Add comments questioning many things
Describe issues with touching the config file and the spurious
directory check surrounding ca-certificates.crt.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:32:38 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Rationalize directory handling around ca-certificates.crt
Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths. So the directory
must exist (because it was checked earlier). Instead, check for the
ca-certificates.crt file existing. Add more questioning comments.
Based on a patch by J. Lewis Muir.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:37:48 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Revert touching of openssl config file
Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present. This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it. If the warning is buggy, then openssl and/or the base
system should be fixed. Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.
(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:39:53 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Adjust comments around ca-certificates.crt
(Ride earlier PKGREVISION.)
|
|
net/ndpi: SunOS build fix
Revisions pulled up:
- net/ndpi/Makefile 1.3
- net/ndpi/distinfo 1.3
- net/ndpi/patches/patch-src_include_ndpi__includes.h 1.1
---
Module Name: pkgsrc
Committed By: fhajny
Date: Thu Jun 15 10:06:39 UTC 2017
Modified Files:
pkgsrc/net/ndpi: Makefile distinfo
Added Files:
pkgsrc/net/ndpi/patches: patch-src_include_ndpi__includes.h
Log Message:
Fix ndpi build on SunOS.
|
|
textproc/expat: security fix
Revisions pulled up:
- textproc/expat/Makefile 1.34
- textproc/expat/distinfo 1.27
- textproc/expat/patches/patch-configure 1.1
- textproc/expat/patches/patch-configure.ac 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Jun 18 06:01:33 UTC 2017
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Added Files:
pkgsrc/textproc/expat/patches: patch-configure patch-configure.ac
Log Message:
update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup)
Security issues fixed:
CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300
fixed regression from fix to CVE-2016-0718
Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom,
Visual Studio 6.0 and Pre-X Mac OS support
|
|
multimedia/adobe-flash-player: security fix
Revisions pulled up:
- multimedia/adobe-flash-player/Makefile 1.5
- multimedia/adobe-flash-player/distinfo 1.5
---
Module Name: pkgsrc
Committed By: tsutsui
Date: Fri Jun 16 16:53:55 UTC 2017
Modified Files:
pkgsrc/multimedia/adobe-flash-player: Makefile distinfo
Log Message:
Update adobe-flash-player to 26.0.0.131.
Upstream announcemnt:
26.0.0.131:
https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html
June 16, 2017
Flash Player
* Buttons can't be clicked in some AS2 content (FP-4198473)
---
26.0.0.126:
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
Adobe Security Bulletin
Security updates available for Flash Player | APSB17-17
Summary
Adobe has released security updates for Adobe Flash Player for Windows,
Macintosh, Linux and Chrome OS. These updates address critical
vulnerabilities that could potentially allow an attacker to take
control of the affected system.
(CVE numbers are now in HTML table as details so not copy-n-paste'd to
commit log)
|
|
devel/gmp: build fix
Revisions pulled up:
- devel/gmp/distinfo 1.53-1.54
- devel/gmp/patches/patch-ab deleted
- devel/gmp/patches/patch-acinclude.m4 1.1
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Thu Jun 15 04:11:50 UTC 2017
Modified Files:
pkgsrc/devel/gmp: distinfo
Added Files:
pkgsrc/devel/gmp/patches: patch-acinclude.m4
Removed Files:
pkgsrc/devel/gmp/patches: patch-ab
Log Message:
Fix PR pkg/51788(fails in configure phase). Use calloc() instead of
malloc().
This bug was observed with "ln -s J /etc/malloc.conf"
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Thu Jun 15 04:12:32 UTC 2017
Modified Files:
pkgsrc/devel/gmp: distinfo
Log Message:
Fix distinfo.
|
|
net/tor: security fix
Revisions pulled up:
- net/tor/Makefile 1.122
- net/tor/distinfo 1.82
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jun 14 16:16:04 UTC 2017
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Updated tor to 0.3.0.8.
Changes in version 0.3.0.8 - 2017-06-08
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
remotely crash a hidden service with an assertion failure. Anyone
running a hidden service should upgrade to this version, or to some
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
Tor 0.3.0.8 also includes fixes for several key management bugs
that sometimes made relays unreliable, as well as several other
bugfixes described below.
o Major bugfixes (hidden service, relay, security, backport
from 0.3.1.3-alpha):
- Fix a remotely triggerable assertion failure when a hidden service
handles a malformed BEGIN cell. Fixes bug 22493, tracked as
TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
- Fix a remotely triggerable assertion failure caused by receiving a
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
on 0.2.2.1-alpha.
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
- When performing the v3 link handshake on a TLS connection, report
that we have the x509 certificate that we actually used on that
connection, even if we have changed certificates since that
connection was first opened. Previously, we would claim to have
used our most recent x509 link certificate, which would sometimes
make the link handshake fail. Fixes one case of bug 22460; bugfix
on 0.2.3.6-alpha.
o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
- Regenerate link and authentication certificates whenever the key
that signs them changes; also, regenerate link certificates
whenever the signed key changes. Previously, these processes were
only weakly coupled, and we relays could (for minutes to hours)
wind up with an inconsistent set of keys and certificates, which
other relays would not accept. Fixes two cases of bug 22460;
bugfix on 0.3.0.1-alpha.
- When sending an Ed25519 signing->link certificate in a CERTS cell,
send the certificate that matches the x509 certificate that we
used on the TLS connection. Previously, there was a race condition
if the TLS context rotated after we began the TLS handshake but
before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
on 0.3.0.1-alpha.
o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
- Stop rejecting v3 hidden service descriptors because their size
did not match an old padding rule. Fixes bug 22447; bugfix on
tor-0.3.0.1-alpha.
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
December 2016 (of which ~126 were still functional) with a list of
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
2017. Resolves ticket 21564.
o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
- Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
bug 22252; bugfix on 0.2.9.3-alpha.
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
- Lower the lifetime of the RSA->Ed25519 cross-certificate to six
months, and regenerate it when it is within one month of expiring.
Previously, we had generated this certificate at startup with a
ten-year lifetime, but that could lead to weird behavior when Tor
was started with a grossly inaccurate clock. Mitigates bug 22466;
mitigation on 0.3.0.1-alpha.
o Minor bugfixes (memory leak, directory authority, backport from
0.3.1.2-alpha):
- When directory authorities reject a router descriptor due to
keypinning, free the router descriptor rather than leaking the
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
|
net/hping3: build fix
Revisions pulled up:
- net/hping3/Makefile 1.8
- net/hping3/distinfo 1.5
- net/hping3/options.mk 1.2
- net/hping3/patches/patch-aa 1.2
- net/hping3/patches/patch-ab 1.3
- net/hping3/patches/patch-ac 1.3
- net/hping3/patches/patch-ars.c 1.1
- net/hping3/patches/patch-ars.h 1.1
- net/hping3/patches/patch-gethostname.c 1.1
- net/hping3/patches/patch-libpcap__stuff.c 1.1
- net/hping3/patches/patch-sbignum.c 1.1
- net/hping3/patches/patch-sendip.c 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Jun 14 12:17:30 UTC 2017
Modified Files:
pkgsrc/net/hping3: Makefile distinfo options.mk
pkgsrc/net/hping3/patches: patch-aa patch-ab patch-ac
Added Files:
pkgsrc/net/hping3/patches: patch-ars.c patch-ars.h
patch-gethostname.c
patch-libpcap__stuff.c patch-sbignum.c patch-sendip.c
Log Message:
Various patches and cleanups to fix build on Darwin and SunOS.
|
|
net/dnstracer: build fix
Revisions pulled up:
- net/dnstracer/Makefile 1.18
- net/dnstracer/distinfo 1.8
- net/dnstracer/patches/patch-Makefile 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Jun 14 09:30:20 UTC 2017
Modified Files:
pkgsrc/net/dnstracer: Makefile distinfo
Added Files:
pkgsrc/net/dnstracer/patches: patch-Makefile
Log Message:
Fix build on Darwin and SunOS.
|
|
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile 1.144
- textproc/libxml2/distinfo 1.115
- textproc/libxml2/patches/patch-valid.c 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Sun Jun 11 04:40:53 UTC 2017
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-valid.c
Log Message:
libxml2: Apply upstream patch for CVE-2017-5969.
(Minor issue, only a denial-of-service when using recover mode)
bump PKGREVISION
|
|
|
|
security/libksba: bugfix
Revisions pulled up:
- security/libksba/Makefile 1.34
- security/libksba/distinfo 1.22
- security/libksba/patches/patch-src_cms.c 1.1
---
Module Name: pkgsrc
Committed By: gdt
Date: Tue May 30 22:40:17 UTC 2017
Modified Files:
pkgsrc/security/libksba: Makefile distinfo
Added Files:
pkgsrc/security/libksba/patches: patch-src_cms.c
Log Message:
Add patch to resolve gpgsm S/MIME failures
S/MIME messages encrypted with gpgsm are sometimes not decodable by
other implementations. Discussion on gnupg-devel indicates that gpg
(via libksba) is incorrectly dropping leading zeros from the encrypted
session key. This commit adds a patch by Daiki Ueno from the
mailinglist that appears to improve interoperability. Upstream has
not yet applied it, but also has not said that it is wrong.
|
|
fonts/fontconfig: bugfix
Revisions pulled up:
- fonts/fontconfig/Makefile 1.98
- fonts/fontconfig/distinfo 1.56
- fonts/fontconfig/patches/patch-src_fccache.c 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Tue May 30 16:53:14 UTC 2017
Modified Files:
pkgsrc/fonts/fontconfig: Makefile distinfo
Added Files:
pkgsrc/fonts/fontconfig/patches: patch-src_fccache.c
Log Message:
Apply upstream patch for https://bugs.freedesktop.org/show_bug.cgi?id=97546
which fixes cache generation on OSX. Raised in joyent/pkgsrc#506.
Bump PKGREVISION.
|
|
|
|
www/firefox45: security fix
Revisions pulled up:
- www/firefox45-l10n/Makefile 1.10
- www/firefox45-l10n/distinfo 1.11
- www/firefox45/Makefile 1.25-1.27
- www/firefox45/distinfo 1.14
- www/firefox45/mozilla-common.mk 1.7
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed May 10 14:13:26 UTC 2017
Modified Files:
pkgsrc/www/firefox45: Makefile distinfo
Log Message:
Update to 45.9.0
Changelog:
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during
XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2016-10196: Vulnerabilities in Libevent library
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing
application/http-index-format content
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
45.9, and Firefox ESR 52.1
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed May 10 14:14:41 UTC 2017
Modified Files:
pkgsrc/www/firefox45-l10n: Makefile distinfo
Log Message:
Update to 45.9.0
* Sync with firefox45-45.9.0
---
Module Name: pkgsrc
Committed By: khorben
Date: Fri May 12 20:21:27 UTC 2017
Modified Files:
pkgsrc/www/firefox45: Makefile
Log Message:
Register more binaries as not safe for PaX mprotect
This also reflects the current situation in www/firefox.
Bumps PKGREVISION.
---
Module Name: pkgsrc
Committed By: khorben
Date: Sat May 13 02:34:30 UTC 2017
Modified Files:
pkgsrc/www/firefox45: Makefile mozilla-common.mk
Log Message:
Add dependency to multimedia/ffmpeg3
This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at
the time.
"commit" maya@
|
|
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.155
- security/sudo/distinfo 1.92
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Jun 7 05:41:53 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
update to version 1.8.20p2
upstream changelog:
2017-05-31 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* NEWS, configure, configure.ac:
Sudo 1.8.20p2
[47836f4c9834]
* src/ttyname.c:
A command name may also contain newline characters so read
/proc/self/stat until EOF. It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any. With help from Qualys.
This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
[15a46f4007dd]
2017-05-30 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* src/ttyname.c:
Use /proc/self consistently on Linux. As far as I know, only AIX
doesn't support /proc/self.
[6f3d9816541b]
|
|
security/py-yara: security fix
security/yara: security fix
Revisions pulled up:
- security/py-yara/Makefile 1.5
- security/py-yara/PLIST 1.2
- security/py-yara/distinfo 1.5-1.7
- security/yara/Makefile 1.3
- security/yara/Makefile.common 1.5-1.8
- security/yara/PLIST 1.3
- security/yara/distinfo 1.6-1.8
---
Module Name: pkgsrc
Committed By: khorben
Date: Mon May 15 15:27:31 UTC 2017
Modified Files:
pkgsrc/security/py-yara: Makefile PLIST distinfo
pkgsrc/security/yara: Makefile Makefile.common PLIST distinfo
Log Message:
Update security/{,py-yara} to version 3.5.0
The release notes mention:
* Match length operator
(http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
* Performance improvements
* Less memory consumption while scanning processes
* Exception handling when scanning memory blocks
* Negative integers in meta fields
* Added the --stack-size command-argument
* Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE
module
* Functions rich_signature.toolid and rich_signature.version added to
PE module
* Lots of bug fixes
The Python bindings are now released from a different tree, with the same
versioning apparently though.
"welcome to update" pettai@
---
Module Name: pkgsrc
Committed By: khorben
Date: Mon May 15 15:34:12 UTC 2017
Modified Files:
pkgsrc/security/yara: Makefile.common
Log Message:
Set myself as the maintainer
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jun 7 20:11:42 UTC 2017
Modified Files:
pkgsrc/security/py-yara: distinfo
pkgsrc/security/yara: Makefile.common distinfo
Log Message:
Package yara 3.6.0
In the release notes:
* .NET module (Wesley Shields)
* New features for ELF module (Jacob Baines)
* Fix endianness issues (Hilko Bengen)
* Function yr_compiler_add_fd added to libyara
* MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
* Added --fail-on-warnings command-line option
* Multiple bug fixes
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jun 7 20:27:37 UTC 2017
Modified Files:
pkgsrc/security/py-yara: distinfo
pkgsrc/security/yara: Makefile.common distinfo
Log Message:
Package yara 3.6.1
In the release notes:
* BUGFIX: Stack overflow caused by uncontrolled recursiveness
(CVE-2017-9304)
* BUGFIX: pe.overlay.size was undefined if the PE didn't have an
overlay. Now it's set to 0 in those cases.
* BUGFIX: Fix initalization issue that could cause a crash if rules
compiled with a 32bit yarac is used with a 64bit yara.
|
|
|
|
devel/p5-File-Path; security update
Revisions pulled up:
- devel/p5-File-Path/Makefile 1.17
- devel/p5-File-Path/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Mon Jun 5 18:01:06 UTC 2017
Modified Files:
pkgsrc/devel/p5-File-Path: Makefile distinfo
Log Message:
Security update for File::Path to 2.13.
2.13 2017-05-31
- Document security vulnerability reported as CVE-2017-6512.
2.12_008 2017-05-07
- Patch from John Lightsey.
2.12_007 2017-04-22
- Skip tests where filesystem doesn't support permissions (RT 121248).
- Add AppVeyor configuration; thanks to Charlie Gonzalez and Hayo Baan.
2.12_006 2017-04-21
- Modernize README, Makefile.PL, updating of version number
and release date in documentation.
2.12_005 2017-04-21
- Recommend use of 'safe => 1' in remove_tree() and rmtree().
- Warn if mkpath() or make_path() is passed implausible options on
Windows.
- Corrections to errors in previous release.
2.12_004 2017-04-18
- Certain functions used in tests are not available on Windows;
skip them.
- Move certain functions used in testing to t/FilePathTest.pm.
2.12_003 2017-04-07
- Add tests to improve coverage ratios as measured by Devel::Cover
- No functional changes.
2.12_002 2017-03-12
- GH#41 RT 117019 Fixed File::Path::remove_tree option hash is auto
populated and cannot be reused
- GH#40 Unskip in path root t
- GH#39 Remove superfluous assignment to $arg{perm}
- GH#38 Minor grammatical doc fixes.
- GH#37 Minor grammatical doc fixes.
2.12_001 2016-09-18
- RT 94209 document that the thread safety issue will not change and
communicate alternative.
- RT 85878 be more generous with error check regex given we could be
dealing with a pre-1.25 Carp.
- GH #33 Be more precise in documentation example for make_path
error checking.
- GH #34 Skip Windows 2000 and earlier unit tests (test change).
- GH #36 Do not hardcode ENOENT (test change).
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/p5-File-Path/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/p5-File-Path/distinfo
|
|
|
|
meta-pkgs/modular-xorg-drivers: build fix
Revisions pulled up:
- meta-pkgs/modular-xorg-drivers/Makefile 1.40
---
Module Name: pkgsrc
Committed By: maya
Date: Thu May 11 20:55:19 UTC 2017
Modified Files:
pkgsrc/meta-pkgs/modular-xorg-drivers: Makefile
Log Message:
Need new ati on dragonfly too.
old doesn't build and isn't interesting to fix
|
|
x11/matchbox-panel: SunOS build fix
Revisions pulled up:
- x11/matchbox-panel/Makefile 1.32
- x11/matchbox-panel/distinfo 1.4
- x11/matchbox-panel/patches/patch-po_Makefile.in 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Thu May 11 15:09:14 UTC 2017
Modified Files:
pkgsrc/x11/matchbox-panel: Makefile distinfo
Added Files:
pkgsrc/x11/matchbox-panel/patches: patch-po_Makefile.in
Log Message:
Use PKGLOCALEDIR. Fix build on SunOS.
|
|
sysutils/libfm: build fix
Revisions pulled up:
- sysutils/libfm/Makefile 1.6
---
Module Name: pkgsrc
Committed By: jperkin
Date: Thu May 11 14:33:02 UTC 2017
Modified Files:
pkgsrc/sysutils/libfm: Makefile
Log Message:
Requires msgfmt.
|
|
multimedia/vlc: security fix
Revisions pulled up:
- multimedia/vlc/Makefile 1.202-1.203
- multimedia/vlc/PLIST 1.60
- multimedia/vlc/distinfo 1.73-1.74
- multimedia/vlc/patches/patch-compat_Makefile.in 1.3
- multimedia/vlc/patches/patch-configure 1.8
- multimedia/vlc/patches/patch-include_vlc_atomic.h 1.3
- multimedia/vlc/patches/patch-modules_gui_qt4_qt4.hpp deleted
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon May 15 11:10:00 UTC 2017
Modified Files:
pkgsrc/multimedia/vlc: Makefile PLIST
Log Message:
Add a cdrom PLIST var and unset it on SunOS as the native cdio interface
is unsupported.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon May 15 11:11:35 UTC 2017
Modified Files:
pkgsrc/multimedia/vlc: distinfo
Added Files:
pkgsrc/multimedia/vlc/patches: patch-configure
Log Message:
Remove bogus exclusion of SunOS MMX/SSE2 support.
---
Module Name: pkgsrc
Committed By: maya
Date: Fri May 26 13:26:37 UTC 2017
Modified Files:
pkgsrc/multimedia/vlc: Makefile distinfo
pkgsrc/multimedia/vlc/patches: patch-compat_Makefile.in
patch-include_vlc_atomic.h
Removed Files:
pkgsrc/multimedia/vlc/patches: patch-modules_gui_qt4_qt4.hpp
Log Message:
vlc: update to 2.2.6.
Includes significant security fixes allowing code execution via
a crafted subtitles file (fixes CVE-2017-8310, CVE-2017-8311,
CVE-2017-8312, CVE-2017-8313)
pkgsrc changes:
pull in <atomic> in a C++11 case rather than clang case,
it's a C++11 header. however I couldn't build with -std=c++11 for
other reasons.
it builds and runs clang 4.0, but the mkv plugin dies on an
undefined reference.
Changes between 2.2.5.1 and 2.2.6:
----------------------------------
Video output:
* Fix systematic green line on nvidia
* Fix direct3d SPU texture offsets handling
Demuxer:
* Fix heap buffer overflows
Changes between 2.2.5 and 2.2.5.1:
----------------------------------
Security hardening for DLL hijacking environments
Translations updates
Misc:
* Update for Soundcloud, liveleak and Youtube scripts
* Fix potential out-of-band dereference in flac decoder
* Fix potential out-of-band reads in mpeg packetizers
* Fix infinite loop in subtitles demuxer
* Fix incorrect memory free in ogg demuxer
* Fix potential out-of-band reads in subtitle decoders and demuxers
* Fix green line on Windows with odd sizes
Changes between 2.2.4 and 2.2.5:
--------------------------------
Decoder:
* Fix mp3 playback quality regression in libmad
* Fix video scaling in VDPAU
* Fix playback of palettized codecs
* Fix ADPCM heap corruption (FG-VD-16-067)
* Fix AES3 16bps decoding
* Fix DVD/LPCM heap corruption (FG-VD-16-090)
* Fix SCTE-27 colors
Demuxer:
* Fix possible ASF integer overflow
* Fix MP4, VOC, XA, SMF divide-by-zero errors
* Fix MP4 heap buffer overflows
* Fix Flac metadata integer overflow
* Fix NSVf and AIFF infinite loops
* Fix flac null-pointer dereference
* Fix vorbis and opus comments integer overflows and leaks
Video output:
* Fix green line on Windows with AMD drivers
* Fix screenshots size
Access:
* Fix crash in screen recording on Windows
* Fix FTP scan string injection
* Fix HTTP size handling
Mux:
* Fix mp4 drift
Lua:
* Fix vimeo, youtube, dailymotion, cli, appletrailers, http,
soundcloud scripts
Audio filter:
* Fix heap write in stereo_widen audio filter
Windows:
* The plugins loading will not load external DLLs by default.
Plugins will need to LoadLibrary explicitely.
* Fix uninstaller path handling
* Fix taskbar buttons behavior
MacOS:
* Fix scrolling sensitivity on Sierra
* Resume points are deleted now if the user clears the list of
recent items
|
|
multimedia/vlc: build fix
Revisions pulled up:
- multimedia/vlc/options.mk 1.32
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon May 15 11:07:20 UTC 2017
Modified Files:
pkgsrc/multimedia/vlc: options.mk
Log Message:
Don't enable the "live" option on SunOS by default, it requires libraries
that aren't available.
|
|
multimedia/vlc: build fix
Revisions pulled up:
- multimedia/vlc/distinfo 1.72
- multimedia/vlc/patches/patch-include_vlc_atomic.h 1.2
- multimedia/vlc/patches/patch-modules_services__discovery_mtp.c 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon May 15 10:26:19 UTC 2017
Modified Files:
pkgsrc/multimedia/vlc: distinfo
pkgsrc/multimedia/vlc/patches: patch-include_vlc_atomic.h
Added Files:
pkgsrc/multimedia/vlc/patches:
patch-modules_services__discovery_mtp.c
Log Message:
Fix includes.
|
|
lang/python36: macppc build fix
Revisions pulled up:
- lang/python36/Makefile 1.7
- lang/python36/distinfo 1.10
- lang/python36/patches/patch-configure 1.7
---
Module Name: pkgsrc
Committed By: he
Date: Mon May 29 23:06:45 UTC 2017
Modified Files:
pkgsrc/lang/python36: Makefile distinfo
pkgsrc/lang/python36/patches: patch-configure
Log Message:
Fix a build issue observed on NetBSD/macppc, in that alloca() is left
as an unresolved undefined symbol, causing the install to fail due to
PLIST issues. Change from -std=c99 to -std=gnu99 to work around this
problem, based on hint from joerg@.
Bump PKGREVISION.
|
|
|
|
lang/spidermonkey17: bugfix
Revisions pulled up:
- lang/spidermonkey17/distinfo 1.8
- lang/spidermonkey17/patches/patch-js_src_shell_jsoptparse.cpp 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed May 24 13:22:36 UTC 2017
Modified Files:
pkgsrc/lang/spidermonkey17: distinfo
Added Files:
pkgsrc/lang/spidermonkey17/patches:
patch-js_src_shell_jsoptparse.cpp
Log Message:
Pointer fix, found by GCC 7.1.
|
|
textproc/aspell: bugfix
Revisions pulled up:
- textproc/aspell/distinfo 1.29
- textproc/aspell/patches/patch-ac 1.7
- textproc/aspell/patches/patch-modules_filter_tex.cpp 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed May 24 09:13:09 UTC 2017
Modified Files:
pkgsrc/textproc/aspell: distinfo
pkgsrc/textproc/aspell/patches: patch-ac
Added Files:
pkgsrc/textproc/aspell/patches: patch-modules_filter_tex.cpp
Log Message:
Pointer fixes, found by GCC 7.1
|
|
net/powerdns-recursor: build fix
Revisions pulled up:
- net/powerdns-recursor/distinfo 1.18
- net/powerdns-recursor/patches/patch-ext_json11_json11.cpp 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Mon May 22 23:41:52 UTC 2017
Modified Files:
pkgsrc/net/powerdns-recursor: distinfo
Added Files:
pkgsrc/net/powerdns-recursor/patches: patch-ext_json11_json11.cpp
Log Message:
Merge patch from powerdns package to avoid ordering nullptrs.
|
|
lang/guile20: FreeSD build fix
Revisions pulled up:
- lang/guile20/Makefile 1.13
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed May 17 12:06:20 UTC 2017
Modified Files:
pkgsrc/lang/guile20: Makefile
Log Message:
Fix packaging under FreeBSD/amd64 10.2 and 11.0
At least under 10.2, 10.3-RC3 and 11.0, GUILE_LIBNAME is so.22.8.1 like
other platforms.
|
|
security/libtomcrypt: security fix
Revisions pulled up:
- security/libtomcrypt/Makefile 1.7
- security/libtomcrypt/distinfo 1.6
- security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c 1.1
---
Module Name: pkgsrc
Committed By: snj
Date: Tue May 16 21:55:50 UTC 2017
Modified Files:
pkgsrc/security/libtomcrypt: Makefile distinfo
Added Files:
pkgsrc/security/libtomcrypt/patches:
patch-src_pk_rsa_rsa__verify__hash.c
Log Message:
Fix CVE-2016-6129. Bump PKGREVISION to 3.
|
|
emulators/gxemul: bugfix
Revisions pulled up:
- emulators/gxemul/Makefile 1.56
- emulators/gxemul/distinfo 1.46
- emulators/gxemul/patches/patch-src_devices_dev__footbridge.cc 1.1
---
Module Name: pkgsrc
Committed By: christos
Date: Mon May 15 01:45:49 UTC 2017
Modified Files:
pkgsrc/emulators/gxemul: Makefile distinfo
Added Files:
pkgsrc/emulators/gxemul/patches:
patch-src_devices_dev__footbridge.cc
Log Message:
Fix cats interrupt issue, cosmetic addition to footbridge.
|
|
multimedia/adobe-flash-player: security fix
Revisions pulled up:
- multimedia/adobe-flash-player/Makefile 1.4
- multimedia/adobe-flash-player/distinfo 1.4
---
Module Name: pkgsrc
Committed By: tsutsui
Date: Sat May 13 04:11:46 UTC 2017
Modified Files:
pkgsrc/multimedia/adobe-flash-player: Makefile distinfo
Log Message:
Update adobe-flash-player to 25.0.0.171.
Upstream announcements:
https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
Security updates available for Adobe Flash Player
Release date: May 9, 2017
Vulnerability identifier: APSB17-15
CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071,
CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
Platform: Windows, Macintosh, Linux and Chrome OS
|
|
|
|
graphics/gdk-pixbuf2: security fix
Revisions pulled up:
- graphics/gdk-pixbuf2/Makefile.version 1.16
- graphics/gdk-pixbuf2/PLIST 1.16
- graphics/gdk-pixbuf2/distinfo 1.33
- graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-icns.c 1.3
- graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-ico.c 1.1
- graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-tiff.c 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun May 14 12:55:16 UTC 2017
Modified Files:
pkgsrc/graphics/gdk-pixbuf2: Makefile.version PLIST distinfo
Added Files:
pkgsrc/graphics/gdk-pixbuf2/patches: patch-gdk-pixbuf_io-icns.c
patch-gdk-pixbuf_io-ico.c patch-gdk-pixbuf_io-tiff.c
patch-thumbnailer_gnome-thumbnailer-skeleton.c
Log Message:
updating from version 2.36.4 to 2.36.6
adding patches for: CVE-2017-6311 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314
from bugzilla.gnome.org
|
|
graphics/freetype2: security fix
Revisions pulled up:
- graphics/freetype2/Makefile 1.111
- graphics/freetype2/PLIST 1.24
- graphics/freetype2/distinfo 1.62
- graphics/freetype2/patches/patch-ab 1.19
---
Module Name: pkgsrc
Committed By: spz
Date: Sun May 14 11:02:15 UTC 2017
Modified Files:
pkgsrc/graphics/freetype2: Makefile PLIST distinfo
pkgsrc/graphics/freetype2/patches: patch-ab
Log Message:
Update from 2.7.1 to 2.8: 3 API additions, no deletions, no changes
fixes CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 CVE-2017-8105 CVE-2017-8287
Upstream change announcement:
I. IMPORTANT CHANGES
- Support for OpenType Variation Fonts is now complete. The last
missing part was handling the `VVAR' and `MVAR' tables, which is
available with this release.
- A new function `FT_Face_Properties' allows the control of some
module and library properties per font. Currently, the
following properties can be handled: stem darkening, LCD filter
weights, and the random seed for the `random' CFF operator.
- The PCF change to show more `colourful' family names (introduced
in version 2.7.1) was too radical; it can now be configured with
PCF_CONFIG_OPTION_LONG_FAMILY_NAMES at compile time. If
activated, it can be switched off at run time with the new pcf
property `no-long-family-names'. If the `FREETYPE_PROPERTIES'
environment variable is available, you can say
FREETYPE_PROPERTIES=pcf:no-long-family-names=1
- Support for the following scripts has been added to the
auto-hinter.
Adlam, Avestan, Bamum, Buhid, Carian, Chakma, Coptic, Cypriot,
Deseret, Glagolitic, Gothic, Kayah, Lisu, N'Ko, Ol Chiki, Old
Turkic, Osage, Osmanya, Saurashtra, Shavian, Sundanese, Tai
Viet, Tifinagh, Unified Canadian Syllabics, Vai
II. IMPORTANT BUG FIXES
- `Light' auto-hinting mode no longer uses TrueType metrics for
TrueType fonts. This bug was introduced in version 2.4.6,
causing horizontal scaling also. Almost all GNU/Linux
distributions (with Fedora as a notable exception) disabled the
corresponding patch for good reasons; chances are thus high that
you won't notice a difference.
If optical backward compatibility for legacy applications is
necessary, you might enable the AF_CONFIG_OPTION_TT_SIZE_METRICS
configuration option. However, it is strongly recommended to
avoid that, adjusting font sizes instead.
- If a TrueType font gets loaded with FT_LOAD_NO_HINTING, FreeType
now scales the font linearly again (bug introduced in version
2.4.6).
- CVE-2017-8105, CVE-2017-8287: Older FreeType versions have
out-of-bounds writes caused by heap-based buffer overflows
related to Type 1 fonts.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
III. MISCELLANEOUS
- A new function `FT_Set_Default_Properties' has been added to
parse the `FREETYPE_PROPERTIES' environment variable
(previously, it was internal only). `FT_Init_FreeType' always
call this function, but `FT_New_Library' does not (similar to
`FT_Add_Default_Modules').
- To be in sync with OpenType version 1.7 and newer, macros
FT_PARAM_TAG_IGNORE_PREFERRED_FAMILY,
FT_PARAM_TAG_IGNORE_PREFERRED_SUBFAMILY,
TT_NAME_ID_PREFERRED_FAMILY
TT_NAME_ID_PREFERRED_SUBFAMILY
are renamed to
FT_PARAM_TAG_IGNORE_TYPOGRAPHIC_FAMILY,
FT_PARAM_TAG_IGNORE_TYPOGRAPHIC_SUBFAMILY,
TT_NAME_ID_TYPOGRAPHIC_FAMILY
TT_NAME_ID_TYPOGRAPHIC_SUBFAMILY
The old macro names are deprecated (but still available).
- Support for SFNT `name' tables has been improved.
. Format 1 `name' tables are now supported. Use new function
`FT_Get_Sfnt_LangTag' to access associated language tags.
. Language, encoding, and name IDs have been updated to OpenType
version 1.8.1.
- The new CFF engine now handles the `random' operator. All CFF
opcodes are now supported.
- The CFF module has a new property `random-seed' to control the
pseudo-random number generation for the `random' operator.
- The `freetype-config' script is now a wrapper of `pkg-config' if
this program is available in the path.
- FT_LOAD_TARGET_LCD is now a variant of FT_LOAD_TARGET_LIGHT;
this should provide better rendering results.
- A mode to display light auto-hinting with sub-pixel positioning
has been added to `ftdiff'.
|
|
A code repetition caused add and modify operations to be done twice.
|
|
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.154
- security/sudo/distinfo 1.89-1.91
- security/sudo/patches/patch-af 1.34
- security/sudo/patches/patch-ag 1.25-1.26
- security/sudo/patches/patch-include_sudo__compat.h 1.1
- security/sudo/patches/patch-include_sudo__event.h 1.1
- security/sudo/patches/patch-src_Makefile.in 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue May 30 16:14:56 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-af patch-ag patch-src_Makefile.in
Added Files:
pkgsrc/security/sudo/patches: patch-include_sudo__event.h
Log Message:
sudo: update to 1.8.20p1.
Fixes CVE-2017-1000367, local privilege escalation on linux.
What's new in Sudo 1.8.20p1
* Fixed "make check" when using OpenSSL or GNU crypt.
Bug #787.
* Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
when the process name contains spaces. Since the user has control
over the command name, this could potentially be used by a user
with sudo access to overwrite an arbitrary file on systems with
SELinux enabled. Also stop performing a breadth-first traversal
of /dev when looking for the device; only a hard-coded list of
directories are checked,
What's new in Sudo 1.8.20
* Added support for SASL_MECH in ldap.conf. Bug #764
* Added support for digest matching when the command is a glob-style
pattern or a directory. Previously, only explicit path matches
supported digest checks.
* New "fdexec" Defaults option to control whether a command
is executed by path or by open file descriptor.
* The embedded copy of zlib has been upgraded to version 1.2.11.
* Fixed a bug that prevented sudoers include files with a relative
path starting with the letter 'i' from being opened. Bug #776.
* Added support for command timeouts in sudoers. The command will
be terminated if the timeout expires.
* The SELinux role and type are now displayed in the "sudo -l"
output for the LDAP and SSSD backends, just as they are in the
sudoers backend.
* A new command line option, -T, can be used to specify a command
timeout as long as the user-specified timeout is not longer than
the timeout specified in sudoers. This option may only be
used when the "user_command_timeouts" flag is enabled in sudoers.
* Added NOTBEFORE and NOTAFTER command options to the sudoers
backend similar to what is already available in the LDAP backend.
* Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
crypt instead of the SHA2 implementation bundled with sudo.
* Fixed a compilation error on systems without the stdbool.h header
file. Bug #778.
* Fixed a compilation error in the standalone Kerberos V authentication
module. Bug #777.
* Added the iolog_flush flag to sudoers which causes I/O log data
to be written immediately to disk instead of being buffered.
* I/O log files are now created with group ID 0 by default unless
the "iolog_user" or "iolog_group" options are set in sudoers.
* It is now possible to store I/O log files on an NFS-mounted
file system where uid 0 is remapped to an unprivileged user.
The "iolog_user" option must be set to a non-root user and the
top-level I/O log directory must exist and be owned by that user.
* Added the restricted_env_file setting to sudoers which is similar
to env_file but its contents are subject to the same restrictions
as variables in the invoking user's environment.
* Fixed a use after free bug in the SSSD backend when the fqdn
sudoOption is enabled and no hostname value is present in
/etc/sssd/sssd.conf.
* Fixed a typo that resulted in a compilation error on systems
where the killpg() function is not found by configure.
* Fixed a compilation error with the included version of zlib
when sudo was built outside the source tree.
* Fixed the exit value of sudo when the command is terminated by
a signal other than SIGINT. This was broken in sudo 1.8.15 by
the fix for Bug #722. Bug #784.
* Fixed a regression introduced in sudo 1.8.18 where the "lecture"
option could not be used in a positive boolean context, only
a negative one.
* Fixed an issue where sudo would consume stdin if it was not
connected to a tty even if log_input is not enabled in sudoers.
Bug #786.
* Clarify in the sudoers manual that the #includedir directive
diverts control to the files in the specified directory and,
when parsing of those files is complete, returns control to the
original file. Bug #775.
What's new in Sudo 1.8.19p2
* Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
or network is used in a host-based Defaults entry. Bug #766
* Added a missing check for the ignore_iolog_errors flag when
the sudoers plugin generates the I/O log file path name.
* Fixed a typo in sudo's vsyslog() replacement that resulted in
garbage being logged to syslog.
What's new in Sudo 1.8.19p1
* Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
syslog priority and facility being used.
What's new in Sudo 1.8.19
* New "syslog_maxlen" Defaults option to control the maximum size of
syslog messages generated by sudo.
* Sudo has been run against PVS-Studio and any issues that were
not false positives have been addressed.
* I/O log files are now created with the same group ID as the
parent directory and not the invoking user's group ID.
* I/O log permissions and ownership are now configurable via the
"iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults
variables.
* Fixed configuration of the sudoers I/O log plugin debug subsystem.
Previously, I/O log information was not being written to the
sudoers debug log.
* Fixed a bug in visudo that broke editing of files in an include
dir that have a syntax error. Normally, visudo does not edit
those files, but if a syntax error is detected in one, the user
should get a chance to fix it.
* Warnings about unknown or unparsable sudoers Defaults entries now
include the file and line number of the problem.
* Visudo will now use the file and line number information about an
unknown or unparsable Defaults entry to go directly to the file
with the problem.
* Fixed a bug in the sudoers LDAP back-end where a negated sudoHost
entry would prevent other sudoHost entries following it from matching.
* Warnings from visudo about a cycle in an Alias entry now include the
file and line number of the problem.
* In strict mode, visudo will now use the file and line number
information about a cycle in an Alias entry to go directly to the
file with the problem.
* The sudo_noexec.so file is now linked with -ldl on systems that
require it for the wordexp() wrapper.
* Fixed linking of sudo_noexec.so on macOS systems where it must be
a dynamic library and not a module.
* Sudo's "make check" now includes a test for sudo_noexec.so
working.
* The sudo front-end now passes the user's umask to the plugin.
Previously the plugin had to determine this itself.
* Sudoreplay can now display the stdin and ttyin streams when they
are explicitly added to the filter list.
* Fixed a bug introduced in sudo 1.8.17 where the "all" setting
for verifypw and listpw was not being honored. Bug #762.
* The syslog priority (syslog_goodpri and syslog_badpri) can now
be negated or set to "none" to disable logging of successful or
unsuccessful sudo attempts via syslog.
What's new in Sudo 1.8.18p1
* When sudo_noexec.so is used, the WRDE_NOCMD flag is now added
if the wordexp() function is called. This prevents commands
from being run via wordexp() without disabling it entirely.
* On Linux systems, sudo_noexec.so now uses a seccomp filter to
disable execute access if the kernel supports seccomp. This is
more robust than the traditional method of using stub functions
that return an error.
What's new in Sudo 1.8.18
* The sudoers locale is now set before parsing the sudoers file.
If sudoers_locale is set in sudoers, it is applied before
evaluating other Defaults entries. Previously, sudoers_locale
was used when evaluating sudoers but not during the inital parse.
Bug #748.
* A missing or otherwise invalid #includedir is now ignored instead
of causing a parse error.
* During "make install", backup files are only used on HP-UX where
it is not possible to unlink a shared object that is in use.
This works around a bug in ldconfig on Linux which could create
links to the backup shared library file instead of the current
one.
* Fixed a bug introduced in 1.8.17 where sudoers entries with long
commands lines could be truncated, preventing a match. Bug #752.
* The fqdn, runas_default and sudoers_locale Defaults settings are
now applied before any other Defaults settings since they can
change how other Defaults settings are parsed.
* On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
flag is set, sudoedit now checks whether the file is a symbolic link
before opening it as well as after the open. Bug #753.
* Sudo will now only resolve a user's group IDs to group names
when sudoers includes group-based permissions. Group lookups
can be expensive on some systems where the group database is
not local.
* If the file system holding the sudo log file is full, allow
the command to run unless the new ignore_logfile_errors Defaults
option is disabled. Bug #751.
* The ignore_audit_errors and ignore_iolog_errors Defaults options
have been added to control sudo's behavior when it is unable to
write to the audit and I/O logs.
* Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
was not being restored when sudo directly executes the command.
* Fixed a bug where "sudo -l command" would indicate that a command
was runnable even when denied by sudoers when using the LDAP or
SSSD backends.
* The match_group_by_gid Defaults option has been added to allow
sites where group name resolution is slow and where sudoers only
contains a small number of groups to match groups by group ID
instead of by group name.
* Fixed a bug on Linux where a 32-bit sudo binary could fail with
an "unable to allocate memory" error when run on a 64-bit system.
Bug #755
* When parsing ldap.conf, sudo will now only treat a '#' character
as the start of a comment when it is at the beginning of the
line.
* Fixed a potential crash when auditing is enabled and the audit
function fails with an error. Bug #756
* Norwegian Nynorsk translation for sudo from translationproject.org.
* Fixed a typo that broke short host name matching when the fqdn
flag is enabled in sudoers. Bug #757
* Negated sudoHost attributes are now supported by the LDAP and
SSSD backends.
* Fixed matching entries in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
* Fixed "sudo -l" output in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.33 -r1.34 pkgsrc/security/sudo/patches/patch-af
cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/sudo/patches/patch-ag
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/sudo/patches/patch-include_sudo__event.h
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/sudo/patches/patch-src_Makefile.in
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed May 31 02:22:02 UTC 2017
Modified Files:
pkgsrc/security/sudo: distinfo
Added Files:
pkgsrc/security/sudo/patches: patch-include_sudo__compat.h
Log Message:
sudo: workaround deficiencies in netbsd 6,7
NetBSD 7 doesn't define WCONTINUED or WIFCONTINUED, so provide
failure fallback definitions.
Thanks nonaka for the heads up.
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/sudo/patches/patch-include_sudo__compat.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed May 31 02:33:12 UTC 2017
Modified Files:
pkgsrc/security/sudo: distinfo
pkgsrc/security/sudo/patches: patch-ag
Log Message:
sudo: include the full regen of configure script.
I tried to exclude a hunk that seemed new, but that is probably wrong.
It didn't cause problems on my end at first, but does fail for others.
To generate a diff of this commit:
cvs rdiff -u -r1.90 -r1.91 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/sudo/patches/patch-ag
|
|
|
|
databases/postgresql92: security fix
databases/postgresql93: security fix
databases/postgresql94: security fix
databases/postgresql95: security fix
databases/postgresql96: security fix
Revisions pulled up:
- databases/postgresql92-docs/PLIST 1.21
- databases/postgresql92-server/PLIST 1.13
- databases/postgresql92/Makefile.common 1.28
- databases/postgresql92/distinfo 1.23
- databases/postgresql93-docs/PLIST 1.18
- databases/postgresql93-server/PLIST 1.11
- databases/postgresql93/Makefile.common 1.24
- databases/postgresql93/distinfo 1.23
- databases/postgresql94-client/PLIST 1.3
- databases/postgresql94-docs/PLIST 1.13
- databases/postgresql94-server/PLIST 1.8
- databases/postgresql94/Makefile.common 1.16
- databases/postgresql94/distinfo 1.15
- databases/postgresql95-client/PLIST 1.4
- databases/postgresql95-docs/PLIST 1.7
- databases/postgresql95-server/PLIST 1.6
- databases/postgresql95/Makefile.common 1.9
- databases/postgresql95/distinfo 1.8
- databases/postgresql96-client/PLIST 1.2
- databases/postgresql96-docs/PLIST 1.3
- databases/postgresql96-server/PLIST 1.3
- databases/postgresql96/Makefile.common 1.3
- databases/postgresql96/distinfo 1.4
---
Module Name: pkgsrc
Committed By: adam
Date: Fri May 12 19:37:55 UTC 2017
Modified Files:
pkgsrc/databases/postgresql92: Makefile.common distinfo
pkgsrc/databases/postgresql92-docs: PLIST
pkgsrc/databases/postgresql92-server: PLIST
pkgsrc/databases/postgresql93: Makefile.common distinfo
pkgsrc/databases/postgresql93-docs: PLIST
pkgsrc/databases/postgresql93-server: PLIST
pkgsrc/databases/postgresql94: Makefile.common distinfo
pkgsrc/databases/postgresql94-client: PLIST
pkgsrc/databases/postgresql94-docs: PLIST
pkgsrc/databases/postgresql94-server: PLIST
pkgsrc/databases/postgresql95: Makefile.common distinfo
pkgsrc/databases/postgresql95-client: PLIST
pkgsrc/databases/postgresql95-docs: PLIST
pkgsrc/databases/postgresql95-server: PLIST
pkgsrc/databases/postgresql96: Makefile.common distinfo
pkgsrc/databases/postgresql96-client: PLIST
pkgsrc/databases/postgresql96-docs: PLIST
pkgsrc/databases/postgresql96-server: PLIST
Log Message:
The PostgreSQL Global Development Group has released an update to all
supported versions of our database system, including 9.6.3, 9.5.7,
9.4.12, 9.3.17, and 9.2.21. This release fixes three security
issues. It also patches a number of other bugs reported over the last
three months. Users who use the PGREQUIRESSL environment variable to
control connections, and users who rely on security
isolation between database users when using foreign servers, should
update as soon as possible. Other users should plan to update at the
next convenient downtime.
|
|
net/tor: security fix
Revisions pulled up:
- net/tor/Makefile 1.121
- net/tor/distinfo 1.81
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 17 07:13:37 UTC 2017
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Changes in version 0.3.0.7 - 2017-05-15
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
clients are not affected.
o Major bugfixes (hidden service directory, security):
- Fix an assertion failure in the hidden service directory code,
which could be used by an attacker to remotely cause a Tor relay
process to exit. Relays running earlier versions of Tor 0.3.0.x
should upgrade. This security issue is tracked as TROVE-2017-002.
Fixes bug 22246; bugfix on 0.3.0.1-alpha.
o Minor features:
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
Country database.
o Minor features (future-proofing):
- Tor no longer refuses to download microdescriptors or descriptors
if they are listed as "published in the future". This change will
eventually allow us to stop listing meaningful "published" dates
in microdescriptor consensuses, and thereby allow us to reduce the
resources required to download consensus diffs by over 50%.
Implements part of ticket 21642; implements part of proposal 275.
o Minor bugfixes (Linux seccomp2 sandbox):
- The getpid() system call is now permitted under the Linux seccomp2
sandbox, to avoid crashing with versions of OpenSSL (and other
libraries) that attempt to learn the process's PID by using the
syscall rather than the VDSO code. Fixes bug 21943; bugfix
on 0.2.5.1-alpha.
|
|
security/crypto++: security fix
Revisions pulled up:
- security/crypto++/Makefile 1.21
- security/crypto++/PLIST 1.7
- security/crypto++/buildlink3.mk 1.13
- security/crypto++/distinfo 1.12
- security/crypto++/patches/patch-GNUmakefile 1.1
- security/crypto++/patches/patch-aa deleted
- security/crypto++/patches/patch-config.h deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 18 21:20:23 UTC 2017
Modified Files:
pkgsrc/security/crypto++: Makefile PLIST buildlink3.mk distinfo
Added Files:
pkgsrc/security/crypto++/patches: patch-GNUmakefile
Removed Files:
pkgsrc/security/crypto++/patches: patch-aa patch-config.h
Log Message:
Crypto++ 5.6.5
The 5.6.5 release was mostly a maintenance release. The release included
two CVE fixes.
The first, CVE-2016-7420, was a procedural finding due to external build
systems failing to define NDEBUG for release builds. The gap was the
project's failure to tell users to define NDEBUG. The
second, CVE-2016-7544, was a potential memory corruption on Windows
platforms when using Microsoft compilers due to use of _malloca and _freea.
Due to CVE-2016-7420 and the possibility for an unwanted assert to
egress data, users and distros are encouraged to recompile the library
and all dependent programs.
|