| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Suggested by joerg.
|
|
this might be the cause of weird missing -lz on the latest SmartOS bulk
build, which appears to use this package.
Bump PKGREVISION.
Make sure gcc7-libs PKGREVISION > gcc7 PKGREVISION
(This was not the case before)
|
|
|
|
www/nginx: security update
Revisions pulled up:
- www/nginx/Makefile 1.80
- www/nginx/distinfo 1.65
- www/nginx/options.mk 1.48
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Nov 16 00:26:19 UTC 2018
Modified Files:
pkgsrc/www/nginx: Makefile distinfo options.mk
Log Message:
www/nginx: Update to nginx-1.14.1
Changes with nginx 1.14.1 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 pkgsrc/www/nginx/Makefile
cvs rdiff -u -r1.64 -r1.65 pkgsrc/www/nginx/distinfo
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/nginx/options.mk
|
|
|
|
x11/xinit: build fix
Revisions pulled up:
- x11/xinit/PLIST.Darwin 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Nov 27 16:29:46 UTC 2018
Modified Files:
pkgsrc/x11/xinit: PLIST.Darwin
Log Message:
xinit: correct outdated PLIST.Darwin entries.
>From Louis Guillaume in PR pkg/53747
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/x11/xinit/PLIST.Darwin
|
|
|
|
graphics/tiff: security update
Revisions pulled up:
- graphics/tiff/Makefile 1.144
- graphics/tiff/PLIST 1.26
- graphics/tiff/distinfo 1.93
- graphics/tiff/patches/patch-CVE-2017-11613 deleted
- graphics/tiff/patches/patch-CVE-2017-18013 deleted
- graphics/tiff/patches/patch-CVE-2017-9935 deleted
- graphics/tiff/patches/patch-CVE-2018-10963 deleted
- graphics/tiff/patches/patch-CVE-2018-17100 deleted
- graphics/tiff/patches/patch-CVE-2018-17101 deleted
- graphics/tiff/patches/patch-CVE-2018-5784 deleted
- graphics/tiff/patches/patch-CVE-2018-8905 deleted
- graphics/tiff/patches/patch-libtiff_tif__jbig.c deleted
- graphics/tiff/patches/patch-libtiff_tif__read.c deleted
- graphics/tiff/patches/patch-tools_pal2rgb.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Sat Nov 10 21:14:54 UTC 2018
Modified Files:
pkgsrc/graphics/tiff: Makefile PLIST distinfo
Removed Files:
pkgsrc/graphics/tiff/patches: patch-CVE-2017-11613 patch-CVE-2017-18013
patch-CVE-2017-9935 patch-CVE-2018-10963 patch-CVE-2018-17100
patch-CVE-2018-17101 patch-CVE-2018-5784 patch-CVE-2018-8905
patch-libtiff_tif__jbig.c patch-libtiff_tif__read.c
patch-tools_pal2rgb.c
Log Message:
tiff: update to 4.0.10
It has been a year since the previous release. This is the first
release made from the Git repository at
https://gitlab.com/libtiff/libtiff using a collaborative process.
Since the previous release, a number of security issues have been
fixed, and some significant new features have been added.
This release adds support for Zstd and WebP compression algorithms.
In their own way, each of these compression algorithms is highly
complimentary to TIFF.
Zstd provides improved compression and decompression speed vs zlib's
Deflate as well as a broader range of compression ratios. Zstd is
developed by Facebook and the implementation continues to be improved.
WebP is optimized for small/medium 8-bit images while offering
improved compression performance vs traditional JPEG. WebP works well
in strips or tiles to compress large images down to very small files,
while preserving a good looking image. WebP is developed by Google,
and its implementation continues to be improved.
Due to Adobe's TIFF tag registration interface going off-line, we have
had to assign our own tags for Zstd and WebP.
To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/graphics/tiff/PLIST
cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2017-11613 \
pkgsrc/graphics/tiff/patches/patch-CVE-2017-18013 \
pkgsrc/graphics/tiff/patches/patch-CVE-2017-9935 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-10963 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-17100 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-17101 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-5784 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905 \
pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \
pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c \
pkgsrc/graphics/tiff/patches/patch-tools_pal2rgb.c
|
|
security/gnutls: security update
Revisions pulled up:
- security/gnutls/Makefile 1.191
- security/gnutls/PLIST 1.61
- security/gnutls/distinfo 1.131
- security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Nov 9 18:03:45 UTC 2018
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-doc_examples_tlsproxy_tlsproxy.c
Log Message:
gnutls: update to 3.6.4.
* Version 3.6.4 (released 2018-09-24)
** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
gnutls_certificate_set_retrieve_function() which could not handle the case where
no certificates were returned, or the callbacks were set to NULL (see #528).
** libgnutls: gnutls_handshake() on server returns early on handshake when no
certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
is specified.
** libgnutls: Added session ticket key rotation on server side with TOTP.
The key set with gnutls_session_ticket_enable_server() is used as a
master key to generate time-based keys for tickets. The rotation
relates to the gnutls_db_set_cache_expiration() period.
** libgnutls: The 'record size limit' extension is added and preferred to the
'max record size' extension when possible.
** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
This addresses the problem where the CA certificate doesn't have a subject key
identifier whereas the end certificates have an authority key identifier (#569)
** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
and export GOST parameters in the "native" little endian format used for these
curves. This is an intentional incompatible change with 3.6.3.
** libgnutls: Added support for seperately negotiating client and server certificate types
as defined in RFC7250. This mechanism must be explicitly enabled via the
GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
** gnutls-cli: enable CRL validation on startup (#564)
** API and ABI modifications:
GNUTLS_ENABLE_EARLY_START: Added
GNUTLS_ENABLE_CERT_TYPE_NEG: Added
GNUTLS_TL_FAIL_ON_INVALID_CRL: Added
GNUTLS_CERTIFICATE_VERIFY_CRLS: Added
gnutls_ctype_target_t: New enumeration
gnutls_record_set_max_early_data_size: Added
gnutls_certificate_type_get2: Added
gnutls_priority_certificate_type_list2: Added
gnutls_ffdhe_6144_group_prime: Added
gnutls_ffdhe_6144_group_generator: Added
gnutls_ffdhe_6144_key_bits: Added
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.60 -r1.61 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.130 -r1.131 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/gnutls/patches/patch-doc_examples_tlsproxy_tlsproxy.c
|
|
|
|
net/youtube-dl: functionality update
Revisions pulled up:
- net/youtube-dl/Makefile 1.147-1.150
- net/youtube-dl/PLIST 1.70-1.71
- net/youtube-dl/distinfo 1.132-1.135
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Fri Oct 5 08:00:34 UTC 2018
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update net/youtube-dl to 20181005
Changes:
version 2018.10.05
Extractors
* [pluralsight] Improve authentication (#17762)
* [dailymotion] Fix extraction (#17699)
* [crunchyroll] Switch to HTTPS for RpcApi (#17749)
+ [philharmoniedeparis] Add support for pad.philharmoniedeparis.fr (#17705)
* [philharmoniedeparis] Fix extraction (#17705)
+ [jamendo] Add support for licensing.jamendo.com (#17724)
+ [openload] Add support for oload.cloud (#17710)
* [pluralsight] Fix subtitles extraction (#17726, #17728)
+ [vimeo] Add another config regular expression (#17690)
* [spike] Fix Paramount Network extraction (#17677)
* [hotstar] Fix extraction (#14694, #14931, #17637)
version 2018.09.26
Extractors
* [pluralsight] Fix subtitles extraction (#17671)
* [mediaset] Improve embed support (#17668)
+ [youtube] Add support for invidio.us (#17613)
+ [zattoo] Add support for more zattoo platform sites
* [zattoo] Fix extraction (#17175, #17542)
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/net/youtube-dl/Makefile
cvs rdiff -u -r1.131 -r1.132 pkgsrc/net/youtube-dl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun Oct 28 21:32:38 UTC 2018
Modified Files:
pkgsrc/net/youtube-dl: Makefile PLIST distinfo
Log Message:
youtube-dl: Update net/youtube-dl to 20181029
Changes:
version 2018.10.29
Core
+ [extractor/common] Add validation for JSON-LD URLs
Extractors
+ [sportbox] Add support for matchtv.ru
* [sportbox] Fix extraction (#17978)
* [screencast] Fix extraction (#14590, #14617, #17990)
+ [openload] Add support for oload.icu
+ [ivi] Add support for ivi.tv
* [crunchyroll] Improve extraction failsafeness (#17991)
* [dailymail] Fix formats extraction (#17976)
* [viewster] Reduce format requests
* [cwtv] Handle API errors (#17905)
+ [rutube] Use geo verification headers (#17897)
+ [brightcove:legacy] Add fallbacks to brightcove:new (#13912)
- [tv3] Remove extractor (#10461, #15339)
* [ted] Fix extraction for HTTP and RTMP formats (#5941, #17572, #17894)
+ [openload] Add support for oload.cc (#17823)
+ [patreon] Extract post_file URL (#17792)
* [patreon] Fix extraction (#14502, #10471)
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/net/youtube-dl/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/youtube-dl/PLIST
cvs rdiff -u -r1.132 -r1.133 pkgsrc/net/youtube-dl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sat Nov 3 13:04:16 UTC 2018
Modified Files:
pkgsrc/net/youtube-dl: Makefile PLIST distinfo
Log Message:
youtube-dl: Update net/youtube-dl to 20181103
Changes:
version 2018.11.03
Core
* [extractor/common] Ensure response handle is not prematurely closed before
it can be read if it matches expected_status (#17195, #17846, #17447)
Extractors
* [laola1tv:embed] Set correct stream access URL scheme (#16341)
+ [ehftv] Add support for ehftv.com (#15408)
* [azmedien] Adopt to major site redesign (#17745, #17746)
+ [twitcasting] Add support for twitcasting.tv (#17981)
* [orf:tvthek] Fix extraction (#17737, #17956, #18024)
+ [openload] Add support for oload.fun (#18045)
* [njpwworld] Fix authentication (#17427)
+ [linkedin:learning] Add support for linkedin.com/learning (#13545)
* [theplatform] Improve error detection (#13222)
* [cnbc] Simplify extraction (#14280, #17110)
+ [cbnc] Add support for new URL schema (#14193)
* [aparat] Improve extraction and extract more metadata (#17445, #18008)
* [aparat] Fix extraction
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 pkgsrc/net/youtube-dl/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/youtube-dl/PLIST
cvs rdiff -u -r1.133 -r1.134 pkgsrc/net/youtube-dl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Nov 7 12:28:37 UTC 2018
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update net/youtube-dl to 20181107
Changes:
version 2018.11.07
Extractors
+ [youtube] Add another JS signature function name regex (#18091, #18093,
#18094)
* [facebook] Fix tahoe request (#17171)
* [cliphunter] Fix extraction (#18083)
+ [youtube:playlist] Add support for invidio.us (#18077)
* [zattoo] Arrange API hosts for derived extractors (#18035)
+ [youtube] Add fallback metadata extraction from videoDetails (#18052)
To generate a diff of this commit:
cvs rdiff -u -r1.149 -r1.150 pkgsrc/net/youtube-dl/Makefile
cvs rdiff -u -r1.134 -r1.135 pkgsrc/net/youtube-dl/distinfo
|
|
mail/roundcube-plugin-zipdownload: dependency update
Revisions pulled up:
- mail/roundcube-plugin-zipdownload/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 15:27:11 UTC 2018
Modified Files:
pkgsrc/mail/roundcube-plugin-zipdownload: distinfo
Log Message:
mail/roundcube-plugin-zipdownload: update to 1.3.8
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
|
|
mail/roundcube-plugin-password: dependency update
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 15:26:35 UTC 2018
Modified Files:
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.3.8
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/roundcube-plugin-password/distinfo
|
|
mail/roundcube-plugin-enigma: security update
Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 15:24:11 UTC 2018
Modified Files:
pkgsrc/mail/roundcube-plugin-enigma: distinfo
Log Message:
mail/roundcube-plugin-enigma: update to 1.3.8
RELEASE 1.3.8
-------------
- Enigma: Fix deleting keys with authentication subkeys (#6381)
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/roundcube-plugin-enigma/distinfo
|
|
mail/roundcube: security update
Revisions pulled up:
- mail/roundcube/Makefile.common 1.12
- mail/roundcube/distinfo 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 15:23:34 UTC 2018
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
Log Message:
mail/roundcube: update to 1.3.8
This update includes XSS security problem.
RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.62 -r1.63 pkgsrc/mail/roundcube/distinfo
|
|
|
|
www/ruby-loofah: security update
Revisions pulled up:
- www/ruby-loofah/Makefile 1.5
- www/ruby-loofah/PLIST 1.4
- www/ruby-loofah/distinfo 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 1 16:11:45 UTC 2018
Modified Files:
pkgsrc/www/ruby-loofah: Makefile PLIST distinfo
Log Message:
www/ruby-loofah: update to 2.2.3
## 2.2.3 / 2018-10-30
### Security
Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154
## Meta / 2018-10-27
The mailing list is now on Google Groups [#146](https://github.com/flavorjones/loofah/issues/146):
* Mail: loofah-talk@googlegroups.com
* Archive: https://groups.google.com/forum/#!forum/loofah-talk
This change was made because librelist no longer appears to be maintained.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-loofah/Makefile \
pkgsrc/www/ruby-loofah/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-loofah/PLIST
|
|
|
|
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.202
- www/curl/PLIST 1.71
- www/curl/distinfo 1.147
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Oct 31 08:06:24 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: Update www/curl to 7.62.0
Changes:
7.62.0
------
This release includes the following changes:
o multiplex: enable by default
o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
o setopt: add CURLOPT_DOH_URL
o curl: --doh-url added
o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
o imap: change from "FETCH" to "UID FETCH"
o configure: add option to disable automatic OpenSSL config loading
o upkeep: add a connection upkeep API: curl_easy_upkeep()
o URL-API: added five new functions
o vtls: MesaLink is a new TLS backend
This release includes the following bugfixes:
o CVE-2018-16839: SASL password overflow via integer overflow
o CVE-2018-16840: use-after-free in handle close
o CVE-2018-16842: warning message out-of-buffer read
o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
o Curl_dedotdotify(): always nul terminate returned string
o Curl_follow: Always free the passed new URL
o Curl_http2_done: fix memleak in error path
o Curl_retry_request: fix memory leak
o Curl_saferealloc: Fixed typo in docblock
o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
o GnutTLS: TLS 1.3 support
o SECURITY-PROCESS: mention the bountygraph program
o VS projects: add USE_IPV6:
o Windows: fixes for MinGW targeting Windows Vista
o anyauthput: fix compiler warning on 64-bit Windows
o appveyor: add WinSSL builds
o appveyor: run test suite (on Windows!)
o certs: generate tests certs with sha256 digest algorithm
o checksrc: enable strict mode and warnings
o checksrc: handle zero scoped ignore commands
o cmake: Backport to work with CMake 3.0 again
o cmake: Improve config installation
o cmake: add support for transitive ZLIB target
o cmake: disable -Wpedantic-ms-format
o cmake: don't require OpenSSL if USE_OPENSSL=OFF
o cmake: fixed path used in generation of docs/tests
o cmake: remove unused *SOCKLEN_T variables
o cmake: suppress MSVC warning C4127 for libtest
o cmake: test and set missed defines during configuration
o comment: Fix multiple typos in function parameters
o config: Remove unused SIZEOF_VOIDP
o config_win32: enable LDAPS
o configure: force-use -lpthreads on HPUX
o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
o cookies: Remove redundant expired check
o cookies: fix leak when writing cookies to file
o curl-config.in: remove dependency on bc
o curl.1: --ipv6 mutexes ipv4 (fixed typo)
o curl: enabled Windows VT Support and UTF-8 output
o curl: update the documentation of --tlsv1.0
o curl_multi_wait: call getsock before figuring out timeout
o curl_ntlm_wb: check aprintf() return codes
o curl_threads: fix classic MinGW compile break
o darwinssl: Fix realloc memleak
o darwinssl: more specific and unified error codes
o data-binary.d: clarify default content-type is x-www-form-urlencoded
o docs/BUG-BOUNTY: explain the bounty program
o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
o docs/CIPHERS: fix the TLS 1.3 cipher names
o docs/CIPHERS: mention the colon separation for OpenSSL
o docs/examples: URL updates
o docs: add "see also" links for SSL options
o example/asiohiper: insert warning comment about its status
o example/htmltidy: fix include paths of tidy libraries
o examples/Makefile.m32: sync with core
o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
o examples/parseurl.c: show off the URL API
o examples: Fix memory leaks from realloc errors
o examples: do not wait when no transfers are running
o ftp: include command in Curl_ftpsend sendbuffer
o gskit: make sure to terminate version string
o gtls: Values stored to but never read
o hostip: fix check on Curl_shuffle_addr return value
o http2: fix memory leaks on error-path
o http: fix memleak in rewind error path
o krb5: fix memory leak in krb_auth
o ldap: show precise LDAP call in error message on Windows
o lib: fix gcc8 warning on Windows
o memory: add missing curl_printf header
o memory: ensure to check allocation results
o multi: Fix error handling in the SENDPROTOCONNECT state
o multi: fix memory leak in content encoding related error path
o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
o netrc: free temporary strings if memory allocation fails
o nss: fix nssckbi module loading on Windows
o nss: try to connect even if libnssckbi.so fails to load
o ntlm_wb: Fix memory leaks in ntlm_wb_response
o ntlm_wb: bail out if the response gets overly large
o openssl: assume engine support in 0.9.8 or later
o openssl: enable TLS 1.3 post-handshake auth
o openssl: fix gcc8 warning
o openssl: load built-in engines too
o openssl: make 'done' a proper boolean
o openssl: output the correct cipher list on TLS 1.3 error
o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
o openssl: show "proper" version number for libressl builds
o pipelining: deprecated
o rand: add comment to skip a clang-tidy false positive
o rtmp: fix for compiling with lwIP
o runtests: ignore disabled even when ranges are given
o runtests: skip ld_preload tests on macOS
o runtests: use Windows paths for Windows curl
o schannel: unified error code handling
o sendf: Fix whitespace in infof/failf concatenation
o ssh: free the session on init failures
o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
o system.h: use proper setting with Sun C++ as well
o test1299: use single quotes around asterisk
o test1452: mark as flaky
o test1651: unit test Curl_extract_certinfo()
o test320: strip out more HTML when comparing
o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
o tests: add unit tests for url.c
o timeval: fix use of weak symbol clock_gettime() on Apple platforms
o tool_cb_hdr: handle failure of rename()
o travis: add a "make tidy" build that runs clang-tidy
o travis: add build for "configure --disable-verbose"
o travis: bump the Secure Transport build to use xcode
o travis: make distcheck scan for BOM markers
o unit1300: fix stack-use-after-scope AddressSanitizer warning
o urldata: Fix "connecting" comment
o urlglob: improve error message on bad globs
o vtls: fix ssl version "or later" behavior change for many backends
o x509asn1: Fix SAN IP address verification
o x509asn1: always check return code from getASN1Element()
o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
o x509asn1: suppress left shift on signed value
To generate a diff of this commit:
cvs rdiff -u -r1.201 -r1.202 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.146 -r1.147 pkgsrc/www/curl/distinfo
|
|
|
|
textproc/uriparser: security update
Revisions pulled up:
- textproc/uriparser/Makefile 1.11
- textproc/uriparser/distinfo 1.9
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Mon Oct 29 16:17:25 UTC 2018
Modified Files:
pkgsrc/textproc/uriparser: Makefile distinfo
Log Message:
Update uriparser to 0.9.0.
2018-10-27 -- 0.9.0
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Fixed: Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
Commit 864f5d4c127def386dd5cc926ad96934b297f04e
Thanks to Google Autofuzz team for the report!
* Fixed: Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
Commit f76275d4a91b28d687250525d3a0c5509bbd666f
Thanks to Google Autofuzz team for the report!
* Fixed: Protect uriResetUri* against acting on NULL input
Commit f58c25069cf4a986fe17a80c5b38687e31feb539
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Fixed: Be fully compliant to C89 (GitHub #28) and C++98 in test code
* Fixed: Fix off-by-one in uriComposeQueryCharsRequired* and ...Ex*
Reported space requirements were 1 byte bigger than necessary
* Changed: Marked as deprecated:
Deprecated functions:
uriNormalizeSyntaxMaskRequired[AW]
uriParseUri[AW]
uriParseUriEx[AW]
* Added: Add convenience functions to ease user code to parse a single URI
New functions:
uriParseSingleUri[AW]
uriParseSingleUriEx[AW]
uriParseSingleUriExMm[AW]
* Added: Support for custom memory managers (GitHub #26, #35), see Doxygen
New functions (as extension of existing ones):
uriAddBaseUriExMm[AW]
uriComposeQueryMallocExMm[AW]
uriDissectQueryMallocExMm[AW]
uriFreeQueryListMm[AW]
uriFreeUriMembersMm[AW]
uriNormalizeSyntaxExMm[AW]
uriParseSingleUriExMm[AW]
uriRemoveBaseUriMm[AW]
New functions (for convenience):
uriCompleteMemoryManager
uriEmulateCalloc
uriEmulateReallocarray
uriTestMemoryManager
New error codes:
URI_ERROR_MEMORY_MANAGER_FAULTY
URI_ERROR_MEMORY_MANAGER_INCOMPLETE
New types:
UriFuncCalloc
UriFuncFree
UriFuncMalloc
UriFuncRealloc
UriFuncReallocarray
UriMemoryManager
* Added: Add non-void versions of uriNormalizeSyntaxMaskRequired*
New functions:
uriNormalizeSyntaxMaskRequiredEx[AW]
* Changed: Migrate test suite from CppTest to GoogleTest 1.8.1
* Improved: Make test suite free of memory leaks (GitHub #31)
Thanks to AddressSanitizer!
* Removed: Support for pointless define URI_SIZEDOWN (GitHub #29)
Related configure option --enable-sizedown has also been removed.
* Soname: 1:23:0
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/textproc/uriparser/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/uriparser/distinfo
|
|
www/drupal8: security update
Revisions pulled up:
- www/drupal8/Makefile 1.11-1.12
- www/drupal8/PLIST 1.9-1.10
- www/drupal8/distinfo 1.10-1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wen
Date: Tue Oct 2 02:56:59 UTC 2018
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
Update to 8.6.1
Upstrean changelog is too long, please visit:
https://www.drupal.org/project/drupal/releases/8.6.0
https://www.drupal.org/project/drupal/releases/8.6.1
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/drupal8/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/drupal8/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/drupal8/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 18 14:39:38 UTC 2018
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.6.2
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006
No other fixes are included.
Sites on 8.5.x should update immediately to Drupal 8.5.8 instead, and plan to
update to the latest 8.6.x release before May 2019.
Important update information
Site update and module owners planning to update to this should take note of
the following important changes.
For site owners
* Previously, users who didn't have access to use any Content Moderation
transitions were granted implicit access to update content provided the
state of the content did not change. This access has been removed. Site
owners should ensure that all content editor roles have access to
appropriate transitions for moderated content types (including published to
published where appropriate).
* There are no database updates in this release, but site owners will need to
run update.php to ensure a cache clear.
* No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary.
For contributed and custom module developers
* \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination()
has been removed. If you have extended that class or are calling that
method, you should review your implementation in line with the changes in
the patch.
* An additional method has been added to
StateTransitionValidationInterface. Implementations should review the new
method and ensure compatibility with it.
* ModerationStateConstraintValidator now has two additional service
dependencies. Subclasses will need to update their constructor to inject the
new services.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/drupal8/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/drupal8/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/drupal8/distinfo
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.51-1.52
- www/drupal7/PLIST 1.19
- www/drupal7/distinfo 1.39-1.40
- www/drupal7/patches/patch-includes_bootstrap.inc 1.1
- www/drupal7/patches/patch-includes_form.inc 1.1
- www/drupal7/patches/patch-includes_install.inc 1.1
- www/drupal7/patches/patch-includes_menu.inc 1.1
- www/drupal7/patches/patch-includes_module.inc 1.1
- www/drupal7/patches/patch-includes_theme.inc 1.1
- www/drupal7/patches/patch-modules_book_book.module 1.1
- www/drupal7/patches/patch-modules_field_modules_list_list.install 1.1
- www/drupal7/patches/patch-modules_locale_locale.test 1.1
- www/drupal7/patches/patch-modules_simpletest_tests_themes_test__theme_theme-settings.php 1.1
- www/drupal7/patches/patch-modules_system_system.admin.inc 1.1
- www/drupal7/patches/patch-modules_system_system.test 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: prlw1
Date: Wed Oct 3 10:58:15 UTC 2018
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Added Files:
pkgsrc/www/drupal7/patches: patch-includes_bootstrap.inc
patch-includes_form.inc patch-includes_install.inc
patch-includes_menu.inc patch-includes_module.inc
patch-includes_theme.inc patch-modules_book_book.module
patch-modules_field_modules_list_list.install
patch-modules_locale_locale.test
patch-modules_simpletest_tests_themes_test__theme_theme-settings.php
patch-modules_system_system.admin.inc
patch-modules_system_system.test
Log Message:
Update drupal7 to 7.59nb2
PHP 7.2: Removed deprecated function each().
PHP 7.2: Avoid count() calls on uncountable variables.
PHP 7.2: Removed deprecated create_function() call.
PHP 7.2: Make sure variables are arrays in theme_links().
Fixed theme-settings.php not being loaded on cached forms
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.38 -r1.39 pkgsrc/www/drupal7/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/drupal7/patches/patch-includes_bootstrap.inc \
pkgsrc/www/drupal7/patches/patch-includes_form.inc \
pkgsrc/www/drupal7/patches/patch-includes_install.inc \
pkgsrc/www/drupal7/patches/patch-includes_menu.inc \
pkgsrc/www/drupal7/patches/patch-includes_module.inc \
pkgsrc/www/drupal7/patches/patch-includes_theme.inc \
pkgsrc/www/drupal7/patches/patch-modules_book_book.module \
pkgsrc/www/drupal7/patches/patch-modules_field_modules_list_list.install \
pkgsrc/www/drupal7/patches/patch-modules_locale_locale.test \
pkgsrc/www/drupal7/patches/patch-modules_simpletest_tests_themes_test__theme_theme-settings.php \
pkgsrc/www/drupal7/patches/patch-modules_system_system.admin.inc \
pkgsrc/www/drupal7/patches/patch-modules_system_system.test
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 18 14:32:48 UTC 2018
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
www/drupal7: update to 7.60
Drupal 7.60, 2018-10-18
------------------------
- Fixed security issues. See SA-CORE-2018-006.
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/www/drupal7/distinfo
|
|
lang/php: security update
lang/php72: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.233
- lang/php72/distinfo 1.31
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Oct 13 06:18:37 UTC 2018
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.11
11 Oct 2018, PHP 7.2.11
- Core:
. Fixed bug #76800 (foreach inconsistent if array modified during loop).
(Dmitry)
. Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts
memory). (Nikita)
- CURL:
. Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
(Pierrick)
- iconv:
. Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
(cmb)
- Opcache:
. Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
(Anatol)
. Fixed bug #76796 (Compile-time evaluation of disabled function in opcache
causes segfault). (Nikita)
- POSIX:
. Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
- Reflection:
. Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
(cmb)
- Standard:
. Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open
data connection). (Ville Hukkamäki)
. Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with
stream_socket_client). (Ville Hukkamäki)
. Fixed bug #75533 (array_reduce is slow when $carry is large array).
(Manabu Matsui)
- XMLRPC:
. Fixed bug #76886 (Can't build xmlrpc with expat). (Thomas Petazzoni, cmb)
- Zlib:
. Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
(Martin Burke, cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.232 -r1.233 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.30 -r1.31 pkgsrc/lang/php72/distinfo
|
|
lang/php: security update
lang/php71: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.232
- lang/php71/distinfo 1.43
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Oct 13 06:17:32 UTC 2018
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: update to 7.1.23
11 Oct 2018, PHP 7.1.23
- Core:
. Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts
memory). (Nikita)
. Fixed bug #76846 (Segfault in shutdown function after memory limit error).
(Nikita)
- CURL:
. Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
(Pierrick)
- iconv:
. Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
(cmb)
- Opcache:
. Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
(Anatol)
- POSIX:
. Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
- Reflection:
. Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
(cmb)
- Standard:
. Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open
data connection). (Ville Hukkamäki)
. Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with
stream_socket_client). (Ville Hukkamäki)
. Fixed bug #75533 (array_reduce is slow when $carry is large array).
(Manabu Matsui)
- Zlib:
. Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
(Martin Burke, cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.231 -r1.232 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/php71/distinfo
|
|
|
|
www/firefox60: security fix, build fix
Revisions pulled up:
- www/firefox60-l10n/Makefile 1.4
- www/firefox60-l10n/distinfo 1.4
- www/firefox60/Makefile 1.6-1.7
- www/firefox60/PLIST 1.2
- www/firefox60/distinfo 1.3
- www/firefox60/patches/patch-build_moz.configure_init.configure deleted
- www/firefox60/patches/patch-third__party_rust_libloading_.cargo-checksum.json deleted
- www/firefox60/patches/patch-third__party_rust_libloading_build.rs deleted
---
Module Name: pkgsrc
Committed By: he
Date: Sun Oct 28 17:40:15 UTC 2018
Modified Files:
pkgsrc/www/firefox60: Makefile
Added Files:
pkgsrc/www/firefox60/patches: patch-build_moz.configure_init.configure
Log Message:
Add a patch so that this configures with rust >= 1.29, patterned after
https://bugzilla.mozilla.org/show_bug.cgi?id=1479540
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 29 01:16:58 UTC 2018
Modified Files:
pkgsrc/www/firefox60: Makefile PLIST distinfo
pkgsrc/www/firefox60-l10n: Makefile distinfo
Removed Files:
pkgsrc/www/firefox60/patches: patch-build_moz.configure_init.configure
patch-third__party_rust_libloading_.cargo-checksum.json
patch-third__party_rust_libloading_build.rs
Log Message:
firefox60{,-l10n}: update to 60.3.0
patches removed seem to be merged.
security fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
|
|
databases/mysql56-client: build fix
Revisions pulled up:
- databases/mysql56-client/distinfo 1.47
- databases/mysql56-client/patches/patch-cmd-line-utils_libedit_chartype.h 1.1
- databases/mysql56-client/patches/patch-cmd-line-utils_libedit_vi.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Mon Oct 8 13:26:04 UTC 2018
Modified Files:
pkgsrc/databases/mysql56-client: distinfo
Added Files:
pkgsrc/databases/mysql56-client/patches:
patch-cmd-line-utils_libedit_chartype.h
patch-cmd-line-utils_libedit_vi.c
Log Message:
Unbreak build on DragonFly BSD.
Add OpenBSD to the exclusion list in chartype.h as with upstream version.
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/databases/mysql56-client/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/databases/mysql56-client/patches/patch-cmd-line-utils_libedit_chartype.h \
pkgsrc/databases/mysql56-client/patches/patch-cmd-line-utils_libedit_vi.c
|
|
databases/mysql57-client: build fix
Revisions pulled up:
- databases/mysql57-client/distinfo 1.23
- databases/mysql57-client/patches/patch-cmd-line-utils_libedit_chartype.h 1.1
- databases/mysql57-client/patches/patch-cmd-line-utils_libedit_vi.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Mon Oct 1 00:11:29 UTC 2018
Modified Files:
pkgsrc/databases/mysql57-client: distinfo
Added Files:
pkgsrc/databases/mysql57-client/patches:
patch-cmd-line-utils_libedit_chartype.h
patch-cmd-line-utils_libedit_vi.c
Log Message:
Unbreak build on DragonFly BSD.
Add OpenBSD to the exclusion list in chartype.h as with upstream version.
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/mysql57-client/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/databases/mysql57-client/patches/patch-cmd-line-utils_libedit_chartype.h \
pkgsrc/databases/mysql57-client/patches/patch-cmd-line-utils_libedit_vi.c
|
|
|
|
lang/ruby: security update
lang/ruby23-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.198
- lang/ruby23-base/distinfo 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 18 14:24:07 UTC 2018
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby23-base: distinfo
Log Message:
lang/ruby23-base: update o 2.3.8
Ruby 2.3.8 Released
Ruby 2.3.8 has been released. This release includes several security
fixes. Please check the topics below for details.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly This release also includes a non-security fix to support
Visual Studio 2014 with Windows 10 October 2018 Update for
maintenance reasons.
Ruby 2.3 is now under the state of the security maintenance phase,
until the end of the March of 2019. After the date, maintenance of
Ruby 2.3 will be ended. We recommend you start planning migration to
newer versions of Ruby, such as 2.5 or 2.4.
To generate a diff of this commit:
cvs rdiff -u -r1.197 -r1.198 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby23-base/distinfo
|
|
lang/ruby: security update
lang/ruby25-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.197
- lang/ruby25-base/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 18 14:21:36 UTC 2018
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby25-base: distinfo
Log Message:
lang/ruby25-base: update to 2.5.3
Ruby 2.5.2 Released
Ruby 2.5.2 has been released.
This release includes some bug fixes and some security fixes.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
There are also some bug fixes. See commit logs for more details.
Ruby 2.5.3 Released
Ruby 2.5.3 has been released.
There were some missing files in the release packages of 2.5.2 which are
necessary for building. See details in [Bug #15232].
This release is just for fixing the packaging issue. This release doesn¢t
contain any additional bug fixes from 2.5.2.
To generate a diff of this commit:
cvs rdiff -u -r1.196 -r1.197 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/ruby25-base/distinfo
|
|
time/py-dateutil: timezone data update
time/py-tzdata: timezone data update
Revisions pulled up:
- time/py-dateutil/Makefile 1.24-1.25
- time/py-dateutil/distinfo 1.14-1.15
- time/py-tzdata/Makefile 1.7
- time/py-tzdata/distinfo 1.7
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Oct 26 08:06:11 UTC 2018
Modified Files:
pkgsrc/time/py-dateutil: Makefile distinfo
Log Message:
py-dateutil: updated to 2.7.4
Version 2.7.4:
Data updates
- Updated tzdata version to 2018f.
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Oct 29 11:10:07 UTC 2018
Modified Files:
pkgsrc/time/py-dateutil: Makefile distinfo
Log Message:
py-dateutil: updated to 2.7.5
Version 2.7.5:
Data updates
- Update tzdata to 2018g
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Oct 29 11:11:27 UTC 2018
Modified Files:
pkgsrc/time/py-tzdata: Makefile distinfo
Log Message:
py-tzdata: updated to 2018.7
2018.7:
Unknown changes
|
|
time/ruby-tzinfo-data: timezone data update
time/ruby-tzinfo03: timezone data update
Revisions pulled up:
- time/ruby-tzinfo-data/Makefile 1.17-1.18
- time/ruby-tzinfo-data/distinfo 1.16-1.17
- time/ruby-tzinfo03/Makefile 1.10
- time/ruby-tzinfo03/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 21 15:55:19 UTC 2018
Modified Files:
pkgsrc/time/ruby-tzinfo-data: Makefile distinfo
Log Message:
time/ruby-tzinfo-data: update to 1.2018.6
1.2018.6 (2018/10/18)
Based on version 2018f of the IANA Time Zone Database
(https://mm.icann.org/pipermail/tz-announce/2018-October/000051.html).
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 15:29:05 UTC 2018
Modified Files:
pkgsrc/time/ruby-tzinfo03: Makefile distinfo
Log Message:
time/ruby-tzinfo03: update to 0.3.55
0.33.55 (2018/10/27)
Based on version 2018g of the IANA Time Zone Database
(https://mm.icann.org/pipermail/tz-announce/2018-October/000052.html).
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 15:29:56 UTC 2018
Modified Files:
pkgsrc/time/ruby-tzinfo-data: Makefile distinfo
Log Message:
time/ruby-tzinfo-data: update to 1.2018.7
1.2018.7 (2018/10/27)
Based on version 2018g of the IANA Time Zone Database
(https://mm.icann.org/pipermail/tz-announce/2018-October/000052.html).
|
|
graphics/tiff: security fix
Revisions pulled up:
- graphics/tiff/Makefile 1.143
- graphics/tiff/distinfo 1.92
- graphics/tiff/patches/patch-CVE-2017-11613 1.1
- graphics/tiff/patches/patch-CVE-2017-18013 1.1
- graphics/tiff/patches/patch-CVE-2018-10963 1.1
- graphics/tiff/patches/patch-CVE-2018-17100 1.1
- graphics/tiff/patches/patch-CVE-2018-17101 1.1
- graphics/tiff/patches/patch-CVE-2018-5784 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Oct 28 09:45:07 UTC 2018
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-CVE-2017-11613 patch-CVE-2017-18013
patch-CVE-2018-10963 patch-CVE-2018-17100 patch-CVE-2018-17101
patch-CVE-2018-5784
Log Message:
patches from upstream for
CVE-2017-11613 CVE-2017-18013 CVE-2018-5784 CVE-2018-10963
CVE-2018-17100 CVE-2018-17101
|
|
multimedia/mkvtoolnix: security fix
Revisions pulled up:
- multimedia/mkvtoolnix/Makefile 1.116-1.117
- multimedia/mkvtoolnix/distinfo 1.55-1.56
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Oct 24 10:55:07 UTC 2018
Modified Files:
pkgsrc/multimedia/mkvtoolnix: Makefile distinfo
Log Message:
mkvtoolnix: updated to 28.1.0
Version 28.1.0 "Morning Child":
Bug fixes
* mkvmerge: AV1 parser: fixed an error in the sequence header parser if
neither the reduced_still_picture_header nor the
frame_id_numbers_present_flag is set.
* mkvmerge: AV1 parser: when creating the av1C structure for the Codec
Private element the sequence header OBU wasn't copied completely: its common
data (type field & OBU size among others) was missing.
* mkvmerge: Matroska reader, AV1: mkvmerge will try to re-create the av1C
data stored in Codec Private when reading AV1 from Matroska or WebM files
created by mkvmerge v28.0.0.
* MKVToolNix GUI: info tool: the tool will no longer stop scanning elements
when an EBML Void element is found after the first Cluster element.
---
Module Name: pkgsrc
Committed By: maya
Date: Fri Oct 26 18:09:40 UTC 2018
Modified Files:
pkgsrc/multimedia/mkvtoolnix: Makefile distinfo
Log Message:
mkvtoolnix: update to 28.2.0. security fix.
* mkvmerge, mkvinfo, mkvextract, mkvpropedit, MKVToolNix GUI's info tool &
chapter editor: fixed a case of memory being accessed after it had been
freed earlier. This can be triggered by specially crafted Matroska files and
lead to arbitrary code execution. The vulnerability was reported as Cisco
TALOS 2018-0694 on 2018-10-25.
|
|
lang/ruby: security update
lang/ruby24-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.196
- lang/ruby24-base/distinfo 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 18 14:15:13 UTC 2018
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby24-base: distinfo
Log Message:
lang/ruby24-base: update to 2.4.5
Ruby 2.4.5 Released
Ruby 2.4.5 has been released.
This release includes about 40 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
See the commit logs for details.
To generate a diff of this commit:
cvs rdiff -u -r1.195 -r1.196 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby24-base/distinfo
|
|
|
|
www/seamonkey: security update
www/seamonkey-l10n: security update
Revisions pulled up:
- www/seamonkey-l10n/Makefile 1.44
- www/seamonkey-l10n/PLIST 1.29
- www/seamonkey-l10n/distinfo 1.42
- www/seamonkey/Makefile 1.181
- www/seamonkey/PLIST 1.62
- www/seamonkey/distinfo 1.155
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 23 22:55:13 UTC 2018
Modified Files:
pkgsrc/www/seamonkey: Makefile PLIST distinfo
pkgsrc/www/seamonkey-l10n: Makefile PLIST distinfo
Log Message:
seamonkey: update to 2.49.4
Note this update is based off an EOL firefox (ESR52). Use with caution.
What's New in SeaMonkey 2.49.4
SeaMonkey 2.49.4 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.
SeaMonkey 2.49.4 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.
SeaMonkey-specific changes
Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.
SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Pleae try another OS theme first.
Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox.
To generate a diff of this commit:
cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/seamonkey/Makefile
cvs rdiff -u -r1.61 -r1.62 pkgsrc/www/seamonkey/PLIST
cvs rdiff -u -r1.154 -r1.155 pkgsrc/www/seamonkey/distinfo
cvs rdiff -u -r1.43 -r1.44 pkgsrc/www/seamonkey-l10n/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/www/seamonkey-l10n/PLIST
cvs rdiff -u -r1.41 -r1.42 pkgsrc/www/seamonkey-l10n/distinfo
|
|
|
|
graphics/tiff: security patch
Revisions pulled up:
- graphics/tiff/Makefile 1.142
- graphics/tiff/distinfo 1.91
- graphics/tiff/patches/patch-libtiff_tif__jbig.c 1.1
- graphics/tiff/patches/patch-libtiff_tif__read.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Thu Oct 25 22:58:05 UTC 2018
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-libtiff_tif__jbig.c
patch-libtiff_tif__read.c
Log Message:
tiff: apply fix for CVE-2018-18557
>From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 14 Oct 2018 16:38:29 +0200
Subject: [PATCH 1/1] JBIG: fix potential out-of-bounds write in JBIGDecode()
JBIGDecode doesn't check if the user provided buffer is large enough
to store the JBIG decoded image, which can potentially cause out-of-bounds
write in the buffer.
This issue was reported and analyzed by Thomas Dullien.
Also fixes a (harmless) potential use of uninitialized memory when
tif->tif_rawsize > tif->tif_rawcc
And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
that whole strip data is provided to JBIGDecode()
The last part (CHUNKY_STRIP_READ_SUPPORT) was adapted by myself to fit
the libtiff release.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.141 -r1.142 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \
pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c
|
|
x11/modular-xorg-server: security update
Revisions pulled up:
- x11/modular-xorg-server/Makefile.common 1.25-1.26
- x11/modular-xorg-server/distinfo 1.90-1.91
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Oct 18 18:12:38 UTC 2018
Modified Files:
pkgsrc/x11/modular-xorg-server: Makefile.common distinfo
Log Message:
modular-xorg-server: update to 1.20.2.
Lots of bugfixes all over the map. Thanks to all for testing and
patches!
Adam Jackson (8):
modesetting: Lie less in the man page
modesetting: Document Option "DoubleShadow" in the man page
xfree86: Fix Option "MaxClients" validation
modesetting: Don't free(dst) in drmmode_prop_info_copy
glamor_egl: Don't initialize on llvmpipe
glamor/egl: Avoid crashing on broken configurations
fbdevhw: Refuse to touch PCI devices on the fallback probe path
xserver 1.20.2
Alex Goins (1):
randr: rrCheckPixmapBounding should only increase screen size
Alexander Volkov (1):
os/xdmcp: Don't create a new socket in XdmcpReset()
Cedric Roux (1):
miext/damage: take care of the coordinate mode in damagePolyPoint
Dave Airlie (9):
shm: move shmsize verify before allocating the drawable.
xi: free modifiers_failed on error path. (v2)
fboverlay: move bpp checks above malloc
glamor: fix leak of fs_getcolor_source.
modesetting: get pEnt after error checks
posix_tty: free leak of xf86SetStrOption return value.
xkb: fix what looks to be a copy-paste error with first vs firstMM
mibltblt: free prgnSrcClip on error path.
devices: break after finding and removing device from lists
Jim Qu (1):
modesetting: code refactor for PRIME sync
Lionel Landwerlin (2):
present: fix freed pointer access
xwayland: fix access to invalid pointer
Olivier Fourdan (3):
glx: check for indirect context in CreateContextAttribsARB()
xwayland: Remove xwl_present_window from privates on cleanup
xwayland: Use `double` for `xwl_tablet_tool`
Peter Hutterer (1):
dix: check_modmap_change() returns Success, not true
Pierre Ossman (1):
Switch automatic composite update to WorkQueue
Scott Anderson (1):
xwayland: use wayland axis_discrete event
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 pkgsrc/x11/modular-xorg-server/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/x11/modular-xorg-server/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Thu Oct 25 22:40:57 UTC 2018
Modified Files:
pkgsrc/x11/modular-xorg-server: Makefile.common distinfo
Log Message:
modular-xorg-server: update to 1.20.3, security fix.
Matthieu Herrb (2):
Disable -logfile and -modulepath when running with elevated privileges
LogFilePrep: add a comment to the unsafe format string.
Peter Hutterer (1):
xfree86: fix readlink call
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/x11/modular-xorg-server/Makefile.common
cvs rdiff -u -r1.90 -r1.91 pkgsrc/x11/modular-xorg-server/distinfo
|
|
|
|
lang/ocaml: build fix
Revisions pulled up:
- lang/ocaml/Makefile 1.121
- lang/ocaml/PLIST 1.49
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gdt
Date: Tue Oct 16 00:19:40 UTC 2018
Modified Files:
pkgsrc/lang/ocaml: Makefile PLIST
Log Message:
ocaml: Adjust PLIST for old MacOS
MacOS before 10.13 lacks the POSIX-required clock_gettime(), and fails
to build some "instrumented runtime" files. Conditionalize the PLIST
and avoid expecting these on older MacOS.
Based almost entirely on a patch from Ryo Kogule on tech-pkg@, with
minor munging by me.
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ocaml/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/lang/ocaml/PLIST
|
|
|
|
lang/chicken: security update
Revisions pulled up:
- lang/chicken/Makefile 1.59-1.60
- lang/chicken/distinfo 1.43
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun Oct 14 09:07:25 UTC 2018
Modified Files:
pkgsrc/lang/chicken: Makefile distinfo
Log Message:
chicken: Update lang/chicken to 4.13.0
Patch provided by dziltener via PR pkg/52929, thanks!
Changes:
4.13.0
- Security fixes
- CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
when allocating in non-GC memory, resulting in potential 1-word
buffer overrun and/or segfault (thanks to Lemonboy).
- CVE-2017-9334: `length' no longer crashes on improper lists (fixes
#1375, thanks to "megane").
- CVE-2017-11343: The randomization factor of the symbol table was
set before the random seed was set, causing it to have a fixed value
on many platforms.
- Core Libraries
- Unit "posix": If file-lock, file-lock/blocking or file-unlock are
interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
- char-ready? on string ports now also returns #t at EOF, as per R5RS;
in other words, it always returns #t (thanks to Moritz Heidkamp)
- Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
on s8vectors (thanks to Kristian Lein-Mathisen).
- Large literals no longer crash with "invalid encoded numeric literal"
on mingw-64 (#1344, thanks to Lemonboy).
- Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
from being matched correctly (Thanks to Lemonboy and Chunyang Xu).
- Runtime system:
- The profiler no longer uses malloc from a signal handler which may
cause deadlocks (#1414, thanks to Lemonboy).
- The scheduler no longer indirectly hangs on to the old thread
when switching to a new one, which caused excessive memory
consumption (#1367, thanks to "megane").
- C++ programs no longer fail with a symbol lookup error when
compiled with debugger support (-d3 or -debug-info).
- Syntax expander
- Renaming an identifier twice no longer results in an undo of the
rename (fixes #1362, thanks to "megane").
- Build system
- Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
- Fixed compilation on DragonflyBSD due to no feature macro support
in its standard C library (thanks to Markus Pfeiffer).
- Compiler
- The scrutinizer no longer uses 'fixnum as the type for fixnums
that might not fit into a fixnum on 32-bit architectures.
- Foreign function interface
- Correctly calculate memory requirements of Scheme objects produced
from foreign types with "const" qualifiers, avoiding memory
corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
- Do not read beyond temporary stack buffer, which could lead to
a crash when returning from a foreign callback (#1428).
4.12.0
- Security fixes
- CVE-2016-6830: Fix buffer overrun due to excessively long argument
or environment lists in process-execute and process-spawn (#1308).
This also removes unnecessary limitations on the length of
these lists (thanks to Vasilij Schneidermann).
- CVE-2016-6831: Fix memory leak in process-execute and
process-spawn. If, during argument and environment list
processing, a list item isn't a string, an exception is thrown,
in which case previously malloc()ed strings weren't freed.
- CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
an exponential explosion in compilation of nested "+" patterns.
- Compiler:
- define-constant now correctly keeps symbol values quoted.
- Warnings are now emitted when using vector-{ref,set!} or one
of take, drop, list-ref or list-tail with an out of range index
for vectors and proper lists of a definitely known length.
- The scrutinizer will no longer drop knowledge of the length of a
vector. It still drops types of its contents (which may be mutated).
- Fixed incorrect argvector restoration after GC in directly
recursive functions (#1317).
- "Direct" procedure invocations now also maintain debug info (#894).
- Syntax expander
- DSSSL lambda lists have improved hygiene, so they don't need
the chicken or scheme modules to be imported in full (#806).
- The let-optionals* macro no longer needs "quote", "car" and "cdr"
to be imported and bound to their default values (#806).
- Runtime system:
- C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
which is faster because it is inlined (#1260, thanks to Kooda).
- The default error handler now truncates very long condition
messages (thanks to Lemonboy).
- Weak symbol GC (-:w) no longer drops random symbols (#1173).
- The number of arguments to procedures, both via "apply" and direct
invocation, are now limited only by the C stack size (#1098).
- "time" macro now shows peak memory usage (#1318, thanks to Kooda).
- Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).
- Core libraries:
- Irregex has been updated to 0.9.5, which fixes matching of all "bow"
occurrances beyond the first with irregex-fold (upstream issue #14).
- Keywords are more consistently read/written, like symbols (#1332).
- SRFI-39: When jumping out of a parameterized dynamic extent,
"parameterize" now remember the actual values, so when jumping back
in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
This was a regression caused by the fix for #1227.
- Tools:
- "chicken-install"
- When installing eggs in deploy mode with "-keep-installed", eggs
under the prefix won't unnecessarily be reinstalled (#1144).
- Added new option "-no-install-deps" which inhibits automatic
installation of dependencies, useful with "-prefix" (#1298).
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Thu Oct 18 14:32:43 UTC 2018
Modified Files:
pkgsrc/lang/chicken: Makefile
Log Message:
chicken: Set INSTALL_PROGRAM, fixes install on SunOS.
To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/chicken/Makefile
|
|
devel/ncurses: security patch
devel/ncursesw: security patch
Revisions pulled up:
- devel/ncurses/Makefile 1.100
- devel/ncurses/distinfo 1.35
- devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c 1.3
- devel/ncursesw/Makefile 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Thu Oct 18 19:42:50 UTC 2018
Modified Files:
pkgsrc/devel/ncurses: Makefile distinfo
pkgsrc/devel/ncursesw: Makefile
Added Files:
pkgsrc/devel/ncurses/patches: patch-ncurses_tinfo_parse__entry.c
Log Message:
ncurses{,w}: Backport patch for CVE-2018-10754
Patch provided by Attila Fülöp via NetBSD/pkgsrc#34, thanks!
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/devel/ncurses/distinfo
cvs rdiff -u -r0 -r1.3 \
pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ncursesw/Makefile
|
|
devel/libgit2: security update
Revisions pulled up:
- devel/libgit2/Makefile 1.29
- devel/libgit2/distinfo 1.14
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 18 14:43:01 UTC 2018
Modified Files:
pkgsrc/devel/libgit2: Makefile distinfo
Log Message:
devel/libgit2: update to 0.27.5
libgit2 0.27.5 (2018/10/5)
This is a security release fixing the following list of issues:
* Submodule URLs and paths with a leading "-" are now ignored. This is due to
the recently discovered CVE-2018-17456, which can lead to arbitrary code
execution in upstream git. While libgit2 itself is not vulnerable, it can
be used to inject options in an implementation which performs a recursive
clone by executing an external command.
* When running repack while doing repo writes, packfile_load__cb() could see
some temporary files in the directory that were bigger than the usual, and
makes memcmp overflow on the p->pack_name string. This issue was reported
and fixed by bisho.
* The configuration file parser used unbounded recursion to parse multiline
variables, which could lead to a stack overflow. The issue was reported by
the oss-fuzz project, issue 10048 and fixed by Nelson Elhage.
* The fix to the unbounded recursion introduced a memory leak in the config
parser. While this leak was never in a public release, the oss-fuzz project
reported this as issue 10127. The fix was implemented by Nelson Elhage and
Patrick Steinhardt.
* When parsing "ok" packets received via the smart protocol, our parsing code
did not correctly verify the bounds of the packets, which could result in a
heap-buffer overflow. The issue was reported by the oss-fuzz project, issue
9749 and fixed by Patrick Steinhardt.
* The parsing code for the smart protocol has been tightened in general,
fixing heap-buffer overflows when parsing the packet type as well as for
"ACK" and "unpack" packets. The issue was discovered and fixed by Patrick
Steinhardt.
* Fixed potential integer overflows on platforms with 16 bit integers when
parsing packets for the smart protocol. The issue was discovered and fixed
by Patrick Steinhardt.
* Fixed potential NULL pointer dereference when parsing configuration files
which have "include.path" or "includeIf..path" statements without a value.
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 pkgsrc/devel/libgit2/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/libgit2/distinfo
|
|
devel/patch: security patches
Revisions pulled up:
- devel/patch/Makefile 1.45
- devel/patch/distinfo 1.13
- devel/patch/patches/patch-src_pch.c 1.1
- devel/patch/patches/patch-tests_Makefile.in 1.1
- devel/patch/patches/patch-tests_ed-style 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Thu Oct 18 19:26:16 UTC 2018
Modified Files:
pkgsrc/devel/patch: Makefile distinfo
Added Files:
pkgsrc/devel/patch/patches: patch-src_pch.c patch-tests_Makefile.in
patch-tests_ed-style
Log Message:
patch: Backport patches for several security fixes
pkgsrc changes:
- Remove custom and no longer needed do-patch target, it was fixed upstream
- Minor cosmetic improvements pointed out by pkglint
Changes:
- Backport patches for CVE-2018-6951, CVE-2018-6952 and CVE-2018-1000156
Patch provided by Attila Fülöp via NetBSD/pkgsrc#33, thanks!
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/devel/patch/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/patch/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/patch/patches/patch-src_pch.c \
pkgsrc/devel/patch/patches/patch-tests_Makefile.in \
pkgsrc/devel/patch/patches/patch-tests_ed-style
|
|
mail/spamassassin: security update
Revisions pulled up:
- mail/spamassassin/Makefile 1.132
- mail/spamassassin/distinfo 1.72
- mail/spamassassin/patches/patch-Makefile.PL 1.3
- mail/spamassassin/patches/patch-ae 1.14
- mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm deleted
- mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm deleted
- mail/spamassassin/patches/patch-sa-compile deleted
- mail/spamassassin/patches/patch-spamc_libspamc.c 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Oct 18 19:54:32 UTC 2018
Modified Files:
pkgsrc/mail/spamassassin: Makefile distinfo
pkgsrc/mail/spamassassin/patches: patch-Makefile.PL patch-ae
patch-spamc_libspamc.c
Removed Files:
pkgsrc/mail/spamassassin/patches:
patch-lib_Mail_SpamAssassin_DnsResolver.pm
patch-lib_Mail_SpamAssassin_PerMsgStatus.pm patch-sa-compile
Log Message:
Update spamassassin to 3.4.2.
From Attila Fueloep in pull request NetBSD/pkgsrc#32.
Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years. As we release 3.4.2, we are preparing 4.0.0 which
will move us into a full UTF-8 environment. We expect one final 3.4.3
release.
As with any release there are a number of functional patches, improvements as
well as security reasons to upgrade to 3.4.2. In this case we have over 3
years of issues being resolved at once. And we are laying thr groundwork for
version 4.0 which is is designed to more natively handle UTF-8.
However, there is one specific pressing reason to upgrade. Specifically, we
will stop producing SHA-1 signatures for rule updates. This means that while
we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.
*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***
Full release notes at
http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.2.txt.
To generate a diff of this commit:
cvs rdiff -u -r1.131 -r1.132 pkgsrc/mail/spamassassin/Makefile
cvs rdiff -u -r1.71 -r1.72 pkgsrc/mail/spamassassin/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/spamassassin/patches/patch-Makefile.PL
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/spamassassin/patches/patch-ae
cvs rdiff -u -r1.5 -r0 \
pkgsrc/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm
cvs rdiff -u -r1.3 -r0 \
pkgsrc/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm
cvs rdiff -u -r1.1 -r0 pkgsrc/mail/spamassassin/patches/patch-sa-compile
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/mail/spamassassin/patches/patch-spamc_libspamc.c
|
