| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
As discussed on pkgsrc-users.
|
|
p5-DateTime-1.4200, plasma-5.8.5, py-ncclient-0.5.3, root-6.08.02,
tor-0.2.9.8 [pkg/51745].
|
|
|
|
|
|
Version 1.6.27beta01 [November 2, 2016]
Restrict the new ADLER32-skipping to IDAT chunks. It broke iCCP chunk
handling: an erroneous iCCP chunk would throw a png_error and reject the
entire PNG image instead of rejecting just the iCCP chunk with a warning,
if built with zlib-1.2.8.1.
Version 1.6.27rc01 [December 27, 2016]
Control ADLER32 checking with new PNG_IGNORE_ADLER32 option.
Removed the use of a macro containing the pre-processor 'defined'
operator. It is unclear whether this is valid; a macro that
"generates" 'defined' is not permitted, but the use of the word
"generates" within the C90 standard seems to imply more than simple
substitution of an expression itself containing a well-formed defined
operation.
Added ARM support to CMakeLists.txt (Andreas Franek).
Version 1.6.27 [December 29, 2016]
Fixed a potential null pointer dereference in png_set_text_2() (bug report
and patch by Patrick Keshishian).
|
|
OK from wiz@
|
|
|
|
problem. Sorry for the noise.
|
|
|
|
Bump rev
|
|
sysctl as well)
|
|
This breaks www/firefox for ECDSA https connection, for example, *.google.com.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix sysconfdir setting.
|
|
|
|
|
|
### 4.3.1 (2016-12-22)
* Preserve uppercase characters in custom sections IDs (see #639).
* Always show the section title instead of its ID (see #640).
* Correctly handle DropZone file uploads (see #637).
* Fix the markup of the CSV importers (see #645).
* Correctly symlink the logs directory under Windows (see #634).
|
|
|
|
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
|
|
Security update to address CVE-2016-9963
Exim version 4.88
-----------------
JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
supports it and a size is available (ie. the sending peer gave us one).
JH/02 The obsolete acl condition "demime" is removed (finally, after ten
years of being deprecated). The replacements are the ACLs
acl_smtp_mime and acl_not_smtp_mime.
JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
a downgraded non-dane trust-anchor for the TLS connection (CA-style)
or even an in-clear connection were permitted. Now, if the host lookup
was dnssec and dane was requested then the host is only used if the
TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
if one fails this test.
This means that a poorly-configured remote DNS will make it incommunicado;
but it protects against a DNS-interception attack on it.
JH/04 Bug 1810: make continued-use of an open smtp transport connection
non-noisy when a race steals the message being considered.
JH/05 If main configuration option tls_certificate is unset, generate a
self-signed certificate for inbound TLS connections.
JH/06 Bug 165: hide more cases of password exposure - this time in expansions
in rewrites and routers.
JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
and logged a warning sing 4.83; now they are a configuration file error.
JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
(lacking @domain). Apply the same qualification processing as RCPT.
JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
JH/10 Support ${sha256:} applied to a string (as well as the previous
certificate).
JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
a cutthrough deliver is pending, as we always want to make a connection.
This also avoids re-routing the message when later placing the cutthrough
connection after a verify cache hit.
Do not update it with the verify result either.
JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
when routing results in more than one destination address.
JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
signing (which inhibits the cutthrough capability). Previously only
the presence of an option was tested; now an expansion evaluating as
empty is permissible (obviously it should depend only on data available
when the cutthrough connection is made).
JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
the relevant preceding SMTP command did not note the pipelining mode.
JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
Previously they were not counted.
JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
as one having no matching records. Previously we deferred the message
that needed the lookup.
JH/17 Fakereject: previously logged as a norml message arrival "<="; now
distinguished as "(=".
JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
for missing MX records. Previously it only worked for missing A records.
JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
after the data-go-ahead and data-ack. Patch from Jason Betts.
JH/21 Bug 1846: Send DMARC forensic reports for reject and quaratine results,
even for a "none" policy. Patch from Tony Meyer.
JH/22 Fix continued use of a connection for further deliveries. If a port was
specified by a router, it must also match for the delivery to be
compatible.
JH/23 Bug 1874: fix continued use of a connection for further deliveries.
When one of the recipients of a message was unsuitable for the connection
(has no matching addresses), we lost track of needing to mark it
deferred. As a result mail would be lost.
JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
JH/25 Decoding ACL controls is now done using a binary search; the source code
takes up less space and should be simpler to maintain. Merge the ACL
condition decode tables also, with similar effect.
JH/26 Fix problem with one_time used on a redirect router which returned the
parent address unchanged. A retry would see the parent address marked as
delivered, so not attempt the (identical) child. As a result mail would
be lost.
JH/27 Fix a possible security hole, wherein a process operating with the Exim
UID can gain a root shell. Credit to http://www.halfdog.net/ for
discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
itself :(
JH/28 Enable {spool,log} filesystem space and inode checks as default.
Main config options check_{log,spool}_{inodes,space} are now
100 inodes, 10MB unless set otherwise in the configuration.
JH/29 Fix the connection_reject log selector to apply to the connect ACL.
Previously it only applied to the main-section connection policy
options.
JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
by me. Added RFC7919 DH primes as an alternative.
PP/02 Unbreak build via pkg-config with new hash support when crypto headers
are not in the system include path.
JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
GnuTLS, when a session startup failed (eg because the client disconnected)
Exim did stdio operations after fclose. This was exposed by a recent
change which nulled out the file handle after the fclose.
JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
signed directly by the cert-signing cert, rather than an intermediate
OCSP-signing cert. This is the model used by LetsEncrypt.
JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
an incoming connection.
HS/02 Bug 1802: Do not half-close the connection after sending a request
to rspamd.
HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
fallback to "prime256v1".
JH/34 SECURITY: Use proper copy of DATA command in error message.
Could leak key material. Remotely explaoitable. CVE-2016-9963.
ok wiz@
|
|
graphviz-2.40.1, libgcrypt-1.7.5, libgpg-error-1.26, lighttpd-1.4.44,
notmuch-0.23.4, p5-DBD-SQLite-1.54, p5-Scalar-List-Utils-1.47,
p5-YAML-1.21, py-dulwich-0.16.0, py-hypothesis-3.6.1, py-idna-2.2,
py-lxml-3.7.1, py-numpy-1.11.3, qemu-2.8.0, tor-0.2.9.8,
unifont-9.0.06, x264-devel-20161224.
|
|
|
|
|
|
Changelog:
Changes from 5.2 to 5.3
-----------------------
It is possible to enable character width support for Unicode 9 by
configuring with `--enable-unicode9'; this compiles in some additional
tables. At some point this support may move into a module, in which
case the configure option will be changed to cause the module to be
permanently loaded. This option is not useful unless your terminal also
supports Unicode 9.
The new word modifier ':P' computes the physical path of the argument.
It is different from the existing ':a' modifier which always resolves
'/before/here/../after' to '/before/after', and differs from the
existing ':A' modifier which resolves symlinks only after 'here/..' is
removed, even when /before/here is itself a symbolic link. It is
recommended to review uses of ':A' and, if appropriate, convert them
to ':P' as soon as compatibility with 5.2 is no longer a requirement.
The output of "typeset -p" uses "export" commands or the "-g" option
for parameters that are not local to the current scope. Previously,
all output was in the form of "typeset" commands, never using "-g".
vi-repeat-change can repeat user-defined widgets if the widget calls
zle -f vichange.
The parameter $registers now makes the contents of vi register buffers
available to user-defined widgets.
New vi-up-case and vi-down-case builtin widgets bound to gU/gu (or U/u
in visual mode) for doing case conversion.
A new select-word-match function provides vim-style text objects with
configurable word boundaries using the existing match-words-by-style
mechanism.
Support for the conditional expression [[ -v var ]] to test if a
variable is set for compatibility with other shells.
The print and printf builtins have a new option -v to assign the output
to a variable. This is for bash compatibility but with the additional
feature that, for an array, a separate element is used each time the
format is reused.
New x: syntax in completion match specifications make it possible to
disable match specifications hardcoded in completion functions.
|
|
|
|
* Fix PR pkg/51738 from Oshima-san
Changelog:
* Changes in opensource COBOL 1.5.1J
** Bug fixes
*** build error on Windows.
*** test failure caused by missing inline-function declarations on gcc5.
*** compiler warnings on v1.3 or later.
** Changes
*** update solution file in Visual Studio to 2015.
-----------------------------------------------------------------------
* Changes in opensource COBOL 1.5.0J
** New features
*** ADD new functions and features.
(1) Add a new function "C$CALLEDBY".
This gets the program name that called itself.
(2) Add a new function "C$LIST-DIRECTORY".
This gets the list of files in the target directory.
(3) Add a new feature "CANCEL ALL".
This cancel subprogram and all subprograms that callded by it.
|
|
|
|
* Fix NetBSD/i386 build
Changelog:
* Many bugfixes
|
|
|
|
Upstream changes:
# mikutter 3.5.0
Changes from alpha2
* update po translations
* cannot open URLs if Entity info is not sent by Twitter
* crash on clicking timestamp in message detail view
* crash with Ruby 2.1
# mikutter 3.5.0-alpha2
* deprecated warnings against continuation
* crash on changing keybind of mikutter commands
* remove unnecessary Model display settings
* print not only username but also screenname in Activity
* print post user for related resources in Tweet Activity
* omit permanent link to Tweet in Tweet Activity
* Resoerver no longer creates unnecesary Thread
|
|
- Fix type of read in prompt confirmation (eg. rmstar) (David Kaspar)
- Fix out of bounds read (Brooks Davis)
- Don't play pointer tricks that are undefined in modern c (Brooks Davis)
- Use `` instead $() for solaris, bleh.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Upstream changes:
* 3.3.1 (2016/12/23)
* buf fixes including resouce leak
|
|
|
|
|
