| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
www/apache24: security fix
Revisions pulled up:
- www/apache24/Makefile 1.77
- www/apache24/PLIST 1.28
- www/apache24/distinfo 1.40
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Apr 2 07:25:38 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
Log Message:
apache24: updated to 2.4.39
Changes with Apache 2.4.39
*) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
connection is recycled/reused to avoid a possible crash with some SSLProxy
configurations in <Location> or <Proxy> context.
*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
*) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host
*) mod_socache_redis: Support for Redis as socache storage provider.
*) core: new configuration option 'MergeSlashes on|off' that controls handling of
multiple, consecutive slash ('/') characters in the path component of the request URL.
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
*) mod_http2: new configuration directive: `H2Padding numbits` to control
padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
controlling the range of padding bytes added to a frame. The actual number
added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
frames equally. The default continues to be 0, e.g. no padding.
*) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
has no more need for it. Optional functions are still declared but no longer implemented.
While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching
versions of both modules.
*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
resolve bug 63170. The proxy module does now a single h2 request on the (reused)
connection and returns.
*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
to trigger immediate shutdown of backend connections. This is now always signalled
by mod_http2 when the the session is being released.
proxy_http2 now only sends a PING frame to the backend when there is not already one
in flight.
*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
loop when encountering certain errors on the backend connection.
*) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per
Location/Directory, e.g. disabling PUSH for a specific set of resources.
*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.
*) http: Fix possible empty response with mod_ratelimit for HEAD requests.
*) mod_cache_socache: Avoid reallocations and be safe with outgoing data
lifetime.
*) MPMs unix: bind the bucket number of each child to its slot number, for a
more efficient per bucket maintenance.
*) mod_auth_digest: Fix a race condition. Authentication with valid
credentials could be refused in case of concurrent accesses from
different users.
*) mod_http2: enable re-use of slave connections again. Fixed slave connection
keepalives counter.
*) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.
*) mod_proxy_wstunnel: Fix websocket proxy over UDS.
*) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
configuration (SSLFIPS on) and not active by default in OpenSSL.
|
|
net/wget: security fix
Revisions pulled up:
- net/wget/Makefile 1.146
- net/wget/distinfo 1.59
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Sun Apr 7 09:02:00 UTC 2019
Modified Files:
pkgsrc/net/wget: Makefile distinfo
Log Message:
Update wget to 1.20.3, which fixes CVE-2019-5953
It appears that the buffer overflow issue referred to is the same in
both 1.20.2 and 1.20.3 (they had to fix the fix).
Upstream changelog:
* Changes in Wget 1.20.3
** Fixed a buffer overflow vulnerability
* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability
|
|
|
|
devel/protobuf, devel/py-protobuf: update (mozc-server build fix)
Revisions pulled up:
- devel/protobuf/Makefile 1.19
- devel/protobuf/distinfo 1.24
- devel/py-protobuf/Makefile 1.18
- devel/py-protobuf/distinfo 1.17
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Apr 1 12:36:41 UTC 2019
Modified Files:
pkgsrc/devel/protobuf: Makefile distinfo
pkgsrc/devel/py-protobuf: Makefile distinfo
Log Message:
protobuf: updated to 3.7.1
Protocol Buffers v3.7.1:
C++
Avoid linking against libatomic in prebuilt protoc binaries
Avoid marking generated C++ messages as final, though we will do this in a future release
Miscellaneous build fixes
|
|
chat/unrealircd: build fix
Revisions pulled up:
- chat/unrealircd/Makefile 1.58-1.59
- chat/unrealircd/distinfo 1.22-1.23
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Apr 2 11:29:46 UTC 2019
Modified Files:
pkgsrc/chat/unrealircd: distinfo
Log Message:
chat/unrealircd: update distinfo.
The tarball was silently updated without a release. After diffing this
against the git tag, the updated tarball seems to change some if statements
from if (x = y) to if (x == y)...
https://github.com/unrealircd/unrealircd/commit/766055d5c0399fa55d03ac6ab33804dc084e2547
The bug fixed by this change is apparently not exploitable.
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Apr 2 12:42:44 UTC 2019
Modified Files:
pkgsrc/chat/unrealircd: Makefile
Log Message:
unrealircd: bump PKGREVISION for distinfo change
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 2 13:20:21 UTC 2019
Modified Files:
pkgsrc/chat/unrealircd: Makefile distinfo
Log Message:
unrealircd: set DIST_SUBDIR for new distfile
|
|
x11/qt5-qtbase: build fix
Revisions pulled up:
- x11/qt5-qtbase/Makefile 1.74
- x11/qt5-qtbase/files/qmake.conf 1.9
---
Module Name: pkgsrc
Committed By: markd
Date: Mon Apr 1 19:58:51 UTC 2019
Modified Files:
pkgsrc/x11/qt5-qtbase: Makefile
pkgsrc/x11/qt5-qtbase/files: qmake.conf
Log Message:
qt5-qtbase: fix setting QMAKE_COMPILER
QMAKE_COMPILER is meant to signify the compiler family being used
gcc for gcc
gcc clang llvm for clang
should properly fix the build issue seen on CentOS and likely other
systems.
|
|
x11/qt5-qtbase: build fix
Revisions pulled up:
- x11/qt5-qtbase/Makefile 1.73
---
Module Name: pkgsrc
Committed By: markd
Date: Mon Apr 1 04:33:01 UTC 2019
Modified Files:
pkgsrc/x11/qt5-qtbase: Makefile
Log Message:
qt5-qtbase: add missing # to comment
|
|
|
|
|
|
|
|
Changes from 1.7.2 to 1.7.3:
* Fix CVE-2019-9917.
ZNC before 1.7.3-rc1 allows an existing remote user to cause a
Denial of Service (crash) via invalid encoding.
|
|
|
|
Otherwise, it picks it up if it is installed, leading to a PLIST mismatch.
|
|
|
|
+ ImageMagick-7.0.8.35, MesaLib-19.0.1, apache24-2.4.39, harfbuzz-2.4.0,
khal-0.10.1, ledger-3.1.3, libssh2-1.8.2, libyaml-0.2.2, mame-0.208,
meld-3.20.1, ncdc-1.21, py-test-mock-1.10.3, py-yaml-5.1,
subversion-base-1.11.1, thunderbird-enigmail-2.0.10, utf8proc-2.3.0.
|
|
|
|
|
|
Patch from Piotr Meyer via pkgsrc-users, thanks!
|
|
Upstream does not document language requirements, but this lets it
build on netbsd-8 so it must be right.
|
|
With gcc 4.8, the configure script errors out about c++14. The build
works with gcc5 or gcc6, so set GCC_REQD to 5.
|
|
With python 2.7, itstool fails to process the cs translation as part
of the gnumeric112 build. This appears to be about confusion between
ascii and utf-8 on stderr or something like that. Because it appears
that few who might debug this are still using python 2.7, mark it
incompatible, which will cause the python3.7 version of itstool to be
built and used.
Proposed on pkgsrc-users without objection, and with no reports of the
2.7 version working.
|
|
Build fix for issue noted in Joyent CentOS bulk builds.
|
|
Extend non-PAM coverage to Linux. security/pam-pwauth_suid has BSDisms
in it that don't build on Linux. Someone may want to revisit this later
and alter support here, but that's not something to apply during a
freeze, anyway.
|
|
Handle rfkill being enabled on Linux builds by conditionalizing this
in the PLIST. Build fix for Linux only, does not affect other OSes.
|
|
|
|
Seems I forgot to commit this back in Nov. Fixes PR pkg/54078
|
|
|
|
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
|
|
+ Sigil-0.9.13, hatari-2.2.0, llvm-8.0.0, wine-4.0.
|
|
|
|
|
|
|
|
(flex is explicitly needed in c/parsing/Makefile for mlr_dsl_lexer.c.)
|
|
|
|
|
|
1.19.1
------
Python
* Backport "Add the missing grpc_cfstream dependency" to v1.19.x.
1.19.0
------
Python
* grpc_prefork(): check grpc_is_initialized before creating execctx.
* [gRPC] Enable Python 3 for Bazel to Run Tests.
* Escalate the failure of protoc execution.
* Remove dependency of grpc.framework.foundation.callable_util.
1.18.0
------
Python
* Servers are no longer guaranteed to automatically shutdown when garbage
collected. Applications must explicitly invoke grpc.Server.stop() to
shutdown the server and release its resources. This aligns server behavior
with the grpc.Channel.close() semantics introduced in v1.12.0.
* Add python API to retrieve library version. (#17580)
* Add Watch method to health check service. (#17597)
* Refactor server deallocation. (#17444)
* Add grpcio-status extension package. (#17490)
* Add gRPC Python Example: Metadata. (#17485)
* New abort with grpc.Status API. (#17481)
* Update urllib3 to avoid security vulnerability. (#17476)
* Add License to Python tarball. (#17411)
* Revert "Strip manylinux1 binary wheels". (#17412)
* Surface exceptions from Cython to Python as much as possible. (#16971)
* Add logging.basicConfig() for example servers. (#17322)
* Channelz Python wrapper implementation. (#17266)
* Fix Python blocking interceptors facing RpcError. (#17317)
* Raise the exception while credential initialization. (#17281)
1.17.1
------
Python
* Update urllib3 version number to avoid security vulnerability. (#17477)
* Revert stripping manylinux1 binary wheels to fix bad checksum of .so file.
(#17415)
1.17.0
------
Python
* Update Python documentation. (#17194)
* Migrate tests from Python 3.4 to Python 3.7. (#16995)
* Add wait-for-ready option. (#16919)
* The new gRPC Python documentation generator. (#17074)
* Allow gpr compatibility mode to be disabled in the Python build. (#16916)
* Fix logging issues introduced due to root logger being configured by gRPC.
(#17091)
* Add support for utf-8 error messages. (#16946)
* Ensure libboringssl.a is always built for Python. (#17049)
* Add python example to show the use of channel options. (#16924)
* Add type checking for channel args. (#16864)
* Strip manylinux1 binary wheels. (#16836)
1.16.1
------
This is 1.16.1 patch release for gRPC-Python.
Please see the notes for the previous releases here: https://github.com/grpc/
grpc/releases. Please consult https://grpc.io/ for all information regarding
this product.
This prerelease contains refinements, improvements, and bug fixes.
* Python: Fixed the issue where calls to logging.basicConfig() in various
modules added a handler to the root logger. This also fixes "No handlers
could be found" message in some cases. (#17064)
1.16.0
------
Python
* Fix SSL channel credential when an argument is None. (#16640)
* Bazel: Fix python BUILD rules. (#16561)
1.15.1
------
Python
* Added experimental support for client-side fork on Linux and Mac by setting
the environment variable GRPC_ENABLE_FORK_SUPPORT=1. Applications may fork
with active RPCs, as long as no user threads are currently invoking gRPC
library methods. In-progress RPCs continue in the parent process, and the
child process may use gRPC by creating new channels. (#16264)
* Improve PyPy compatibility. (#16364)
* Fix segmentation fault caused by channel.close() when used with
connectivity-state subscriptions. (#16296)
* Add server reflection guide for Python. See https://github.com/grpc/grpc/
blob/master/doc/python/server_reflection.md.
* Add Cython functionality to directly wrap grpc_arg. (#16192, #16197)
1.14.2
------
* Python: Segmentation fault caused by channel.close() when used with
connectivity-state subscriptions. (#16296)
1.14.1
------
If you are using version 1.14.0, please upgrade to this patch. A fix for issue
#15889 is reverted in this patch. The fix may cause memory corruption is some
corner cases. We advise not to use release 1.14.0.
1.14.0
------
Python
* Explicitly check conformance of handlers added to a gRPC server to
grpc.GenericRpcHandler type. (#15689)
* Expose SERVICE_NAME field from reflection and health checking services. (#
16153)
* Explicitly close channels in examples via the Channel.close API. (#15725)
+ Please note that gRPC requires explicit closure of Channel objects via
a with block or directly invoking the Channel.close API to ensure
resources are appropriately released.
* Official Python 3.7 binary wheels for Windows (x64), macOS, and Linux (x86
and x64) are now available. (#15632)
* Optimize blocking intercepted response-unary calls to use the blocking API
and not rely on a future underneath. (#14639)
|
|
Put package into a consistent state until problem is diagnosed
|
|
Previous commit partially failed for unknown reason
|
|
PLIST was wrong due to build system using python's sys.platorm, which the
package Makefile incorrectly tried to replicate using pkgsrc variables.
Also added LICENSE and fixed one undocumented patch.
|
|
|
|
bump pkg revision.
this makes efence work with modern compilers.
|
|
Fixes build on CentOS 7 minimal.
|
|
will figure out the best way to implement it after the freeze
|
|
|
|
Bug fix and security release on the stable 3.6.x branch.
OK during the freeze by <jperkin>, thanks!
Changes:
3.6.7
-----
- libgnutls, gnutls tools: Every gnutls_free() will automatically set
the free'd pointer to NULL. This prevents possible use-after-free and
double free issues. Use-after-free will be turned into NULL dereference.
The counter-measure does not extend to applications using gnutls_free().
- libgnutls: Fixed a memory corruption (double free) vulnerability in the
certificate verification API. Reported by Tavis Ormandy; addressed with
the change above. [GNUTLS-SA-2019-03-27, #694]
- libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
- libgnutls: enforce key usage limitations on certificates more actively.
Previously we would enforce it for TLS1.2 protocol, now we enforce it
even when TLS1.3 is negotiated, or on client certificates as well. When
an inappropriate for TLS1.3 certificate is seen on the credentials structure
GnuTLS will disable TLS1.3 support for that session (#690).
- libgnutls: the default number of tickets sent under TLS 1.3 was increased to
two. This makes it easier for clients which perform multiple connections
to the server to use the tickets sent by a default server.
- libgnutls: enforce the equality of the two signature parameters fields in
a certificate. We were already enforcing the signature algorithm, but there
was a bug in parameter checking code.
- libgnutls: fixed issue preventing sending and receiving from different
threads when false start was enabled (#713).
- libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
session, as non-writeable security officer sessions are undefined in PKCS#11
(#721).
- libgnutls: no longer send downgrade sentinel in TLS 1.3.
Previously the sentinel value was embedded to early in version
negotiation and was sent even on TLS 1.3. It is now sent only when
TLS 1.2 or earlier is negotiated (#689).
- gnutls-cli: Added option --logfile to redirect informational messages output.
- No API and ABI modifications since last version.
|
|
|
|
|
|
|
|
Resolves build failures on CentOS
|
|
Download must have failed and I didn't pay attention -- sorry...
|
