| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
www/seamonkey: security fix
Revisions pulled up:
- www/seamonkey/Makefile 1.196
- www/seamonkey/distinfo 1.159
- www/seamonkey/patches/patch-ao deleted
- www/seamonkey/patches/patch-mozilla_ipc_chromium_src_build_build__config.h deleted
- www/seamonkey/patches/patch-mozilla_security_manager_ssl_moz.build 1.1
- www/seamonkey/patches/patch-mozilla_toolkit_moz.configure 1.3
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Sep 4 20:07:53 UTC 2019
Modified Files:
pkgsrc/www/seamonkey: Makefile distinfo
pkgsrc/www/seamonkey/patches: patch-mozilla_toolkit_moz.configure
Added Files:
pkgsrc/www/seamonkey/patches:
patch-mozilla_security_manager_ssl_moz.build
Removed Files:
pkgsrc/www/seamonkey/patches: patch-ao
patch-mozilla_ipc_chromium_src_build_build__config.h
Log Message:
seamonkey: Update to 2.49.5
SeaMonkey 2.49.5 contains (among other changes) the following major changes relative to SeaMonkey 2.49.4:
SeaMonkey 2.49.5 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.
SeaMonkey 2.49.5 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.
Additional security fixes up to ESR 60.2 and a few enhancements have been backported.
SeaMonkey-specific changes
==========================
* Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.
|
|
|
|
misc/fbreader: build fix
Revisions pulled up:
- misc/fbreader/distinfo 1.13
- misc/fbreader/patches/patch-fbreader_src_formats_doc_OleStorage.cpp 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Sep 9 13:31:53 UTC 2019
Modified Files:
pkgsrc/misc/fbreader: distinfo
Added Files:
pkgsrc/misc/fbreader/patches:
patch-fbreader_src_formats_doc_OleStorage.cpp
Log Message:
fbreader: avoid narrowing conversion warning. Taken from gentoo.
Fixes PR pkg/54107: pkgsrc-2019Q1/misc/fbreader doesn't build with
newer compiler(s)
|
|
devel/glibmm: build fix
Revisions pulled up:
- devel/glibmm/buildlink3.mk 1.18
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Sep 9 11:40:16 UTC 2019
Modified Files:
pkgsrc/devel/glibmm: buildlink3.mk
Log Message:
glibmm: sync GCC_REQD between bl3, Makefile.
Fixes atkmm builds with GCC < 4.9
|
|
security/gpgme: build fix
Revisions pulled up:
- security/gpgme/Makefile 1.95
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Sep 9 11:19:33 UTC 2019
Modified Files:
pkgsrc/security/gpgme: Makefile
Log Message:
gpgme: fix for older GCC.
Remove unrecognized flag (GCC 4.8.5), default to -std=gnu99, since we have
loop initial declarations.
tested on SmartOS and CentOS 7.
|
|
|
|
devel/SDL: NetBSD build fix (follow up to #6008)
Revisions pulled up:
- devel/SDL/distinfo 1.82
- devel/SDL/patches/patch-src_video_SDL__pixels.c 1.2
---
Module Name: pkgsrc
Committed By: micha
Date: Wed Jul 24 14:08:23 UTC 2019
Modified Files:
pkgsrc/devel/SDL: distinfo
pkgsrc/devel/SDL/patches: patch-src_video_SDL__pixels.c
Log Message:
Fixed patch-src_video_SDL__pixels.c for NetBSD 7
Declaration of local variable 'byte' moved out of for loop because this syntax
requires C99 (breaks e.g. NetBSD 7 because LANGUAGES= c99 is not defined by
package).
|
|
databases/ldb: dependent update
net/samba4: security fix
Revisions pulled up:
- databases/ldb/Makefile 1.6
- databases/ldb/buildlink3.mk 1.2
- databases/ldb/distinfo 1.3
- net/samba4/Makefile 1.75,1.77-1.78
- net/samba4/PLIST 1.23
- net/samba4/distinfo 1.33-1.35
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 20 22:46:59 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile buildlink3.mk
Log Message:
*: recursive bump for nettle 3.5.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jul 21 22:26:08 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
*: recursive bump for gdk-pixbuf2-2.38.1
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Aug 3 06:54:39 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.10.6
Changes 4.10.6:
* BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts.
* BUG 13964: smbd does not correctly parse arguments passed to dfree and
quota scripts.
* BUG 13965: samba-tool dns: use bytes for inet_ntop.
* BUG 13828: samba-tool domain provision: Fix --interactive module in
python3.
* BUG 13893: ldb_kv: Skip @ records early in a search full scan.
* BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth"
connection.
* BUG 14002: python/ntacls: Use correct "state directory" smb.conf option
instead of "state dir".
* BUG 13840: registry: Add a missing include.
* BUG 13944: Fix SMB guest authentication.
* BUG 13958: AppleDouble conversion breaks Resourceforks.
* BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread().
* BUG 13987: s3:mdssvc: Fix flex compilation error.
* BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:
* BUG 13799: dsdb:samdb: schemainfo update with relax control.
* BUG 13964: s3:util: Move static file_pload() function to lib/util.
* BUG 13957: smbd: Fix a panic.
* BUG 12478: ldap server: Generate correct referral schemes.
* BUG 13941: s4 dsdb/repl_meta_data: fix use after free in
dsdb_audit_add_ldb_value.
* BUG 13942: s4 dsdb: Fix use after free in
samldb_rename_search_base_callback.
* BUG 12204: dsdb/repl: we need to replicate the whole schema before we can
apply it.
* BUG 12478: ldb: Release ldb 1.5.5
* BUG 13713: Schema replication fails if link crosses chunk boundary
backwards.
* BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips
the schemaInfo update provision.
* BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown]
SID [(NULL SID)] ..."
* BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in
order to get the ACL.
* BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte
boundary.
* BUG 13939: Using Kerberos credentials to print using spoolss doesn't work.
* BUG 13998: wafsamba: Use native waf timer.
* BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 11 13:25:21 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
Bump PKGREVISIONs for perl 5.30.0
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Aug 23 10:52:41 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.7
Samba 4.10.7
* BUG 14010: Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module.
* BUG 13844: build: Allow build when '--disable-gnutls' is set.
* BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py.
* BUG 14008: Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade.
* BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC.
* BUG 14046: join: Use a specific attribute order for the DsAddEntry
nTDSDSA object.
* BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname().
* BUG 14091: lookup_name: Allow own domain lookup when flags == 0.
* BUG 13932: s4 librpc rpc pyrpc: Ensure tevent_context deleted last.
* BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log
file.
* BUG 13949: Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto".
* BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days.
* BUG 13969: dnsProperty fails to decode values from older Windows versions.
* BUG 13973: samba-tool: Use only one LDAP modify for dns partition fsmo
role transfer.
* BUG 13960: third_party: Update waf to version 2.0.17.
* BUG 14051: netcmd: Allow 'drs replicate --local' to create partitions.
* BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file.
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Sep 3 19:11:58 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.8
Samba 4.10.8:
This is a security release in order to address the following defect:
o CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Aug 3 06:52:32 UTC 2019
Modified Files:
pkgsrc/databases/ldb: Makefile buildlink3.mk distinfo
Log Message:
ldb: updated to 1.5.5
1.5.5:
Unknown changes
|
|
|
|
print/poppler: build fix
Revisions pulled up:
- print/poppler/buildlink3.mk 1.75
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Sep 9 11:05:00 UTC 2019
Modified Files:
pkgsrc/print/poppler: buildlink3.mk
Log Message:
poppler: sync GCC_REQD between bl3 and Makefile.
|
|
lang/llvm: build fix
Revisions pulled up:
- lang/llvm/Makefile 1.44
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Sep 9 10:53:23 UTC 2019
Modified Files:
pkgsrc/lang/llvm: Makefile
Log Message:
llvm: bump GCC_REQD. configure will fail with GCC < 5.1.
|
|
x11/libdrm: Linux build fix
Revisions pulled up:
- x11/libdrm/Makefile 1.93-1.94
- x11/libdrm/distinfo 1.94-1.95
- x11/libdrm/patches/patch-xf86drm.c 1.5-1.6
---
Module Name: pkgsrc
Committed By: maya
Date: Sun Sep 8 15:43:37 UTC 2019
Modified Files:
pkgsrc/x11/libdrm: Makefile distinfo
pkgsrc/x11/libdrm/patches: patch-xf86drm.c
Log Message:
libdrm: restore "return 0;" for linux drmParsePciBusInfo.
It was lost in a patching accident.
From Yosuke Kawasaki in PR pkg/54534
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: maya
Date: Sun Sep 8 15:55:04 UTC 2019
Modified Files:
pkgsrc/x11/libdrm: Makefile distinfo
pkgsrc/x11/libdrm/patches: patch-xf86drm.c
Log Message:
libdrm: don't steal another linux "return" line for the netbsd block.
Thanks wiz for the heads up. PR pkg/54534
|
|
mail/roundcube, mail/roundcube-plugin-*: security fix
Revisions pulled up:
- mail/roundcube-plugin-enigma/Makefile 1.6
- mail/roundcube-plugin-enigma/distinfo 1.14
- mail/roundcube-plugin-password/Makefile 1.6
- mail/roundcube-plugin-password/distinfo 1.14
- mail/roundcube-plugin-zipdownload/Makefile 1.4
- mail/roundcube-plugin-zipdownload/distinfo 1.14
- mail/roundcube/Makefile.common 1.14
- mail/roundcube/distinfo 1.65
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:08:09 UTC 2019
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
Log Message:
mail/roundcube: update to 1.3.10
RELEASE 1.3.10
--------------
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:08:56 UTC 2019
Modified Files:
pkgsrc/mail/roundcube-plugin-enigma: Makefile distinfo
Log Message:
mail/roundcube-plugin-enigma: update to 1.3.10
RELEASE 1.3.10
--------------
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:10:39 UTC 2019
Modified Files:
pkgsrc/mail/roundcube-plugin-password: Makefile distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.3.10
Update roundcube-plugin-password to 1.3.10. No changes except version.
pkgsrc change: remove duplicated setting PLUGIN.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:11:47 UTC 2019
Modified Files:
pkgsrc/mail/roundcube-plugin-zipdownload: Makefile distinfo
Log Message:
mail/roundcube-plugin-zipdownload: update to 1.3.10
Update roundcube-plugin-password to 1.3.10. No changes except version.
pkgsrc change: remove duplicated setting PLUGIN.
|
|
lang/php71: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.268
- lang/php71/distinfo 1.54
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:04:13 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: update to 7.1.32
29 Aug 2019, PHP 7.1.32
- mbstring:
. Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.267
- lang/php73/distinfo 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:03:17 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lag/php73: update to 7.3.9
29 Aug 2019, PHP 7.3.9
- Core:
. Fixed bug #78363 (Buffer overflow in zendparse). (Nikita)
. Fixed bug #78379 (Cast to object confuses GC, causes crash). (Dmitry)
. Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC
child). (Nikita)
- Curl:
. Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
(Abyr Valg)
- Exif:
. Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and
invalid cast). (Nikita)
- FPM:
. Fixed bug #77185 (Use-after-free in FPM master event handling).
(Maksim Nikulin)
- Iconv:
. Fixed bug #78342 (Bus error in configure test for iconv //IGNORE). (Rainer
Jung)
- LiteSpeed:
. Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown). (George Wang)
- MBString:
. Fixed bug #78380 (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224) (Stas)
- MySQLnd:
. Fixed bug #78179 (MariaDB server version incorrectly detected). (cmb)
. Fixed bug #78213 (Empty row pocket). (cmb)
- Opcache:
. Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is
used). (Nikita)
- Standard:
. Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream)
with invalid length). (Nikita)
. Fixed bug #78282 (atime and mtime mismatch). (cmb)
. Fixed bug #78326 (improper memory deallocation on stream_get_contents()
with fixed length buffer). (Albert Casademont)
. Fixed bug #78346 (strip_tags no longer handling nested php tags). (cmb)
|
|
|
|
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.266
- lang/php72/distinfo 1.44
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:02:05 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.22
29 Aug 2019, PHP 7.2.22
- Core:
. Fixed bug #78363 (Buffer overflow in zendparse). (Nikita)
. Fixed bug #78379 (Cast to object confuses GC, causes crash). (Dmitry)
- Curl:
. Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
(Abyr Valg)
- Exif:
. Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and
invalid cast). (Nikita)
- Iconv:
. Fixed bug #78342 (Bus error in configure test for iconv //IGNORE). (Rainer
Jung)
- LiteSpeed:
. Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown). (George Wang)
- MySQLnd:
. Fixed bug #78179 (MariaDB server version incorrectly detected). (cmb)
- Opcache:
. Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is
used). (Nikita)
- Standard:
. Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream)
with invalid length). (Nikita)
. Fixed bug #78282 (atime and mtime mismatch). (cmb)
. Fixed bug #78326 (improper memory deallocation on stream_get_contents()
with fixed length buffer). (Albert Casademont)
|
|
mail/dovecot2-pigeonhole: security fix
Revisions pulled up:
- mail/dovecot2-pigeonhole/Makefile 1.49-1.52
- mail/dovecot2-pigeonhole/distinfo 1.37-1.39
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 18 13:41:34 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile distinfo
Log Message:
mail/dovecot2-pigeonhole: update to 0.5.7
Update dovecot2-pigeonhole to 0.5.7.
Changes
-------
+ vacation: Made the subject for the automatic response message produced
by the Sieve vacation action configurable. Both the default subject
(if the script defines none) and the subject template (e.g. used to
add a subject prefix) can be configured.
- dsync: dsync-replication does not synchronize Sieve scripts.
- imap_sieve_filter: Reduce FILTER=SIEVE verbosity over IMAP connection.
- testsuite: Pigeonhole testsuite segfaulted if it was compiled with
GCC 9
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 23 15:12:22 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile distinfo
Log Message:
mail/dovecot2-pigeonhole: update to 0.5.7.1
v0.5.7.1 2019-07-23 Timo Sirainen <timo.sirainen@open-xchange.com>
- dsync: Sieve script syncing failed if mailbox attributes weren't
enabled.
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jul 24 18:14:42 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile
Log Message:
Use https for dovecot.org.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 29 01:07:24 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile distinfo
Log Message:
mail/dovecot2-pigeonhole: update to 0.5.7.2
Update dovecot2-pigeonhole to 0.5.7.2.
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
|
|
mail/dovecot2: security fix
Revisions pulled up:
- mail/dovecot2/Makefile 1.98-1.100
- mail/dovecot2/Makefile.common 1.30-1.33
- mail/dovecot2/PLIST 1.66
- mail/dovecot2/buildlink3.mk 1.31-1.32
- mail/dovecot2/distinfo 1.93-1.97
- mail/dovecot2/options.mk 1.12
- mail/dovecot2/patches/patch-aa 1.7
- mail/dovecot2/patches/patch-src_lib_ostream-file.c deleted
---
Module Name: pkgsrc
Committed By: triaxx
Date: Wed Jul 3 05:51:54 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: options.mk
Log Message:
dovecot2: remove gnutls option that is currently broken
Fix PR pkg/54337
---
Module Name: pkgsrc
Committed By: triaxx
Date: Wed Jul 3 06:09:22 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile Makefile.common buildlink3.mk distinfo
pkgsrc/mail/dovecot2/patches: patch-aa
Log Message:
dovecot2: update blk3 to follow gnutls disabling
Do not bump revision since binary cannot be altered
pkgsrc changes:
---------------
* make blk3 conform to options.mk
* move BUILD_DEFS (pkglint WARN--)
* comment an explicit patch (pkglint ERROR--)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 18 13:38:18 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common PLIST buildlink3.mk distinfo
Log Message:
mail/dovecot2:
Update dovecot2 to 2.3.7.
Changes
-------
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=3Dadd-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=3Dno after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
---
Module Name: pkgsrc
Committed By: hauke
Date: Fri Jul 19 15:13:31 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile distinfo
Added Files:
pkgsrc/mail/dovecot2/patches: patch-src_lib_ostream-file.c
Log Message:
Silence Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed
Patch from upstream -head via FreeBSD
<https://svnweb.freebsd.org/ports/head/mail/dovecot/files/patch-src_lib_ostream-file.c?view=markup&pathrev=506487>
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239172>
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 23 15:11:24 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/mail/dovecot2/patches: patch-src_lib_ostream-file.c
Log Message:
mail/dovecot2: update to 2.3.7.1
v2.3.7.1 2019-07-23 Timo Sirainen <timo.sirainen@open-xchange.com>
- Fix TCP_NODELAY errors being logged on non-Linux OSes
- lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
- Remove wrongly added checks in namespace prefix checking
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 29 01:05:20 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common distinfo
Log Message:
mail/dovecot2: update to 2.3.7.2
Update dovecot2 and related packages to 2.3.7.2.
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
|
|
databases/mysql56-client: security fix
Revisions pulled up:
- databases/mysql56-client/Makefile 1.31
- databases/mysql56-client/Makefile.common 1.52
- databases/mysql56-client/distinfo 1.52-1.53
- databases/mysql56-client/patches/patch-include_m__string.h 1.1
- databases/mysql56-client/patches/patch-include_my_net.h 1.2
- databases/mysql56-client/patches/patch-mysys__ssl_my__aes__openssl.cc 1.1
- databases/mysql56-client/patches/patch-sql-common_client__authentication.cc deleted
- databases/mysql56-client/patches/patch-sql_mysqld.cc 1.5
- databases/mysql56-client/patches/patch-sql_rpl__slave.cc 1.3
- databases/mysql56-client/patches/patch-storage_innobase_include_univ.i 1.1
- databases/mysql56-client/patches/patch-vio_vio.c 1.3
- databases/mysql56-client/patches/patch-vio_viosslfactories.c 1.3
- databases/mysql56-server/Makefile 1.38
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Aug 6 06:55:15 UTC 2019
Modified Files:
pkgsrc/databases/mysql56-client: Makefile Makefile.common distinfo
pkgsrc/databases/mysql56-server: Makefile
Removed Files:
pkgsrc/databases/mysql56-client/patches:
patch-sql-common_client__authentication.cc
Log Message:
mysql56: updated to 5.6.45
Changes in MySQL 5.6.45:
Functionality Added or Changed
Microsoft Windows: A new warning message now reminds DBAs that connections made using the MySQL named pipe on Windows has limited the permissions a connector can request on the named pipe.
Previously, the named_pipe_full_access_group system variable was set to a value that maps to the built-in Windows Everyone group (SID S-1-1-0) by default. However, this group is not ideal and should be replaced with a group that restricts its membership for connectors that are unable to request fewer permissions on the MySQL named pipe.
The new warning is written to the error log at startup if the string value assigned to named_pipe_full_access_group is '*everyone*' (or the Windows System Language equivalent) and named pipes are enabled. In addition, the warning is written to the error log and raised to the client if the system variable is reset to the Everyone group at runtime.
Bugs Fixed
InnoDB: A query that scanned the primary key of a table did not return the expected result.
InnoDB: A full-text cache lock taken when data is synchronized was not released if the full-text cache size exceeded the full-text cache size limit.
InnoDB: Client sessions using different auto_increment_increment values while performing concurrent insert operations could cause a duplicate key error.
Replication: In query log events in the binary log, the thread ID used for the execution of DROP TABLE and DELETE statements was identified incorrectly or not at all. On a multi-threaded replication slave, where temporary tables were involved (which require the correct thread ID as they are session specific), this omission resulted in errors when using mysqlbinlog to replay the binary log for point-in-time recovery. The thread ID is now set correctly.
Installing from RPM packages could result in an error log with incorrect permissions.
Enabling audit log encryption could cause a server exit.
MySQL Installer did not install OpenSSL DLL dependencies if the Development component was not selected.
The parser could leak memory for certain multiple-statement queries.
MySQL does not support OpenSSL session tickets, but did not set the SSL_OP_NO_TICKET flag to inform OpenSSL of that. The flag is now set.
UpdateXML() did not always free memory properly in certain cases.
Empty values in the name column of the mysql.plugin system table caused the server to exit during startup.
Some PROXY grants were not replicated to slaves, causing incorrect replication.
If an INSTALL PLUGIN statement contained invalid UTF-8 characters in the shared library name, it caused the server to hang (or to raise an assertion in debug builds).
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Sep 6 10:01:44 UTC 2019
Modified Files:
pkgsrc/databases/mysql56-client: distinfo
pkgsrc/databases/mysql56-client/patches: patch-include_my_net.h
Added Files:
pkgsrc/databases/mysql56-client/patches: patch-include_m__string.h
patch-mysys__ssl_my__aes__openssl.cc patch-sql_mysqld.cc
patch-sql_rpl__slave.cc patch-storage_innobase_include_univ.i
patch-vio_vio.c patch-vio_viosslfactories.c
Log Message:
databases/mysql56-client: allow build with OpenSSL 1.1.x
* Allow mysql56-{client,server} build with OpenSSL 1.1.x.
* Reduce a few useless warnings.
|
|
www/apache24: build fix after previous pull-up
Revisions pulled up:
- www/apache24/Makefile 1.86
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Sep 7 13:22:28 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile
Log Message:
apache24: properly detect apt-util LDAP support
|
|
|
|
mail/exim: security fix (remote root)
Revisions pulled up:
- mail/exim/Makefile 1.170
- mail/exim/distinfo 1.72
---
Module Name: pkgsrc
Committed By: wiedi
Date: Fri Sep 6 12:57:33 UTC 2019
Modified Files:
pkgsrc/mail/exim: Makefile distinfo
Log Message:
exim: update to 4.92.2
Exim version 4.92.2
-------------------
HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
|
|
lang/ruby26-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.208
- lang/ruby26-base/PLIST 1.3
- lang/ruby26-base/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 28 14:23:21 UTC 2019
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby26-base: PLIST distinfo
Log Message:
lang/ruby26: update to 2.6.4
Update lang/ruby26-base and lang/ruby26 to 2.6.4.
Ruby 2.6.4 (2019-08-28)
Ruby 2.6.4 has been released.
This release includes a security fix of rdoc. Please check the topics below
for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit logs for changes in detail.
|
|
lang/ruby25-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.207
- lang/ruby25-base/PLIST 1.3
- lang/ruby25-base/distinfo 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 28 14:12:22 UTC 2019
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby25-base: PLIST distinfo
Log Message:
lang/ruby25: update to 2.5.6
Update ruby25-base/ruby25 to 2.5.6.
Ruby 2.5.6 (2019-08-28)
Ruby 2.5.6 has been released.
This release includes about 40 bug fixes after the previous release, and also includes a security fix. Please check the topics below for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit log for details.
|
|
lang/ruby24-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.206
- lang/ruby24-base/PLIST 1.3
- lang/ruby24-base/distinfo 1.14
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 28 14:03:54 UTC 2019
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby24-base: PLIST distinfo
Log Message:
lang/ruby24-base: update to 2.4.7
2.4.7 (2019-08-28)
Ruby 2.4.7 has been released.
This release includes a security fix. Please check the topics below for
details.
* Multiple jQuery vulnerabilities in RDoc
Ruby 2.4 is now under the state of the security maintenance phase, until
the end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 2.6 or 2.5.
|
|
www/apache24: SunOS build fix, security fix
Revisions pulled up:
- www/apache24/Makefile 1.82,1.84
- www/apache24/PLIST 1.31
- www/apache24/distinfo 1.41
- www/apache24/patches/patch-ai 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jul 1 04:08:55 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile
Log Message:
Recursive revbump from boost-1.70.0
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon Jul 22 10:34:22 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile
Log Message:
apache24: Extend SunOS C99 compilers list to gcc-5.
Should fix PR#54385 from Hiroshi Hakoyama.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 11 13:25:21 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile buildlink3.mk
Log Message:
Bump PKGREVISIONs for perl 5.30.0
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Aug 15 08:03:39 UTC 2019
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
pkgsrc/www/apache24/patches: patch-ai
Log Message:
apache24: updated to 2.4.41
Changes with Apache 2.4.41
*) SECURITY: CVE-2019-10081 (cve.mitre.org)
mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
could lead to an overwrite of memory in the pushing request's pool,
leading to crashes. The memory copied is that of the configured push
link header values, not data supplied by the client.
*) SECURITY: CVE-2019-9517 (cve.mitre.org)
mod_http2: a malicious client could perform a DoS attack by flooding
a connection with requests and basically never reading responses
on the TCP connection. Depending on h2 worker dimensioning, it was
possible to block those with relatively few connections.
*) SECURITY: CVE-2019-10098 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
*) SECURITY: CVE-2019-10092 (cve.mitre.org)
Remove HTML-escaped URLs from canned error responses to prevent misleading
text/links being displayed via crafted links.
*) SECURITY: CVE-2019-10097 (cve.mitre.org)
mod_remoteip: Fix stack buffer overflow and NULL pointer deference
when reading the PROXY protocol header.
*) SECURITY: CVE-2019-10082 (cve.mitre.org)
mod_http2: Using fuzzed network input, the http/2 session
handling could be made to read memory after being freed,
during connection shutdown.
*) mod_proxy_balancer: Improve balancer-manager protection against
XSS/XSRF attacks from trusted users.
*) mod_session: Introduce SessionExpiryUpdateInterval which allows to
configure the session/cookie expiry's update interval.
*) modules/filters: Fix broken compilation when using old GCC (<4.2.x).
*) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile
configured for a domain managed by mod_md.
|
|
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.51
- security/clamav/Makefile.common 1.11
- security/clamav/PLIST 1.7
- security/clamav/buildlink3.mk 1.8
- security/clamav/distinfo 1.28
- security/clamav/options.mk 1.6
- security/clamav/patches/patch-Makefile.in 1.5
- security/clamav/patches/patch-ab 1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 20 22:46:59 UTC 2019
Modified Files:
pkgsrc/security/clamav: Makefile
Log Message:
*: recursive bump for nettle 3.5.1
---
Module Name: pkgsrc
Committed By: prlw1
Date: Mon Aug 5 14:44:20 UTC 2019
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common PLIST buildlink3.mk
distinfo options.mk
pkgsrc/security/clamav/patches: patch-Makefile.in patch-ab
Log Message:
Update clamav to 0.101.2
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
|
|
|
|
security/libgcrypt: security fix
Revisions pulled up:
- security/libgcrypt/Makefile 1.97
- security/libgcrypt/PLIST 1.12
- security/libgcrypt/distinfo 1.82
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Sep 2 12:10:54 UTC 2019
Modified Files:
pkgsrc/security/libgcrypt: Makefile PLIST distinfo
Log Message:
libgcrypt: Update to 1.8.5
Noteworthy changes in version 1.8.5 (2019-08-29) [C22/A2/R5]
------------------------------------------------
* Bug fixes:
- Add mitigation against an ECDSA timing attack.
[#4626,CVE-2019-13627]
- Improve ECDSA unblinding.
* Other features:
- Provide a pkg-config file for libgcrypt.
Release-info: https://dev.gnupg.org/T4683
|
|
audio/mpg123: security fix
Revisions pulled up:
- audio/mpg123/Makefile.common 1.50
- audio/mpg123/distinfo 1.50
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Aug 31 14:24:19 UTC 2019
Modified Files:
pkgsrc/audio/mpg123: Makefile.common distinfo
Log Message:
mpg123: Update to 1.25.12
libmpg123:
Fix an out-of-bounds read of maximal two bytes for truncated RVA2 frames (oss-fuzz-bug 15975). The earlier fix around the same location needed one thought more. Actually, another though was needed, oss-fuzz-bug 16009 documents the incomplete fix.
Fix an invalid write of one zero byte for empty ID3v2 frames that demand de-unsyncing (oss-fuzz-bug 16050).
Correct preprocessor syntax in mangle.h, no #error in a #define line. (bug 273, thanks to nmlgc).
|
|
chat/irssi: security fix
Revisions pulled up:
- chat/irssi-icb/Makefile 1.43
- chat/irssi-icb/distinfo 1.38
- chat/irssi-xmpp/Makefile 1.14
- chat/irssi-xmpp/distinfo 1.20
- chat/irssi/Makefile 1.94
- chat/irssi/Makefile.common 1.32
- chat/irssi/distinfo 1.51
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Aug 31 10:04:26 UTC 2019
Modified Files:
pkgsrc/chat/irssi: Makefile Makefile.common distinfo
pkgsrc/chat/irssi-icb: Makefile distinfo
pkgsrc/chat/irssi-xmpp: Makefile distinfo
Log Message:
irssi: Update to 1.2.2
Changes:
- Fix a use after free issue when receiving IRCv3 CAP information from the server (GL#34)
- Fix a crash during startup when windows weren't fully initialised yet (#1114, bdo#935813)
Reassurance:
- Most servers do not send duplicate CAP.
|
|
|
|
net/youtube-dl: update
Revisions pulled up:
- net/youtube-dl/Makefile 1.183-1.184
- net/youtube-dl/distinfo 1.166-1.167
---
Module Name: pkgsrc
Committed By: leot
Date: Fri Aug 2 10:01:00 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20190802
Changes:
20190802
--------
Extractors
+ [tvigle] Add support for HLS and DASH formats (#21967)
* [tvigle] Fix extraction (#21967)
+ [yandexvideo] Add support for DASH formats (#21971)
* [discovery] Use API call for video data extraction (#21808)
+ [mgtv] Extract format_note (#21881)
* [tvn24] Fix metadata extraction (#21833, #21834)
* [dlive] Relax URL regular expression (#21909)
+ [openload] Add support for oload.best (#21913)
* [youtube] Improve metadata extraction for age gate content (#21943)
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Aug 14 22:45:52 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20190813
Changes:
20190813
--------
Core
* [downloader/fragment] Fix ETA calculation of resumed download (#21992)
* [YoutubeDL] Check annotations availability (#18582)
Extractors
* [youtube:playlist] Improve flat extraction (#21927)
* [youtube] Fix annotations extraction (#22045)
+ [discovery] Extract series meta field (#21808)
* [youtube] Improve error detection (#16445)
* [vimeo] Fix album extraction (#1933, #15704, #15855, #18967, #21986)
+ [roosterteeth] Add support for watch URLs
* [discovery] Limit video data by show slug (#21980)
|
|
|
|
devel/SDL2: security fix
Revisions pulled up:
- devel/SDL2/Makefile 1.38
- devel/SDL2/distinfo 1.34
- devel/SDL2/patches/patch-src_audio_netbsd_SDL__netbsdaudio.c deleted
- devel/SDL2/patches/patch-src_joystick_bsd_SDL__sysjoystick.c 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jul 27 15:29:10 UTC 2019
Modified Files:
pkgsrc/devel/SDL2: Makefile distinfo
pkgsrc/devel/SDL2/patches: patch-src_joystick_bsd_SDL__sysjoystick.c
Removed Files:
pkgsrc/devel/SDL2/patches: patch-src_audio_netbsd_SDL__netbsdaudio.c
Log Message:
SDL2: Update to 2.0.10
Changes:
* Fixed bug 4347 - Keyboard LEDs don't work on linux console
* Fixed bug 4349 - SDL_CreateWindow fails with KMS/DRM after upgrading Mesa to 18.2.3
* Fix crash when GL_LoadFunctions()/GLES2_LoadFunctions() fails
* fix NetBSD C90 build failure
* joystick: Add Linux mappings for "Xbox One Wireless Controller (Model 1708)"
* Closing SDL-ryan-batching-renderer branch.
* Merge SDL-ryan-batching-renderer branch to default.
* merge fallout: Patched to compile, fixed some compiler warnings, etc.
* fix build using Watcom :
* metal: remove an obsolete section of a constant buffer.
* metal: avoid an extra buffer allocation and GPU data copy in RunCommandQueue, it's not needed. Improves overall performance.
* Remove machine-specific IncludePath from SDL.vcxproj
* Fixed bug 4315 - little Warning in Android_JNI_CaptureAudioBuffer
* Fixed bug 4319 - Android remove reflection for PointerIcon
* Fixed bug 4320 - Android remove reflection for HIDDeviceBLESteamController
* Fixed bug 4308 - Prebuilt SDL.dll files not compiled with ASLR support (DYNAMICBASE)
* mir: Removed mir client support.
* metal: fix the size of the buffer used for constant data.
* metal: fix the SDL_RENDERER_PRESENTVSYNC flag not being set on the renderer info on macOS, when vsync is used.
* metal: SDL_RenderReadPixels on macOS synchronizes the render target's texture data if it's managed, before reading from it.
* fix bug #4362 - SDL_syswm.h with SDL_PROTOTYPES_ONLY broken in C++ mode
* close_code.h: #error if included without matching begin_code.h
* close_code.h: #error if included without matching begin_code.h
* wayland: fix resizing and fullscreen toggling
* Added Vulkan headers version 1.1.91
* The Debian maintainers aren't using these rules, so enable dynamic loading of shared libraries by default for the Steam Linux Runtime
* Used confflags +=, so each option can be enabled individually, if desired
* Add SDL_TouchDeviceType enum and SDL_GetTouchDeviceType(SDL_TouchID id).
* cocoa: fix building with the macOS 10.7 SDK (thanks Riccardo!)
* Fixed bug 4367 - compatibility version decreased between 2.0.8 and 2.0.9
* Fixed bug 4366 - Compile throws a warning on RPI (Raspbian Stretch)
* Fixed bug 4377 - SDL_PIXELFORMAT enum is anonymous, which prevents its use in a templated function
* revert commit aad2440e3d61 for consistency (c.f. bug #4367.)
* Fixed bug 3193 - Dualshock 3's motion sensors overwrite analog stick
* software: fix blits with color mods that change during a command queue run.
* fix permissions
* The default draw blendmode is SDL_BLENDMODE_NONE
* Fixed a few compiler warnings.
* Back out change initializing renderer blend mode incorrectly.
* opengles: Fixed compiler warnings.
* libm: Watcom defines huge=__huge: undefine it to fix build using Watcom.
* os/2 bits for SDL_malloc.c -- from libffi
* Fixed bug 4391 - hid_enumerate() sometimes causes game to freeze for a few seconds
* Fixed bug 4392 - SDL_cpuinfo.h breaks compilation with C bool type
* Fixed bug 4394 - Crash in SDL_PumpEvents() after SDL_DestroyWindow()
* wayland: ask xdg-decoration protocol extension to use server-side decorations if possible.
* metal: SDL_RenderFillRects uses one draw call per 16k rectangles (within the given FillRects call), instead of one draw call per rectangle. Reduces CPU usage when drawing many rectangles.
* metal: Fix an incorrect division.
* Do a second pass to find libraries without a single version digit after the .so
* Added atomics support for armv8-a (Raspberry Pi 3)
* metal: use a staging texture in SDL_UpdateTexture, to make sure it doesn't stomp texture data being drawn in a previous frame on the GPU.
* SDL_touch.h (SDL_TouchDeviceType): remove comma at end of enumerator list.
* Fixed bug changing cursors on Raspberry Pi
* Fixed the hotspot for cursors on Raspberry Pi
* Added support for the Razer Raiju Mobile
* Patched to compile on Linux with --disable-threads.
* Patched to compile on Linux with threads enabled. (whoops!)
* Added some detail to a Doxygen comment (thanks, Sylvain!).
* android: use cpufeatures to support SDL_HasNEON() (thanks, Sylvain!).
* kmsdrm: uninitialized KMSDRM fixes
* kmsdrm: Check for resources when validating KMSDRM device in check_modesetting.
* directfb: Updated render backend to new internal API.
* cmake: Comment out some debug logging that can upset build environments.
* Patched to compile on C89 compilers.
* render: fix some static analysis warnings.
* android: use __ARM_NEON instead of __ARM_NEON__ to include <arm_neon.h>
* Windows: NEON detection and intrinsic includes on Visual Studio
* Update comment URL of USB document (HID Usage Tables 1.12)
* Fix comment and end of lines
* Fixed the PS4 motion controls showing up as a separate game controller on Linux
* Warnings: fix a documentation warning and missing prototypes
* wayland: Send SDL_TOUCH_MOUSEID mouse events for touches.
* linux: Move SDL_LinuxSetThreadPriority() elsewhere to fix build.
* egl: Don't force X11 support when testing for EGL.
* joystick: Added controller config for IMS Passenger Control Unit Devices.
* Fixed the ROCCAT Tyon mouse showing up as a joystick on Windows
* Whoops, forgot to add a new source file. :/
* joystick: Removed unused variable.
* Fix warnings detected on Android build
* opengles2: fix prototype of glDeleteBuffers
* Fix warnings detected on Android build
* wayland: Do not try to lock on an invalid pointer
* Made it more clear that the values being compared are floats
* Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify a file to load at initialization containing SDL game controller mappings
* Fixed bug 4415 - SDL menu bar is nonstandard on Mac
* Fixed bug 4379 - fix parallel build with slibtool
* Linux Haptic: Fix periodic.magnitude value
* Rename _SDL_sensor_h in public header, not to trigger Wreserved-id-macro
* Handle both "Sony Interactive Intertainment" and "Sony Computer Entertainment" when ignoring motion sensors
* Fixed building with the 10.10 SDK
* Fixed bug 4425 - promote to alpha format, palette surface with alpha values.
* emscripten: SDL_PrivateJoystickAdded() wants an instance id, not device index.
* Fixed bug 4426 - allows re-creation of software renderer
* cocoa: Implement OpenGL swap interval support with CVDisplayLink.
* testgl2: Press 'o' or 'p' to decrease/increase OpenGL swap interval.
* Gesture: remove warnings when ENABLE_DOLLAR is undefined.
* metal: Implement SDL_LockTexture for non-YUV textures.
* metal: Implement SDL_LockTexture for YUV formats.
* render: Prefer the Metal renderer over OpenGL.
* render: Fix internal state getting out of sync when destroying a texture that was just rendered and then creating a new one, in the GL and GLES2 backends. Fixes bug #4433.
* opengles 1: use color from 'draw' union in SetDrawState()
* opengles 1: same fix as in bug #4433
* PSP renderer: use colors from 'draw' union (very likely, but un-tested)
* Fixed bug 3511 - documentation to end an Android application
* Fixed bug 3186 - Android SW keyboard not restored when app becomes foreground.
* Android: fixed comments and spaces
* Android: on rare occasion, prevent Android_JNI_GetNativeWindow() from crashing
* Fixed bug 4424 - Android windowed mode is broken (Thanks Jonas Thiem!)
* Android: make sure surfaceChanged try to enter into 'resumed' state.
* Fixed bug 3250 - Wrong backbuffer pixel format on Android, keep getting RGB_565
* Android: preparation bug 4142, reduce usage of global variable Android_Window
* Android: minor preparation for bug 4142 (concurrency issues)
* Fixed bug 4142 - Concurrency issues in Android backend
* Android: prevent the error message from SDL_EGL_CreateSurface() to be masked.
* Android: use Mutex instead of Semphore for bug 4142
* Android: concurrency issue with egl_surface EGL_BAD_SURFACE - (bug 4142)
* Android: make Android_PumpEvents() more readable
* Android: fixed immediate transition to pause and resume.
* Updated copyright for 2019
* Fixed bug 4255 - SDL_GetGlobalMouseState() returns incorrect Y on secondary display
* Android: fix wrong state after immediate sequence pause() / resume() / pause()
* Android: un-needed check of "isPausing" and minor typos
* Android: remove SURFACE_TYPE_GPU, deprecated in API level 5.
* Android: allow multiple calls to nativeResume()
* Android: better fix for bug 3186. Run those commands from SDL thread.
* Android: some robustness when quitting application from onDestroy()
* Android: don't allow multiple instance of SDLActivity
* Android: concurrency issue for Android_SetWindowFullscreen()
* Android: native_window validity is guaranteed between surfaceCreated and Destroyed
* Android: add some SetError for Android_SetWindowFullscreen
* Android: prevent a dummy error message sending SDL_DISPLAYEVENT_ORIENTATION
* Android: un-needed transition to Pause state.
* Android: only send Quit event to SDLThread if it's not already terminated
* Android: nativeQuit for SDLActivity thread
* Android: some simplification, don't need mExitCalledFromJava
* Android: remove deprecated PixelFormat in surfaceChanged()
* Fixed bug 3930 - Android, set thread priorities and names
* Android: add name for Touch devices and simplification, from bug 3958
* Android: fix prototype of Android_JNI_InitTouch
* Android: fix bad merge from previous commit
* Android: don't call Android_JNI_ThreadDestroyed() for Java SDLThread
* Android: use pthread_once for creating thread key 'mThreadKey'
* Android: Audio thread is already setup for the JVM
* Android: use the same naming for JNI env local variables
* Android: change the way JNIEnv is retrieved
* Android: move and group JNIEnv helper functions
* Fixed bug 4453 - GLES / GLES2: first white renderer clear cmd is drawn as black
* Updated minimum supported Android version to API 16, to match latest NDK toolchain
* Fixed compiler warning
* Initial Android OpenSL ES implementation, contributed by ANTA
* Android/openslES: some space and indentation to match SDL conventions
* Android/openslES: register and use CloseDevice function.
* Android/openslES: move a few static variables to SDL_PrivateAudioData structure
* Android/openslES: set audio in paused/resumed state for Android event loop
* Android/openslES: start playing, after creating ressources
* Android/openslES: check for non NULL variable, some intialization.
* Android: minor, remove static attributes, move mIsSurfaceReady to SDLSurface
* Android/openslES: fix Pause/ResumeDevices when openslES is not used
* Android: create Pause/ResumeSem semaphore at higher level than CreateWindow()
* evdev: Add touchscreen mouse emulation and pressure support (thanks, Zach!).
* evdev: don't debug log on a BTN_TOUCH from a non-touch device.
* Android: remove old code after Android-16 has been set as minimum requirement
* Android: remove trailing spaces
* Android: merge SDLJoystickHandler_API12 and SDLJoystickHandler_API16
* Android: move static variable isPaused/isPausing to SDL_VideoData structure
* Android: add mutex protection to onNativeOrientationChanged
* Fixed bug 4024 - remove trailing comma of Controller mappings
* Android: also update APP_PLATFORM to android-16 in Application.mk
* Android: prevent concurrency in Android_SetScreenResolution() when exiting
* Android: remove hard-coded constant for Samsung DeX (no op!)
* Android: minor change in the evaluation of SOURCE_CLASS_JOYSTICK (no op!)
* Android: remove another hard-coded constant for Samsung DeX (no op!)
* Android: remove duplicate code in SDLGenericMotionListener_API24
* Fixed bug 3657 - Color-key doesn't work when an alpha channel is present
* Fixed compiler warning on Android
* Android: automatically attach to the JVM non-SDL threads
* Android: some typos
* Fixed compiler warning
* Fixed bug 3827 - issue with MapRGB, palette and colorkey
* Fixed bug 3827 - issue with MapRGB, palette and colorkey
* Revert SDL_gamecontrollerdb.h and sort_controllers.py from bug 4024
* Fixed bug 4024 - GameController error "Unexpected controller element"
* Fixed bug 4290 - add fastpaths for format conversion in BlitNtoN
* Add explicit unsigned int and char types in (for bug 4290)
* Fixed failing SDL_ConvertSurface() when blit has failed.
* Fix blit with blending (Blit_A) to RGB332 which has no palette
* Add fast paths in BlitNtoNKey
* Add SDL_MEMALIGNED flag for SDL_Surface using aligned memory.
* iOS/tvOS: fix support for SDL_GameControllerGetButton(controller, GUIDE) with MFi controllers (thanks Caleb!)
* Rename surface aligned memory flag to SDL_SIMD_ALIGNED
* Fix include path compilation
* Fixed bug 4484 - use SIMD aligned memory for SDL_Surface
* render: Fix OpenGL draw state cache for various points of texture binding.
* opengles1: keep cached texturing state correct.
* opengles2: keep cached texturing state correct.
* opengles2: patched to compile.
* Android/openslES: prevent to run out of buffers if Enqueue() fails.
* Android/openslES: set number of buffers of DATALOCATOR to internal NUM_BUFFER
* Android/openslES: fix warnings, comment out un-used interface
* Faster blit when using CopyAlpha + ColorKey
* Fix pointer warnings
* Faster blit when using No Alpha or Set Alpha, + ColorKey
* Faster blit with no ColorKey
* Fix wrong comment
* Code factorization of the pixel format permutation
* Faster blit with CopyAlpha, no ColorKey
* Some simplification of previous commit
* Fix wrong access and simplify
* Faster blit colorkey or not, applied to bpp: 3->4 and 4->3
* Better naming for the blit permutation variables
* Fix invalid memory access and optimise Blit_3or4_to_3or4__*
* Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c
* Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c
* Fix bug 4053: Blit issues on Big Endian CPU
* Fix windows build
* raspberry: expose second display.
* BlitNtoN BlitNtoNKey: remove non-aligned word read/store (bpp 3<->4) (Bug 4503)
* Un-activate some routine on mips because they are slowers (Bug 4503)
* KMSDRM: change calls free() to SDL_free() (Bug 4529)
* KMSDRM: missing return value in VideoInit() (Bug 4530)
* SDL_MouseQuit(): clear mouse->cur_cursor (Bug 4530)
* Fixed bug 4542 - Image flipped vertically when rendering on texture
* SDL_EVDEV_kbd_init: uninitialized data for ioctl (Bug 4530)
* Fixed bug 4513 - Wayland, fix crash when remove event is sent (from Sebastian Krzyszkowiak)
* HIDAPI: fix bug that caused non-HID class parts of composite devices to have windows HID functions called on them.
* Fixed initial display orientation at Android app start
* [iOS DAC] Fix touch events getting from SDL2 to source2.
* Android: check SDL is initialized before sending the event
* Android: minor comment update
* KMSDRM: valid file descriptors could positive or 0. -1 is invalid. (Bug 4530)
* events: Make debug logging of the event queue a hint instead of an #ifdef.
* events: Let arbitrary signals to simulate iOS/Android backgrounding events.
* events: Disable all the signal-handling code on platforms without support.
* test: Moved testgesture.c over to the common SDLtest framework.
* testgesture: minor cleanups.
* testgesture: cleaned up code formatting, etc.
* testgesture: Add dependency to SDLtest to Visual Studio project.
* Fix compiler warnings.
* Use host system pkg-config when (cross-)compiling and convert to PKG_CHECK_MODULES
* Added missing PKG_CONFIG macros
* Fixed bug 4452 - Please replace AC_HELP_STRING with AS_HELP_STRING
* Fix DirectInput error codes being lost
* Fix polling left trigger reporting right trigger's values.
* Fixed CVE-2019-7635 and bug 4498 - Heap-Buffer Overflow in Blit1to4 pertaining to SDL_blit_1.c
* @@ -, +, @@
* Reject 2, 3, 5, 6, 7-bpp BMP images
* Fixed bug 4544 - SDL2.m4 SDL2.framework patch made it impossible to fail detection
* Fixed bug 4525 - Fix crash in ALSA_HotplugThread caused by bad return value check
* Fixed DualShock 3 mapping
* Fixed bug 4511 - SDL_gamecontrollerdb Mapping for Sony Playstation USB controller
* Fixed bug 4450 - SDL_mouse.c fails to compile with CMake generated Visual Studio files if SDL_VIDEO_VULKAN 0/undefined
* emscripten: force resize event when pixel ratio changes
* CVE-2019-7637: Fix in integer overflow in SDL_CalculatePitch
* Fixed configure error if pkg modules aren't available
* Fixed Mac OS X build
* Fixed iOS build
* Fixed Visual Studio build
* testgesture: Make the background gray.
* Added support for building SDL as a dynamic library on iOS
* Added support for building SDL as a dynamic library on tvOS
* Fixed declaration of SDL_main_func for C++
* Fixed building with C++
* Fixed building with C++
* Fixed archiving the SDL dynamic library on iOS and tvOS
* Fixed Windows RT build
* Didn't need to add SDL_windows.h include, that was already included
* Fixed Visual Studio build
* Hopefully fixed the mingw32 build
* opengles2: Fix static analysis warning.
* Backed out changeset ffd52bb02bcc
* coreaudio: Set audio callback thread priority.
* Handle potentially calling SDL_JoystickUpdate() and SDL_JoystickQuit() at the same time.
* configure.in: Rename to configure.ac to fix an 'aclocal' warning
* docs: Replace references to configure.in with configure.ac
* configure.in: Rename configure.ac to fix an 'aclocal' warning
* Bug 4576: handle mapping of TouchEvents to MouseEvents at higher level
* Bug 4576: remove touch/mouse duplication for Windows
* Bug 4576: remove touch/mouse duplication for linux/EVDEV
* Bug 4576: remove touch/mouse duplication for Wayland
* Bug 4576: remove touch/mouse duplication for Android
* Bug 4576: fix warning and compile
* Bug 4576: one more warning
* Bug 4576: fix wrong scaling
* Bug 4576: track both FingerId and TrackId
* Add hint SDL_HINT_MOUSE_TOUCH_EVENTS for mouse events to generate touch events
* Android: remove SDL_HINT_ANDROID_SEPARATE_MOUSE_AND_TOUCH
* Update WhatsNew.txt
* Update WhatsNew.txt
* Android: default SDL_HINT_MOUSE_TOUCH_EVENTS to 1 as previous behaviour
* Android: add hint SDL_HINT_ANDROID_BLOCK_ON_PAUSE
* https://bugzilla.libsdl.org/show_bug.cgi?id=4577
* Set SDL_HINT_MOUSE_TOUCH_EVENTS for iPhone and iPad as well
* Fixed bug 4579 - SDL_android.c s_active not being atomic
* Bug 4581: move tracking appart so it doesn't require the window to have focus
* SDL_HINT_MOUSE_TOUCH_EVENTS: move tracking appart in case of 'window' is null
* Fixed bug 4582 - Maximize/Resize not working on Windows 10
* Fixed bug 4581 - mouse events with SDL_TOUCH_MOUSEID make window lost focus
* Fixed bug 4581 - generate synthetic mouse events at window boundaries
* Fix disabling OpenGL vsync on macOS 10.14.4+ (bug #4575).
* Android: when event loop is not blocking in pause, backup EGL context (Bug 4578)
* hidapi: Add GCN L/R buttons, just in case someone wants them...
* Explicitly load hidapi as a dependency of the SDL library
* macOS: Fix compilation when using the 10.9 SDK or older.
* iOS: Remove code trying to support compilation on the iOS 7 SDK, the deployment target has been set to iOS 8 for years and there's other unconditionally compiled code that depends on newer SDKs so that code is useless.
* configure: Cleaned up audio/video summaries when building for Windows.
* Fixed bug 4580 - Android 8: immersive fullscreen notification causes flickering between fullscreen and non-fullscreen and app is unresponsive
* Only leave fullscreen mode if we're actually going to minimize
* Added a helper function to tell whether or not a window can be minimized
* Android: add static variable initialization in non blocking event loop
* Add a configure option allowing users to choose whether to install sdl2-config
* Use _Exit() when available
* Fix compile errors I hit when building org.libsdl in source2 (part 1 of 2)
* Fix compile errors I hit when building org.libsdl in source2 (part 2 of 2) @saml
* Created Xcode schemes for building on iOS and tvOS
* Change my previous fix based on feedback from dev @saml
* Don't redefine __SSE__ and related macros if they're already defined
* Fixed bug 4566 - Hot-plugging Bluetooth controller causes force-quit on Android
* Remove initial declaration from for loop
* Remove duplicate case value
* Fixed bug 4608 - Android: not getting SDL_WINDOWEVENT_FOCUS_GAINED on start of our app
* Patched to compile.
* [SDL] ios Touch Fix.
* [SDL] iOS fix bug with audio interrupted by a phone call not restoring.
* Windows are not in a minimized state when they are shown
* test: configure/make shouldn't build GL/GLES1/GLES2 programs if unsupported.
* test: added SDLTest_CommonDefaultArgs()
* video: Add Vulkan support for vivante fb
* Fixed bug 3911 - SYSWM generic X11 events missing event data
* Fixed bug 4025 - SDL_Renderer OpenGL : add support for textures ABGR, RGB, BGR
* Fixed bug 4401 - SDL_GetWindowPosition() wrong after SDL_SetWindowPosition() until window is moved on macOS
* Fix WORKING_DIR parameter
* Fixed bug 4436 - [OpenBSD] fix D-pad
* Fixed bug 4469 - make SDL_CreateTextureFromSurface pick a more appropriate format
* Fixed bug 4474 - Add support for an ASUS Gamepad variation
* Patched to compile in C89 mode.
* vulkan: Patched to compile on Visual Studio.
* vulkan: Swapped out a free() that should have been an SDL_free().
* Fixed mouse focus for touch events on iOS
* Added support for Bluetooth keyboards on iOS
* Fix use-after-free when pumping the event loop after SDL_DestroyWindow()
* Fixed bug 4639 - CMake build does not generate libhidapi.so for Android
* Use Supexec() to query EdDI version. Fixes for Coldfire CPU build.
* Fix SHIFT + Fx reporting in GEM. Contributed by Miro Kropacek
* Improved iOS Bluetooth keyboard support
* Android: minimum size for IME, so that it takes focus
* Fixed hiding the Android virtual keyboard when the return key is pressed
* Return an error if both mouse relative mode and mouse warping are unavailable, instead of asserting.
* Fixed static and buzzing when trying to use floating point audio on the OpenSL ES audio driver.
* Use the OpenSL ES audio driver by default on Android, as it has the lowest latency.
* Added a function to get the current Android SDK version at runtime
* iOS: return SDL_GetWindowSize from SDL_GL_GetDrawableSize if there's no GLES view in the window (matches the behaviour of SDL_GL_GetDrawableSize on other platforms). Addresses bug #4629.
* test: unify all the command line usage logging.
* Fixed bug 4171 - SDL_GetQueuedAudioSize is broken with WASAPI
* Fixed bug 4656 - SDL_evdev.c uses Linux specific integer types
* Use SDL sized types
* Fixed bug 4655 - evdev is available on FreeBSD, check in 'configure' limited to Linux
* Added support for the Rotor Riot gamepad, and upcoming Xbox and PS4 controller support on iOS and tvOS
* Potential fix for a crash we're seeing on Android that should in theory never happen.
* Protect against NULL device in the Android hidapi implementation
* Fixed surround sound channel setup for Android OpenSL ES audio driver
* OpenSL ES audio cleanup and added a note with low latency audio discussion
* Fixed Android build warning
* Ignore Xbox One S gamepads with older firmware in HIDAPI
* Fixed bug 4443 - Incorrect scan code reported for numpad 5
* Fixed bug 4642 - Rework SDL_netbsdaudio to improve performance
* Fixed bug 4605 - WASAPI_WaitDevice hang
* Fixed bug 4603 - The iOS Test Xcode project file needs to add the metal framework
* Fixed bug 4600 - Dualshock 4 touchpad press is not detectable with SDL_JoystickGetButton
* Fixed bug 4594 - Fix install location of CMake targets on Apple platforms
* Fixed bug 4593 - Respect CMake's BUILD_SHARED_LIBS default behavior
* Fixed bug 4583 - PollAllValues appears to use an incorrect index for all axes above 0x18
* Fixed bug 4557 - SDL_SIMDAlloc and *Free should be in the public interface
* Add mapping for Chinese-made Xbox Controller
* Backed out Ben's chinese Xbox controller patch, as the generic catch-all for Xbox controllers should handle it.
* cocoa: Fix assert to use SDL_assert
* Fixed bug 4533 - Update ANGLE to load d3dcompiler_47.dll instead of d3dcompiler_46.dll
* Fixed bug 4526 - replace SDL_RW* macros with functions for using in bindings
* CVE-2019-7572: Fix a buffer overread in IMA_ADPCM_nibble
* CVE-2019-7578: Fix a buffer overread in InitIMA_ADPCM
* CVE-2019-7578: Fix a buffer overread in InitIMA_ADPCM
* Fixed bug 4294 - Audio: perform more validation on conversion request
* Temporary fix for bug 4254 - a _lot_ of strict aliasing warnings
* Fixed bug 4041 - Android, SDL_Renderer OpenGLES 1 is loading GLESv2 library
* Fixed bug 3894 - Fuzzing crashes for SDL_LoadWAV
* Fixed build
* Fixed compiler warning
* Cleanup on bug 3894 - Fuzzing crashes for SDL_LoadWAV
* Add notes for SDL_WinRTRunApp and SDL2-WinRTResources for non-C++ projects
* Fixed bug 4658 - iOS 12 fullscreen flag and SDL_HINT_IOS_HIDE_HOME_INDICATOR not working
* cocoa: report proper input IDs for mouse/touch events.
* Fixed bug 4641 - clang and clang-cl builds on windows create -Wpragma-pack warnings
* Fixed bug 4662 - SDL failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode with MSVC on Windows
* CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode
* CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode
* CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode
* CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode
* CVE-2019-7573, CVE-2019-7576: Fix buffer overreads in InitMS_ADPCM
* Add mapping for Chinese-made Xbox Controller
* CVE-2019-7575: Fix a buffer overwrite in MS_ADPCM_decode
* Android: fix typo calling onBackPressed() (Bug 4657)
* Android: add MinimizeWindow function (Bug 4580, 4657)
* windows: Drop WM_ACTIVATE when window is hidden, but only if being activated.
* windows: Don't let Visual Studio insert an implicit dependency on memset().
* video: fixed compiler warning on Visual Studio.
* testoverlay2: Changed some C runtime calls to be SDL equivalents.
* Android: revert wrong fix typo calling onBackPressed() (Bug 4657)
* Android: fix coordinates for Surface.ROTATION_180
* CVE-2019-7635: Reject BMP images with pixel colors out the palette
* Fix build with the 10.10 SDK
* software: Correctly track viewport and cliprect.
* Fixed bug 4570 - Support Vulkan Portability rather than MoltenVK specifically
* Fixed bug 4615 - RPM Build fails due to unpackaged files
* cocoa: Backed out CVDisplayLink code for macOS vsync.
* assert: mark SDL_ExitProcess as SDL_NORETURN again.
* SDL_Wave: missing field 'length' initializer
* fix permissions
* wayland: HiDPI support
* Fixed bug 4665 - Add support for single touch evdev devices
* Fixed bug 4486 - Segfault when pressing a trigger on the Steam Controller (Linux)
* The hat index passed to the application should be zero-based with no holes
* Better patch to make it more clear what's going on
* assert: Fixed some compiler warnings.
* vulkan: Fixed use-after-free bug.
* wave: Fixed static analysis warning about dead assignment.
* macOS: Fix the coordinate space of SDL_GetDisplayUsableBounds (thanks Tim!)
* cocoa: Revised synthesized mouse/touch event strategy.
* cocoa: Another attempt at synthesized mouse/touch events.
* Check src alignment for S32_to_F32 conversions
* audio: patched to compile.
* audio: Fix ARM NEON audio converter bugs.
* audio: Attempt to fix build on ARM versions of Visual Studio.
* Worked around "Undefined symbol: ___isPlatformVersionAtLeast()" link error on Xcode 11 beta
* Added support for Xbox and PS4 wireless controllers on iOS and tvOS
* A few minor changes to placate static analysis.
* cocoa: ignore compiler warnings about OpenGL being deprecated.
* assert: Possibly fixing compiler warning on Android.
* assert: Another attempt to quiet compiler warnings.
* iOS: remove some code which could affect the state of UIViews that aren't owned by SDL.
* Fix synthetically generated mouse events getting lost forever after the device orientation changes (or the window is otherwise resized) while a finger is touching the screen.
* Fixed bug 4667 - Build errors on Linux when building without Threads support
* Updated version to 2.0.10
* Removed extraneous fprintf() call
* Fixed bug 4669: Android software renderer, black screen when window resizes
* Android: revert previous commit (Bug 4669)
* Android: prevent using SW_GetOutputSize with software renderer (Bug 4669)
* Android: prevent ignoring surfaceChanged() in MultiWindow
* Make sure we haven't changed the size of the SDL_Event structure and broken binary compatibility.
* Added patch notes for 2.0.10
* Added a patch note about batched rendering
* Android: revert commit SW_GetOutputSize, again (Bug 4669)
* Android: try to fix resize with software rendering (bug 4669)
* Android: resize with software rendering, reverted again (Bug 4669)
* Fixed 4669 - Using the software SDL_Renderer on Android leads to GL errors & black screen when window resizes
* Fixed potential double-free in mouse cleanup code
* cocoa: Patched to compile and also handle possible malloc failure.
* Fixed bug 4624 - KMS/DRM fails on FreeBSD because /dev/dri/card* nodes are symlinks
* Fixed compiler warning
* Only warp the mouse to set focus if we're definitely going into relative mode
* opengl: Be more robust in failing cases.
* Fixed building DMG archive on Mac OS X
* wayland: Fixed C99-style variable declaration inside for-loop.
* KMSDRM: fix compilation on linux, no d_namlen (Bug 4624)
* KMSDRM: fix inverted strcmp, remove useless if test (Bug 4624)
* Use SDL C runtime functions
* Fixed bug 4672 - Warnings in SDL_LogEvent()
* Enable Raspberry Pi video by default
* Fixed bug 4684 - GLES1 variables missing under Android with CMake
* Android: export Lock/Unlock activity API
* fix permissions
* update version in os/2 makefile
* define __ARM_NEON for Windows only if _M_ARM or _M_ARM64 is defined. fixes Visual Studio builds.
* windows: Call GetWindowText() with the correct parameters (thanks, Zebediah!)
* cocoa: Check for capslock in -[NSResponder flagsChanged], not with IOKit.
* Android: explicitly expand Android_GLES_MakeCurrent/Android_GLES_CreateContext
* Add an "error" label in SDL_CreateRenderer (no op)
* Android: concurrency issues, make sure Activity is in running State when calling
* Fixed bug 4436 - [OpenBSD] fix D-pad
* Fixed bug 4683 - SDL_atomic infinite recursion on armv6/armv5 w/ thumb
* Limit the compile error to the case where we actually define the memory barrier macro as the function
* Fixed memory barrier macro check so it isn't quite so fragile
* Documented that the SDL_RW* macros no longer exist, and you can't use an older SDL library if you build with SDL 2.0.10.
* Made it more explicit that 2.0.10 and newer are required for the SDL_RW* functions
* iOS: Fix the window size not being set properly when Split View is used on an iPad (bug #4586).
* dbus: Add org.freedesktop.ScreenSaver.SimulateUserActivity support.
* dbus: Don't SimulateUserActivity if we're already inhibiting the screensaver.
* raspberry: Fixed missing mouse cursor (thanks, Joe!)
* cocoa: Don't report trackpad mouse events as synthesized touches.
* raspberry: Actually commit the whole patch. :) (Thanks, Joe!)
* Fixed bug 4708 - testdropfile: double-free
* Fixed bug 4702 - Android back button does not send SDL_KEYDOWN event
* Fixed bug 4707 - SDL_SetRelativeMouseMode fails on Vivante
* Fixed bug 4710 - audio/alsa: avoid configuring hardware parameters with only a single period
* cocoa: Another attempt at mouse vs touch support.
* Ignore synthetic mouse events generated for touchscreens
* configure: Windows and macOS now respect --enable-hidapi.
* cmake: Added HIDAPI support.
* fix permissions
* SDL_Mouse/Touch: discard synthetic events when hints are not set.
* x11: set some modality things on message boxes with parent windows.
* x11: prevent a synthetic mouse event when using a touchscreen
* cocoa: Set keyboard mod state correctly when turning off capslock.
* cmake: Add setupapi library to Windows build dependencies (hidapi needs it).
* ios: Fixed MFi guide button not being detected (thanks, Caleb!).
* macOS: Fix SDL_GL_CreateContext/MakeCurrent on non-main threads causing a Main Thread Checker warning when built with Xcode 11 / the macOS 10.15 SDK.
* Blacklist Corsair device causing hang
* Fixed bug 4723 - Generic Xbox pad controller bindings seem odd/broken
* Fixed bug 4704 - SDL_HINT_ANDROID_SEPERATE_MOUSE_AND_TOUCH on Windows?
* Allow hotplugging joysticks without udev
* Added support for the Victrix Pro Fight Stick for PS4
* Add linked list of opened HID devices to prevent accessing already freed devices in device removal callback that is sometimes called even after being unregistered
* Merged latest changes from Steam into controller_type.h
* Fixed build error
* Fixed bug 4726 - Fix for tvOS GetPrefPath
* Copypaste SDL_NSLog to UIKit backend, document it as such
* hidapi: Zero out new hid_device_info structs
|
|
databases/mysql57-client, databases/mysql57-server: security fix
Revisions pulled up:
- databases/mysql57-client/Makefile 1.24
- databases/mysql57-client/Makefile.common 1.20
- databases/mysql57-client/PLIST 1.14
- databases/mysql57-client/distinfo 1.30-1.31
- databases/mysql57-client/patches/patch-cmake_boost.cmake 1.11
- databases/mysql57-server/Makefile 1.24
- databases/mysql57-server/PLIST 1.13
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Jul 1 04:08:55 UTC 2019
Modified Files:
pkgsrc/databases/mysql57-client: Makefile
pkgsrc/databases/mysql57-server: Makefile
Log Message:
Recursive revbump from boost-1.70.0
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Jul 1 10:25:49 UTC 2019
Modified Files:
pkgsrc/databases/mysql57-client: distinfo
pkgsrc/databases/mysql57-client/patches: patch-cmake_boost.cmake
Log Message:
mysql57-client: allow newer Boost; fixes building with boost-1.70.0
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Aug 6 06:56:43 UTC 2019
Modified Files:
pkgsrc/databases/mysql57-client: Makefile Makefile.common PLIST
distinfo
pkgsrc/databases/mysql57-server: Makefile PLIST
Log Message:
mysql57: updated to 5.7.27
Changes in MySQL 5.7.27:
Keyring Notes
The keyring_aws plugin has been updated to use the latest AWS SDK and so that it works with OpenSSL 1.1.
Packaging Notes
Binary packages that include curl rather than linking to the system curl library now use curl 7.64.0.
X Plugin Notes
On Windows, X Plugin logged some messages that were unnecessary or insufficiently informative. The messages have been removed or improved as appropriate.
Functionality Added or Changed
Microsoft Windows: A new warning message now reminds DBAs that connections made using the MySQL named pipe on Windows has limited the permissions a connector can request on the named pipe.
Previously, the named_pipe_full_access_group system variable was set to a value that maps to the built-in Windows Everyone group (SID S-1-1-0) by default. However, this group is not ideal and should be replaced with a group that restricts its membership for connectors that are unable to request fewer permissions on the MySQL named pipe.
The new warning is written to the error log at startup if the string value assigned to named_pipe_full_access_group is '*everyone*' (or the Windows System Language equivalent) and named pipes are enabled. In addition, the warning is written to the error log and raised to the client if the system variable is reset to the Everyone group at runtime.
Bugs Fixed
InnoDB: Insufficient memory barriers in the rw-lock implementation caused deadlocks on ARM.
Thanks to Yibo Cai from Arm Technology for the contribution.
InnoDB: Manually changing the system time while the MySQL server was running caused page cleaner thread delays.
InnoDB: During log application, after an OPTIMIZE TABLE operation, InnoDB did not populate virtual columns before checking for virtual column index updates.
InnoDB: An INSERT operation involving a generated virtual BLOB column resulted a secondary index being updated with an incorrect value.
InnoDB: A full-text cache lock taken when data is synchronized was not released if the full-text cache size exceeded the full-text cache size limit.
InnoDB: Client sessions using different auto_increment_increment values while performing concurrent insert operations could cause a duplicate key error.
Partitioning: ALTER TABLE ... EXCHANGE PARTITION failed with the error Non matching attribute 'ROW_FORMAT' between partition and table when the partitioned table had partitions using different row formats, even when the partition to be exchanged used the same row format as the non-partitioned table.
Replication: The error message that is issued for a discrepancy between the number of group members and the auto-increment interval incorrectly referred to the group_replication_auto_increment_increment system variable, instead of the auto_increment_increment system variable. The value of auto_increment_increment is changed to the value specified by group_replication_auto_increment_increment when Group Replication starts, but only if auto_increment_increment and auto_increment_offset have their default values, and from MySQL 8.0, only in multi-primary mode. The value of auto_increment_increment was always the value that was checked for the error message, and it has now been corrected to give the accurate system variable name.
Replication: When events generated by one MySQL server instance were written to the binary log of another instance, the second server implicitly assumed that the first server supported the same number of binary log event types as itself. Where this was not the case, the event header was handled incorrectly. The issue has now been fixed. Thanks to Facebook for the contribution.
Replication: In Group Replication, joining members could wrongly identify themselves as incompatible with an existing replication group even if there were members at the same version already in the group, because they checked against all other members, including the member at the highest version. Joining members also included their own version in the compatibility check. Now, joining members only compare themselves with the existing group member at the lowest version, and do not count their own version.
Replication: If a FLUSH LOGS statement was issued before the binary log file was initialized, the statement attempted to write a binary log rotation event to the uninitialized file. The server now checks first that a binary log file is available.
Replication: When a MEMORY table is implicitly deleted on a master following a server restart, the master writes a DELETE statement to the binary log so that slaves also empty the table. This generated event now includes a comment in the binary log so that the reason for the DELETE statement is easy to identify. Thanks to Daniƫl van Eeden for the contribution.
Replication: With statement-based replication in use, if super_read_only was set to ON for a server at the point when a no-op transaction was between its UPDATE and COMMIT operations, the transaction was written to the binary log and assigned a GTID. The transaction is now blocked in this situation. From MySQL 8.0, the value of super_read_only cannot be changed while a transaction is in progress.
Replication: The group communication engine for Group Replication (XCom, a Paxos variant) did not handle out of memory errors in an appropriate way. If memory could not be allocated to make a copy of the payload for a message, an error was logged but the message was still sent, with a null payload. The Group Communication System (GCS) on the receiving member discarded the message as empty, and the XCom instance on the receiving member accepted this action and did not retry, resulting in the message effectively being skipped. This caused the GTID set on the receiving member to diverge from the group, leading to replication errors. XCom now terminates gracefully if it experiences an out of memory error, so that this situation cannot occur.
Replication: In query log events in the binary log, the thread ID used for the execution of DROP TABLE and DELETE statements was identified incorrectly or not at all. On a multi-threaded replication slave, where temporary tables were involved (which require the correct thread ID as they are session specific), this omission resulted in errors when using mysqlbinlog to replay the binary log for point-in-time recovery. The thread ID is now set correctly.
Replication: When a slave server logs master status and connection information to a table (master_info_repository=TABLE), which is the default in MySQL 8.0, the mysql.slave_master_info table was not being updated on shutdown if the server was in super read only mode (super_read_only=ON). No error was written to the error log at this time, but replication failed after server startup because the master log file and master log position information was out of date. The thread that updates the master info log at shutdown is now excluded from read-only checks like other replication threads are, so it can update the table even if the server is in super read only mode. Error handling for a slave that is shutting down has also been improved so that any failure to write to the slave status logs results in an error in the error log.
An overly strict assertion could be raised during sorting of stored program local objects.
Installing from RPM packages could result in an error log with incorrect permissions.
Enabling audit log encryption could cause a server exit.
On Debian and Ubuntu, MySQL packages did not enable mysql.service after upgrades from native MySQL packages.
The server did not properly close shared-memory connections when an error occurred, which could result in unexpected server behavior.
MySQL Installer did not install OpenSSL DLL dependencies if the Development component was not selected.
The parser could leak memory for certain multiple-statement queries.
CREATE USER and ALTER USER did not check the validity of a hashed authentication string when used with IDENTIFIED WITH auth_plugin AS 'hash_string' syntax.
For InnoDB tables that contained an index on a VARCHAR column and were created prior to MySQL 5.7.23, some simple ALTER TABLE statements that should have been done in place were performed with a table rebuild after an upgrade to MySQL 5.7.23 or higher.
HANDLER statements did not always work correctly with tables having generated columns.
Session-tracking information in the client/server protocol could be mishandled.
With the PAD_CHAR_TO_FULL_LENGTH SQL mode enabled, password changes failed, with no warning or error reported.
The audit_log plugin did not log UNINSTALL PLUGIN audit_log statements.
audit_log filtering operations could leak memory.
An index defined on a virtual generated column could fail to be updated if the column had a base column in a foreign key relationship.
Privileges for dropping some Performance Schema tables were checked incorrectly.
A query that employed a derived table which included an ORDER BY was not always handled correctly.
Base columns were not excluded from index-only access by a generated column.
A thread pool group could be blocked when a thread process tick time exceeded the maximum permitted value. The tick time now uses a larger data type to permit larger values.
MySQL does not support OpenSSL session tickets, but did not set the SSL_OP_NO_TICKET flag to inform OpenSSL of that. The flag is now set.
The audit_null plugin did not properly check for a null event record.
UpdateXML() did not always free memory properly in certain cases.
Empty values in the name column of the mysql.plugin system table caused the server to exit during startup.
With the thread_pool plugin enabled, the Performance Schema status_by_thread table contained no data.
If an INSTALL PLUGIN statement contained invalid UTF-8 characters in the shared library name, it caused the server to hang (or to raise an assertion in debug builds).
Inner tables of different semijoin nests were interleaved during materialization, which could lead to a different result for the same query when it used a different query plan. To keep this from occurring, a check is added to prevent such interleaving.
A query involving GROUP BY on a TIMESTAMP column resulted in a duplicate entry for key (ER_DUP_ENTRY) error. This problem arose when TIMESTAMP values were inserted into a table using a given setting for the time zone and these values were later fetched after the time zone setting had been changed, such that at least some of the inserted TIMESTAMP values occurred during the hour that the time changed from standard to daylight time (DST) in the new time zone, during which time the same TIMESTAMP value can exist twice. Now, when the server would otherwise return the error DUPLICATE ENTRY FOR KEY 'group_key', if the grouping involves a TIMESTAMP column, it instead raises the error Grouping on temporal is non-deterministic for time zones having DST. Please consider switching to UTC for this query.
In addition, it is suggested to set explicit_defaults_for_timestamp to ON as well as one or more of MODE_NO_ZERO_IN_DATE, MODE_NO_ZERO_DATE, or MODE_INVALID_DATES as part of the server SQL mode to help avoid this issue.
|
|
devel/libusb1: clang build fix
Revisions pulled up:
- devel/libusb1/Makefile 1.19
- devel/libusb1/distinfo 1.11
- devel/libusb1/patches/patch-ub 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Tue Aug 6 08:50:28 UTC 2019
Modified Files:
pkgsrc/devel/libusb1: Makefile distinfo
Added Files:
pkgsrc/devel/libusb1/patches: patch-ub
Log Message:
libusb1: patch some undefined behaviour, disable strict aliasing, change
-O2 to -O1 when building with clang.
This isn't in a separate hacks.mk file because I think that hides the
problem too much, it's an issue with the code in the package, not with
the compiler's choices.
Fixes functionality when built with clang.
>From Shingo Nishioka in PR pkg/54441.
|
|
textproc/ruby-yard: security fix
Revisions pulled up:
- textproc/ruby-yard/Makefile 1.11
- textproc/ruby-yard/PLIST 1.9
- textproc/ruby-yard/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 5 09:55:00 UTC 2019
Modified Files:
pkgsrc/textproc/ruby-yard: Makefile PLIST distinfo
Log Message:
textproc/ruby-yard: update to 0.9.20
Update ruby-yard to 0.9.20, fixing CVE-2019-14369.
# 0.9.20 - June 27th, 2019
[0.9.20]: https://github.com/lsegal/yard/compare/v0.9.19...v0.9.20
- Fix parsing of stringified Symbols in Ruby source (#1256).
- Fix path traversal vulnerability in `yard server`. This bug would allow
unsanitized HTTP requests to access arbitrary files on the machine of a
`yard server` host under certain conditions. Thanks to CuongMX from
Viettel Cyber Security for discovering this vulnerability.
# 0.9.19 - April 2nd, 2019
[0.9.19]: https://github.com/lsegal/yard/compare/v0.9.16...v0.9.19
- Fixed bug in browser back button (#1071, #1228)
- Fixed handling of ArgumentError in ExtraFileObject (#1198)
- Fixed double return tag displaying on boolean methods (#1226)
- Removed unused `Module#namespace_name` function (#1229)
- Fixed parsing order of README files. YARD will now prefer README over
README.md over README.x.md or README-x.md (and the like). READMEs will now
also be ordered by filename; the first README is still chosen unless
`--readme` is provided.
- Updated AsciiDoc markup support to use non-deprecated calls.
|
|
lang/php71: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.265
- lang/php71/distinfo 1.53
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 1 14:20:58 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: update to 7.1.31
01 Aug 2019, PHP 7.1.31
- SQLite:
. Upgraded to SQLite 3.28.0. (cmb)
- EXIF:
. Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
(CVE-2019-11042) (Stas)
. Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
(CVE-2019-11041) (Stas)
- Phar:
. Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.262-1.263
- lang/php73/distinfo 1.9-1.10
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 8 13:20:29 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.7
Update php73 to 7.3.7.
04 Jul 2019, PHP 7.3.7
- Core:
. Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
(Nikita)
- DOM:
. Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
(cmb)
- MySQLi:
. Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
error message). (Sjon Hortensius)
. Fixed bug #38546 (bindParam incorrect processing of bool types).
(camporter)
- MySQLnd:
. Fixed bug #77955 (Random segmentation fault in mysqlnd from php-fpm).
(Nikita)
- Opcache:
. Fixed bug #78015 (Incorrect evaluation of expressions involving partials
arrays in SCCP). (Nikita)
. Fixed bug #78106 (Path resolution fails if opcache disabled during request).
(Nikita)
- OpenSSL:
. Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
(Jakub Zelenka)
- phpdbg:
. Fixed bug #78050 (SegFault phpdbg + opcache on include file twice).
(Nikita)
- Sockets:
. Fixed bug #78038 (Socket_select fails when resource array contains
references). (Nikita)
- Sodium:
. Fixed bug #78114 (segfault when calling sodium_* functions from eval). (cmb)
- Standard:
. Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
(Craig Duncan, Dmitry)
. Fixed bug ##77937 (preg_match failed). (cmb, Anatol)
- Zip:
. Fixed bug #76345 (zip.h not found). (Michael Maroszek)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 1 14:14:04 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.8
01 Aug 2019, PHP 7.3.8
- Core:
. Added syslog.filter=raw option. (Erik Lundin)
. Fixed bug #78212 (Segfault in built-in webserver). (cmb)
- Date:
. Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
. Updated timelib to 2018.02. (Derick)
- EXIF:
. Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
(CVE-2019-11042) (Stas)
. Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
(CVE-2019-11041) (Stas)
- FTP:
. Fixed bug #78039 (FTP with SSL memory leak). (Nikita)
- Libxml:
. Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
requests (cgi-fcgi)). (Nikita)
- LiteSpeed:
. Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from
100 to 1000, added crash handler to cleanly shutdown PHP request, added
CloudLinux mod_lsapi mode). (George Wang)
. Fixed bug #76058 (After "POST data can't be buffered", using php://input
makes huge tmp files). (George Wang)
- Openssl:
. Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported
socket-to-stream). (Nikita)
- Opcache:
. Fixed bug #78341 (Failure to detect smart branch in DFA pass). (Nikita)
. Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
. Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
(cmb)
. Fixed bug #78271 (Invalid result of if-else). (Nikita)
. Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
(Andrew Collington)
- PCRE:
. Fixed bug #78338 (Array cross-border reading in PCRE). (cmb)
. Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx"
version strings). (pgnet, Peter Kokot)
- PDO_Sqlite:
. Fixed bug #78192 (SegFault when reuse statement after schema has changed).
(Vincent Quatrevieux)
- Phar:
. Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
- Phpdbg:
. Fixed bug #78297 (Include unexistent file memory leak). (Nikita)
- SQLite:
. Upgraded to SQLite 3.28.0. (cmb)
- Standard:
. Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)
. Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)
|
|
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.261,1.264
- lang/php72/distinfo 1.42-1.43
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 8 13:18:52 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.20
Update php72 to 7.2.20.
04 Jul 2019, PHP 7.2.20
- Core:
. Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
(Nikita)
- DOM:
. Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
(cmb)
- MySQLi:
. Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
error message). (Sjon Hortensius)
. Fixed bug #38546 (bindParam incorrect processing of bool types).
(camporter)
- Opcache:
. Fixed bug #78106 (Path resolution fails if opcache disabled during request).
(Nikita)
. Fixed bug #78185 (File cache no longer works). (Dmitry)
- OpenSSL:
. Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
(Jakub Zelenka)
- Sockets:
. Fixed bug #78038 (Socket_select fails when resource array contains
references). (Nikita)
- Standard:
. Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
(Craig Duncan, Dmitry)
. Fixed bug ##77937 (preg_match failed). (cmb, Anatol)
- Zip:
. Fixed bug #76345 (zip.h not found). (Michael Maroszek)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 1 14:19:40 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.21
01 Aug 2019, PHP 7.2.21
- Date:
. Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
- EXIF:
. Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
(CVE-2019-11042) (Stas)
. Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
(CVE-2019-11041) (Stas)
- Fileinfo:
. Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
(Joshua Westerheide)
- FTP:
. Fixed bug #77124 (FTP with SSL memory leak). (Nikita)
- Libxml:
. Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
requests (cgi-fcgi)). (Nikita)
- LiteSpeed:
. Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from
100 to 1000, added crash handler to cleanly shutdown PHP request, added
CloudLinux mod_lsapi mode). (George Wang)
. Fixed bug #76058 (After "POST data can't be buffered", using php://input
makes huge tmp files). (George Wang)
- Openssl:
. Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported
socket-to-stream). (Nikita)
- OPcache:
. Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
. Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
(cmb)
. Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
(Andrew Collington)
- Phar:
. Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
- Phpdbg:
. Fixed bug #78297 (Include unexistent file memory leak). (Nikita)
- PDO_Sqlite:
. Fixed bug #78192 (SegFault when reuse statement after schema has changed).
(Vincent Quatrevieux)
- SQLite:
. Upgraded to SQLite 3.28.0. (cmb)
- Standard:
. Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
(cmb)
. Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)
- XMLRPC:
. Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
(Asher Baker)
|
|
|
|
devel/pango: security fix
Revisions pulled up:
- devel/pango/Makefile 1.221
- devel/pango/distinfo 1.119
- devel/pango/patches/patch-pango_pango-bidi-type.c 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Thu Aug 1 10:09:38 UTC 2019
Modified Files:
pkgsrc/devel/pango: Makefile distinfo
Added Files:
pkgsrc/devel/pango/patches: patch-pango_pango-bidi-type.c
Log Message:
pango: patch buffer overflow (CVE-2019-1010238)
bump pkgrevision.
|
|
net/youtube-dl: update
Revisions pulled up:
- net/youtube-dl/Makefile 1.177-1.182
- net/youtube-dl/PLIST 1.88-1.90
- net/youtube-dl/distinfo 1.160-1.165
---
Module Name: pkgsrc
Committed By: leot
Date: Sun Jun 30 19:26:32 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile PLIST distinfo
Log Message:
youtube-dl: Update to 20190627
Changes:
20190627
--------
Extractors
+ [go] Add support for disneynow.com (#21528)
* [mixer:vod] Relax URL regular expression (#21531, #21536)
* [drtv] Relax URL regular expression
* [fusion] Fix extraction (#17775, #21269)
- [nfb] Remove extractor (#21518)
+ [beeg] Add support for api/v6 v2 URLs (#21511)
+ [brightcove:new] Add support for playlists (#21331)
+ [openload] Add support for oload.life (#21495)
* [vimeo:channel,group] Make title extraction non fatal
* [vimeo:likes] Implement extrator in terms of channel extractor (#21493)
+ [pornhub] Add support for more paged video sources
+ [pornhub] Add support for downloading single pages and search pages (#15570)
* [pornhub] Rework extractors (#11922, #16078, #17454, #17936)
+ [youtube] Add another signature function pattern
* [tf1] Fix extraction (#21365, #21372)
* [crunchyroll] Move Accept-Language workaround to video extractor since
it causes playlists not to list any videos
* [crunchyroll:playlist] Fix and relax title extraction (#21291, #21443)
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Jul 3 10:36:06 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20190702
Changes:
2019.07.02
----------
Core
+ [utils] Introduce random_user_agent and use as default User-Agent (#21546)
Extractors
+ [vevo] Add support for embed.vevo.com URLs (#21565)
+ [openload] Add support for oload.biz (#21574)
* [xiami] Update API base URL (#21575)
* [yourporn] Fix extraction (#21585)
+ [acast] Add support for URLs with episode id (#21444)
+ [dailymotion] Add support for DM.player embeds
* [soundcloud] Update client id
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Jul 11 18:56:16 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile PLIST distinfo
Log Message:
youtube-dl: Update to 20190712
Changes:
2019.07.12
----------
Core
+ [adobepass] Add support for AT&T U-verse (mso ATT) (#13938, #21016)
Extractors
+ [mgtv] Pass Referer HTTP header for format URLs (#21726)
+ [beeg] Add support for api/v6 v2 URLs without t argument (#21701)
* [voxmedia:volume] Improvevox embed extraction (#16846)
* [funnyordie] Move extraction to VoxMedia extractor (#16846)
* [gameinformer] Fix extraction (#8895, #15363, #17206)
* [funk] Fix extraction (#17915)
* [packtpub] Relax lesson URL regular expression (#21695)
* [packtpub] Fix extraction (#21268)
* [philharmoniedeparis] Relax URL regular expression (#21672)
* [peertube] Detect embed URLs in generic extraction (#21666)
* [mixer:vod] Relax URL regular expression (#21657, #21658)
+ [lecturio] Add support id based URLs (#21630)
+ [go] Add site info for disneynow (#21613)
* [ted] Restrict info regular expression (#21631)
* [twitch:vod] Actualize m3u8 URL (#21538, #21607)
* [vzaar] Fix videos with empty title (#21606)
* [tvland] Fix extraction (#21384)
* [arte] Clean extractor (#15583, #21614)
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Jul 17 09:55:56 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile PLIST distinfo
Log Message:
youtube-dl: Update to 20190716
Changes:
2019.07.16
----------
Extractors
+ [asiancrush] Add support for yuyutv.com, midnightpulp.com and cocoro.tv
(#21281, #21290)
* [kaltura] Check source format URL (#21290)
* [ctsnews] Fix YouTube embeds extraction (#21678)
+ [einthusan] Add support for einthusan.com (#21748, #21775)
+ [youtube] Add support for invidious.mastodon.host (#21777)
+ [gfycat] Extend URL regular expression (#21779, #21780)
* [youtube] Restrict is_live extraction (#21782)
2019.07.14
----------
Extractors
* [porn91] Fix extraction (#21312)
+ [yandexmusic] Extract track number and disk number (#21421)
+ [yandexmusic] Add support for multi disk albums (#21420, #21421)
* [lynda] Handle missing subtitles (#20490, #20513)
+ [youtube] Add more invidious instances to URL regular expression (#21694)
* [twitter] Improve uploader id extraction (#21705)
* [spankbang] Fix and improve metadata extraction
* [spankbang] Fix extraction (#21763, #21764)
+ [dlive] Add support for dlive.tv (#18080)
+ [livejournal] Add support for livejournal.com (#21526)
* [roosterteeth] Fix free episode extraction (#16094)
* [dbtv] Fix extraction
* [bellator] Fix extraction
- [rudo] Remove extractor (#18430, #18474)
* [facebook] Fallback to twitter:image meta for thumbnail extraction (#21224)
* [bleacherreport] Fix Bleacher Report CMS extraction
* [espn] Fix fivethirtyeight.com extraction
* [5tv] Relax video URL regular expression and support https URLs
* [youtube] Fix is_live extraction (#21734)
* [youtube] Fix authentication (#11270)
---
Module Name: pkgsrc
Committed By: leot
Date: Sat Jul 27 20:22:53 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20190727
Changes:
20190727
--------
Extractors
+ [yahoo:japannews] Add support for yahoo.co.jp (#21698, #21265)
+ [discovery] Add support go.discovery.com URLs
* [youtube:playlist] Relax video regular expression (#21844)
* [generic] Restrict --default-search schemeless URLs detection pattern
(#21842)
* [vrv] Fix CMS signing query extraction (#21809)
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Jul 31 13:51:52 UTC 2019
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20190730
Changes:
20190730
--------
Extractors
* [youtube] Fix and improve title and description extraction (#21934)
|
|
mail/exim: security fix
Revisions pulled up:
- mail/exim/Makefile 1.168
- mail/exim/distinfo 1.71
---
Module Name: pkgsrc
Committed By: abs
Date: Sun Jul 28 21:17:28 UTC 2019
Modified Files:
pkgsrc/mail/exim: Makefile distinfo
Log Message:
Updated mail/exim to 4.92.1
Exim version 4.92.1
-------------------
JH/31 Avoid re-expansion in ${sort } expansion.
(CVE-2019-13917, OVE-20190718-0006)
|
|
audio/jack: build fix
Revisions pulled up:
- audio/jack/buildlink3.mk 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 26 11:47:00 UTC 2019
Modified Files:
pkgsrc/audio/jack: buildlink3.mk
Log Message:
jack: Add BDB_ACCEPTED to buildlink3.mk
|
|
audio/mpg123: security fix
Revisions pulled up:
- audio/mpg123/Makefile 1.58
- audio/mpg123/Makefile.common 1.49
- audio/mpg123/distinfo 1.49
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jul 27 15:14:40 UTC 2019
Modified Files:
pkgsrc/audio/mpg123: Makefile Makefile.common distinfo
Log Message:
mpg123: Update to 1.25.11
libmpg123:
* Fix out-of-bounds reads in ID3 parser for unsynced frames. (oss-fuzz-bug 15852)
* Fix out-of-bounds read for RVA2 frames with non-delimited identifier. (oss-fuzz-bug 15852)
* Fix implementation-defined parsing of RVA2 values. (oss-fuzz-bug 15862)
* Fix undefined parsing of APE header for skipping. Also prevent endless loop on premature end of supposed APE header. (oss-fuzz-bug 15864)
* Fix some syntax to make pedantic compiler happy.
The serious bugs trigger Denial of Service either via the nasty endless
loop in supposed APE tags or by crashes if the invalid reads hit a
diagnostic by the OS or, more likely, a security mechanism like the
sanitizer instrumentation that enabled finding the bugs.
I do not have CVE numbers for these bugs.
I rather fix the bugs than name them. Just update, will you?
|
|
devel/subversion: build fix
Revisions pulled up:
- devel/subversion/distinfo 1.113
- devel/subversion/patches/patch-configure 1.5
- devel/subversion/patches/patch-subversion_bindings_swig_python_libsvn_swig_py_swigutil_py.c 1.1
---
Module Name: pkgsrc
Committed By: markd
Date: Wed Jul 3 10:42:54 UTC 2019
Modified Files:
pkgsrc/devel/subversion: distinfo
pkgsrc/devel/subversion/patches: patch-configure
Added Files:
pkgsrc/devel/subversion/patches:
patch-subversion_bindings_swig_python_libsvn_swig_py_swigutil_py.c
Log Message:
subversion: more reliable fix for APR 1.7.0
From: Stefan Sperling <stsp%apache.org@localhost>
Date: Fri, 12 Apr 2019 09:27:33 +0000
Subject: [PATCH] Get rid of apr_int64_t format string check in swig py
configure.
This check relied on APR implementation details and broke with APR 1.7.0.
Rather than trying to guess a perfect format string to use, just use the
largest possible format and cast the argument accordingly.
Should fix build against APR 1.7.0 and later.
Suggested by: brane
* build/ac-macros/swig.m4: Remove code related to SVN_APR_INT64_T_PYCFMT.
* subversion/bindings/swig/python/libsvn_swig_py/swigutil_py.c
(svn_swig_py_client_blame_receiver_func): Stop relying on the
SVN_APR_INT64_T_PYCFMT constant from configure. Use "L" and
acast to PY_LONG_LONG instead.
|
