| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.9
- www/firefox68-l10n/distinfo 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Mar 12 19:54:45 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.6.0
Sync with firefox68
|
|
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.15
- www/firefox68/PLIST 1.5
- www/firefox68/distinfo 1.11
- www/firefox68/mozilla-common.mk 1.7
- www/firefox68/options.mk 1.8
- www/firefox68/patches/patch-aa 1.2
- www/firefox68/patches/patch-build_moz.configure_old.configure deleted
- www/firefox68/patches/patch-dom_media_CubebUtils.cpp 1.2
- www/firefox68/patches/patch-media_libcubeb_src_cubeb.c 1.2
- www/firefox68/patches/patch-media_libcubeb_src_cubeb__oss.c deleted
- www/firefox68/patches/patch-media_libcubeb_src_moz.build 1.2
- www/firefox68/patches/patch-media_libcubeb_update.sh 1.2
- www/firefox68/patches/patch-toolkit_library_moz.build 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Mar 12 19:39:35 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile PLIST distinfo mozilla-common.mk
options.mk
pkgsrc/www/firefox68/patches: patch-aa patch-dom_media_CubebUtils.cpp
patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_src_moz.build
patch-media_libcubeb_update.sh patch-toolkit_library_moz.build
Removed Files:
pkgsrc/www/firefox68/patches: patch-build_moz.configure_old.configure
patch-media_libcubeb_src_cubeb__oss.c
Log Message:
firefox68: Update to 68.6.0
While here,
- Remove OSS support now that cubeb_sun has been stable for a long while
- Appease pkglint
Security fixes in this release:
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable
#CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
|
|
|
|
www/ruby-puma: security fix
Revisions pulled up:
- www/ruby-puma/Makefile 1.21-1.22
- www/ruby-puma/distinfo 1.16-1.17
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Feb 29 02:19:55 UTC 2020
Modified Files:
pkgsrc/www/ruby-puma: Makefile distinfo
Log Message:
www/ruby-puma: update to 4.3.2
Update ruby-puma to 4.3.2.
## 4.3.2 and 3.12.3 / 2020-02-27
* Security
* Fix: Prevent HTTP Response splitting via CR/LF in header
values. CVE-2020-5247.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Mar 1 02:52:25 UTC 2020
Modified Files:
pkgsrc/www/ruby-puma: Makefile distinfo
Log Message:
www/ruby-puma: update to 4.3.3
Update ruby-puma to 4.3.3.
## 4.3.3 and 3.12.4 / 2020-02-28
* Bugfixes
* Fix: Fixes a problem where we weren't splitting headers correctly on newlines (#2132)
* Security
* Fix: Prevent HTTP Response splitting via CR in early hints.
|
|
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.289
- lang/php72/distinfo 1.52
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 20 14:47:55 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.28
Update php72 to 7.2.28 (PHP 7.2.28).
20 Feb 2020, PHP 7.2.28
- DOM:
. Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita,
cmb)
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
|
|
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.288
- lang/php74/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 20 14:45:19 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.3
Update php74 to 7.4.3 (PHP 7.4.3).
20 Feb 2020, PHP 7.4.3
- Core:
. Fixed bug #79146 (cscript can fail to run on some systems). (clarodeus)
. Fixed bug #79155 (Property nullability lost when using multiple property
definition). (Nikita)
. Fixed bug #78323 (Code 0 is returned on invalid options). (Ivan Mikheykin)
. Fixed bug #78989 (Delayed variance check involving trait segfaults).
(Nikita)
. Fixed bug #79174 (cookie values with spaces fail to round-trip). (cmb)
. Fixed bug #76047 (Use-after-free when accessing already destructed
backtrace arguments). (Nikita)
- COM:
. Fixed bug #79247 (Garbage collecting variant objects segfaults). (cmb)
- CURL:
. Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
(cmb)
- FFI:
. Fixed bug #79096 (FFI Struct Segfault). (cmb)
- IMAP:
. Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure
time). (Nikita)
-Intl:
. Fixed bug #79212 (NumberFormatter::format() may detect wrong type). (cmb)
- Libxml:
. Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
(Nikita, cmb)
- MBString:
. Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).
(cmb)
- MySQLi:
. Fixed bug #78666 (Properties may emit a warning on var_dump()). (kocsismate)
- MySQLnd:
. Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
(cmb)
. Fixed bug #79011 (MySQL caching_sha2_password Access denied for password
with more than 20 chars). (Nikita)
- Opcache:
. Fixed bug #79114 (Eval class during preload causes class to be only half
available). (Laruence)
. Fixed bug #79128 (Preloading segfaults if preload_user is used). (Nikita)
. Fixed bug #79193 (Incorrect type inference for self::$field =& $field).
(Nikita)
- OpenSSL:
. Fixed bug #79145 (openssl memory leak). (cmb, Nikita)
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
. Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
(CVE-2020-7061) (cmb)
. Fixed bug #76584 (PharFileInfo::decompress not working). (cmb)
- Reflection:
. Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
__destruct). (Nikita)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
- Standard:
. Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
. Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null). (kocsismate)
- Testing:
. Fixed bug #78090 (bug45161.phpt takes forever to finish). (cmb)
- XSL:
. Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). (cmb)
- Zip:
. Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0). (Remi)
. Add ZipArchive::RDONLY (since libzip 1.0.0). (Remi)
. Add ZipArchive::ER_* missing constants. (Remi)
. Add ZipArchive::LIBZIP_VERSION constant. (Remi)
. Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method). (Remi)
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.287
- lang/php73/distinfo 1.19
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 20 14:43:18 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.15
Update php73 to 7.3.15 (PHP 7.3.15).
20 Feb 2020, PHP 7.3.15
- Core:
. Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not
supported). (Nikita)
. Fixed bug ##79146 (cscript can fail to run on some systems). (clarodeus)
. Fixed bug #78323 (Code 0 is returned on invalid options). (Ivan Mikheykin)
. Fixed bug #76047 (Use-after-free when accessing already destructed
backtrace arguments). (Nikita)
- CURL:
. Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
(cmb)
-Intl:
. Fixed bug #79212 (NumberFormatter::format() may detect wrong type). (cmb)
- Libxml:
. Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
(Nikita, cmb)
- MBString:
. Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). (cmb)
- MySQLnd:
. Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
(cmb)
- OpenSSL:
. Fixed bug #79145 (openssl memory leak). (cmb, Nikita)
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have
all-access permissions). (CVE-2020-7063) (stas)
. Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
(CVE- 2020-7061) (cmb)
. Fixed bug #76584 (PharFileInfo::decompress not working). (cmb)
- Reflection:
. Fixed bug #79115 (ReflectionClass::isCloneable call reflected class
__destruct). (Nikita)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress).
(CVE-2020-7062) (stas)
- SPL:
. Fixed bug #79151 (heap use after free caused by
spl_dllist_it_helper_move_forward). (Nikita)
- Standard:
. Fixed bug #78902 (Memory leak when using stream_filter_append). (liudaixiao)
- Testing:
. Fixed bug #78090 (bug45161.phpt takes forever to finish). (cmb)
- XSL:
. Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). (cmb)
|
|
security/mbedtls: security fix
Revisions pulled up:
- security/mbedtls/Makefile 1.12
- security/mbedtls/PLIST 1.6
- security/mbedtls/distinfo 1.8
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Feb 29 11:45:02 UTC 2020
Modified Files:
pkgsrc/security/mbedtls: Makefile PLIST distinfo
Log Message:
mbedtls: Update to 2.16.5
= mbed TLS 2.16.5 branch released 2020-02-20
Security
* Fix potential memory overread when performing an ECDSA signature
operation. The overread only happens with cryptographically low
probability (of the order of 2^-n where n is the bitsize of the curve)
unless the RNG is broken, and could result in information disclosure or
denial of service (application crash or extra resource consumption).
Found by Auke Zeilstra and Peter Schwabe, using static analysis.
* To avoid a side channel vulnerability when parsing an RSA private key,
read all the CRT parameters from the DER structure rather than
reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob
Brumley. Reported and fix contributed by Jack Lloyd.
ARMmbed/mbed-crypto#352
Bugfix
* Fix an unchecked call to mbedtls_md() in the x509write module.
* Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some
RSA keys that would later be rejected by functions expecting private
keys. Found by Catena cyber using oss-fuzz (issue 20467).
* Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some
RSA keys with invalid values by silently fixing those values.
|
|
|
|
www/wordpress: security fix
Revisions pulled up:
- www/wordpress/Makefile 1.91
- www/wordpress/PLIST 1.42
- www/wordpress/distinfo 1.73
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Feb 23 09:59:42 UTC 2020
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to version 5.3.2.
Changes:
Version 5.3.2:
Maintenance updates
- Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the .active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.
Version 5.3.1:
Security fixes
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
Maintenance updates
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user’s locale instead of the site locale.
|
|
chat/weechat: security fix
Revisions pulled up:
- chat/weechat/Makefile 1.110
- chat/weechat/distinfo 1.59
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Feb 23 12:42:49 UTC 2020
Modified Files:
pkgsrc/chat/weechat: Makefile distinfo
Log Message:
weechat: Update to 2.7.1
== Version 2.7.1 (2020-02-20)
Bug fixes::
* irc: fix crash when receiving a malformed message 352 (who)
* irc: fix crash when a new message 005 is received with longer nick prefixes
* irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)
|
|
|
|
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.7
- www/firefox68-l10n/distinfo 1.6
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Feb 15 12:55:12 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.5.0
Sync with firefox68.
|
|
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.12
- www/firefox68/PLIST 1.4
- www/firefox68/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Feb 15 12:48:22 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile PLIST distinfo
Log Message:
firefox68: Update to 68.5.0
Security Vulnerabilities fixed in Firefox ESR68.5
# CVE-2020-6796: Missing bounds check on shared memory read in the parent process
# CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
# CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
# CVE-2020-6799: Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader
Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected.
# CVE-2020-6800: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
|
|
|
|
security/clamav: security fix + partial fix for PR pkg/54951
Revisions pulled up:
- security/clamav/Makefile 1.60-1.62
- security/clamav/Makefile.common 1.14-1.15
- security/clamav/distinfo 1.32
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jan 12 20:20:50 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile
Log Message:
*: Recursive revbump from devel/boost-libs
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Jan 26 17:32:28 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile.common
Log Message:
all: migrate homepages from http to https
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Feb 15 02:40:43 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
Log Message:
security/clamav: update to 0.102.2
Update clamav to 0.102.2.
## 0.102.2
ClamAV 0.102.2 is a bug patch release to address the following issues.
- [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123):
An Denial-of-Service (DoS) condition may occur when using the optional credit
card data-loss-prevention (DLP) feature. Improper bounds checking of an
unsigned variable resulted in an out-of-bounds read which causes a crash.
- Significantly improved scan speed of PDF files on Windows.
- Re-applied a fix to alleviate file access issues when scanning RAR files in
downstream projects that use libclamav where the scanning engine is operating
in a low-privelege process. This bug was originally fixed in 0.101.2 and the
fix was mistakenly omitted from 0.102.0.
- Fixed an issue wherein freshclam failed to update if the database version
downloaded is 1 version older than advertised. This situation may occur after
a new database version is published. The issue affected users downloading the
whole CVD database file.
- Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
The ReceiveTimeout had caused needless database update failures for users with
slower internet connections.
- Correctly display number of kilobytes (KiB) in progress bar and reduced the
size of the progress bar to accomodate 80-char width terminals.
- Fixed an issue where running freshclam manually causes a daemonized freshclam
process to fail when it updates because the manual instance deletes the
temporary download directory. Freshclam temporary files will now download to a
unique directory created at the time of an update instead of using a hardcoded
directory created/destroyed at the program start/exit.
- Fix for Freshclam's OnOutdatedExecute config option.
- Fixes a memory leak in the error condition handling for the email parser.
- Improved bound checking and error handling in ARJ archive parser.
- Improved error handling in PDF parser.
- Fix for memory leak in byte-compare signature handler.
- Updates to the unit test suite to support libcheck 0.13.
- Updates to support autoconf 2.69 and automake 1.15.
Special thanks to the following for code contributions and bug reports:
- Antoine Deschênes
- Eric Lindblad
- Gianluigi Tiesi
- Tuomo Soini
|
|
mail/dovecot2: security fix
Revisions pulled up:
- mail/dovecot2-ldap/Makefile 1.5-1.6
- mail/dovecot2-pigeonhole/Makefile 1.55
- mail/dovecot2/Makefile 1.102-1.103
- mail/dovecot2/Makefile.common 1.38
- mail/dovecot2/buildlink3.mk 1.33
- mail/dovecot2/distinfo 1.102
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/mail/dovecot2: Makefile buildlink3.mk
pkgsrc/mail/dovecot2-ldap: Makefile
pkgsrc/mail/dovecot2-pigeonhole: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 12 14:01:59 UTC 2020
Modified Files:
pkgsrc/mail/dovecot2: Makefile Makefile.common distinfo
pkgsrc/mail/dovecot2-ldap: Makefile
Log Message:
mail/dovecot2: update to 2.3.9.3
Update dovecot2 to 2.3.9.3, security release.
v2.3.9.3 2019-02-12 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2020-7046: Truncated UTF-8 can be used to DoS
submission-login and lmtp processes.
* CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
|
|
|
branch, reverted.
Thanks to leot@ for alerting me.
|
|
Pkgsrc changes:
* Adjust line numbers in patch.
Upstream changes:
The 1.10.0 release has RPZ support and serve stale functionality
according to draft draft-ietf-dnsop-serve-stale-10. And a number of
other, smaller, features, and bug fixes.
The DNS Response Policy Zones (RPZ) functionality makes it possible
to express DNS response policies in a DNS zone. These zones can
be loaded from file or transferred over DNS zone transfers or
HTTP. The RPZ functionality in Unbound is implemented as specified in
draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address
triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA,
PASSTHRU, DROP and Local Data.
Enabling the respip module using `module-config` is required to use
RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses
are applied in order of configuration. Unbound can get the data from
zone transfer, a zonefile or https url, and more options are documented
in the man page. A minimal RPZ configuration that will transfer the
RPZ zone using AXFR and IXFR can look like:
server:
module-config: "respip validator iterator"
rpz:
name: "rpz.example.com" # name of the policy zone
master: 192.0.2.0 # address of the name server to transfer from
The serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10 is now supported in unbound.
This allows unbound to first try and resolve a domain name before
replying with expired data from cache. This differs from unbound's
initial serve-expired behavior which attempts to reply with expired
entries from cache without waiting for the actual resolution to finish.
Both behaviors are available and can be configured with the various
serve-expired-* configuration options. serve-expired-client-timeout is
the option that enables one or the other.
The DSA algorithms have been disabled by default, this is because of
RFC 8624.
There is a crash fix in the parse of text of type WKS, reported by
X41 D-Sec.
In addition, neg and key caches can be shared with multiple
libunbound contexts, a change that assists unwind. The
contrib/unbound_portable.service provides a systemd start file for a
portable setup. The configure --with-libbsd option allows the use
of the bsd compatibility library so that it can use the arc4random
from it. The stats in contrib/unbound_munin_ have num.query.tls and
num.query.tls.resume added to them. For unbound-control the command
view_local_datas_remove is added that removes data from a view.
Features:
- Merge RPZ support into master. Only QNAME and Response IP triggers are
supported.
- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Merge #135 from Florian Obser: Use passed in neg and key cache
if non-NULL.
- Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance.
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
and Frzk. Updates the unbound.service systemd file and adds a portable
systemd service file.
- Merge PR#154; Allow use of libbsd functions with configure option
--with-libbsd. By Robert Edmonds and Steven Chamberlain.
- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
- Merge PR#156 from Alexander Berkes; Added unbound-control
view_local_datas_remove command.
Bug Fixes:
- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
Florian Obser
- Update mailing list URL.
- Fix #140: Document slave not downloading new zonefile upon update.
- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
The dl_iterate_phdr() function introduced in newer versions raises
compilation errors on solaris 10.
- Changes to compat/getentropy_solaris.c for,
ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion
for older systems.
- Fix 'make test' to work for --disable-sha1 configure option.
- Fix out-of-bounds null-byte write in sldns_bget_token_par while
parsing type WKS, reported by Luis Merino from X41 D-Sec.
- Updated sldns_bget_token_par fix for also space for the zero
delimiter after the character. And update for more spare space.
- Fix #138: stop binding pidfile inside chroot dir in systemd service
file.
- Fix the relationship between serve-expired and prefetch options,
patch from Saksham Manchanda from Secure64.
- Fix unreachable code in ssl set options code.
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
because dnscrypt-proxy (2.0.36) does not support the test setup
any more, and also the config file format does not seem to have the
appropriate keys to recreate that setup.
- Fix crash after reload where a stats lookup could reference old key
cache and neg cache structures.
- Fix for memory leak when edns subnet config options are read when
compiled without edns subnet support.
- Fix auth zone support for NSEC3 records without salt.
- Merge PR#150 from Frzk: Systemd unit without chroot. It add
contrib/unbound_nochroot.service.in, a systemd file for use with
chroot: "", see comments in the file, it uses systemd protections
instead. It was superceded by #151, the unbound_portable.service
file.
- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
to Libs/Requires for crypto library dependencies.
- iana portlist updated.
- Fix to silence the tls handshake errors for broken pipe and reset
by peer, unless verbosity is set to 2 or higher.
- Merge PR#147; change rfc reference for reserved top level dns names.
- Fix #157: undefined reference to `htobe64'.
- Fix subnet tests for disabled DSA algorithm by default.
- Update contrib/fastrpz.patch for clean diff with current code.
- updated .gitignore for added contrib file.
- Add build rule for ipset to Makefile
- Add getentropy_freebsd.o to Makefile dependencies.
- Fix memory leak in error condition remote.c
- Fix double free in error condition view.c
- Fix memory leak in do_auth_zone_transfer on success
- Stop working on socket when socket() call returns an error.
- Check malloc return values in TLS session ticket code
- Fix fclose on error in TLS session ticket code.
- Add assertion to please static analyzer
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
- Fix num_reply_addr counting in mesh and tcp drop due to size
after serve_stale commit.
- Fix to create and destroy rpz_lock in auth_zones structure.
- Fix to lock zone before adding rpz qname trigger.
- Fix to lock and release once in mesh_serve_expired_lookup.
- Fix to put braces around empty if body when threading is disabled.
- Fix num_reply_states and num_detached_states counting with
serve_expired_callback.
- Cleaner code in mesh_serve_expired_lookup.
- Document in unbound.conf manpage that configuration clauses can be
repeated in the configuration file.
- Document 'ub_result.was_ratelimited' in libunbound.
- Fix use after free on log-identity after a reload; Fixes #163.
- Fix with libnettle make test with dsa disabled.
- Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale
fixes, but it does not compile, conflicts with new rpz code.
- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
- Fix compile warning when threads disabled.
|
|
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.174-1.178
- security/sudo/distinfo 1.107-1.109
- security/sudo/patches/patch-Makefile.in 1.2
- security/sudo/patches/patch-configure 1.2
- security/sudo/patches/patch-include_sudo__compat.h deleted
- security/sudo/patches/patch-include_sudo__event.h deleted
- security/sudo/patches/patch-lib_util_sig2str.c deleted
- security/sudo/patches/patch-lib_util_str2sig.c deleted
- security/sudo/patches/patch-plugins_sudoers_Makefile.in 1.3
- security/sudo/patches/patch-plugins_sudoers_logging.c deleted
- security/sudo/patches/patch-plugins_sudoers_starttime.c deleted
- security/sudo/patches/patch-plugins_sudoers_sudoers.c deleted
- security/sudo/patches/patch-src_Makefile.in 1.4
- security/sudo/patches/patch-src_limits.c deleted
---
Module Name: pkgsrc
Committed By: kim
Date: Sat Dec 28 20:43:56 UTC 2019
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-Makefile.in patch-configure
patch-plugins_sudoers_Makefile.in patch-src_Makefile.in
Removed Files:
pkgsrc/security/sudo/patches: patch-include_sudo__compat.h
patch-include_sudo__event.h patch-lib_util_sig2str.c
patch-lib_util_str2sig.c patch-plugins_sudoers_logging.c
patch-plugins_sudoers_starttime.c patch-plugins_sudoers_sudoers.c
patch-src_limits.c
Log Message:
Update to sudo 1.8.30beta3
* Portability fixes from pkgsrc have been merged upstream
* Add runas_check_shell flag to require a runas user to have a valid
shell. Not enabled by default.
* Add a new flag "allow_unknown_runas_id" to control matching of unknown
IDs. Previous, sudo would always allow unknown user or group IDs if
the sudoers entry permitted it. This included the "ALL" alias. With
this change, the admin must explicitly enable support for unknown IDs.
* Transparently handle the "sudo sudoedit" problem. Some admin are
confused about how to give users sudoedit permission and many users
try to run sudoedit via sudo instead of directly. If the user runs
"sudo sudoedit" sudo will now treat it as plain "sudoedit" after
issuing a warning. If the admin has specified a fully-qualified path
for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
match accordingly. In visudo (but not sudo), a fully-qualified path
for sudoedit is now treated as an error.
* When restoring old resource limits, try to recover if we receive
EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
limit is lower than the current resource usage. This can be a problem
when restoring the old stack limit if sudo has raised it.
* Restore resource limits before executing the askpass program. Linux
with docker seems to have issues executing a program when the stack
size is unlimited. Bug #908
* macOS does not allow rlim_cur to be set to RLIM_INFINITY for
RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
setrlimit manual. Bug #904
* Use 64-bit resource limits on AIX.
---
Module Name: pkgsrc
Committed By: kim
Date: Wed Jan 1 01:47:29 UTC 2020
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
Update to sudo 1.8.30
Notable changes:
* The version string no longer has the word "beta" in it.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/security/sudo: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: triaxx
Date: Thu Jan 30 21:08:00 UTC 2020
Modified Files:
pkgsrc/security/sudo: Makefile
Log Message:
sudo: update master site
TW Aren FTP server seems down and the fetching step hangs for hours.
---
Module Name: pkgsrc
Committed By: kim
Date: Mon Feb 3 07:47:56 UTC 2020
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
Update to sudo 1.8.31
What's new:
* Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
sudoers option is enabled on systems with uni-directional pipes.
* The "sudoedit_checkdir" option now treats a user-owned directory
as writable, even if it does not have the write bit set at the
time of check. Symbolic links will no longer be followed by
sudoedit in any user-owned directory. Bug #912
* Fixed sudoedit on macOS 10.15 and above where the root file system
is mounted read-only. Bug #913.
* Fixed a crash introduced in sudo 1.8.30 when suspending sudo
at the password prompt. Bug #914.
* Fixed compilation on systems where the mmap MAP_ANON flag
is not available. Bug #915.
|
|
www/py-feedgen: security fix
Revisions pulled up:
- www/py-feedgen/Makefile 1.3
- www/py-feedgen/PLIST 1.2
- www/py-feedgen/distinfo 1.2
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Feb 4 00:18:02 UTC 2020
Modified Files:
pkgsrc/www/py-feedgen: Makefile PLIST distinfo
Log Message:
www/py-feedgen: Update to 0.9.0
This version fixes a DoS vulnerability (CVE-2020-5227).
|
|
|
|
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.286
- lang/php72/Makefile 1.23-1.24
- lang/php72/distinfo 1.51
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/lang/php72: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 25 17:24:03 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: Makefile distinfo
Log Message:
lang/php72: update to 7.2.27
Update php72 to 7.2.27 (PHP 7.2.27).
23 Jan 2020, PHP 7.2.27
- Mbstring:
. Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`).
(CVE-2020-7060) (Nikita)
- Session:
. Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb, Nikita)
- Standard:
. Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb)
|
|
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.285
- lang/php74/Makefile 1.3-1.5
- lang/php74/Makefile.php 1.2
- lang/php74/PLIST 1.2
- lang/php74/distinfo 1.4
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/lang/php74: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jan 21 14:16:27 UTC 2020
Modified Files:
pkgsrc/lang/php74: Makefile Makefile.php PLIST
Log Message:
lang/php74: switch to use external pcre
Switch to use external pcre, fixing PR pkg/54793.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 25 17:22:49 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: Makefile distinfo
Log Message:
lang/php74: update to 7.4.2
Update php74 to 7.4.2 (PHP 7.4.2).
23 Jan 2020, PHP 7.4.2
- Core:
. Preloading support on Windows has been disabled. (Nikita)
. Fixed bug #79022 (class_exists returns True for classes that are no=
t ready
to be used). (Laruence)
. Fixed bug #78929 (plus signs in cookie values are converted to spac=
es).
(Alexey Kachalin)
. Fixed bug #78973 (Destructor during CV freeing causes segfault if o=
pline
never saved). (Nikita)
. Fixed bug #78776 (Abstract method implementation from trait does no=
t check
"static"). (Nikita)
. Fixed bug #78999 (Cycle leak when using function result as temporar=
y).
(Dmitry)
. Fixed bug #79008 (General performance regression with PHP 7.4 on Wi=
ndows).
(cmb)
. Fixed bug #79002 (Serializing uninitialized typed properties with _=
_sleep
makes unserialize throw). (Nikita)
- CURL:
. Fixed bug #79033 (Curl timeout error with specific url and post). (=
cmb)
. Fixed bug #79063 (curl openssl does not respect PKG_CONFIG_PATH). (=
Nikita)
- Date:
. Fixed bug #79015 (undefined-behavior in php_date.c). (cmb)
- DBA:
. Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit re=
ached).
(cmb)
- Exif:
. Fixed bug #79046 (NaN to int cast undefined behavior in exif). (Nik=
ita)
- Fileinfo:
. Fixed bug #74170 (locale information change after mime_content_type=
).
(Sergei Turchanov)
- GD:
. Fixed bug #79067 (gdTransformAffineCopy() may use unitialized value=
s). (cmb)
. Fixed bug #79068 (gdTransformAffineCopy() changes interpolation met=
hod).
(cmb)
- Libxml:
. Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). (Laru=
ence)
- Mbstring:
. Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wc=
har`).
(CVE-2020-7060) (Nikita)
- OPcache:
. Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS). =
(Dmitry)
. Fixed bug #78950 (Preloading trait method with static variables). (=
Nikita)
. Fixed bug #78903 (Conflict in RTD key for closures results in crash=
).
(Nikita)
. Fixed bug #78986 (Opcache segfaults when inheriting ctor from immut=
able
into mutable class). (Nikita)
. Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR)=
. (cmb)
. Fixed bug #79055 (Typed property become unknown with OPcache file c=
ache).
(Nikita)
- Pcntl:
. Fixed bug #78402 (Converting null to string in error message is bad=
DX).
(SAT=D2 Kentar=F2)
- PDO_PgSQL:
. Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). (SA=
T=D2
Kentar=F2)
. Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection). (SAT=
=D2
Kentar=F2)
. Fixed bug #78982 (pdo_pgsql returns dead persistent connection). (S=
AT=D2
Kentar=F2)
- Session:
. Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb=
,
Nikita)
. Fixed bug #79031 (Session unserialization problem). (Nikita)
- Shmop:
. Fixed bug #78538 (shmop memory leak). (cmb)
- Sqlite3:
. Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during
compilation). (Nikita)
- Spl:
. Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure). (c=
mb)
- Standard:
. Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). =
(cmb)
. Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as erro=
r).
(Nikita)
. Fixed bug #54298 (Using empty additional_headers adding extraneous =
CRLF).
(cmb)
|
|
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.86-1.89
- net/samba4/PLIST 1.25
- net/samba4/distinfo 1.39-1.41
- net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build 1.1
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Dec 30 13:58:35 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.11.4
Changes since 4.11.3:
* BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode
number.
* BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum()
on an SMB1 connection.
* BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx.
* BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if
encrypting an interim response.
* BUG 14205: Prevent smbd crash after invalid SMB1 negprot.
* BUG 13745: s3:printing: Fix %J substition.
* BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context().
* BUG 14069: Incomplete conversion of former parametric options.
* BUG 14070: Fix sync dosmode fallback in async dosmode codepath.
* BUG 14171: vfs_fruit returns capped resource fork length.
* BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries.
* BUG 14211: smbd: Increase a debug level.
* BUG 14153: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant.
* BUG 14179: krb5_plugin: Fix developer build with newer heimdal system
library.
* BUG 14168: replace: Only link libnsl and libsocket if requrired.
* BUG 14175: ctdb: Incoming queue can be orphaned causing communication
breakdown.
* BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take
cross-answers or cross-execute.
* BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in
asn1_compile-generated code.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Jan 8 10:40:03 UTC 2020
Modified Files:
pkgsrc/net/samba4: distinfo
Added Files:
pkgsrc/net/samba4/patches:
patch-source4_utils_oLschema2ldif_wscript__build
Log Message:
samba4: Disable more fmemopen utilities on SunOS.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jan 21 14:12:36 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.11.5
Update samba4 to 4.11.5.
==============================
Release Notes for Samba 4.11.5
January 21, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
=======
Details
=======
o CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 27 14:04:13 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
net/samba4: update depdendency
Update dependency for daabases/ldb and devel/talloc.
Bump PKGREVISION.
|
|
databases/ldb: dependent update (for samba4)
Revisions pulled up:
- databases/ldb/Makefile 1.9
- databases/ldb/distinfo 1.5
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Dec 30 09:43:54 UTC 2019
Modified Files:
pkgsrc/databases/ldb: Makefile distinfo
Log Message:
ldb: updated to 2.0.8
2.0.8:
Unknown changes
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.284
- lang/php73/Makefile 1.8-1.9
- lang/php73/distinfo 1.18
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/lang/php73: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 25 17:21:14 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: Makefile distinfo
Log Message:
lang/php73: update to 7.3.14.
Update php73 to 7.3.14 (PHP 7.3.14).
23 Jan 2020, PHP 7.3.14
- Core
. Fixed bug #78999 (Cycle leak when using function result as temporar=
y).
(Dmitry)
- CURL:
. Fixed bug #79033 (Curl timeout error with specific url and post). (=
cmb)
- Date:
. Fixed bug #79015 (undefined-behavior in php_date.c). (cmb)
- DBA:
. Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit re=
ached).
(cmb)
- Fileinfo:
. Fixed bug #74170 (locale information change after mime_content_type=
).
(Sergei Turchanov)
- GD:
. Fixed bug #78923 (Artifacts when convoluting image with transparenc=
y).
(wilson chen)
. Fixed bug #79067 (gdTransformAffineCopy() may use unitialized value=
s). (cmb)
. Fixed bug #79068 (gdTransformAffineCopy() changes interpolation met=
hod).
(cmb)
- Libxml:
. Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). (Laru=
ence)
- Mbstring:
. Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wc=
har`).
(CVE-2020-7060) (Nikita)
- OPcache:
. Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR)=
. (cmb)
- Pcntl:
. Fixed bug #78402 (Converting null to string in error message is bad=
DX).
(SAT=D2 Kentar=F2)
- PDO_PgSQL:
. Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). (SA=
T=D2
Kentar=F2)
. Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection). (SAT=
=D2
Kentar=F2)
. Fixed bug #78982 (pdo_pgsql returns dead persistent connection). (S=
AT=D2
Kentar=F2)
- Session:
. Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb=
, Nikita)
- Shmop:
. Fixed bug #78538 (shmop memory leak). (cmb)
- Standard:
. Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). =
(cmb)
. Fixed bug #54298 (Using empty additional_headers adding extraneous =
CRLF).
(cmb)
|
|
www/awstats: security fix
Revisions pulled up:
- www/awstats/Makefile 1.64
- www/awstats/distinfo 1.38
- www/awstats/patches/patch-aa deleted
- www/awstats/patches/patch-ab deleted
- www/awstats/patches/patch-ad deleted
- www/awstats/patches/patch-tools_awstats__configure.pl 1.1
- www/awstats/patches/patch-wwwroot_cgi-bin_awstats.pl 1.1
- www/awstats/patches/patch-wwwroot_cgi-bin_lib_search__engines.pm 1.1
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Jan 7 18:21:02 UTC 2020
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Added Files:
pkgsrc/www/awstats/patches: patch-tools_awstats__configure.pl
patch-wwwroot_cgi-bin_awstats.pl
patch-wwwroot_cgi-bin_lib_search__engines.pm
Removed Files:
pkgsrc/www/awstats/patches: patch-aa patch-ab patch-ad
Log Message:
awstats: updated to 7.7
7.7:
Security fix: CVE-2017-1000501
Security fix: Missing sanitizing of parameters
Fix LogFormat=4 with url containing spaces.
Fix to window.opener vulnerability in external referral site links.
Add methodurlprot in key to define log format.
Add Dynamic DNS Lookup.
Fix edge support.
|
|
net/youtube-dl: update
Revisions pulled up:
- net/youtube-dl/Makefile 1.198-1.199
- net/youtube-dl/PLIST 1.98
- net/youtube-dl/distinfo 1.180-1.181
- net/youtube-dl/patches/patch-youtube__dl_extractor_la7.py 1.1
---
Module Name: pkgsrc
Committed By: leot
Date: Tue Jan 14 20:42:39 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile PLIST distinfo
Log Message:
youtube-dl: Update to 20200115
pkgsrc changes:
- Apply a pkgsrc patch to fix la7 extractor (shared upstream)
Changes:
20200115
--------
Extractors
* [yourporn] Fix extraction (#21645, #22255, #23459)
+ [canvas] Add support for new API endpoint (#17680, #18629)
* [ndr:base:embed] Improve thumbnails extraction (#23731)
+ [vodplatform] Add support for embed.kwikmotion.com domain
+ [twitter] Add support for promo_video_website cards (#23711)
* [orf:radio] Clean description and improve extraction
* [orf:fm4] Fix extraction (#23599)
* [safari] Fix kaltura session extraction (#23679, #23670)
* [lego] Fix extraction and extract subtitle (#23687)
* [cloudflarestream] Improve extraction
+ Add support for bytehighway.net domain
+ Add support for signed URLs
+ Extract thumbnail
* [naver] Improve extraction
* Improve geo-restriction handling
+ Extract automatic captions
+ Extract uploader metadata
+ Extract VLive HLS formats
* Improve metadata extraction
- [pandatv] Remove extractor (#23630)
* [dctp] Fix format extraction (#23656)
+ [scrippsnetworks] Add support for www.discovery.com videos
* [discovery] Fix anonymous token extraction (#23650)
* [nrktv:seriebase] Fix extraction (#23625, #23537)
* [wistia] Improve format extraction and extract subtitles (#22590)
* [vice] Improve extraction (#23631)
* [redtube] Detect private videos (#23518)
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Jan 15 08:22:03 UTC 2020
Added Files:
pkgsrc/net/youtube-dl/patches: patch-youtube__dl_extractor_la7.py
Log Message:
youtube-dl: Add missing patch (should be part of previous update)
Thanks <wiz>!
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Jan 24 08:08:24 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: updated to 20200124
version 2020.01.24
Extractors
* [youtube] Fix sigfunc name extraction
* [stretchinternet] Fix extraction
* [voicerepublic] Fix extraction
* [azmedien] Fix extraction
* [businessinsider] Fix jwplatform id extraction
+ [24video] Add support for 24video.vip
* [ivi:compilation] Fix entries extraction
* [ard] Improve extraction
* Simplify extraction
+ Extract age limit and series
* Bypass geo-restriction
+ [nbc] Add support for nbc multi network URLs
* [americastestkitchen] Fix extraction
* [zype] Improve extraction
+ Extract subtitles
+ Support URLs with alternative keys/tokens
+ Extract more metadata
* [orf:tvthek] Improve geo restricted videos detection
* [soundcloud] Restore previews extraction
|
|
emulators/qemu: build fix
Revisions pulled up:
- emulators/qemu/Makefile 1.223-1.224,1.226
- emulators/qemu/PLIST 1.64-1.65
- emulators/qemu/options.mk 1.6
- mk/defaults/options.description 1.605
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Jan 4 13:47:00 UTC 2020
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST
Log Message:
Include xkbcommon unconditionally and directly to reduce PLIST divergence
* Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Jan 10 20:27:04 UTC 2020
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST
Log Message:
qemu: fix build on macOS
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Mon Jan 13 02:50:25 UTC 2020
Modified Files:
pkgsrc/emulators/qemu: Makefile options.mk
Log Message:
qemu: fix Linux build in most environments
Addresses PR pkg/54772, reported by and patch tested by Ottavio Caruso.
virtfs-proxy-helper is only built if two development libraries (for
libcap and libattr) are installed, which typically aren't included by
default in Linux distros. Make virtfs support a non-default option that
someone would enable when they expressly want it, and they have first
installed the necessary upstream header packages to support the
compilation of this option.
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Mon Jan 13 02:52:28 UTC 2020
Modified Files:
pkgsrc/mk/defaults: options.description
Log Message:
options.description: add virtfs-proxy-helper
|
|
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile 1.155
- textproc/libxml2/distinfo 1.132
- textproc/libxml2/patches/patch-parser.c 1.7
- textproc/libxml2/patches/patch-xmlschemas.c 1.1
---
Module Name: pkgsrc
Committed By: kim
Date: Fri Jan 24 10:40:36 UTC 2020
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-parser.c patch-xmlschemas.c
Log Message:
Apply upstream patch for CVE-2020-7595.
Apply upstream pull request for CVE-2019-20388.
|
|
databases/phpmyadmin: security fix (CVE-2020-5504)
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.162
- databases/phpmyadmin/distinfo 1.112
---
Module Name: pkgsrc
Committed By: tm
Date: Tue Jan 21 09:50:58 UTC 2020
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
phpmyadmin: update to 4.9.4
4.9.4 (2020-01-07)
- issue #15724 Fix 2FA was disabled by a bug
- issue [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1)
4.9.3 (2019-12-26)
- issue #15570 Fix page contents go underneath of floating menubar in some cases
- issue #15591 Fix php notice 'Undefined index: foreign_keys_data' on relations view when the user has column access
- issue #15592 Fix php warning "error_reporting() has been disabled for security reasons"
- issue #15434 Fix middle click on table sort column name shows a blank page
- issue Fix php notice "Undefined index table_create_time" when setting displayed columns on results of a view
- issue #15571 Fix fatal error when trying to edit row with row checked and button under the table
- issue #15633 Fix designer set display field broken for php 5.x versions
- issue #15621 Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy
- issue Fix php 8.0 php notices - Undefined index on login page
- issue #15640 Fix php 7.4 error when trying to access array offset on value of type null on table browse
- issue #15641 Fix replication actions where broken (start slave, stop slave, reset, ...)
- issue #15608 Fix DisableIS is broken when with controluser configured (database list broken)
- issue #15614 Fix undefined offset on index page for MySQL 5.7.8 (server charset)
- issue #15692 Fix JavaScript error when user has not enough privilege to view query statistics.
- issue #14248 Fixed date selection in search menu missing higher Z-index value
- issue Fix Uncaught php TypeError on php 8.0 when adding a column to table create form
- issue #15682 Fix calendar not taking current time as default value
- issue #15636 Fix php error trying to access array offset on value o type null on replication GUI
- issue #15695 Fix input field for the time in datetime picker is disabled
|
|
www/nginx: security fix
Revisions pulled up:
- www/nginx/Makefile 1.87
- www/nginx/distinfo 1.71-1.72
- www/nginx/patches/patch-src_http_ngx__http__special__response.c 1.1-1.2
---
Module Name: pkgsrc
Committed By: kim
Date: Sun Jan 19 07:28:36 UTC 2020
Modified Files:
pkgsrc/www/nginx: Makefile distinfo
Added Files:
pkgsrc/www/nginx/patches: patch-src_http_ngx__http__special__response.c
Log Message:
Add patch from upstream to address CVE-2019-20372. Bump revision.
---
Module Name: pkgsrc
Committed By: kim
Date: Sun Jan 19 07:42:42 UTC 2020
Modified Files:
pkgsrc/www/nginx: distinfo
pkgsrc/www/nginx/patches: patch-src_http_ngx__http__special__response.c
Log Message:
Mention CVE-2019-20372 in the patch file as well.
|
|
devel/nss: dependent update (for Firefox)
Revisions pulled up:
- devel/nss/Makefile 1.175-1.177
- devel/nss/distinfo 1.103-1.105
- devel/nss/patches/patch-me 1.6
- devel/nss/patches/patch-nss_coreconf_command.mk 1.4
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Dec 28 23:04:05 UTC 2019
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
pkgsrc/devel/nss/patches: patch-nss_coreconf_command.mk
Log Message:
Update to 3.48
Changelog:
Notable Changes in NSS 3.48
* TLS 1.3 is the default maximum TLS version. See Bug 1573118 for details.
* TLS extended master secret is enabled by default, where possible. See Bug
1575411 for details.
* The master password PBE now uses 10,000 iterations by default when using
the default sql (key4.db) storage. Because using an iteration count higher
than 1 with the legacy dbm (key3.db) storage creates files that are
incompatible with previous versions of NSS, applications that wish to enable
it for key3.db are required to set environment variable
NSS_ALLOW_LEGACY_DBM_ITERATION_COUNT=1. Applications may set environment
variable NSS_MIN_MP_PBE_ITERATION_COUNT to request a higher iteration count
than the library's default, or NSS_MAX_MP_PBE_ITERATION_COUNT to request a
lower iteration count for test environments. See Bug 1562671 for details.
Certificate Authority Changes
The following CA certificates were Added:
* Bug 1591178 - Entrust Root Certification Authority - G4 Cert
SHA-256 Fingerprint:
DB3517D1F6732A2D5AB97C533EC70779EE3270A62FB4AC4238372460E6F01E88
Bugs fixed in NSS 3.48
* Bug 1586176 - EncryptUpdate should use maxout not block size
(CVE-2019-11745)
-- Note that this was previously fixed in NSS 3.44.3 and 3.47.1.
* Bug 1600775 - Require NSPR 4.24 for NSS 3.48
* Bug 1593401 - Fix race condition in self-encrypt functions
* Bug 1599545 - Fix assertion and add test for early Key Update
* Bug 1597799 - Fix a crash in nssCKFWObject_GetAttributeSize
* Bug 1591178 - Add Entrust Root Certification Authority - G4 certificate to
NSS
* Bug 1590001 - Prevent negotiation of versions lower than 1.3 after
HelloRetryRequest
* Bug 1596450 - Added a simplified and unified MAC implementation for HMAC
and CMAC behind PKCS#11
* Bug 1522203 - Remove an old Pentium Pro performance workaround
* Bug 1592557 - Fix PRNG known-answer-test scripts
* Bug 1593141 - add `notBefore` or similar "beginning-of-validity-period"
parameter to mozilla::pkix::TrustDomain::CheckRevocation
* Bug 1591363 - Fix a PBKDF2 memory leak in NSC_GenerateKey if key length >
MAX_KEY_LEN (256)
* Bug 1592869 - Use ARM NEON for ctr_xor
* Bug 1566131 - Ensure SHA-1 fallback disabled in TLS 1.2
* Bug 1577803 - Mark PKCS#11 token as friendly if it implements
CKP_PUBLIC_CERTIFICATES_TOKEN
* Bug 1566126 - POWER GHASH Vector Acceleration
* Bug 1589073 - Use of new PR_ASSERT_ARG in certdb.c
* Bug 1590495 - Fix a crash in PK11_MakeCertFromHandle
* Bug 1591742 - Ensure DES IV length is valid before usage from PKCS#11
* Bug 1588567 - Enable mozilla::pkix gtests in NSS CI
* Bug 1591315 - Update NSC_Decrypt length in constant time
* Bug 1562671 - Increase NSS MP KDF default iteration count, by default for
modern key4 storage, optionally for legacy key3.db storage
* Bug 1590972 - Use -std=c99 rather than -std=gnu99
* Bug 1590676 - Fix build if ARM doesn't support NEON
* Bug 1575411 - Enable TLS extended master secret by default
* Bug 1590970 - SSL_SetTimeFunc has incomplete coverage
* Bug 1590678 - Remove -Wmaybe-uninitialized warning in tls13esni.c
* Bug 1588244 - NSS changes for Delegated Credential key strength checks
* Bug 1459141 - Add more CBC padding tests that missed NSS 3.47
* Bug 1590339 - Fix a memory leak in btoa.c
* Bug 1589810 - fix uninitialized variable warnings from certdata.perl
* Bug 1573118 - Enable TLS 1.3 by default in NSS
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Jan 10 03:43:20 UTC 2020
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
pkgsrc/devel/nss/patches: patch-me
Log Message:
nss: Update to 3.49
Changelog:
Notable Changes in NSS 3.49
* The legacy DBM database, libnssdbm, is no longer built by default when
using gyp builds. See Bug 1594933 for details.
Bugs fixed in NSS 3.49
* Bug 1513586 - Set downgrade sentinel for client TLS versions lower than
1.2.
* Bug 1606025 - Remove -Wmaybe-uninitialized warning in sslsnce.c
* Bug 1606119 - Fix PPC HW Crypto build failure
* Bug 1605545 - Memory leak in Pk11Install_Platform_Generate
* Bug 1602288 - Fix build failure due to missing posix signal.h
* Bug 1588714 - Implement CheckARMSupport for Win64/aarch64
* Bug 1585189 - NSS database uses 3DES instead of AES to encrypt DB entries
* Bug 1603257 - Fix UBSAN issue in softoken CKM_NSS_CHACHA20_CTR
initialization
* Bug 1590001 - Additional HRR Tests (CVE-2019-17023)
* Bug 1600144 - Treat ClientHello with message_seq of 1 as a second
ClientHello
* Bug 1603027 - Test that ESNI is regenerated after HelloRetryRequest
* Bug 1593167 - Intermittent mis-reporting potential security risk
SEC_ERROR_UNKNOWN_ISSUER
* Bug 1535787 - Fix automation/release/nss-release-helper.py on MacOS
* Bug 1594933 - Disable building DBM by default
* Bug 1562548 - Improve GCM perfomance on aarch32
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Jan 14 12:58:08 UTC 2020
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: Update to 3.49.1
* Bump nspr requirement
Changelog:
No new functionality is introduced in these releases. These releases fix a
performance issue:
- Bug 1606992 - Cache the most recent PBKDF2 password hash, to speed up
repeated SDR operations, important with the increased KDF iteration counts.
|
|
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.5
- www/firefox68-l10n/distinfo 1.4
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Jan 11 02:40:53 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.4.1
* Sync with www/firefox68-l10n.
|
|
|
|
x11/mate-terminal: crash fix
Revisions pulled up:
- x11/mate-terminal/Makefile 1.19
- x11/mate-terminal/distinfo 1.7
- x11/mate-terminal/patches/patch-src_terminal-screen.c 1.1
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Jan 2 18:55:58 UTC 2020
Modified Files:
pkgsrc/x11/mate-terminal: Makefile distinfo
Added Files:
pkgsrc/x11/mate-terminal/patches: patch-src_terminal-screen.c
Log Message:
mate-terminal: avoid NULL pointer dereference
This fixes a bug that caused significant application crashes.
|
|
|
|
net/libtorrent-rasterbar: NetBSD 8 build fix
Revisions pulled up:
- net/libtorrent-rasterbar/Makefile 1.2-1.3
- net/libtorrent-rasterbar/PLIST 1.2
- net/libtorrent-rasterbar/distinfo 1.2-1.3
- net/libtorrent-rasterbar/patches/patch-include_libtorrent_buffer.hpp 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jan 4 16:49:12 UTC 2020
Modified Files:
pkgsrc/net/libtorrent-rasterbar: Makefile PLIST distinfo
Log Message:
libtorrent-rasterbar: Update to 1.2.3
Changes:
fix erroneous event=completed tracker announce when checking files
promote errors in parsing listen_interfaces to post listen_failed_alert
fix bug in protocol encryption/obfuscation
fix buffer overflow in SOCKS5 UDP logic
fix issue of rapid calls to file_priority() clobbering each other
clear tracker errors on success
optimize setting with unlimited unchoke slots
fixed restoring of trackers, comment, creation date and created-by in resume data
fix handling of torrents with too large pieces
fixed division by zero in anti-leech choker
fixed bug in torrent_info::swap
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jan 10 11:52:05 UTC 2020
Modified Files:
pkgsrc/net/libtorrent-rasterbar: Makefile distinfo
pkgsrc/net/libtorrent-rasterbar/patches:
patch-include_libtorrent_buffer.hpp
Log Message:
libtorrent-rasterbar: Let's not peek into internal malloc properties.
|
|
www/firefox68: security fix (zero-day)
Revisions pulled up:
- www/firefox68/Makefile 1.7-1.8
- www/firefox68/distinfo 1.6-1.7
- www/firefox68/patches/patch-rust-1.39.0 deleted
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 8 21:49:32 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Removed Files:
pkgsrc/www/firefox68/patches: patch-rust-1.39.0
Log Message:
firefox68: Update to 68.4.0
Security Vulnerabilities fixed in Firefox ESR 68.4:
# CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
# CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
# CVE-2019-17017: Type Confusion in XPCVariant.cpp
# CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
# CVE-2019-17022: CSS sanitization does not escape HTML tags
# CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jan 9 20:51:59 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Log Message:
firefox68: Update to 68.4.1
This release fixes one zero-day vulnerability:
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.
We are aware of targeted attacks in the wild abusing this flaw
|
|
misc/raspberrypi-userland: build fix
Revisions pulled up:
- misc/raspberrypi-userland/Makefile 1.17
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jan 9 02:06:44 UTC 2020
Modified Files:
pkgsrc/misc/raspberrypi-userland: Makefile
Log Message:
raspberrypi-userland: Needs pkg-config
|
|
graphics/GraphicsMagick: security fix
Revisions pulled up:
- graphics/GraphicsMagick/Makefile 1.103
- graphics/GraphicsMagick/Makefile.common 1.25
- graphics/GraphicsMagick/distinfo 1.51
- graphics/p5-GraphicsMagick/Makefile 1.49
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 8 12:11:36 UTC 2020
Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile Makefile.common distinfo
pkgsrc/graphics/p5-GraphicsMagick: Makefile
Log Message:
GraphicsMagick: Update to 1.3.34
1.3.34 (December 24, 2019)
==========================
Special Issues:
* It has been discovered that the 'ICU' library (a perhaps 30MB C++
library) which is now often a libxml2 dependendency causes huge
process initialization overhead. This is noticed as unexpected
slowness when GraphicsMagick utilities are used to process small to
medium sized files. The time to initialize the 'ICU' library is
often longer than the time that GraphicsMagick would otherwise
require to read the input file, process the image, and write the
output file. If the 'ICU' dependency can not be avoided, then make
sure to use the modules build so there is only impact for file
formats which require libxml2. Please lobby the 'ICU' library
developers to change their implementation to avoid long start-up
times due to merely linking with the library.
Security Fixes:
* GraphicsMagick is now participating in Google's oss-fuzz project due
to the contributions and assistance of Alex Gaynor. Since February 4
2018, 386 issues have been opened by oss-fuzz (some of which were
benign build issues) and 376 of those issues have been resolved.
The issues list is available at
https://bugs.chromium.org/p/oss-fuzz/issues/list under search term
"graphicsmagick". Issues are available for anyone to view and
duplicate if they have been in "Verified" status for 30 days, or if
they have been in "New" status for 90 days. There are too many
fixes to list here. Please consult the GraphicsMagick ChangeLog
file, Mercurial repository commit log, and the oss-fuzz issues list
for details.
Bug fixes:
* DPS: Eliminate a memory leak.
* Debug Trace: Only output text to terminate an XML format log file if
XML format is active.
* EXIF Parser: Detect non-terminal parsing and report an error.
* EXIF Parser: Eliminate heap buffer overflows.
* HuffmanDecodeImage(): Fix heap overflow in 32-bit applications.
* MAT: Implement subimage/subrange support.
* MVG: Address non-terminal loops, excessive run-time, thrown
assertions, divide-by-zero, heap overflow, and memory leaks.
* OpenModule(): Now properly case-insensitive, as it used to be.
* PCX: Verify that pixel region is not negative. Assure that opacity
channel is initialized to opaqueOpacity. Update DirectClass
representation while PseudoClass representation is updated. Improve
read performance with uncompressed PCX.
* PICT: Fix heap overflow in PICT writer.
* PNG: Fix validation of raw profile length.
* PNG: Skip coalescing layers if there is only one layer.
* PNM: Fix denial of service opportunity by limiting the length of PNM
comment text.
* WPG: Avoid Avoid dereferencing a null pointer.
* WPG: Implement subimage/subrange support.
* WPG: Improve performance when reading an embedded image.
* Wand library: In MagickClearException(), destroy any existing
exception info before re-initializing the exception info or else
there will be a memory leak.
* XPM: Rquire that image properties appear in the first 512 bytes of
the XPM file header.
New Features:
* Visual Studio build supports JBIG and WebP compression in TIFF format.
API Updates:
* None
Feature improvements:
* Compliles clean using GCC 9.
Windows Delegate Updates/Additions:
* bzlib: bzip is updated to 1.0.8 release.
* jbig: jbigkit is updated to 2.1 release.
* lcms: lcms2 is updated to 2.9 release.
* libxml: libxml2 is updated to 2.9.10 release.
* png: libpng is updated to 1.6.37 release.
* tiff: libtiff is updated to 4.1.0 release.
* webp: libwebp is updated to the 1.0.3 release.
* zlib: zlib is updated to 1.2.11 release.
* TIFF: Now also supports reading JBIG-compressed TIFF, and
reading/writing WebP-compressed TIFF. A number of libtiff feature
options which are now commonly enabled were disabled and are now
enabled by default.
Build Changes:
* MinGW: Static and shared library builds were not working. Only the
modules build was actually working!
* Python scripts related to the build (enabled by
--enable-maintainer-mode) are now compatible with Python 3.
* Now supports using Google gperftools tcmalloc library for the memory
allocator. This improves performance for certain repetitive
work-loads and heavily-threaded algorithms.
* Configure now reports the status of zstd (FaceBook Zstandard)
compression in its configuration summary.
* TclMagick: Address many issues mentioned by SourceForge issue #420
"TclMagick issues and patch".
Behavior Changes:
* PNG: Post-processing to convert the image type in the PNG reader
based on a specified magick prefix string is now disabled. This can
(and should) be done after the image has been returned.
* Trace Logging: The compiled-in logging default is always to stderr,
which may be over-ridden using log.mgk as soon as it is loaded.
* Windows Build: Search registry key HKEY_CURRENT_USER as well as
HKEY_LOCAL_MACHINE when searching for Ghostscript. By following the
procedure documented in SourceForge bug 615 "GhostScript
installation check", this allows for local user installations
without "administrator" privileges.
|
|
|
|
graphics/openjpeg: security fix
Revisions pulled up:
- graphics/openjpeg/Makefile 1.19
- graphics/openjpeg/distinfo 1.17
- graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Tue Jan 7 20:19:46 UTC 2020
Modified Files:
pkgsrc/graphics/openjpeg: Makefile distinfo
Added Files:
pkgsrc/graphics/openjpeg/patches: patch-src_bin_jp2_convertbmp.c
Log Message:
Patch for CVE-2019-12973
|
|
print/ghostscript-agpl: security fix
Revisions pulled up:
- print/ghostscript-agpl/Makefile 1.49
- print/ghostscript-agpl/distinfo 1.27
- print/ghostscript-agpl/patches/patch-Resource_Init_gs_ttf.ps 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Fri Jan 3 23:56:09 UTC 2020
Modified Files:
pkgsrc/print/ghostscript-agpl: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript-agpl/patches: patch-Resource_Init_gs_ttf.ps
Log Message:
Patch CVE-2019-14869
|
|
net/dhcpd: bugfix
Revisions pulled up:
- net/dhcpcd/Makefile 1.96
- net/dhcpcd/distinfo 1.93
---
Module Name: pkgsrc
Committed By: roy
Date: Fri Jan 3 10:15:18 UTC 2020
Modified Files:
pkgsrc/net/dhcpcd: Makefile distinfo
Log Message:
Update to dhcpcd-8.1.5 with the following changes:
* inet: Allow forcing a host route from an interface without a lease
* dhcpcd: Don't wait for an address family to complete if not using it
* Linux: fix RA time unit confusion
If you are suffering from IPv6 addresses not transitioning from the
tentative state (regression from dhcpcd-8.1 on Linux), you will need
to do one of the following after installing dhcpcd:
* reboot
OR
* dhcpcd -x
* echo 1000 > /proc/sys/net/ipv6/neigh/$interface/retrans_time_ms
* ip -f inet6 a flush
* start dhcpcd as normal
|
|
security/libssh: security fix
Revisions pulled up:
- security/libssh/Makefile 1.34
- security/libssh/PLIST 1.15
- security/libssh/distinfo 1.20
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 31 12:27:03 UTC 2019
Modified Files:
pkgsrc/security/libssh: Makefile PLIST distinfo
Log Message:
libssh: update to 0.93.
version 0.9.3 (released 2019-12-10)
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
|
|
Record pullup ticket #6105.
|
