| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Build tested by leot, thanks.
|
|
|
|
pango deprecated some symbols; remove them from the mapping files.
While here, add comments to patches.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
v0.6.6:
Read ssh timeout from config file if not specified in method call
Tox support
Huge XML tree parser support
Adding optional bind address to connect
|
|
1.0.1:
Unknown changes
|
|
|
|
|
|
v1.10.2
Closed Issues
Please update CodeMirror Addon
Nested braces indentation
v1.10.1
Closed Issues
javascript fails to format when <?php > is first text inside <script> tag
414 Request-URI Too Large
|
|
3.22.0:
Adds ability to check CSRF double submit token from form data instead of headers.
|
|
mail/dovecot2 2.3.7.2
mail/dovecot2-gssapi 2.3.7.2
mail/dovecot2-ldap 2.3.7.2
mail/dovecot2-mysql 2.3.7.2
mail/dovecot2-pgsql 2.3.7.2
mail/dovecot2-sqlite 2.3.7.2
mail/dovecot2-pigeonhole 0.5.7.2
|
|
Update dovecot2-pigeonhole to 0.5.7.2.
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
|
|
Update dovecot2 and related packages to 2.3.7.2.
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
|
|
These are lower than what's in their respective buildlink3.mk files.
|
|
|
|
having gotten rid of unescape(). Mollify pkglint. Bump PKGREVISION.
|
|
|
|
"/usr/include/locale.h:53:12: error: 'lconv' is already declared in this scope"
<https://trac.xapian.org/ticket/793>
|
|
|
|
lang/ruby26-base
lang/ruby26
|
|
Update lang/ruby26-base and lang/ruby26 to 2.6.4.
Ruby 2.6.4 (2019-08-28)
Ruby 2.6.4 has been released.
This release includes a security fix of rdoc. Please check the topics below
for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit logs for changes in detail.
|
|
lang/ruby25-base
lang/ruby25
|
|
Update ruby25-base/ruby25 to 2.5.6.
Ruby 2.5.6 (2019-08-28)
Ruby 2.5.6 has been released.
This release includes about 40 bug fixes after the previous release, and also includes a security fix. Please check the topics below for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit log for details.
|
|
lang/ruby24-base
databases/ruby-gdbm
devel/ruby-fiddle
devel/ruby-readline
lang/ruby
|
|
2.4.7 (2019-08-28)
Ruby 2.4.7 has been released.
This release includes a security fix. Please check the topics below for
details.
* Multiple jQuery vulnerabilities in RDoc
Ruby 2.4 is now under the state of the security maintenance phase, until
the end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 2.6 or 2.5.
|
|
|
|
7.80:
Here is the full list of significant changes:
o [Windows] The Npcap Windows packet capturing library (https://npcap.org/)
is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap
from version 0.99-r2 to 0.9982, including all of these changes from the
last 15 Npcap releases: https://nmap.org/npcap/changelog
o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:
+ broadcast-hid-discoveryd discovers HID devices on a LAN by
sending a discoveryd network broadcast probe.
+ broadcast-jenkins-discover discovers Jenkins servers on a LAN
by sending a discovery broadcast probe.
+ http-hp-ilo-info extracts information from HP
Integrated Lights-Out (iLO) servers.
+ http-sap-netweaver-leak detects SAP Netweaver Portal with the
Knowledge Management Unit enabled with anonymous access.
+ https-redirect detects HTTP servers that redirect to the same port, but
with HTTPS. Some nginx servers do this, which made ssl-* scripts not run
properly.
+ lu-enum enumerates Logical Units (LU) of TN3270E servers.
+ rdp-ntlm-info extracts Windows domain information from RDP
services.
+ smb-vuln-webexec checks whether the WebExService is installed and allows
code execution.
+ smb-webexec-exploit exploits the WebExService to run arbitrary commands
with SYSTEM privileges.
+ ubiquiti-discovery extracts information from the Ubiquiti
Discovery service and assists version detection.
+ vulners queries the Vulners CVE database API using CPE
information from Nmap's service and application version detection.
o Use pcap_create instead of pcap_live_open in
Nmap, and set immediate mode on the pcap descriptor. This solves packet
loss problems on Linux and may improve performance on other platforms.
o [NSE] Collected utility functions for string processing into a new
library, stringaux.lua.
o [NSE] New rand.lua library uses the best sources of random available on
the system to generate random strings.
o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of
debugging detail when needed, and no clutter when not.
o [NSE] Collected utility functions for manipulating and searching tables
into a new library, tableaux.lua.
o [NSE] New knx.lua library holds common functions and definitions for
communicating with KNX/Konnex devices.
o [NSE] The HTTP library now provides transparent support for gzip-
encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an
overview.)
o [Nsock][Ncat] Add AF_VSOCK (Linux VM sockets) functionality to
Nsock and Ncat. VM sockets are used for communication between virtual
machines and the hypervisor.
o [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the
prefix "C:\Program Files (x86)\Nmap\OpenSSL". This should prevent
unauthorized users from modifying OpenSSL defaults by writing
configuration to this directory.
o [Security] Reduced LibPCRE resource limits so that
version detection can't use as much of the stack. Previously Nmap could
crash when run on low-memory systems against target services which are
intentionally or accidentally difficult to match. Someone assigned
CVE-2018-15173 for this issue.
o Deprecate and disable the -PR (ARP ping) host discovery
option. ARP ping is already used whenever possible, and the -PR option
would not force it to be used in any other case.
o [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap
7.25BETA2, has native support for binary data packing via string.pack and
string.unpack. All existing scripts and libraries have been updated.
o [NSE] Completely removed the bit.lua NSE library. All of its functions are
replaced by native Lua bitwise operations, except for `arshift`
(arithmetic shift) which has been moved to the bits.lua library. [Daniel
Miller]
o [NSE] The HTTP library is now enforcing a size limit on the
received response body. The default limit can be adjusted with a script
argument, which applies to all scripts, and can be overridden case-by-case
with an HTTP request option. (See https://github.com/nmap/nmap/pull/1571
for details.)
o [NSE] CR characters are no longer treated as illegal in script
XML output.
o Allow resuming nmap scan with lengthy command line [Clément
Notin]
o [NSE] Add TLS support to rdp-enum-encryption. Enables determining
protocol version against servers that require TLS and lays ground work for
some NLA/CredSSP information collection.
o [NSE] Address two protocol parsing issues in rdp-enum-encryption
and the RDP nse library which broke scanning of Windows XP. Clarify
protocol types
o [NSE] Script http-fileupload-exploiter failed to locate its
resource file unless executed from a specific working
directory.
o [NSE] Avoid clobbering the "severity" and "ignore_404" values of
fingerprints in http-enum. None of the standard fingerprints uses these
fields.
o [NSE] Fix a crash caused by a double-free of libssh2 session data
when running SSH NSE scripts against non-SSH services.
o [NSE] Updates the execution rule of the mongodb scripts to be
able to run on alternate ports.
o [Ncat] Allow Ncat to connect to servers on port 0, provided that
the socket implementation allows this.
o Update the included libpcap to 1.9.0.
o [NSE] Fix a logic error that resulted in scripts not honoring the
smbdomain script-arg when the target provided a domain in the NTLM
challenge.
o [Nsock] Avoid a crash (Protocol not supported) caused by trying
to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel
Miller]
o [NSE] Removed OSVDB references from scripts and replaced them
with BID references where possible.
o [NSE] Updates TN3270.lua and adds argument to disable TN3270E
o RMI parser could crash when encountering invalid input [Clément
Notin]
o Avoid reporting negative latencies due to matching an ARP or ND
response to a probe sent after it was recieved.
o [Ncat] To avoid confusion and to support non-default proxy ports,
option --proxy now requires a literal IPv6 address to be specified using
square-bracket notation, such as --proxy
o [Ncat] New ncat option provides control over
whether proxy destinations are resolved by the remote proxy server or
locally, by Ncat itself. See option --proxy-dns.
o [NSE] Updated script ftp-syst to prevent potential endless
looping.
o New service probes and match lines for v1 and v2 of the Ubiquiti
Discovery protocol. Devices often leave the related service open and it
exposes significant amounts of information as well as the risk of being
used as part of a DDoS. New nmap-payload entry for v1 of the
protocol.
o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while
and the service was completely shutdown on Feb 17th, 2019. [Paulino
Calderon]
o [NSE] Adds TN3270E support and additional improvements to
tn3270.lua and updates tn3270-screen.nse to display the new
setting.
o [NSE] Updates product codes and adds a check for response length
in enip-info.nse. The script now uses string.unpack.
o [Ncat] Temporary RSA keys are now 2048-bit to resolve a
compatibility issue with OpenSSL library configured with security level 2,
as seen on current Debian or Kali.
o [NSE] Fix a crash (double-free) when using SSH scripts against
non-SSH services.
o [Zenmap] Fix a crash when Nmap executable cannot be found and the system
PATH contains non-UTF-8 bytes, such as on Windows.
o [Zenmap] Fix a crash in results search when using the dir: operator:
AttributeError: 'SearchDB' object has no attribute 'match_dir' [Daniel
Miller]
o [Ncat] Fixed an issue with Ncat -e on Windows that caused early
termination of connections.
o [NSE] Fix a false-positive in http-phpmyadmin-dir-traversal when
the server responds with 200 status to a POST request to any
URI.
o [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate
that testing could not rule out vulnerability.
o When searching for Lua header files, actually use them where
they are found instead of forcing /usr/include. [Fabrice Fontaine, Daniel
Miller]
o [NSE] Script traceroute-geolocation no longer crashes when
www.GeoPlugin.net returns null coordinates
o Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not
use higher levels internally.
o [NSE] tls.lua when creating a client_hello message will now only use a
SSLv3 record layer if the protocol version is SSLv3. Some TLS
implementations will not handshake with a client offering less than
TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to
SSLv3-only servers.
o [NSE] Fix a few false-positive conditions in
ssl-ccs-injection. TLS implementations that responded with fatal alerts
other than "unexpected message" had been falsely marked as
vulnerable.
o Emergency fix to Nmap's birthday announcement so Nmap wishes itself a
"Happy 21st Birthday" rather than "Happy 21th" in verbose mode (-v) on
September 1, 2018.
o Start host timeout clocks when the first probe is sent to a
host, not when the hostgroup is started. Sometimes a host doesn't get
probes until late in the hostgroup, increasing the chance it will time
out.
o [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved
by:
-
- Properly trimming ECS address, as mandated by RFC 7871
- Fixing a bug that prevented using the same ECS option table more than
once
o [Ncat] Fixed communication with commands launched with -e or -c
on Windows, especially when --ssl is used.
o [NSE] Script http-default-accounts can now select more than one
fingerprint category. It now also possible to select fingerprints by name
to support very specific scanning.
o [NSE] Script http-default-accounts was not able to run against more than
one target host/port.
o [NSE] New script-arg `http.host` allows users to force a
particular value for the Host header in all HTTP requests.
o [NSE] Use smtp.domain script arg or target's domain name instead
of "example.com" in EHLO command used for STARTTLS.
o [NSE] Fix brute.lua's BruteSocket wrapper, which was crashing
Nmap with an assertion failure due to socket mixup [Daniel Miller]: nmap:
nse_nsock.cc:672: int receive_buf(lua_State*, int, lua_KContext):
Assertion `lua_gettop(L) == 7' failed.
o [NSE] Handle an error condition in smb-vuln-ms17-010 caused by
IPS closing the connection.
o [Ncat] Fixed literal IPv6 URL format for connecting through HTTP
proxies.
o [NSE] Updates vendors from ODVA list for enip-info.
[NothinRandom]
o [NSE] Add two common error strings that improve MySQL detection
by the script http-sql-injection.
o [NSE] Fix bug in http-vuln-cve2006-3392 that prevented the script
to generate the vulnerability report correctly.
o [NSE] Fix bug related to screen rendering in NSE library
tn3270. This patch also improves the brute force script
tso-brute.
o [NSE] Fix SIP, SASL, and HTTP Digest authentication when the
algorithm contains lowercase characters.
o Nmap could be fooled into ignoring TCP response packets if they
used an unknown TCP Option, which would misalign the validation, causing
it to fail.
o [NSE]The HTTP response parser now tolerates status lines without a reason
phrase, which improves compatibility with some HTTP servers.
o [NSE]] Parser for HTTP Set-Cookie header
is now more compliant with RFC 6265:
- empty attributes are tolerated
- double quotes in cookie and/or attribute values are treated literally
- attributes with empty values and value-less attributes are parsed
equally
- attributes named "name" or "value" are ignored
o [NSE] Fix parsing http-grep.match script-arg. [Hans van den
Bogert]
o [Zenmap] Avoid a crash when recent_scans.txt cannot be written
to.
o Fixed --resume when the path to Nmap contains spaces.
o New service probe and match lines for adb, the Android Debug Bridge, which
allows remote code execution and is left enabled by default on many
devices.
|
|
Many OSes don't have it, like OS X.
A non-ifdef version of a patch provided by clement bouvier
in PR pkg/54497
|
|
|
|
|
|
Release 1.17.0
LZ4 codec updated to 1.9.1.
Zstd codec updated to 1.4.1.
BloscLZ codec updated to 2.0.0. Although this should be fully backward
compatible, it contains important changes that affects mainly speed, but
also compression ratios. Feedback on how it behaves on your own data is
appreciated.
|
|
|
|
pkgsrc changes:
- Permit to use Python 3.x for build
- Update REPLACE_* lists and add tool dependency to bash
- Remove no longer needed
patch-Source_WebCore_platform_graphics_gstreamer_MediaPlayerPrivateGStreamer.cpp
(fixed upstream)
Changes:
2.24.4
------
- Updated the user agent string to make happy certain websites which
would claim that the browser being used was unsupported.
- Improve loading of multimedia streams to avoid memory exhaustion due
to excessive caching.
- Fix display of documents with MIME type application/xml in the Web
Inspector, when loaded using XmlHttpRequest.
- Fix a hang while scrolling certain websites which include HLS video
content (Twitter, for example).
- Fix rounding artifacts in volume levels for media playback.
- Fix several crashes and rendering issues.
- Fix the build with video track support disabled.
- Fix the build with OpenGL support disabled.
- Fix build issue which would cause media controls to disappear when
Python 3.x was used during the build process.
|
|
(Hopefully it should be committed in a couple of hours if no regressions
are found)
|
|
|
|
From Andrius V.
Bump PKGREVISION.
|
|
|
|
|
|
1.12.1
Actually use the case_sensitive arg in compile
|
|
0.5.2
Enforce extratools>=0.8.1 to fix generator bug; Use Pipenv
0.5.1.2
Bug fix for installing on terminal without UTF-8
0.5.1.1
Tweak setup.py for support of older Python versions
0.5.1
Add custom callback function
0.5
Add FEAT algorithm for mining generator patterns
0.4
Add support for text data
0.3.6
Bug fix for referring db in custom key/filter; Tweaks
0.3.5
Refactoring
0.3.4
Remove support for no pruning in favor of upper-bound function
0.3.1
Add BIDE algorithm for mining closed pattern
|
|
|
|
There is no need to patch MAN_DIR in upstream Makefile.
Pointed out by wiz@, thanks!
|
|
|
|
1.1.0:
bug
[bug] [commands]
Fixed bug where the double-percent logic applied to some dialects such as psycopg2 would be rendered in --sql mode, by allowing dialect options to be passed through to the dialect used to generate SQL and then providing paramstyle="named" so that percent signs need not be doubled. For users having this issue, existing env.py scripts need to add dialect_opts={"paramstyle": "named"} to their offline context.configure(). See the alembic/templates/generic/env.py template for an example.
[bug] [py3k]
Fixed use of the deprecated “imp” module, which is used to detect pep3147 availability as well as to locate .pyc files, which started emitting deprecation warnings during the test suite. The warnings were not being emitted earlier during the test suite, the change is possibly due to changes in py.test itself but this is not clear. The check for pep3147 is set to True for any Python version 3.5 or greater now and importlib is used when available. Note that some dependencies such as distutils may still be emitting this warning. Tests are adjusted to accommodate for dependencies that emit the warning as well.
[bug] [mysql]
Fixed issue where emitting a change of column name for MySQL did not preserve the column comment, even if it were specified as existing_comment.
[bug] [setup]
Removed the “python setup.py test” feature in favor of a straight run of “tox”. Per Pypa / pytest developers, “setup.py” commands are in general headed towards deprecation in favor of tox. The tox.ini script has been updated such that running “tox” with no arguments will perform a single run of the test suite against the default installed Python interpreter.
usecase
[usecase] [commands]
The “alembic init” command will now proceed if the target directory exists as long as it’s still empty. Previously, it would not proceed if the directory existed. The new behavior is modeled from what git does, to accommodate for container or other deployments where an Alembic target directory may need to be already mounted instead of being created with alembic init. Pull request courtesy Aviskar KC.
misc
[change]
Alembic 1.1 bumps the minimum version of SQLAlchemy to 1.1. As was the case before, Python requirements remain at Python 2.7, or in the 3.x series Python 3.4.
[change] [internals]
The test suite for Alembic now makes use of SQLAlchemy’s testing framework directly. Previously, Alembic had its own version of this framework that was mostly copied from that of SQLAlchemy to enable testing with older SQLAlchemy versions. The majority of this code is now removed so that both projects can leverage improvements from a common testing framework.
|
|
1.3.8
orm
[orm] [bug]
Fixed bug where Load objects were not pickleable due to mapper/relationship state in the internal context dictionary. These objects are now converted to picklable using similar techniques as that of other elements within the loader option system that have long been serializable.
[orm] [usecase]
Added support for the use of an Enum datatype using Python pep-435 enumeration objects as values for use as a primary key column mapped by the ORM. As these values are not inherently sortable, as required by the ORM for primary keys, a new TypeEngine.sort_key_function attribute is added to the typing system which allows any SQL type to implement a sorting for Python objects of its type which is consulted by the unit of work. The Enum type then defines this using the database value of a given enumeration. The sorting scheme can be also be redefined by passing a callable to the Enum.sort_key_function parameter. Pull request courtesy Nicolas Caniart.
engine
[engine] [feature]
Added new parameter create_engine.hide_parameters which when set to True will cause SQL parameters to no longer be logged, nor rendered in the string representation of a StatementError object.
[engine] [bug]
Fixed an issue whereby if the dialect “initialize” process which occurs on first connect would encounter an unexpected exception, the initialize process would fail to complete and then no longer attempt on subsequent connection attempts, leaving the dialect in an un-initialized, or partially initialized state, within the scope of parameters that need to be established based on inspection of a live connection. The “invoke once” logic in the event system has been reworked to accommodate for this occurrence using new, private API features that establish an “exec once” hook that will continue to allow the initializer to fire off on subsequent connections, until it completes without raising an exception. This does not impact the behavior of the existing once=True flag within the event system.
postgresql
[postgresql] [bug]
Revised the approach for the just added support for the psycopg2 “execute_values()” feature added in 1.3.7. The approach relied upon a regular expression that would fail to match for a more complex INSERT statement such as one which had subqueries involved. The new approach matches exactly the string that was rendered as the VALUES clause.
[postgresql] [bug]
Fixed bug where Postgresql operators such as postgresql.ARRAY.Comparator.contains() and postgresql.ARRAY.Comparator.contained_by() would fail to function correctly for non-integer values when used against a postgresql.array object, due to an erroneous assert statement.
[postgresql] [usecase]
Added support for reflection of CHECK constraints that include the special PostgreSQL qualifier “NOT VALID”, which can be present for CHECK constraints that were added to an exsiting table with the directive that they not be applied to existing data in the table. The PostgreSQL dictionary for CHECK constraints as returned by Inspector.get_check_constraints() may include an additional entry dialect_options which within will contain an entry "not_valid": True if this symbol is detected. Pull request courtesy Bill Finn.
sqlite
[sqlite] [bug] [reflection]
Fixed bug where a FOREIGN KEY that was set up to refer to the parent table by table name only without the column names would not correctly be reflected as far as setting up the “referred columns”, since SQLite’s PRAGMA does not report on these columns if they weren’t given explicitly. For some reason this was harcoded to assume the name of the local column, which might work for some cases but is not correct. The new approach reflects the primary key of the referred table and uses the constraint columns list as the referred columns list, if the remote column(s) aren’t present in the reflected pragma directly.
|
|
|
|
|
