| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security/tor-browser-noscript: security fix
Revisions pulled up:
- security/tor-browser-noscript/Makefile 1.4
- security/tor-browser-noscript/distinfo 1.4
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jul 29 07:02:59 UTC 2020
Modified Files:
pkgsrc/security/tor-browser-noscript: Makefile distinfo
Log Message:
tor-browser-noscript: update to 11.0.34.
v 11.0.34
============================================================
x Fixed regression breaking network-based CSP injection
v 11.0.33
============================================================
x Switch from HTTP to DOM event based CSP reporting in
compatible browsers
x [XSS] Updated HTML event attributes
x Updated TLDs
|
|
|
|
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.102
- net/samba4/PLIST 1.31
- net/samba4/distinfo 1.49
- net/samba4/patches/patch-lib_replace_system_passwd.h 1.1
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Jul 6 14:38:06 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Added Files:
pkgsrc/net/samba4/patches: patch-lib_replace_system_passwd.h
Log Message:
samba4: updated to 4.12.5
Changes since 4.12.4
--------------------
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name.
* BUG 14391: Fix DFS links.
* BUG 14310: Can't use DNS functionality after a Windows DC has been in
domain.
* BUG 14413: ldapi search to FreeIPA crashes.
* BUG 14396: Add net-ads-join dnshostname=fqdn option.
* BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
* BUG 14386: docs-xml: Update list of posible VFS operations for
vfs_full_audit.
* BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
* BUG 14370: Client tools are not able to read gencache anymore.
Samba 4.12.4
============
o CVE-2020-10730:
A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
de-reference and further combinations with the LDAP paged_results feature can
give a use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760:
The use of the paged_results or VLV controls against the Global Catalog LDAP
server on the AD DC will cause a use-after-free.
o CVE-2020-14303:
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
further requests once it receives an empty (zero-length) UDP packet to
port 137.
For more details, please refer to the security advisories.
Changes since 4.12.3
--------------------
* BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
several seconds of CPU each.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined.
* BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV.
* BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
AD DC nbt_server.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined, ldb: Bump version to 2.1.4.
|
|
databases/ldb: dependent update
Revisions pulled up:
- databases/ldb/Makefile 1.17
- databases/ldb/distinfo 1.9
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Jul 6 14:29:42 UTC 2020
Modified Files:
pkgsrc/databases/ldb: Makefile distinfo
Log Message:
ldb: updated to 2.1.4
2.1.4:
Unknown changes
|
|
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.20
- mail/roundcube/Makefile.common 1.20
- mail/roundcube/distinfo 1.71
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 7 04:37:26 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.4.7
Update roundcube to 1.4.7.
RELEASE 1.4.7
-------------
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
- Elastic: Fix context menu (paste) on the recipient input (#7431)
- Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
- Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
|
|
|
|
lang/go114: security update
Revisions pulled up:
- lang/go/version.mk 1.94
- lang/go114/PLIST 1.5
- lang/go114/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 17 17:20:06 UTC 2020
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go114: PLIST distinfo
Log Message:
Update go114 to 1.14.6.
go1.14.5 (released 2020/07/14) includes security fixes to the crypto/x509
and
net/http packages. See the Go 1.14.5 milestone on our issue tracker for
details.
go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler,
the linker, vet, and the database/sql, encoding/json, net/http, reflect, and
testing packages. See the Go 1.14.6 milestone on our issue tracker for
details.
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go114/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go114/distinfo
|
|
lang/go113: security update
Revisions pulled up:
- lang/go/version.mk 1.93
- lang/go113/PLIST 1.4
- lang/go113/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 17 17:10:20 UTC 2020
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go113: PLIST distinfo
Log Message:
Update go113 to 1.13.14.
go1.13.12 (released 2020/06/01) includes fixes to the runtime, and the
go/types
and math/big packages. See the Go 1.13.12 milestone on our issue tracker for
details.
go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509
and
net/http packages. See the Go 1.13.13 milestone on our issue tracker for
details.
go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the
database/sql, net/http, and reflect packages. See the Go 1.13.14 milestone
on our issue tracker for details.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go113/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go113/distinfo
|
|
|
|
www/webkit-gtk: security fix
Revisions pulled up:
- www/webkit-gtk/Makefile 1.189
- www/webkit-gtk/PLIST 1.61
- www/webkit-gtk/distinfo 1.136
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Jul 9 10:56:39 UTC 2020
Modified Files:
pkgsrc/www/webkit-gtk: Makefile PLIST distinfo
Log Message:
webkit-gtk: Update to 2.28.3
Changes:
2.28.3
======
- Enable kinetic scrolling with async scrolling.
- Fix web process hangs on large GitHub pages.
- Bubblewrap sandbox should not attempt to bind empty paths.
- Fix threading issues in the media player.
- Fix several crashes and rendering issues.
|
|
graphics/cairo: fix crashes
Revisions pulled up:
- graphics/cairo/Makefile 1.146
- graphics/cairo/distinfo 1.89
- graphics/cairo/patches/patch-src_cairo-ft-font.c 1.1
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Jul 9 14:38:55 UTC 2020
Modified Files:
pkgsrc/graphics/cairo: Makefile distinfo
Added Files:
pkgsrc/graphics/cairo/patches: patch-src_cairo-ft-font.c
Log Message:
cairo: backport patches from upstream to use FT_Done_MM_Var instead of free
Memory allocated via FT_Get_MM_Var should be freed via FT_Done_MM_Var since
freetype 2.9. Backport patches from upstream to address missing parts not doing
that.
PKGREVISION++
|
|
|
|
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.16
- www/firefox68-l10n/distinfo 1.12
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jul 7 16:51:02 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: sync with firefox68
|
|
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.29
- www/firefox68/distinfo 1.19
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jul 7 16:44:11 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Log Message:
firefox68: Update to 68.10.0
For anyone curious about the delay: apparently, my ccache cache
was corrupted so the build was failing. *sigh* that won't be a problem
soon...
Security Vulnerabilities fixed in Firefox ESR 68.10
#CVE-2020-12417: Memory corruption due to missing sign-extension for
ValueTags on ARM64
#CVE-2020-12418: Information disclosure due to manipulated URL object
#CVE-2020-12419: Use-after-free in nsGlobalWindowInner
#CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
#CVE-2020-12421: Add-On updates did not respect the same certificate trust
rules as software updates
|
|
shells/fish: build fix
Revisions pulled up:
- shells/fish/Makefile 1.26
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jul 7 09:00:34 UTC 2020
Modified Files:
pkgsrc/shells/fish: Makefile
Log Message:
fish: Pull in libatomic with gcc for e.g. powerpc
|
|
mk: NetBSD 7 build fix
Revisions pulled up:
- mk/pkgformat/pkg/metadata.mk 1.29
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Jul 6 18:29:12 UTC 2020
Modified Files:
pkgsrc/mk/pkgformat/pkg: metadata.mk
Log Message:
revert metadata.mk:1.24, keep passing useless flag -U.
It wasn't useless in older pkg_create, as used by netbsd-7.
Reported by sborrill.
|
|
lang/llvm: powerpc build fix
Revisions pulled up:
- lang/llvm/options.mk 1.7
---
Module Name: pkgsrc
Committed By: he
Date: Mon Jul 6 07:16:00 UTC 2020
Modified Files:
pkgsrc/lang/llvm: options.mk
Log Message:
If on powerpc, add -mlongcall to CFLAGS and CXXFLAGS, to avoid
"relocation truncated to fit: R_PPC_REL24" error.
|
|
security/tor-browser-noscript: security fix
Revisions pulled up:
- security/tor-browser-noscript/Makefile 1.3
- security/tor-browser-noscript/distinfo 1.3
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jul 3 22:53:52 UTC 2020
Modified Files:
pkgsrc/security/tor-browser-noscript: Makefile distinfo
Log Message:
tor-browser-noscript: update to 11.0.32.
v 11.0.32
============================================================
x [L10n] Updated it, mk, sv_SE
x Fixed setting CUSTOM permissions in private mode may cause
the TRUSTED preset to become temporary
x Updated TLDs
x [XSS] Updated HTML 5 events support
x More compact high contrast appearance
v 11.0.31
============================================================
x Focus "OK" button on dialog-mode UI
x Fixed various toolbar buttons DnD issues
x Updated TLDs
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode
v 11.0.31rc2
============================================================
x Focus "OK" button on dialog-mode UI
x [L10n] Updated da
x Fixed various toolbar buttons DnD graphic issues
x Updated TLDs
v 11.0.31rc1
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode
x More precise DnD of toolbar buttons + work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=568313
|
|
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.69
- security/tor-browser/distinfo 1.24
- security/tor-browser/patches/patch-config_gcc-stl-wrapper.template.h 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 4 08:33:58 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Added Files:
pkgsrc/security/tor-browser/patches:
patch-config_gcc-stl-wrapper.template.h
Log Message:
tor-browser: update to 9.5.1.
This release updates Firefox to 68.10.0esr and NoScript to 11.0.32.
Also, this release features important security updates to Firefox.
The full changelog since Tor Browser 9.5 is:
All Platforms
Update Firefox to 68.10.0esr
Update NoScript to 11.0.32
Translations update
Bug 40009: Improve tor's client auth stability
Windows + OS X + Linux
Bug 34361: "Prioritize .onion sites when known" appears under General
Bug 34362: Improve Onion Service Authentication prompt
Bug 34369: Fix learn more link in Onion Auth prompt
Bug 34379: Fix learn more for Onion-Location
Bug 34347: The Tor Network part on the onboarding is not new anymore
|
|
I hereby declare the pullup season open :)
|
|
bootstrap: FreeBSD documentation update
Revisions pulled up:
- bootstrap/README.FreeBSD 1.9
---
Module Name: pkgsrc
Committed By: sevan
Date: Tue Jun 30 15:37:00 UTC 2020
Modified Files:
pkgsrc/bootstrap: README.FreeBSD
Log Message:
Give a heads up until issues are fixed.
|
|
x11/qt5-qscintilla, x11/py-qt5-qscintilla: build fix
Revisions pulled up:
- x11/py-qt5-qscintilla/Makefile 1.9
- x11/qt5-qscintilla/Makefile 1.10
- x11/qt5-qscintilla/Makefile.common 1.2
- x11/qt5-qscintilla/buildlink3.mk 1.6
- x11/qt5-qscintilla/distinfo 1.4
- x11/qt5-qscintilla/patches/patch-Python_configure.py 1.1
- x11/qt5-qscintilla/patches/patch-Qt4Qt5_qsciapis.cpp 1.1
- x11/qt5-qscintilla/patches/patch-Qt4Qt5_qscintilla.pro 1.1
- x11/qt5-qscintilla/patches/patch-qsciapis.cpp deleted
- x11/qt5-qscintilla/patches/patch-qscintilla.pro deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Jun 29 13:25:57 UTC 2020
Modified Files:
pkgsrc/x11/py-qt5-qscintilla: Makefile
pkgsrc/x11/qt5-qscintilla: Makefile Makefile.common buildlink3.mk
distinfo
Added Files:
pkgsrc/x11/qt5-qscintilla/patches: patch-Python_configure.py
patch-Qt4Qt5_qsciapis.cpp patch-Qt4Qt5_qscintilla.pro
Removed Files:
pkgsrc/x11/qt5-qscintilla/patches: patch-qsciapis.cpp
patch-qscintilla.pro
Log Message:
qt5-qscintilla py-qt5-qscintilla: updated to 2.11.5
QScintilla v2.11.5 has been released. This is a minor bug-fix release.
|
|
|
|
Bump PKGREVISION.
OK'ed by jaapb and gdt.
|
|
Bump PKGREVISION.
OK'ed by jaapb and gdt.
|
|
|
|
Spleen 1.8.0 (2020-06-29)
- Add Initial 6x12 version, containing printable ASCII characters, the
Braille Patterns Unicode block, and light Box Drawing characters
- Improve ampersand character, making it more consistent with other
sizes (5x8 version)
- Add instructions on how to use Spleen in the NetBSD console
|
|
The embedded copy of boehm-gc fails to build on aarch64 and sgen
is considered the "modern" mono garbage collector, so we can
easily build with just that.
For this to work, the arguments need to register with the configure
script properly, which wasn't happening because autogen was running
configure. Stop that from happening.
Bump PKGREVISION
|
|
|
|
|
|
|
|
|
|
EXTRACT_USING=bsdtar hack is no longer needed.
|
|
|
|
+ ImageMagick-7.0.10.22, confuse-3.3, grpc-1.30.0, mame-0.222,
opusfile-0.12, perl5-5.32.0, py-idna-2.10, rclone-1.52.2,
rsync-3.2.1, thunderbird-enigmail-2.1.7.
|
|
|
|
(presumably not on architectures where this is a compiler intrinsic, or
something)
bump PKGREVISION
|
|
(presumably not on architectures where it's a compiler intrinsic?)
Bump PKGREVISION
|
|
|
|
|
|
(It doesn't on 9.0 aarch64, apparently)
|
|
|
|
|
|
|
|
No code changes. This is just to align the url2pkg version number with
the upcoming branch name.
|
|
|
|
No code changes. This is just to align the pkglint version number with
the upcoming branch name.
|
|
|
|
|
|
|
