| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.6
- www/firefox78-l10n/distinfo 1.6
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Dec 17 13:25:31 UTC 2020
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: Sync with firefox78
|
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.14
- www/firefox78/distinfo 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Dec 17 13:24:30 UTC 2020
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: Update to 78.6.0
Security Vulnerabilities fixed in Firefox ESR 78.6
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
|
|
|
|
graphics/ImageMagick: security fix
Revisions pulled up:
- graphics/ImageMagick/Makefile.common 1.221-1.222
- graphics/ImageMagick/PLIST 1.114
- graphics/ImageMagick/distinfo 1.238-1.239
- graphics/ImageMagick/patches/patch-config_policy.xml 1.6
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Nov 17 16:12:02 UTC 2020
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common distinfo
pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml
Log Message:
ImageMagick: update to 7.0.10.38.
2020-11-14 7.0.10-38 <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.10-38 GIT revision 17815:bf51a3f1f:20201114
2020-11-07 7.0.10-38 <quetzlzacatenango@image...>
* add image settings support to -fx.
* better support for TIFF YCbCr photometric.
* verify TTF glyph format before dereferencing (reference
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26932).
* force single HEIC image per container.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Nov 23 15:45:24 UTC 2020
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo
Log Message:
ImageMagick: update to 7.0.10.41.
2020-11-21 7.0.10-41 <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.10-41 GIT revision 17864:20680f349:20201121
2020-11-21 7.0.10-41 <quetzlzacatenango@image...>
*
2020-11-20 7.0.10-40 <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.10-40 GIT revision 17860:2594cd0a5:20201120
2020-11-19 7.0.10-40 <quetzlzacatenango@image...>
* remove Linux shell artifact from Windows delegate configuration file.
* fix shell injection vulnerability via the -authenticate option (reference
alex@cure...).
2020-11-17 7.0.10-39 <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.10-39 GIT revision 17837:ffb8da39c:20201117
2020-11-07 7.0.10-39 <quetzlzacatenango@image...>
* support DPX 4:2:2 sampling.
|
|
security/openssl: security fix
Revisions pulled up:
- security/openssl/Makefile 1.264-1.266
- security/openssl/PLIST 1.7
- security/openssl/distinfo 1.146-1.147
- security/openssl/patches/patch-Configurations_10-main.conf deleted
- security/openssl/patches/patch-crypto_rand_rand__unix.c deleted
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Sep 30 09:25:31 UTC 2020
Modified Files:
pkgsrc/security/openssl: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-crypto_rand_rand__unix.c
Log Message:
openssl: update to 1.1.1h.
Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
o Disallow explicit curve parameters in verifications chains when
X509_V_FLAG_X509_STRICT is used
o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
contexts
o Oracle Developer Studio will start reporting deprecation warnings
---
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 13 07:37:29 UTC 2020
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
openssl: add -lrt for the benefit of Solaris 10.
PR pkg/55688
PR pkg/54958
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 8 18:54:17 UTC 2020
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-Configurations_10-main.conf
Log Message:
openssl: update to 1.1.1i.
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
|
|
mail/neomutt: security fix
Revisions pulled up:
- mail/neomutt/Makefile 1.64-1.65
- mail/neomutt/PLIST 1.22
- mail/neomutt/distinfo 1.47-1.48
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Sep 27 14:58:46 UTC 2020
Modified Files:
pkgsrc/mail/neomutt: Makefile distinfo
Log Message:
neomutt: update to 20200925.
2020-09-25 Richard Russon <rich@flatcap.org>
* Features
- Compose: display user-defined headers
- Address Book / Query: live sorting
- Address Book / Query: patterns for searching
- Config: Add '+=' and '-=' operators for String Lists
- Config: Add '+=' operator for Strings
- Allow postfix query ':setenv NAME?' for env vars
* Bug Fixes
- Fix crash when searching with invalid regexes
- Compose: Prevent infinite loop of `send2-hook`s
- Fix sidebar on new/removed mailboxes
- Restore indentation for named mailboxes
- Prevent half-parsing an alias
- Remove folder creation prompt for POP path
- Show error if `$message_cachedir` doesn't point to a valid directory
- Fix tracking LastDir in case of IMAP paths with Unicode characters
- Make sure all mail gets applied the index limit
- Add warnings to -Q query CLI option
- Fix index tracking functionality
* Changed Config
- Add `$compose_show_user_headers` (yes)
* Translations
- 100% Czech
- 100% Lithuanian
- Split up usage strings
* Build
- Run shellcheck on hcachever.sh
- Add the Address Sanitizer
- Move compose files to lib under compose/
- Move address config into libaddress
- Update to latest acutest - fixes a memory leak in the unit tests
* Code
- Implement ARRAY API
- Deglobalised the Config Sort functions
- Refactor the Sidebar to be Event-Driven
- Refactor the Color Event
- Refactor the Commands list
- Make ctx_update_tables private
- Reduce the scope/deps of some Validator functions
- Use the Email's IMAP UID instead of an increasing number as index
- debug: log window focus
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 20 16:34:53 UTC 2020
Modified Files:
pkgsrc/mail/neomutt: Makefile PLIST distinfo
Log Message:
neomutt: update to 20201120.
2020-11-20 Richard Russon <rich@flatcap.org>
* Security
- imap: close connection on all failures
* Features
- alias: add <limit> function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix <entire-thread> query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
|
|
www/gitea: build fix, security fix
Revisions pulled up:
- www/gitea/Makefile 1.47
- www/gitea/PLIST 1.9
- www/gitea/distinfo 1.24
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Nov 18 11:29:27 UTC 2020
Modified Files:
pkgsrc/www/gitea: Makefile PLIST distinfo
Log Message:
gitea: Update to 1.12.6.
Fixes pkgsrc handling of the frontend artefacts, various files were previously
missing, leading to errors in the web interface.
Changes since 1.12.1:
## [1.12.6](https://github.com/go-gitea/gitea/releases/tag/v1.12.6) - 2020-11-11
* SECURITY
* Prevent git operations for inactive users (#13527) (#13537)
* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
* BUGFIXES
* API should only return Json (#13511) (#13564)
* Fix before and since query arguments at API (#13559) (#13560)
* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
* Fix link detection in repository description with tailing '_' (#13407) (#13408)
* Remove obsolete change of email on profile page (#13341) (#13348)
* Fix permission check on get Reactions API endpoints (#13344) (#13346)
* Add migrated pulls to pull request task queue (#13331) (#13335)
* API deny wrong pull creation options (#13308) (#13327)
* Fix initial commit page & binary munching problem (#13249) (#13259)
* Fix diff parsing (#13157) (#13136) (#13139)
* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
* Prohibit automatic downgrades (#13108) (#13111)
* Fix GitLab Migration Option AuthToken (#13101)
* GitLab Label Color Normalizer (#12793) (#13100)
* Log the underlying panic in runMigrateTask (#13096) (#13098)
* Fix attachments list in edit comment (#13036) (#13097)
* Fix deadlock when deleting team user (#13093)
* Fix error create comment on outdated file (#13041) (#13042)
* Fix repository create/delete event webhooks (#13008) (#13027)
* Fix internal server error on README in submodule (#13006) (#13016)
## [1.12.5](https://github.com/go-gitea/gitea/releases/tag/v1.12.5) - 2020-10-01
* BUGFIXES
* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
* Prevent empty div when editing comment (#12404) (#12991)
* On mirror update also update address in DB (#12964) (#12967)
* Allow extended config on cron settings (#12939) (#12943)
* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
* Fix internal server error from ListUserOrgs API (#12910) (#12915)
* Update only the repository columns that need updating (#12900) (#12912)
* Fix panic when adding long comment (#12892) (#12894)
* Add size limit for content of comment on action ui (#12881) (#12890)
* Convert User expose ID each time (#12855) (#12883)
* Support slashes in release tags (#12864) (#12882)
* Add missing information to CreateRepo API endpoint (#12848) (#12867)
* On Migration respect old DefaultBranch (#12843) (#12858)
* Fix notifications page links (#12838) (#12853)
* Stop cloning unnecessarily on PR update (#12839) (#12852)
* Escape more things that are passed through str2html (#12622) (#12850)
* Remove double escape on labels addition in comments (#12809) (#12810)
* Fix "only mail on mention" bug (#12775) (#12789)
* Fix yet another bug with diff file names (#12771) (#12776)
* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
* ENHANCEMENTS
* gitea dump: include version & Check InstallLock (#12760) (#12762)
## [1.12.4](https://github.com/go-gitea/gitea/releases/tag/v1.12.4) - 2020-09-02
* SECURITY
* Escape provider name in oauth2 provider redirect (#12648) (#12650)
* Escape Email on password reset page (#12610) (#12612)
* When reading expired sessions - expire them (#12686) (#12690)
* ENHANCEMENTS
* StaticRootPath configurable at compile time (#12371) (#12652)
* BUGFIXES
* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
* Expire time acknowledged for cache (#12605) (#12611)
* Fix diff path unquoting (#12554) (#12575)
* Improve HTML escaping helper (#12562)
* models: break out of loop (#12386) (#12561)
* Default empty merger list to those with write permissions (#12535) (#12560)
* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Remove hardcoded ES indexername (#12521) (#12526)
* Fix bug preventing transfer to private organization (#12497) (#12501)
* Keys should not verify revoked email addresses (#12486) (#12495)
* Do not add prefix on http/https submodule links (#12477) (#12479)
* Fix ignored login on compare (#12476) (#12478)
* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
* Render emoji's of Commit message on feed-page (#12373)
* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
## [1.12.3](https://github.com/go-gitea/gitea/releases/tag/v1.12.3) - 2020-07-28
* BUGFIXES
* Don't change creation date when updating Release (#12343) (#12351)
* Show 404 page when release not found (#12328) (#12332)
* Fix emoji detection in certain cases (#12320) (#12327)
* Reduce emoji size (#12317) (#12327)
* Fix double-indirection bug in logging IDs (#12294) (#12308)
* Link to pull list page on sidebar when view pr (#12256) (#12263)
* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
## [1.12.2](https://github.com/go-gitea/gitea/releases/tag/v1.12.2) - 2020-07-11
* BUGFIXES
* When deleting repository decrese user repository count in cache (#11954) (#12188)
* Return full commit message instead of summary in commits API (#12186) (#12187)
* Properly set HEAD when a repo is created with a default branch that is not named 'master' (#12135) (#12182)
* Ensure GPG Subkeys are verified (#12155) (#12168)
* Fix failing to cache last commit with key being to long (#12151) (#12161)
* Multiple small admin dashboard fixes (#12153) (#12156)
* Remove spurious logging of " Delete all repository archives" at startup (#12139) (#12148)
* Fix repository setup instructions when default branch is not named 'master' (#12122) (#12147)
* Move EventSource to SharedWorker (#12095) (#12130)
* Fix ui bug in wiki commit page (#12089) (#12125)
* Fix gitgraph branch continues after merge (#12044) (#12105)
* Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)
* Ensure BlameReaders close at end of request (#12102) (#12103)
* Fix panic when adding review comment (#12058)
* ENHANCEMENTS
* Disable dropzone's timeout for file uploads (#12024) (#12032)
|
|
|
|
www/firefox78: build fix
(via patch)
Add build dependency to expat Python module.
|
|
|
|
www/firefox78-l10n: dependent update
NOTE: This also includes the changes from pullup ticket #6364.
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.4-1.5
- www/firefox78-l10n/distinfo 1.4-1.5
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Nov 10 03:04:00 UTC 2020
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Nov 18 12:34:21 UTC 2020
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: Sync with firefox78
|
|
www/firefox78: security fix
NOTE: This also includes the changes from pullup tickets #6363 and #6369.
Revisions pulled up:
- www/firefox78/Makefile 1.9,1.13
- www/firefox78/distinfo 1.5-1.6
- www/firefox78/patches/patch-js_src_jit_ProcessExecutableMemory.cpp 1.1
- www/firefox78/patches/patch-js_src_vm_ArrayBufferObject.cpp 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Nov 10 02:59:28 UTC 2020
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Added Files:
pkgsrc/www/firefox78/patches:
patch-js_src_jit_ProcessExecutableMemory.cpp
patch-js_src_vm_ArrayBufferObject.cpp
Log Message:
firefox78: Update to 78.4.1. Apply MPROTECT patches from mozjs.
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Nov 18 12:33:45 UTC 2020
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: Update to 78.5.0
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
|
|
graphics/ImageMagick: security fix
(via patch)
|
|
net/youtube-dl: updates and bugfixes
Revisions pulled up:
- net/youtube-dl/Makefile 1.215-1.218
- net/youtube-dl/distinfo 1.197-1.200
- net/youtube-dl/patches/patch-youtube__dl_extractor_bandcamp.py 1.1
- net/youtube-dl/patches/patch-youtube__dl_extractor_youtube.py deleted
---
Module Name: pkgsrc
Committed By: leot
Date: Sun Nov 1 10:58:24 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Added Files:
pkgsrc/net/youtube-dl/patches: patch-youtube__dl_extractor_bandcamp.py
Log Message:
youtube-dl: Add a patch to fix bandcamp extractor
Initially based on (what was) Gilles Pietri's upstream #26684.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: leot
Date: Sun Nov 1 12:14:49 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Added Files:
pkgsrc/net/youtube-dl/patches: patch-youtube__dl_extractor_youtube.py
Log Message:
youtube-dl: Fix extraction of YouTube JS player URL (and youtube extractor)
Both versions are probably still present because - also without the patch -
after several retries the JS player URL is fetched.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: leot
Date: Sun Nov 1 18:38:59 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Removed Files:
pkgsrc/net/youtube-dl/patches: patch-youtube__dl_extractor_youtube.py
Log Message:
youtube-dl: Update to 20201101.1
Changes:
20201101.1
----------
Core
* [utils] Don't attempt to coerce JS strings to numbers in js_to_json (#26851)
* [downloader/http] Properly handle missing message in SSLError (#26646)
* [downloader/http] Fix access to not yet opened stream in retry
Extractors
* [youtube] Fix JS player URL extraction
* [ytsearch] Fix extraction (#26920)
* [afreecatv] Fix typo (#26970)
* [23video] Relax URL regular expression (#26870)
+ [ustream] Add support for video.ibm.com (#26894)
* [iqiyi] Fix typo (#26884)
+ [expressen] Add support for di.se (#26670)
* [iprima] Improve video id extraction (#26507, #26494)
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Nov 12 14:41:38 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20201112
Changes:
20201112
--------
Extractors
* [youtube] Rework extractors
|
|
|
|
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.77
- security/tor-browser/PLIST 1.10
- security/tor-browser/distinfo 1.30
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Oct 31 00:55:27 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile PLIST distinfo
Log Message:
tor-browser: update to 10.0.2.
This release updates Firefox to 78.4.0esr and NoScript to 11.1.3.
This release includes important security updates to Firefox.
Note: Now Javascript on the Safest security level is governed by
NoScript again. It was set as false when on Safest in 9.5a9. The
javascript.enabled preference was reset to true for everyone using
Safest beginning in Tor Browser 10.0 and you must re-set it as
false if that is your preference.
|
|
security/tor-browser-noscript: security fix
Revisions pulled up:
- security/tor-browser-noscript/Makefile 1.7
- security/tor-browser-noscript/distinfo 1.7
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Oct 31 00:54:38 UTC 2020
Modified Files:
pkgsrc/security/tor-browser-noscript: Makefile distinfo
Log Message:
tor-browser-noscript: update to 11.1.3.
v 11.1.3
============================================================
x Fixed regression: document media and font restrictions
always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDs
v 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
(thanks Horsefly for report)
v 11.1.0
============================================================
x Improved blocking of media documents unaffected by
webRequest
x Automatically init tag message with last changelog
x Improved NOSCRIPT element emulation compatibility with XML
documents
x webNavigation.onCommitted + tabs.executeScript to deliver
DOM policies earlier whenever possible
x Partial work-around for Fx 80 file:// documents parsing
inconsistencies (further fix for issue #156)
x Cache policy on top document for file:// subdocuments
(fixes issue #156)
x Enforce more restrictive CSP on media/object documents
x Better cross-browser media handling
x [Mobile] Use tabs as prompts if the browser.windows API is
missing
x Fix browser UI for image, audio and video content being
partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
v 11.1.0rc2
============================================================
x Improved blocking of media documents unaffected by
webRequest
x Automatically init tag message with last changelog
v 11.1.0rc1
============================================================
x Improved NOSCRIPT element emulation compatibility with XML
documents
v 11.0.47rc6
============================================================
x webNavigation.onCommitted + tabs.executeScript to deliver
DOM policies earlier whenever possible
x Fixed typo causing CSP-based media blocking to skip
requests with no content-type header
v 11.0.47rc5
============================================================
x Partial work-around for Fx 80 file:// documents parsing
inconsistencies (further fix for issue #156)
v 11.0.47rc4
============================================================
x Cache policy on top document for file:// subdocuments
(fixes issue #156)
x Updated TLDs
x Enforce more restrictive CSP on media/object documents
v 11.0.47rc3
============================================================
x Better cross-browser media handling
x Improved file: directory path normalization
v 11.0.47rc2
============================================================
x [Mobile] Use tabs as prompts if the browser.windows API is
missing
v 11.0.47rc1
============================================================
x Fix browser UI for image, audio and video content being
partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
|
|
|
|
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.110
- net/samba4/distinfo 1.53
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 30 07:17:16 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.12.9
Summary from NEWS files:
Samba 4.12.9 (2020-10-29)
o CVE-2020-14318:
The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
request file name notification on a directory handle when a condition such as
"new file creation" or "file size change" or "file timestamp update" occurs.
A missing permissions check on a directory handle requesting ChangeNotify
meant that a client with a directory handle open only for
FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
notify replies from the server. These replies contain information that should
not be available to directory handles open for FILE_READ_ATTRIBUTE only.
o CVE-2020-14323:
winbind in version 3.6 and later implements a request to translate multiple
Windows SIDs into names in one request. This was done for performance
reasons: Active Directory domain controllers can do multiple SID to name
translations in one RPC call. It was an obvious extension to also offer this
batch operation on the winbind unix domain stream socket that is available to
local processes on the Samba server to reduce network round-trips to the
domain controller.
Due to improper input validation a hand-crafted packet can make winbind
perform a NULL pointer dereference and thus crash.
o CVE-2020-14383:
Some DNS records (such as MX and NS records) usually contain data in the
additional section. Samba's dnsserver RPC pipe (which is an administrative
interface not used in the DNS server itself) made an error in handling the
case where there are no records present: instead of noticing the lack of
records, it dereferenced uninitialised memory, causing the RPC server to
crash. This RPC server, which also serves protocols other than dnsserver,
will be restarted after a short delay, but it is easy for an authenticated
non-admin attacker to crash it again as soon as it returns. The Samba DNS
server itself will continue to operate, but many RPC services will not.
Samba 4.12.8 (2020-10-07)
Changes since 4.12.7
--------------------
o Guenther Deschner <gd@samba.org>
* BUG 14318: docs: Add missing winexe manpage.
o Volker Lendecke <vl@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
o Laurent Menase <laurent.menase@hpe.com>
* BUG 14388: winbind: Fix a memleak.
o Stefan Metzmacher <metze@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
* BUG 14482: Compilation of heimdal tree fails if libbsd is not installed.
o Christof Schmitt <cs@samba.org>
* BUG 14166: util: Allow symlinks in directory_create_or_exist.
o Andreas Schneider <asn@samba.org>
* BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
3.6.14.
* BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.
o Martin Schwenke <martin@meltin.net>
* BUG 14466: ctdb disable/enable can fail due to race condition.
|
|
misc/tmux: security fix
Revisions pulled up:
- misc/tmux/Makefile 1.55
- misc/tmux/distinfo 1.48
---
Module Name: pkgsrc
Committed By: khorben
Date: Sun Nov 1 05:15:35 UTC 2020
Modified Files:
pkgsrc/misc/tmux: Makefile distinfo
Log Message:
tmux: update to 3.1c
CHANGED FROM 3.1b TO 3.1c
* Fix a stack overflow on colon-separated CSI parsing.
XXX pull-up to the pkgsrc-2020Q3 branch (security)
|
|
|
|
www/firefox: security update
www/firefox-l10n: security update
Revisions pulled up:
- www/firefox-l10n/Makefile 1.186-1.191
- www/firefox-l10n/PLIST 1.67
- www/firefox-l10n/distinfo 1.168-1.173
- www/firefox/Makefile 1.448-1.453
- www/firefox/PLIST 1.164-1.165
- www/firefox/distinfo 1.411-1.418
- www/firefox/mozilla-common.mk 1.181-1.182
- www/firefox/patches/patch-build_moz.configure_rust.configure 1.7
- www/firefox/patches/patch-config_makefiles_rust.mk 1.5
- www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp 1.1
- www/firefox/patches/patch-js_src_jsfriendapi.h 1.3
- www/firefox/patches/patch-race_recurse.mk 1.1
- www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
- www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:30:01 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
pkgsrc/www/firefox/patches: patch-config_makefiles_rust.mk
patch-js_src_jsfriendapi.h
Removed Files:
pkgsrc/www/firefox/patches:
patch-third__party_rust_getrandom_src_lib.rs
patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
Log Message:
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you don’t see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
Firefox’s new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* We’ve fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files you’ve downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
To generate a diff of this commit:
cvs rdiff -u -r1.447 -r1.448 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.163 -r1.164 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.410 -r1.411 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.4 -r1.5 \
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:31:02 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
firefox-l10n: Update to 81.0
* Add ur locale.
* Sync with www/firefox-81.0.
To generate a diff of this commit:
cvs rdiff -u -r1.185 -r1.186 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.167 -r1.168 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 29 23:20:23 UTC 2020
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
firefox: 81.0 requires nss >= 3.56
To generate a diff of this commit:
cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/firefox/mozilla-common.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:44:16 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
firefox: Update to 81.0.1
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
To generate a diff of this commit:
cvs rdiff -u -r1.448 -r1.449 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.411 -r1.412 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:45:25 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox-l10n: Update to 81.0.1
* Sync with www/firefox-81.0.1.
To generate a diff of this commit:
cvs rdiff -u -r1.186 -r1.187 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 12 23:45:35 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 81.0.2
Release notes not available yet.
To generate a diff of this commit:
cvs rdiff -u -r1.449 -r1.450 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.412 -r1.413 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 20 20:15:30 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox-l10n: Makefile distinfo
pkgsrc/www/firefox/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.450 -r1.451 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.164 -r1.165 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.413 -r1.414 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.181 -r1.182 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.170 -r1.171 pkgsrc/www/firefox-l10n/distinfo
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Fri Oct 23 12:37:14 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
Log Message:
firefox: NetBSD/aarch64 build fix
To generate a diff of this commit:
cvs rdiff -u -r1.414 -r1.415 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 26 21:20:59 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-race_recurse.mk
Log Message:
firefox: backport upstream patch to fix a build race. This appears as
libmozgtk.so missing as well as the symbols it contains.
This affects pkgsrc-stable as well.
To generate a diff of this commit:
cvs rdiff -u -r1.415 -r1.416 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox/patches/patch-race_recurse.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 27 16:59:00 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: update to 82.0.1
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
To generate a diff of this commit:
cvs rdiff -u -r1.451 -r1.452 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.416 -r1.417 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 28 15:34:41 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 82.0.2
Fixed duplication of WebSocket messages in certain cases (bug 1673340)
To generate a diff of this commit:
cvs rdiff -u -r1.452 -r1.453 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.417 -r1.418 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.190 -r1.191 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/firefox-l10n/distinfo
|
|
|
|
lang/libunwind: PowerPC build fix
Revisions pulled up:
- lang/libunwind/Makefile 1.23-1.24
- lang/libunwind/distinfo 1.19
- lang/libunwind/patches/patch-include_____libunwind__config.h 1.1
- lang/libunwind/patches/patch-src_UnwindRegistersRestore.S 1.1
- lang/libunwind/patches/patch-src_UnwindRegistersSave.S 1.1
- lang/libunwind/patches/patch-src_config.h 1.1
- lang/libunwind/patches/patch-src_libunwind.cpp 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Sun Oct 18 17:06:35 UTC 2020
Modified Files:
pkgsrc/lang/libunwind: Makefile distinfo
Added Files:
pkgsrc/lang/libunwind/patches: patch-include_____libunwind__config.h
patch-src_UnwindRegistersRestore.S patch-src_UnwindRegistersSave.S
patch-src_config.h patch-src_libunwind.cpp
Log Message:
Make this build on NetBSD/macppc 9.0, where gcc doesn't predefine
__ppc__, only __powerpc__, so compensate.
PKGREVISION bumped.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Tue Oct 20 06:34:23 UTC 2020
Modified Files:
pkgsrc/lang/libunwind: Makefile
Log Message:
libunwind: Remove patch .orig file, fix install.
|
|
|
|
lang/rust: NetBSD 9 build fix (accidentally broken)
|
|
chat/profanity: NetBSD 8 build fix
Revisions pulled up:
- chat/profanity/Makefile 1.3
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Oct 18 09:50:15 UTC 2020
Modified Files:
pkgsrc/chat/profanity: Makefile
Log Message:
profanity: Requires at least sqlite3-3.22.0.
(attempt to fix configure on NetBSD 8.x)
|
|
graphics/openexr: NetBSD 8 build fix
Revisions pulled up:
- graphics/openexr/buildlink3.mk 1.16
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Oct 18 09:52:32 UTC 2020
Modified Files:
pkgsrc/graphics/openexr: buildlink3.mk
Log Message:
openexr: Require at least gcc6 in dependent packages
(attempt to fix dependent packages in NetBSD 8.x)
|
|
x11/vte3: NetBSD 8 build fix
Revisions pulled up:
- x11/vte3/buildlink3.mk 1.18
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Oct 18 09:47:41 UTC 2020
Modified Files:
pkgsrc/x11/vte3: buildlink3.mk
Log Message:
vte3: Force gcc7 for dependent packages
|
|
wm/xfce4-wm: NetBSD 8 build fix
Revisions pulled up:
- wm/xfce4-wm/hacks.mk 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Oct 16 06:21:13 UTC 2020
Added Files:
pkgsrc/wm/xfce4-wm: hacks.mk
Log Message:
xfce4-wm: Add hack to let this build on NetBSD 8.
|
|
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.76
- security/tor-browser/PLIST 1.9
- security/tor-browser/distinfo 1.29
- security/tor-browser/patches/patch-.mozconfig 1.3
- security/tor-browser/patches/patch-aa 1.7
- security/tor-browser/patches/patch-browser_app_profile_firefox.js 1.4
- security/tor-browser/patches/patch-build_moz.configure_rust.configure 1.4
- security/tor-browser/patches/patch-config_gcc-stl-wrapper.template.h 1.2
- security/tor-browser/patches/patch-config_makefiles_rust.mk 1.3
- security/tor-browser/patches/patch-configure.in 1.1
- security/tor-browser/patches/patch-dom_base_nsAttrName.h 1.2
- security/tor-browser/patches/patch-dom_media_CubebUtils.cpp 1.3
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_lib.rs deleted
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs deleted
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs deleted
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs deleted
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs deleted
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs deleted
- security/tor-browser/patches/patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs deleted
- security/tor-browser/patches/patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp 1.3
- security/tor-browser/patches/patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h 1.2
- security/tor-browser/patches/patch-gfx_cairo_cairo_src_cairo-type1-subset.c 1.1
- security/tor-browser/patches/patch-gfx_gl_GLContextProviderGLX.cpp deleted
- security/tor-browser/patches/patch-gfx_skia_skia_src_core_SkCpu.cpp 1.2
- security/tor-browser/patches/patch-gfx_thebes_gfxPlatform.cpp 1.2
- security/tor-browser/patches/patch-ipc_chromium_src_base_message__pump__libevent.cc 1.4
- security/tor-browser/patches/patch-ipc_chromium_src_base_platform__thread__posix.cc 1.5
- security/tor-browser/patches/patch-ipc_chromium_src_chrome_common_ipc__channel__posix.cc deleted
- security/tor-browser/patches/patch-ipc_glue_GeckoChildProcessHost.cpp 1.5
- security/tor-browser/patches/patch-js_src_jsfriendapi.h 1.1
- security/tor-browser/patches/patch-js_src_threading_posix_Thread.cpp deleted
- security/tor-browser/patches/patch-js_src_util_NativeStack.cpp 1.5
- security/tor-browser/patches/patch-media_ffvpx_libavutil_arm_bswap.h 1.2
- security/tor-browser/patches/patch-media_libcubeb_gtest_moz.build deleted
- security/tor-browser/patches/patch-media_libcubeb_src_cubeb.c deleted
- security/tor-browser/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.5
- security/tor-browser/patches/patch-media_libcubeb_src_cubeb__sun.c 1.1
- security/tor-browser/patches/patch-media_libcubeb_src_moz.build 1.6
- security/tor-browser/patches/patch-media_libcubeb_update.sh deleted
- security/tor-browser/patches/patch-media_libpng_pngpriv.h 1.5
- security/tor-browser/patches/patch-media_libtheora_lib_info.c 1.4
- security/tor-browser/patches/patch-media_libvorbis_lib_vorbis__info.c 1.1
- security/tor-browser/patches/patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc 1.5
- security/tor-browser/patches/patch-nsprpub_pr_src_pthreads_ptsynch.c 1.2
- security/tor-browser/patches/patch-security_nss_lib_freebl_mpi_mpi.c 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_.cargo-checksum.json 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_lib.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_netbsd_device.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_netbsd_fd.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_netbsd_mod.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_netbsd_monitor.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_netbsd_transaction.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_authenticator_src_netbsd_uhid.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_getrandom_src_lib.rs 1.1
- security/tor-browser/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs 1.1
- security/tor-browser/patches/patch-toolkit_components_terminator_nsTerminator.cpp 1.3
- security/tor-browser/patches/patch-toolkit_library_moz.build deleted
- security/tor-browser/patches/patch-toolkit_modules_subprocess_subprocess__shared__unix.js 1.2
- security/tor-browser/patches/patch-toolkit_moz.configure 1.4
- security/tor-browser/patches/patch-toolkit_mozapps_installer_packager.mk 1.3
- security/tor-browser/patches/patch-toolkit_xre_glxtest.cpp deleted
- security/tor-browser/patches/patch-widget_gtk_WaylandDMABufSurface.cpp 1.1
- security/tor-browser/patches/patch-xpcom_base_nscore.h 1.5
- security/tor-browser/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 7 11:10:35 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile PLIST distinfo
pkgsrc/security/tor-browser/patches: patch-.mozconfig patch-aa
patch-browser_app_profile_firefox.js
patch-build_moz.configure_rust.configure
patch-config_gcc-stl-wrapper.template.h
patch-config_makefiles_rust.mk patch-dom_base_nsAttrName.h
patch-dom_media_CubebUtils.cpp
patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp
patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h
patch-gfx_skia_skia_src_core_SkCpu.cpp
patch-gfx_thebes_gfxPlatform.cpp
patch-ipc_chromium_src_base_message__pump__libevent.cc
patch-ipc_chromium_src_base_platform__thread__posix.cc
patch-ipc_glue_GeckoChildProcessHost.cpp
patch-js_src_util_NativeStack.cpp
patch-media_ffvpx_libavutil_arm_bswap.h
patch-media_libcubeb_src_cubeb__alsa.c
patch-media_libcubeb_src_moz.build patch-media_libpng_pngpriv.h
patch-nsprpub_pr_src_pthreads_ptsynch.c
patch-toolkit_components_terminator_nsTerminator.cpp
patch-toolkit_modules_subprocess_subprocess__shared__unix.js
patch-toolkit_moz.configure
patch-toolkit_mozapps_installer_packager.mk
patch-xpcom_base_nscore.h
patch-xpcom_reflect_xptcall_md_unix_moz.build
Added Files:
pkgsrc/security/tor-browser/patches: patch-configure.in
patch-gfx_cairo_cairo_src_cairo-type1-subset.c
patch-js_src_jsfriendapi.h patch-media_libcubeb_src_cubeb__sun.c
patch-media_libtheora_lib_info.c
patch-media_libvorbis_lib_vorbis__info.c
patch-media_webrtc_trunk_webrtc_modules_video__capture_linux_device__info__linux.cc
patch-security_nss_lib_freebl_mpi_mpi.c
patch-third__party_rust_authenticator_.cargo-checksum.json
patch-third__party_rust_authenticator_src_lib.rs
patch-third__party_rust_authenticator_src_netbsd_device.rs
patch-third__party_rust_authenticator_src_netbsd_fd.rs
patch-third__party_rust_authenticator_src_netbsd_mod.rs
patch-third__party_rust_authenticator_src_netbsd_monitor.rs
patch-third__party_rust_authenticator_src_netbsd_transaction.rs
patch-third__party_rust_authenticator_src_netbsd_uhid.rs
patch-third__party_rust_getrandom_src_lib.rs
patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
patch-widget_gtk_WaylandDMABufSurface.cpp
Removed Files:
pkgsrc/security/tor-browser/patches:
patch-dom_webauthn_u2f-hid-rs_src_lib.rs
patch-dom_webauthn_u2f-hid-rs_src_netbsd_device.rs
patch-dom_webauthn_u2f-hid-rs_src_netbsd_fd.rs
patch-dom_webauthn_u2f-hid-rs_src_netbsd_mod.rs
patch-dom_webauthn_u2f-hid-rs_src_netbsd_monitor.rs
patch-dom_webauthn_u2f-hid-rs_src_netbsd_transaction.rs
patch-dom_webauthn_u2f-hid-rs_src_netbsd_uhid.rs
patch-gfx_gl_GLContextProviderGLX.cpp
patch-ipc_chromium_src_chrome_common_ipc__channel__posix.cc
patch-js_src_threading_posix_Thread.cpp
patch-media_libcubeb_gtest_moz.build
patch-media_libcubeb_src_cubeb.c patch-media_libcubeb_update.sh
patch-toolkit_library_moz.build patch-toolkit_xre_glxtest.cpp
Log Message:
tor-browser: update to 10.0.
Tor Browser 10.0 -- September 22 2020
* Windows + OS X + Linux
* Update Firefox to 78.3.0esr
* Update Tor to 0.4.4.5
* Update Tor Launcher to 0.2.25
* Bug 32174: Replace XUL <textbox> with <html:input>
* Bug 33890: Rename XUL files to XHTML
* Bug 33862: Fix usages of createTransport API
* Bug 33906: Fix Tor-Launcher issues for Firefox 75
* Bug 33998: Use CSS grid instead of XUL grid
* Bug 34164: Tor Launcher deadlocks during startup (Firefox 77)
* Bug 34206: Tor Launcher button labels are missing (Firefox 76)
* Bug 40002: After rebasing to 80.0b2 moat is broken [tor-launcher]
* Translations update
* Update NoScript to 11.0.44
* Bug 40093: Youtube videos on safer produce an error [tor-browser]
* Translations update
* Bug 10394: Let Tor Browser update HTTPS Everywhere
* Bug 11154: Disable TLS 1.0 (and 1.1) by default
* Bug 16931: Sanitize the add-on blocklist update URL
* Bug 17374: Disable 1024-DH Encryption by default
* Bug 21601: Remove unused media.webaudio.enabled pref
* Bug 30682: Disable Intermediate CA Preloading
* Bug 30812: Exempt about: pages from Resist Fingerprinting
* Bug 31918+33533+40024+40037: Rebase Tor Browser esr68 patches for ESR 78 [tor-browser]
* Bug 32612: Update MAR_CHANNEL_ID for the alpha
* Bug 32886: Separate treatment of @media interaction features for desktop and android
* Bug 33534: Review FF release notes from FF69 to latest (FF78)
* Bug 33697: Use old search config based on list.json
* Bug 33721: PDF Viewer is not working in the safest security level
* Bug 33734: Set MOZ_NORMANDY to False
* Bug 33737: Fix aboutDialog.js error for Firefox nightlies
* Bug 33848: Disable Enhanced Tracking Protection
* Bug 33851: Patch out Parental Controls detection and logging
* Bug 33852: Clean up about:logins to not mention Sync
* Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
* Bug 33862: Fix usages of createTransport API
* Bug 33867: Disable password manager and password generation
* Bug 33890: Rename XUL files to XHTML
* Bug 33892: Add brandProductName to brand.dtd and brand.properties
* Bug 33962: Uplift patch for bug 5741 (dns leak protection)
* Bug 34125: API change in protocolProxyService.registerChannelFilter
* Bug 40001: Generate tor-browser-brand.ftl when importing translations [torbutton]
* Bug 40002: Remove about:pioneer [tor-browser]
* Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils [torbutton]
* Bug 40003: Adapt code for L10nRegistry API changes [torbutton]
* Bug 40005: Initialize the identity UI before setting up the circuit display [torbutton]
* Bug 40006: Fix new identity for 81 [torbutton]
* Bug 40007: Move SecurityPrefs initialization to the StartupObserver component [torbutton]
* Bug 40008: Style fixes for 78 [torbutton]
* Bug 40016: Update Snowflake to discover NAT type [tor-browser-build]
* Bug 40017: Audit Firefox 68-78 diff for proxy issues [tor-browser]
* Bug 40022: Update new icons in Tor Browser branding [tor-browser]
* Bug 40025: Revert add-on permissions due to Mozilla's 1560059 [tor-browser]
* Bug 40036: Remove product version/update channel from #13379 patch [tor-browser]
* Bug 40038: Review RemoteSettings for ESR 78 [tor-browser]
* Bug 40048: Disable various ESR78 features via prefs [tor-browser]
* Bug 40059: Verify our external helper patch is still working [tor-browser]
* Bug 40066: Update existing prefs for ESR 78 [tor-browser]
* Bug 40066: Remove default bridge 37.218.240.34 [tor-browser-build]
* Bug 40073: Disable remote Public Suffix List fetching [tor-browser]
* Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere [tor-browser-build]
* Bug 40078: Backport patches for bug 1651680 for now [tor-browser]
* Bug 40082: Let JavaScript on safest setting handled by NoScript again [tor-browser]
* Bug 40088: Moat "Submit" button does not work
* Bug 40090: Disable v3 add-on blocklist for now [tor-browser]
* Bug 40091: Load HTTPS Everywhere as a builtin addon [tor-browser]
* Bug 40102: Fix UI bugs in Tor Browser 10.0 alpha [tor-browser]
* Bug 40106: Cannot install addons in full screen mode [tor-browser]
* Bug 40109: Playing video breaks after reloading pages [tor-browser]
* Bug 40119: Enable v3 extension blocklisting again [tor-browser]
* Windows
* Bug 33855: Don't use site's icon as window icon in Windows in private mode
* Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
* OS X
* Bug 32252: Tor Browser does not display correctly in VMWare Fusion on macOS (mojave)
* Build System
* Windows + OS X + Linux
* Bump Go to 1.14.7
* Bug 31845: Bump GCC version to 9.3.0
* Bug 34011: Bump clang to 9.0.1
* Bug 34014: Enable sqlite3 support in Python
* Bug 34390: Don't copy DBM libraries anymore
* Bug 34391: Remove unused --enable-signmar option
* Bug 40004: Adapt Rust project for Firefox 78 ESR [tor-browser-build]
* Bug 40005: Adapt Node project for Firefox 78 ESR [tor-browser-build]
* Bug 40006: Adapt cbindgen for Firefox 78 ESR [tor-browser-build]
* Bug 40037: Move projects over to clang-source [tor-browser-build]
* Bug 40026: Fix full .mar creation for esr78 [tor-browser-build]
* Bug 40027: Fix incremental .mar creation for esr78 [tor-browser-build]
* Bug 40028: Do not reference unset env variables [tor-browser-build]
* Bug 40031: Add licenses for kcp-go and smux. [tor-browser-build]
* Bug 40045: Fix complete .mar file creation for dmg2mar [tor-browser-build]
* Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1 [tor-browser-build]
* Bug 40087: Deterministically add HTTPS Everywhere into omni.ja [tor-browser-build]
* Windows
* Bug 34230: Update Windows toolchain for Firefox 78 ESR
* Bug 40015: Use only 64bit fxc2 [tor-browser-build]
* Bug 40017: Enable stripping again on Windows [tor-browser-build]
* Bug 40052: Bump NSIS to 3.06.1 [tor-browser-build]
* Bug 40061: Omit the Windows default browser agent from the build [tor-browser]
* Bug 40071: Be explicit about no SEH with mingw-w64 on 32bit systems [tor-browser-build]
* Bug 40077: Don't pass --no-insert-timestamp when building Firefox [tor-browser-build]
* Bug 40090: NSIS 3.06.1 based builds are not reproducible anymore [tor-browser-build]
* OS X
* Bug 34229: Update macOS toolchain for Firefox 78 ESR
* Bug 40003: Update cctools version for Firefox 78 ESR [tor-browser-build]
* Bug 40018: Add libtapi project for cctools [tor-browser-build]
* Bug 40019: Ship our own runtime library for macOS [tor-browser-build]
* Linux
* Bug 34359: Adapt abicheck.cc to deal with newer GCC version
* Bug 34386: Fix up clang compilation on Linux
* Bug 40053: Also create the langpacks tarball for non-release builds [tor-browser-build]
Tor Browser 10.0a7 -- September 14 2020
* Windows + OS X + Linux
* Update Tor Launcher to 0.2.24
* Update NoScript to 11.0.43
* Translations update
* Bug 10394: Let Tor Browser update HTTPS Everywhere
* Bug 32017: Use ExtensionStorageIDB again
* Bug 40006: Fix new identity for 81 [torbutton]
* Bug 40007: Move SecurityPrefs initialization to the StartupObserver component [torbutton]
* Bug 40008: Style fixes for 78 [torbutton]
* Bug 40066: Remove default bridge 37.218.240.34 [tor-browser-build]
* Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere [tor-browser-build]
* Bug 40091: Load HTTPS Everywhere as a builtin addon [tor-browser]
* Bug 40102: Fix UI bugs in Tor Browser 10.0 alpha [tor-browser]
* Bug 40109: Playing video breaks after reloading pages [tor-browser]
* Big 40119: Enable v3 extension blocklisting again [tor-browser]
* Build System
* Windows + OS X + Linux
* Bump Go to 1.14.7
* Bug 40031: Add licenses for kcp-go and smux. [tor-browser-build]
* Bug 40045: Fix complete .mar file creation for dmg2mar [tor-browser-build]
* Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1 [tor-browser-build]
* Bug 40087: Deterministically add HTTPS Everywhere into omni.ja [tor-browser-build]
* Windows
* Bug 40052: Bump NSIS to 3.06.1 [tor-browser-build]
* Bug 40071: Be explicit about no SEH with mingw-w64 on 32bit systems [tor-browser-build]
* Bug 40077: Don't pass --no-insert-timestamp when building Firefox [tor-browser-build]
* Bug 40090: NSIS 3.06.1 based builds are not reproducible anymore [tor-browser-build]
Tor Browser 10.0a6 -- August 26 2020
* All Platforms
* Update HTTPS Everywhere to 2020.08.13
* Windows + OS X + Linux
* Update Firefox to 78.2.0esr
* Update Tor Launcher to 0.2.23
* Bug 40002: After rebasing to 80.0b2 moat is broken [tor-launcher]
* Translations update
* Update NoScript to 11.0.39
* Bug 21601: Remove unused media.webaudio.enabled pref
* Bug 40002: Remove about:pioneer [tor-browser]
* Bug 40082: Let JavaScript on safest setting handled by NoScript again [tor-browser]
* Bug 40088: Moat "Submit" button does not work
* Bug 40090: Disable v3 add-on blocklist for now [tor-browser]
* OS X
* Bug 40015: Tor Browser broken on MacOS 11 Big Sur
* Android
* Update Firefox to 68.12.0esr
* Update NoScript to 11.0.38
* Update Tor to 0.4.4.4-rc
* Build System
* Windows + OS X + Linux
* Bump Go to 1.13.15
* Linux
* Bug 40053: Also create the langpacks tarball for non-release builds [tor-browser-build]
|
|
www/ruby-rails60: security fix
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.6
- devel/ruby-activejob60/distinfo 1.6
- devel/ruby-activemodel60/distinfo 1.6
- devel/ruby-activestorage60/distinfo 1.6
- devel/ruby-activesupport60/distinfo 1.6
- devel/ruby-railties60/distinfo 1.6
- lang/ruby/rails.mk 1.91
- mail/ruby-actionmailbox60/distinfo 1.6
- mail/ruby-actionmailer60/distinfo 1.6
- textproc/ruby-actiontext60/distinfo 1.6
- www/ruby-actioncable60/distinfo 1.6
- www/ruby-actionpack60/distinfo 1.6
- www/ruby-actionview60/distinfo 1.6
- www/ruby-rails60/Makefile 1.5
- www/ruby-rails60/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Oct 19 14:50:32 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: Makefile distinfo
Log Message:
www/ruby-rails60: update to 6.0.3.4
Update Ruby on Rails 6.0 related packages to 6.0.3.4.
This is security fix for ruby-actionpack60.
## Rails 6.0.3.4 (October 07, 2020) ##
* [CVE-2020-8264] Prevent XSS in Actionable Exceptions
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.3
- www/firefox78-l10n/distinfo 1.3
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Oct 21 19:28:48 UTC 2020
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: Sync with firefox78
|
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.7
- www/firefox78/distinfo 1.4
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Oct 21 19:23:05 UTC 2020
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: Update to 78.4.0
Security Vulnerabilities fixed in Firefox ESR 78.4
#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
|
|
|
|
print/ghostscript-agpl: dependecy update triggered build fix
Revisions pulled up:
- print/ghostscript-agpl/Makefile patch
- print/ghostscript-agpl/distinfo patch
- print/ghostscript-agpl/patches/patch-base_fapi__ft.c 1.1
Make the package build with FreeType 2.10.3.
|
|
devel/apache-ant: security fix
Revisions pulled up:
- devel/apache-ant/Makefile 1.52
- devel/apache-ant/PLIST 1.27
- devel/apache-ant/distinfo 1.34
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Oct 8 12:38:44 UTC 2020
Modified Files:
pkgsrc/devel/apache-ant: Makefile PLIST distinfo
Log Message:
apache-ant: update to 1.10.9.
Ant 1.10.9 contains a bugfixes and support for using GraalVM
JavaScript inside the script family of tasks and types..
It also addresses an insecure temporary file vulnerability
vulnerability, see the security report for details
(https://ant.apache.org/security.html)
|
|
sysutils/xenkernel411: security fix
sysutils/xenkernel413: security fix
Revisions pulled up:
- sysutils/xenkernel411/Makefile 1.17
- sysutils/xenkernel411/distinfo 1.15
- sysutils/xenkernel411/patches/patch-XSA286 1.1
- sysutils/xenkernel411/patches/patch-XSA345 1.1
- sysutils/xenkernel411/patches/patch-XSA346 1.1
- sysutils/xenkernel411/patches/patch-XSA347 1.1
- sysutils/xenkernel413/Makefile 1.6
- sysutils/xenkernel413/distinfo 1.4
- sysutils/xenkernel413/patches/patch-XSA286 1.1
- sysutils/xenkernel413/patches/patch-XSA345 1.1
- sysutils/xenkernel413/patches/patch-XSA346 1.1
- sysutils/xenkernel413/patches/patch-XSA347 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Oct 21 09:03:05 UTC 2020
Modified Files:
pkgsrc/sysutils/xenkernel411: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel411/patches: patch-XSA286 patch-XSA345
patch-XSA346 patch-XSA347
Log Message:
Add upstream security patches for XSA286, XSA345, XSA346, XSA347.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Oct 21 09:04:10 UTC 2020
Modified Files:
pkgsrc/sysutils/xenkernel413: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel413/patches: patch-XSA286 patch-XSA345
patch-XSA346 patch-XSA347
Log Message:
Add upstream security patches for XSA286, XSA345, XSA346, XSA347.
Bump PKGREVISION.
|
|
security/py-libtaxii: security fix
Revisions pulled up:
- security/py-libtaxii/Makefile 1.11
- security/py-libtaxii/PLIST 1.3
- security/py-libtaxii/distinfo 1.5
---
Module Name: pkgsrc
Committed By: khorben
Date: Mon Oct 19 17:21:42 UTC 2020
Modified Files:
pkgsrc/security/py-libtaxii: Makefile PLIST distinfo
Log Message:
py-libtaxii: update to version 1.1.118
This notably fixes a security issue, CVE-2020-27197.
Version 1.1.118:
* #247 [CVE-2020-27197] Avoid SSRF on parsing XML (@orsinium)
Version 1.1.117:
* #244 SSL Verify Server not working correctly (@motok) (@nschwane)
* #245 Unicode lxml.etree.SerialisationError on lxml 4.5.0+ (@advptr)
Version 1.1.116:
* #240 PY3 Compatibility changes for HTTP Response Body (@nschwane)
Version 1.1.115:
* #239 Convert the HTTP response body to a string type (PY3 this will
be bytes) (@sddj)
Version 1.1.114:
* #237 Support converting dicts to content bindings (@danielsamuels)
* #238 Provide XMLParser copies instead of reusing the cached
instance. Prevents future messages to lose namespace
Version 1.1.113:
* #234 Add ability to load a configuration file when executing a script
* #232 Fix TLS handshake failure when a server requires SNI
(@marcelslotema)
Version 1.1.112:
* #227 Fixes to poll_client script (Python3 compatibility)
* #226 Clean-up documentation warnings
* #228 Fix 'HTTPMessage' has no attribute 'getheader' (Python3
compatibility)
* #225 Fix checks that involve xpath (lxml) to prevent FutureWarning
message
* #230 Fix parsing status message round-trip (@danielsamuels)
Thanks leot@ and pkgsrc's security team for the heads up!
Pull-up to be requested.
|
|
|
|
www/contao35: security patch
Revisions pulled up:
- www/contao35/Makefile 1.48
- www/contao35/distinfo 1.37
- www/contao35/patches/patch-system_modules_core_library_Contao_Input.php 1.1
- www/contao35/patches/patch-system_modules_news_dca_tl__news.php 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 06:31:02 UTC 2020
Modified Files:
pkgsrc/www/contao35: Makefile distinfo
Added Files:
pkgsrc/www/contao35/patches:
patch-system_modules_core_library_Contao_Input.php
patch-system_modules_news_dca_tl__news.php
Log Message:
www/contao35: add two fixes
* Add fix for CVE-2020-25768.
* Fix time range problem on positive timezone.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/contao35/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php \
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
|
|
lang/ruby25-base: security patch
Revisions pulled up:
- lang/ruby25-base/Makefile 1.17
- lang/ruby25-base/distinfo 1.14
- lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:45:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby25-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby25-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
|
|
lang/ruby26-base: security patch
Revisions pulled up:
- lang/ruby26-base/Makefile 1.11
- lang/ruby26-base/distinfo 1.9
- lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:41:12 UTC 2020
Modified Files:
pkgsrc/lang/ruby26-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby26-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby26-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby26-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb
|
|
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.223
- lang/ruby27-base/Makefile 1.5
- lang/ruby27-base/PLIST 1.3
- lang/ruby27-base/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:29:25 UTC 2020
Modified Files:
pkgsrc/lang/ruby27-base: Makefile PLIST distinfo
Log Message:
lang/ruby27: update to 2.7.2
Update ruby27 to 2.7.2.
Ruby 2.7.2 Released
Posted by nagachika on 2 Oct 2020
Ruby 2.7.2 has been released.
This release contains intentional incompatibility. The deprecated warnings
are off by default on 2.7.2 and later. You can turn on the deprecated
warnings by specifing command line option -w or -W:deprecated. Please check
the topics below for details.
* Feature #17000 2.7.2 turns off deprecation warnings by default
* Feature #16345 Don't emit deprecation warnings by default.
This release contains the new version of webrick with a security fix
described in the article.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/ruby27-base/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby27-base/PLIST \
pkgsrc/lang/ruby27-base/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 04:28:35 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: update version for Ruby 2.7.2
Update versions for Ruby 2.7.2, it should be commited along with update
to Ruby 2.7.2. Noted by Ryo ONODERA.
To generate a diff of this commit:
cvs rdiff -u -r1.222 -r1.223 pkgsrc/lang/ruby/rubyversion.mk
|
|
lang/php72: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.311
- lang/php72/distinfo 1.58
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:14:53 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.34
Update php72 package to 7.2.34.
01 Oct 2020, PHP 7.2.34
- Core:
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
To generate a diff of this commit:
cvs rdiff -u -r1.310 -r1.311 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.57 -r1.58 pkgsrc/lang/php72/distinfo
|
|
lang/php74: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.310
- lang/php74/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:12:46 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.11
Update php74 to 7.4.11.
01 Oct 2020, PHP 7.4.11
- Core:
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
. Fixed bug #79979 (passing value to by-ref param via CUFA crashes). (cmb,
Nikita)
. Fixed bug #80037 (Typed property must not be accessed before initialization
when __get() declared). (Nikita)
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
. Fixed bug #80049 (Memleak when coercing integers to string via variadic
argument). (Nikita)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
(Andy Postnikov)
- COM:
. Fixed bug #64130 (COM obj parameters passed by reference are not updated).
(cmb)
- OPcache:
. Fixed bug #80002 (calc free space for new interned string is wrong).
(t-matsuno)
. Fixed bug #80046 (FREE for SWITCH_STRING optimized away). (Nikita)
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
handlers changed). (SammyK)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
- PDO:
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with
many bind parameters (Matteo)
- Standard:
. Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
. Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
. Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
(cmb)
. Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.309 -r1.310 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/php74/distinfo
|
|
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.309
- lang/php73/distinfo 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:06:28 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.23
Update php73 package to 7.3.23.
01 Oct 2020, PHP 7.3.23
- Core:
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
. Fixed bug #80049 (Memleak when coercing integers to string via variadic
argument). (Nikita)
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
(Andy Postnikov)
- COM:
. Fixed bug #64130 (COM obj parameters passed by reference are not updated).
(cmb)
- OPcache:
. Fixed bug #80002 (calc free space for new interned string is wrong).
(t-matsuno)
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
handlers changed). (SammyK)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
- PDO:
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with
many bind parameters (Matteo)
- Standard:
. Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
. Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
. Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
(cmb)
. Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.308 -r1.309 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.26 -r1.27 pkgsrc/lang/php73/distinfo
|
|
|
|
pkgtools/x11-links: dependency-driven update
Revisions pulled up:
- pkgtools/x11-links/Makefile 1.203
- pkgtools/x11-links/buildlink3.mk 1.94
- pkgtools/x11-links/files/xorg.freetype2 1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 21 15:18:30 UTC 2020
Modified Files:
pkgsrc/pkgtools/x11-links: Makefile buildlink3.mk
pkgsrc/pkgtools/x11-links/files: xorg.freetype2
Log Message:
x11-links 1.32: updates for freetype 2.10.4
To generate a diff of this commit:
cvs rdiff -u -r1.202 -r1.203 pkgsrc/pkgtools/x11-links/Makefile
cvs rdiff -u -r1.93 -r1.94 pkgsrc/pkgtools/x11-links/buildlink3.mk
cvs rdiff -u -r1.27 -r1.28 pkgsrc/pkgtools/x11-links/files/xorg.freetype2
|
