| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
chat/mumble: security fix
Revisions pulled up:
- chat/mumble/Makefile 1.29
- chat/mumble/PLIST 1.4
- chat/mumble/distinfo 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Mar 5 09:57:20 UTC 2021
Modified Files:
pkgsrc/chat/mumble: Makefile PLIST distinfo
Log Message:
mumble: Update to 1.3.4
Client
Fixed: Don't use outdated (non-existent) notification icon names on Linux (#4705)
Fixed: Security vulnerability caused by allowing non http/https URL schemes in public server list (#4733)
Server
Fixed: Exit status for actions like --version or --supw was always set to non-zero ( #3998)
General
Fixed: Packet loss & audio artifacts caused by OCB2 XEX* mitigation (#4720)
|
|
www/squid4: build fix
(via patch)
building squid4 requires 64bit atomics. In pkgsrc-HEAD there is
mk/atomics64.mk with the necessary dependencies and www/squid4 includes
it.
In release 2020Q4 this is missing, so a simple pullup of the package
isn't sufficient unless mk/atomics64.mk is also pulled up.
|
|
|
|
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.86
- security/tor-browser/PLIST 1.12
- security/tor-browser/distinfo 1.36
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 4 15:47:58 UTC 2021
Modified Files:
pkgsrc/security/tor-browser: Makefile PLIST distinfo
Log Message:
tor-browser: update to 10.0.12.
10.0.12:
Update Firefox to 78.8.0esr
Bug 40026: Create survey banner on about:tor for desktop
Bug 40287: Switch DDG search from POST to GET
10.0.11:
Windows-only.
|
|
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.10
- www/firefox78-l10n/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Feb 25 07:37:38 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
|
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.21
- www/firefox78/distinfo 1.12
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Feb 24 13:20:06 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: Update to 78.8.0
Security Vulnerabilities fixed in Firefox ESR 78.8
#CVE-2021-23969: Content Security Policy violation report could have
contained the destination of a redirect
#CVE-2021-23968: Content Security Policy violation report could have
contained the destination of a redirect
#CVE-2021-23973: MediaError message property could have leaked
information about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR
78.8
|
|
|
|
sysutils/xentools413: security patch
Revisions pulled up:
- sysutils/xentools413/Makefile 1.16
- sysutils/xentools413/distinfo 1.8
- sysutils/xentools413/patches/patch-XSA355 1.1
- sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Feb 3 22:30:22 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools413: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools413/patches: patch-XSA355
patch-tools_xenstore_xenstored_core.c
Log Message:
Add upstream patch for Xen Security Advisory 355
Also, fix xenstored looping keeping the CPU 100% busy and leaking
file descriptors.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/xentools413/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/sysutils/xentools413/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools413/patches/patch-XSA355 \
pkgsrc/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.320
- lang/php73/distinfo 1.32
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 5 14:46:58 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.27
04 Feb 2021, PHP 7.3.27
- SOAP:
. Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702) (cmb, Stas)
|
|
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.319
- lang/php74/distinfo 1.19
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 5 14:45:20 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.15
04 Feb 2021, PHP 7.4.15
- Core:
. Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita)
. Fixed bug #80384 (filter buffers entire read until file closed). (Adam
Seitz, cmb)
- Curl:
. Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request). (cmb)
- Date:
. Fixed bug #80376 (last day of the month causes runway cpu usage. (Derick)
- MySQLi:
. Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to
interpret bit columns). (Nikita)
. Fixed bug #64638 (Fetching resultsets from stored procedure with cursor
fails). (Nikita)
. Fixed bug #72862 (segfault using prepared statements on stored procedures
that use a cursor). (Nikita)
. Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP
with a cursor). (Nikita)
- Phar:
. Fixed bug #77565 (Incorrect locator detection in ZIP-based phars). (cmb)
. Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
(cmb)
- SOAP:
. Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702) (cmb,
Stas)
|
|
sysutils/xentools411: build fix, bugfix
Revisions pulled up:
- sysutils/xentools411/Makefile 1.25
- sysutils/xentools411/distinfo 1.16
- sysutils/xentools411/patches/patch-tools_ocaml_Makefile.rules 1.1
- sysutils/xentools411/patches/patch-tools_ocaml_common.make 1.2
- sysutils/xentools411/patches/patch-tools_xenstore_xenstored_core.c 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu Feb 4 11:45:53 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools411: Makefile distinfo
pkgsrc/sysutils/xentools411/patches: patch-tools_ocaml_common.make
Added Files:
pkgsrc/sysutils/xentools411/patches: patch-tools_ocaml_Makefile.rules
patch-tools_xenstore_xenstored_core.c
Log Message:
Fix build with newer ocaml.
Fix xenstored leaking file descriptors and busy-looping over them.
|
|
sysutils/xenkernel411: security fix
Revisions pulled up:
- sysutils/xenkernel411/Makefile 1.20
- sysutils/xenkernel411/distinfo 1.18
- sysutils/xenkernel411/patches/patch-XSA355 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu Feb 4 11:41:38 UTC 2021
Modified Files:
pkgsrc/sysutils/xenkernel411: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel411/patches: patch-XSA355
Log Message:
Add upstream patch for XSA355. Bump PKGREVISION
|
|
sysutils/xenkernel413: security fix
Revisions pulled up:
- sysutils/xenkernel413/Makefile 1.12
- sysutils/xenkernel413/distinfo 1.9
- sysutils/xenkernel413/patches/patch-XSA355 1.1
- sysutils/xenkernel413/patches/patch-XSA360 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Feb 3 22:27:16 UTC 2021
Modified Files:
pkgsrc/sysutils/xenkernel413: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel413/patches: patch-XSA355 patch-XSA360
Log Message:
Add upstream patches for Xen security advisory 355 and 360.
Bump PKGREVSION
|
|
x11/xterm: security fix
Revisions pulled up:
- x11/xterm/Makefile 1.131
- x11/xterm/distinfo 1.91
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Feb 11 09:02:52 UTC 2021
Modified Files:
pkgsrc/x11/xterm: Makefile distinfo
Log Message:
xterm: update to 366.
Patch #366 - 2021/02/10
correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX").
correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy).
with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac).
improve fix for interaction between SRM and ENQ (report by Grant Taylor).
build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt).
|
|
|
|
www/privoxy: security fix
Revisions pulled up:
- www/privoxy/Makefile 1.68
- www/privoxy/PLIST 1.14
- www/privoxy/distinfo 1.26
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Feb 4 16:29:14 UTC 2021
Modified Files:
pkgsrc/www/privoxy: Makefile PLIST distinfo
Log Message:
privoxy: update to 3.0.29.
*** Version 3.0.29 stable ***
- Security/Reliability:
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit c62254a686.
OVE-20201118-0002.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit 1b1370f7a8a.
OVE-20201118-0003.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
Commit 245e1cf32. OVE-20201118-0004.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Commit 5cfb7bc8fe. OVE-20201118-0005.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
Commit 7530132349. CID 267165. OVE-20201118-0006.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
CID 305233. OVE-20201118-0008.
- General improvements:
- Added experimental https inspection support which allows to filter
https traffic. To enable it, install MbedTLS and configure with
--with-mbedtls, or install OpenSSL or LibreSSL and configure
with --with-openssl.
Afterwards configure the directives in section 7 of the
config file and enable the +https-inspection action.
Initial MbedTLS-based code contributed by Vaclav Svec,
initial OpenSSL support contributed by Maxim Antonov.
With help from Nedzad Hrnjica and Ho+ Ho+ Ho+.
Integration and improvements sponsored by Robert Klemme.
- pcrs: Request JIT compilation if it's supported and
the filter isn't dynamic. This can speed up filtering.
- Added support for Brotli decompression.
Sponsored by: Robert Klemme
- Added FEATURE_EXTENDED_STATISTICS to gather statistics for
block reasons and filter executions. To enable it, configure
with --enable-extended-statistics and visit
http://config.privoxy.org/show-status.
Sponsored by: Robert Klemme
- Use the IP_FREEBIND socket option, if defined. This allows
Privoxy to bind to not-yet assigned IP addresses which is
useful in failover environments.
Patch by Sam Varshavchik.
- Allow to use extended host patterns and vanilla host patterns
at the same time by prefixing extended host patterns with
"PCRE-HOST-PATTERN:". To enable this, configure with
--enable-pcre-host-patterns.
Sponsored by: Robert Klemme
- Added "Cross-origin resource sharing" (CORS) support.
This allows to access Privoxy's CGI interface via JavaScript from
another domain (white-listed with the new cors-allowed-origin directive).
Based on a patch by Nedzad Hrnjica.
Sponsored by: Robert Klemme.
- Add SOCKS5 username/password support.
Based on a patch by Sam, improved by Ivan Romanov.
Closes Patch#141 and solves TODO#105.
- Bump the maximum number of action and filter files
to 100 each.
Sponsored by: Robert Klemme
- Fixed handling of filters with "split-large-forms 1"
when using the CGI editor.
Reported by withoutname in #921.
- Better detect a mismatch of connection details when
figuring out whether or not a connection can be reused.
- Don't send a "Connection failure" message instead of the
"DNS failure" message.
Sponsored by: Robert Klemme
- Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted
requests were only logged with LOG_LEVEL_REQUEST when they weren't
crunched (in which case they were logged with LOG_LEVEL_CRUNCH).
This was documented behaviour, but logging all requests seems more useful.
- Fixed locking around localtime() and gmtime().
- Removed OS/2 support. We haven't provided OS/2 packages in years,
it complicated the code and it depended on a fallback snprintf()
implementation which is GPLv2 only.
- Remove the fallback snprintf() implementation
Now that OS/2 support is gone we no longer need it.
- Fixed a bunch of format specifiers log messages.
- Added a missing apostrophe in the 'More Privoxy' menu.
- Explicitly prevent use of FEATURE_CONNECTION_SHARING
without FEATURE_CONNECTION_KEEP_ALIVE. It makes no sense
and does not compile anyway.
Sponsored by: Robert Klemme
- Fix build without FEATURE_CONNECTION_KEEP_ALIVE.
Sponsored by: Robert Klemme
- Downgrade the 'Graceful termination requested' message
to LOG_LEVEL_INFO as it isn't an error.
Sponsored by: Robert Klemme
- decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER
While at it, fix a typo in a comment.
Sponsored by: Robert Klemme
- Fixed a couple of cppcheck warnings.
- Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST.
Only the shadow knows what "GPC" is supposed to stand for.
- Remove SourceForge references in copyright headers.
- Upgrade a bunch of links to the homepage to https://.
- Add 'no-brotli-accepted' filter which prevents the
use of Brotli compression.
- Changed license for pcrs to GPLv2+ after getting the
permission from Andreas. This allows to redistribute
Privoxy under the GPLv3 which is required when linking
to future mbedTLS versions which are expected to be
licensed under the Apache 2.0 license only.
- Updated a bunch of tests that have to expect status code 403
now after r1.168/070e904afa5.
- Lowercase the host name in the request line.
- Only set SOURCE_DATE_EPOCH if it's not already set so
distributions can overwrite it through the environment.
- Documentation changes:
- Explain that Privoxy has to be distributed under the
GPLv3 (or later) when linked with an MbedTLS version
that is licensed under the Apache 2.0 license.
- Import the GNU GPLv3 and include it the user manual.
- Clarify FEATURE_FORCE_LOAD's description. It allows to bypass
blocking not filtering and only does it if blocks aren't enforced.
Reported by: Robert Klemme
- FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors
As of 2021 they no longer handle donations for foreign organisations
due to lack of resources.
- FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.
- FAQ: Add a link to the TODO list.
- FAQ: Change the sponsor amounts to USD slightly rounding the
converted amounts up to get simple numbers.
Receiving USD is apparently easier for SPI and SPI is
preferred by sponsors as they can send invoices.
- Advertise the client-tags CGI page in the user manual.
- Stop advertising the show-version CGI page which no longer exists.
- Add yet another reason why +prevent-compression may cause problems.
- Don't claim that contributors need ssh. It's only needed for committers.
- Replace obsolete CVS instructions with Git instructions.
- Remove an obsolete comment
- Config file changes:
- Change the suggested default-server-timeout to 5 to match the
suggested keep-alive-timeout. Otherwise using the defaults would
result in Privoxy reducing the default-server-timeout and logging
an error message.
Sponsored by: Robert Klemme
- Update the 'debug 1' description.
- Add a missing 'client-specific-tag' directive.
- Comment out trusted-cgi-referer pointing to example.org.
- Action file improvements:
- Block requests to /(.*/)?piwik\.php
- Block requests to .connectaserver.de/
- Block requests to pixel.inforsea.com/
- Block requests to t.vi-serve.com/
- Block requests to .ioam.de/
- Block requests to t.9gag.com/img.gif
- Block requests to .pixel.parsely.com/ as image
- Block requests to pixel.wp.com/
- Disable fast-redirects for .librarything.com/
- Disable fast-redirects for issue.freebsdfoundation.org/
- Disable fast-redirects for .twitter.com/.*origin=http
- Unblock belco24.de/
- Add fast-redirects exception for .wikipedia.org/
- Add fast-redirects exception for oss-fuzz.com/
- Disable fast-redirects for .consensu.org/delivery/pixel\.php
and block the requests as image instead
- Unblock .adbinstaller.com/
Reported by lvm in #942.
- Unblock .adbshell.com
Reported by lvm in #942.
- Unblock .tagesschau.de/
- Disable fast-redirects for collector.githubapp.com/
and block requests to it as image instead
- Unblock 'ada*.'
- Add fast-redirects{} exception for sourcepoint.vice.com/
- Unblock adaway.org/
Reported by DRS David Soft in AF#945.
- Change two block reasons that previously were the same.
Sponsored by: Robert Klemme
- Added a +delay-response{} test.
- Updated the location of the development version
of default.action.master.
- Privoxy-Log-Parser:
- Added a --keep-date option to keep the date in highlighted messages.
- Highlight new log messages.
- Make gather_loglevel_clf_stats() more tolerant. While at it,
count all CLF messages as requests, even if the request is invalid.
- Only show HTTP version distribution if at least one version has been detected.
- Only show crunch statistics if crunches were detected.
- Warn if the request counts differ.
- Generate statistics if the log only contains LOG_LEVEL_CLF messages
so it can be used with vanilla webserver logs.
Previously Privoxy-specific "Request:" messages were required.
- Align the client-HTTP-version distribution like other distributions
- Bump version to 0.9.1
- Include status code distribution in the stats.
- Let the statistics include the size of the content Privoxy
transferred excluding HTTP headers.
- Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST.
It's no longer necessary to count both LOG_LEVEL_REQUEST and
LOG_LEVEL_CRUNCH messages to get the total number of requests.
- Leverage the LOG_LEVEL_CLF message to gather statistics that where
previously taken from LOG_LEVEL_HEADER lines. This results in less
confusing results if https inspection is enabled in which case there
are two LOG_LEVEL_HEADER lines with request lines.
Sponsored by: Robert Klemme
- Properly highlight the filter results message. Previously a brace got lost.
- Prefer the number of CLF lines to get the total number of requests
as it works with older Privoxy versions as well.
- Privoxy-Regression-Test:
- Turn curl's globbing mode off so we can allow more characters in URLs.
- Allow '[' and ']' in URLs.
- Include the action file when complaining about missing Sticky Actions.
- Fix a sentence in the documentation.
- Bump version to 0.7.1
- url-pattern-translator:
- Detect a couple of pattern prefixes case-insensitively.
Sponsored by: Robert Klemme
- Skip CLIENT-TAG patterns.
Sponsored by: Robert Klemme
- Skip patterns that have already been converted.
It should now be safe to "convert" a file multiple times.
Sponsored by: Robert Klemme
- Add the new 'PCRE-HOST-PATTERN:' prefix.
Sponsored by: Robert Klemme
|
|
|
|
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.84
- security/tor-browser/PLIST 1.11
- security/tor-browser/distinfo 1.35
- security/tor-browser/patches/patch-dom_webgpu_ipc_WebGPUParent.cpp deleted
- security/tor-browser/patches/patch-toolkit_moz.configure 1.5
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Feb 4 13:34:16 UTC 2021
Modified Files:
pkgsrc/security/tor-browser: Makefile PLIST distinfo
pkgsrc/security/tor-browser/patches: patch-toolkit_moz.configure
Removed Files:
pkgsrc/security/tor-browser/patches:
patch-dom_webgpu_ipc_WebGPUParent.cpp
Log Message:
tor-browser: update to 10.0.10.
Changes:
10.0.10:
Not found.
10.0.9:
The full changelog since Desktop and Android Tor Browser 10.0.8 is:
All Platforms
Update NoScript to 11.1.9
Windows + OS X + Linux
Update Firefox to 78.7.0esr
Bug 40249: Remove EOY 2020 Campaign
Build System
All Platforms
Update Go to 1.14.14
10.0.8:
The full changelog since Desktop and Android Tor Browser 10.0.7 is:
All Platforms
Update NoScript to 11.1.7
Windows + OS X + Linux
Update Firefox to 78.6.1esr
|
|
net/tor: security fix
Revisions pulled up:
- net/tor/Makefile 1.159
- net/tor/distinfo 1.111
- net/tor/options.mk 1.15
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Feb 3 19:55:28 UTC 2021
Modified Files:
pkgsrc/net/tor: Makefile distinfo options.mk
Log Message:
tor: update to 0.4.4.7.
Changes in version 0.4.4.7 - 2021-02-03
Tor 0.4.4.7 backports numerous bugfixes from later releases,
including one that made v3 onion services more susceptible to
denial-of-service attacks, and a feature that makes some kinds of
DoS attacks harder to perform.
o Major bugfixes (onion service v3, backport from 0.4.5.3-rc):
- Stop requiring a live consensus for v3 clients and services, and
allow a "reasonably live" consensus instead. This allows v3 onion
services to work even if the authorities fail to generate a
consensus for more than 2 hours in a row. Fixes bug 40237; bugfix
on 0.3.5.1-alpha.
o Major feature (exit, backport from 0.4.5.5-rc):
- Re-entry into the network is now denied at the Exit level to all
relays' ORPorts and authorities' ORPorts and DirPorts. This change
should help mitgate a set of denial-of-service attacks. Closes
ticket 2667.
o Minor feature (build system, backport from 0.4.5.4-rc):
- New "make lsp" command to generate the compile_commands.json file
used by the ccls language server. The "bear" program is needed for
this. Closes ticket 40227.
o Minor features (compilation, backport from 0.4.5.2-rc):
- Disable deprecation warnings when building with OpenSSL 3.0.0 or
later. There are a number of APIs newly deprecated in OpenSSL
3.0.0 that Tor still requires. (A later version of Tor will try to
stop depending on these APIs.) Closes ticket 40165.
o Minor features (crypto, backport from 0.4.5.3-rc):
- Fix undefined behavior on our Keccak library. The bug only
appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel)
and would result in wrong digests. Fixes bug 40210; bugfix on
0.2.8.1-alpha. Thanks to Bernhard ?belacker, Arnd Bergmann and
weasel for diagnosing this.
o Minor bugfixes (compatibility, backport from 0.4.5.1-rc):
- Strip '\r' characters when reading text files on Unix platforms.
This should resolve an issue where a relay operator migrates a
relay from Windows to Unix, but does not change the line ending of
Tor's various state files to match the platform, and the CRLF line
endings from Windows end up leaking into other files such as the
extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5.
o Minor bugfixes (compilation, backport from 0.4.5.3-rc):
- Fix a compilation warning about unreachable fallthrough
annotations when building with "--enable-all-bugs-are-fatal" on
some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc):
- Handle partial SOCKS5 messages correctly. Previously, our code
would send an incorrect error message if it got a SOCKS5 request
that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, backport from 0.4.5.2-alpha):
- Fix the `config/parse_tcp_proxy_line` test so that it works
correctly on systems where the DNS provider hijacks invalid
queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha.
- Fix our Python reference-implementation for the v3 onion service
handshake so that it works correctly with the version of hashlib
provided by Python 3.9. Fixes part of bug 40179; bugfix
on 0.3.1.6-rc.
- Fix the `tortls/openssl/log_one_error` test to work with OpenSSL
3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
|
|
security/tor-browser-https-everywhere: bugfix
Revisions pulled up:
- security/tor-browser-https-everywhere/Makefile 1.5
- security/tor-browser-https-everywhere/distinfo 1.5
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Feb 3 20:20:33 UTC 2021
Modified Files:
pkgsrc/security/tor-browser-https-everywhere: Makefile distinfo
Log Message:
tor-browser-https-everywhere: update to 2021.1.27.
2021.1.27
* EASE Mode UI Changes
* NPM Dependency updates
* Geckodriver pull update
* Chromedriver pull update
* Integrate CSS Grid for Options Page and EASE UI
* Put Options in new tab
|
|
security/sudo: NetBSD build fix
Revisions pulled up:
- security/sudo/Makefile 1.183
- security/sudo/distinfo 1.114
- security/sudo/patches/patch-configure 1.5
---
Module Name: pkgsrc
Committed By: spz
Date: Sat Jan 30 11:06:45 UTC 2021
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-configure
Log Message:
security/sudo: build fix for netbsdelf systems
|
|
|
|
net/bind911: build fix for i386
Revisions pulled up:
- net/bind911/Makefile 1.36
- net/bind916/Makefile 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 13 09:34:30 UTC 2021
Modified Files:
pkgsrc/net/bind911: Makefile
pkgsrc/net/bind916: Makefile
Log Message:
bind: Disable atomic operations on i386 too.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind916/Makefile
|
|
|
|
www/firefox78-l10n: dependency update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.8
- www/firefox78-l10n/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 27 05:29:25 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox78-l10n/Makefile \
pkgsrc/www/firefox78-l10n/distinfo
|
|
www/firefox78: security update
Revisions pulled up:
- www/firefox78/Makefile 1.18
- www/firefox78/PLIST 1.2
- www/firefox78/distinfo 1.10
- www/firefox78/mozilla-common.mk 1.9
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 27 05:24:11 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile PLIST distinfo mozilla-common.mk
Log Message:
firefox78: Update to 78.7.0
changes:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox78/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/firefox78/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/firefox78/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox78/mozilla-common.mk
|
|
|
|
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.181-1.182
- security/sudo/PLIST 1.19
- security/sudo/distinfo 1.112-1.113
- security/sudo/patches/patch-configure 1.4
- security/sudo/patches/patch-examples_Makefile.in 1.1
- security/sudo/patches/patch-logsrvd_Makefile.in 1.1
- security/sudo/patches/patch-plugins_sudoers_Makefile.in 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 18 14:32:24 UTC 2021
Modified Files:
pkgsrc/security/sudo: Makefile PLIST distinfo
pkgsrc/security/sudo/patches: patch-configure
patch-plugins_sudoers_Makefile.in
Added Files:
pkgsrc/security/sudo/patches: patch-examples_Makefile.in
patch-logsrvd_Makefile.in
Log Message:
security/sudo: update to 1.9.5p1
Update sudo package to 1.9.5p1. CHanges from 1.8.31p2 are too many to
write here. Please refer <https://www.sudo.ws/stable.html>.
1.9.5 fixes these security problems:
* Fixed CVE-2021-23239, a potential information leak in sudoedit that
could be used to test for the existence of directories not normally
accessible to the user in certain circumstances. When creating a new
file, sudoedit checks to make sure the parent directory of the new file
exists before running the editor. However, a race condition exists if
the invoking user can replace (or create) the parent directory. If a
symbolic link is created in place of the parent directory, sudoedit will
run the editor as long as the target of the link exists. If the target
of the link does not exist, an error message will be displayed. The
race condition can be used to test for the existence of an arbitrary
directory. However, it cannot be used to write to an arbitrary
location.
* Fixed CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a
user with sudoedit permissions may be able to set the owner of an
arbitrary file to the user-ID of the target user. On Linux kernels that
support protected symlinks setting /proc/sys/fs/protected_symlinks to 1
will prevent the bug from being exploited. For more information, see
Symbolic link attack in SELinux-enabled sudoedit.
Quote from 1.9.0 features:
* The maximum length of a conversation reply has been increased from 255
to 1023 characters. This allows for longer user passwords. Bug #860.
* Sudo now includes a logging daemon, sudo_logsrvd, which can be used to
implement centralized logging of I/O logs. TLS connections are
supported when sudo is configured with the --enable-openssl option. For
more information, see the sudo_logsrvd, sudo_logsrvd.conf and
sudo_logsrv.proto manuals as well as the log_servers setting in the
sudoers manual.
* The --disable-log-server and --disable-log-client configure options can
be used to disable building the I/O log server and/or remote I/O log
support in the sudoers plugin.
* The new sudo_sendlog utility can be used to test sudo_logsrvd or send
existing sudo I/O logs to a centralized server.
* It is now possible to write sudo plugins in Python 4 when sudo is
configured with the --enable-python option. See the sudo_plugin_python
manual for details.
Sudo 1.9.0 comes with several Python example plugins that get installed
sudo's examples directory.
The sudo blog article What's new in sudo 1.9: Python includes a simple
tutorial on writing python plugins.
* Sudo now supports an audit plugin type. An audit plugin receives
accept, reject, exit and error messages and can be used to implement
custom logging that is independent of the underlying security policy.
Multiple audit plugins may be specified in the sudo.conf file. A sample
audit plugin is included that writes logs in JSON format.
* Sudo now supports an approval plugin type. An approval plugin is run
only after the main security policy (such as sudoers) accepts a command
to be run. The approval policy may perform additional checks,
potentially interacting with the user. Multiple approval plugins may be
specified in the sudo.conf file. Only if all approval plugins succeed
will the command be allowed.
* Sudo's -S command line option now causes the sudo conversation function
to write to the standard output or standard error instead of the
terminal device.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Tue Jan 26 20:18:43 UTC 2021
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
sudo: Update to 1.9.5p2 for CVE-2021-3156.
What's new in Sudo 1.9.5p2
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a partial
write to the server could result the sudo process consuming large
amounts of CPU time due to a cycle in the buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved when
performing PAM authentication. This fixes GSSAPI authentication
when the user has a non-default ccache.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
|
|
|
|
security/p11-kit: build fix for FreeBSD
Revisions pulled up:
- security/p11-kit/Makefile 1.19
- security/p11-kit/distinfo 1.14
- security/p11-kit/patches/patch-p11-kit_lists.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: triaxx
Date: Fri Jan 8 21:09:08 UTC 2021
Modified Files:
pkgsrc/security/p11-kit: Makefile distinfo
Added Files:
pkgsrc/security/p11-kit/patches: patch-p11-kit_lists.c
Log Message:
p11-kit: Fix build on FreeBSD
The build step failed on FreeBSD due to undeclared SIZE_MAX. This error
has been fixed upstream (https://github.com/p11-glue/p11-kit/commit/507c394)
and the patch could be removed at the next update.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/p11-kit/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/p11-kit/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/p11-kit/patches/patch-p11-kit_lists.c
|
|
mail/mutt: security update
Revisions pulled up:
- mail/mutt/Makefile 1.240-1.241
- mail/mutt/distinfo 1.92-1.93
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Fri Jan 1 09:19:27 UTC 2021
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.0.4
This release fixes a few assorted bugs. Unfortunately, one of those (for
large-file support) required a change to the header cache structures; so
your header cache files will need to regenerate when opening each mailbox.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.91 -r1.92 pkgsrc/mail/mutt/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jan 23 09:46:47 UTC 2021
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.0.5
This is a bug-fix release, fixing a few memory leaks. One of them was
assigned CVE-2021-3181.
To generate a diff of this commit:
cvs rdiff -u -r1.240 -r1.241 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.92 -r1.93 pkgsrc/mail/mutt/distinfo
|
|
net/frr: build fix
Revisions pulled up:
- net/frr/Makefile 1.3-1.4
---
Module Name: pkgsrc
Committed By: kardel
Date: Wed Jan 6 10:45:49 UTC 2021
Modified Files:
pkgsrc/net/frr: Makefile
Log Message:
net/frr: document bison tool dependency
---
Module Name: pkgsrc
Committed By: kardel
Date: Wed Jan 6 11:53:52 UTC 2021
Modified Files:
pkgsrc/net/frr: Makefile
Log Message:
net/frr: simplify bison tool requirement
|
|
lang/mozjs78: GNU/Linux build fix
Revisions pulled up:
- lang/mozjs78/PLIST.Linux 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Jan 18 09:27:31 UTC 2021
Added Files:
pkgsrc/lang/mozjs78: PLIST.Linux
Log Message:
mozjs78: create PLIST.Linux
based on missing files in latest CentOS 7 build published to pkgsrc-bulk
|
|
www/firefox: build fix
www/firefox78: build fix
Revisions pulled up:
- www/firefox/mozilla-common.mk 1.196
- www/firefox78/mozilla-common.mk 1.8
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jan 19 22:40:26 UTC 2021
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
pkgsrc/www/firefox78: mozilla-common.mk
Log Message:
firefox(78): set GCC_REQD
|
|
security/polkit: build fix
Revisions pulled up:
- security/polkit/Makefile 1.31
- security/polkit/buildlink3.mk 1.5
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jan 19 22:36:19 UTC 2021
Modified Files:
pkgsrc/security/polkit: Makefile buildlink3.mk
Log Message:
polkit: build fix: bump GCC requirement
|
|
graphics/dia: security fix
Revisions pulled up:
- graphics/dia/Makefile 1.112
- graphics/dia/distinfo 1.36
- graphics/dia/patches/patch-app_app__procs.c 1.1
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Sat Jan 16 00:25:33 UTC 2021
Modified Files:
pkgsrc/graphics/dia: Makefile distinfo
Added Files:
pkgsrc/graphics/dia/patches: patch-app_app__procs.c
Log Message:
dia: apply an upstream security fix
Fix endless loop on filenames with invalid encoding (CVE-2019-19451).
|
|
textproc/ruby-redcarpet: security fix
Revisions pulled up:
- textproc/ruby-redcarpet/Makefile 1.12
- textproc/ruby-redcarpet/distinfo 1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 14 14:57:36 UTC 2021
Modified Files:
pkgsrc/textproc/ruby-redcarpet: Makefile distinfo
Log Message:
textproc/ruby-redcarpet: update to 3.5.1
Version 3.5.1 (Security)
* Fix a security vulnerability using :quote in combination with the
:escape_html option.
Reported by Johan Smits.
|
|
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.7
- www/firefox78-l10n/distinfo 1.7
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Jan 8 19:14:29 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: Update to 78.6.1
* Sync with www/firefox78-78.6.1.
|
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.17
- www/firefox78/distinfo 1.9
- www/firefox78/patches/patch-dom_webgpu_ipc_WebGPUParent.cpp deleted
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Jan 8 19:13:53 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Removed Files:
pkgsrc/www/firefox78/patches: patch-dom_webgpu_ipc_WebGPUParent.cpp
Log Message:
firefox78: Update to 78.6.1
Changelog:
* Fix: Fixed a crash during video playback on Apple Silicon devices (bug 1683579)
* Secrity fix:
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
|
|
|
|
|
|
databases/py-ldap: NetBSD build fix
Revisions pulled up:
- databases/py-ldap/Makefile 1.89
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jan 14 11:41:03 UTC 2021
Modified Files:
pkgsrc/databases/py-ldap: Makefile
Log Message:
py-ldap: Force pkgsrc version on NetBSD where version detection fails
PR pkg/55902
|
|
multimedia/ffmpeg3: build fix
Revisions pulled up:
- multimedia/ffmpeg3/Makefile 1.63
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 13 09:38:02 UTC 2021
Modified Files:
pkgsrc/multimedia/ffmpeg3: Makefile
Log Message:
ffmpeg3: Fix executable name in NOT_PAX_MPROTECT...
|
|
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.318
- lang/php74/distinfo 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 7 13:39:09 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: udpate to 7.4.14
Update php74 pacakge to 7.4.14 (PHP 7.4.14).
07 Jan 2021, PHP 7.4.14
- Core:
. Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).
(cmb)
. Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
(cmb)
. Fixed bug #72964 (White space not unfolded for CC/Bcc headers). (cmb)
. Fixed bug #80362 (Running dtrace scripts can cause php to crash).
(al at coralnet dot name)
. Fixed bug #80393 (Build of PHP extension fails due to configuration gap
with libtool). (kir dot morozov at gmail dot com)
. Fixed bug #80402 (configure filtering out -lpthread). (Nikita)
. Fixed bug #77069 (stream filter loses final block of data). (cmb)
- Fileinfo:
. Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT). (cmb)
- FPM:
. Fixed bug #69625 (FPM returns 200 status on request without
SCRIPT_FILENAME env). (Jakub Zelenka)
- Intl:
. Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined). (Nikita)
- OpenSSL:
. Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to
lack of OCB support). (Nikita)
- Phar:
. Fixed bug #73809 (Phar Zip parse crash - mmap fail). (cmb)
. Fixed bug #75102 (`PharData` says invalid checksum for valid tar). (cmb)
. Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
(cmb)
- PDO MySQL:
. Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
(Kamil Tekiela)
. Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared
statements). (Nikita)
. Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
(Nikita)
. Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered
queries"). (Nikita)
. Fixed bug #71145 (Multiple statements in init command triggers unbuffered
query error). (Nikita)
. Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a
PROCEDURE resultset SIGNAL). (Nikita)
- Standard:
. Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo).
(CVE-2020-7071) (cmb)
. Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)
. Fixed bug #80411 (References to null-serialized object break serialize()).
(Nikita)
- Tidy:
. Fixed bug #77594 (ob_tidyhandler is never reset). (cmb)
- Zlib:
. Fixed #48725 (Support for flushing in zlib stream). (cmb)
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.317
- lang/php73/distinfo 1.31
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 7 13:35:03 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.26
Update php73 package to 7.3.26 (PHP 7.3.26).
07 Jan 2021, PHP 7.3.26
- Standard:
. Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo).
(CVE-2020-7071) (cmb)
. Fixed bug #80457 (stream_get_contents() fails with maxlength=-1 or default).
(bruno dot premont at restena dot lu)
|
|
sysutils/xentools413: build fix
Revisions pulled up:
- sysutils/xentools413/distinfo 1.7
- sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules 1.1
- sysutils/xentools413/patches/patch-tools_ocaml_common.make 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Jan 8 22:08:46 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools413: distinfo
pkgsrc/sysutils/xentools413/patches: patch-tools_ocaml_common.make
Added Files:
pkgsrc/sysutils/xentools413/patches: patch-tools_ocaml_Makefile.rules
Log Message:
Fix build with newer ocaml, from Chavdar Ivanov
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/sysutils/xentools413/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_common.make
|
|
|
