Age | Commit message (Collapse) | Author | Files | Lines |
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.35
- www/firefox78/distinfo 1.20
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Sep 10 11:37:53 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: update to 78.14.0
Fixes CVE-2021-38493
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.17
- www/firefox78-l10n/distinfo 1.17
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Sep 10 11:39:21 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
|
|
|
|
chat/weechat: security fix
Revisions pulled up:
- chat/weechat/Makefile 1.126
- chat/weechat/distinfo 1.68
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 6 13:21:09 UTC 2021
Modified Files:
pkgsrc/chat/weechat: Makefile distinfo
Log Message:
weechat: Update to 3.2.1
Changelog:
== Version 3.2.1 (2021-09-04)
Bug fixes::
* relay: fix crash when decoding a malformed websocket frame
|
|
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.16
- www/firefox78-l10n/distinfo 1.16
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Aug 13 15:08:02 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: Update to 78.13.0
* Sync with www/firefox78-78.13.0.
|
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.34
- www/firefox78/distinfo 1.19
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Aug 13 15:07:04 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: Update to 78.13.0
Changelog:
Various stability, functionality, and security fixes
Security fixes:
#CVE-2021-29986: Race condition when resolving DNS names could have led to
memory corruption
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to
memory corruption
#CVE-2021-29985: Use-after-free media channels
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
|
|
net/bind916: security fix
Revisions pulled up:
- net/bind916/Makefile 1.20-1.25
- net/bind916/distinfo 1.17-1.21
- net/bind916/patches/patch-lib_dns_include_dns_zone.h 1.2
- net/bind916/patches/patch-lib_dns_zone.c 1.3-1.4
- net/bind916/patches/patch-lib_isc_include_isc_types.h 1.3
- net/bind916/patches/patch-lib_isc_stats.c 1.2
- net/bind916/patches/patch-lib_ns_client.c 1.4
- net/bind916/patches/patch-lib_ns_include_ns_client.h 1.2
---
Module Name: pkgsrc
Committed By: rin
Date: Tue Jul 20 06:39:45 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
pkgsrc/net/bind916/patches: patch-lib_dns_include_dns_zone.h
patch-lib_dns_zone.c patch-lib_isc_stats.c
patch-lib_ns_include_ns_client.h
Added Files:
pkgsrc/net/bind916/patches: patch-lib_isc_include_isc_types.h
patch-lib_ns_client.c
Log Message:
net/bind916 Use atomic 32-bit integers where appropriate, revision++
Mostly taken from NetBSD base:
- For counters, make sure to use 32-bit integers for !_LP64 platforms.
In the previous revisions, this is partially done, i.e., incomplete.
- For flags fit within 32-bit width, use 32-bit integers for everyone.
In the previous, this is incomplete, and restricted for __NetBSD__.
Fix and generalize to everyone.
- Make comments in patches more helpful.
Fix build for ILP32 platforms as reported in PR pkg/56315.
Thanks jklos@ for testing.
---
Module Name: pkgsrc
Committed By: rin
Date: Tue Jul 20 06:41:46 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile
Log Message:
net/bind916 --disable-atomic is no longer supported
---
Module Name: pkgsrc
Committed By: rin
Date: Tue Jul 20 07:23:04 UTC 2021
Modified Files:
pkgsrc/net/bind916: distinfo
pkgsrc/net/bind916/patches: patch-lib_dns_zone.c
Log Message:
net/bind916: Oops, fix reversed ``#if''
---
Module Name: pkgsrc
Committed By: he
Date: Thu Jul 22 13:30:24 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
Upgrade net/bind916 to version 9.16.19.
Upstream changes:
--- 9.16.19 released ---
5671. [bug] A race condition could occur where two threads were
competing for the same set of key file locks, leading to
a deadlock. This has been fixed. [GL #2786]
5670. [bug] create_keydata() created an invalid placeholder keydata
record upon a refresh failure, which prevented the
database of managed keys from subsequently being read
back. This has been fixed. [GL #2686]
5669. [func] KASP support was extended with the "check DS" feature.
Zones with "dnssec-policy" and "parental-agents"
configured now check for DS presence and can perform
automatic KSK rollovers. [GL #1126]
5668. [bug] Rescheduling a setnsec3param() task when a zone failed
to load on startup caused a hang on shutdown. This has
been fixed. [GL #2791]
5667. [bug] The configuration-checking code failed to account for
the inheritance rules of the "dnssec-policy" option.
This has been fixed. [GL #2780]
5666. [doc] The safe "edns-udp-size" value was tweaked to match the
probing value from BIND 9.16 for better compatibility.
[GL #2183]
5665. [bug] If nsupdate sends an SOA request and receives a REFUSED
response, it now fails over to the next available
server. [GL #2758]
5664. [func] For UDP messages larger than the path MTU, named now
sends an empty response with the TC (TrunCated) bit set.
In addition, setting the DF (Don't Fragment) flag on
outgoing UDP sockets was re-enabled. [GL #2790]
5662. [bug] Views with recursion disabled are now configured with a
default cache size of 2 MB unless "max-cache-size" is
explicitly set. This prevents cache RBT hash tables from
being needlessly preallocated for such views. [GL #2777]
5661. [bug] Change 5644 inadvertently introduced a deadlock: when
locking the key file mutex for each zone structure in a
different view, the "in-view" logic was not considered.
This has been fixed. [GL #2783]
5658. [bug] Increasing "max-cache-size" for a running named instance
(using "rndc reconfig") did not cause the hash tables
used by cache databases to be grown accordingly. This
has been fixed. [GL #2770]
5655. [bug] Signed, insecure delegation responses prepared by named
either lacked the necessary NSEC records or contained
duplicate NSEC records when both wildcard expansion and
CNAME chaining were required to prepare the response.
This has been fixed. [GL #2759]
5653. [bug] A bug that caused the NSEC3 salt to be changed on every
restart for zones using KASP has been fixed. [GL #2725]
---
Module Name: pkgsrc
Committed By: jklos
Date: Mon Aug 2 18:45:35 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile
Log Message:
Fixed COMMENT because package is at 9.16.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 19 03:33:49 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.20
This update contains security fix: CVE-2021-25218.
--- 9.16.20 released ---
5689. [security] An assertion failure occurred when named attempted to
send a UDP packet that exceeded the MTU size, if
Response Rate Limiting (RRL) was enabled.
(CVE-2021-25218) [GL #2856]
5688. [bug] Zones using KASP and inline-signed zones failed to apply
changes from the unsigned zone to the signed zone under
certain circumstances. This has been fixed. [GL #2735]
5687. [bug] "rndc reload <zonename>" could trigger a redundant
reload for an inline-signed zone whose zone file was not
modified since the last "rndc reload". This has been
fixed. [GL #2855]
5686. [func] The number of internal data structures allocated for
each zone was reduced. [GL #2829]
5685. [bug] named failed to check the opcode of responses when
performing zone refreshes, stub zone updates, and UPDATE
forwarding. This has been fixed. [GL #2762]
5682. [bug] Some changes to "zone-statistics" settings were not
properly processed by "rndc reconfig". This has been
fixed. [GL #2820]
5681. [func] Relax the checks in the dns_zone_cdscheck() function to
allow CDS and CDNSKEY records in the zone that do not
match an existing DNSKEY record, as long as the
algorithm matches. This allows a clean rollover from one
provider to another in a multi-signer DNSSEC
configuration. [GL #2710]
5679. [func] Thread affinity is no longer set. [GL #2822]
5678. [bug] The "check DS" code failed to release all resources upon
named shutdown when a refresh was in progress. This has
been fixed. [GL #2811]
5672. [bug] Authentication of rndc messages could fail if a
"controls" statement was configured with multiple key
algorithms for the same listener. This has been fixed.
[GL #2756]
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 21 03:55:54 UTC 2021
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: add patch for map zone file problem
Add patch: <https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17>.
Bump PKGREVISION.
|
|
|
|
graphics/librsvg: security fix
Revisions pulled up:
- graphics/librsvg/Makefile 1.131
- graphics/librsvg/cargo-depends.mk 1.2
- graphics/librsvg/distinfo 1.52
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Wed Aug 11 00:18:40 UTC 2021
Modified Files:
pkgsrc/graphics/librsvg: Makefile cargo-depends.mk distinfo
Log Message:
librsvg: update to 2.50.7
This includes a crate dependency update due to a security issue,
RUSTSEC-2020-0146.
==============
Version 2.50.7
==============
Two cairo-related bug fixes:
- #745 - Fix mismatched cairo_save/restore when running in inside the Cairo test suite.
- #746 - Possible cairo_save() without cairo_restore() in render_layer().
==============
Version 2.50.6
==============
This release fixes an important bug about text spacing. The bug fix
requires an update to at least Pango 1.44. Sorry for the increased
requirements!
- Librsvg now requires at least Pango 1.44.
- #730 - Incorrect text spacing when the transform is not 1:1. You
can see this when a small font-size is scaled up due to a
transform. It is less visible for a large font-size scaled down.
- #704 - Fix circle/ellipse in paths when they are made out of a
single Arc command.
==============
Version 2.50.5
==============
- #699 - Images embedded as data: URLs didn't render if they had a
MIME type with a charset parameter.
- #691 - Don't allow number lists with unbounded lengths in
tableValues attributes, for feComponentTransfer and
feConvolveMatrix (Madds H).
- #718 - Negative rx/ry in rect element should be ignored.
==============
Version 2.50.4
==============
Update dependent crates that had security vulnerabilities:
generic-array to 0.13.3 - RUSTSEC-2020-0146
- #686 - Reduced stack usage (Sebastian Dröge).
- #698 - Add limit for too-large radiuses on the feMorphology filter (Madds H).
- #703 - Properly ignore elements in an error state inside the "switch" element.
|
|
|
|
databases/postgresql10: build fix
databases/postgresql11: build fix
databases/postgresql12: build fix
databases/postgresql13: build fix
Revisions pulled up:
- databases/postgresql10/distinfo 1.21
- databases/postgresql10/patches/patch-src_backend_Makefile 1.2
- databases/postgresql11/distinfo 1.16
- databases/postgresql11/patches/patch-src_backend_Makefile 1.2
- databases/postgresql12/distinfo 1.10
- databases/postgresql12/patches/patch-src_backend_Makefile 1.2
- databases/postgresql13/distinfo 1.6
- databases/postgresql13/patches/patch-src_backend_Makefile 1.2
---
Module Name: pkgsrc
Committed By: mlelstv
Date: Mon Jul 12 09:06:22 UTC 2021
Modified Files:
pkgsrc/databases/postgresql10: distinfo
pkgsrc/databases/postgresql10/patches: patch-src_backend_Makefile
pkgsrc/databases/postgresql11: distinfo
pkgsrc/databases/postgresql11/patches: patch-src_backend_Makefile
pkgsrc/databases/postgresql12: distinfo
pkgsrc/databases/postgresql12/patches: patch-src_backend_Makefile
pkgsrc/databases/postgresql13: distinfo
pkgsrc/databases/postgresql13/patches: patch-src_backend_Makefile
Log Message:
Add backends order dependency for catalog -> utils
|
|
www/wordpress: security fix
Revisions pulled up:
- www/wordpress/Makefile 1.100
- www/wordpress/distinfo 1.82
---
Module Name: pkgsrc
Committed By: morr
Date: Sat Jul 17 15:51:33 UTC 2021
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Security update to 5.7.2.
Security issue fixed:
- Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.
|
|
|
|
www/firefox78-l10n: dependent update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.15
- www/firefox78-l10n/distinfo 1.15
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jul 15 06:22:15 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
|
|
www/firefox78: security fix
Revisions pulled up:
- www/firefox78/Makefile 1.32
- www/firefox78/distinfo 1.18
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jul 15 06:17:45 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile distinfo
Log Message:
firefox78: update to 78.12.0
Security Vulnerabilities fixed in Firefox ESR 78.12
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR
78.12
|
|
lang/rust-bin: build fix
Revisions pulled up:
- lang/rust-bin/Makefile 1.24
---
Module Name: pkgsrc
Committed By: he
Date: Sun Jul 11 22:25:10 UTC 2021
Modified Files:
pkgsrc/lang/rust-bin: Makefile
Log Message:
Correct the names for the NetBSD versions to use.
This uses the faster "install.sh" script, and also omits the
"rust-doc" subset, for a much faster installation.
This is a temporary hack for this version, will be removed on
the next go-around.
Apologies for this going un-committed, only myself to blame.
Should fix part of PR#56304.
|
|
lang/rust: build fix
Revisions pulled up:
- lang/rust/Makefile 1.242
- lang/rust/options.mk 1.15
---
Module Name: pkgsrc
Committed By: he
Date: Sun Jul 11 22:13:38 UTC 2021
Modified Files:
pkgsrc/lang/rust: Makefile options.mk
Log Message:
Evidently, cmake is needed in all cases.
Move cmake dependency out of condition on PKG_OPTIONS.rust-llvm.
|
|
lang/ruby30-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.234-1.235
- lang/ruby30-base/PLIST 1.3
- lang/ruby30-base/distinfo 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 7 16:10:01 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: PLIST distinfo
Log Message:
lang/ruby30-base: update to 3.0.2
Ruby 3.0.2 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
See the commit logs for details:
<https://github.com/ruby/ruby/compare/v3_0_1...v3_0_2>.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 7 16:11:57 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: make sure to update ruby30's version
|
|
lang/ruby27-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.233
- lang/ruby27-base/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 7 15:23:08 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: distinfo
Log Message:
lang/ruby27-base: update to 2.7.4
Ruby 2.7.4 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
See the commit logs for details:
<https://github.com/ruby/ruby/compare/v2_7_3...v2_7_4>.
|
|
lang/ruby26: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.232
- lang/ruby26-base/distinfo 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 7 15:15:19 UTC 2021
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby26-base: distinfo
Log Message:
lang/ruby26-base: update to 2.6.8
Ruby 2.6.8 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
We ordinally do not fix Ruby 2.6 except security fixes, but this
release also includes some regressed bugs and build problem fixes.
See the commit logs for details.
Ruby 2.6 is now under the state of the security maintenance phase,
until the end of March of 2022. After that date, maintenance of Ruby
2.6 will be ended. We recommend you start planning the migration to
newer versions of Ruby, such as 3.0 or 2.7.
|
|
|
|
mk: Linux bootstrap fix
Revisions pulled up:
- mk/wrapper/gen-transform.sh 1.13
---
Module Name: pkgsrc
Committed By: maya
Date: Fri Jun 25 22:02:06 UTC 2021
Modified Files:
pkgsrc/mk/wrapper: gen-transform.sh
Log Message:
switch $echo statements to printf "%s\n".
dash considers \1 to be octal escape.
for PR pkg/56248, from Michael Forney's suggestion.
$echo seems to be used for performance here (was previously cat) and not
for compatibility with some esoteric system.
I misunderstood things, and failed to test the last bootstrap diff, breaking
bootstrap on Ubuntu for a while.
|
|
|
|
graphics/glew: packaging fix
Revisions pulled up:
- graphics/glew/Makefile 1.28
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Jul 4 08:08:04 UTC 2021
Modified Files:
pkgsrc/graphics/glew: Makefile
Log Message:
glew: Fix .pc file generation, bump PKGREVISION.
Previously the prefix was not set and defaulted to /usr, which is
Usually Wrong.
|
|
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.333
- lang/php73/distinfo 1.34
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 2 17:32:06 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.29
01 Jul 2021, PHP 7.3.29
- Core:
. Fixed bug #81122: SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705) (cmb)
- PDO_Firebird:
. Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
(CVE-2021-21704) (cmb)
. Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704) (cmb)
. Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704) (cmb)
. Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob.
(CVE-2021-21704) (cmb)
|
|
lang/php80: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.332
- lang/php80/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 2 17:30:35 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php80: distinfo
Log Message:
lang/php80: update to 8.0.8
01 Jul 2021, PHP 8.0.8
- Core:
. Fixed bug #81076 (incorrect debug info on Closures with implicit bi=
nds).
(krakjoe)
. Fixed bug #81068 (Double free in realpath_cache_clean()). (Dimitry =
Andric)
. Fixed bug #76359 (open_basedir bypass through adding ".."). (cmb)
. Fixed bug #81090 (Typed property performance degradation with .=3D =
operator).
(Nikita)
. Fixed bug #81070 (Integer underflow in memory limit comparison).
(Peter van Dommelen)
. Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL).
(CVE-2021-21705) (cmb)
- Bzip2:
. Fixed bug #81092 (fflush before stream_filter_remove corrupts strea=
m).
(cmb)
- Fileinfo:
. Fixed bug #80197 (implicit declaration of function 'magic_stream' i=
s
invalid). (Nikita)
- GMP:
. Fixed bug #81119 (GMP operators throw errors with wrong parameter n=
ames).
(Nikita)
- OCI8:
. Fixed bug #81088 (error in regression test for oci_fetch_object() a=
nd
oci_fetch_array()). (M=E1t=E9)
- Opcache:
. Fixed bug #81051 (Broken property type handling after incrementing
reference). (Dmitry)
. Fixed bug #80968 (JIT segfault with return from required file). (Dm=
itry)
- OpenSSL:
. Fixed bug #76694 (native Windows cert verification uses CN as sever=
name).
(cmb)
- MySQLnd:
. Fixed bug #80761 (PDO uses too much memory). (Nikita)
- PDO_Firebird:
. Fixed bug #76448 (Stack buffer overflow in firebird_info_cb).
(CVE-2021-21704) (cmb)
. Fixed bug #76449 (SIGSEGV in firebird_handle_doer).
(CVE-2021-21704) (cmb)
. Fixed bug #76450 (SIGSEGV in firebird_stmt_execute).
(CVE-2021-21704) (cmb)
. Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_=
blob).
(CVE-2021-21704) (cmb)
- readline:
. Fixed bug #72998 (invalid read in readline completion). (krakjoe)
- Standard:
. Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversi=
on").
(cmb)
. Fixed bug #77627 (method_exists on Closure::__invoke inconsistency)=
.=
(krakjoe)
- Windows:
. Fixed bug #81120 (PGO data for main PHP DLL are not used). (cmb)
|
|
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.331
- lang/php74/distinfo 1.25
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 2 17:28:28 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.21
01 Jul 2021, PHP 7.4.21
- Core:
. Fixed bug #81068 (Double free in realpath_cache_clean()). (Dimitry Andric)
. Fixed bug #76359 (open_basedir bypass through adding ".."). (cmb)
. Fixed bug #81090 (Typed property performance degradation with .= operator).
(Nikita)
. Fixed bug #81070 (Integer underflow in memory limit comparison).
(Peter van Dommelen)
. Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL).
(CVE-2021-21705) (cmb)
- Bzip2:
. Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
(cmb)
- OpenSSL:
. Fixed bug #76694 (native Windows cert verification uses CN as sever name).
(cmb)
- PDO_Firebird:
. Fixed bug #76448 (Stack buffer overflow in firebird_info_cb).
(CVE-2021-21704) (cmb)
. Fixed bug #76449 (SIGSEGV in firebird_handle_doer).
(CVE-2021-21704) (cmb)
. Fixed bug #76450 (SIGSEGV in firebird_stmt_execute).
(CVE-2021-21704) (cmb)
. Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob).
(CVE-2021-21704) (cmb)
- Standard:
. Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
(cmb)
|
|
databases/mariadb105-client: NetBSD/aarch64 build fix
Revisions pulled up:
- databases/mariadb105-client/distinfo 1.2
- databases/mariadb105-client/patches/patch-mysys_crc32_crc32__arm64.c 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jul 3 09:23:45 UTC 2021
Modified Files:
pkgsrc/databases/mariadb105-client: distinfo
Added Files:
pkgsrc/databases/mariadb105-client/patches:
patch-mysys_crc32_crc32__arm64.c
Log Message:
mariadb105-client: Fix building on NetBSD/aarch64
|
|
security/p5-Crypt-CBC: 32-bit build fix
Revisions pulled up:
- security/p5-Crypt-CBC/Makefile 1.49
- security/p5-Crypt-CBC/distinfo 1.19
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 2 11:27:21 UTC 2021
Modified Files:
pkgsrc/security/p5-Crypt-CBC: Makefile distinfo
Log Message:
p5-Crypt-CBC: Update to 3.04.
Fix packaging on 32-bit platforms by disabling int128 dependency.
3.04 Mon 17 May 2021 10:58:37 AM EDT
- Fixed bug involving manually-specified IV not being used in some circumstances.
|
|
x11/qt5-qtwebkit: arm build fix
Revisions pulled up:
- x11/qt5-qtwebkit/distinfo 1.20
- x11/qt5-qtwebkit/patches/patch-CMakeLists.txt 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jun 24 14:38:09 UTC 2021
Modified Files:
pkgsrc/x11/qt5-qtwebkit: distinfo
pkgsrc/x11/qt5-qtwebkit/patches: patch-CMakeLists.txt
Log Message:
qt5-qtwebkit: recognize netbsd/arm
|
|
|
|
multimedia/libaom: arm build fix
Revisions pulled up:
- multimedia/libaom/Makefile 1.14
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Jun 28 11:52:42 UTC 2021
Modified Files:
pkgsrc/multimedia/libaom: Makefile
Log Message:
libaom: fix building on armv7
|
|
|
|
shells/eltclsh: build fix
Revisions pulled up:
- shells/eltclsh/distinfo 1.6
- shells/eltclsh/patches/patch-src_Makefile.in 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Jun 27 05:56:02 UTC 2021
Modified Files:
pkgsrc/shells/eltclsh: distinfo
Added Files:
pkgsrc/shells/eltclsh/patches: patch-src_Makefile.in
Log Message:
eltclsh: Avoid infinite loop in build, PR pkg/56259
|
|
databases/mysql80-client: NetBSD build fix
Revisions pulled up:
- databases/mysql80-client/distinfo 1.3
- databases/mysql80-client/patches/patch-sql_join__optimizer_bit__utils.h 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Jun 27 06:41:56 UTC 2021
Modified Files:
pkgsrc/databases/mysql80-client: distinfo
Added Files:
pkgsrc/databases/mysql80-client/patches:
patch-sql_join__optimizer_bit__utils.h
Log Message:
mysql80: use __builtin_ffsll where ffsll is missing
mysql80 uses some inline asm on x86_64, but falls back to the
function on non-x86_64. netbsd does not have a ffsll function.
helps build on non-x86_64.
|
|
I hereby declare this branch's pullup season open! :)
|
|
devel/cpu_features: build fix
Revisions pulled up:
- devel/cpu_features/buildlink3.mk 1.2
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Jun 24 10:50:22 UTC 2021
Modified Files:
pkgsrc/devel/cpu_features: buildlink3.mk
Log Message:
cpu_features: paper over CMake brain damage
fixes math/volk build
|
|
|
|
The omppool file is both in PLIST and PLIST.Linux. One needs to go. This hotfix
just removes the typo. Do we remove PLIST.Linux and assume every platform
of interest has working OpenMP? Add Darwin dep for parallel/openmp?
|
|
From Michael-John Turner via email.
|
|
|
|
|
|
|
|
|
|
|
|
* Catch ``urllib.error.URLError`` to prevent crashes. (#239)
Updating during the freeze for the bugfix.
|
|
Big Sur 11.4.
|
|
... since it is not(?) available in pkgsrc.
Closes NetBSD/pkgsrc#90
|
|
|