Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
graphics/gdk-pixbuf2: security fix
Revisions pulled up:
- graphics/gdk-pixbuf2/Makefile 1.53
- graphics/gdk-pixbuf2/PLIST 1.22
- graphics/gdk-pixbuf2/distinfo 1.51
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 11 12:46:06 UTC 2022
Modified Files:
pkgsrc/graphics/gdk-pixbuf2: Makefile PLIST distinfo
Log Message:
gdk-pixbuf2: update to 2.42.8
2.42.8 (stable)
===
- Clear the pixbuf's memory buffer to avoid returning uninitialized memory
- Turn GdkPixbufModule functions into typed callbacks
- tiff: Use non-deprecated C99 integer types
- gif: Check for overflow when compositing or clearing frames
- Change png/jpeg/tiff build options from boolean to feature
- jpeg: Do not rely on UB around setjmp/longjmp
- Build fixes
- Documentation fixes
- Translation updates
|
|
|
|
www/apache24: security fix
Revisions pulled up:
- www/apache24/Makefile 1.111
- www/apache24/distinfo 1.53
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Jun 9 18:15:51 UTC 2022
Modified Files:
pkgsrc/www/apache24: Makefile distinfo
Log Message:
apache24: updated to 2.4.54
Changes with Apache 2.4.54
*) SECURITY: CVE-2022-31813: mod_proxy X-Forwarded-For dropped by
hop-by-hop mechanism (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin
server/application.
Credits: The Apache HTTP Server project would like to thank
Gaetan Ferry (Synacktiv) for reporting this issue
*) SECURITY: CVE-2022-30556: Information Disclosure in mod_lua with
websockets (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-30522: mod_sed denial of service
(cve.mitre.org)
If Apache HTTP Server 2.4.53 is configured to do transformations
with mod_sed in contexts where the input to mod_sed may be very
large, mod_sed may make excessively large memory allocations and
trigger an abort.
Credits: This issue was found by Brian Moussalli from the JFrog
Security Research team
*) SECURITY: CVE-2022-29404: Denial of service in mod_lua
r:parsebody (cve.mitre.org)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to
a lua script that calls r:parsebody(0) may cause a denial of
service due to no default limit on possible input size.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-28615: Read beyond bounds in
ap_strcmp_match() (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may crash or disclose
information due to a read beyond bounds in ap_strcmp_match()
when provided with an extremely large input buffer. While no
code distributed with the server can be coerced into such a
call, third-party modules or lua scripts that use
ap_strcmp_match() may hypothetically be affected.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-28614: read beyond bounds via ap_rwrite()
(cve.mitre.org)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and
earlier may read unintended memory if an attacker can cause the
server to reflect very large input using ap_rwrite() or
ap_rputs(), such as with mod_luas r:puts() function.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-28330: read beyond bounds in mod_isapi
(cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond
bounds when configured to process requests with the mod_isapi
module.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-26377: mod_proxy_ajp: Possible request
smuggling (cve.mitre.org)
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.53 and prior versions.
Credits: Ricter Z @ 360 Noah Lab
*) mod_ssl: SSLFIPS compatible with OpenSSL 3.0.
*) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.
*) mod_md: a bug was fixed that caused very large MDomains
with the combined DNS names exceeding ~7k to fail, as
request bodies would contain partially wrong data from
uninitialized memory. This would have appeared as failure
in signing-up/renewing such configurations.
*) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.
*) MPM event: Restart children processes killed before idle maintenance.
*) ab: Allow for TLSv1.3 when the SSL library supports it.
*) core: Disable TCP_NOPUSH optimization on OSX since it might introduce
transmission delays.
*) MPM event: Fix accounting of active/total processes on ungraceful restart,
*) core: make ap_escape_quotes() work correctly on strings
with more than MAX_INT/2 characters, counting quotes double.
Credit to <generalbugs@zippenhop.com> for finding this.
*) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
*) mod_http2: remove unused and insecure code.
*) mod_proxy: Add backend port to log messages to
ease identification of involved service.
*) mod_http2: removing unscheduling of ongoing tasks when
connection shows potential abuse by a client. This proved
counter-productive and the abuse detection can false flag
requests using server-side-events.
Fixes <https://github.com/icing/mod_h2/issues/231>.
*) mod_md: Implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
*) mod_md: fixed a bug leading to failed transfers for OCSP
stapling information when more than 6 certificates needed
updates in the same run.
*) mod_proxy: Set a status code of 502 in case the backend just closed the
connection in reply to our forwarded request.
*) mod_md: a possible NULL pointer deref was fixed in
the JSON code for persisting time periods (start+end).
Fixes #282 on mod_md's github.
Thanks to @marcstern for finding this.
*) mod_heartmonitor: Set the documented default value
"10" for HeartbeatMaxServers instead of "0". With "0"
no shared memory slotmem was initialized.
*) mod_md: added support for managing certificates via a
local tailscale daemon for users of that secure networking.
This gives trusted certificates for tailscale assigned
domain names in the *.ts.net space.
|
|
www/ruby-rack: security fix
Revisions pulled up:
- www/ruby-rack/Makefile 1.30
- www/ruby-rack/distinfo 1.28
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 28 09:55:51 UTC 2022
Modified Files:
pkgsrc/www/ruby-rack: Makefile distinfo
Log Message:
www/ruby-rack: update to 2.2.3.1
2.2.3.1 (2022-05-27)
* [CVE-2022-30123] Fix shell escaping issue in Common Logger
* [CVE-2022-30122] Restrict parsing of broken MIME attachments
|
|
security/clamav-doc: build fix after pullup #6625
Revisions pulled up:
- security/clamav-doc/Makefile 1.7
- security/clamav-doc/PLIST 1.9
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun May 15 04:46:32 UTC 2022
Modified Files:
pkgsrc/security/clamav-doc: Makefile PLIST
Log Message:
clamav-doc: fix PLIST
Bump PKGREVISION.
|
|
|
|
|
|
lang/gcc6: build fix
Revisions pulled up:
- lang/gcc6/Makefile 1.36
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 12:21:44 UTC 2022
Modified Files:
pkgsrc/lang/gcc6: Makefile
Log Message:
gcc6: workaround: get this at least building by disabling RELRO
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/lang/gcc6/Makefile
|
|
databases/mariadb105-client: security update
databases/mariadb105-server: security update
Revisions pulled up:
- databases/mariadb105-client/Makefile.common 1.16
- databases/mariadb105-client/distinfo 1.13
- databases/mariadb105-client/patches/patch-CMakeLists.txt 1.2
- databases/mariadb105-server/Makefile 1.25
- databases/mariadb105-server/PLIST 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 10:38:26 UTC 2022
Modified Files:
pkgsrc/databases/mariadb105-client: Makefile.common distinfo
pkgsrc/databases/mariadb105-client/patches: patch-CMakeLists.txt
pkgsrc/databases/mariadb105-server: Makefile PLIST
Log Message:
mariadb105: Update to 10.5.16
MariaDB 10.5.16 Release Notes
Notable Items
InnoDB
* innodb_disallow_writes removed (MDEV-25975)
* InnoDB gap locking fixes (MDEV-20605, MDEV-28422)
* InnoDB performance improvements (MDEV-27557, MDEV-28185)
Replication
* Server initialization time gtid_slave_pos purge related reason of
crashing in binlog background thread is removed (MDEV-26473)
* Shutdown of the semisync master can't produce inconsistent state
anymore (MDEV-11853)
* Binlogs disappear after rsync IST (MDEV-28583)
* autocommit=0 slave hang is eliminated (DBAAS-7828)
* master crash is eliminated in compressed semisync replication protocol
with packet counting amendment (MDEV-25580)
* OPTIMIZE on a sequence does not cause counterfactual
ER_BINLOG_UNSAFE_STATEMENT anymore (MDEV-24617)
* Automatically generated Gtid_log_list_event is made to recognize
within replication event group as a formal member (MDEV-28550)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE using two or more
unique key values at a time with MIXED format binlogging is corrected
(MDEV-28310)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE stops issuing
unnessary "Unsafe statement" with MIXED binlog format (MDEV-21810)
* Incomplete replication event groups are detected to error out by the
slave IO thread (MDEV-27697)
* mysqlbinlog --stop-never --raw now flushes the result file to disk
after each processed event so the file can be listed with the actual
bytes (MDEV-14608)
Backup
* Incorrect binlogs after Galera SST using rsync and mariabackup
(MDEV-27524)
* mariabackup does not detect multi-source replication slave
(MDEV-21037)
* Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>,
old maximum was 0" during backup stage (MDEV-27343)
* mariabackup prepare fails for incrementals if a new schema is created
after full backup is taken (MDEV-28446)
Optimizer
* A SEGV in Item_field::used_tables/update_depend_map_for_order...
(MDEV-26402)
* ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
(MDEV-27699)
* Subquery in an UPDATE query uses full scan instead of range
(MDEV-22377)
* Assertion `item1->type() = Item::FIELD_ITEM ... (MDEV-19398)
* Server crashes in Expression_cache_tracker::fetch_current_stats
(MDEV-28268)
* MariaDB server crash at Item_subselect::init_expr_cache_tracker
(MDEV-26164, MDEV-26047)
* Crash with union of my_decimal type in ORDER BY clause (MDEV-25994)
* SIGSEGV in st_join_table::cleanup (MDEV-24560)
* Assertion `!eliminated' failed in Item_subselect::exec (MDEV-28437)
General
* Server error messages are now available in Chinese (MDEV-28227)
* For RHEL/CentOS 7, non x86_64 architectures are no longer supported
upstream and so our support will also be dropped with this release
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-27376
* CVE-2022-27377
* CVE-2022-27378
* CVE-2022-27379
* CVE-2022-27380
* CVE-2022-27381
* CVE-2022-27382
* CVE-2022-27383
* CVE-2022-27384
* CVE-2022-27386
* CVE-2022-27387
* CVE-2022-27444
* CVE-2022-27445
* CVE-2022-27446
* CVE-2022-27447
* CVE-2022-27448
* CVE-2022-27449
* CVE-2022-27451
* CVE-2022-27452
* CVE-2022-27455
* CVE-2022-27456
* CVE-2022-27457
* CVE-2022-27458
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mariadb105-client/Makefile.common
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/mariadb105-client/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/databases/mariadb105-client/patches/patch-CMakeLists.txt
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mariadb105-server/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/mariadb105-server/PLIST
|
|
databases/mariadb106-client: security update
databases/mariadb106-server: security update
Revisions pulled up:
- databases/mariadb106-client/Makefile.common 1.8
- databases/mariadb106-client/distinfo 1.9
- databases/mariadb106-client/patches/patch-CMakeLists.txt 1.3
- databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h 1.3
- databases/mariadb106-server/Makefile 1.15
- databases/mariadb106-server/PLIST 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 09:36:03 UTC 2022
Modified Files:
pkgsrc/databases/mariadb106-client: Makefile.common distinfo
pkgsrc/databases/mariadb106-client/patches: patch-CMakeLists.txt
patch-storage_innobase_include_transactional__lock__guard.h
pkgsrc/databases/mariadb106-server: Makefile PLIST
Log Message:
mariadb106: update to 10.6.8
MariaDB 10.6.8 Release Notes
Notable Items
InnoDB
* innodb_disallow_writes removed (MDEV-25975)
* InnoDB gap locking fixes (MDEV-20605, MDEV-28422)
* InnoDB performance improvements (MDEV-27557, MDEV-28185, MDEV-27767,
MDEV-28313, MDEV-28137, MDEV-28465, MDEV-26789)
* Backup regression fixes (MDEV-27919)
* InnoDB portability: FreeBSD futexes (MDEV-26476), POWER and s390x
transactional memory (MDEV-27956)
* ALTER TABLE: Fixed bogus duplicate key errors (MDEV-15250)
* DDL and crash recovery fixes (MDEV-27274, MDEV-27234, MDEV-27817)
* Requests to recalculate persistent statistics were sometimes lost
(MDEV-27805)
Replication
* Semisync-slave server recovery is refined to correctly rollback
prepared transaction (MDEV-28461)
* Circular semisync setup endless event circulation is handled
(MDEV-27760)
* Semisync-slave server recovery is extended to work on new server_id
server (MDEV-27342)
* Server initialization time gtid_slave_pos purge related reason of
crashing in binlog background thread is removed (MDEV-26473)
* Shutdown of the semisync master can't produce inconsistent state
anymore (MDEV-11853)
* Binlogs disappear after rsync IST (MDEV-28583)
* autocommit=0 slave hang is eliminated (DBAAS-7828)
* master crash is eliminated in compressed semisync replication protocol
with packet counting amendment (MDEV-25580)
* OPTIMIZE on a sequence does not cause counterfactual
ER_BINLOG_UNSAFE_STATEMENT anymore (MDEV-24617)
* Automatically generated Gtid_log_list_event is made to recognize
within replication event group as a formal member (MDEV-28550)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE using two or more
unique key values at a time with MIXED format binlogging is corrected
(MDEV-28310)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE stops issuing
unnessary "Unsafe statement" with MIXED binlog format (MDEV-21810)
* Incomplete replication event groups are detected to error out by the
slave IO thread (MDEV-27697)
* mysqlbinlog --stop-never --raw now flushes the result file to disk
after each processed event so the file can be listed with the actual
bytes (MDEV-14608)
Backup
* Incorrect binlogs after Galera SST using rsync and mariabackup
(MDEV-27524)
* mariabackup does not detect multi-source replication slave
(MDEV-21037)
* Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>,
old maximum was 0" during backup stage (MDEV-27343)
* mariabackup prepare fails for incrementals if a new schema is created
after full backup is taken (MDEV-28446)
Optimizer
* Query performance degradation in newer MariaDB versions when using
many tables (MDEV-28073)
* A SEGV in Item_field::used_tables/update_depend_map_for_order...
(MDEV-26402)
* ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
(MDEV-27699)
* Subquery in an UPDATE query uses full scan instead of range
(MDEV-22377)
* Assertion `item1->type() = Item::FIELD_ITEM ... (MDEV-19398)
* Server crashes in Expression_cache_tracker::fetch_current_stats
(MDEV-28268)
* MariaDB server crash at Item_subselect::init_expr_cache_tracker
(MDEV-26164, MDEV-26047)
* Crash with union of my_decimal type in ORDER BY clause (MDEV-25994)
* SIGSEGV in st_join_table::cleanup (MDEV-24560)
* Assertion `!eliminated' failed in Item_subselect::exec (MDEV-28437)
General
* Server error messages are now available in Chinese (MDEV-28227)
* For RHEL/CentOS 7, non x86_64 architectures are no longer supported
upstream and so our support will also be dropped with this release
* Packages for Ubuntu 22.04 LTS "Jammy" and Fedora 36 are not yet
available pending the resolution of MDEV-28133: Backport OpenSSL-3.0
compatibility to 10.6 branch
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-27376
* CVE-2022-27377
* CVE-2022-27378
* CVE-2022-27379
* CVE-2022-27380
* CVE-2022-27381
* CVE-2022-27382
* CVE-2022-27383
* CVE-2022-27384
* CVE-2022-27386
* CVE-2022-27387
* CVE-2022-27444
* CVE-2022-27445
* CVE-2022-27446
* CVE-2022-27447
* CVE-2022-27448
* CVE-2022-27449
* CVE-2022-27451
* CVE-2022-27452
* CVE-2022-27455
* CVE-2022-27456
* CVE-2022-27457
* CVE-2022-27458
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/mariadb106-client/Makefile.common
cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/mariadb106-client/distinfo
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/databases/mariadb106-client/patches/patch-CMakeLists.txt \
pkgsrc/databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/mariadb106-server/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/mariadb106-server/PLIST
|
|
print/poppler: build fix
Revisions pulled up:
- print/poppler/Makefile.common 1.134
- print/poppler/buildlink3.mk 1.90
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 07:43:57 UTC 2022
Modified Files:
pkgsrc/print/poppler: Makefile.common buildlink3.mk
Log Message:
poppler: Bump GCC requirement to GCC 7, it wants std::optional.
To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/print/poppler/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/print/poppler/buildlink3.mk
|
|
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.11
- www/firefox91-l10n/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:21:29 UTC 2022
Modified Files:
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91-l10n: sync with firefox91
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/distinfo
|
|
www/firefox91: security update
Revisions pulled up:
- www/firefox91/Makefile 1.18
- www/firefox91/distinfo 1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:16:00 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js
Log Message:
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
|
|
|
|
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
lang/ruby: version info update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.5
- devel/ruby-activejob70/distinfo 1.5
- devel/ruby-activemodel70/distinfo 1.5
- devel/ruby-activestorage70/Makefile 1.4
- devel/ruby-activestorage70/distinfo 1.5
- devel/ruby-activesupport70/distinfo 1.5
- devel/ruby-railties70/distinfo 1.5
- lang/ruby/rails.mk 1.122
- mail/ruby-actionmailbox70/distinfo 1.5
- mail/ruby-actionmailer70/distinfo 1.5
- textproc/ruby-actiontext70/distinfo 1.5
- www/ruby-actioncable70/distinfo 1.5
- www/ruby-actionpack70/distinfo 1.5
- www/ruby-actionview70/distinfo 1.5
- www/ruby-rails70/distinfo 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:39:02 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 7.0.2.4
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:39:53 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport70: distinfo
Log Message:
devel/ruby-activesupport70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*Álvaro Martín Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activesupport70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:40:27 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview70: distinfo
Log Message:
www/ruby-actionview70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*Álvaro Martín Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionview70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:40:53 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack70: distinfo
Log Message:
www/ruby-actionpack70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:41:42 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: Makefile distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
Update rest of Ruby on Rails 70 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activestorage70/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-rails70/distinfo
|
|
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
lang/ruby: version info update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.12
- devel/ruby-activejob61/distinfo 1.12
- devel/ruby-activemodel61/distinfo 1.12
- devel/ruby-activestorage61/Makefile 1.5
- devel/ruby-activestorage61/distinfo 1.12
- devel/ruby-activesupport61/Makefile 1.4
- devel/ruby-activesupport61/distinfo 1.12
- devel/ruby-railties61/distinfo 1.12
- lang/ruby/rails.mk 1.121
- mail/ruby-actionmailbox61/PLIST 1.2
- mail/ruby-actionmailbox61/distinfo 1.12
- mail/ruby-actionmailer61/PLIST 1.2
- mail/ruby-actionmailer61/distinfo 1.12
- textproc/ruby-actiontext61/distinfo 1.12
- www/ruby-actioncable61/distinfo 1.12
- www/ruby-actionpack61/distinfo 1.12
- www/ruby-actionview61/distinfo 1.12
- www/ruby-rails61/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:38:25 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:28:21 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport61: Makefile distinfo
Log Message:
devel/ruby-activesupport61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*Álvaro Martín Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveSupport::Duration.build` to support negative values.
The algorithm to collect the `parts` of the `ActiveSupport::Duration`
ignored the sign of the `value` and accumulated incorrect part values. This
impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
*Caleb Buxton*, *Braden Staudacher*
* `Time#change` and methods that call it (eg. `Time#advance`) will now
return a `Time` with the timezone argument provided, if the caller was
initialized with a timezone argument.
Fixes [#42467](https://github.com/rails/rails/issues/42467).
*Alex Ghiculescu*
* Clone to keep extended Logger methods for tagged logger.
*Orhan Toy*
* `assert_changes` works on including `ActiveSupport::Assertions` module.
*Pedro Medeiros*
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:28:57 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activemodel61: distinfo
Log Message:
devel/ruby-activemodel61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Clear secure password cache if password is set to `nil`
Before:
user.password = 'something'
user.password = nil
user.password # => 'something'
Now:
user.password = 'something'
user.password = nil
user.password # => nil
*Markus Doits*
* Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup`
Passing a last positional argument `{}` would be incorrectly considered as keyword argument.
*Benoit Daloze*
* Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object.
*Ryuta Kamizono*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:29:32 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview61: distinfo
Log Message:
www/ruby-actionview61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*Álvaro Martín Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* `preload_link_tag` properly inserts `as` attributes for files with `image` MIME
types, such as JPG or SVG.
*Nate Berkopec*
* Add `autocomplete="off"` to all generated hidden fields.
Fixes #42610.
*Ryan Baumann*
* Fix `current_page?` when URL has trailing slash.
This fixes the `current_page?` helper when the given URL has a trailing slash,
and is an absolute URL or also has query params.
Fixes #33956.
*Jonathan Hefner*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:30:02 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack61: distinfo
Log Message:
www/ruby-actionpack61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `content_security_policy` returning invalid directives.
Directives such as `self`, `unsafe-eval` and few others were not
single quoted when the directive was the result of calling a lambda
returning an array.
```ruby
content_security_policy do |policy|
policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
```
With this fix the policy generated from above will now be valid.
*Edouard Chin*
* Update `HostAuthorization` middleware to render debug info only
when `config.consider_all_requests_local` is set to true.
Also, blocked host info is always logged with level `error`.
Fixes #42813.
*Nikita Vyrko*
* Dup arrays that get "converted".
Fixes #43681.
*Aaron Patterson*
* Don't show deprecation warning for equal paths.
*Anton Rieder*
* Fix crash in `ActionController::Instrumentation` with invalid HTTP formats.
Fixes #43094.
*Alex Ghiculescu*
* Add fallback host for SystemTestCase driven by RackTest.
Fixes #42780.
*Petrik de Heus*
* Add more detail about what hosts are allowed.
*Alex Ghiculescu*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:30:33 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
Log Message:
databases/ruby-activerecord61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6.
Ruby 2.6 and 2.7 have slightly different implementations of the `String#@-` method.
In Ruby 2.6, the receiver of the `String#@-` method is modified under certain circumstances.
This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
fixed in Ruby 2.7.
Before the changes in this commit, the
`ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally
calls the `String#@-` method, could also modify an input string argument in Ruby 2.6 --
changing a tainted, unfrozen string into a tainted, frozen string.
Fixes #43056
*Eric O'Hanlon*
* Fix migration compatibility to create SQLite references/belongs_to column as integer when
migration version is 6.0.
`reference`/`belongs_to` in migrations with version 6.0 were creating columns as
bigint instead of integer for the SQLite Adapter.
*Marcelo Lauxen*
* Fix dbconsole for 3-tier config.
*Eileen M. Uchitelle*
* Better handle SQL queries with invalid encoding.
```ruby
Post.create(name: "broken \xC8 UTF-8")
```
Would cause all adapters to fail in a non controlled way in the code
responsible to detect write queries.
The query is now properly passed to the database connection, which might or might
not be able to handle it, but will either succeed or failed in a more correct way.
*Jean Boussier*
* Ignore persisted in-memory records when merging target lists.
*Kevin Sjöberg*
* Fix regression bug that caused ignoring additional conditions for preloading
`has_many` through relations.
Fixes #43132
*Alexander Pauly*
* Fix `ActiveRecord::InternalMetadata` to not be broken by
`config.active_record.record_timestamps = false`
Since the model always create the timestamp columns, it has to set them, otherwise it breaks
various DB management tasks.
Fixes #42983
*Jean Boussier*
* Fix duplicate active record objects on `inverse_of`.
*Justin Carvalho*
* Fix duplicate objects stored in has many association after save.
Fixes #42549.
*Alex Ghiculescu*
* Fix performance regression in `CollectionAssocation#build`.
*Alex Ghiculescu*
* Fix retrieving default value for text column for MariaDB.
*fatkodima*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:31:02 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activestorage61: Makefile distinfo
Log Message:
devel/ruby-activestorage61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Attachments can be deleted after their association is no longer defined.
Fixes #42514
*Don Sisco*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:31:47 UTC 2022
Modified Files:
pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo
Log Message:
mail/ruby-actionmailbox61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Add `attachments` to the list of permitted parameters for inbound emails conductor.
When using the conductor to test inbound emails with attachments, this prevents an
unpermitted parameter warning in default configurations, and prevents errors for
applications that set:
```ruby
config.action_controller.action_on_unpermitted_parameters = :raise
```
*David Jones*, *Dana Henke*
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:32:28 UTC 2022
Modified Files:
pkgsrc/www/ruby-actioncable61: distinfo
Log Message:
www/ruby-actioncable61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* The Action Cable client now ensures successful channel subscriptions:
* The client maintains a set of pending subscriptions until either
the server confirms the subscription or the channel is torn down.
* Rectifies the race condition where an unsubscribe is rapidly followed
by a subscribe (on the same channel identifier) and the requests are
handled out of order by the ActionCable server, thereby ignoring the
subscribe command.
*Daniel Spinosa*
* Truncate broadcast logging messages.
*J Smith*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:32:59 UTC 2022
Modified Files:
pkgsrc/devel/ruby-railties61: distinfo
Log Message:
devel/ruby-railties61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it.
This order plays better with shared namespaces.
*Xavier Noria*
* Handle paths with spaces when editing credentials.
*Alex Ghiculescu*
* Support Psych 4 when loading secrets.
*Nat Morcos*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:33:27 UTC 2022
Modified Files:
pkgsrc/textproc/ruby-actiontext61: distinfo
Log Message:
textproc/ruby-actiontext61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Fix Action Text extra trix content wrapper.
*Alexandre Ruban*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:34:37 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/mail/ruby-actionmailer61: PLIST distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
Update rest of Ruby on Rails 61 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo
|
|
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
lang/ruby: version info update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.17
- devel/ruby-activejob60/distinfo 1.17
- devel/ruby-activemodel60/distinfo 1.17
- devel/ruby-activestorage60/distinfo 1.17
- devel/ruby-activesupport60/distinfo 1.17
- devel/ruby-railties60/distinfo 1.17
- lang/ruby/rails.mk 1.120
- mail/ruby-actionmailbox60/distinfo 1.17
- mail/ruby-actionmailer60/distinfo 1.17
- textproc/ruby-actiontext60/distinfo 1.17
- www/ruby-actioncable60/distinfo 1.17
- www/ruby-actionpack60/distinfo 1.17
- www/ruby-actionview60/distinfo 1.17
- www/ruby-rails60/distinfo 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:20:39 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 6.0.4.8
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:21:25 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*Álvaro Martín Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:12 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*Álvaro Martín Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:48 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:24:55 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
Update rest of Ruby on Rails 60 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails60/distinfo
|
|
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
lang/ruby: version info update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.13
- devel/ruby-activejob52/distinfo 1.13
- devel/ruby-activemodel52/distinfo 1.13
- devel/ruby-activestorage52/distinfo 1.13
- devel/ruby-activesupport52/distinfo 1.13
- devel/ruby-railties52/distinfo 1.13
- lang/ruby/rails.mk 1.119
- mail/ruby-actionmailer52/distinfo 1.13
- www/ruby-actioncable52/distinfo 1.13
- www/ruby-actionpack52/Makefile 1.2
- www/ruby-actionpack52/distinfo 1.13
- www/ruby-actionview52/distinfo 1.13
- www/ruby-rails52/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:02:07 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 5.2.7.1
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:03:50 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport52: distinfo
Log Message:
devel/ruby-activesupport52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*Álvaro Martín Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* Restore support to Ruby 2.2.
*ojab*
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activesupport52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:04:44 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview52: distinfo
Log Message:
www/ruby-actionview52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*Álvaro Martín Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actionview52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:05:24 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack52: Makefile distinfo
Log Message:
www/ruby-actionpack52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/ruby-actionpack52/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actionpack52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:06:04 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activestorage52: distinfo
Log Message:
devel/ruby-activestorage52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* No changes.
## Rails 5.2.7 (March 10, 2022) ##
* Fix `ActiveStorage.supported_image_processing_methods` and
`ActiveStorage.unsupported_image_processing_arguments` that were not being applied.
*Rafael Mendonça França*
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activestorage52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:08:16 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-railties52: distinfo
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
Update rest of Ruby on Rails 52 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-rails52/distinfo
|
|
www/gitea: security fix
Revisions pulled up:
- www/gitea/Makefile 1.73
- www/gitea/distinfo 1.31
- www/gitea/go-modules.mk 1.2
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed May 18 18:38:34 UTC 2022
Modified Files:
pkgsrc/www/gitea: Makefile distinfo go-modules.mk
Log Message:
gitea: update to 1.16.8
This is a security update:
* CVE-2022-30781
* CVE-2022-27313
* and more security issues fixed but without CVEs - see below
XXX pull-up to pkgsrc-2022Q1
Tested on NetBSD/amd64.
Changes in 1.16.8:
ENHANCEMENTS
* Add doctor check/fix for bogus action rows (#19656) (#19669)
* Make .cs highlighting legible on dark themes (#19604) (#19605)
BUGFIXES
* Fix oauth setting list bug (#19681)
* Delete user related oauth stuff on user deletion too (#19677) (#19680)
* Fix new release from tags list UI (#19670) (#19673)
* Prevent NPE when checking repo units if the user is nil (#19625) (#19630)
* GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
* Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)
* Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names (#19557) (#19591)
* Fix sending empty notifications (#19589) (#19590)
* Ignore DNS error when doing migration allow/block check (#19566) (#19567)
* Fix issue overview for teams (#19652) (#19653)
Changes in 1.16.7:
SECURITY
* Escape git fetch remote (#19487) (#19490) CVE-2022-30781
BUGFIXES
* Don't overwrite err with nil (#19572) (#19574)
* On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
* Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
* Don't error when branch's commit doesn't exist (#19547) (#19548)
* Support hostname:port to pass host matcher's check (#19543) (#19544)
* Prevent intermittent race in attribute reader close (#19537) (#19539)
* Fix 64-bit atomic operations on 32-bit machines (#19531) (#19532)
* Prevent dangling archiver goroutine (#19516) (#19526)
* Fix migrate release from github (#19510) (#19523)
* When view _Siderbar or _Footer, just display once (#19501) (#19522)
* Fix blame page select range error and some typos (#19503)
* Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
* User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
* Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
* RepoAssignment ensure to close before overwrite (#19449) (#19460)
* Set correct PR status on 3way on conflict checking (#19457) (#19458)
* Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
Changes in 1.16.6:
ENHANCEMENTS
* Only request write when necessary (#18657) (#19422)
* Disable service worker by default (#18914) (#19342)
BUGFIXES
* When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
* Fix DELETE request for non-existent public key (#19443) (#19444)
* Don't panic on ErrEmailInvalid (#19441) (#19442)
* Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430) (#19438)
* Warn on SSH connection for incorrect configuration (#19317) (#19437)
* Search Issues via API, dont show 500 if filter result in empty list (#19244) (#19436)
* When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)
* Fix nil error when some pages are rendered outside request context (#19427) (#19428)
* Fix double blob-hunk on diff page (#19404) (#19405)
* Don't allow merging PR's which are being conflict checked (#19357) (#19358)
* Fix middleware function's placements (#19377) (#19378)
* Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
* Restore user autoregistration with email addresses (#19261) (#19312)
* Move checks for pulls before merge into own function (#19271) (#19277)
* Granular webhook events in editHook (#19251) (#19257)
* Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)
* Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236)
* Touch mirrors on even on fail to update (#19217) (#19233)
* Hide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)
* Fix clone url JS error for the empty repo page (#19209)
* Bump goldmark to v1.4.11 (#19201) (#19203)
TESTING
* Prevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)
BUILD
* Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319)
MISC
* Performance improvement for add team user when org has more than 1000 repositories (#19227) (#19289)
* Check go and nodejs version by go.mod and package.json (#19197) (#19254)
Changes in 1.16.5:
BREAKING
* Bump to build with go1.18 (#19120 et al) (#19127)
SECURITY
* Prevent redirect to Host (2) (#19175) (#19186)
* Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
* Clean paths when looking in Storage (#19124) (#19179)
* Do not send notification emails to inactive users (#19131) (#19139)
* Do not send activation email if manual confirm is set (#19119) (#19122)
ENHANCEMENTS
* Use the new/choose link for New Issue on project page (#19172) (#19176)
BUGFIXES
* Fix showing issues in your repositories (#18916) (#19191)
* Fix compare link in active feeds for new branch (#19149) (#19185)
* Redirect .wiki/* ui link to /wiki (#18831) (#19184)
* Ensure deploy keys with write access can push (#19010) (#19182)
* Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)
* Cleanup protected branches when deleting users & teams (#19158) (#19174)
* Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)
* Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
* Use custom favicon when viewing static files if it exists (#19130) (#19152)
* Fix the editor height in review box (#19003) (#19147)
* Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
* Fix wrong scopes caused by empty scope input (#19029) (#19145)
* Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
* Handle email address not exist (#19089) (#19121)
MISC
* Update json-iterator to allow compilation with go1.18 (#18644) (#19100)
* Update golang.org/x/crypto (#19097) (#19098)
Changes in 1.16.4:
SECURITY
* Restrict email address validation (#17688) (#19085)
* Fix lfs bug (#19072) (#19080)
ENHANCEMENTS
* Improve SyncMirrors logging (#19045) (#19050)
BUGFIXES
* Refactor mirror code & fix StartToMirror (#18904) (#19075)
* Update the webauthn_credential_id_sequence in Postgres (#19048) (#19060)
* Prevent 500 when there is an error during new auth source post (#19041) (#19059)
* If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049) (#19056)
* Fix flag validation (#19046) (#19051)
* Add pam account authorization check (#19040) (#19047)
* Ignore missing comment for user notifications (#18954) (#19043)
* Set rel="nofollow noindex" on new issue links (#19023) (#19042)
* Upgrading binding package (#19034) (#19035)
* Don't show context cancelled errors in attribute reader (#19006) (#19027)
* Fix update hint bug (#18996) (#19002)
MISC
* Fix potential assignee query for repo (#18994) (#18999)
Changes in 1.16.3:
SECURITY
* Git backend ignore replace objects (#18979) (#18980) CVE-2022-27313
ENHANCEMENTS
* Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)
BUGFIXES
* Set max text height to prevent overflow (#18862) (#18977)
* Fix newAttachmentPaths deletion for DeleteRepository() (#18973) (#18974)
* Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) (#18964)
* Send 404 on /{org}.gpg (#18959) (#18962)
* Fix admin user list pagination (#18957) (#18960)
* Fix lfs management setting (#18947) (#18946)
* Fix login with email panic when email is not exist (#18942)
* Update go-org to v1.6.1 (#18932) (#18933)
* Fix <strong> html in translation (#18929) (#18931)
* Fix page and missing return on unadopted repos API (#18848) (#18927)
* Allow adminstrator teams members to see other teams (#18918) (#18919)
* Don't treat BOM escape sequence as hidden character. (#18909) (#18910)
* Correctly link URLs to users/repos with dashes, dots or underscores (  (#18908)
* Fix redirect when using lowercase repo name (#18775) (#18902)
* Fix migration v210 (#18893) (#18892)
* Fix team management UI (#18887) (18886)
* BeforeSourcePath should point to base commit (#18880) (#18799)
TRANSLATION
* Backport locales from master (#18944)
MISC
* Don't update email for organisation (#18905) (#18906)
Changes in 1.16.2:
ENHANCEMENTS
* Show fullname on issue edits and gpg/ssh signing info (#18828)
* Immediately Hammer if second kill is sent (#18823) (#18826)
* Allow mermaid render error to wrap (#18791)
BUGFIXES
* Fix ldap user sync missed email in email_address table (#18786) (#18876)
* Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
* Don't report signal: killed errors in serviceRPC (#18850) (#18865)
* Fix bug where certain LDAP settings were reverted (#18859)
* Update go-org to 1.6.0 (#18824) (#18839)
* Fix login with email for ldap users (#18800) (#18836)
* Fix bug for get user by email (#18834)
* Fix panic in EscapeReader (#18820) (#18821)
* Fix ldap loginname (#18789) (#18804)
* Remove redundant call to UpdateRepoStats during migration (#18591) (#18794)
* In disk_channel queues synchronously push to disk on shutdown (#18415) (#18788)
* Fix template bug of LFS lock (#18784) (#18787)
* Attempt to fix the webauthn migration again - part 3 (#18770) (#18771)
* Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707) (#18765)
* Fix a broken link in commits_list_small.tmpl (#18763) (#18764)
* Increase the size of the webauthn_credential credential_id field (#18739) (#18756)
* Prevent dangling GetAttribute calls (#18754) (#18755)
* Fix isempty detection of git repository (#18746) (#18750)
* Fix source code line highlighting on external tracker (#18729) (#18740)
* Prevent double encoding of branch names in delete branch (#18714) (#18738)
* Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) (#18737)
* Fix forked repositories missed tags (#18719) (#18735)
* Fix release typo (#18728) (#18731)
* Separate the details links of commit-statuses in headers (#18661) (#18730)
* Update object repo with the migrated repository (#18684) (#18726)
* Fix bug for version update hint (#18701) (#18705)
* Fix issue with docker-rootless shimming script (#18690) (#18699)
* Let MinUnitAccessMode return correct perm (#18675) (#18689)
* Prevent security failure due to bad APP_ID (#18678) (#18682)
* Restart zero worker if there is still work to do (#18658) (#18672)
* If rendering has failed due to a net.OpError stop rendering (#18642) (#18645)
TESTING
* Ensure git tag tests and others create test repos in tmpdir (#18447) (#18767)
BUILD
* Reduce CI go module downloads, add make targets (#18708, #18475, #18443) (#18741)
MISC
* Put buttons back in org dashboard (#18817) (#18825)
* Various Mermaid improvements (#18776) (#18780)
* C preprocessor colors improvement (#18671) (#18696)
* Fix the missing i18n key for update checker (#18646) (#18665)
|
|
multimedia/libaom: security fix
Revisions pulled up:
- multimedia/libaom/Makefile 1.22
- multimedia/libaom/distinfo 1.16
- multimedia/libaom/patches/patch-aom__ports_ppc__cpudetect.c 1.3
- multimedia/libaom/patches/patch-build_cmake_aom__configure.cmake 1.5
- multimedia/libaom/patches/patch-build_cmake_version.cmake 1.3
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 17 21:44:11 UTC 2022
Modified Files:
pkgsrc/multimedia/libaom: Makefile distinfo
pkgsrc/multimedia/libaom/patches: patch-aom__ports_ppc__cpudetect.c
patch-build_cmake_aom__configure.cmake
patch-build_cmake_version.cmake
Log Message:
libaom: Update to 3.3.0
2022-01-28 v3.3.0
This release includes compression efficiency and perceptual quality
improvements, speedup and memory optimizations, some new features, and
several bug fixes.
- New Features
* AV1 RT: Introducing CDEF search level 5
* Changed real time speed 4 to behave the same as real time speed 5
* Add --deltaq-strength
* rtc: Allow scene-change and overshoot detection for svc
* rtc: Intra-only frame for svc
* AV1 RT: Option 2 for codec control AV1E_SET_ENABLE_CDEF to disable
CDEF on non-ref frames
* New codec controls AV1E_SET_LOOPFILTER_CONTROL and
AOME_GET_LOOPFILTER_LEVEL
* Improvements to three pass encoding
- Compression Efficiency Improvements
* Overall compression gains: 0.6%
- Perceptual Quality Improvements
* Improves the perceptual quality of high QP encoding for delta-q mode 4
* Auto select noise synthesis level for all intra
- Speedup and Memory Optimizations
* Added many SSE2 optimizations.
* Good quality 2-pass encoder speedups:
o Speed 2: 9%
o Speed 3: 12.5%
o Speed 4: 8%
o Speed 5: 3%
o Speed 6: 4%
* Real time mode encoder speedups:
o Speed 5: 2.6% BDRate gain, 4% speedup
o Speed 6: 3.5% BDRate gain, 4% speedup
o Speed 9: 1% BDRate gain, 3% speedup
o Speed 10: 3% BDRate gain, neutral speedup
* All intra encoding speedups (AVIF):
o Single thread - speed 6: 8%
o Single thread - speed 9: 15%
o Multi thread(8) - speed 6: 14%
o Multi thread(8) - speed 9: 34%
- Bug Fixes
* Issue 3163: Segmentation fault when using --enable-keyframe-filtering=2
* Issue 2436: Integer overflow in av1_warp_affine_c()
* Issue 3226: armv7 build failure due to gcc-11
* Issue 3195: Bug report on libaom (AddressSanitizer: heap-buffer-overflow)
* Issue 3191: Bug report on libaom (AddressSanitizer: SEGV on unknown
address)
* Issue 3176: Some SSE2/SADx4AvgTest.* tests fail on Windows
* Issue 3175: Some SSE2/SADSkipTest.* tests fail on Windows
|
|
mail/sendmail: bugfix for SMTP AUTH
Revisions pulled up:
- mail/sendmail/Makefile 1.141
- mail/sendmail/distinfo 1.68
- mail/sendmail/patches/patch-bo 1.5
---
Module Name: pkgsrc
Committed By: sborrill
Date: Tue May 10 13:46:49 UTC 2022
Modified Files:
pkgsrc/mail/sendmail: Makefile distinfo
pkgsrc/mail/sendmail/patches: patch-bo
Log Message:
sendmail: fix SMTP AUTH
Pull in SMTP AUTH fix from 8.17.1.9.
Bump PKGREVISION
|
|
textproc/libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile 1.164
- textproc/libxml2/Makefile.common 1.16
- textproc/libxml2/distinfo 1.141
- textproc/py-libxml2/Makefile 1.81
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Fri May 6 00:55:55 UTC 2022
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common distinfo
pkgsrc/textproc/py-libxml2: Makefile
Log Message:
libxml2: update to 2.9.14, includes security fixes
v2.9.14: May 02 2022:
- Security:
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
(David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
- Bug fixes:
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
- Improvements:
Fix recovery from invalid HTML start tags
- Build system, portability:
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
|
|
math/py-numpy: build fix
Revisions pulled up:
- math/py-numpy/Makefile 1.92
---
Module Name: pkgsrc
Committed By: nia
Date: Sun May 8 10:18:31 UTC 2022
Modified Files:
pkgsrc/math/py-numpy: Makefile
Log Message:
py-numpy: Expects compiler to default to C++11.
|
|
|
|
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.84
- security/clamav/Makefile.common 1.23
- security/clamav/buildlink3.mk 1.16
- security/clamav/distinfo 1.42
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 00:44:07 UTC 2022
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common buildlink3.mk distinfo
Log Message:
security/clamav: update to 0.103.6
0.103.6 (2022-05-04)
ClamAV 0.103.6 is a critical patch release with the following fixes:
- [CVE-2022-20770](CVE-2022-20770): Fixed a possible infinite loop vulner=
ability
in the CHM file parser.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 =
and
prior versions.
Thank you to Micha=A9=A9 Dardas for reporting this issue.
- [CVE-2022-20796](CVE-2022-20796): Fixed a possible NULL-pointer derefer=
ence
crash in the scan verdict cache check.
Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2.
Thank you to Alexander Patrakov and Antoine Gatineau for reporting this=
issue.
- [CVE-2022-20771](CVE-2022-20771): Fixed a possible infinite loop vulner=
ability
in the TIFF file parser.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 =
and
prior versions.
The issue only occurs if the "--alert-broken-media" ClamScan option is
enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and =
for
libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option.
Thank you to Micha=A9=A9 Dardas for reporting this issue.
- [CVE-2022-20785](CVE-2022-20785): Fixed a possible memory leak in the
HTML file parser / Javascript normalizer.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 =
and
prior versions.
Thank you to Micha=A9=A9 Dardas for reporting this issue.
- [CVE-2022-20792](CVE-2022-20792): Fixed a possible multi-byte heap buff=
er
overflow write vulnerability in the signature database load module.
The fix was to update the vendored regex library to the latest version.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 =
and
prior versions.
Thank you to Micha=A9=A9 Dardas for reporting this issue.
- ClamOnAcc: Fixed a number of assorted stability issues and added niceti=
es for
debugging ClamOnAcc. Patches courtesy of Frank Fegert.
- Fixed an issue causing byte-compare subsignatures to cause an alert whe=
n they
match even if other conditions of the given logical signatures were not=
met.
- Fix memleak when using multiple byte-compare subsignatures.
This fix was backported from 0.104.0.
Thank you to Andrea De Pasquale for contributing the fix.
- Assorted bug fixes and improvements.
Special thanks to the following people for code contributions and bug rep=
orts:
- Alexander Patrakov
- Andrea De Pasquale
- Antoine Gatineau
- Frank Fegert
- Micha=A9=A9 Dardas
|
|
|
|
ruby30-base: build fix
ruby31-base: build fix
Revisions pulled up:
- lang/ruby/platform.mk 1.10-1.12
- lang/ruby/rubyversion.mk 1.251
- lang/ruby30-base/Makefile 1.7
- lang/ruby30-base/distinfo 1.9-1.10
- lang/ruby30-base/patches/patch-configure 1.2
- lang/ruby30-base/patches/patch-include_ruby_internal_static__assert.h 1.1
- lang/ruby31-base/Makefile 1.4-1.5
- lang/ruby31-base/distinfo 1.4-1.7
- lang/ruby31-base/patches/patch-configure 1.2
- lang/ruby31-base/patches/patch-include_ruby_internal_static__assert.h 1.1
- lang/ruby31-base/patches/patch-template_Makefile.in 1.1
- lang/ruby31-base/patches/patch-tool_runruby.rb 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed May 4 15:49:51 UTC 2022
Modified Files:
pkgsrc/lang/ruby31-base: Makefile distinfo
pkgsrc/lang/ruby31-base/patches: patch-configure
Log Message:
ruby31-base: Retain _XOPEN_SOURCE on SunOS.
Fixes build of eventmachine (which assumes the XPG4.2 "void *" type for
iov_base), and mirrors settings of ruby 2.x. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 4 16:16:49 UTC 2022
Modified Files:
pkgsrc/lang/ruby: platform.mk
Log Message:
lang/ruby: fix build problem of Ruby 3.1 on NetBSD 8
Fix build problem of Ruby 3.1 on NetBSD 8 by disabling dtrace.
Ruby 3.1 dtrace(1) to modify compiled object files during build process.
But something wrong on NetBSD 8, includeing 8.2_STABLE.
For example, vm.o contains these symbols on NetBSD 9:
0000000000000000 A __dtrace_ruby___array__create
0000000000000000 A __dtrace_ruby___cmethod__entry
0000000000000000 A __dtrace_ruby___cmethod__return
0000000000000000 A __dtrace_ruby___hash__create
0000000000000000 A __dtrace_ruby___method__entry
0000000000000000 A __dtrace_ruby___method__return
0000000000000000 A __dtraceenabled_ruby___array__create
0000000000000000 A __dtraceenabled_ruby___cmethod__entry
0000000000000000 A __dtraceenabled_ruby___cmethod__return
0000000000000000 A __dtraceenabled_ruby___hash__create
0000000000000000 A __dtraceenabled_ruby___method__entry
0000000000000000 A __dtraceenabled_ruby___method__return
But on NetBSD 8:
0000000000000000 A __dtrace_ruby___array-create
0000000000000000 A __dtrace_ruby___cmethod-entry
0000000000000000 A __dtrace_ruby___cmethod-return
0000000000000000 A __dtrace_ruby___hash-create
0000000000000000 A __dtrace_ruby___method-entry
0000000000000000 A __dtrace_ruby___method-return
0000000000000000 A __dtraceenabled_ruby___array-create
0000000000000000 A __dtraceenabled_ruby___cmethod-entry
0000000000000000 A __dtraceenabled_ruby___cmethod-return
0000000000000000 A __dtraceenabled_ruby___hash-create
0000000000000000 A __dtraceenabled_ruby___method-entry
0000000000000000 A __dtraceenabled_ruby___method-return
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed May 4 15:49:16 UTC 2022
Modified Files:
pkgsrc/lang/ruby30-base: Makefile distinfo
pkgsrc/lang/ruby30-base/patches: patch-configure
Log Message:
ruby30-base: Retain _XOPEN_SOURCE on SunOS.
Fixes build of eventmachine (which assumes the XPG4.2 "void *" type for
iov_base), and mirrors settings of ruby 2.x. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 4 16:44:53 UTC 2022
Modified Files:
pkgsrc/lang/ruby: platform.mk
pkgsrc/lang/ruby30-base: distinfo
pkgsrc/lang/ruby31-base: distinfo
Added Files:
pkgsrc/lang/ruby30-base/patches:
patch-include_ruby_internal_static__assert.h
pkgsrc/lang/ruby31-base/patches:
patch-include_ruby_internal_static__assert.h
Log Message:
lang/ruby: fix Ruby 3.0 build problem on NetBSD 8.0
Something wrong with expantion of static_assert macro in <assert.h>
on NetBSD 8.0. So, avoid use of static_assert on NetBSD 8.0.
NetBSD 8.1 and later dose not have this problem.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Thu May 5 10:15:17 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
ruby: Handle ruby31 changing the config triple for arm64 macOS.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Thu May 5 10:25:06 UTC 2022
Modified Files:
pkgsrc/lang/ruby31-base: distinfo
Added Files:
pkgsrc/lang/ruby31-base/patches: patch-tool_runruby.rb
Log Message:
ruby31-base: Fix install on macOS arm64.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 7 09:36:16 UTC 2022
Modified Files:
pkgsrc/lang/ruby: platform.mk
pkgsrc/lang/ruby31-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby31-base/patches: patch-template_Makefile.in
Log Message:
lang/ruby31-base: better fix than privious one
Instead of disabling DTrace, process object file yjit.o with "dtrace -G".
Bump PKGREVISION.
|
|
www/drupal7: security fix
Revisions pulled up:
- www/drupal7/Makefile 1.76
- www/drupal7/PLIST 1.30
- www/drupal7/distinfo 1.60
---
Module Name: pkgsrc
Committed By: wen
Date: Sat Apr 30 08:50:35 UTC 2022
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update to 7.89
Upstream changes:
Drupal 7.89, 2022-03-02
-----------------------
- Bug fixes for PHP 8.1
- Fix tests for PostgreSQL
Drupal 7.88, 2022-02-15
-----------------------
- Fixed security issues:
- SA-CORE-2022-003
Drupal 7.87, 2022-01-19
-----------------------
- Fix regression caused by jQuery UI position() backport
|
|
www/ruby-puma: security fix
Revisions pulled up:
- www/ruby-puma/Makefile 1.33
- www/ruby-puma/distinfo 1.30
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 24 14:43:10 UTC 2022
Modified Files:
pkgsrc/www/ruby-puma: Makefile distinfo
Log Message:
www/ruby-puma: update to 5.6.4
5.6.4 (2022-03-30)
Security
* Close several HTTP Request Smuggling exploits (CVE-2022-24790)
5.6.2 (2022-02-11)
Bugfix/Security
* Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to #2809)
5.6.1 (2022-01-26)
Bugfixes
* Reverted a commit which appeared to be causing occasional blank header
values (#2809)
5.6.0 (2022-01-25)
Features
* Support localhost integration in ssl_bind (#2764, #2708)
* Allow backlog parameter to be set with ssl_bind DSL (#2780)
* Remove yaml (psych) requirement in StateFile (#2784)
* Allow culling of oldest workers, previously was only youngest (#2773,
#2794)
* Add worker_check_interval configuration option (#2759)
* Always send lowlevel_error response to client (#2731, #2341)
* Support for cert_pem and key_pem with ssl_bind DSL (#2728)
Bugfixes
* Keep thread names under 15 characters, prevents breakage on some OSes
(#2733)
* Fix two 'old-style-definition' compile warning (#2807, #2806)
* Log environment correctly using option value (#2799)
* Fix warning from Ruby master (will be 3.2.0) (#2785)
* extconf.rb - fix openssl with old Windows builds (#2757)
* server.rb - rescue handling (Errno::EBADF) for @notify.close (#2745)
Refactor
* server.rb - refactor code using @options[:remote_address] (#2742)
* [jruby] a couple refactorings - avoid copy-ing bytes (#2730)
|
|
textproc/ruby-yajl: security fix
Revisions pulled up:
- textproc/ruby-yajl/Makefile 1.8
- textproc/ruby-yajl/PLIST 1.7
- textproc/ruby-yajl/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 24 14:39:32 UTC 2022
Modified Files:
pkgsrc/textproc/ruby-yajl: Makefile PLIST distinfo
Log Message:
textproc/ruby-yajl: update to 1.4.2
1.4.2 (2022-04-04)
No release note nor proper changelog. But there is security fix.
Please refer
<https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm>
in detail.
|
|
|
|
devel/afl++: ARM build fix
Revisions pulled up:
- devel/afl++/Makefile 1.3
- devel/afl++/PLIST 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Apr 17 07:34:46 UTC 2022
Modified Files:
pkgsrc/devel/afl++: Makefile PLIST
Log Message:
afl++: fix PLIST on aarch64
|
|
multimedia/pitivi: build fix
Revisions pulled up:
- multimedia/pitivi/Makefile 1.67
- multimedia/pitivi/PLIST 1.8
- multimedia/pitivi/distinfo 1.9
- multimedia/pitivi/patches/patch-meson.build 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Apr 17 07:18:06 UTC 2022
Modified Files:
pkgsrc/multimedia/pitivi: Makefile PLIST distinfo
pkgsrc/multimedia/pitivi/patches: patch-meson.build
Log Message:
pitivi: Adapt to new gst-plugins world. Fixes build.
|
|
|
|
devel/git-base: security update
devel/git: security update
Revisions pulled up:
- devel/git-base/distinfo 1.117
- devel/git/Makefile.version 1.103
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Apr 14 23:39:21 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: update to 2.35.3
Includes a fix for CVE-2022-24765. Addresses PR pkg/56796 from
Eric N Vander Weele.
Git v2.35.2 Release Notes
============
This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.
Release notes for 2.35.3 simply state:
This release merges up the fixes that appear in v2.35.3.
To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git-base/distinfo
|
|
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.249
- lang/ruby31-base/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 15:12:13 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31-base: update to 3.1.2
Ruby 3.1.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2022-28738: Double free in Regexp compilation
* CVE-2022-28739: Buffer overrun in String-to-Float conversion
See the commit logs for further details.
To generate a diff of this commit:
cvs rdiff -u -r1.248 -r1.249 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby31-base/distinfo
|
|
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.248
- lang/ruby30-base/Makefile 1.6
- lang/ruby30-base/PLIST 1.7
- lang/ruby30-base/distinfo 1.8
- lang/ruby30/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:52:27 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30: Makefile
pkgsrc/lang/ruby30-base: Makefile PLIST distinfo
Log Message:
lang/ruby30-base: update to 3.0.4
Ruby 3.0.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2022-28738: Double free in Regexp compilation
* CVE-2022-28739: Buffer overrun in String-to-Float conversion
See the commit logs for further details.
To generate a diff of this commit:
cvs rdiff -u -r1.247 -r1.248 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby30/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby30-base/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/ruby30-base/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby30-base/distinfo
|
|
lang/ruby27: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.247
- lang/ruby27-base/Makefile 1.9
- lang/ruby27-base/distinfo 1.10
- lang/ruby27/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:21:00 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27: Makefile
pkgsrc/lang/ruby27-base: Makefile distinfo
Log Message:
lang/ruby27-base: update to 2.6.7
Ruby 2.7.6 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes some bug fixes. See the commit logs for further
details.
After thies release, we end the normal maintenance phase of Ruby 2.7, and
Ruby 2.7 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.7 excpet security fixes. Ther term
of the security maintenance pahse is scheduled for a year. Ruby 2.7 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 3.0
or 3.1.
To generate a diff of this commit:
cvs rdiff -u -r1.246 -r1.247 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby27/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby27-base/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby27-base/distinfo
|
|
lang/ruby26-base: security-update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.246
- lang/ruby26-base/Makefile 1.17
- lang/ruby26-base/distinfo 1.16
- lang/ruby26/Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:16:44 UTC 2022
Modified Files:
pkgsrc/lang/ruby26: Makefile
pkgsrc/lang/ruby26-base: Makefile distinfo
Log Message:
lang/ruby26-base: update to 2.6.10
Here is release announce:
Ruby 2.6.10 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes a fix of a build problem with very old compilers
and a fix of a regression of date library. See the commit logs for further
details.
After this release, Ruby 2.6 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.6 series. We will not release Ruby 2.6.11
even if a security vulnerability is found (but ocould release if a severe
regression is found). We recommend all Ruby 2.6 users to start migration to
Ruby 3.1, 3.0, or 2.7 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby26/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/ruby26-base/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:19:26 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: forgot to commit for 2.6.10
To generate a diff of this commit:
cvs rdiff -u -r1.245 -r1.246 pkgsrc/lang/ruby/rubyversion.mk
|
|
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
devel/subversion: security update
Revisions pulled up:
- devel/java-subversion/Makefile 1.62
- devel/p5-subversion/Makefile 1.122
- devel/py-subversion/Makefile 1.95
- devel/ruby-subversion/Makefile 1.84
- devel/subversion-base/Makefile 1.130
- devel/subversion/Makefile 1.68
- devel/subversion/Makefile.version 1.88
- devel/subversion/distinfo 1.119
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Apr 12 16:24:29 UTC 2022
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
Log Message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Weißschuh
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.121 -r1.122 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/subversion-base/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 12 21:40:36 UTC 2022
Modified Files:
pkgsrc/devel/subversion: Makefile
Log Message:
subversion: reset PKGREVISION after update
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/subversion/Makefile
|
|
mail/mutt: security update
Revisions pulled up:
- mail/mutt/Makefile 1.259
- mail/mutt/distinfo 1.107
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Apr 13 08:24:37 UTC 2022
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.2.3
This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in
the uuencoded decoder routine.
Also fixed were a possible integer overflow issue in the general iconv and
rfc2047-conversion iconv functions. These are not believed to be
exploitable.
To generate a diff of this commit:
cvs rdiff -u -r1.258 -r1.259 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.106 -r1.107 pkgsrc/mail/mutt/distinfo
|
|
|
|
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.10
- www/firefox91-l10n/distinfo 1.12
- www/firefox91/Makefile 1.16
- www/firefox91/distinfo 1.12
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Apr 10 13:43:44 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.8.0
Security Vulnerabilities fixed in Firefox ESR 91.8
#CVE-2022-1097: Use-after-free in NSSToken objects
#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
#CVE-2022-1196: Use-after-free after VR Process destruction
#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
#CVE-2022-28286: iframe contents could be rendered outside the border
#CVE-2022-24713: Denial of Service via complex regular expressions
#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
|
|
|
|
lang/ruby: NetBSD/arm build fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.245
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 2 07:51:46 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
ruby: Do not append an ABI on NetBSD to the arch-specific extension
directory. Failure seen in:
http://victory.netbsd.org/pkgsrc/packages/reports/2022Q1/evbarm7-9.0/20220330.2134/ruby31-base-3.1.1/install.log
|
|
sysutils/ioping: build fix
Revisions pulled up:
- sysutils/ioping/distinfo 1.8
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 29 17:48:53 UTC 2022
Modified Files:
pkgsrc/sysutils/ioping: distinfo
Log Message:
ioping: fix patch checksum
|
|
www/gitea: build fix
Revisions pulled up:
- www/gitea/Makefile 1.69
- www/gitea/distinfo 1.30
- www/gitea/go-modules.mk 1.1
---
Module Name: pkgsrc
Committed By: tnn
Date: Mon Mar 28 15:59:22 UTC 2022
Modified Files:
pkgsrc/www/gitea: Makefile distinfo
Added Files:
pkgsrc/www/gitea: go-modules.mk
Log Message:
gitea: don't download distfiles during build phase (convert to go-module.mk)
|
|
devel/SDL: NetBSD/i386 build fix
Revisions pulled up:
- devel/SDL/distinfo 1.86
- devel/SDL/patches/patch-build-scripts_strip__fPIC.sh 1.1
---
Module Name: pkgsrc
Committed By: tnn
Date: Mon Mar 28 14:34:13 UTC 2022
Modified Files:
pkgsrc/devel/SDL: distinfo
Added Files:
pkgsrc/devel/SDL/patches: patch-build-scripts_strip__fPIC.sh
Log Message:
SDL: fix build on NetBSD/i386
XXX maybe pullup 2022Q1?
|
|
devel/R-tcltk2: mark as broken (infinite loop)
Revisions pulled up:
- devel/R-tcltk2/Makefile 1.5
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Mar 28 15:51:46 UTC 2022
Modified Files:
pkgsrc/devel/R-tcltk2: Makefile
Log Message:
R-tcltk2: mark as BROKEN
Infinite loop during build, see PR pkg/56696.
|