Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.15
- www/firefox91-l10n/distinfo 1.17
- www/firefox91/Makefile 1.25
- www/firefox91/distinfo 1.17
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Sep 6 15:38:35 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.13.0
Security Vulnerabilities fixed in Firefox ESR 91.13
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
|
|
textproc/libxslt: security fix
Revisions pulled up:
- textproc/libxslt/Makefile 1.120
- textproc/libxslt/distinfo 1.69
- textproc/libxslt/patches/patch-libxslt_transform.c 1.1
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 13 21:34:00 UTC 2022
Modified Files:
pkgsrc/textproc/libxslt: Makefile distinfo
Added Files:
pkgsrc/textproc/libxslt/patches: patch-libxslt_transform.c
Log Message:
libxslt: address CVE-2021-30560
Cherry-picked from the (new) upstream's 1.1.35 release.
|
|
|
|
lang/openjdk8: security update
lang/openjdk11: security update
Revisions pulled up:
- lang/openjdk11/Makefile 1.45
- lang/openjdk11/distinfo 1.35
- lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk deleted
- lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp deleted
- lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc deleted
- lang/openjdk8/Makefile 1.111-1.112
- lang/openjdk8/distinfo 1.89-1.91
- lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh 1.22
- lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp 1.2-1.3
- lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp deleted
- lang/openjdk8/patches/patch-make_common_MakeBase.gmk deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jul 10 14:47:25 UTC 2022
Modified Files:
pkgsrc/lang/openjdk8: Makefile distinfo
pkgsrc/lang/openjdk8/patches:
patch-common_autoconf_generated-configure.sh
patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
Added Files:
pkgsrc/lang/openjdk8/patches: patch-make_common_MakeBase.gmk
Removed Files:
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_share_vm_classfile_symbolTable.cpp
patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp
patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp
patch-hotspot_src_share_vm_memory_metaspace.cpp
Log Message:
openjdk8: Update to 1.8.332
CHangelog:
Follow OpenJDK 8u332 GA.
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/lang/openjdk8/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r1.21 -r1.22 \
pkgsrc/lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp
cvs rdiff -u -r0 -r1.3 \
pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Sun Jul 17 03:03:41 UTC 2022
Modified Files:
pkgsrc/lang/openjdk8: distinfo
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
Added Files:
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
Log Message:
openjdk8: fix NetBSD/evbarm-aarch64 build; PAC is only supported on Linux
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Mon Aug 15 12:23:06 UTC 2022
Modified Files:
pkgsrc/lang/openjdk11: Makefile distinfo
pkgsrc/lang/openjdk8: Makefile distinfo
Removed Files:
pkgsrc/lang/openjdk11/patches: patch-make_common_NativeCompilation.gmk
patch-make_lib_Awt2dLibraries.gmk
patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp
patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp
patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp
patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
patch-make_common_MakeBase.gmk
Log Message:
openjdk*: Security & bugfix update for the long term support branches
Upstream kindly merged many of the NetBSD-specific patches. Thanks! <3
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/lang/openjdk11/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/openjdk11/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk \
pkgsrc/lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
cvs rdiff -u -r1.2 -r0 \
pkgsrc/lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
cvs rdiff -u -r1.111 -r1.112 pkgsrc/lang/openjdk8/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
cvs rdiff -u -r1.3 -r0 \
pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk
|
|
|
|
net/samba4: security update
databases/ldb: dependency update
Update net/samba4 to 4.15.9 from samba-4.15.6 by patch,
since HEAD is on a later minor.
Update databases/ldb to 2.4.4 from 2.4.2 because samba-4.15.9 requires it.
|
|
|
|
www/drupal9: security update
Revisions pulled up:
- www/drupal9/Makefile 1.5
- www/drupal9/PLIST 1.3
- www/drupal9/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:26:59 UTC 2022
Modified Files:
pkgsrc/www/drupal9: Makefile PLIST distinfo
Log Message:
www/drupal9: update to 9.3.20
9.3.20 (2022-07-28)
This is a patch (bugfix) release of Drupal 9 and is ready for use on
production sites. Learn more about Drupal 9.
* Drupal core uses the third-party Diactoros library as its PSR-7
implementation. Diactoros has issued a security advisory:
* CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
Attack
Drupal core is unlikely to be vulnerable. This bugfix release updates the
version of Diactoros used in drupal/core-recommended to a secure version as
a precaution.
9.3.19 (2022-07-20)
This is a security release of the Drupal 9 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure -
SA-CORE-2022-012
* Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
* Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
* Drupal core - Moderately critical - Multiple vulnerabilities -
SA-CORE-2022-015
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal9/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal9/PLIST pkgsrc/www/drupal9/distinfo
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.77
- www/drupal7/PLIST 1.31
- www/drupal7/distinfo 1.61
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:23:22 UTC 2022
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.91
7.91 (2022-07-20)
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.60 -r1.61 pkgsrc/www/drupal7/distinfo
|
|
time/ruby-tzinfo1: security update
Revisions pulled up:
- time/ruby-tzinfo1/Makefile 1.6
- time/ruby-tzinfo1/PLIST 1.3
- time/ruby-tzinfo1/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 30 14:20:42 UTC 2022
Modified Files:
pkgsrc/time/ruby-tzinfo1: Makefile PLIST distinfo
Log Message:
time/ruby-tzinfo1: update to 1.2.10
1.2.10 (2022-07-19)
* Fixed a relative path traversal bug that could cause arbitrary files to be
loaded with require when used with RubyDataSource. Please refer to
GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.
* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/time/ruby-tzinfo1/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/time/ruby-tzinfo1/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/time/ruby-tzinfo1/distinfo
|
|
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.283
- security/openssl/distinfo 1.161
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 11 23:03:51 UTC 2022
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
openssl: update to 1.1.1q.
Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
(CVE-2022-2097)
To generate a diff of this commit:
cvs rdiff -u -r1.282 -r1.283 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.160 -r1.161 pkgsrc/security/openssl/distinfo
|
|
net/unbound: security update
Revisions pulled up:
- net/unbound/Makefile 1.93,1.92
- net/unbound/distinfo 1.71,1.70
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Aug 1 12:38:46 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.2.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Jul 11 15:02:05 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.1.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo
|
|
net/rsync: security update
Revisions pulled up:
- net/rsync/Makefile 1.122,1.121
- net/rsync/distinfo 1.56
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 22 11:11:49 UTC 2022
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Log Message:
rsync: update to 3.2.5.
# NEWS for rsync 3.2.5 (14 Aug 2022)
## Changes in this version:
### SECURITY FIXES:
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host). Fixes CVE-2022-29154.
- A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
### BUG FIXES:
- Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
- Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
- Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
- If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and disable
the XX3 hashes (since these routines didn't stabilize until 0.8).
### ENHANCEMENTS:
- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
extra file-list safety checking (should that be required).
### PACKAGING RELATED:
- A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
- The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
### DEVELOPER RELATED:
- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/net/rsync/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 23 06:55:30 UTC 2022
Modified Files:
pkgsrc/net/rsync: Makefile
Log Message:
rsync: remove reference to non-existent file
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/net/rsync/Makefile
|
|
editors/vim-gtk2: security update
editors/vim-gtk3: security update
editors/vim-motif: security update
editors/vim-share: security update
editors/vim-xaw: security update
Revisions pulled up:
- editors/vim-gtk2/Makefile 1.97
- editors/vim-gtk3/Makefile 1.24
- editors/vim-motif/Makefile 1.42
- editors/vim-share/PLIST 1.61
- editors/vim-share/distinfo 1.199
- editors/vim-share/version.mk 1.138
- editors/vim-xaw/Makefile 1.65
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jul 27 15:13:11 UTC 2022
Modified Files:
pkgsrc/editors/vim-gtk2: Makefile
pkgsrc/editors/vim-gtk3: Makefile
pkgsrc/editors/vim-motif: Makefile
pkgsrc/editors/vim-share: PLIST distinfo version.mk
pkgsrc/editors/vim-xaw: Makefile
Log Message:
vim: update to 8.2.5172
On behalf of morr@ "please go ahead"
This includes security fixes. (more pending)
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
Changes:
8.2.4722 ending recording with mapping records too much
8.2.4723 the ModeChanged autocmd event is inefficient
8.2.4724 current instance of last search pattern not easily spotted
8.2.4725 unused variable in tiny build
8.2.4726 cannot use expand() to get the script name
8.2.4727 unused code
8.2.4728 no test that v:event cannot be modified
8.2.4729 HEEx and Surface templates do not need a separate filetype
8.2.4730 MS-Windows GUI: cannot use CTRL-/
8.2.4731 the changelist index is not remembered per buffer
8.2.4732 duplicate code to free fuzzy matches
8.2.4733 HEEx and Surface do need a separate filetype
8.2.4734 getcharpos() may change a mark position
8.2.4735 quickfix tests can be a bit hard to read
8.2.4736 build problem for Cygwin with Motif
8.2.4737 // in JavaScript string recognized as comment
8.2.4738 Esc on commandline executes command instead of abandoning it
8.2.4739 accessing freed memory after WinScrolled autocmd event
8.2.4740 when expand() fails there is no error message
8.2.4741 startup test fails
8.2.4742 there is no way to start logging very early in startup
8.2.4743 clang 14 is available on CI
8.2.4744 a terminal window can't use the bell
8.2.4745 using wrong flag for using bell in the terminal
8.2.4746 supercollider filetype not recognized
8.2.4747 no filetype override for .sys files
8.2.4748 cannot use an imported function in a mapping
8.2.4749 <script> is not expanded in autocmd context
8.2.4750 small pieces of dead code
8.2.4751 mapping <SID>name.Func does not work for autoload script
8.2.4752 wrong 'statusline' value can cause illegal memory access
8.2.4753 error from setting an option is silently ignored
8.2.4754 using cached values after unsetting some environment variables
8.2.4755 cannot use <SID>FuncRef in completion spec
8.2.4756 build error without the +eval feature
8.2.4757 list of libraries to suppress lsan errors is outdated
8.2.4758 when using an LSP channel want to get the message ID
8.2.4759 CurSearch highlight does not work for multi-line match
8.2.4760 using matchfuzzy() on a long list can take a while
8.2.4761 documentation for using LSP messages is incomplete
8.2.4762 using freed memory using synstack() and synID() in WinEnter
8.2.4763 using invalid pointer with "V:" in Ex mode
8.2.4764 CI uses an older gcc version
8.2.4765 function matchfuzzy() sorts too many items
8.2.4766 KRL files using "deffct" not recognized
8.2.4767 openscad files are not recognized
8.2.4768 CI: codecov upload sometimes does not work
8.2.4769 build warning with UCRT
8.2.4770 cannot easily mix expression and heredoc
8.2.4771 Coverity warns for not checking return value
8.2.4772 old Coverity warning for not checking ftell() return value
8.2.4773 build failure without the +eval feature
8.2.4774 crash when using a number for lambda name
8.2.4775 SpellBad highlighting does not work in Konsole
8.2.4776 GTK: 'lines' and 'columns' may change during startup
8.2.4777 screendump tests fail because of a redraw
8.2.4778 pacman files use dosini filetype
8.2.4779 lsan suppression is too version specific
8.2.4780 parsing an LSP message fails when it is split
8.2.4781 Maxima files are not recognized
8.2.4782 accessing freed memory
8.2.4783 Coverity warns for leaking memory
8.2.4784 lamba test with timer is flaky
8.2.4785 Visual mode not stopped if win_gotoid() goes to other buffer
8.2.4786 test for win_gotoid() in Visual mode fails on Mac
8.2.4787 prop_find() does not find the right property
8.2.4788 large payload for LSP message not tested
8.2.4789 cursor pos wrong when using :redraw while editing the cmdline
8.2.4790 lilypond filetype not recognized
8.2.4791 events triggered in different order when reusing buffer
8.2.4792 indent operator creates an undo entry for every line
8.2.4793 recognizing Maxima filetype even though it might be another
8.2.4794 compiler warning for not initialized variable
8.2.4795 'cursorbind' scrolling depends on whether 'cursorline' is set
8.2.4796 file left behind after running cursorline tests
8.2.4797 getwininfo() may get oudated values
8.2.4798 t_8u option was reset even when set by the user
8.2.4799 popup does not use correct topline
8.2.4800 missing test update for adjusted t_8u behavior
8.2.4801 fix for cursorbind fix not fully tested
8.2.4802 test is not cleaned up
8.2.4803 WinScrolled not always triggered when scrolling with mouse
8.2.4804 expression in heredoc doesn't work for compiled function
8.2.4805 CurSearch used for all matches in current line
8.2.4806 a mapping using <LeftDrag> does not start Select mode
8.2.4807 processing key eveints in Win32 GUI is not ideal
8.2.4808 unused item in engine struct
8.2.4809 various things not properly tested
8.2.4810 missing changes in one file
8.2.4811 Win32 GUI: caps lock doesn't work
8.2.4812 unused struct item
8.2.4813 pasting text while indent folding may mess up folds
8.2.4814 possible to leave a popup window with win_gotoid()
8.2.4815 cannot build with older GTK version
8.2.4816 still using older codecov app in some places of CI
8.2.4817 Win32 GUI: modifiers are not always used
8.2.4818 no test for what 8.2.4806 fixes
8.2.4819 unmapping simplified keys also deletes other mapping
8.2.4820 not simple programmatic way to find a specific mapping
8.2.4821 crash when imported autoload script was deleted
8.2.4822 setting ufunc to NULL twice
8.2.4823 concat more than 2 strings in :def function is inefficient
8.2.4824 expression is evaluated multiple times
8.2.4825 can only get a list of mappings
8.2.4826 .cshtml files are not recognized
8.2.4827 typo in variable name
8.2.4828 fix for unmapping simplified key not fully tested
8.2.4829 a key may be simplified to NUL
8.2.4830 possible endless loop if there is unused typahead
8.2.4831 crash when using maparg() and unmapping simplified keys
8.2.4832 passing zero instead of NULL to a pointer argument
8.2.4833 failure of mapping not checked for
8.2.4834 Vim9: some lines not covered by tests
8.2.4835 Vim9: some lines not covered by tests
8.2.4836 Vim9: some lines not covered by tests
8.2.4837 modifiers not simplified when timed out
8.2.4838 checking for absolute path is not trivial
8.2.4839 compiler warning for unused argument
8.2.4840 heredoc expression evaluated even when skipping
8.2.4841 empty string considered an error for expand()
8.2.4842 expand("%:p") is not empty when there is no buffer name
8.2.4843 treating CTRL + ALT as AltGr is not backwards compatible
8.2.4844 <C-S-I> is simplified to <S-Tab>
8.2.4845 duplicate code
8.2.4846 termcodes test fails
8.2.4847 crash when using uninitialized function pointer
8.2.4848 local completion with mappings and simplification not working
8.2.4849 Gleam filetype not detected
8.2.4850 mksession mixes up "tabpages" and "curdir" arguments
8.2.4851 compiler warning for uninitialized variable
8.2.4852 ANSI color index to RGB value not correct
8.2.4853 CI with FreeBSD is a bit outdated
8.2.4854 array size does not match usage
8.2.4855 robot files are not recognized
8.2.4856 MinGW compiler complains about unknown escape sequence
8.2.4857 Yaml indent for multiline is wrong
8.2.4858 K_SPECIAL may be escaped twice
8.2.4859 wget2 files are not recognized
8.2.4860 MS-Windows: always uses current directory for executables
8.2.4861 it is not easy to restore saved mappings
8.2.4862 Vim9: test may fail when run with valgrind
8.2.4863 accessing freed memory in test without the +channel feature
8.2.4864 Vim9: script test fails
8.2.4865 :startinsert right after :stopinsert may not work
8.2.4866 duplicate code in "get" functions
8.2.4867 listing of mapping with K_SPECIAL is wrong
8.2.4868 when closing help window autocmds triggered for wrong window
8.2.4869 expression in command block does not look after NL
8.2.4870 Vim9: expression in :substitute is not compiled
8.2.4871 Vim9: in :def function no error for misplaced range
8.2.4872 Vim9: no error for using an expression only
8.2.4873 Vim9: using "else" differs from using "endif/if !cond"
8.2.4874 Win32 GUI: horizontal scroll wheel not handled properly
8.2.4875 MS-Windows: some .exe files are not recognized
8.2.4876 MS-Windows: Shift-BS results in strange char in powershell
8.2.4877 MS-Windows: Wrongly using Normal colors for termguicolors
8.2.4878 valgrind warning for using uninitialized variable
8.2.4879 screendump test may fail when using valgrind
8.2.4880 Vim9: misplaced elseif causes invalid memory access
8.2.4881 "P" in Visual mode still changes some registers
8.2.4882 cannot make 'breakindent' use a specific column
8.2.4883 string interpolation only works in heredoc
8.2.4884 test fails without the job/channel feature
8.2.4885 test fails with the job/channel feature
8.2.4886 Vim9: redir in skipped block seen as assignment
8.2.4887 channel log does not show invoking a timer callback
8.2.4888 line number of lambda ignores line continuation
8.2.4889 CI only tests with FreeBSD 12
8.2.4890 inconsistent capitalization in error messages
8.2.4891 Vim help presentation could be better
8.2.4892 test failures because of changed error messages
8.2.4893 distributed import files are not installed
8.2.4894 MS-Windows: not using italics
8.2.4895 buffer overflow with invalid command with composing chars
8.2.4896 expression in command block does not look after NL
8.2.4897 comment inside an expression in lambda ignores the rest
8.2.4898 Coverity complains about pointer usage
8.2.4899 with latin1 encoding CTRL-W might go before the cmdline
8.2.4900 Vim9 expression test fails without the job feature
8.2.4901 NULL pointer access when using invalid pattern
8.2.4902 mouse wheel scrolling is inconsistent
8.2.4903 cannot get the current cmdline completion type and position
8.2.4904 codecov includes MS-Windows install files
8.2.4905 codecov includes MS-Windows install header file
8.2.4906 MS-Windows: cannot use transparent background
8.2.4907 some users do not want a line comment always inserted
8.2.4908 no text formatting for // comment after a statement
8.2.4909 MODE_ enum entries names are too generic
8.2.4910 imperfect coding
8.2.4911 the mode #defines are not clearly named
8.2.4912 using execute() to define a lambda doesn't work
8.2.4913 popup_hide() does not always have effect
8.2.4914 string interpolation in :def function may fail
8.2.4915 sometimes the cursor is in the wrong position
8.2.4916 mouse in Insert mode test fails
8.2.4917 fuzzy expansion of option names is not right
8.2.4918 conceal character from matchadd() displayed too many times
8.2.4919 can add invalid bytes with :spellgood
8.2.4920 MS-Windows GUI: unused variables
8.2.4921 spell test fails because of new illegal byte check
8.2.4922 mouse test fails on MS-Windows
8.2.4923 test checks for terminal feature unnecessarily
8.2.4924 maparg() may return a string that cannot be reused
8.2.4925 trailing backslash may cause reading past end of line
8.2.4926 #ifdef for crypt feature around too many lines
8.2.4927 return type of remove() incorrect when using three arguments
8.2.4928 various white space and cosmetic mistakes
8.2.4929 off-by-one error in in statusline item
8.2.4930 interpolated string expression requires escaping
8.2.4931 Crash with sequence of Perl commands
8.2.4932 not easy to filter the output of maplist()
8.2.4933 a few more capitalization mistakes in error messages
8.2.4934 string interpolation fails when not evaluating
8.2.4935 with 'foldmethod' "indent" some lines not included in fold
8.2.4936 MS-Windows: mouse coordinates for scroll event are wrong
8.2.4937 no test for what 8.2.4931 fixes
8.2.4938 crash when matching buffer with invalid pattern
8.2.4939 matchfuzzypos() with "matchseq" does not have all positions
8.2.4940 some code is never used
8.2.4941 '[ and '] marks may be wrong after undo
8.2.4942 error when setting 'filetype' in help file again
8.2.4943 changing 'switchbuf' may have no effect
8.2.4944 text properties are wrong after "cc"
8.2.4945 inconsistent use of white space
8.2.4946 Vim9: some code not covered by tests
8.2.4947 text properties not adjusted when accepting spell suggestion
8.2.4948 cannot use Perl heredoc in nested :def function
8.2.4949 Vim9: some code not covered by tests
8.2.4950 text properties position wrong after shifting text
8.2.4951 smart indenting done when not enabled
8.2.4952 GUI test will fail if color scheme changes
8.2.4953 with 'si' inserting '}' after completion goes wrong
8.2.4954 inserting line breaks text property spanning two lines
8.2.4955 text property in wrong position after auto-indent
8.2.4956 reading past end of line with "gf" in Visual block mode
8.2.4957 text properties in a wrong position after a block change
8.2.4958 a couple conditions are always true
8.2.4959 using NULL regexp program
8.2.4960 text properties that cross lines not updated for deleted line
8.2.4961 build error with a certain combination of features
8.2.4962 files show up in git status
8.2.4963 expanding path with "/**" may overrun end of buffer
8.2.4964 MS-Windows GUI: mouse event test is flaky
8.2.4965 GUI: testing mouse move event depends on screen cell size
8.2.4966 MS-Windows GUI: mouse event test gets extra event
8.2.4967 MS-Windows GUI: mouse event test sometimes fails
8.2.4968 reading past end of the line when C-indenting
8.2.4969 changing text in Visual mode may cause invalid memory access
8.2.4970 "eval 123" gives an error, "eval 'abc'" does not
8.2.4971 Vim9: interpolated string seen as range
8.2.4972 Vim9: compilation fails when using dict member when skipping
8.2.4973 Vim9: type error for list unpack mentions argument
8.2.4974 ":so" command may read after end of buffer
8.2.4975 recursive command line loop may cause a crash
8.2.4976 Coverity complains about not restoring a saved value
8.2.4977 memory access error when substitute expression changes window
8.2.4978 no error if engine selection atom is not at the start
8.2.4979 accessing freed memory when line is flushed
8.2.4980 when 'shortmess' contains 'A' loading session may still warn
8.2.4981 it is not possible to manipulate autocommands
8.2.4982 colors in terminal window are not 100% correct
8.2.4983 colors test fails in the GUI
8.2.4984 dragging statusline fails for window with winbar
8.2.4985 PVS warns for possible array underrun
8.2.4986 some github actions are outdated
8.2.4987 after deletion a small fold may be closable
8.2.4988 textprop in wrong position when replacing multi-byte chars
8.2.4989 cannot specify a function name for :defcompile
8.2.4990 memory leak when :defcompile fails
8.2.4991 no test for hwat patch 8.1.0535 fixes
8.2.4992 compiler warning for possibly uninitialized variable
8.2.4993 smart/C/lisp indenting is optional
8.2.4994 tests are using legacy functions
8.2.4995 still a compiler warning for possibly uninitialized variable
8.2.4996 setbufline() may change Visual selection
8.2.4997 Python: changing hidden buffer can cause display mess up
8.2.4998 Vim9: crash when using multiple funcref()
8.2.4999 filetype test table is not properly sorted
8.2.5000 no patch for documentation updates
8.2.5001 checking translations affects the search pattern history
8.2.5002 deletebufline() may change Visual selection
8.2.5003 cannot do bitwise shifts
8.2.5004 right shift on negative number does not work as documented
8.2.5005 compiler warning for uninitialized variable
8.2.5006 asan warns for undefined behavior
8.2.5007 spell suggestion may use uninitialized memory
8.2.5008 when 'formatoptions' contains "/" wrongly wrapping comment
8.2.5009 fold may not be closeable after appending
8.2.5010 the terminal debugger uses various global variables
8.2.5011 Replacing an autocommand requires several lines
8.2.5012 cannot select one character inside ()
8.2.5013 after text formatting cursor may be in an invalid position
8.2.5014 byte offsets are wrong when using text properties
8.2.5015 Hoon and Moonscript files are not recognized
8.2.5016 access before start of text with a put command
8.2.5017 gcc 12.1 warns for uninitialized variable
8.2.5018 Vim9: some code is not covered by tests
8.2.5019 cannot get the first screen column of a character
8.2.5020 using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'
8.2.5021 build fails with normal features and +terminal
8.2.5022 'completefunc'/'omnifunc' error does not end completion
8.2.5023 substitute overwrites allocated buffer
8.2.5024 using freed memory with "]d"
8.2.5025 Vim9: a few lines not covered by tests
8.2.5026 Vim9: a few lines not covered by tests
8.2.5027 error for missing :endif when an exception was thrown
8.2.5028 syntax regexp matching can be slow
8.2.5029 "textlock" is always zero
8.2.5030 autocmd_add() can only handle one event and pattern
8.2.5031 cannot easily run the benchmarks
8.2.5032 Python 3 test fails without the GUI
8.2.5033 build error with +eval but without +quickfix
8.2.5034 there is no way to get the byte index from a virtual column
8.2.5035 when splitting a window the changelist position moves
8.2.5036 using two counters for timeout check in NFA engine
8.2.5037 cursor position may be invalid after "0;" range
8.2.5038 a finished terminal in a popup window does not show scrollbar
8.2.5039 confusing error if first argument of popup_create() is wrong
8.2.5040 scrollbar thumb in scrolled popup not visible
8.2.5041 cannot close a terminal popup with "NONE" job
8.2.5042 scrollbar thumb in tall scrolled popup not visible
8.2.5043 can open a cmdline window from a substitute expression
8.2.5044 command line test fails
8.2.5045 can escape a terminal popup window when the job is finished
8.2.5046 vim_regsub() can overwrite the destination
8.2.5047 CurSearch highlight is often wrong
8.2.5048 when using XIM the gui test may fail
8.2.5049 insufficient tests for autocommands
8.2.5050 using freed memory when searching for pattern in path
8.2.5051 check for autocmd_add() event argument is confusing
8.2.5052 CI checkout step title is a bit cryptic
8.2.5053 cannot have a comment halfway an expression in a block
8.2.5054 no good filetype for conf files similar to dosini
8.2.5055 statusline is not updated when terminal title changes
8.2.5056 the channel log only contains some of the raw terminal output
8.2.5057 using gettimeofday() for timeout is very inefficient
8.2.5058 input() does not handle composing characters properly
8.2.5059 autoconf 2.71 produces many obsolete warnings
8.2.5060 running configure fails
8.2.5061 C89 requires signal handlers to return void
8.2.5062 Coverity warns for dead code
8.2.5063 error for a command may go over the end of IObuff
8.2.5064 no test for what 8.1.0052 fixes
8.2.5065 wrong return type for main() in tee.c
8.2.5066 can specify multispace listchars only for whole line
8.2.5067 timer_create is not available on every Mac system
8.2.5068 gcc 12.1 warning when building tee
8.2.5069 various warnings from clang on MS-Windows
8.2.5070 unnecessary code
8.2.5071 with some Mac OS version clockid_t is redefined
8.2.5072 using uninitialized value and freed memory in spell command
8.2.5073 clang on MS-Windows produces warnings
8.2.5074 spell test fails on MS-Windows
8.2.5075 clang gives an out of bounds warning
8.2.5076 unnecessary code
8.2.5077 various warnings from clang on MS-Windows
8.2.5078 substitute test has a one second delay
8.2.5079 DirChanged autocommand may use freed memory
8.2.5080 when indenting gets out of hand it is hard to stop
8.2.5081 autocmd test fails on MS-Windows
8.2.5082 retab test fails
8.2.5083 autocmd test still fails on MS-Windows
8.2.5084 when the GUI shows a dialog tests get stuck
8.2.5085 gcc gives warning for signed/unsigned difference
8.2.5086 CI runs on Windows 2019
8.2.5087 cannot build with clang on MS-Windows
8.2.5088 value of cmod_verbose is a bit complicated to use
8.2.5089 some functions return a different value on failure
8.2.5090 MS-Windows: vim.def is no longer used
8.2.5091 terminal test fails with some shell commands
8.2.5092 using "'<,'>" in Ex mode may compare unrelated pointers
8.2.5093 error message for unknown command may have the command twice
8.2.5094 MS-Windows GUI: empty command may cause a dialog
8.2.5095 terminal test still fails with some shell commands
8.2.5096 terminal test still fails with some shell commands
8.2.5097 using uninitialized memory when using 'listchars'
8.2.5098 spelldump test sometimes hangs
8.2.5099 some terminal tests are not retried
8.2.5100 memory usage tests are not retried
8.2.5101 MS-Windows with MinGW: $CC may be "cc" instead of "gcc"
8.2.5102 interrupt not caught in test
8.2.5103 build fails with small features
8.2.5104 test hangs on MS-Windows
8.2.5105 test still hangs on MS-Windows
8.2.5106 default cmdwin mappings are re-mappable
8.2.5107 some callers of rettv_list_alloc() check for not OK
8.2.5108 retab test disabled because it hangs on MS-Windows
8.2.5109 mode not updated after CTRL-O CTRL-C in Insert mode
8.2.5110 icon filetype not recognized from the first line
8.2.5111 no test for --gui-dialog-file
8.2.5112 gui test hangs on MS-Windows
8.2.5113 timer becomes invalid after fork/exec, :gui gives errors
8.2.5114 time limit on searchpair() does not work properly
8.2.5115 search timeout is overrun with some patterns
8.2.5116 "limit" option of matchfuzzy() not always respected
8.2.5117 crash when calling a Lua callback from a :def function
8.2.5118 MS-Windows: sending a message to another Vim may hang
8.2.5119 CI uses cache v2
8.2.5120 searching for quotes may go over the end of the line
8.2.5121 interrupt test sometimes fails
8.2.5122 lisp indenting my run over the end of the line
8.2.5123 using invalid index when looking for spell suggestions
8.2.5124 when syntax timeout test fails it does not show the time
8.2.5125 MS-Windows: warnings from MinGW compiler
8.2.5126 substitute may overrun destination buffer
8.2.5127 using assert_true() does not show value on failure
8.2.5128 syntax disabled when using synID() in searchpair() skip expr
8.2.5129 timeout handling is not optimal
8.2.5130 edit test for mode message fails when using valgrind
8.2.5131 timeout implementation is not optimal
8.2.5132 :mkview test doesn't test much
8.2.5133 MacOS: build fails
8.2.5134 function has confusing name
8.2.5135 running configure gives warnings for main() return type
8.2.5136 debugger test fails when run with valgrind
8.2.5137 cannot build without the +channel feature
8.2.5138 various small issues
8.2.5139 TIME_WITH_SYS_TIME is no longer supported by autoconf
8.2.5140 seachpair timeout test is flaky
8.2.5141 using "volatile int" in a signal handler might be wrong
8.2.5142 startup test fails if there is a status bar
8.2.5143 some tests fail when using valgrind
8.2.5144 with 'lazyredraw' set completion menu may be wrong
8.2.5145 exit test causes spurious valgrind reports
8.2.5146 memory leak when substitute expression nests
8.2.5147 flaky test always fails on retry
8.2.5148 invalid memory access when using expression on command line
8.2.5149 cannot build without the +eval feature
8.2.5150 read past the end of the first line with ":0;'{"
8.2.5151 reading beyond the end of the line with lisp indenting
8.2.5152 search() gets stuck with "c" and skip evaluates to true
8.2.5153 "make uninstall" does not remove colors/lists
8.2.5154 still mentioning version8, some cosmetic issues
8.2.5155 in diff mode windows may get out of sync
8.2.5156 search timeout test often fails with FreeBSD
8.2.5157 MS-Windows GUI: CTRL-key combinations do not always work
8.2.5158 TSTP and INT signal tests are not run with valgrind
8.2.5159 fix for CTRL-key combinations causes problems
8.2.5160 accessing invalid memory after changing terminal size
8.2.5161 might still access invalid memory
8.2.5162 reading before the start of the line with BS in Replace mode
8.2.5163 crash when deleting buffers in diff mode
8.2.5164 invalid memory access after diff buffer manipulations
8.2.5165 import test fails because 'diffexpr' isn't reset
8.2.5166 test for DiffUpdated fails
8.2.5167 get(Fn, 'name') on funcref returns special byte code
8.2.5168 cannot build with Python 3.11
8.2.5169 nested :source may use NULL pointer
8.2.5170 tiny issues
8.2.5171 dependencies and proto files are outdated
8.2.5172 "make menu" still uses legacy script
To generate a diff of this commit:
cvs rdiff -u -r1.96 -r1.97 pkgsrc/editors/vim-gtk2/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/editors/vim-gtk3/Makefile
cvs rdiff -u -r1.41 -r1.42 pkgsrc/editors/vim-motif/Makefile
cvs rdiff -u -r1.60 -r1.61 pkgsrc/editors/vim-share/PLIST
cvs rdiff -u -r1.198 -r1.199 pkgsrc/editors/vim-share/distinfo
cvs rdiff -u -r1.137 -r1.138 pkgsrc/editors/vim-share/version.mk
cvs rdiff -u -r1.64 -r1.65 pkgsrc/editors/vim-xaw/Makefile
|
|
|
|
chat/libpurple: security update
chat/finch: security update
chat/pidgin: security update
chat/pidgin-sametime: security update
chat/pidgin-silc: security update
Revisions pulled up:
- chat/finch/Makefile 1.87
- chat/libpurple/Makefile 1.117
- chat/libpurple/Makefile.common 1.56
- chat/libpurple/distinfo 1.56
- chat/pidgin-sametime/Makefile 1.67
- chat/pidgin-silc/Makefile 1.70
- chat/pidgin/Makefile 1.97
- chat/pidgin/PLIST 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jul 20 02:14:13 UTC 2022
Modified Files:
pkgsrc/chat/finch: Makefile
pkgsrc/chat/libpurple: Makefile Makefile.common distinfo
pkgsrc/chat/pidgin: Makefile PLIST
pkgsrc/chat/pidgin-sametime: Makefile
pkgsrc/chat/pidgin-silc: Makefile
Log Message:
libpurple, finch, pidgin: update to 2.14.10
This notably fixes security issues (CVE-2012-1257, CVE-2022-26491).
Tested on NetBSD/amd64.
XXX pull-up to the pkgsrc-2022Q2 branch
The complete changelog for the new versions is reproduced here:
version 2.14.10 (06/02/2022):
General:
* Audit and correct the COPYRIGHT file. (RR 1425) (Richard Laager)
* Fix a spelling error in a debug message for proxies. (RR 1426) (Richard
Laager)
* Install some emojis already in the theme but not being installed.
(RR 1428) (Richard Laager)
* Drop the QQ smileys as we don't ship QQ anymore. (PIDGIN-14385) (RR 1429)
(Richard Laager)
* Modernize the desktop file. (RR 1433) (Richard Laager)
* Modernize the appdata file. (RR 1431) (Richard Laager)
* Make privacy settings persist. (PIDGIN-17137) (RR 1463) (Belgin Știrbu)
Pidgin:
* Fix a use after free that was introduced in 2.14.9. (RR 1488) (ivanhoe)
IRC:
* Fix a crash if the server sends a short form JOIN message. (PIDGIN-17375)
(RR 1484) (Belgin Știrbu)
XMPP:
* Fix a regression from 2.14.9 where XMPP accounts state would get lost
after failing to connect. (PIDGIN-17621) (RR 1455) (Belgin Știrbu)
* Fix a crash when requesting your own info in an XMPP conference. (RR 1465)
(Belgin Știrbu)
* Fix hang when completing a file transfer over XMPP. (RR 1466) (Belgin
Știrbu)
* Fix updating custom smileys. (PIDGIN-17153) (RR 1477) (Belgin Știrbu)
* Fix unblocking users. (PIDGIN-16414) (RR 1479) (Belgin Știrbu)
* Fix a crash when cancelling a file transfer. (PIDGIN-17189) (RR 1485)
(Belgin Știrbu)
version 2.14.9 (04/28/2022):
Security:
* Remove _xmppconnect support. (RR 1357) (CVE-2022-26491) (Gary Kramlich)
libpurple:
* Fix a GLib CRITICAL message with typing time outs. (RR 1123) (Mohammed
Sadiq)
* Fix an issue where the unit tests for purple_str_to_time would fail.
(GENTOO-819774) (RR 1238) (Gary Kramlich)
Pidgin:
* Fix a memory leak in pidgin_conversations_set_tab_colors. (RR 1244)
(ivanhoe)
* Fixed the majority of the infinite resizing issues in the input box.
(PIDGIN-16753, PIDGIN-16999, PIDGIN-17287, PIDGIN-17413, PIDGIN-17430,
PIDGIN-17568, PIDGIN-17602) (RR 1342) (Belgin Știrbu)
* Add transient-buddy back which is used to show some context menus and
other things. (PIDGIN-17523) (RR 1381) (Belgin Știrbu)
Windows:
* Fix the download of dictionaries in the Windows installer. (PIDGIN-14618,
PIDGIN-15648, PIDGIN-15540, PIDGIN-14612, PIDGIN-14893) (RR 1303) (Gary
Kramlich)
Translations:
* Fix a typo in the German translations. (PIDGIN-17575) (RR 1242) (ivanhoe)
* Synced all of the translations with Transifex.
IRC:
* Fix IRC file transfers on Windows. (PIDGIN-17175) (RR 1382) (Belgin
Știrbu)
* Fix file transfers failing at 99% on IRC. (PIDGIN-15893) (RR 1385) (Belgin
Știrbu)
* Default realname and ident name in IRC to the username (nickname) of the
account. (PIDGIN-17610) (RR 1386) (Belgin Știrbu)
* Add an advanced account option to IRC accounts for explicitly setting the
SASL login name. (PIDGIN-15451) (RR 1388) (Belgin Știrbu)
* Added a rate limiter that should make it impossible to excess flood.
(RR 1391) (Gary Kramlich)
SIMPLE:
* Fix an issue with the CSeq numbers in SIMPLE. (PIDGIN-9675) (RR 1379)
(dohmniq)
XMPP:
* Fix XMPP attention messages being sent to incorrect JIDs. (PIDGIN-14714)
(RR 1387) (itsnotabigtruck, Belgin Știrbu)
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 pkgsrc/chat/finch/Makefile
cvs rdiff -u -r1.116 -r1.117 pkgsrc/chat/libpurple/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/chat/libpurple/Makefile.common \
pkgsrc/chat/libpurple/distinfo
cvs rdiff -u -r1.96 -r1.97 pkgsrc/chat/pidgin/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/pidgin/PLIST
cvs rdiff -u -r1.66 -r1.67 pkgsrc/chat/pidgin-sametime/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/chat/pidgin-silc/Makefile
|
|
www/firefox91: security update
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.13
- www/firefox91-l10n/distinfo 1.15
- www/firefox91/Makefile 1.22
- www/firefox91/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 22 08:16:40 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo
|
|
devel/git: security update
devel/git-base: security update
devel/git-docs: security update
www/gitweb: security update
Revisions pulled up:
- devel/git-base/Makefile 1.97
- devel/git-base/distinfo 1.120-1.121
- devel/git-docs/Makefile 1.21
- devel/git/Makefile.version 1.106-1.107
- www/gitweb/Makefile 1.45
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 6 11:54:00 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
pkgsrc/devel/git-docs: Makefile
pkgsrc/www/gitweb: Makefile
Log Message:
git: updated to 2.37.0
Git v2.37 Release Notes
===========
UI, Workflows & Features
* "vimdiff[123]" mergetool drivers have been reimplemented with a
more generic layout mechanism.
* "git -v" and "git -h" are now understood as "git --version" and
"git --help".
* The temporary files fed to external diff command are now generated
inside a new temporary directory under the same basename.
* "git log --since=X" will stop traversal upon seeing a commit that
is older than X, but there may be commits behind it that is younger
than X when the commit was created with a faulty clock. A new
option is added to keep digging without stopping, and instead
filter out commits with timestamp older than X.
* "git -c branch.autosetupmerge=simple branch $A $B" will set the $B
as $A's upstream only when $A and $B shares the same name, and "git
-c push.default=simple" on branch $A would push to update the
branch $A at the remote $B came from. Also more places use the
sole remote, if exists, before defaulting to 'origin'.
* A new doc has been added that lists tips for tools to work with
Git's codebase.
* "git remote -v" now shows the list-objects-filter used during
fetching from the remote, if available.
* With the new http.curloptResolve configuration, the CURLOPT_RESOLVE
mechanism that allows cURL based applications to use pre-resolved
IP addresses for the requests is exposed to the scripts.
* "git add -i" was rewritten in C some time ago and has been in
testing; the reimplementation is now exposed to general public by
default.
* Deprecate non-cone mode of the sparse-checkout feature.
* Introduce a filesystem-dependent mechanism to optimize the way the
bits for many loose object files are ensured to hit the disk
platter.
* The "do not remove the directory the user started Git in" logic,
when Git cannot tell where that directory is, is disabled. Earlier
we refused to run in such a case.
* A mechanism to pack unreachable objects into a "cruft pack",
instead of ejecting them into loose form to be reclaimed later, has
been introduced.
* Update the doctype written in gitweb output to xhtml5.
* The "transfer.credentialsInURL" configuration variable controls what
happens when a URL with embedded login credential is used on either
"fetch" or "push". Credentials are currently only detected in
`remote.<name>.url` config, not `remote.<name>.pushurl`.
* "git revert" learns "--reference" option to use more human-readable
reference to the commit it reverts in the message template it
prepares for the user.
* Various error messages that talk about the removal of
"--preserve-merges" in "rebase" have been strengthened, and "rebase
--abort" learned to get out of a state that was left by an earlier
use of the option.
Performance, Internal Implementation, Development Support etc.
* The performance of the "untracked cache" feature has been improved
when "--untracked-files=<mode>" and "status.showUntrackedFiles"
are combined.
* "git stash" works better with sparse index entries.
* "git show :<path>" learned to work better with the sparse-index
feature.
* Introduce and apply coccinelle rule to discourage an explicit
comparison between a pointer and NULL, and applies the clean-up to
the maintenance track.
* Preliminary code refactoring around transport and bundle code.
* "sparse-checkout" learns to work better with the sparse-index
feature.
* A workflow change for translators are being proposed. git.pot is
no longer version controlled and it is local responsibility of
translators to generate it.
* Plug the memory leaks from the trickiest API of all, the revision
walker.
* Rename .env_array member to .env in the child_process structure.
* The fsmonitor--daemon handles even more corner cases when
watching filesystem events.
* A new bug() and BUG_if_bug() API is introduced to make it easier to
uniformly log "detect multiple bugs and abort in the end" pattern.
Fixes since v2.36
-----------------
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
(merge 4f1ccef87c gc/submodule-update-part2 later to maint).
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
(merge f8781bfda3 jc/diff-tree-stdin-fix later to maint).
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
(merge 45a14f578e rs/name-rev-fix-free-after-use later to maint).
* "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
(merge 5cdb38458e jc/show-pathspec-fix later to maint).
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
(merge d1c25272f5 rs/fast-export-pathspec-fix later to maint).
* "git format-patch <args> -- <pathspec>" lost the pathspec when
showing the second and subsequent commits, which has been
corrected.
(merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint).
* "git clone --origin X" leaked piece of memory that held value read
from the clone.defaultRemoteName configuration variable, which has
been plugged.
(merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint).
* Get rid of a bogus and over-eager coccinelle rule.
(merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint).
* The path taken by "git multi-pack-index" command from the end user
was compared with path internally prepared by the tool without first
normalizing, which lead to duplicated paths not being noticed,
which has been corrected.
(merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint).
* Correct choices of C compilers used in various CI jobs.
(merge 3506cae04f ab/cc-package-fixes later to maint).
* Various cleanups to "git p4".
(merge 4ff0108d9e jh/p4-various-fixups later to maint).
* The progress meter of "git blame" was showing incorrect numbers
when processing only parts of the file.
(merge e5f5d7d42e ea/progress-partial-blame later to maint).
* "git rebase --keep-base <upstream> <branch-to-rebase>" computed the
commit to rebase onto incorrectly, which has been corrected.
(merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint).
* Fix a leak of FILE * in an error codepath.
(merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint).
* Avoid problems from interaction between malloc_check and address
sanitizer.
(merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint).
* The commit summary shown after making a commit is matched to what
is given in "git status" not to use the break-rewrite heuristics.
(merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint).
* Update a few end-user facing messages around EOL conversion.
(merge c970d30c2c ah/convert-warning-message later to maint).
* Trace2 documentation updates.
(merge a6c80c313c js/trace2-doc-fixes later to maint).
* Build procedure fixup.
(merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint).
* "git pull" without "--recurse-submodules=<arg>" made
submodule.recurse take precedence over fetch.recurseSubmodules by
mistake, which has been corrected.
(merge 5819417365 gc/pull-recurse-submodules later to maint).
* "git bisect" was too silent before it is ready to start computing
the actual bisection, which has been corrected.
(merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint).
* macOS CI jobs have been occasionally flaky due to tentative version
skew between perforce and the homebrew packager. Instead of
failing the whole CI job, just let it skip the p4 tests when this
happens.
(merge f15e00b463 cb/ci-make-p4-optional later to maint).
* A bit of test framework fixes with a few fixes to issues found by
valgrind.
(merge 7c898554d7 ab/valgrind-fixes later to maint).
* "git archive --add-file=<path>" picked up the raw permission bits
from the path and propagated to zip output in some cases, without
normalization, which has been corrected (tar output did not have
this issue).
(merge 6a61661967 jc/archive-add-file-normalize-mode later to maint).
* "make coverage-report" without first running "make coverage" did
not produce any meaningful result, which has been corrected.
(merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint).
* The "--current" option of "git show-branch" should have been made
incompatible with the "--reflog" mode, but this was not enforced,
which has been corrected.
(merge 41c64ae0e7 jc/show-branch-g-current later to maint).
* "git fetch" unnecessarily failed when an unexpected optional
section appeared in the output, which has been corrected.
(merge 7709acf7be jt/fetch-peek-optional-section later to maint).
* The way "git fetch" without "--update-head-ok" ensures that HEAD in
no worktree points at any ref being updated was too wasteful, which
has been optimized a bit.
(merge f7400da800 os/fetch-check-not-current-branch later to maint).
* "git fetch --recurse-submodules" from multiple remotes (either from
a remote group, or "--all") used to make one extra "git fetch" in
the submodules, which has been corrected.
(merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint).
* With a recent update to refuse access to repositories of other
people by default, "sudo make install" and "sudo git describe"
stopped working, which has been corrected.
(merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint).
* The tests that ensured merges stop when interfering local changes
are present did not make sure that local changes are preserved; now
they do.
(merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint).
* Some real problems noticed by gcc 12 have been fixed, while false
positives have been worked around.
* Update the version of FreeBSD image used in Cirrus CI.
(merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint).
* The multi-pack-index code did not protect the packfile it is going
to depend on from getting removed while in use, which has been
corrected.
(merge 4090511e40 tb/midx-race-in-pack-objects later to maint).
* Teach "git repack --geometric" work better with "--keep-pack" and
avoid corrupting the repository when packsize limit is used.
(merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint).
* The documentation on the interaction between "--add-file" and
"--prefix" options of "git archive" has been improved.
(merge a75910602a rs/document-archive-prefix later to maint).
* A git subcommand like "git add -p" spawns a separate git process
while relaying its command line arguments. A pathspec with only
negative elements was mistakenly passed with an empty string, which
has been corrected.
(merge b02fdbc80a jc/all-negative-pathspec later to maint).
* With a more targeted workaround in http.c in another topic, we may
be able to lift this blanket "GCC12 dangling-pointer warning is
broken and unsalvageable" workaround.
(merge 419141e495 cb/buggy-gcc-12-workaround later to maint).
* A misconfigured 'branch..remote' led to a bug in configuration
parsing.
(merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint).
* "git -c diff.submodule=log range-diff" did not show anything for
submodules that changed in the ranges being compared, and
"git -c diff.submodule=diff range-diff" did not work correctly.
Fix this by including the "--submodule=short" output
unconditionally to be compared.
* In Git 2.36 we revamped the way how hooks are invoked. One change
that is end-user visible is that the output of a hook is no longer
directly connected to the standard output of "git" that spawns the
hook, which was noticed post release. This is getting corrected.
(merge a082345372 ab/hooks-regression-fix later to maint).
* Updating the graft information invalidates the list of parents of
in-core commit objects that used to be in the graft file.
* "git show-ref --heads" (and "--tags") still iterated over all the
refs only to discard refs outside the specified area, which has
been corrected.
(merge c0c9d35e27 tb/show-ref-optim later to maint).
* Remove redundant copying (with index v3 and older) or possible
over-reading beyond end of mmapped memory (with index v4) has been
corrected.
(merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint).
* Sample watchman interface hook sometimes failed to produce
correctly formatted JSON message, which has been corrected.
(merge 134047b500 sn/fsmonitor-missing-clock later to maint).
* Use-after-free (with another forget-to-free) fix.
(merge 323822c72b ab/remote-free-fix later to maint).
* Remove a coccinelle rule that is no longer relevant.
(merge b1299de4a1 jc/cocci-cleanup later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge e6b2582da3 cm/reftable-0-length-memset later to maint).
(merge 0b75e5bf22 ab/misc-cleanup later to maint).
(merge 52e1ab8a76 ea/rebase-code-simplify later to maint).
(merge 756d15923b sg/safe-directory-tests-and-docs later to maint).
(merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint).
(merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint).
(merge 1da312742d gf/unused-includes later to maint).
(merge 465b30a92d pb/submodule-recurse-mode-enum later to maint).
(merge 82b28c4ed8 km/t3501-use-test-helpers later to maint).
(merge 72315e431b sa/t1011-use-helpers later to maint).
(merge 95b3002201 cg/vscode-with-gdb later to maint).
(merge fbe5f6b804 tk/p4-utf8-bom later to maint).
(merge 17f273ffba tk/p4-with-explicity-sync later to maint).
(merge 944db25c60 kf/p4-multiple-remotes later to maint).
(merge b014cee8de jc/update-ozlabs-url later to maint).
(merge 4ec5008062 pb/ggg-in-mfc-doc later to maint).
(merge af845a604d tb/receive-pack-code-cleanup later to maint).
(merge 2acf4cf001 js/ci-gcc-12-fixes later to maint).
(merge 05e280c0a6 jc/http-clear-finished-pointer later to maint).
(merge 8c49d704ef fh/transport-push-leakfix later to maint).
(merge 1d232d38bd tl/ls-tree-oid-only later to maint).
(merge db7961e6a6 gc/document-config-worktree-scope later to maint).
(merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint).
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.96 -r1.97 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.119 -r1.120 pkgsrc/devel/git-base/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/git-docs/Makefile
cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/gitweb/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Thu Jul 14 10:55:37 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: updated to 2.37.1
Git 2.37.1 Release Notes
============
This release merges up the fixes that appear in v2.30.5, v2.31.4,
v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the
security issue CVE-2022-29187; see the release notes for these
versions for details.
Fixes since Git 2.37
--------------------
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.
* Fix for CVS-2022-29187.
To generate a diff of this commit:
cvs rdiff -u -r1.106 -r1.107 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.120 -r1.121 pkgsrc/devel/git-base/distinfo
|
|
chat/prosody: integration fix
Revisions pulled up:
- chat/prosody/Makefile 1.38-1.40
- chat/prosody/files/prosody.sh 1.3-1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 01:53:00 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: fix the path to the PID file in the RC script
PROSODY_RUN is set to eg /var/run/prosody/prosody.pid instead of just
/var/run/prosody.pid, which is a good thing (tm) since prosody's user
needs the access rights to write to the corresponding directory.
Unfortunately, the directory is not automatically created nor the right
permissions set yet, but this is progress.
While there, appease pkglint(1).
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 once the complete solution is in place
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 02:31:46 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: make sure pidfile always matches PROSODY_RUN in the RC script
This concludes my investigation on the correct path for the PID file.
No changes to the final binary if PROSODY_RUN is set to its default
value.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Mon Jul 25 04:47:07 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
chat/prosody: always create the directory for the PID file
The RC script for prosody now always creates the corresponding
sub-directory for prosody's PID file. This is inspired by the RC script
for mdnsd in NetBSD, and for dbus in pkgsrc; thanks spz@ for the
suggestion!
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 (completes request 6649)
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/chat/prosody/files/prosody.sh
|
|
|
|
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.7
- devel/ruby-activejob70/distinfo 1.7
- devel/ruby-activemodel70/distinfo 1.7
- devel/ruby-activestorage70/distinfo 1.7
- devel/ruby-activesupport70/distinfo 1.7
- devel/ruby-railties70/Makefile 1.5
- devel/ruby-railties70/distinfo 1.7
- lang/ruby/rails.mk 1.132
- mail/ruby-actionmailbox70/distinfo 1.7
- mail/ruby-actionmailer70/distinfo 1.7
- textproc/ruby-actiontext70/distinfo 1.7
- www/ruby-actioncable70/distinfo 1.7
- www/ruby-actionpack70/distinfo 1.7
- www/ruby-actionview70/distinfo 1.7
- www/ruby-rails70/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:48:48 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.3.1
Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only.
databases/ruby-activerecord70
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.131 -r1.132 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-rails70/distinfo
|
|
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.14
- devel/ruby-activejob61/distinfo 1.14
- devel/ruby-activemodel61/distinfo 1.14
- devel/ruby-activestorage61/distinfo 1.14
- devel/ruby-activesupport61/distinfo 1.14
- devel/ruby-railties61/Makefile 1.4
- devel/ruby-railties61/distinfo 1.14
- lang/ruby/rails.mk 1.131
- mail/ruby-actionmailbox61/distinfo 1.14
- mail/ruby-actionmailer61/distinfo 1.14
- textproc/ruby-actiontext61/distinfo 1.14
- www/ruby-actioncable61/distinfo 1.14
- www/ruby-actionpack61/distinfo 1.14
- www/ruby-actionview61/distinfo 1.14
- www/ruby-rails61/distinfo 1.14
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:46:24 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.6.1
Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.
databases/ruby-activerecord61
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo
|
|
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.19
- devel/ruby-activejob60/distinfo 1.19
- devel/ruby-activemodel60/distinfo 1.19
- devel/ruby-activestorage60/distinfo 1.19
- devel/ruby-activesupport60/distinfo 1.19
- devel/ruby-railties60/Makefile 1.5
- devel/ruby-railties60/distinfo 1.19
- lang/ruby/rails.mk 1.130
- mail/ruby-actionmailbox60/distinfo 1.19
- mail/ruby-actionmailer60/distinfo 1.19
- textproc/ruby-actiontext60/distinfo 1.19
- www/ruby-actioncable60/distinfo 1.19
- www/ruby-actionpack60/distinfo 1.19
- www/ruby-actionview60/distinfo 1.19
- www/ruby-rails60/distinfo 1.19
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:44:10 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.5.1
Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only.
databases/ruby-activerecord60
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties60/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-rails60/distinfo
|
|
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.15
- devel/ruby-activejob52/distinfo 1.15
- devel/ruby-activemodel52/distinfo 1.15
- devel/ruby-activestorage52/distinfo 1.15
- devel/ruby-activesupport52/distinfo 1.15
- devel/ruby-railties52/Makefile 1.4
- devel/ruby-railties52/distinfo 1.15
- lang/ruby/rails.mk 1.129
- mail/ruby-actionmailer52/distinfo 1.15
- www/ruby-actioncable52/distinfo 1.15
- www/ruby-actionpack52/distinfo 1.15
- www/ruby-actionview52/distinfo 1.15
- www/ruby-rails52/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:41:09 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-activestorage52: distinfo
pkgsrc/devel/ruby-activesupport52: distinfo
pkgsrc/devel/ruby-railties52: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-actionpack52: distinfo
pkgsrc/www/ruby-actionview52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.8.1
Rails 5.2.8.1 (2022-07-12) updates databases/ruby-activerecord52 only.
databases/ruby-activerecord52
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activestorage52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activesupport52/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties52/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.128 -r1.129 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionpack52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionview52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-rails52/distinfo
|
|
lang/nodejs: security update
Revisions pulled up:
- lang/nodejs/Makefile 1.237
- lang/nodejs/distinfo 1.217
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:31:15 UTC 2022
Modified Files:
pkgsrc/lang/nodejs: Makefile distinfo
Log Message:
nodejs: updated to 18.5.0
Version 18.5.0 (Current), @RafaelGSS
This is a security release.
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- (SEMVER-MAJOR) src,doc,test: add --openssl-shared-config option (Daniel Bevenius)
Node.js now reads nodejs_conf section in the openssl config
- deps: update archs files for quictls/openssl-3.0.5+quic (RafaelGSS)
- deps: upgrade openssl sources to quictls/openssl-3.0.5+quic (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.236 -r1.237 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.216 -r1.217 pkgsrc/lang/nodejs/distinfo
|
|
lang/nodejs16: security update
Revisions pulled up:
- lang/nodejs16/Makefile 1.3
- lang/nodejs16/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:30:19 UTC 2022
Modified Files:
pkgsrc/lang/nodejs16: Makefile distinfo
Log Message:
nodejs16: updated to 16.16.0
Version 16.16.0 'Gallium' (LTS)
This is a security release.
Notable changes
deps:
upgrade openssl sources to OpenSSL_1_1_1q (RafaelGSS)
src:
add OpenSSL config appname (Daniel Bevenius)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/nodejs16/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs16/distinfo
|
|
lang/nodejs14: security update
Revisions pulled up:
- lang/nodejs14/Makefile 1.4
- lang/nodejs14/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:29:36 UTC 2022
Modified Files:
pkgsrc/lang/nodejs14: Makefile distinfo
Log Message:
nodejs14: updated to 14.20.0
Version 14.20.0 'Fermium' (LTS)
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- deps: upgrade openssl sources to 1.1.1q (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs14/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/nodejs14/distinfo
|
|
|
|
|
|
|
|
x11/libXft: NetBSD 8 build fix
Revisions pulled up:
- x11/libXft/Makefile 1.26
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 8 06:39:57 UTC 2022
Modified Files:
pkgsrc/x11/libXft: Makefile
Log Message:
PR pkg/56909 libXft cannot avoid-duplicate because the native fontconfig
is always ignored on NetBSD 8 due to a (possibly wrong for native Xorg)
ABI_DEPENDS setting elsewhere in pkgsrc
|
|
lang/python39: build fix
lang/python310: build fix
Revisions pulled up:
- lang/python310/distinfo 1.17
- lang/python310/patches/patch-setup.py 1.6
- lang/python39/distinfo 1.30
- lang/python39/patches/patch-setup.py 1.9
---
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 15:26:43 UTC 2022
Modified Files:
pkgsrc/lang/python310: distinfo
pkgsrc/lang/python310/patches: patch-setup.py
pkgsrc/lang/python39: distinfo
pkgsrc/lang/python39/patches: patch-setup.py
Log Message:
python{39,310}: fix the build when the work directory is in $PREFIX
As documented in pkg/56774, when WRKOBJDIR is in LOCALBASE (eg set to
${LOCALBASE}/work) then changes done to Python's setup.py made it
unable to locate its own built-in modules, then failing to bootstrap and
build.
As suggested by tnn@; tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
|
|
|
|
|
|
Security fix release.
This release includes the following changes:
o curl: add --rate to set max request rate per time unit [69]
o curl: deprecate --random-file and --egd-file [12]
o curl_version_info: add CURL_VERSION_THREADSAFE [100]
o CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl [9]
o lib: make curl_global_init() threadsafe when possible [101]
o libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION [78]
o opts: deprecate RANDOM_FILE and EGDSOCKET [13]
o socks: support unix sockets for socks proxy [2]
This release includes the following bugfixes:
o aws-sigv4: fix potentional NULL pointer arithmetic [48]
o bindlocal: don't use a random port if port number would wrap [14]
o c-hyper: mark status line as status for Curl_client_write() [58]
o ci: avoid `cmake -Hpath` [114]
o CI: bump FreeBSD 13.0 to 13.1 [127]
o ci: update github actions [36]
o cmake: add libpsl support [3]
o cmake: do not add libcurl.rc to the static libcurl library [53]
o cmake: enable curl.rc for all Windows targets [55]
o cmake: fix detecting libidn2 [56]
o cmake: support adding a suffix to the OS value [54]
o configure: skip libidn2 detection when winidn is used [89]
o configure: use the SED value to invoke sed [28]
o configure: warn about rustls being experimental [103]
o content_encoding: return error on too many compression steps [106]
o cookie: address secure domain overlay [7]
o cookie: apply limits [83]
o copyright.pl: parse and use .reuse/dep5 for skips [105]
o copyright: make repository REUSE compliant [119]
o curl.1: add a few see also --tls-max [52]
o curl.1: mention exit code zero too [44]
o curl: re-enable --no-remote-name [31]
o curl_easy_pause.3: remove explanation of progress function [97]
o curl_getdate.3: document that some illegal dates pass through [34]
o Curl_parsenetrc: don't access local pwbuf outside of scope [27]
o curl_url_set.3: clarify by default using known schemes only [120]
o CURLOPT_ALTSVC.3: document the file format [118]
o CURLOPT_FILETIME.3: fix the protocols this works with
o CURLOPT_HTTPHEADER.3: improve comment in example [66]
o CURLOPT_NETRC.3: document the .netrc file format
o CURLOPT_PORT.3: We discourage using this option [92]
o CURLOPT_RANGE.3: remove ranged upload advice [99]
o digest: added detection of more syntax error in server headers [81]
o digest: tolerate missing "realm" [80]
o digest: unquote realm and nonce before processing [82]
o DISABLED: disable 1021 for hyper again
o docs/cmdline-opts: add copyright and license identifier to each file [112]
o docs/CONTRIBUTE.md: document the 'needs-votes' concept [79]
o docs: clarify data replacement policy for MIME API [16]
o doh: remove UNITTEST macro definition [67]
o examples/crawler.c: use the curl license [73]
o examples: remove fopen.c and rtsp.c [76]
o FAQ: Clarify Windows double quote usage [42]
o fopen: add Curl_fopen() for better overwriting of files [72]
o ftp: restore protocol state after http proxy CONNECT [110]
o ftp: when failing to do a secure GSSAPI login, fail hard [62]
o GHA/hyper: enable debug in the build
o gssapi: improve handling of errors from gss_display_status [45]
o gssapi: initialize gss_buffer_desc strings
o headers api: remove EXPERIMENTAL tag [35]
o http2: always debug print stream id in decimal with %u [46]
o http2: reject overly many push-promise headers [63]
o http: restore header folding behavior [64]
o hyper: use 'alt-used' [71]
o krb5: return error properly on decode errors [107]
o lib: make more protocol specific struct fields #ifdefed [84]
o libcurl-security.3: add "Secrets in memory" [30]
o libcurl-security.3: document CRLF header injection [98]
o libssh: skip the fake-close when libssh does the right thing [102]
o links: update dead links to the curl-wiki [21]
o log2changes: do not indent empty lines [ci skip] [37]
o macos9: remove partial support [22]
o Makefile.am: fix portability issues [1]
o Makefile.m32: delete obsolete options, improve -On [ci skip] [65]
o Makefile.m32: delete two obsolete OpenSSL options [ci skip] [39]
o Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] [116]
o max-time.d: clarify max-time sets max transfer time [70]
o mprintf: ignore clang non-literal format string [19]
o netrc: check %USERPROFILE% as well on Windows [77]
o netrc: support quoted strings [33]
o ngtcp2: allow curl to send larger UDP datagrams [29]
o ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types [25]
o ngtcp2: enable Linux GSO [91]
o ngtcp2: extend QUIC transport parameters buffer [4]
o ngtcp2: fix alert_read_func return value [26]
o ngtcp2: fix typo in preprocessor condition [121]
o ngtcp2: handle error from ngtcp2_conn_submit_crypto_data [5]
o ngtcp2: send appropriate connection close error code [6]
o ngtcp2: support boringssl crypto backend [17]
o ngtcp2: use helper funcs to simplify TLS handshake integration [68]
o ntlm: provide a fixed fake host name [32]
o projects: fix third-party SSL library build paths for Visual Studio [125]
o quic: add Curl_quic_idle [18]
o quiche: support ca-fallback [49]
o rand: stop detecting /dev/urandom in cross-builds [113]
o remote-name.d: mention --output-dir [88]
o runtests.pl: add the --repeat parameter to the --help output [43]
o runtests: fix skipping tests not done event-based [95]
o runtests: skip starting the ssh server if user name is lacking [104]
o scripts/copyright.pl: fix the exclusion to not ignore man pages [75]
o sectransp: check for a function defined when __BLOCKS__ is undefined [20]
o select: return error from "lethal" poll/select errors [93]
o server/sws: support spaces in the HTTP request path
o speed-limit/time.d: mention these affect transfers in either direction [74]
o strcase: some optimisations [8]
o test 2081: add a valid reply for the second request [60]
o test 675: add missing CR so the test passes when run through Privoxy [61]
o test414: add the '--resolve' keyword [23]
o test681: verify --no-remote-name [90]
o tests 266, 116 and 1540: add a small write delay
o tests/data/test1501: kill ftp server after slow LIST response [59]
o tests/getpart: fix getpartattr to work with "data" and "data2"
o tests/server/sws.c: change the HTTP writedelay unit to milliseconds [47]
o test{440,441,493,977}: add "HTTP proxy" keywords [40]
o tool_getparam: fix --parallel-max maximum value constraint [51]
o tool_operate: make sure --fail-with-body works with --retry [24]
o transfer: fix potential NULL pointer dereference [15]
o transfer: maintain --path-as-is after redirects [96]
o transfer: upload performance; avoid tiny send [124]
o url: free old conn better on reuse [41]
o url: remove redundant #ifdefs in allocate_conn()
o url: URL encode the path when extracted, if spaces were set
o urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts [126]
o urlapi: support CURLU_URLENCODE for curl_url_get()
o urldata: reduce size of a few struct fields [86]
o urldata: remove three unused booleans from struct UserDefined [87]
o urldata: store tcp_keepidle and tcp_keepintvl as ints [85]
o version: allow stricmp() for sorting the feature list [57]
o vtls: make curl_global_sslset thread-safe [94]
o wolfssh.h: removed [10]
o wolfssl: correct the failf() message when a handle can't be made [38]
o wolfSSL: explicitly use compatibility layer [11]
o x509asn1: mark msnprintf return as unchecked [50]
|
|
of toolchain issues.
/tmp/sysutils/ovmf/work/edk2-20181116/Build/OvmfIa32/DEBUG_GCC49/IA32/OvmfPkg/AcpiTables/AcpiTables/OUTPUT/./Madt.dll unsupported ELF EM_386 relocation 0xa.
GenFw: ERROR 3000: Invalid
/tmp/sysutils/ovmf/work/edk2-20181116/Build/OvmfIa32/DEBUG_GCC49/IA32/OvmfPkg/AcpiTables/AcpiTables/OUTPUT/./Madt.dll unsupported ELF EM_386 relocation 0x9.
GenFw: ERROR 3000: Invalid
/tmp/sysutils/ovmf/work/edk2-20181116/Build/OvmfIa32/DEBUG_GCC49/IA32/OvmfPkg/AcpiTables/AcpiTables/OUTPUT/./Madt.dll unsupported ELF EM_386 relocation 0xa.
GenFw: ERROR 3000: Invalid
/tmp/sysutils/ovmf/work/edk2-20181116/Build/OvmfIa32/DEBUG_GCC49/IA32/OvmfPkg/AcpiTables/AcpiTables/OUTPUT/./Madt.dll unsupported ELF EM_386 relocation 0x9.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Correct PKGNAME for now and future major version.
|
|
This was previously fixed by schmonz@, but was half lost in the update
to 1.4.3. Upstream added their own macro NO_POSIX_ALIGNED_ALLOC to help
deal with this, so a patch was dropped, but our patch to the configure
script wasn't adjusted to match that new macro definition.
Should fix PR pkg/55571 and PR pkg/56902.
Note I have no environment with which to test this, but it seems obvious
from code inspection, and adjusting the patch did not influence test
builds on NetBSD 9.2_STABLE, Fedora 36, or OmniOS r151038.
|
|
|
|
This missing binary link breaks builds where CMake insists on finding it
alongside the linked CMake files (example: graphics/pcl).
|
|
Submitted upstream, ref.
https://sourceforge.net/p/freeimage/patches/153/
|
|
+ googletest-1.12.0, gsasl-2.0.0, libcups-2.4.2, libidn-1.40,
nginx-1.23.0, npm-8.13.1, openal-soft-1.22.1, plasma-5.25.1,
protobuf-21.2, py-borgbackup-1.2.1, py-chardet-5.0.0,
py-cyclonedx-python-lib-2.6.0, py-pip-audit-2.3.4,
rust-analyzer-0.0.20220620, speex-1.2.1.
|
|
Note current state of upstream support for recent Guile and Python.
|