| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
textproc/libxml2: security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.141
- textproc/libxml2/distinfo 1.110-1.112
- textproc/libxml2/patches/patch-aa 1.29
- textproc/libxml2/patches/patch-ab 1.29-1.30
- textproc/libxml2/patches/patch-ac 1.9
- textproc/libxml2/patches/patch-ad 1.19
- textproc/libxml2/patches/patch-ae 1.15
- textproc/libxml2/patches/patch-ag deleted
- textproc/libxml2/patches/patch-encoding.c added at 1.2
- textproc/libxml2/patches/patch-runtest.c added at 1.2
- textproc/libxml2/patches/patch-testlimits.c added at 1.2
- textproc/libxml2/patches/patch-timsort.h added at 1.2
- textproc/libxml2/patches/patch-xmlIO.c added at 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Tue May 24 12:00:08 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae
Added Files:
pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c
patch-testlimits.c patch-timsort.h patch-xmlIO.c
Removed Files:
pkgsrc/textproc/libxml2/patches: patch-ag
Log Message:
Update libxml2 to 2.9.4.
Pkgsrc changes:
* Add some casts to match types and format strings, plus
fix value range of toupper() operation.
* Merge patch-ag into the new patch-encoding.c.
* Add comments to existing patches which lacked comments.
Upstream changes to libxml2-2.9.4: May 23 2016
Security:
CVE-2016-3627 Avoid building recursive entities
CVE-2016-1833 Heap-based buffer overread in htmlCurrentChar
CVE-2016-1835 Heap use-after-free in xmlSAX2AttributeNs
CVE-2016-1837 Heap use-after-free in htmlParsePubidLiteral
and htmlParseSystemiteral
CVE-2016-1836 Bug 759398: Heap use-after-free in xmlDictComputeFastKey
CVE-2016-1839 Bug 758605: Heap-based buffer overread in xmlDictAddString
CVE-2016-1838 Bug 758588: Heap-based buffer overread in
xmlParserPrintFileContextInternal
CVE-2016-1840 Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
CVE-2016-4483 Avoid an out of bound access when serializing
malformed strings
CVE-2016-1834 Bug 763071: heap-buffer-overflow in xmlStrncat
CVE-2016-3705 Add missing increments of recursion depth counter to
XML parser.
CVE-2016-1762 Heap-based buffer overread in xmlNextChar
More format string warnings with possible format string vulnerability
Heap-based buffer-underreads due to xmlParseName
Fix some format string warnings with possible format string vulnerability
Unsigned addition may overflow in xmlMallocAtomicLoc()
Other bugfixes:
Detect change of encoding when parsing HTML names
Fix inappropriate fetch of entities content
Correct the usage of LDFLAGS
Revert the use of SAVE_LDFLAGS in configure.ac
libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles
Add more debugging info to runtest
Implement "runtest -u" mode
Integer signed/unsigned type mismatch in xmlParserInputGrow()
Integer overflow parsing port number in URI
Fix apibuild for a recently added constructv2.9.4-rc2
Use pkg-config to locate zlib when possible
Use pkg-config to locate ICU when possible
Fix an error with regexp on nullable counted char transition
Fix memory leak with XPath namespace nodes
Fix namespace axis traversal
Add a make rule to rebuild for ASAN
Fix null pointer deref in docs with no root element
Portability to non C99 compliant compilers
dict.h: Move xmlDictPtr definition before includes to allow direct
inclusion.
Fix XSD validation of URIs with ampersands
xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean
"end of day" and should not cause an error. v2.9.4-rc1
os400: tell about xmllint and xmlcatalog in README400.
os400: properly process SGML add in XMLCATALOG command.
os400: implement CL command XMLCATALOG.
os400: compile and install program xmlcatalog (qshell-only).
xmlcatalog: flush stdout before interactive shell input.
os400: expand tabs in sources, strip trailing blanks.
os400: implement CL command XMLLINT.
os400: compile and install program xmllint (qshell-only).
os400: initscript make_module(): Use options instead of
positional parameters.
xmllint: flush stdout before interactive shell input.
os400: c14n.rpgle: allow *omit for nullable reference parameters.
os400: use like() for double type.
os400: use like() for int type.
os400: use like() for unsigned int type.
os400: use like() for enum types.
Add xz to xml2-config --libs output
Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression
Fix namespace::node() XPath expression
Fix OOB write in xmlXPathEmptyNodeSet
Fix parsing of NCNames in XPath
Fix OOB read with invalid UTF-8 in xmlUTF8Strsize
Do normalize string-based datatype value in RelaxNG facet checking
Fix typo: s{ ec -> cr }cipt
Fix typos: dictio{ nn -> n }ar{y,ies}
Fix typos: PATH_{ SEAPARATOR -> SEPARATOR }
Correct a typo.
Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix
for "xmlSaveUri() incorrectly recomposes URIs with rootless paths"
Bug 760861: REGRESSION (bf9c1dad): Missing results for
test/schemas/regexp-char-ref_[01].xsd
error.c: *input->cur == 0 does not mean no error
Add missing RNG test files
Bug 760190: configure.ac should be able to build --with-icu without
icu-config tool
Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus
UTF-8 encoding error when multi-byte character in large CDATA
section is split across buffer
Bug 758572: ASAN crash in make check
Bug 721158: Missing ICU string when doing --version on xmllint
python 3: libxml2.c wrappers create Unicode str already
win32\VC10\config.h and VS 2015
Add autogen.sh to distrib
Add configure maintainer mode
To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.141 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.109 -r1.110 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.28 -r1.29 pkgsrc/textproc/libxml2/patches/patch-aa \
pkgsrc/textproc/libxml2/patches/patch-ab
cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/libxml2/patches/patch-ac
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/patches/patch-ad
cvs rdiff -u -r1.14 -r1.15 pkgsrc/textproc/libxml2/patches/patch-ae
cvs rdiff -u -r1.12 -r0 pkgsrc/textproc/libxml2/patches/patch-ag
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-encoding.c \
pkgsrc/textproc/libxml2/patches/patch-runtest.c \
pkgsrc/textproc/libxml2/patches/patch-testlimits.c \
pkgsrc/textproc/libxml2/patches/patch-timsort.h \
pkgsrc/textproc/libxml2/patches/patch-xmlIO.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue May 24 21:08:21 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: distinfo
pkgsrc/textproc/libxml2/patches: patch-encoding.c patch-runtest.c
patch-testlimits.c patch-timsort.h patch-xmlIO.c
Log Message:
Add upstream bug report URLs (from he@).
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libxml2/patches/patch-encoding.c \
pkgsrc/textproc/libxml2/patches/patch-runtest.c \
pkgsrc/textproc/libxml2/patches/patch-testlimits.c \
pkgsrc/textproc/libxml2/patches/patch-timsort.h \
pkgsrc/textproc/libxml2/patches/patch-xmlIO.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Wed May 25 07:16:36 UTC 2016
Modified Files:
pkgsrc/textproc/libxml2: distinfo
pkgsrc/textproc/libxml2/patches: patch-ab
Log Message:
Submit the typo part of configure upstream, note the bug-ID.
To generate a diff of this commit:
cvs rdiff -u -r1.111 -r1.112 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.29 -r1.30 pkgsrc/textproc/libxml2/patches/patch-ab
|
|
|
|
sysutils/xenkernel33: build fix
Revisions pulled up:
- sysutils/xenkernel3/Makefile 1.31
- sysutils/xenkernel33/Makefile 1.30
- sysutils/xentools3/Makefile 1.47
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 18 21:25:06 UTC 2016
Modified Files:
pkgsrc/sysutils/xenkernel3: Makefile
pkgsrc/sysutils/xenkernel33: Makefile
pkgsrc/sysutils/xentools3: Makefile
Log Message:
Make some GCC warnings non-fatal.
|
|
sysutils/xentools33: build fix
Revisions pulled up:
- sysutils/xentools33/Makefile 1.50
- sysutils/xentools33/distinfo 1.32
- sysutils/xentools33/patches/patch-fs-back_Makefile 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 18 21:24:44 UTC 2016
Modified Files:
pkgsrc/sysutils/xentools33: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools33/patches: patch-fs-back_Makefile
Log Message:
Add missing rpath. Make a bunch of GCC warnings non-fatal. Bump
revision.
|
|
devel/tvision: build fix
Revisions pulled up:
- devel/tvision/distinfo 1.9
- devel/tvision/patches/patch-lib_TWindow_cc 1.2
- devel/tvision/patches/patch-lib_colorsel_cc 1.2
- devel/tvision/patches/patch-lib_tobjstrm_h 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 18 20:19:46 UTC 2016
Modified Files:
pkgsrc/devel/tvision: distinfo
pkgsrc/devel/tvision/patches: patch-lib_TWindow_cc
patch-lib_colorsel_cc patch-lib_tobjstrm_h
Log Message:
Don't assume intptr_t is magically defined, but request it when
necessary.
|
|
devel/libbson: build fix
Revisions pulled up:
- devel/libbson/distinfo 1.18
- devel/libbson/patches/patch-Makefile.in 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 18 20:19:11 UTC 2016
Modified Files:
pkgsrc/devel/libbson: distinfo
Added Files:
pkgsrc/devel/libbson/patches: patch-Makefile.in
Log Message:
Help linking the test program by providing all internal libraries.
|
|
cross/uisp: build fix
Revisions pulled up:
- cross/uisp/distinfo 1.7
- cross/uisp/patches/patch-src_AvrAtmel.C 1.1
- cross/uisp/patches/patch-src_AvrDummy.C 1.1
- cross/uisp/patches/patch-src_Stk500.C 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 18 20:18:32 UTC 2016
Modified Files:
pkgsrc/cross/uisp: distinfo
pkgsrc/cross/uisp/patches: patch-src_Stk500.C
Added Files:
pkgsrc/cross/uisp/patches: patch-src_AvrAtmel.C patch-src_AvrDummy.C
Log Message:
Under C++11 it is invalid to implicitly cast from a larger type to a
smaller type in an initializer. Adjust various places accordingly.
Avoid set-but-not-used warnings in some other places for newer GCC.
|
|
wm/fluxconf: build fix
Revisions pulled up:
- wm/fluxconf/Makefile 1.30
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:11:15 UTC 2016
Modified Files:
pkgsrc/wm/fluxconf: Makefile
Log Message:
Disable noisy GCC warnings.
|
|
sysutils/tarsnap-gui: build fix
Revisions pulled up:
- sysutils/tarsnap-gui/Makefile 1.3
- sysutils/tarsnap-gui/distinfo 1.2
- sysutils/tarsnap-gui/patches/patch-Tarsnap.pro 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:10:46 UTC 2016
Modified Files:
pkgsrc/sysutils/tarsnap-gui: Makefile distinfo
Added Files:
pkgsrc/sysutils/tarsnap-gui/patches: patch-Tarsnap.pro
Log Message:
Instruct qmake to include the X11BASE rpath.
|
|
sysutils/open-vm-tools: build fix
Revisions pulled up:
- sysutils/open-vm-tools/Makefile 1.56
- sysutils/open-vm-tools/distinfo 1.11
- sysutils/open-vm-tools/patches/patch-lib_user_util.c 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:10:09 UTC 2016
Modified Files:
pkgsrc/sysutils/open-vm-tools: Makefile distinfo
Added Files:
pkgsrc/sysutils/open-vm-tools/patches: patch-lib_user_util.c
Log Message:
Disable noisy warnings. Add an explicit cast to deal with expected
interface differences.
|
|
sysutils/fscd: build fix
Revisions pulled up:
- sysutils/fscd/Makefile 1.6
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:09:24 UTC 2016
Modified Files:
pkgsrc/sysutils/fscd: Makefile
Log Message:
Silence noisy GCC warning.
|
|
security/php-oauth: build fix
Revisions pulled up:
- security/php-oauth/Makefile 1.7
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:09:07 UTC 2016
Modified Files:
pkgsrc/security/php-oauth: Makefile
Log Message:
Requires PCRE to build.
|
|
print/LPRng-core: build fix
Revisions pulled up:
- print/LPRng-core/Makefile 1.40
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:08:49 UTC 2016
Modified Files:
pkgsrc/print/LPRng-core: Makefile
Log Message:
Generally drop -Werror.
|
|
pkgtools/pkg_select: build fix
Revisions pulled up:
- pkgtools/pkg_select/Makefile 1.23
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:08:30 UTC 2016
Modified Files:
pkgsrc/pkgtools/pkg_select: Makefile
Log Message:
Disable noisy warning for GCC.
|
|
net/openwbem: build fix
Revisions pulled up:
- net/openwbem/distinfo 1.8
- net/openwbem/patches/patch-src_common_OW__CommonFwd.hpp 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:08:07 UTC 2016
Modified Files:
pkgsrc/net/openwbem: distinfo
pkgsrc/net/openwbem/patches: patch-src_common_OW__CommonFwd.hpp
Log Message:
Include the right header for std::less.
|
|
net/gkrellm: build fix
Revisions pulled up:
- net/gkrellm-multiping/distinfo 1.7
- net/gkrellm-multiping/patches/patch-aa 1.4
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:07:39 UTC 2016
Modified Files:
pkgsrc/net/gkrellm-multiping: distinfo
pkgsrc/net/gkrellm-multiping/patches: patch-aa
Log Message:
Drop use of -Wl without actual argument.
|
|
multimedia/gopchop: build fix
Revisions pulled up:
- multimedia/gopchop/distinfo 1.9
- multimedia/gopchop/patches/patch-src_Main.cpp 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:07:15 UTC 2016
Modified Files:
pkgsrc/multimedia/gopchop: distinfo
Added Files:
pkgsrc/multimedia/gopchop/patches: patch-src_Main.cpp
Log Message:
Don't use C99 designators in C++.
|
|
misc/rocs: build fix
Revisions pulled up:
- misc/rocs/Makefile 1.40
- misc/rocs/distinfo 1.12
- misc/rocs/patches/patch-RocsCore_DataStructures_Graph_GraphStructure.cpp 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:06:40 UTC 2016
Modified Files:
pkgsrc/misc/rocs: Makefile distinfo
Added Files:
pkgsrc/misc/rocs/patches:
patch-RocsCore_DataStructures_Graph_GraphStructure.cpp
Log Message:
With newer Boost, this now must be built as C++11. Unrestrict make_pair
to help GCC 4.8 figure out the right template of make_pair.
|
|
misc/kchmviewer: build fix
Revisions pulled up:
- misc/kchmviewer/Makefile 1.57
- misc/kchmviewer/distinfo 1.14
- misc/kchmviewer/patches/patch-src_src.pro 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:05:22 UTC 2016
Modified Files:
pkgsrc/misc/kchmviewer: Makefile distinfo
Added Files:
pkgsrc/misc/kchmviewer/patches: patch-src_src.pro
Log Message:
Instruct qmake to include X11BASE rpath. Bump revision.
|
|
misc/gkrellm-launch: build fix
Revisions pulled up:
- misc/gkrellm-launch/distinfo 1.4
- misc/gkrellm-launch/patches/patch-aa 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:04:43 UTC 2016
Modified Files:
pkgsrc/misc/gkrellm-launch: distinfo
pkgsrc/misc/gkrellm-launch/patches: patch-aa
Log Message:
Drop linker argument without argument.
|
|
math/superlu: build fix
Revisions pulled up:
- math/superlu/Makefile 1.25
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:04:14 UTC 2016
Modified Files:
pkgsrc/math/superlu: Makefile
Log Message:
Not MAKE_JOBS_SAFE.
|
|
math/snns: build fix
Revisions pulled up:
- math/snns/Makefile 1.26
- math/snns/distinfo 1.8
- math/snns/patches/patch-ac 1.3
- math/snns/patches/patch-configure 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:04:00 UTC 2016
Modified Files:
pkgsrc/math/snns: Makefile distinfo
pkgsrc/math/snns/patches: patch-ac
Added Files:
pkgsrc/math/snns/patches: patch-configure
Log Message:
Fix missing X11BASE rpath. Bump revision.
|
|
math/pari: build fix
Revisions pulled up:
- math/pari/Makefile 1.68
- math/pari/distinfo 1.25
- math/pari/patches/patch-config_Makefile.SH 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:03:25 UTC 2016
Modified Files:
pkgsrc/math/pari: Makefile distinfo
pkgsrc/math/pari/patches: patch-config_Makefile.SH
Log Message:
Fix gp linking to not include the temporary DESTDIR. Bump revision.
|
|
mail/smtp-vilter: build fix
Revisions pulled up:
- mail/smtp-vilter/Makefile 1.9
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:02:28 UTC 2016
Modified Files:
pkgsrc/mail/smtp-vilter: Makefile
Log Message:
Disable noisy GCC warnings.
|
|
lang/ghc7: build fix
Revisions pulled up:
- lang/ghc7/Makefile 1.25
- lang/ghc7/distinfo 1.14
- lang/ghc7/patches/patch-libffi_ghc.mk 1.1
- lang/ghc7/patches/patch-rts_ghc.mk 1.6
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:02:06 UTC 2016
Modified Files:
pkgsrc/lang/ghc7: Makefile distinfo
pkgsrc/lang/ghc7/patches: patch-rts_ghc.mk
Added Files:
pkgsrc/lang/ghc7/patches: patch-libffi_ghc.mk
Log Message:
Fix libffi linkage, so that it actually picks up the right version and
includes the rpath. Seen by a not so happy devel/happy. Bump revision.
|
|
graphics/ruby-gd: build fix
Revisions pulled up:
- graphics/ruby-gd/Makefile 1.46
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 10:00:59 UTC 2016
Modified Files:
pkgsrc/graphics/ruby-gd: Makefile
Log Message:
Tell gem build to include rpath for X11BASE. Bump revision.
|
|
|
|
www/mediawiki: security fix
Revisions pulled up:
- www/mediawiki/Makefile 1.59
- www/mediawiki/PLIST 1.28
- www/mediawiki/distinfo 1.45
---
Module Name: pkgsrc
Committed By: wen
Date: Sat May 21 11:58:12 UTC 2016
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.26.3
Upstream changes:
MediaWiki 1.26.3
This is a maintenance release of the MediaWiki 1.26 branch.
Changes since 1.26.2
(bug T116266) Fixed undefined property notices in DairikiDiff under HHVM.
(bug T123166) Fix fatal error when importing pages to titles which
cannot be created, such as invalid titles or titles the user is not
allowed to edit.
(bug T122056) Old tokens are remaining valid within a new session
(bug T127114) Login throttle can be tricked using
non-canonicalized usernames
(bug T123653) Cross-domain policy regexp is too narrow
(bug T123071) Incorrectly identifying http link in a's href
attributes, due to m modifier in regex
(bug T129506) MediaWiki:Gadget-popups.js isn't renderable
(bug T125283) Users occasionally logged in as different users
after SessionManager deployment
(bug T103239) Patrol allows click catching and patrolling of any page
(bug T122807) [tracking] Check php crypto primatives
(bug T98313) Graphs can leak tokens, leading to CSRF
(bug T130947) Diff generation should use PoolCounter
(bug T133507) Careless use of $wgExternalLinkTarget is insecure
(bug T132874) API action=move is not rate limited
(bug T110143) strip markers can be used to get around html
attribute escaping in (bug many?) parser tags
(bug T116030) Increase pbkdf2 parameter strengths
(bug T127420) Pbkdf2Password does not check if hash_pbkdf2(bug ) succeeded
(bug T126685) Globally throttle password attempts
|
|
textproc/expat: security fix
Revisions pulled up:
- textproc/expat/Makefile 1.32
- textproc/expat/distinfo 1.25
- textproc/expat/patches/patch-CVE-2016-0718-1 1.1
- textproc/expat/patches/patch-CVE-2016-0718-2 1.1
- textproc/expat/patches/patch-CVE-2016-0718-3 1.1
- textproc/expat/patches/patch-CVE-2016-0718-4 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue May 17 19:15:01 UTC 2016
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Added Files:
pkgsrc/textproc/expat/patches: patch-CVE-2016-0718-1
patch-CVE-2016-0718-2 patch-CVE-2016-0718-3 patch-CVE-2016-0718-4
Log Message:
add patches from upstream to fix possible crashes and memory corruption
on malformed input (CVE-2016-0718)
Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and
error reporting. The overflows can manifest as a segmentation fault or
as memory corruption during a parse operation. The bugs allow for a
denial of service attack in many applications by an unauthenticated
attacker, and could conceivably result in remote code execution.
bump PKGREV
also add an improvement to the fix for CVE-2015-1283 which was part
of the 2.1.1 release -- don't rely on defined behaviour on overflows
of signed integer operations, from upstream git:
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/
pkgsrc change: add a hint how to run the pkg's selftest (not enabled
permanently because this would add a dependency on C++)
|
|
www/ikiwiki: security fix
Revisions pulled up:
- www/ikiwiki/Makefile 1.139
- www/ikiwiki/distinfo 1.112
- www/ikiwiki/patches/patch-t_cvs.t deleted
---
Module Name: pkgsrc
Committed By: schmonz
Date: Sat May 7 05:58:54 UTC 2016
Modified Files:
pkgsrc/www/ikiwiki: Makefile distinfo
Removed Files:
pkgsrc/www/ikiwiki/patches: patch-t_cvs.t
Log Message:
Update to 3.20160506. From the changelog:
[ Simon McVittie ]
* img: stop ImageMagick trying to be clever if filenames contain a colon,
avoiding mis-processing
* HTML-escape error messages, in one case avoiding potential cross-site
scripting (OVE-20160505-0012)
* Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
- img: force common Web formats to be interpreted according to extension,
so that "allowed_attachments: '*.jpg'" does what one might expect
- img: restrict to JPEG, PNG and GIF images by default, again mitigating
CVE-2016-3714 and similar vulnerabilities
- img: check that the magic number matches what we would expect from
the extension before giving common formats to ImageMagick
* d/control: use https for Homepage
* d/control: add Vcs-Browser
[ Joey Hess ]
* img: Add back support for SVG images, bypassing ImageMagick and
simply passing the SVG through to the browser, which is supported by all
commonly used browsers these days.
SVG scaling by img directives has subtly changed; where before
size=wxh would preserve aspect ratio, this cannot be done when passing
them through and so specifying both a width and height can change
the SVG's aspect ratio.
* loginselector: When only openid and emailauth are enabled, but
passwordauth is not, avoid showing a "Other" box which opens an
empty form.
[ Amitai Schlair ]
* mdwn: Process .md like .mdwn, but disallow web creation.
[ Florian Wagner ]
* git: Correctly handle filenames starting with a dash in add/rm/mv.
-- Simon McVittie <smcv%debian.org@localhost> Fri, 06 May 2016 07:54:26 +0100
|
|
multimedia/adobe-flash-plugin11: security fix
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.59-1.60
- multimedia/adobe-flash-plugin11/distinfo 1.56-1.57
---
Module Name: pkgsrc
Committed By: tsutsui
Date: Sat Apr 9 12:23:04 UTC 2016
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.616.
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: April 7, 2016
Vulnerability identifier: APSB16-10
CVE number: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,
CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018,
CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,
CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,
CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
Platform: Windows, Macintosh, Linux and ChromeOS
---
Module Name: pkgsrc
Committed By: tsutsui
Date: Thu May 12 15:36:34 UTC 2016
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.621.
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: May 12, 2016
Vulnerability identifier: APSB16-15
CVE number: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099,
CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104,
CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109,
CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111,
CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116,
CVE-2016-4117
Platform: Windows, Macintosh, Linux and ChromeOS
|
|
sysutils/xenkernel45: security fix
sysutils/xentools45: security fix
Revisions pulled up:
- sysutils/xenkernel45/Makefile 1.14
- sysutils/xenkernel45/distinfo 1.14
- sysutils/xenkernel45/patches/patch-CVE-2015-5307 deleted
- sysutils/xenkernel45/patches/patch-CVE-2015-8339 deleted
- sysutils/xenkernel45/patches/patch-CVE-2015-8555 deleted
- sysutils/xenkernel45/patches/patch-XSA-166 deleted
- sysutils/xenkernel45/patches/patch-XSA-172 1.1
- sysutils/xenkernel45/patches/patch-XSA-173 1.1
- sysutils/xentools45/Makefile 1.32
- sysutils/xentools45/distinfo 1.22
- sysutils/xentools45/patches/patch-CVE-2015-8341 deleted
- sysutils/xentools45/patches/patch-CVE-2015-8550 deleted
- sysutils/xentools45/patches/patch-CVE-2015-8554 deleted
- sysutils/xentools45/patches/patch-XSA-179 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu May 12 15:42:58 UTC 2016
Modified Files:
pkgsrc/sysutils/xenkernel45: Makefile distinfo
pkgsrc/sysutils/xentools45: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel45/patches: patch-XSA-172 patch-XSA-173
pkgsrc/sysutils/xentools45/patches: patch-XSA-179
Removed Files:
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-5307
patch-CVE-2015-8339 patch-CVE-2015-8555 patch-XSA-166
pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-8341
patch-CVE-2015-8550 patch-CVE-2015-8554
Log Message:
Update xenkernel45 and xentools45 to 4.5.3.
While there also add patches for security issues XSA-172, XSA-173 and XSA-179
(others between 170 and 179 are either not yet public, or linux-only).
Upstream changes since 4.5.2:
- security issues up to XSA-170 are fixed (these were already patched
in pkgsrc).
- other minor performances and functionality fixes.
full changelog at:
http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-453.html
|
|
|
|
www/h2o: security update
Revisions pulled up:
- www/h2o/Makefile 1.8
- www/h2o/PLIST 1.3
- www/h2o/distinfo 1.4
NOTE: the branch excludes the www/wslay dependency
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sat Apr 23 18:41:29 UTC 2016
Modified Files:
pkgsrc/www/h2o: Makefile PLIST distinfo
Log Message:
Changes 1.7.1:
- [core] fix incorrect line no. reported in case of YAML syntax error
- [core] fix build issue / memory leak when the poll backend is used
- [core] when building, repect `EXTRA_LIBS` passed from command line
- [core] fix memory leaks during start-up
- [core] fix stability issue when receiving a signal
- [fastcgi] fix off-by-one buffer overflow
- [fastcgi][mruby] install missing script files
- [mruby] truncate body to the size specified by `content-length`
- [mruby] fix error when reading a ruby script >= 64K
- [proxy] fix I/O error when transferring files over 2GB on FreeBSD / OS X
- [ssl] bugfix: use of session ticket not disabled even when configured to
- [libh2o] provide pkg-config .pc files
- [libh2o] include version numbers in the .so filename
- [doc] refine documentation
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/h2o/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/h2o/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/h2o/distinfo
|
|
|
|
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/Makefile 1.149
- emulators/qemu/PLIST 1.46
- emulators/qemu/distinfo 1.115
- emulators/qemu/patches/patch-configure 1.13
- emulators/qemu/patches/patch-default-configs_pci.mak 1.2
- emulators/qemu/patches/patch-hw_misc_ivshmem.c 1.1
- emulators/qemu/patches/patch-hw_ppc_mac__newworld.c 1.3
- emulators/qemu/patches/patch-hw_ppc_mac__oldworld.c 1.3
- emulators/qemu/patches/patch-memory.c 1.10
- emulators/qemu/patches/patch-slirp_tcp__subr.c 1.7
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sun May 15 01:25:15 UTC 2016
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo
pkgsrc/emulators/qemu/patches: patch-configure
patch-default-configs_pci.mak patch-hw_ppc_mac__newworld.c
patch-hw_ppc_mac__oldworld.c patch-memory.c patch-slirp_tcp__subr.c
Added Files:
pkgsrc/emulators/qemu/patches: patch-hw_misc_ivshmem.c
Log Message:
Update to 2.6.0
Changelog:
System emulation
Incompatible changes
The aio=native option to "-drive" now requires the cache=none option, instead of silently disabling itself for other cache modes. The newly invalid combination had been warning since QEMU 2.3.
Specifying block device parameter aio=native is now an error on POSIX systems if qemu is compiled without libaio support. The newly invalid combination had been warning since QEMU 2.3.
The experimental x-drive option for the sdhci-pci device has been removed. Instead of passing a drive directly to the SD controller device you now must create an SD card object (which will
automatically be plugged into the SD controller), so "-device sdhci-pci,x-drive=mydrive -drive id=mydrive,[...]" becomes "-device sdhci-pci -device sd-card,drive=mydrive -drive id=mydrive,[...]".
The s390-virtio machine has been removed.
Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
The "virt" machine type's flash device has changed when TrustZone is active ("-machine virt,secure=on"). The first flash device is only available in secure memory, while the second is available
in non-secure memory too.
Future incompatible changes
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
-readconfig will standardize on the name for the command line option.
Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on
upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
The original qcow2 image encryption is fatally flawed, and support for it will be disabled entirely from the system emulators. It'll remain available only in command line tools qemu-img, qemu-io,
qemu-nbd to facilitate data liberation. It is recommended to use 'qemu-img convert' to convert qcow2 encrypted images to uncrypted ones. The new LUKS encryption driver can provide a secure
replacement if raw files are acceptable, while a future release will integrate luks into qcow2 natively.
A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly.
ARM
Support for a separate EL3 address space
System mode supports BE8 and BE32. Note that qemu-system-arm can emulate both big-endian and little-endian guests (unlike user-mode emulation which has separate qemu-arm and qemu-armeb binaries).
Support for the SETEND instruction, used most notably on Raspbian through the arm-mem library (previously known as libcofi).
Faster boot thanks to DMA support in fw_cfg
The "virt" machine type supports a virtual power button and the "system_powerdown" monitor command
The "virt" machine type supports configuring network cards with -nic in addition to -netdev
The RAM limit for the "virt" machine type is now 255GB
The "xlnz-zynqmp" machine type now includes SPI controllers
The "xlnx-ep108" machine type now supports SPI flash
New partial Raspberry Pi 2 emulation with "raspi2" machine type. For now, it can boot older releases of Windows and Raspbian, but lacks a number of devices including USB.
New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC implementation
KVM
Support for guest debugging (software and hardware breakpoints, single step) on AArch64
MIPS
Support for FPU and MSA in KVM guests
Support for R6 Virtual Processors
Initial support for Cluster Power Controller and Global Configuration Registers allowing the guest to control the start of Virtual Processors
Support for Inter-Thread Communication Unit
Support for MAAR registers in P5600 CPU
PowerPC
Improved support for migration of g3beige and mac99 machines
Fix serial ports for g3beige and mac99 machines (OpenBIOS)
The gdb stub supports the VSX instruction set extensions
pSeries
pSeries machine types starting at pseries-2.6 use XHCI as the USB host controller instead of OHCI
Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and H_PAGE_INIT)
Support for EEH on assigned PCI devices can use the normal spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.
s390
Fixes and improvements in s390x PCI support
Support for hotplug of s390x cpus via cpu-add
Support for booting from virtio-scsi devices in the s390-ccw bios
SH
SPARC
sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs (MUTEX_HELD hang, libC error, Java WebStart segfault)
sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode
TileGX
Tricore
Support for context management, illegal opcode and opd traps
Support for FPU instructions
x86
TCG
Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features
KVM
Support for "split irqchip". In this mode, QEMU emulates the IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC emulation to the kernel. This mode reduces the attack surface
of KVM.
Support for the new PKU feature found in some Skylake processors
Support for migrating the TSC rate
Xen
Q35
Support resume (S3)
Support for legacy Windows guests (XP/2003)
Device emulation and assignment
New IPMI emulation subsystem. QEMU can now emulate an internal BMC or attach to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is not yet exposed in SMBIOS and ACPI tables (do
we want to docume?)
FIXME: what's the state of nvdimm?
ACPI
The floppy disk controller's characteristics are now exposed in the ACPI tables, which makes it possible to use floppies on Windows together with UEFI firmware.
Block devices
The floppy disk consk or an empty disk to a 2.88 MB disk
Improved compatibility of the SD device model with various operating systems and firmwares
The NVMe device supports the "bootindex" property.
The SDHCI device supports reset.
ivshmem
No longer available on hosts lacking eventfd(2), because inter-vm interrupts don't work there
New devices ivshmem-plain and ivshmem-doorbell, fully backwards compatible for guests, notable differences to ivshmem:
PCI revision is 1 instead of 0
ivshmem role=master becomes master=on, role=peer becomes master=off
ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with -object memory-backend-file,id=ID,mem-path=/dev/mem/NAME,size=SZ,share
ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
Property ioeventfd defaults to on instead of off
ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always has MSI-X capability
Device ivshmem is deprecated, and its experimental property x-memdev is gone
Interrupting a peer that reuses an unplugged peer's ID works again (broken in v1.2.0)
Unplug no longer destroys the character device, for consistency with other devices
The funny "no shared memory, yet" state is no longer guest-visible, and can no longer fail or mess up migration
Guests may require PCI revision 1 to make sure they're not exposed to the funny state
docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.
SCSI
Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). Note that some operating systems will not recognize disks attached to this adapter, unless the disks are assigned a world-wide name
(WWN).
PCI/PCIe
PCIe Multi-root support (using the new pxb-pcie root-compex)
USB
MTP: initial support for events
VFIO
Support for AMD XGBE platform passthrough
New sysfsdev property provides a more general way to specify the device to attach to.
Provided PCI option ROMs are fixed to include the same vendor and device id as the device exposed to the guest. This facilitates changing the ids of the devices.
virtio
Performance improvements via optimized vring accesses
The balloon driver statistics now include the amount of available memory (corresponding to "Available" in /proc/meminfo for Linux guests).
Character devices
The socket character device backend can now enable TLS over TCP connections, acting either as a TLS server:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \
-device isa-serial,chardev=s0 \
...other args...
or a TLS client:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \
-device isa-serial,chardev=s0 \
...other args...
If operating in server mode, the same set of TLS credentials can be used for both character devices and the VNC server
All character devices can have their output logged to a plain file
$QEMU -chardev stdio,id=mon0,logfile=monitor.log \
-mon chardev=mon0 \
...other args...
will result in logging of all output on the HMP monitor. The logappend parameter controls whether the file is truncated at startup, defaulting to append.
GUI
SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are the only usable transport when OpenGL is enabled.
The "-vnc" and "-display vnc" options support ipv4=off and ipv6=off. Previously, only "ipv4" and "ipv6" were available.
Support getting input events directly from linux evdev devices, using "-object input-linux,id=$name,evdev=/dev/input/event$nr"
Support for ncurses on Windows.
Monitor
Support for a new "detach" option to "dump-guest-memory". The option dumps memory in the background. Progress can be queried using the new commands "info dump" (human monitor) and "query-dump"
(QMP), as well as through the QMP event DUMP_COMPLETED.
Support for a new command "input-send-event" replacing the previous experimental command "x-input-send-event".
The human monitor command "drive_add -n" allows creating block devices that do not have a BlockBackend (similar to QMP blockdev-add).
Migration
Postcopy is not experimental anymore; the x-postcopy-ram capability was renamed to postcopy-ram.
Network
SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
mirror filter which can mirror traffic from netdev to socket chardev, vice versa.
redirector filter which can redirect traffic from netdev to socket chardev, vice versa.
Secret passing system
There is a new standard mechanism for securely passing secret credentials to QEMU, which will be used in combination with other subsystems. For example, network block device passwords, block device
decryption passphrases, or TLS private key passwords can all use the same mechanism.
Passing credentials inline (insecure, only for developer testing)
$QEMU -object secret,id=sec0,data=letmein
Passing credentials via a plain file
$QEMU -object secret,id=sec0,file=mypassword.txt
Passing credentials via a base64 encoded file
$QEMU -object secret,id=sec0,file=mypassword.txt,format=base64
Passing credentials inline, encrypted with a master key (recommended for management apps)
$QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
-object secret,id=sec0,data=[base64 ciphertext],\
keyid=master0,iv=[base64 IV],format=base64
TLS credential handling
It is now possible to use encrypted TLS private keys with credentials for TLS servers/clients in QEMU. The password for unlocking the private key is provided by a secret object whose id is specified
via the passwordid' property
$QEMU -object secret,id=tlskey0,file=mypassword.txt \
-object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \
...other args...
Block devices
Block device throttling now support specifying a burst length as well. While previously the burst could only be specified as a total number of IOPS (e.g. 10000 IOPS), more complex specifications
such as "10000 IOPS for 10 seconds" are now possible. Note that, because of the implementation of the algorithm, a guest that is allowed "10000 IOPS for 10 seconds" will also be allowed to perform
for example 5000 IOPS for 20 seconds.
The curl block device driver now supports HTTP authentication and HTTP proxy authentication via the new properties 'username', 'password-secret', 'proxy-username' and 'proxy-password-secret'.
$QEMU -object secret,id=sec0,file=password.txt \
-object secret,id=sec1,file=proxy-password.txt \
-drive driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \
...other args...
The RBD block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.b64,format=base64 \
-drive driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \
...other args...
The iSCSI block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.txt \
-iscsi user=fred,password-secret=sec0 \
-drive file=iscsi://192.168.122.1:3260/iqn.2013-12.com.example%3Aiscsi-chap-netpool/1
NB this syntax requires that all iSCSI backed drives use the same password
The qemu-io tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a
block device backend. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect qemu-io to an NBD server
using TLS
qemu-io -c "read 0 512" \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
The qemu-nbd tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a
block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect
qemu-nbd to an HTTP server with authentication and export it over NBD using TLS
qemu-nbd --readonly \
--object secret,id=sec0,file=passwd.txt \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
The qemu-img tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a
block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to a remote HTTP
server with authentication
qemu-img info --object secret,id=sec0,file=passwd.txt \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
Support for deleting snapshots on Sheepdog devices.
The NBD client and server now support use of TLS. When enabled, the server will mandate that the client also enable TLS and drop any client which attempts to continue in plain text. To run a
qemu-nbd server with TLS:
qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--tls-creds tls0 \
/path/to/disk/image
To connect to a server that requires TLS with qemu-img:
qemu-img info --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
To start a VM pointing to the NBD server
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
...other args...
The NBD server gained support for specifying an export name. When the client negotiates use of the new style NBD protocol the default export name is "". The --exportname argument allows this to
be customized:
qemu-nbd --exportname myvol /path/to/myvol.qcow2
QEMU gained support for volumes formatted with the LUKSv1 data format. To format a new LUKS volume
qemu-img create -f luks \
--object secret,id=sec0,file=passphrase.txt \
-o key-secret=sec0 \
demo.luks 10G
To boot a guest from a LUKS volume:
$QEMU -object secret,id=sec0,file=passphrase.txt \
-drive driver=luks,key-secret=sec0,file=demo.luks \
...other args...
The LUKS implementation is intended to be compatible with that used by cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably between them. The only caveat is that some less
common cipher/hash algorithms are not yet supported by QEMU. It is also not yet possible to manage key-slots with qemu-img.
TCG
Record/replay support extended to cover character devices.
Tracing
The "stderr" tracing backend was replaced by the "log" tracing backend, which is now the default. This backend prints tracing messages to the destination specified with the "-D" option.
In addition to the existing "-trace file=...", tracepoints can be enabled using "-trace [enable=]...". The new option also supports globbing, as in "-trace bdrv_aio_*".
In addition to the existing "-trace file=...", tracepoints can be enabling using "-d trace:...". This option also supports globbing, as in "-d trace:bdrv_aio_*".
When using "-daemonize", the "-D" option also provides the file to which QEMU's stderr output will be redirected.
TCG supports a new "-dfilter" option to limit exec, out_asm, op and op_opt logging to a range of guest physical addresses. ARM also applies the filter to in_asm logging; this will be extended to
other targets in future releases (FIXME: probably should do it now instead...)
A "%d" substring in the log file name is replaced with QEMU's pid.
User-mode emulation
The default CPU for ppc64 and ppc64le is now POWER8
|
|
www/firefox: security fix
Revisions pulled up:
- www/firefox/Makefile 1.249-1.250
- www/firefox/PLIST 1.105-1.106
- www/firefox/distinfo 1.242-1.243
- www/firefox/mozilla-common.mk 1.73
- www/firefox/patches/patch-aa 1.45
- www/firefox/patches/patch-config_external_moz.build 1.11
- www/firefox/patches/patch-config_system-headers 1.18
- www/firefox/patches/patch-dom_media_gstreamer_GStreamerAllocator.cpp deleted
- www/firefox/patches/patch-dom_media_moz.build 1.3
- www/firefox/patches/patch-gfx_skia_generate__mozbuild.py 1.4
- www/firefox/patches/patch-gfx_skia_moz.build 1.11
- www/firefox/patches/patch-gfx_skia_skia_src_core_SkUtilsArm.cpp 1.2
- www/firefox/patches/patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp deleted
- www/firefox/patches/patch-gfx_skia_skia_src_opts_memset.arm.S deleted
- www/firefox/patches/patch-gfx_thebes_moz.build 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb.c 1.3
- www/firefox/patches/patch-media_libcubeb_src_cubeb__alsa.c 1.14
- www/firefox/patches/patch-media_libcubeb_src_moz.build 1.7
- www/firefox/patches/patch-media_libtheora_moz.build 1.5
- www/firefox/patches/patch-pb deleted
- www/firefox/patches/patch-pc deleted
- www/firefox/patches/patch-toolkit_library_moz.build 1.5
- www/firefox/patches/patch-xpcom_reflect_xptcall_md_unix_moz.build 1.5
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 13 20:37:33 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
Log Message:
Update to 45.0.2
Changelog:
Fixed:
Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)
Fix a crash impacting the video playback with Media Source Extension (1258562)
Fix a regression impacting some specific uploads (1255735)
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 27 16:22:40 UTC 2016
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox/patches: patch-aa patch-config_external_moz.build
patch-config_system-headers patch-dom_media_moz.build
patch-gfx_skia_generate__mozbuild.py patch-gfx_skia_moz.build
patch-gfx_skia_skia_src_core_SkUtilsArm.cpp
patch-gfx_thebes_moz.build patch-media_libcubeb_src_cubeb.c
patch-media_libcubeb_src_cubeb__alsa.c
patch-media_libcubeb_src_moz.build patch-media_libtheora_moz.build
patch-toolkit_library_moz.build
patch-xpcom_reflect_xptcall_md_unix_moz.build
Removed Files:
pkgsrc/www/firefox/patches:
patch-dom_media_gstreamer_GStreamerAllocator.cpp
patch-gfx_skia_skia_src_opts_SkBitmapProcState__opts__arm.cpp
patch-gfx_skia_skia_src_opts_memset.arm.S patch-pb patch-pc
Log Message:
Update to 46.0
* Drop buildlink to gstreamer1
Changelog:
New
Improved security of the JavaScript Just In Time (JIT) Compiler
GTK3 integration (GNU/Linux only)
Fixed
Correct rendering for scaled SVGs that use a clip and a mask
Various security fixes
Screen reader behavior with blank spaces in Google Docs corrected
Changed
WebRTC fixes to improve performance and stability
Developer
Display dominator trees in Memory tool
Allocation and garbage collection pause profiling in the performance panel
Launch responsive mode from the Style Editor @media sidebar
HTML5
Added support for document.elementsFromPoint
Added HKDF support for Web Crypto API
Fixed in Firefox 46
2016-48 Firefox Health Reports could accept events from untrusted domains
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-46 Elevation of privilege with chrome.tabs.update API in web extensions
2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
2016-42 Use-after-free and buffer overflow in Service Workers
2016-41 Content provider permission bypass allows malicious application to access data
2016-40 Privilege escalation through file deletion by Maintenance Service updater
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
|
|
devel/xulrunner38: security fix
www/firefox38: security fix
Revisions pulled up:
- devel/xulrunner38/Makefile 1.8
- devel/xulrunner38/PLIST 1.2
- www/firefox38/Makefile 1.19
- www/firefox38/distinfo 1.17
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 27 21:21:18 UTC 2016
Modified Files:
pkgsrc/www/firefox38: Makefile distinfo
Log Message:
Update to 38.8.0
Changelog:
Fixed in Firefox ESR 38.8
2016-47 Write to invalid HashMap entry through JavaScript.watch()
2016-44 Buffer overflow in libstagefright with CENC offsets
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-29 Same-origin policy violation using performance.getEntries and history navigation with session restore
2016-15 Use-after-free in NSS during SSL connections in low memory
2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed May 4 09:56:26 UTC 2016
Modified Files:
pkgsrc/devel/xulrunner38: Makefile PLIST
Log Message:
Update to 38.8.0
* Sync with firefox38-38.8.0
|
|
|
|
www/typo3_62: security fix
Revisions pulled up:
- www/typo3_62/Makefile 1.15
- www/typo3_62/PLIST 1.11
- www/typo3_62/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 7 03:12:38 UTC 2016
Modified Files:
pkgsrc/www/typo3_62: Makefile PLIST distinfo
Log Message:
Update typo3_62 package to 6.2.22 (TYPO3 6.2.22 LTS).
6.2.20 contains security fix.
2016-04-26 412080d [RELEASE] Release of TYPO3 6.2.22 (TYPO3 Release Team)
2016-04-26 1adf60b #75860 [BUGFIX] Double encoding in image title-tag (Frank Naegler)
2016-04-25 ec7b229 #75519 [BUGFIX] Remember not rendered checkboxes in TCA treeSelect (Frans Saris)
2016-04-20 576677d #73735 [BUGFIX] Check if folder is within the filemount (Frans Saris)
2016-04-18 8513140 #75548 [BUGFIX] RTE: Show content of link style dropdown again (Markus Klein)
2016-04-18 aed3061 #73567 [BUGFIX] Ignore cURL proxy header block (Albrecht Köhnlein)
2016-04-12 0dd0ce1 [TASK] Set TYPO3 version to 6.2.22-dev (TYPO3 Release Team)
2016-04-12 cd53673 [RELEASE] Release of TYPO3 6.2.21 (TYPO3 Release Team)
2016-04-12 5645614 #75541 [BUGFIX] Add missing bracket in EXT:rtehtmlarea to fix syntax error (Andreas Fernandez)
2016-04-12 c236b4d [TASK] Set TYPO3 version to 6.2.21-dev (TYPO3 Release Team)
2016-04-12 efbf8a9 [RELEASE] Release of TYPO3 6.2.20 (TYPO3 Release Team)
2016-04-12 1fcfd5b #75055 [SECURITY] Disallow login with empty password (Nicole Cordes)
2016-04-12 5a8e0a1 #28175 [SECURITY] Limit user access in workspace previews (Nicole Cordes)
2016-04-12 c6dcf83 #51908 [SECURITY] Prevent XSS in ElementBrowser (Markus Klein)
2016-04-12 ef368ac #75164 [SECURITY] Prevent XSS in SelectMultipleSideBySideElement (Nicole Cordes)
2016-04-12 e7ca585 #73459 [SECURITY] Fix arbitrary file disclosure in form extension (Steffen Müller)
2016-04-12 ab32091 #75022 [BUGFIX] Load XML files of Extension Manager properly (Andreas Fernandez)
2016-04-07 ab3cc83 #74131 [BUGFIX] WinCache 2.0 and newer have no opcode cache (Alexander Opitz)
2016-04-06 f5219a6 #75423 [TASK] Allow installation of composer installers 1.2.x (Helmut Hummel)
2016-04-04 08ef6cd #69773 [BUGFIX] Warning when clearing all caches from within install tool (Bernhard Kraft)
2016-03-31 d5d3832 #75273 [TASK] Loosen version constraint for TYPO3 CMS Composer Installers (Christian Opitz)
2016-03-31 ccea306 #73631 [BUGFIX] only trim leading slash from section name (Daniel Neugebauer)
2016-03-30 c36eb54 #75156 [BUGFIX] Add reference count to delete message (Gianluigi Martino)
2016-03-29 4b2594f #75283 [BUGFIX] Use proper quotation in phpdoc of ExtensionManagementUtility::addService() (Andreas Fernandez)
2016-03-29 d767d59 #75287 [BUGFIX] Fix typo in BooleanNode exception message (Sascha Egerer)
2016-03-23 297a828 #75242 [BUGFIX] Use `modTSconfig` for default language label, if set (Andreas Fernandez)
2016-03-12 c5cec73 #72606 [BUGFIX] Prevent TYPO3.settings in ajax requests (Nicole Cordes)
2016-03-11 e9c6fb9 #74815 [TASK] Add unit tests for TYPO3SEARCH markers (Tymoteusz Motylewski)
2016-03-10 7e934ec #74508 [BUGFIX] Load XML files of t3editor properly (Andreas Fernandez)
2016-03-06 25ee28e #72225 [BUGFIX] Workspace page previews collide with generated preview links (Oliver Hader)
2016-03-05 9db88b5 #74127 [BUGFIX] Ensure t3d compatibility for supported TYPO3 version (Nicole Cordes)
2016-03-04 3fbe9cd #70373 [BUGFIX] Adjust UserAgent checks in RTE to detect Edge correctly (Benjamin Kott)
2016-03-04 54e3a4d #71094 [TASK] Keep selected page active after save & close (Gianluigi Martino)
2016-03-04 5ecde7c #69346 [TASK] EXT:form - Update and optimize documentation (Björn Jacob)
2016-03-03 b389089 #72886 [TASK] Add info about Apache version when using mod_filter (Eric Chavaillaz)
2016-02-25 8060388 #73243 [BUGFIX] Stage buttons shown in frontend without user being repsonsible (Oliver Hader)
|
|
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.18
- net/samba4/PLIST 1.7
- net/samba4/distinfo 1.10
- net/samba4/patches/patch-lib_nss__wrapper_wscript deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 7 03:09:33 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/samba4/patches: patch-lib_nss__wrapper_wscript
Log Message:
Update samba4 to 4.3.8, which contains security fix.
This release fixes some regressions introduced by the last security fixes.
Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
bugs addressing these regressions and more information.
Changes since 4.3.8:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11822: s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11780: smbd: Only check dev/inode in open_directory, not the full
stat().
* BUG 11789: pydsdb: Fix returning of ldb.MessageElement.
o Berend De Schouwer <berend.de.schouwer@gmail.com>
* BUG 11643: docs: Add example for domain logins to smbspool man page.
o Günther Deschner <gd@samba.org>
* BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.
o Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
* BUG 8093: access based share enum: Handle permission set in configuration
files.
o Volker Lendecke <vl@samba.org>
* BUG 11816: nwrap: Fix the build on Solaris.
* BUG 11827: vfs_catia: Fix memleak.
* BUG 11878: smbd: Avoid large reads beyond EOF.
o Stefan Metzmacher <metze@samba.org>
* BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
dereferencing an ioctl response.
* BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
* BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
ldap_add.
* BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
restored.
* BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
list.
* BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
* BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
* BUG 11847: Only validate MIC if "map to guest" is not being used.
* BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
option for testing.
* BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
* BUG 11858: Allow anonymous smb connections.
* BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
* BUG 11872: Fix 'wbinfo -u' and 'net ads search'.
o Noel Power <noel.power@suse.com>
* BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.
o Garming Sam <garming@catalyst.net.nz>
* BUG 11789: build: Mark explicit dependencies on pytalloc-util.
o Partha Sarathi <partha@exablox.com>
* BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
infolevel.
o Jorge Schrauwen <sjorge@blackdot.be>
* BUG 11816: configure: Don't check for inotify on illumos.
o Uri Simchoni <uri@samba.org>
* BUG 11691: winbindd: Return trust parameters when listing trusts.
* BUG 11753: smbd: Ignore SVHDX create context.
* BUG 11763: passdb: Add linefeed to debug message.
* BUG 11788: build: Fix disk-free quota support on Solaris 10.
* BUG 11798: build: Fix build when '--without-quota' specified.
* BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set.
* BUG 11852: libads: Record session expiry for spnego sasl binds.
o Hemanth Thummala <hemanth.thummala@nutanix.com>
* BUG 11740: Real memory leak(buildup) issue in loadparm.
* BUG 11840: Mask general purpose signals for notifyd.
|
|
net/ntp4: security fix
Revisions pulled up:
- net/ntp4/Makefile 1.92
- net/ntp4/PLIST 1.21
- net/ntp4/distinfo 1.26
---
Module Name: pkgsrc
Committed By: wen
Date: Wed Apr 27 15:59:19 UTC 2016
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Log Message:
Update to 4.2.8p7
Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
|
|
www/squid3: security fix, build fix
Revisions pulled up:
- www/squid3/Makefile 1.65
- www/squid3/distinfo 1.51
- www/squid3/patches/patch-src_eui_Eui48.cc deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 8 23:29:19 UTC 2016
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Removed Files:
pkgsrc/www/squid3/patches: patch-src_eui_Eui48.cc
Log Message:
Update squid3 to 3.5.19, 3.5.18 contains security fix.
Changes to squid-3.5.19 (09 May 2016):
- Regression Bug 4515: interception proxy hangs
Changes to squid-3.5.18 (06 May 2016):
- Bug 4510: stale comment about 32KB limit on shared memory cache entries
- Bug 4509: EUI compile error on NetBSD
- Bug 4501: HTTP/1.1: normalize Host header
- Bug 4498: URL-unescape the login-info after extraction from URI
- Bug 4455: SegFault from ESIInclude::Start
- Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
- Fix TLS/SSL server handshake alert handling
|
|
|
|
graphics/skencil: build fix
Revisions pulled up:
- graphics/skencil/Makefile 1.35
- graphics/skencil/distinfo 1.7
- graphics/skencil/patches/patch-ab 1.4
- graphics/skencil/patches/patch-ad 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 09:59:27 UTC 2016
Modified Files:
pkgsrc/graphics/skencil: Makefile distinfo
pkgsrc/graphics/skencil/patches: patch-ab patch-ad
Log Message:
Fix rpath for X11 libraries. Bump revision.
|
|
graphics/gdchart: build fix
Revisions pulled up:
- graphics/gdchart/Makefile 1.39
- graphics/gdchart/distinfo 1.13
- graphics/gdchart/patches/patch-ac 1.9
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 09:58:49 UTC 2016
Modified Files:
pkgsrc/graphics/gdchart: Makefile distinfo
pkgsrc/graphics/gdchart/patches: patch-ac
Log Message:
Fix rpath for X libraries.
|
|
games/xevil: build fix
Revisions pulled up:
- games/xevil/distinfo 1.11
- games/xevil/patches/patch-ah 1.3
- games/xevil/patches/patch-ai 1.3
- games/xevil/patches/patch-ao 1.4
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 09:57:54 UTC 2016
Modified Files:
pkgsrc/games/xevil: distinfo
pkgsrc/games/xevil/patches: patch-ah patch-ai patch-ao
Log Message:
Ensure intptr_t is defined in various places.
|
|
games/darktable: build fix
Revisions pulled up:
- graphics/darktable/Makefile 1.62
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 09:58:25 UTC 2016
Modified Files:
pkgsrc/graphics/darktable: Makefile
Log Message:
Allow use of deprecated interfaces.
|
|
games/wormz: build fix
Revisions pulled up:
- games/wormz/Makefile 1.26
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 09:57:17 UTC 2016
Modified Files:
pkgsrc/games/wormz: Makefile
Log Message:
Not MAKE_JOBS_SAFE.
|
|
games/flightgear: build fix
Revisions pulled up:
- games/flightgear/distinfo 1.7
- games/flightgear/patches/patch-src_Canvas_ShivaVG_src_shDefs.h 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 7 09:56:57 UTC 2016
Modified Files:
pkgsrc/games/flightgear: distinfo
Added Files:
pkgsrc/games/flightgear/patches: patch-src_Canvas_ShivaVG_src_shDefs.h
Log Message:
Disable legacy request as it actually breaks with semi-modern Mesa
version.
|
