Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
www/apache24: security update
Revisions pulled up:
- www/apache24/Makefile 1.46
- www/apache24/PLIST 1.22
- www/apache24/distinfo 1.25
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 5 16:13:53 UTC 2016
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
Log Message:
Update apache24 to 2.4.23.
(NOTE: Versions 2.4.22 and 2.4.21 were not released.)
Changes from 2.4.20 are too many to write here, please refer CHANGES file.
And Apache 2.4.23 fixes CVE-2016-4979; X509 Client certificate based
authentication can be bypassed when HTTP/2 is used.
To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/apache24/PLIST
cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/apache24/distinfo
|
|
lang/go: security update
Revisions pulled up:
- lang/go/Makefile 1.43
- lang/go/distinfo 1.37
- lang/go/version.mk 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Mon Jul 18 20:37:40 UTC 2016
Modified Files:
pkgsrc/lang/go: Makefile distinfo version.mk
Log Message:
Update Go to 1.6.3.
A security-related issue was recently reported in Go's net/http/cgi =
package and
net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 =
contain
a fix for this issue.
Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation =
flaw in
the CGI components resulting in the HTTP_PROXY environment variable =
being set
by the incoming Proxy header. This environment variable was also used to =
set
the outgoing proxy, enabling an attacker to insert a proxy into outgoing
requests of a CGI program.
This is CVE-2016-5386 and was addressed by this change:
https://golang.org/cl/25010, tracked in this issue:
https://golang.org/issue/16405
The Go team would like to thank Dominic Scheirlinck for coordinating =
disclosure
of this issue across multiple languages and CGI environments. Read more =
about
"httpoxy" here: https://httpoxy.org/
Go 1.6.3 also adds support for macOS Sierra. See =
https://golang.org/issue/16354
for details.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/go/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/go/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/go/version.mk
|
|
net/bind910: security update
Revisions pulled up:
- net/bind910/Makefile 1.23
- net/bind910/PLIST 1.7
- net/bind910/distinfo 1.18
- net/bind910/patches/patch-lib_dns_rbt.c 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 19 01:08:05 UTC 2016
Modified Files:
pkgsrc/net/bind910: Makefile PLIST distinfo
pkgsrc/net/bind910/patches: patch-lib_dns_rbt.c
Log Message:
Update bind910 to 9.10.4pl2 (BIND 9.10.4-P2).
Changes from 9.10.3-P4 to 9.10.4 are too many to write here, please refer
CHANGES file.
--- 9.10.4-P2 released ---
4406. [bug] getrrsetbyname with a non absolute name could
trigger an infinite recursion bug in lwresd
and named with lwres configured if when combined
with a search list entry the resulting name is
too long. (CVE-2016-2775) [RT #42694]
4405. [bug] Change 4342 introduced a regression where you could
not remove a delegation in a NSEC3 signed zone using
OPTOUT via nsupdate. [RT #42702]
4387. [bug] Change 4336 was not complete leading to SERVFAIL
being return as NS records expired. [RT #42683]
--- 9.10.4-P1 released ---
4368. [bug] Fix a crash when calling "rndc stats" on some
Windows builds because some Visual Studio compilers
generated crashing code for the "%z" printf()
format specifier. [RT #42380]
4366. [bug] Address race condition when updating rbtnode bit
fields. [RT #42379]
4363. [port] win32: Disable explicit triggering UAC when running
BINDInstall.
--- 9.10.4 released ---
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/net/bind910/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind910/PLIST
cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/bind910/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind910/patches/patch-lib_dns_rbt.c
|
|
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.57
- net/bind99/distinfo 1.39
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 19 01:05:20 UTC 2016
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.9pl2 (BIND 9.9.9-P2).
--- 9.9.9-P2 released ---
4406. [bug] getrrsetbyname with a non absolute name could
trigger an infinite recursion bug in lwresd
and named with lwres configured if when combined
with a search list entry the resulting name is
too long. (CVE-2016-2775) [RT #42694]
4405. [bug] Change 4342 introduced a regression where you could
not remove a delegation in a NSEC3 signed zone using
OPTOUT via nsupdate. [RT #42702]
4387. [bug] Change 4336 was not complete leading to SERVFAIL
being return as NS records expired. [RT #42683]
--- 9.9.9-P1 released ---
4366. [bug] Address race condition when updating rbtnode bit
fields. [RT #42379]
4363. [port] win32: Disable explicit triggering UAC when running
BINDInstall.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/net/bind99/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/net/bind99/distinfo
|
|
|
|
www/links: security update
www/links-gui: security update
Revisions pulled up:
- www/links-gui/Makefile 1.75
- www/links/Makefile 1.65
- www/links/Makefile.common 1.65
- www/links/distinfo 1.65
- www/links/patches/patch-ab 1.9
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun Jul 3 10:58:03 UTC 2016
Modified Files:
pkgsrc/www/links: Makefile Makefile.common distinfo
pkgsrc/www/links-gui: Makefile
pkgsrc/www/links/patches: patch-ab
Log Message:
Update www/links{,-gui} to 2.13
Changes:
=== RELEASE 2.13 ===
Sat Jun 18 14:15:55 CEST 2016 mikulas:
Page up and page down scroll slightly less than a page
Fri Jun 17 23:57:23 CEST 2016 mikulas:
Use domain list from publicsuffix.org to prevent setting cookies on
public domains.
Also fix a bug that existed in previous links versions:
bla.com could register cookie for la.com or a.com
Sat Jun 11 17:59:17 CEST 2016 mikulas:
Fixed non-working mouse wheel on Syllable
Workaround for getaddrinfo bug on Syllable
Sat Jun 11 15:16:41 CEST 2016 mikulas:
Support horizontal scroll wheel on Windows
Tue Jun 7 19:10:11 CEST 2016 mikulas:
Fixed a bug in the X driver that characters with unicode codes 128-255
could not be entered with some locales
Thu Jun 2 19:19:56 CEST 2016 mikulas:
Security bug fixed: Use separate unix domain socket for anonymous
instances, so that the anonymous instance won't connect to non-anonymous
one
Sun May 8 21:20:38 CEST 2016 mikulas:
<samp> element
Sun May 8 20:33:37 CEST 2016 mikulas:
In case of certification verification failure, don't pop up multiple
dialog windows asking for the same server
Sun Mar 13 19:10:27 CET 2016 mikulas:
Do not lookup .onion addresses directly, as specified by rfc7686
Wed Jan 13 01:16:49 CET 2016 Jakub Bogusz <qboosh%pld-linux.org@localhost>:
Updated Polish Translation
Wed Oct 21 19:25:09 CEST 2015 mikulas:
Security enhancement: Warn if the SSL/TLS method was downgraded
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 pkgsrc/www/links/Makefile \
pkgsrc/www/links/Makefile.common pkgsrc/www/links/distinfo
cvs rdiff -u -r1.74 -r1.75 pkgsrc/www/links-gui/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/links/patches/patch-ab
|
|
geography/libnova: build fix
Revisions pulled up:
- geography/libnova/Makefile 1.2
- geography/libnova/PLIST 1.2
- geography/libnova/distinfo 1.3
---
Module Name: pkgsrc
Committed By: is
Date: Thu Jul 14 12:52:48 UTC 2016
Modified Files:
pkgsrc/geography/libnova: Makefile PLIST distinfo
Log Message:
Update to libnova-0.15.
Compiles again.
|
|
net/haproxy: security fix
Revisions pulled up:
- net/haproxy/Makefile 1.28
- net/haproxy/distinfo 1.23
- net/haproxy/patches/patch-Makefile 1.2
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Jul 3 14:06:45 UTC 2016
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
pkgsrc/net/haproxy/patches: patch-Makefile
Log Message:
Update to newer version 1.6.6.
Changes:
- BUG/MAJOR: fix listening IP address storage for frontends
- BUG/MINOR: fix listening IP address storage for frontends (cont)
- DOC: Fix typo so fetch is properly parsed by Cyril's converter
- BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
- BUG/MEDIUM: stick-tables: fix breakage in table converters
- BUG/MEDIUM: dns: unbreak DNS resolver after header fix
- BUILD: fix build on Solaris 11
- CLEANUP: connection: fix double negation on memcmp()
- BUG/MEDIUM: stats: show servers state may show an servers from another backend
- BUG/MEDIUM: fix risk of segfault with "show tls-keys"
- BUG/MEDIUM: sticktables: segfault in some configuration error cases
- BUG/MEDIUM: lua: converters doesn't work
- BUG/MINOR: http: add-header: header name copied twice
- BUG/MEDIUM: http: add-header: buffer overwritten
- BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
- BUG/MINOR: http: url32+src should use the big endian version of url32
- BUG/MINOR: http: url32+src should check cli_conn before using it
- DOC: http: add documentation for url32 and url32+src
- BUG/MINOR: fix http-response set-log-level parsing error
- MINOR: systemd: Use variable for config and pidfile paths
- MINOR: systemd: Perform sanity check on config before reload (cherry picked from commit 68535bddf305fdd22f1449a039939b57245212e7)
- BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits
- BUG/MINOR: init: ensure that FD limit is raised to the max allowed
- BUG/MEDIUM: external-checks: close all FDs right after the fork()
- BUG/MAJOR: external-checks: use asynchronous signal delivery
- BUG/MINOR: external-checks: do not unblock undesired signals
- BUILD/MEDIUM: rebuild everything when an include file is changed
- BUILD/MEDIUM: force a full rebuild if some build options change
- BUG/MINOR: srv-state: fix incorrect output of state file
- BUG/MINOR: ssl: close ssl key file on error
- BUG/MINOR: http: fix misleading error message for response captures
- BUG/BUILD: don't automatically run "make" on "make install"
- DOC: add missing doc for http-request deny [deny_status <status>]
Drop one patch included upstream.
|
|
|
|
textproc/xerces-c: security fix
Revisions pulled up:
- textproc/xerces-c/Makefile 1.47
- textproc/xerces-c/distinfo 1.18
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jul 3 11:17:15 UTC 2016
Modified Files:
pkgsrc/textproc/xerces-c: Makefile distinfo
Log Message:
Updated xerces-c to 3.1.4.
Changes not found.
|
|
|
|
misc/calibre1: build fix
Revisions pulled up:
- misc/calibre1/Makefile 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 2 08:51:40 UTC 2016
Modified Files:
pkgsrc/misc/calibre1: Makefile
Log Message:
Switch to ImageMagick6 to make this build again.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/misc/calibre1/Makefile
|
|
|
|
|
|
|
|
This repo contains the .NET Core runtime, called CoreCLR, and the base library,
called mscorlib. It includes the garbage collector, JIT compiler, base .NET
data types and many low-level classes.
|
|
|
|
Bump PKGREVISION.
|
|
* Replace interpreter of tools/migrate-2.0.x-2.1.0.php, too.
* Change post-patch target to pre-configure for easier maintenance of
patch files.
* Drop execute bit from lib/syncobjects/syncresolverecipient.php.
|
|
+ samba-4.3.10.
|
|
|
|
As www/wordpress, this is a maintenance and security release.
I could not find Japanese version specific changes.
|
|
to _OPSYS_SYSTEM_RPATH
|
|
|
|
No PKGREVISION bump required as wouldn't build with older versions.
|
|
|
|
This fixes build with modern ImageMagick and with PHP 7.0 too.
3.4.2
- Bug: IM143 Correct ifdef around setOpacity and
localContrastImage.
- Bug: IM147 Imagick was Borging PHP's error handler.
3.4.1
- Bug 71742 - arrays that contain data that is held by reference
gives error.
- Added:
* Imagick::autoGammaImage([int channel = CHANNEL_ALL])
* Imagick::autoOrient()
* Imagick::compositeImageGravity(Imagick $image, int
* COMPOSITE_CONSTANT, int GRAVITY_CONSTANT)
* Imagick::localContrastImage(float radius, float strength)
* Imagick::DIRECTION_LEFT_TO_RIGHT
* Imagick::DIRECTION_RIGHT_TO_LEFT
* Imagick::SPARSECOLORMETHOD_MANHATTAN
* ImagickDraw::getOpacity() : float
* ImagickDraw::setOpacity(float opacity) :bool
* ImagickDraw::getFontResolution() : array
* ImagickDraw::setFontResolution(float x, float y) : bool
* ImagickDraw::getTextDirection() : bool
* ImagickDraw::setTextDirection(int direction) : bool
* ImagickDraw::getBorderColor() : ImagickPixel
* ImagickDraw::setBorderColor(ImagickPixel color) : bool
* ImagickDraw::getDensity() : string|null
* ImagickDraw::setDensity(string density_string) : bool
* ImagickPixel::setColorFromPixel(ImagickPixel $srcPixel) : bool
3.4.0
- No changes from 3.4.0RC6.
3.4.0RC6
- Added Imagick::evaluateImages(int EVALUATE_CONSTANT) : Imagick
- Imagick::setImageWhitePoint, Imagick::setImageRedPrimary,
Imagick::setImageGreenPrimary, Imagick::setImageBluePrimary now
take 3 params when compiled against IM7.
- Imagick::getImageWhitePoint, Imagick::getImageRedPrimary,
Imagick::getImageGreenPrimary, Imagick::getImageBluePrimary now
return 3 values when compiled against IM7.
3.4.0RC5
- Imagick::subImageMatch() added parameters.
- wrong type for zend_parse_parameters.
3.4.0RC4
- Remove duplicated definitions of class constants.
3.4.0RC3
- Imagick::adaptiveResizeImage, Imagick::cropThumbnailImage
Imagick::resizeImage, Imagick::scaleImage, and
Imagick::thumbnailImage have all had a rounding bug fixed.
- Imagick::colorizeImage() and Imagick::tintImage were using the
wrong behaviour.
- Imagick::importImagePixels regression fixed.
- Imagick::subImageMatch use correct error metric in IM7
- Added Imagick::similarityImage() which is an alias to
Imagick::subImageMatch()
3.4.0RC2
- PHP 7
- ImageMagick 7.
- Minimum versions supported are now PHP >= 5.4.0 and ImageMagick
>= 6.5.3-10.
- Added methods:
* Imagick::getConfigureOptions
* Imagick::getFeatures
* Imagick::getHDRIEnabled
* Imagick::setImageChannelMask (IM7 only)
- Added constants:
* Imagick::CHANNEL_READ_MASK
* Imagick::CHANNEL_WRITE_MASK
* Imagick::CHANNEL_META
- ImagickPixel::getColorQuantum,
ImagickPixel::getColorValueQuantum and
ImagickPixel::setColorValueQuantum now correctly use floats when
Imagick was compiled against a HDRI version of ImageMagick
- Imagick::exportImagePixels works for all storage types
- Version number in extension header
3.3.0
- Added ImagickKernel class.
- Added methods:
* Imagick::brightnessContrastImage()
* Imagick::colorMatrixImage()
* Imagick::deleteImageProperty()
* Imagick::filter()
* Imagick::forwardFourierTransformImage()
* Imagick::getAntiAlias()
* Imagick::getImageCompression()
* Imagick::getRegistry()
* Imagick::getQuantum()
* Imagick::identifyFormat()
* Imagick::inverseFourierTransformImage()
* Imagick::isPixelSimilarQuantum()
* Imagick::listRegistry()
* Imagick::morphology()
* Imagick::rotationalBlurImage()
* Imagick::selectiveBlurImage()
* Imagick::setAntiAlias()
* Imagick::setImageBiasQuantum()
* Imagick::setProgressMonitor()
* Imagick::setRegistry()
* Imagick::statisticImage()
* Imagick::subImageMatch()
* ImagickPixel::getColorQuantum()
- Added constants:
* Imagick::RESOURCETYPE_TIME
* Imagick::RESOURCETYPE_THROTTLE
* Imagick::CHANNEL_RGBA
* Imagick::ALPHACHANNEL_BACKGROUND
* Imagick::FUNCTION_ARCSIN
* Imagick::FUNCTION_ARCTAN
- Fixed Imagick::clutImage() parameter parsing
- Fixed tint image bug
- Fixed ImageMagick compiled with HDRI having quantum values as
floats
- Fixed memory leaks in:
* Imagick::getImageBlob()
* Imagick::getImagesBlob()
* Imagick::getImageChannelStatistics()
* Imagick::getImageFormat()
* Imagick::getImageMimetype()
* Imagick::getSamplingFactors()
* Imagick::identifyImage()
* Imagick::tintImage
- Fixed segfault when compiling statically
- ImagickDraw::setFontFamily no longer checks whether the font is
available.
- Removed Zend MM support
- Excluded deprecated methods:
* Imagick::getImageMatte()
* Imagick::colorFloodfillImage()
* Imagick::matteFloodfillImage()
* Imagick::paintFloodfillImage()
* Imagick::paintOpaqueImage()
* Imagick::paintTransparentImage()
* Imagick::mapImage()
* Imagick::recolorImage()
* Imagick::setImageIndex()
* Imagick::getImageIndex()
* Imagick::getImageSize()
* Imagick::setImageAttribute()
* Imagick::getImageAttribute()
* Imagick::mosaicImages()
* Imagick::averageImages()
* Imagick::flattenImages()
* Imagick::getImageChannelExtrema()
* Imagick::getImageExtrema()
- Ini file changes: Added imagick.skip_version_check.
- CI now compiles with CFLAGS="-Wno-deprecated-declarations
-Wdeclaration-after-statement -Werror"
3.2.0RC1
- Fix bug #66098: Segfault in zval_addref_p
3.2.0b2
- A lot of internal improvements on the code
- Added ImagickPixel::isPixelSimilar and deprecate
ImagickPixel::isSimilar #10
- Added imagick::smushimages
- Added imagick::blueshiftimage and imagick::clampimage
- Added Imagick::autolevelimage
- Added constants:
* Imagick::ALPHACHANNEL_REMOVE
* Imagick::ALPHACHANNEL_FLATTEN
* Imagick::RESOURCEENGINE_THREAD
* Imagick::COMPOSITE_CHANGEMASK
* Imagick::COMPOSITE_LINEARLIGHT
* Imagick::COMPOSITE_DIVIDE
* Imagick::COMPOSITE_DISTORT
* Imagick::COMPOSITE_BLUR
* Imagick::COMPOSITE_PEGTOPLIGHT
* Imagick::COMPOSITE_VIVIDLIGHT
* Imagick::COMPOSITE_PINLIGHT
* Imagick::COMPOSITE_LINEARDODGE
* Imagick::COMPOSITE_LINEARBURN
* Imagick::COMPOSITE_MATHEMATICS
* Imagick::COMPOSITE_MODULUSADD
* Imagick::COMPOSITE_MODULUSSUBTRACT
* Imagick::COMPOSITE_MINUSDST
* Imagick::COMPOSITE_DIVIDEDST
* Imagick::COMPOSITE_DIVIDESRC
* Imagick::COMPOSITE_MINUSSRC
* Imagick::COMPOSITE_DARKENINTENSITY
* Imagick::COMPOSITE_LIGHTENINTENSITY
* Imagick::FILTER_KAISER
* Imagick::FILTER_WELSH
* Imagick::FILTER_PARZEN
* Imagick::FILTER_LAGRANGE
* Imagick::FILTER_SENTINEL
* Imagick::FILTER_BOHMAN
* Imagick::FILTER_BARTLETT
* Imagick::FILTER_JINC
* Imagick::FILTER_SINCFAST
* Imagick::FILTER_ROBIDOUX
* Imagick::FILTER_LANCZOSSHARP
* Imagick::FILTER_LANCZOS2
* Imagick::FILTER_LANCZOS2SHARP
* Imagick::FILTER_ROBIDOUXSHARP
* Imagick::FILTER_COSINE
* Imagick::FILTER_SPLINE
* Imagick::FILTER_LANCZOSRADIUS
* Imagick::COMPRESSION_ZIPS
* Imagick::COMPRESSION_PIZ
* Imagick::COMPRESSION_PXR24
* Imagick::COMPRESSION_B44
* Imagick::COMPRESSION_B44A
* Imagick::COMPRESSION_LZMA
* Imagick::COMPRESSION_JBIG1
* Imagick::COMPRESSION_JBIG2
3.2.0b1
- Added Countable interface to Imagick class
- Added experimental support for Zend MM.
- Added additional parameter to writeImageFile to allow setting
format
- Distribute tests as part of the release
- Fixed Bug #65043: Destroy and clear method do the same things
- Fixed Bug #64945: ZEND_ACC_ALLOW_STATIC vs ZEND_ACC_STATIC
- A lot of internal refactoring: rewrite macros as functions,
clean up naming etc
|
|
p5-DateTime-Locale-1.05, p5-IO-Socket-SSL-2.029, p5-List-AllUtils-0.11,
p5-Moo-2.002004, sourcesans-fonts-2.020, sqlite-3.13.0,
wine-devel-1.9.13.
|
|
|
|
Bump PKGREVISION.
ok jperkin
|
|
- even if python bindings are not selected, it is needed as a tool
for build
- during build, it wants to run an executable from the build dir,
which fails to find a not-yet-installed shared librarie.
Fixed by calling it with appropriate LD_LIBRARY_PATH set
- fix PLIST
no PKGREVISION bump as it didn't build before.
|
|
|
|
pkgsrc change:
* Update MASTER_SITES.
* Now allow php70.
Changes are too many to write here, please refer ChangeLog.
|
|
|
|
|
|
|
|
Fixes PR pkg/51249.
|
|
|
|
|
|
Fixes build on NetBSD-current.
|
|
|
|
|
|
|
|
|
|
Add my login name to some lines to mark them as prepared for
after the freeze.
|
|
preprocessor and linker flags.
|
|
|
|
Changes:
2016.06.25:
[*] misc bug fixes and improvements
2016.06.23*:
[*] misc bug fixes and improvements
2016.06.22:
[gametrailers] Remove extractor
[*] misc bug fixes and improvements
2016.06.20:
[*] misc bug fixes and improvements
2016.06.19*:
[aftonbladet] Fix extraction
[closertotruth] Add extractor
[r7] Fix extraction
[*] misc bug fixes and improvements
|
|
|