| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
+ MesaLib-19.0.0, TECkit-2.5.9, latexmk-463b, libssh2-1.8.1,
musicpd-0.21.6, poppler-0.75.0, py-mercurial-4.9.1, talloc-2.2.0,
vala-0.44.1.
|
|
|
|
|
|
|
|
Changelog:
trust: Improve error handling if backed trust file is corrupted [#206]
url: Prefer upper-case letters in hex characters when encoding [#193]
trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [#202]
virtual: Prefer fixed closures to libffi closures [#196]
Fix issues spotted by coverity and cppcheck [#194, #204]
Build and test fixes [#164, #191, #199, #201]
|
|
|
|
Materia is a Material Design theme for GNOME/GTK based desktop
environments.
|
|
|
|
* Startup is now way faster, especially when using DoH servers.
* A new action: CLOAK is logged when queries are being cloaked.
* A cloaking rule can now map to multiple IPv4 and IPv6 addresses, with load-balancing.
* New option: refused_code_in_responses to return (or not) a REFUSED code on blacklisted queries. This is disabled by default, in order to work around a bug in Android Pie.
* Time-based restrictions are now properly handled in the generate-domains-blacklist.py script.
* Other improvements have been made to the generate-domains-blacklist.py script.
* The Windows service is now installed as NT AUTHORITY\NetworkService.
|
|
|
|
|
|
|
|
Changes since 5.7.2:
PLIST files are checked for non-ASCII characters. Even though pkgsrc
sets up the environment with LC_ALL=C, there are still some cases
of encoding errors. The case discussed on the tech-pkg mailing list
was lang/go112.
The checks for variable permissions ("may not be set in this file")
have been reworked completely. Many of the variable permissions had
different rules for Makefile and Makefile.common. These different
rules tried to prevent accidental overwriting of variables. Starting
in July 2018, pkglint got a check for redundant variables that is
far more accurate than the previous variable permissions. Therefore
these fine-grained permissions are no longer necessary. This removes
a few hundred wrong warnings about insufficient permissions.
The check that adds missing SHA512 hashes to distinfo files has been
fixed to work correctly in DIST_SUBDIR cases.
Improved the checks regarding tools that are used by a package but
not added to USE_TOOLS. For example, the "make" tool is always
available, as are all tools that are added to TOOLS_CREATE.
Lots of small improvements, as always.
|
|
|
|
|
|
* Sync with www/firefox60-60.6.1
|
|
|
|
Changelog:
60.6.1
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
60.6.0
#CVE-2019-9790: Use-after-free when removing in-use DOM elements
#CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
#CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
#CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
#CVE-2019-9794: Command line arguments not discarded during execution
#CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
#CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content
#CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied
#CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
Enterprise
In the network connections settings, sites added to the "No proxy for" list will now honor that setting regardless of any other specified proxy settings
|
|
|
|
* Sync with mail/thunderbird-60.6.0
|
|
|
|
Changelog:
60.6.0
fixed
Calendar: Can't create repeating event with end date when using certain time zones, for example Europe/Minsk
60.5.3
fixed
Problem when using "Send to > Mail recipient" on Windows introduced in version 60.5.2.
If files with non-ASCII characters in their name still cause a malfunction, use one of the following two alternative solutions:
Reset this registry entry
HKLM\SOFTWARE\Clients\Mail\Mozilla Thunderbird - SupportUTF8 to 0. Also reset HKLM\SOFTWARE\Wow6432Node\Clients\Mail\Mozilla Thunderbird - SupportUTF8 if present.
On Windows 10, set the system code page to UTF-8 (beta feature, see Region Settings, system locale)
|
|
|
|
Cross GCC for Espressif ESP32 bare metal environment.
|
|
Cross binutils for Espressif ESP32 bare metal environment.
|
|
Before, the tool arguments were written to the log as plain strings. Now
the arguments are properly quoted, which makes it possible to replay the
commands by copying them from the .work.log file.
This only affects tools that are shell builtins (echo, true, false), get
additional arguments (mkdir -p) or define a custom TOOLS_SCRIPT
(pkg-config, to set an environment variable; or autotools). Tools that
are symlinked to the real tool are not affected.
The calls to the compiler are already properly logged since cwrappers
takes care of that. This commit therefore makes the log entries for the
compilers and the other tools more similar.
|
|
|
|
3.8.0:
New features
* Speed-up ECC performance. ECDSA is 33 times faster on the NIST P-256 curve.
* Added support for NIST P-384 and P-521 curves.
* EccKey has new methods size_in_bits() and size_in_bytes().
* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in PBE2/PBKDF2.
Resolved issues
* DER objects were not rejected if their length field had a leading zero.
* Allow legacy RC2 ciphers to have 40-bit keys.
* ASN.1 Object IDs did not allow the value 0 in the path.
Breaks in compatibility
* point_at_infinity() becomes an instance method for Crypto.PublicKey.ECC.EccKey, from a static one.
|
|
3.9.3
* Added cross-database support for NULLS FIRST/LAST when specifying the
ordering for a query. Previously this was only supported for Postgres. Peewee
will now generate an equivalent CASE statement for Sqlite and MySQL.
* Added [EXCLUDED](http://docs.peewee-orm.com/en/latest/peewee/api.html#EXCLUDED)
helper for referring to the EXCLUDED namespace used with INSERT...ON CONFLICT
queries, when referencing values in the conflicting row data.
* Added helper method to the model Metadata class for setting the table name
at run-time. Setting the Model._meta.table_name directly may have appeared
to work in some situations, but could lead to subtle bugs. The new API is
Model._meta.set_table_name().
* Enhanced helpers for working with Peewee interactively, [see doc](http://docs.peewee-orm.com/en/latest/peewee/interactive.html).
* Fix cache invalidation bug in DataSet that was originally reported on the
sqlite-web project.
* New example script implementing a [hexastore]
|
|
|
|
Those patches are included in new release.
|
|
Because of the fixed new API changes, bump the API version in buildlink3.mk
to 2.0.3 - since 1.x API will likely disappear (it's already deprecated)
# log4cplus 2.0.3
- Fix compilation on systems without `O_CLOEXEC`. This affects, e.g.,
Solaris 10. GitHub issue #326. (Patch by Jiangrz).
- Provide `log4cplus::deinitialize()` to make the API symmetric
(`log4cplus::initialize()` already exists) and to allow
de-/initialization without `log4cplus::Initializer` instance. GitHub
issue #340.
- Deal with `register` keyword being generated in SWIG based bindings. The
keyword is unused and reserved in C++17. Remove use of
`std::unary_function`, it was removed in C++17.
- Add ability to define new log levels using C API. Add reconfiguration
API. (Jens Rehsack)
- Add `NDCMatchFilter` and `MDCMatchFilter`. (Franck)
|
|
|
|
Changelog:
Changes
Show autocompletion as soon as "@" is typed (server#13961)
Trim filename in webfrontend for windows compatibility (server#13978)
Clean code and fix drop zone shadow (server#13982)
Show original path in trashbin (server#14029)
Update icewind/smb to 3.0.1 (server#14068)
Fix: Check if `$this->params['user']` is an array (server#14085)
[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/updatenotification (server#14093)
[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/accessibility (server#14094)
[Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/oauth2 (server#14095)
Make sure the relative path is always a string (server#14101)
Fix the thorrtler whitelist bitmask (server#14151)
[Security] Bump handlebars from 4.0.12 to 4.1.0 in /build (server#14187)
Fix recent files (server#14195)
Update CRL to contain revoked files_external_dropbox, passman & payback (server#14201)
Ensure attribute names are lower cased (server#14203)
Fix small glitches in update notification page (server#14207)
Fix expiration date changing (server#14212)
Fix trashbin restore translation (server#14213)
Remove trailing spaces from localized strings (server#14225)
Fixing phpdoc in FullTextSearch/Model/ISearchResult (server#14268)
Fix empty file uploads to S3 (and other streaming storages) (server#14273)
Do not do redirect handling when loggin out (server#14275)
Catch Request exception in testRemoteUrl (server#14277)
Correctly determinate the owner in case of shared external storages (server#14283)
Fix header label visibility on open menu (server#14287)
Prefix $path for filename for internal file cache (server#14288)
Set false as default for requirePNG (server#14292)
Use proper scroll container when dragging files (server#14301)
Fix OC.getCurrentUser() on guest pages (server#14308)
Fix ocm end-point discovery discovery (server#14312)
Apply theme to 2FA button (server#14331)
Fix "Undefined index: user_uid" on login page (server#14339)
Fix unsafe array access (server#14340)
Always query lookup server in GS mode (server#14368)
Use latest ca-bundle.crt from https://curl.haxx.se/docs/caextract.html (server#14371)
Try to support 7.3 for DAV (3rdparty#213)
Backport/stable15/streams 0.7.1 (3rdparty#244)
Don't add empty entries to the objects array (activity#347)
Ensure parameters are always an array (activity#350)
Bye, Scrutinizer! (notifications#293)
|
|
When a package or the infrastructure defined a tool with custom
TOOLS_ARGS or TOOLS_SCRIPT containing special characters, these could
lead to unintuitive interactions at the time when that tool invocation
was logged in the tool wrapper log. Some of the logging output ended up
on stdout, while some of the normal output ended up in the log, and parts
of the quoted arguments were even evaluated as shell commands.
The logging of the wrapped tool commands is not perfect yet, but at least
it's much more predictable now.
|
|
|
|
|
|
help2man 1.47.10:
* Change maintainer sanity check in debian/rules to use the contents
of README rather than the mtime, which may be have been modified by
dpkg-source
|
|
version 4.1.2:
- avcodec/dfa: Check the chunk header is not truncated
- avcodec/clearvideo: Check remaining data in P frames
- avcodec/hevcdec: decode at most one slice reporting being the first in the picture
- avcodec/dvbsubdec: Check object position
- avcodec/cdgraphics: Use ff_set_dimensions()
- avformat/gdv: Check fps
- configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
- configure: add missing pthreads extralibs dependency for libvpx-vp9
- avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
- avcodec/dxv: Correct integer overflow in get_opcodes()
- avcodec/scpr: Fix use of uninitialized variable
- avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
- avcodec/aic: Check remaining bits in aic_decode_coeffs()
- avcodec/gdv: Check for truncated tags in decompress_5()
- avcodec/bethsoftvideo: Check block_type
- avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
- avcodec/error_resilience: Use a symmetric check for skipping MV estimation
- avcodec/mlpdec: Insuffient typo
- avcodec/zmbv: obtain frame later
- avcodec/jvdec: Check available input space before decode8x8()
- avcodec/h264_direct: Fix overflow in POC comparission
- avformat/webmdashenc: Check id in adaption_sets
- avformat/http: Fix Out-of-Bounds access in process_line()
- avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
- avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces
- avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning
- avformat/matroskadec: Do not leak queued packets on sync errors
- avcodec/mpeg4videodec: Clear interlaced_dct for studio profile
- avformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference stream
- avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
- avcodec/prores_ks: Fix luma quantization if q >= MAX_STORED_Q
- avformat/mov: fix hang while seek on a kind of fragmented mp4
- avformat/async: fix assertion condition when draining buffer
- avcodec/cbs_av1: don't call cbs_av1_read_trailing_bits() when no bits remain in the OBU
|
|
|
|
* Sync with www/firefox-66.0.1
|
|
|
|
Changelog:
Security fixes:
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
|
|
Upstream calls this "GPL Ghostscript" which is at best confusing.
(Thanks to rhialto@ for filing the upstream bug report.)
|
|
|
|
Update bug report URL to the migrated site; the old version of the bug
has been closed upstream.
|
|
|
|
|
|
In addition to adding in BUILD_DEPENDS, catch up to long-ago
improvements to pkgsrc and also add in TOOL_DEPENDS.
Thanks to Hauke Fath for reporting the issue.
|
|
NCURSES_LIBRARY. Seems to help problems when configuring against netbsd
curses.
|
