| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Remove mprotect comment; even with it turned off, a segfault happens.
|
|
# of expected passes 970
# of unexpected failures 450
|
|
|
|
Upstream changes:
1.57 2017-01-22 rurban
----
* Todo the t/exec.t test 2 on cygwin.
* Fixed/Todo the t/decrypt.t test 7 utf8 failures.
Skip with non UTF-8 locale.
1.56 2017-01-20 rurban
----
* add binmode to the decrypt/encr,decrypt sample scripts
* add utf8-encoded testcase to t/decrypt.t [cpan #110921]. use -C
* stabilized some tests, add diag to sometimes failing sh tests
* moved filter-util.pl to t/
* fixed INSTALLDIRS back to site since 5.12 [gh #2]
* fixed exec/sh test races using the same temp. filenames
* reversed this Changes file to latest first
* added Travis CI
|
|
|
|
Upstream changes:
7.22 2017-01-25
- Added ports method to Mojo::Server::Daemon.
- Added remove_tree method to Mojo::File.
- Improved spurt method in Mojo::File with support for writing multiple chunks
at once.
7.21 2017-01-21
- Added extract_usage function to Mojo::Util.
- Improve getopt function in Mojo::Util to use @ARGV by default.
|
|
|
|
Add missing DEPENDS
Upstream changes:
0.204004 2017-01-26 18:29:34+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #1307: Fix breakage of Template::Toolkit, caused by
previous release. (Peter SysPete Mottram)
0.204003 2017-01-25 15:21:40-06:00 America/Chicago
[ BUG FIXES ]
* GH #1299: Fix missing CPANTS prereqs (Mohammad S. Anwar)
[ ENHANCEMENTS ]
* GH #1249: Improve consistency with Template::Toolkit,
using correct case for 'include_path', 'stop_tag', 'end_tag',
and 'start_tag', removing ANYCASE option.
(Klaus Ita)
* Call route exception hook before logging an error, allowing devs to
raise their own errors bedore D2 logging takes over. (Andy Beverley)
[ DOCUMENTATION ]
* Add another example of the delayed asynchronous mechanism
(Ed @mohawk2 J., Sawyer X)
* GH #1291: Document 'change_session_id' in Dancer2::Core::App.
(Peter SysPete Mottram)
* Fix typo in Dancer2::Core::Response (Gregorr Herrmann)
* Document Dancer2::Plugin::RootURIFor (Mario Zieschang)
|
|
|
|
Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See
https://github.com/pyca/pyopenssl/issues/596
16.2.0 (2016-10-15)
-------------------
Changes:
^^^^^^^^
- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
`#552 <https://github.com/pyca/pyopenssl/pull/552>`_
16.1.0 (2016-08-26)
-------------------
Deprecations:
^^^^^^^^^^^^^
- Dropped support for OpenSSL 0.9.8.
Changes:
^^^^^^^^
- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
`#496 <https://github.com/pyca/pyopenssl/pull/496>`_
- Enable use of CRL (and more) in verify context.
`#483 <https://github.com/pyca/pyopenssl/pull/483>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such.
`#439 <https://github.com/pyca/pyopenssl/pull/439>`_
- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
|
|
|
|
https://github.com/pyca/cryptography/pull/3350
Bump PKGREVISION.
Identified by @reaperhulk in https://github.com/pyca/cryptography/issues/3372
|
|
|
|
Changes:
Version 4.7.2
* Remote code execution (RCE) in PHPMailer – No specific issue appears to
affect WordPress or any of the major plugins we investigated but, out of an
abundance of caution, we updated PHPMailer in this release. This issue was
reported to PHPMailer by Dawid Golunski and Paul Buonopane.
* The REST API exposed user data for all users who had authored a post of a
public post type. WordPress 4.7.1 limits this to only post types which have
specified that they should be shown within the REST API. Reported by
Krogsgard and Chris Jean.
* Cross-site scripting (XSS) via the plugin name or version header on
update-core.php. Reported by Dominik Schilling of the WordPress Security
Team.
* Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported
by Abdullah Hussam.
* Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
* Post via email checks mail.example.com if default settings aren’t changed.
Reported by John Blackbourn of the WordPress Security Team.
* A cross-site request forgery (CSRF) was discovered in the accessibility mode
of widget editing. Reported by Ronnie Skansing.
* Weak cryptographic security for multisite activation key. Reported by Jack.
Version 4.7.1
* The user interface for assigning taxonomy terms in Press This is shown to
users who do not have permissions to use it. Reported by David Herrera of
Alley Interactive.
* WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
WordPress core is not directly vulnerable to this issue, but we’ve added
hardening to prevent plugins and themes from accidentally causing a
vulnerability. Reported by Mo Jangda (batmoo).
* A cross-site scripting (XSS) vulnerability was discovered in the posts list
table. Reported by Ian Dunn of the WordPress Security Team.
|
|
|
|
|
|
|
|
Requestd by Jesus Cea on pkgsrc-users@NetBSD.org maling list.
|
|
|
|
Requested by Jesus Cea.
|
|
|
|
Changelog:
When -N is used, the input is not supposed to be split using $IFS, but
leading and trailing IFS whitespace was still removed.
|
|
|
|
Add more test dependencies.
Self tests cause a python core dump, see
https://github.com/pyca/cryptography/issues/3372
1.7.2 - 2017-01-27
~~~~~~~~~~~~~~~~~~
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.
|
|
|
|
|
|
This package contains the test vectors for the cryptography python
module.
|
|
|
|
|
|
SWIG-3.0.11 summary:
- PHP 7 support added.
- C++11 alias templates and type aliasing support added.
- Minor fixes and enhancements for C# Go Guile Java Javascript Octave PHP Python R Ruby Scilab XML.
|
|
|
|
FEATURES:
- KV Import/Export CLI: consul kv export and consul kv import can be
used to move parts of the KV tree between disconnected consul
clusters, using JSON as the intermediate representation.
- Node Metadata: Support for assigning user-defined metadata key/value
pairs to nodes has been added.
- Node Identifiers: Consul agents can now be configured with a unique
identifier, or they will generate one at startup that will persist
across agent restarts.
- Improved Blocking Queries: Consul's blocking query implementation was
improved to provide a much more fine-grained mechanism for detecting
changes.
- GCE auto-discovery: New -retry-join-gce configuration options added to
allow bootstrapping by automatically discovering Google Cloud
instances with a given tag at startup.
IMPROVEMENTS:
- build: Consul is now built with Go 1.7.4.
- cli: consul kv get now has a -base64 flag to base 64 encode the value.
- cli: consul kv put now has a -base64 flag for setting values which are
base 64 encoded.
- ui: Added a notice that JS is required when viewing the web UI with JS
disabled.
BUG FIXES:
- agent: Redacted the AWS access key and secret key ID from the
/v1/agent/self output so they are not disclosed.
- agent: Fixed a rare startup panic due to a Raft/Serf race condition.
- cli: Fixed a panic when an empty quoted argument was given to consul
kv put.
- tests: Fixed a race condition with check mock's map usage.
|
|
|
|
Changes for v1.8.2 (2017-01-26)
- Fix bug introduced in v0.7.1 where completers would not receive
the parser keyword argument.
- Documentation improvements.
Changes for v1.8.1 (2017-01-21)
- Fix completion after tokens with wordbreak chars (#197)
|
|
|
|
* Sync with firefox45-45.7.0
|
|
Updated devel/xulrunner45 to 45.7.0
|
|
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
|
|
|
|
Changelog:
* Bugfixes
* l10n improvements
|
|
|
|
* Sync with firefox-51.0.1
|
|
|
|
Changelog:
Fixed
Geolocation not working on Windows (Bug 1333516)
Multiprocess incompatibility did not correctly register with some add-ons (Bug 1333423)
|
|
|
|
|
|
Changes from https://git.finalrewind.org/feh/plain/ChangeLog
Sun, 22 Jan 2017 19:11:32 +0100 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.18.1
* Fix image-specific format specifiers not being updated correctly
(e.g. %z not displaying the correct zoom value after zooming in / out)
Tue, 01 Nov 2016 10:55:04 +0100 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.18
* Move README to README.md
* New key binding: ! / zoom_fill (zoom to fill window, may cut off image
parts)
* Only for builds with exif=1: Disable EXIF-based auto rotation by
default, add --auto-rotate option to enable it (Patch by Elliot Wolk)
Wed, 31 Aug 2016 20:27:20 +0200 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.17.1
* Fix compilation on systems where HOST_NAME_MAX is not defined, such as
FreeBSD (patch by Niclas Zeising)
Sun, 28 Aug 2016 21:26:54 +0200 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.17
* Install feh icon (both 48x48 and scalable SVG) to /usr/share/icons
when running "make install app=1"
* Fix --sort not being respected after the first reload when used in
conjunction with --reload
* All key actions can now also be bound to a button by specifying them
in .config/feh/buttons. However, note that button actions can not be
bound to keys.
* Rename "menu" key action to "toggle_menu", "prev" to "prev_img" and
"next" to "next_img". The old names are still supported, but no longer
documented.
* feh now also sets the X11 _NET_WM_PID and WM_CLIENT_MACHINE window
properties
Sun, 31 Jul 2016 16:59:07 +0200 Daniel Friesel <derf+feh@finalrewind.org>
* Release v2.16.2
* Also support in-place editing for images loaded via libcurl or
imagemagick. Results will not be written back to disk in this case.
|
|
|
|
nor in dependency form.
Noted by Eli Schwartz.
|
|
|
