| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
2020-08-14 Richard Russon <rich@flatcap.org>
* Security
- Add mitigation against DoS from thousands of parts
* Features
- Allow index-style searching in postpone menu
- Open NeoMutt using a mailbox name
- Add `cd` command to change the current working directory
- Add tab-completion menu for patterns
- Allow renaming existing mailboxes
- Check for missing attachments in alternative parts
- Add one-liner docs to config items
* Bug Fixes
- Fix logic in checking an empty From address
- Fix Imap crash in `cmd_parse_expunge()`
- Fix setting attributes with S-Lang
- Fix: redrawing of `$pager_index_lines`
- Fix progress percentage for syncing large mboxes
- Fix sidebar drawing in presence of indentation + named mailboxes
- Fix retrieval of drafts when "postponed" is not in the mailboxes list
- Do not add comments to address group terminators
- Fix alias sorting for degenerate addresses
- Fix attaching emails
- Create directories for nonexistent file hcache case
- Avoid creating mailboxes for failed subscribes
- Fix crash if rejecting cert
* Changed Config
- Add `$copy_decode_weed`, `$pipe_decode_weed`, `$print_decode_weed`
- Change default of `$crypt_protected_headers_subject` to "..."
- Add default keybindings to history-up/down
* Translations
- 100% Czech
- 100% Spanish
* Build
- Allow building against Lua 5.4
- Fix when sqlite3.h is missing
* Docs
- Add a brief section on stty to the manual
- Update section "Terminal Keybindings" in the manual
- Clarify PGP Pseudo-header `S<id>` duration
* Code
- Clean up String API
- Make the Sidebar more independent
- De-centralise the Config Variables
- Refactor dialogs
- Refactor: Help Bar generation
- Make more APIs Context-free
- Adjust the edata use in Maildir and Notmuch
- Window refactoring
- Convert libsend to use Config functions
- Refactor notifications to reduce noise
- Convert Keymaps to use STAILQ
- Track currently selected email by msgid
- Config: no backing global variable
- Add events for key binding
* Upstream
- Fix imap postponed mailbox use-after-free error
- Speed up thread sort when many long threads exist
- Fix ~v tagging when switching to non-threaded sorting
- Add message/global to the list of known "message" types
- Print progress meter when copying/saving tagged messages
- Remove ansi formatting from autoview generated quoted replies
- Change postpone mode to write Date header too
- Unstuff `format=flowed`
|
|
|
|
1. LD_LIBRARY_PATH does _not_ take precedence over DT_RPATH
(e.g. Linux)
2. A previous libpython with the same major.minor is already installed
(e.g. a previous version of this package)
hold, the built python will be linked with the installed libpython,
causing it to report an old teeny version in sys.version_info while
staging the install. Then "make package" fails with PLIST mismatches for
{,Pattern}Grammar.*.pickle.
pkgsrc knows which version we're building. Pass that down instead.
For platforms that weren't having this problem, no functional change
intended. For platforms that were, this simply restores "make package",
so no PKGREVISION bump.
|
|
|
|
go1.14.7 (released 2020/08/06) includes security fixes to the encoding/binary
package. See the Go 1.14.7 milestone on our issue tracker for details.
|
|
|
|
go1.13.15 (released 2020/08/06) includes security fixes to the encoding/binary
package. See the Go 1.13.15 milestone on our issue tracker for details.
|
|
|
|
- generate the emacs dictionary once at build time, not every time the
program is run
- clean up the README
|
|
|
|
ChangeLog:
## 1.4.3 - 2020-08-06
* On Windows, always call `CreateFileW` instead of `CreateFile`.
`CreateFile` could be mapped to `CreateFileA` and not work as expected.
Pull request by Sandu Liviu Catalin. GitHub #228.
* Fixed use of uninitialized memory in `dump_entry_data_list()` that could
cause a heap buffer flow in `mmdblookup`. As part of this fix, most uses
of `malloc` were replaced with `calloc`. Reported by azhou. GitHub #236.
## 1.4.2 - 2019-11-02
* The 1.4.0 release introduced a change that increased the size of `MMDB_s`,
unintentionally causing an ABI break. This release reverts the relevant
commit.
## 1.4.1 - 2019-11-01
* The man page links for function calls were not generated correctly in
1.4.0. This has been corrected.
## 1.4.0 - 2019-11-01
* A negative array index may now be used with `MMDB_get_value`,
`MMDB_vget_value`, and `MMDB_aget_value`. This specifies the element
from the end of the array. For instance, `-1` would refer to the
last element of the array. PR by Kyle Box. GitHub #205.
* On Windows, the file name passed to `MMDB_open` is now expected to be
UTF-8 encoded. This allows Unicode characters to be used in file names.
As part of this change, `mmdblookup` on Windows now converts its
arguments to UTF-8. PR by Gerald Combs. GitHub #189 & #191.
* Fix a memory leak that occurred when freeing an `MMDB_s` where the
database had no languages defined in the metadata. If you are using an
official MaxMind database, this leak does not affect you. Pull request
by Kókai Péter. GitHub #180.
* Add `--disable-binaries` option to `configure`. Pull request by Fabrice
Fontaine. GitHub #166.
* Previous releases incorrectly included `*.Po` files in the `t` directory.
This has been corrected. Reported by Daniel Macks. GitHub #168.
* The internal use of the `MMDB_s` now has the `const` modifier. Public
functions that accepted an `MMDB_s` as an argument now also declare it as
`const`. Pull request by Kurt Johnson. GitHub #199.
* `mmdblookup` now displays the prefix length for the record when using
the verbose flag. GitHub #172.
|
|
|
|
Overview of Changes in GTK+ 3.24.22
===================================
* GtkTextView:
- Fix some corner cases of pixelcache invalidation
- Make select-all work on touch
* Fix print portal support
* Adwaita:
- Tweak title style class
- Add a public color for text view background
* Windows:
- Limit the size of the corner mask cache
- Use native API for keycode conversion
- Use GLES on arm64
* Wayland: Add a way to change the application id
* Quartz: Add axes to master devices
* Add --enable-tracker3 option to configure
* Translation updates:
Catalan
German
Indonesian
Italian
Kazakh
Spanish
Turkish
|
|
Version 4.9.2
* mkdir: fixed exit code with -f option.
* ftp: made ftp:use-pret setting tri-boolean.
* get/mget/put/mput: don't try next files after error if cmd:fail-exit is true.
* get/mget: fixed -O option with remote URL and xfer:use-temp-file being true.
* mirror: disallow empty patterns; don't delete "..".
* mirror: fixed --on-change with --reverse.
* sftp: fixed a bug with truncated files when packets are reordered (finally).
|
|
The intent of "--frozen --locked" was to not use the network, but the new
"--offline" option is better suited for this purpose.
It for example allows us to patch Cargo.toml if necessary without having
to regen checksums.
|
|
The API depends enforce a much stricter limitation, a more relaxed ABI
pattern makes no sense.
|
|
|
|
|
|
|
|
|
|
|
|
checked out on a case-sensitive file system) was removed in 2011.
|
|
bootstrap kit for macOS in the form of a double-clickable .pkg.
|
|
|
|
PostgreSQL 12.4, 11.9, 10.14, 9.6.19, 9.5.23
Security Issues
CVE-2020-14349: Uncontrolled search path element in logical replication.
Versions Affected: 10 - 12.
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize search_path, but logical replication continued to leave search_path unchanged. Users of a replication publisher or subscriber database can create objects in the public schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented secure schema usage pattern are not vulnerable.
The PostgreSQL project thanks Noah Misch for reporting this problem.
CVE-2020-14350: Uncontrolled search path element in CREATE EXTENSION.
Versions Affected: 9.5 - 12. The security team typically does not test unsupported versions, but this problem is quite old.
When a superuser runs certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema of a prerequisite extension. Not all extensions are vulnerable.
In addition to correcting the extensions provided with PostgreSQL, the PostgreSQL Global Development Group is issuing guidance for third-party extension authors to secure their own work.
Bug Fixes and Improvements
This update also fixes over 50 bugs that were reported in the last several months. Some of these issues affect only version 12, but many affect all supported versions.
Some of these fixes include:
Fix edge cases in partition pruning involving multiple partition key columns with multiple or no constraining WHERE clauses.
Several fixes for query planning and execution involving partitions.
Fix for determining when to execute a column-specific UPDATE trigger on a logical replication subscriber.
pg_replication_slot_advance() now updates the oldest xmin and LSN values, as the failure to do this could prevent resources (e.g. WAL files) from being cleaned up.
Fix a performance regression in ts_headline().
Ensure that pg_read_file() and related functions read until EOF is reached, which fixes compatibility with pipes and other virtual files.
Forbid numeric NaN values in jsonpath computations, which do not exist in SQL nor JSON.
Several fixes for NaN inputs with aggregate functions. This fixes a change in PostgreSQL 12 where NaN values caused the following aggregates to emit values of 0 instead of NaN: corr(), covar_pop(), regr_intercept(), regr_r2(), regr_slope(), regr_sxx(), regr_sxy(), regr_syy(), stddev_pop(), and var_pop().
time and timetz values fractionally greater than 24:00:00 are now rejected.
Several fixes for EXPLAIN, including a fix for reporting resource usage when a plan uses parallel workers with "Gather Merge" nodes.
Fix timing of constraint revalidation in ALTER TABLE that could lead to odd errors.
Fix for REINDEX CONCURRENTLY that could prevent old values from being included in future logical decoding output.
Fix for LATERAL references that could potentially cause crashes during query execution.
Use the collation specified for a query when estimating operator costs
Fix conflict-checking anomalies in SERIALIZABLE transaction isolation mode.
Ensure checkpointer process discards file sync requests when fsync is off
Fix issue where pg_control could be written out with an inconsistent checksum, which could lead to the inability to restart the database if it crashed before the next pg_control update.
Ensure that libpq continues to try to read from the database connection socket after a write failure, as this allows the connection to collect any final error messages from the server.
Report out-of-disk-space errors properly in pg_dump and pg_basebackup
Several fixes for pg_restore, including a fix for parallel restore on tables that have both table-level and column-level privileges.
Fix for pg_upgrade to ensure it runs with vacuum_defer_cleanup_age set to 0.
Fix how pg_rewind handles just-deleted files in the source data directory
Fix failure to initialize local state correctly in contrib/dblink, which could lead to dblink_close() issuing an unexpected COMMIT on the remote server.
Change contrib/amcheck to not report about deleted index pages that are empty, as this is normal during WAL replay.
|
|
From mforney via tech-pkg
|
|
|
|
Some translation files are installed or not installed depending on the
visibility of qt5-qttranslations in the build environment. For now,
simply explictly require this as a dependency. (It looks like there may
be more translation components to consider, but that's TBD separate
from basic build consistency.) Thanks to wiz@ for mentioning this.
Also, they've bumped the minimum GCC accepted from 4.7 to 4.8.
|
|
|
|
Changelog:
Development Fixes
Bump RuboCop to v0.85.x (#8223)
Expect drive letter only on vanilla windows (#8227)
Bug Fixes
Disable page excerpts by default (#8222)
Revert introduction of PageDrop (#8221)
Don't generate excerpts for non-html pages (#8234)
Make page excerpts consistent with doc excerpts (#8236)
Documentation
Replace deprecated 'show' command with 'info' (#8235)
Change name to Vercel (#8247)
Add language and examples to describe how to use the configuration op... (#8249)
Fix missing yaml front matter colon and adjust/add clarifying language. (#8250)
correct typo (#8261)
Allow hyperlinks to specific filter documentation (#8231)
Update link to Netlify step-by-step guide (#8264)
Site Enhancements
Including correct Sketch website (#8241)
Release post for v4.1.1 (#8243)
|
|
|
|
Changelog:
kramdown 2.3.0 released
Although this is a minor version bump there is one breaking change:
Parsing of XML processing instructions was removed because they
are invalid for HTML5 documents.
This change should only affect a negligible amount of existing
kramdown documents since XML processing instructions were never
something a normal user would use.
Additionally, CVE-2020-14001 is addressed to avoid problems when
using the {::options /} extension together with the ‘template’
option. This means updating is highly recommended!
Changes
2 major changes:
New option ‘forbidden_inline_options’ to restrict the
options allowed with the {::options /} extension. This also
addresses the security issue described in CVE-2020-14001.
Parsing of XML processing instructions is not done anymore
for kramdown documents because they are invalid for HTML5
(fixes issue #660 by Samuel Williams)
1 minor change:
Several internal changes with respect to memory usage and
performance (PRs #654, #655, #665 by Ashwin Maroli)
2 bug fixes:
Extend allowed characters in IDs set with headers to all
characters allowed by XML (fixes #658 by Samuel Williams)
Fix thread safety issue by moving global state into an
instance variable (fixes #663 by Samuel Williams)
1 other change:
Documentation fixes and updates (issue #662 by Samuel
Williams, PR #656 by Noah Doersing)
|
|
|
|
CHangelog:
* Update license to MIT.
|
|
(It loops during the build, at least on amd64 netbsd. It hasn't
apparently been compilable at all in some time, so this should not
make it any less available.)
|
|
(Otherwise the runtime load, which maps memory rwx, fails.)
Not sure how this ever worked anytime in the last N years...
|
|
|
|
|
|
ChangeLog:
This is a small release with just one update: a major rewrite of the PHP
lexer. Hopefully the improved level of detail makes your PHP code look
prettier but do report any issues you find with it!
|
|
|
|
boundaries
|
|
|
|
This package is cursed and creates links to base. So if you already have
the libraries in base and remove the package, it will remove critical parts
of base.
For example, if installing compat80 on NetBSD 9.0, libterminfo.s.1 already
exists, but this package will *replace* it, and removing the package will
break the base installation.
|
|
|
|
- Github changes from author to fix NetBSD's missing wcpcpy & wcpncpy
|
|
- bind-9.16.3
+ sudo-1.9.2
|
|
|
|
Distfile changes.
1. Official annoucne says "The only change here is that the configure.ac
file has correctly formatted version number."
2. Name of distfile is changed to match previous file naming scheme.
Old distfile is still available.
3. automake 1.15.1 is used instead of previous 1.15. So, generated files
by it are changed.
4. Other files are not changed, so there is no functional change.
Bump PKGREVISION.
|
|
|
|
|
