Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Rework vlc_atomic.h to work with <atomic> to avoid overlap.
|
|
|
|
libraries when already using the mpicc wrapper.
|
|
certain asserts based on ICE never trigger. Clang makes the choice
earlier to declare the size as unknown, so it would fail the assert.
The check in question is clearly bogus as an array parameter is really
just a fancy way to write a pointer -- no size information is preserved.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LANG_FILES if it is not empty.
|
|
|
|
* Use 2015-09-23 snapshot.
From:
https://android.googlesource.com/platform/frameworks/base/+/master/data/fonts/
|
|
|
|
* Use 2015-09-23 snapshot.
From:
https://android.googlesource.com/platform/frameworks/base/+/master/data/fonts/
* Install RobotoCondensed-Regular.
|
|
|
|
|
|
Noted by Frédéric Fauberteau in PR 50266.
Bump PKGREVISION.
|
|
The change is from upstream with minor tweaks: use SSLv23_client_method()
that negociate highest possible protocol instead of TLSv1_client_method()
that can only do TLSv1.0. Insecure SSLv2 and SSLv3 are disabled through
SSL_CTX_set_options().
Approved by Thomas Klausner <wiz@NetBSD.org> on behalf of pksrc-pmc
|
|
|
|
Fixes CVE-2015-3228.
Bump PKGREVISION. OK wiz@
|
|
|
|
* Prepare target directories for DBus consumers.
O.K. wiz@.
|
|
|
|
* Sync with firefox38-38.3.0.
|
|
|
|
|
|
Changelog:
Fixed in Firefox ESR 38.3
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
|
|
* Sync with firefox-41.0.
|
|
|
|
Changelog:
New Enhance IME support on Windows (Vista +) using TSF (Text Services Framework)
New Ability to set a profile picture for your Firefox Account
New Firefox Hello now includes instant messaging
New SVG images can be used as favicons
New Improved box-shadow rendering performance
Changed WebRTC now requires perfect forward secrecy
Changed WARP is disabled on Windows 7
Changed Updates to image decoding process
Changed Support for running animations of 'transform' and 'opacity' on the compositor thread
HTML5 MessageChannel and MessagePort API enabled by default
HTML5 Added support for the transform-origin property on SVG elements
HTML5 CSS Font Loading API enabled by default
HTML5 Navigator.onLine now varies with actual internet connectivity (Windows and Mac OS X only)
HTML5 Copy/Cut Web content from JavaScript to the OS clipboard with document.execCommand("cut"/"copy")
HTML5 Implemented Cache API for querying named caches that are accessible Window, Worker, and ServiceWorker
Developer Removed support for binary XPCOM components in extensions, use addon SDK "system/child_process" pipe mechanism for native binaries instead
Developer Network requests can be exported in HAR format
Developer Quickly add new CSS rule with New Rule button in the Inspector
Developer Screenshot a node or element from markup view with the Screenshot Node context menu item
Developer Copy element CSS rule declarations with the Copy Rule Declaration context menu item in the Inspector
Developer Pseudo-Class panel in the Inspector
Fixed Picture element does not react to resize/viewport changes
Fixed Various security fixes
Security fixes:
Fixed in Firefox 41
2015-114 Information disclosure via the High Resolution Time API
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-109 JavaScript immutable property enforcement can be bypassed
2015-108 Scripted proxies can access inner window
2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-104 Use-after-free with shared workers and IndexedDB
2015-103 URL spoofing in reader mode
2015-102 Crash when using debugger with SavedStacks in JavaScript
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
2015-97 Memory leak in mozTCPSocket to servers
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
|
|
Incompatible change in the newer ExtUtils-MakeMaker:
It places .o files where the source file lives (lib/File/ in this case),
whereas the older MakeMaker placed it in the current working dir
(toplevel in this case).
Thanks Matthias Ferdinand
http://mail-index.netbsd.org/pkgsrc-users/2015/09/19/msg022238.html
|
|
and may be older). Tested on NetBSD 6_STABLE and 7,0_RC3.
|
|
|
|
|
|
affect binary package so no PKGREVISION bump).
Noted by joerg@.
|
|
|
|
* SQUID-2015:3 Multiple Remote Denial of service issues in SSL/TLS
processing
These problems allow any trusted client or external server to
perform a denial of service attack on the Squid service and all
other services on the same machine.
However, the bugs are exploitable only if you have configured a
Squid-3.5 listening port with ssl-bump.
The visible signs of these bugs are a Squid crash or high CPU usage.
Skype is known to trigger the crash and/or a small amount of extra CPU
use unintentionally. Malicious traffic is possible which could have
severe effects.
* Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
The SMB LanMan authentication helper in Squid-3.2 and later has been
rejecting valid user credentials.
Reminder: Use of this helper is deprecated. We strongly recommend
against using it. LanMan authentication gives the illusion of
transmitting NTLM protocol while actually transmitting username and
password with crypto algorithms that can be decoded in real-time (this
helper relies on that ability). The combination makes it overall less
secure than even HTTP Basic authentication.
* TLS: Support SNI on generated CONNECT after peek
When Squid generates CONNECT requests it will now attempt to use the
client SNI value if any is known.
Note that SNI is found during an ssl_bump peek action, so will only be
available on some generated CONNECT. Intercepted traffic will always
begin with a raw-IP CONNECT message which must pass access controls and
adaptations before ssl_bump peek is even considered.
* Quieten UFS cache maintenance skipped warnings
This resolves the log noise encountered since the 3.5.8 release when
large caches are running a full (aka. 'DIRTY') cache_dir rebuild scan.
|
|
Updated www/py-flask-login to 0.3.0.
|
|
Version 0.3.0
-------------
Released on September 10th, 2015
- Fixes handling of X-Forward-For header.
- Update to use SHA512 instead of MS5 for session identifier creation.
- Fixes session creation for every view.
- BREAKING: UTC used to set cookie duration.
- BREAKING: Non-fresh logins now returns HTTP 401.
- Support unicode user IDs in cookie.
- Fixes user_logged_out signal invocation.
- Support for per-Blueprint login views.
- BREAKING: The `is_authenticated`, `is_active`, and `is_anonymous` members of
the user class are now properties, not methods. Applications should update
their user classes accordingly.
- Various other improvements including documentation and code clean up.
|
|
0.863 Thu 10 Sep 2015
[INCOMPATIBLE CHANGE] - Datetime object support now via
->epoch method instead of ->strftime.
Despite the fact that this is an incompatible change, it
should actually be a nonevent for almost all users, because
every datetime module I could find that supports ->strftime
also supports ->epoch (and vice versa).
However, the ->strftime methods of many modules are (subtly
or badly) broken in the face of timezones even as their
->epoch methods work right (or else are broken subtly
enough to escape notice).
But if you have written your own datetime class, and it
has a ->strftime method but not an ->epoch method, and
you pass instance of that class to instance of this module,
then the feeds you generate that way will now be broken.
On balance, I believe that this change will unbreak vastly
more code than it breaks. Therefore I decided to switch.
|
|
Revbump dependees.
|
|
|
|
Changes: none
(only change is that the Makefile now supports DESTDIR installation, but we
have a manual do-install target.)
|
|
|
|
(This package is outdated and should be replaced with foobillardplus which
is a continuation of this code.)
|
|
=========
BUG FIXES:
- Fix #706: default port 53 not opened on ip4 because of getaddrinfo
hints initialisation failure.
|
|
|