Age | Commit message (Collapse) | Author | Files | Lines |
|
devel/libidn: security update
Revisions pulled up:
- devel/libidn/Makefile 1.93-1.94
- devel/libidn/distinfo 1.60-1.61
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 9 14:02:04 UTC 2015
Modified Files:
pkgsrc/devel/libidn: Makefile distinfo
Log Message:
Update to 1.31:
* Version 1.31 (released 2015-07-08) [bet
** libidn: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. CVE-2015-2059
This function has always been documented to not validate that the
input UTF-8 string is actually valid UTF-8. Like the rest of the API,
when you call a function that works on UTF-8 data, you have to pass it
valid UTF-8 data. Application writers appear to have difficulties
using interfaces designed like that, as bugs triggered by invalid
UTF-8 has been identified in a number of projects (jabberd2, gnutls,
wget, and curl). While we could introduce a new API to perform UTF-8
validation, so that applications can easily implement the proper
checks, this appear error prone because there is a risk that the check
will be forgotten. Instead, we took the more radical approach of
modifying the documentation and the implementation of the API. The
intention is that all functions that accepts UTF-8 data should
validate it before use. This will solve the problem for applications,
without needing to change them. This change has the unfortunate
side-effect that Surrogate codes (see section 5.5 of RFC 3454) no
longer trigger the STRINGPREP_CONTAINS_PROHIBITED error code but
instead will trigger the newly introduced STRINGPREP_ICONV_ERROR error
code, as the gnulib/libunistring-based code that we use to test
UTF-8-compliance rejects Surrogate codes. We hope that this is an
acceptable cost to live with in order to improve application security.
We welcome feedback on this solution, and we are marking this release
as beta rather than stable to signal that we may reconsider this
approach if people disagree. Reported by several people including
Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos.
** libidn: Added STRINGPREP_ICONV_ERROR error code.
** libidn: Workaround valgrind/gcc/glibc issue.
Valgrind reported a 'Invalid read of size 4' that was caused by
optimized strlen implementation. Reported and patch by Alessandro
Ghedini <alessandro@ghedini.me>.
** build: Use LOG_COMPILER instead of TESTS_ENVIRONMENT to fix valgrind use.
Errors caught by valgrind did not always trigger 'make check' failures
before.
** i18n: Updated Danish translation.
Thanks to Joe Hansen.
** API and ABI is backwards compatible with the previous version.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 6 07:54:57 UTC 2015
Modified Files:
pkgsrc/devel/libidn: Makefile distinfo
Log Message:
Update to 1.32:
* Version 1.32 (released 2015-08-01) [beta]
** libidn: Fix crash in idna_to_unicode_8z8z and idna_to_unicode_8zlz.
This problem was introduced in 1.31. Reported by Adam Sampson.
** API and ABI is backwards compatible with the previous version.
|
|
devel/p5-Test-Approx: build fix
Revisions pulled up:
- devel/p5-Test-Approx/Makefile 1.9
---
Module Name: pkgsrc
Committed By: joerg
Date: Sun Jul 5 12:51:14 UTC 2015
Modified Files:
pkgsrc/devel/p5-Test-Approx: Makefile
Log Message:
Set module type correctly.
|
|
|
|
not tried.
|
|
|
|
multiplication
|
|
|
|
|
|
This should effectively fix building this package.
|
|
This is necessary to fix building devel/py-protobuf.
|
|
I am doing this in the freeze period because it is a necessary addition to
effectively be able to let devel/py-protobuf build again. My apologies if
this is not good enough a reason.
|
|
|
|
* Approved by wiz@.
Changelog:
Network Security Services (NSS) is a patch release for NSS 3.19.
No new functionality is introduced in this release. This release addresses
a backwards compatibility issue with the NSS 3.19.1 release.
Notable Changes:
* In NSS 3.19.1, the minimum key sizes that the freebl cryptographic
implementation (part of the softoken cryptographic module used by default
by NSS) was willing to generate or use was increased - for RSA keys, to
512 bits, and for DH keys, 1023 bits. This was done as part of a security
fix for Bug 1138554 / CVE-2015-4000. Applications that requested or
attempted to use keys smaller then the minimum size would fail. However,
this change in behaviour unintentionally broke existing NSS applications
that need to generate or use such keys, via APIs such as
SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.
In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix
for Bug 1138554 has been moved to libssl, and will now only affect the
minimum keystrengths used in SSL/TLS.
|
|
## Rails 3.2.22 (Jun 16, 2015) ##
* No changes.
|
|
## Rails 3.2.22 (Jun 16, 2015) ##
* No changes.
|
|
## Rails 3.2.22 (Jun 16, 2015) ##
* Fix denial of service vulnerability in the XML processing.
CVE-2015-3227.
*Aaron Patterson*
|
|
|
|
timeout of unicorn process to 60s instead of 30s. Problems with the lower
timeouts will become apparent if you have a local mail server throttling
connections and you do something like update >=10 issues simultaneously. Install
some helper shell scripts to ease with Redmine configuration and management.
Install a sample secrets.yml file for usage with the application. This package
will be renamed to ruby-redmine after the freeze and its files installed with
${RUBY_PKGPREFIX} to enable the usage and testing of different Ruby versions
with Redmine. This package has been tested heavily in production and is known to
work well in its current state; though, we will want to change the way it uses
gems when pkgsrc gets rails-4.x. Discussed with maintainter previously.
From Changelog:
3.0.3 (2015-05-10)
Defect #18580: Can't bulk edit own time entries with "Edit own time entries"
Defect #19731: Issue validation fails if % done field is deactivated
Defect #19735: Email addresses with slashes are not linked correctly
Patch #19655: Set a back_url when forcing new login after session expiration
Patch #19706: Issue show : optimizations
Patch #19793: Adding flash messages to files_controller#create
3.0.2 (2015-04-26)
Defect #19297: Custom fields with hidden/read-only combination displayed in Issue Edit Form
Defect #19400: Possibility of having 2 (or more) repositories with empty identifier
Defect #19444: Fix typo in wiki_syntax_detailed.html
Defect #19538: Keywords in commit messages: journal entries are created even if nothing was changed
Defect #19569: Field permissions not working properly with inherited memberships
Defect #19580: "Required" and "Read-only" rules on "Fields Permissions" screen are not colored
Defect #13583: Space between lines in nested lists not equal
Defect #19161: 500 Internal error: sorting for column mail at Administration/User
Defect #19163: Bulk edit form shows additional custom fields
Defect #19168: Activity: changes made to tickets are shown multiple times
Defect #19185: Update Install/Upgrade guide for 3.x version and get gid of DEPRECATION WARNING: You didn't set config.secret_key_base
Defect #19276: Creating new issues with invalid project_id should return 422 instead of 403 error
Defect #19405: Setting config.logger.level in additional_environment.rb has no effect
Defect #19464: Possible to log time on project without time tracking
Defect #19482: Custom field (long text format) displayed even if empty
Defect #19537: Broken HTML sanitizer refence breaks email receiving
Defect #19544: Malformed SQL query with SQLServer when grouping issues
Defect #19553: When create by copying the issue, status can not be changed to default
Defect #19558: Mail handler should not ignore emails with x-auto-response-suppress header
Defect #19606: Issue Estimated Time not updated on tracker change
Feature #19437: Upgrade to Rails 4.2.1
Feature #19489: Translation for Spanish Panama
Patch #19570: Spanish translation updated
|
|
|
|
|
|
of Solaris.
Change during pkgsrc freeze approved by Jonathan Perkin.
|
|
Use PERL5_MODULE_TYPE instead.
Approved by wiz@.
|
|
in joyent/pkgsrc#269.
|
|
|
|
build on SunOS.
|
|
markd reports this fixes the build on NetBSD-6.
|
|
|
|
What's new in pyatspi 2.15.90:
* Add new roles for fractions, roots, subscripts, and superscripts (bgo#743413).
What's new in pyatspi 2.15.4:
* Support ATSPI_STATE_READ_ONLY (bgo#690108).
What's new in pyatspi 2.15.3:
* Add ROLE_STATIC (bgo#740364).
|
|
|
|
=============================================
- Pango modules, engines, and config have been removed (#733882)
=> no need to deal with modules on INSTALL and DEINSTALL.
Thanks to wiz for the report.
|
|
|
|
|
|
python-hglib is a library with a fast, convenient interface to Mercurial.
It uses Mercurial's command server for communication with hg.
|
|
expat so that it understands Glade.
|
|
|
|
This module is used by Schmorp's modules during configuration stage
to test the installed perl for compatibility with his modules.
It's not, at this stage, meant as a tool for other module authors,
although in principle nothing prevents them from subscribing to
the same ideas.
|
|
2015-06-11 k <andk@cpan.org>
* release 2.15
* In the tests, always check for exists before checking for
definedness (Reini Urban)
|
|
0.413 2015-06-10
- Fix compiling in c++ mode (depreciated, but some people seem to
require it). Solves RT#104690
|
|
1.19 2015-06-12
- Fixed an uninitialized value warning from the pure Perl implementation under
5.8.8. Reported by Jim Bacon. RT #105198.
|
|
------
17.1.1
------
* Backed out unintended changes to pkg_resources, restoring removal of
deprecated imp module (`ref
<https://bitbucket.org/pypa/setuptools/commits/f572ec9563d647fa8d4ffc534f2af8070ea07a8b#comment-1881283>`_).
----
17.1
----
* Issue #380: Add support for range operators on environment
marker evaluation.
|
|
+ Version 2.14 (09.06.2015)
- Added CParser parameter to specify output directory for generated parsing
tables (#84).
- Removed lcc's cpp and its license from the distribution. Using lcc's cpp
is no longer recommended, now that Clang has binary builds available for
Windows.
|
|
1.1.2
=====
* ``ffi.gc()``: fixed a race condition in multithreaded programs
introduced in 1.1.1
1.1.1
=====
* Out-of-line mode: ``ffi.string()``, ``ffi.buffer()`` and
``ffi.getwinerror()`` didn't accept their arguments as keyword
arguments, unlike their in-line mode equivalent. (It worked in PyPy.)
* Out-of-line ABI mode: documented a restriction__ of ``ffi.dlopen()``
when compared to the in-line mode.
* ``ffi.gc()``: when called several times with equal pointers, it was
accidentally registering only the last destructor, or even none at
all depending on details. (It was correctly registering all of them
only in PyPy, and only with the out-of-line FFIs.)
.. __: cdef.html#dlopen-note
|
|
util-linux 2.26.2: Apr 30 2015
* see Documentation/releases/v2.26.2-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.26/v2.26.2-ChangeLog
util-linux 2.26.1: Mar 13 2015
* see Documentation/releases/v2.26.1-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.26/v2.26.1-ChangeLog
util-linux 2.26: Feb 19 2015
* see Documentation/releases/v2.26-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.26/v2.26-ChangeLog
util-linux 2.26-rc2: Feb 4 2015
* see Documentation/releases/v2.26-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.26/v2.26-rc2-ChangeLog
util-linux 2.26-rc1: Jan 14 2015
* see Documentation/releases/v2.26-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.26/v2.26-rc1-ChangeLog
util-linux 2.25: Jul 22 2014
* see Documentation/releases/v2.25-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.25/v2.25-ChangeLog
util-linux 2.25-rc2: Jul 2 2014
* see Documentation/releases/v2.25-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.25/v2.25-rc2-ChangeLog
util-linux 2.25-rc1: Jun 18 2014
* see Documentation/releases/v2.25-ReleaseNotes or the complete changelog at
ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.25/v2.25-rc1-ChangeLog
|
|
Version 6.5 - June 10 2015
[CHANGES]
New facilities:
o global: New -N (--nearness=[start]) option.
Nearness sort method is available for the output of tag search command.
The result of nearness sort is concatenation of the followings ([1]-[n])
in this order. The default of 'start' is the current directory.
[1] Output of local search in the 'start' directory.
[2] Output of local search in the parent directory except for [1].
[3] Output of local search in the grandparent directory except for [1]-[2].
(repeat until the project root directory)
[n] Output of local search in the project root directory except for [1]-[n-1].
In each directory, they are sorted by alphabetical order.
o global: Now the --literal option also works with the tag search command,
-P command and -I command as well as the -g command.
[FIXED BUGS]
o htags: The -c and -x option of htags(1) were still available in the help
message, even though they had actually been removed. Now, these options
are removed completely.
o gtags (PHP): Against the following source code, gtags(1) aborted with a message
'short of memory'. Now it works.
[nullstring.php]
+----------------
|<?php
|define('');
|?>
+----------------
o gtags (C++): Gtags(1) didn't recognize the shift operator. Now it works.
[a.hh]
+----------------
|class const_mod<uint64_t(1) << 48>
|{
|};
+----------------
$ gtags
gtags: failed to parse template [+1 ./a.hh].
o gtags (C, C++): Gtags(1) couldn't pick up 'E2' as a definition. Now it works.
[test.c]
+----------------
|enum my_enum2
|{
| E2
|};
+----------------
|
|
2.44.0 (stable):
Gio:
* Action, ActionGroup: Avoid memory leaks in funcs.
(Kjell Ahlstedt) Bug #705124
gmmproc:
* _WRAP_VFUNC(): Add keep_return parameter.
(Kjell Ahlstedt) Bug #705124
2.43.91 (unstable):
Glib:
* OptionContext: Add get/set_strict_posix().
(Murray Cumming)
Gio:
* Application:
- Add get/set/unset_resource_base_path() and property.
- Add get_is_busy() and property.
(Murray Cumming)
* File: Add replace_contents_bytes_aync().
(Murray Cumming)
* InputStream: Add read_all_async() and read_all_finish().
(Murray Cumming)
* MemoryInputStream: Add add_bytes().
(Murray Cumming)
* OutputStream: Add write_all_async() and write_all_finish().
(Murray Cumming)
Gio::DBus
* InterfaceInfo: Add cache_build() and cache_release().
(Murray Cumming)
2.43.90 (unstable):
Glib:
* Error::register_init(): Call Glib::wrap_register_init().
(Kjell Ahlstedt) Bug #743466 (Mike Fleetwood).
* OptionGroup:
- Fix enable/disable bool option pairs.
(Kjell Ahlstedt) Bug #744854 (Tom Schoonjans)
- Fix memory leaks
(Kjell Ahlstedt) Bug #745173.
- Don't use deprecate g_option_group_free().
(Kjell Ahlstedt)
* Value: Deprecate Value<char>, add Value<signed char>.
Because g_value_[get,set]_char() are deprecated in favour of
g_value_[get,set]_schar().
(Kjell Ahlstedt)
Gio:
* Application: Deprecate property_action_group().
(Kjell Ahlstedt)
* Notification: Add set_priority() and enum NotificationPriority.
(Kjell Ahlstedt)
* Add TcpWrapperConnection.
(Murray Cumming)
* UnixSocketAddress: Deprecate property_abstract().
(Kjell Ahlstedt)
gmmproc:
* Fix error messages in glib and gio by removing unnecessary _IGNORES().
(Kjell Ahlstedt)
* h2def.py: Remove *_DEPRECATED_IN_*_*_FOR(*) prefixes with white space.
(Kjell Ahlstedt)
* Put DOXYGEN_SHOULD_SKIP_THIS around *_Class prototypes.
To workaround a doxygen bug, to fix the genereated DevHelp search index.
(Murray Cumming) Bug #743918
2.43.3 (unstable):
Glib:
* Binding: Rename and change BindingTransformSlot to SlotTransform.
(Kjell Ahlstedt) Bug #738663.
* Add SlotSpawnChildSetup.
(Kjell Ahlstedt) Bug #528285.
Documentation:
* Resource: Suppress incorrect doxygen links.
(Kjell Ahlstedt)
2.43.2 (unstable):
Gio:
* Added NetworkMonitor.
(Murray Cumming)
* UnixFDList, UnixFDMessage: Correct array lengths in steal_fds()
(Kjell Ahlstedt) Bug #741365 (Matthew Balkam)
gmmproc:
* Don't make one very long line for the enum documentation.
(Kjell Ahlstedt)
* Improve the conversion of Since to @newin.
(Kjell Ahlstedt)
* Add an empty line after @newin where it's missing
(Kjell Ahlstedt)
2.43.1 (unstable):
gmmproc:
* Tidy up the generation of enum docs
(Kjell Ahlstedt)
* _WRAP_GERROR: Add documentation to the generated enum Code.
(Kjell Ahlstedt)
* Change messages that MS Visual Studio can misunderstand.
(Kjell Ahlstedt)
* Warn when an ignored method or signal doesn't exist.
(Marcin Kolny) Bug #737212.
Glib:
* Add Binding.
(Kjell Ahlstedt) Bug #738663.
* Checksum::ChecksumType: Remove erroneous documentation
(Kjell Ahlstedt)
* Property: Add some documentation.
(Kjell Ahlstedt) Bug #523043.
Gio:
Add Resource.
(Kjell Ahlstedt)
|
|
Version 1.82b:
--------------
- Fixed a harmless but annoying race condition in persistent mode - signal
delivery is a bit more finicky than I thought.
- Updated the documentation to explain persistent mode a bit better.
- Tweaked AFL_PERSISTENT to force AFL_NO_VAR_CHECK.
--------------
Version 1.81b:
--------------
- Added persistent mode for in-process fuzzing. See llvm_mode/README.llvm.
Inspired by Kostya Serebryany and Christian Holler.
- Changed the in-place resume code to preserve crashes/README.txt. Suggested
by Ben Nagy.
- Included a potential fix for LLVM mode issues on MacOS X, based on the
investigation done by teor2345.
|
|
### 3.3.1 / 2015-06-14
[Full Changelog](http://github.com/rspec/rspec-rails/compare/v3.3.0...v3.3.1)
Bug Fixes:
* Fix regression that caused stubbing ActiveRecord model classes to
trigger internal errors in rails. (Myron Marston, Aaron Kromer, #1395)
|
|
DEPENDS on devel/p5-Module-Build.
|
|
Addition of \csmeaning command.
|
|
## 1.3.2
### Changes
- now works and passes tests with Lua 5.3
- utils.import will NOT override global symbols (import 'math' caused global type() to be clobbered)
- Updated pl.dir.file_op to return true on success and false on failure...
- workaround for issues with pl.lapp with amalg.lua - will look at global LAPP_SCRIPT if arg[0] is nil
### Fixes
- func was broken: do NOT use ipairs to iterate if __index is overriden!
- issue #133 pretty.read (naively) confused by unbalanced brackets
- xml attribute underscore fix for simple parser
- Fix path.normpath
- lexer: fix parsing block comments/string. fix hang on empty string.
- Fixed utils.execute returning different values for Lua 5.1 and Lua 5.2
- Issue #97; fixed attempt to put a month into a day
- problem with tablex.count_map with custom comparison
### Features
- Add Python style url module for quote and unquote.
- stringx.quote_string, which scans for embedded long-string quote matches and escapes them by creating a long-string quote.
- issue #117: tablex.range now works with decreasing numbers, consistent with numerical for loop
- utils.import will NOT override global symbols (import 'math' caused global type() to be clobbered)
- issue #125: DOCTYPE ignored in xml documents as well
- Allow XML tostring() function to customize the default prefacing with <?xml...>
- More Robust Quoted Strings
- lapp: improved detection of unsupported short flags
## 1.3.0
### Changes
- class: RIP base method - not possible to implement correctly
- lapp: short flags can now always be followed directly by their value, for instance,
`-I/usr/include/lua/5.1`
- Date: new explicit `Date.Interval` class; `toUTC/toLocal` return new object; `Date.__tostring`
always returns ISO 8601 times for exact serialization. `+/-` explicit operators. Date objects
are explicitly flagged as being UTC or not.
### Fixes
- class: super method fixed.
- Date: DST is now accounted for properly.
- Date: weekday calculation borked.
### Features
- All tests pass with no-5.1-compatible Lua 5.2; now always uses `utils.load` and
`utils.unpack` is always available.
- types: new module containing `utils.is_xxx` methods plus new `to_bool`.
- class: can be passed methods in a table (see `test=klass.lua`). This is
particularly convenient for using from Moonscript.
- general documentation improvements, e.g `class`
## 1.2.1
### Changes
- utils.set(get)fenv always defined (_not_ set as globals for 5.2 anymore!).
These are defined in new module pl.compat, but still available through utils.
- class.Frodo now puts 'Frodo' in _current environment_
### Fixes
- lapp.add_type was broken (Pete Kazmier)
- class broke with classes that redefined __newindex
- Set.isdisjoint was broken because of misspelling; default ctor Set() now works as expected
- tablex.transform was broken; result now has same keys as original (CoolistheName007)
- xml match not handling empty matches (royalbee)
- pl.strict: assigning nil to global declares it, as God intended. (Pierre Chapuis)
- tests all work with pl.strict
- 5.2 compatible load now respects mode
- tablex.difference thought that a value of `false` meant 'not present' (Andrew Starke)
### Features
- tablex.sort(t) iterates over sorted keys, tablex.sortv(t) iterates over sorted values (Pete Kazmier)
- tablex.readonly(t) creates a read-only proxy for a table (John Schember)
- utils.is_empty(o) true if o==nil, o is an empty table, or o is an empty string (John Schember)
- utils.executeex(cmd,bin) returns true if successful, return code, plus stdout and stderr output as strings. (tieske)
- class method base for calling inherited methods (theypsilon)
- class supports pre-constructor _create for making a custom self (used in pl.List)
- xml HTML mode improvements - can parse non-trivial well-formed HTML documents.
xml.parsehtml is a parse function, no longer a flag
- if a LOM document has ordered attributes, use these when stringifying
- xml.tostring has yet another extra parm to force prefacing with <?xml...>
- lapp boolean flags may have `true` default
- lapp slack mode where 'short' flags can be multi-char
- test.asserteq etc take extra arg, which is extra level where error must be reported at
- path.currentdir,chdir,rmdir,mkdir and dir as alias to lfs are exported; no dependencies on luafilesystem outside pl.path, making it easier to plug in different implementations.
|