| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles were unfetchable (possibly fetched
conditionally?):
./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
|
|
|
|
|
|
|
|
From release notes:
This version resolves the following CVEs:
* CVE-2017-9470
* CVE-2017-9471
* CVE-2017-9474
* CVE-2017-9058
* CVE-2017-12142
* CVE-2017-12141
* CVE-2017-12144
|
|
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
|
|
|
|
The changes in patch-ytnef.c has been applied upstream.
patch-ytnef.c has now been removed.
Changes from Changelog:
v1.9.2 - February 23, 2017
Thanks to @hannob for finding some Out-of-bound exceptions in memory handline.
* [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes (CVE-2017-6800)
* [SECURITY] Missing a check for fields of size 0 (CVE-2017-6801)
* [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams (CVE-2017-6802)
This version & the previous 1.9.1 resolves the following CVEs:
* CVE-2017-6306
* CVE-2017-6305
* CVE-2017-6304
* CVE-2017-6303
* CVE-2017-6302
* CVE-2017-6301
* CVE-2017-6300
* CVE-2017-6299
* CVE-2017-6298
v1.9.1 - Feb 14, 2017
* BugFix for path handling- label both / and \ as invalid characters inattachments
* Remove lots of exit(-1)'s from the code that would crash calling programs
* [SECURITY] Thanks to EricSesterhennX41 for a patch to fix lots of invalid
memory allocation around corrupted files.
v1.9 - January 2, 2017
* Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach)
* Fix applied for CVE-2010-5109
* Various fixes for errors found via Static Analysis (cppcheck)
* Various memory leaks plugged (Thanks @slonik-v-domene)
* Bugfix for a broken "uniqueness" checker
* Lots of formatting & documentation cleanups
Now that the two packages are unified into a single install & build, I've had
to choose a unifier of Version Numbers. I chose 1.9 .
|
|
Problems found locating distfiles:
Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
Package pine: missing distfile fancy.patch.gz
Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
Package qmail: missing distfile badrcptto.patch
Package qmail: missing distfile outgoingip.patch
Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
|
|
|
|
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
|
|
plug-in.
|
