Age | Commit message (Collapse) | Author | Files | Lines |
|
www/davical: security fix
Revisions pulled up:
- www/davical/Makefile 1.42
- www/davical/PLIST 1.12
- www/davical/distinfo 1.17
---
Module Name: pkgsrc
Committed By: hauke
Date: Thu Dec 12 08:12:27 UTC 2019
Modified Files:
pkgsrc/www/davical: Makefile PLIST distinfo
Log Message:
Update www/davical to v1.1.9.2
>From upstream's changelog:
1.1.9.2:
Bug Fixes
Fix CSRF not being checked in collection-edit.php
Other Changes
use foreach() instead of deprecated each()
1.1.9.1:
Bug Fixes
Corrects reflected cross-site scripting (XSS) vulnerability
Corrects persistent XSS vulnerability in user/group/resource details
Corrects persistent XSS vulnerability in user/group/resource list
Adds token to address cross-site request forgery (CSRF) vulnerability
Corrects syntax error in name of collection_id
Make calquery aware of default timezone
Corrections to range-based calendar queries
Add missing 'break' to rrule.php
Other Changes
Updated PHP version requirement
|
|
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.3
- www/firefox68/PLIST 1.2
- www/firefox68/distinfo 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Nov 5 17:14:30 UTC 2019
Modified Files:
pkgsrc/www/firefox68: Makefile PLIST distinfo
Log Message:
Update to 68.2.0 with patch from Piotr Meyer
Changelog:
Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
|
|
lang/go112: security update
lang/go: update available version
Revisions pulled up:
- lang/go/version.mk 1.70
- lang/go112/PLIST 1.8
- lang/go112/distinfo 1.8
Revision bump for:
- archivers/go-xz/Makefile
- chat/coyim/Makefile
- chat/matterircd/Makefile
- databases/go-etcd/Makefile
- databases/go-ldap/Makefile
- databases/influxdb/Makefile
- databases/postgres_exporter/Makefile
- databases/prometheus/Makefile
- devel/git-lfs/Makefile
- devel/go-afero/Makefile
- devel/go-amber/Makefile
- devel/go-appengine/Makefile
- devel/go-assert/Makefile
- devel/go-blackfriday/Makefile
- devel/go-buffruneio/Makefile
- devel/go-cast/Makefile
- devel/go-check/Makefile
- devel/go-cli/Makefile
- devel/go-cobra/Makefile
- devel/go-colorable/Makefile
- devel/go-colortext/Makefile
- devel/go-colour/Makefile
- devel/go-consul-api/Makefile
- devel/go-debounce/Makefile
- devel/go-ed25519/Makefile
- devel/go-emoji/Makefile
- devel/go-errors/Makefile
- devel/go-flags-svent/Makefile
- devel/go-fnmatch/Makefile
- devel/go-fs/Makefile
- devel/go-fsnotify/Makefile
- devel/go-fsync/Makefile
- devel/go-gitmap/Makefile
- devel/go-glog/Makefile
- devel/go-gls/Makefile
- devel/go-gocode/Makefile
- devel/go-godef/Makefile
- devel/go-godirwalk/Makefile
- devel/go-godotenv/Makefile
- devel/go-golang-lru/Makefile
- devel/go-goorgeous/Makefile
- devel/go-gopkgs/Makefile
- devel/go-goptlib/Makefile
- devel/go-goreturns/Makefile
- devel/go-gox/Makefile
- devel/go-hashstructure/Makefile
- devel/go-homedir/Makefile
- devel/go-humanize/Makefile
- devel/go-i18n/Makefile
- devel/go-immutable-radix/Makefile
- devel/go-ini/Makefile
- devel/go-iochan/Makefile
- devel/go-isatty/Makefile
- devel/go-jwalterweatherman/Makefile
- devel/go-kingpin.v3-unstable/Makefile
- devel/go-locker/Makefile
- devel/go-logrus/Makefile
- devel/go-mapstructure/Makefile
- devel/go-mapstructure-bep/Makefile
- devel/go-mow-cli/Makefile
- devel/go-nbreader/Makefile
- devel/go-nitro/Makefile
- devel/go-osext/Makefile
- devel/go-pflag/Makefile
- devel/go-properties/Makefile
- devel/go-protobuf/Makefile
- devel/go-purell/Makefile
- devel/go-ratelimit/Makefile
- devel/go-repr/Makefile
- devel/go-review/Makefile
- devel/go-sanitized_anchor_name/Makefile
- devel/go-shellwords/Makefile
- devel/go-shuffle/Makefile
- devel/go-siphash/Makefile
- devel/go-sync/Makefile
- devel/go-sys/Makefile
- devel/go-termbox/Makefile
- devel/go-testify/Makefile
- devel/go-thrift/Makefile
- devel/go-tools/Makefile
- devel/go-try/Makefile
- devel/go-viper/Makefile
- devel/go-yaml/Makefile
- devel/golint/Makefile
- devel/google-api-go-client/Makefile
- graphics/go-image/Makefile
- graphics/go-imaging/Makefile
- graphics/go-resize/Makefile
- graphics/go-smartcrop/Makefile
- lang/go-hcl/Makefile
- mail/postforward/Makefile
- math/go-stats/Makefile
- math/go-units/Makefile
- misc/go-genproto/Makefile
- misc/go-genproto-googleapis-rpc/Makefile
- net/aws-sdk-go/Makefile
- net/dnscrypt-proxy2/Makefile
- net/gcloud-golang-metadata/Makefile
- net/go-dns/Makefile
- net/go-dnstap/Makefile
- net/go-framestream/Makefile
- net/go-grpc/Makefile
- net/go-net/Makefile
- net/go-ovh/Makefile
- net/go-websocket/Makefile
- net/hub/Makefile
- net/obfs4proxy/Makefile
- net/syncthing/Makefile
- pkgtools/pkglint/Makefile
- security/2fa/Makefile
- security/go-asn1-ber/Makefile
- security/go-crypt/Makefile
- security/go-crypto/Makefile
- security/go-mkcert/Makefile
- security/go-oauth2/Makefile
- security/go-sftp/Makefile
- security/vault/Makefile
- sysutils/beats/Makefile
- sysutils/consul/Makefile
- sysutils/fzf/Makefile
- sysutils/goreman/Makefile
- sysutils/lf/Makefile
- sysutils/node_exporter/Makefile
- sysutils/vultr/Makefile
- textproc/go-chroma/Makefile
- textproc/go-diff/Makefile
- textproc/go-glob/Makefile
- textproc/go-inflect/Makefile
- textproc/go-md2man/Makefile
- textproc/go-mmark/Makefile
- textproc/go-prose/Makefile
- textproc/go-regexp2/Makefile
- textproc/go-runewidth/Makefile
- textproc/go-sentences/Makefile
- textproc/go-tablewriter/Makefile
- textproc/go-text/Makefile
- textproc/sift/Makefile
- www/caddy/Makefile
- www/gitea/Makefile
- www/go-ace/Makefile
- www/go-cssmin/Makefile
- www/go-gogs-client/Makefile
- www/go-gohtml/Makefile
- www/go-libsass/Makefile
- www/go-minify/Makefile
- www/go-parse/Makefile
- www/go-spritewell/Makefile
- www/go-tocss/Makefile
- www/go-toml-burntsushi/Makefile
- www/go-toml-pelletier/Makefile
- www/go-urlesc/Makefile
- www/go-webhooks/Makefile
- www/grafana/Makefile
- www/hugo/Makefile
- www/pup/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Oct 18 14:48:29 UTC 2019
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go112: PLIST distinfo
Log Message:
Update go112 to 1.12.12.
qo1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa
package. See the Go 1.12.11 milestone on our issue tracker for details.
go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime,
syscall and net packages. See the Go 1.12.12 milestone on our issue tracker
for details.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go112/PLIST pkgsrc/lang/go112/distinfo
|
|
www/ruby-loofah: seucurity fix
Revisions pulled up:
- www/ruby-loofah/Makefile 1.6
- www/ruby-loofah/PLIST 1.5
- www/ruby-loofah/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Oct 22 16:24:20 UTC 2019
Modified Files:
pkgsrc/www/ruby-loofah: Makefile PLIST distinfo
Log Message:
www/ruby-loofah: update to 2.3.1
## 2.3.1 / 2019-10-22
### Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171
## 2.3.0 / unreleased
### Features
* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)
### Bug fixes
* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)
### Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.
Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
|
|
www/nostromo: security fix
Revisions pulled up:
- www/nostromo/Makefile 1.3
- www/nostromo/PLIST 1.2
- www/nostromo/distinfo 1.2
- www/nostromo/patches/patch-http_header_comp 1.1
- www/nostromo/patches/patch-strcutl 1.1
---
Module Name: pkgsrc
Committed By: ast
Date: Sun Oct 20 20:02:14 UTC 2019
Modified Files:
pkgsrc/www/nostromo: Makefile PLIST distinfo
Added Files:
pkgsrc/www/nostromo/patches: patch-http_header_comp patch-strcutl
Log Message:
www/nostromo: fixes for CVE-2019-16278 and CVE-2019-16279
|
|
No functional change now, but it will avoid changing the distfiles
if PKGREVISION is used.
Thanks to leot for pointing it out.
|
|
Not all the files are versioned, so we have a mismatch if the previous
version's files existed.
This addresses the failure seen on mef's bulk build.
|
|
- Removes obsolete patches no longer applicable to 1.29.0.
- Adds a patch to support building cliqz from clang base in NetBSD.
- No longer uses gcc in the build process.
Changes since 1.28.2:
Merge with Firefox 69.0.1
Committed during freeze as it's a security fix to a leaf package. ok maya@
|
|
|
|
ok wiz@ for PMC
|
|
says:
You'll find below the changes of this bugfixes version:
- [security] Prevent account takeover vulnerability,
- [security] Prevent execution of XSS on rich text,
- fix cache key length issues,
- fix user picture removal at login,
- several fixes on recurring tickets,
- fix some transfer errors related to entities among others,
- and more!
The full changelog is available:
https://github.com/glpi-project/glpi/milestone/37?closed=1
|
|
"not all parts" are supported.
Make it easier for pgksrc and disable python 2.7.
(There is no maintainer.)
|
|
Homepage still claims 2.7 support, so use PLIST.py3x for them
and add comment with bug report URL.
If upstream doesn't want to fix this, we should mark it as
INCOMPATIBLE with 2.7 (only affects py-buildbot).
|
|
p5-libapreq depends on mod_perl 1.x, which was removed in June.
rt3 uses p5-libapreq.
|
|
due to py-rdflib's use of py-networkx.
|
|
This still doesn't build though.
|
|
|
|
Otherwise there is a missing symbol with at least g_thread_init.
|
|
Changes:
WebKitGTK 2.26.1
================
- Fix MSE media player with GStreamer 1.14.
- Fix HTML alternate loads never finishing.
- Fix web view initialization delay on first load.
- Validate user agent string set via API.
- Fix a crash when a web view is destroyed with accelerated compositing mode enabled.
- Fix EGL initialization with newer versions of Mesa.
- Do not enable the sandbox inside docker.
- Fix several crashes and rendering issues.
Thanks to <wiz> for approving update during freeze!
|
|
(work around for libc++ vs netbsd headers).
|
|
Trying to fix
[ 53%] Generating ../../DerivedSources/JavaScriptCore/IntlDateTimeFormatConstructor.lut.h
Traceback (most recent call last):
File "/scratch/www/webkit-gtk/work/webkitgtk-2.26.0/Source/JavaScriptCore/disassembler/udis86/ud_itab.py", line 379, in <module>
main()
File "/scratch/www/webkit-gtk/work/webkitgtk-2.26.0/Source/JavaScriptCore/disassembler/udis86/ud_itab.py", line 374, in main
tables = UdOpcodeTables(xml=sys.argv[1])
File "/scratch/www/webkit-gtk/work/webkitgtk-2.26.0/Source/JavaScriptCore/disassembler/udis86/ud_opcode.py", line 326, in __init__
for insn in self.__class__.parseOptableXML(xml):
File "/scratch/www/webkit-gtk/work/webkitgtk-2.26.0/Source/JavaScriptCore/disassembler/udis86/ud_opcode.py", line 585, in parseOptableXML
xmlDoc = minidom.parse(xml)
File "/usr/pkg/lib/python2.7/xml/dom/minidom.py", line 1917, in parse
from xml.dom import expatbuilder
File "/usr/pkg/lib/python2.7/xml/dom/expatbuilder.py", line 32, in <module>
from xml.parsers import expat
File "/usr/pkg/lib/python2.7/xml/parsers/expat.py", line 4, in <module>
from pyexpat import *
ImportError: No module named pyexpat
|
|
Furl v2.1.0.
Added: a dont_quote= parameter to Query.encode() and a
query_dont_quote= parameter to furl.tostr() that exempt valid query
characters from being percent-encoded, either in their entirety with
dont_quote=True, or selectively with dont_quote=<string>, like
dont_quote='/?@_'.
Changed: Move package info from __init__.py into the more standard
__version__.py.
Fixed: Support Unicode usernames and passwords in Python 2.
Fixed: Update orderedmultdict to v1.0.1 to resolve a DeprecationWarning.
Fixed: Encode '/' consistently in query strings across both
quote_plus=True and quote_plus=False.
|
|
|
|
This package contains language packs for www/firefox68.
|
|
|
|
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package provides Firefox 68 ESR.
|
|
* Sync with www/firefox-69.0.1
|
|
Changelog:
Fixed
Fixed external programs launching in the background when clicking a link from inside Firefox to launch them (bug 1570845)
Usability improvements to the Add-ons Manager for users with screen readers (bug 1567600)
Fixed the Captive Portal notification bar not being dismissable in some situations after login is complete (bug 1578633)
Fixed the maximum size of fonts in Reader Mode when zoomed (bug 1578454)
Fixed missing stacks in the Developer Tools Performance section (bug 1578354)
Security and stability fixes
irefox 69.0.1
Security fixes:
#CVE-2019-11754: Pointer Lock is enabled with no user notification
|
|
|
|
@jym approved
|
|
NetBSD has strchrnul so tell netsurf this.
|
|
v18.2.0
* File-based sessions no longer attempt to remove the lock files
when releasing locks, instead deferring to the default behavior
of zc.lockfile. Fixes :issue:`1391` and :issue:`1779`.
* :pr:`1794`: Add native support for ``308 Permanent Redirect``
usable via ``raise cherrypy.HTTPRedirect('/new_uri', 308)``.
|
|
v6.5.8
- :issue:`222` via :commit:`621f4ee`: Fix
:py:const:`socket.SO_PEERCRED` constant fallback value
under PowerPC.
v6.5.7
- :issue:`198` via :commit:`9f7affe`: Fix race condition when
toggling stats counting in the middle of request processing.
- Improve post Python 3.9 compatibility checks.
- Fix support of `abstract namespace sockets
<https://utcc.utoronto.ca/~cks
/space/blog/linux/SocketAbstractNamespace>`_.
|
|
Fix crash in netsurf when downloading files due to null pointer dereference.
|
|
|
|
|
|
0.3 introduces a new API while maintaining compat with the 0.2 API.
|
|
Now that netsurf uses gtk3, install
adwaita icon theme so that it finds
icons to use with its gui.
|
|
The update to 8.6.17 wasn't enough to make the annoying messages go away.
PHP 5 support, automatic entity updates, and Internet Explorer 9 workarounds
have been removed
* PHP 5.5 and 5.6 will no longer be supported as of Drupal 8.7.0.
As of December 2018, PHP 5.6 no longer receives security support
from the maintainers of PHP. Anyone running Drupal 8 on PHP 5.5 or
5.6 should upgrade their PHP version to at least 7.1. PHP 7.2 is
now recommended. Read more in the change record for the PHP
requirement update.
* Starting with 8.7.0, Drupal core no longer provides support for
automatic entity updates as these have resulted in conflicts with
regular database updates and data integrity issues. Whenever an
entity type or field storage definition needs to be created,
changed or deleted, it has to be done with an explicit update
function as provided by the Update API, and using the API provided
by the entity definition update manager. (Note that using the API
has always been the recommended way for developers to trigger
entity updates.) drush entup is also no longer supported by Drupal
core. These three change records provide further details:
1. Support for automatic entity updates has been removed
2. Kernel tests have to install entity type schemas for all the
entity types they are testing, and before installing any other
configuration
3. New helper method available to set up the "current_user"
service in kernel tests
* Workarounds for the stylesheet limit in Internet Explorer 9 (IE9)
and earlier have been removed. Drupal dropped support for Internet
Explorer 9 and 10 in 8.4.0, but Drupal 8.5 and 8.6 retained a
workaround to allow 32 or more stylesheets to be included. This
workaround has been removed in 8.7. Sites still requiring Internet
Explorer 9 support for the work around of IE's limit of 31 style
sheets per page, should enable CSS aggregation (preferred) or
install the IE9 Compatibility contributed module.
Extensive release notes here:
- https://www.drupal.org/project/drupal/releases/8.7.0
- https://www.drupal.org/project/drupal/releases/8.7.7
|
|
19.9.3
new: XBR - update XBR for new contract ABIs
new: XBR - payment channel close
new: XBR - implement EIP712 signing of messages in endpoints
19.9.2
new: XBR - update XBR for new contract ABIs
19.9.1
new: XBR - update XBR for new contract ABIs
|
|
2.0.8:
Default SSL ciphers changed to resolve issues with some users reporting receiving Cloudflare captchas. If you're having issues with captchas, please try upgrading to the latest version.
|
|
|
|
reported by ottavio on freenode
|
|
Changes:
* Remove dependency on openssl
* Reduce UI flicker
* Reduce disk writes to ~/.snownews
* General code cleanup
* Improve build system
* More translations
* Relicensed to GPLv3
|
|
|
|
- 2011/01/10
converted HTML encoding to UTF-8
(This is because IE does not show ISO-2022-JP by its bug).
- 2010/06/10
No more Distribution by LZH, no more for Classic Mac version
- 2009/04/30
Get request from outside won't be accepted to avoid abuse
- 2008/02/19
Updated DTD of HTML+
- 2005/03/12
Display significance of Error ahead (left) of checkbox
(sorry, above log should come at previous commit, this changes comment line)
|
|
|
|
|
|
Also reorganize several dependencies in Makefile and buildlink3.mk.
See the following post for details:
https://mail-index.netbsd.org/pkgsrc-users/2019/09/07/msg029327.html
https://mail-index.netbsd.org/pkgsrc-users/2019/09/13/msg029356.html
Upstream changes (from NEWS):
== Ruby-GNOME 3.3.8: 2019-09-10
This is a partially GLib 2.62.0 support release.
=== Changes
==== All
* Improvements
* Changed our project name to Ruby-GNOME from Ruby-GNOME2.
[GitHub#1277][Suggested by kojix2]
[GitHub#1291][Patch by kojix2]
* Stopped to release (({.tar.gz})) because they are no longer
used.
==== Ruby/GLib2
* Improvements
* (({GLib.convert})): Changed to set correct encoding.
* (({GLib::FILENAME_ENCODING})): Added.
* Changed to use the same enum object for the same enum value.
* (({GLib::Enum.find})): Added.
* (({GLib::Bytes#initialize})): Changed to reuse (({String})) data
even if the given (({String})) isn't frozen.
* (({GLib::Bytes.try_convert})): Added.
* (({GLib::Enum.try_convert})): Added.
* (({GLib::Flags.try_convert})): Added.
* (({GLib::Type.try_convert})): Added.
* (({GLib::MkEnums.create})): Added support for flags to enum
definition.
[GitHub#1295][Patch by Mamoru TASAKA]
==== Ruby/GIO2
* Fixes
* Renamed to (({Gio::Icon#hash})) from (({Gio::Icon.hash})).
[GitHub#1293][Reported by Erik Czumadewski]
==== Ruby/GObjectIntrospection
* Improvements
* Introduced (({try_convert})) protocol.
==== Ruby/CairoGObject
* Improvements
* (({Cairo::Context.try_convert})): Added.
* (({Cairo::Device.try_convert})): Added.
* (({Cairo::Pattern.try_convert})): Added.
* (({Cairo::Surface.try_convert})): Added.
* (({Cairo::ScaledFont.try_convert})): Added.
* (({Cairo::FontFace.try_convert})): Added.
* (({Cairo::FontOptions.try_convert})): Added.
* (({Cairo::Region.try_convert})): Added.
=== Thanks
* kojix2
* Erik Czumadewski
* Mamoru TASAKA
|
|
Fix bulk builds by noting this depends on py-werkzeug. (While here,
convert other BUILD_DEPENDS to TOOL_DEPENDS.)
|