Now
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/midori/Makefile@1.127.2.1
/
diff
pkgsrc/www/midori/distinfo@1.29.4.1 / diff
pkgsrc/www/midori/patches/patch-core_browser.vala@1.1.2.2 / diff
pkgsrc/www/midori/distinfo@1.29.4.1 / diff
pkgsrc/www/midori/patches/patch-core_browser.vala@1.1.2.2 / diff
Pullup ticket #6244 - requested by nia
www/midori: bugfix
Revisions pulled up:
- www/midori/Makefile 1.130
- www/midori/distinfo 1.30
- www/midori/patches/patch-core_browser.vala 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jun 16 13:54:25 UTC 2020
Modified Files:
pkgsrc/www/midori: Makefile distinfo
Added Files:
pkgsrc/www/midori/patches: patch-core_browser.vala
Log Message:
midori: Fix typing / and backspace in the URL bar.
Noticed by benny on twitter
PKGREVISION++
www/midori: bugfix
Revisions pulled up:
- www/midori/Makefile 1.130
- www/midori/distinfo 1.30
- www/midori/patches/patch-core_browser.vala 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jun 16 13:54:25 UTC 2020
Modified Files:
pkgsrc/www/midori: Makefile distinfo
Added Files:
pkgsrc/www/midori/patches: patch-core_browser.vala
Log Message:
midori: Fix typing / and backspace in the URL bar.
Noticed by benny on twitter
PKGREVISION++
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/net/powerdns-recursor/Makefile@1.35.2.1
/
diff
pkgsrc/net/powerdns-recursor/distinfo@1.30.2.1 / diff
pkgsrc/net/powerdns-recursor/patches/patch-iputils.hh deleted
pkgsrc/net/powerdns-recursor/patches/patch-misc.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-misc.hh@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-pdns__recursor.cc@1.6.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-rec-carbon.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-rec__control.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-webserver.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-ws-recursor.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/distinfo@1.30.2.1 / diff
pkgsrc/net/powerdns-recursor/patches/patch-iputils.hh deleted
pkgsrc/net/powerdns-recursor/patches/patch-misc.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-misc.hh@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-pdns__recursor.cc@1.6.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-rec-carbon.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-rec__control.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-webserver.cc@1.1.2.2 / diff
pkgsrc/net/powerdns-recursor/patches/patch-ws-recursor.cc@1.1.2.2 / diff
Pullup ticket #6248 - requested by otis
net/powerdns-recursor: security fix
Revisions pulled up:
- net/powerdns-recursor/Makefile 1.36
- net/powerdns-recursor/distinfo 1.32
- net/powerdns-recursor/patches/patch-iputils.hh deleted
- net/powerdns-recursor/patches/patch-misc.cc 1.1
- net/powerdns-recursor/patches/patch-misc.hh 1.1
- net/powerdns-recursor/patches/patch-pdns__recursor.cc 1.6
- net/powerdns-recursor/patches/patch-rec-carbon.cc 1.1
- net/powerdns-recursor/patches/patch-rec__control.cc 1.1
- net/powerdns-recursor/patches/patch-webserver.cc 1.1
- net/powerdns-recursor/patches/patch-ws-recursor.cc 1.1
---
Module Name: pkgsrc
Committed By: otis
Date: Wed Jun 17 22:55:11 UTC 2020
Modified Files:
pkgsrc/net/powerdns-recursor: Makefile distinfo
Added Files:
pkgsrc/net/powerdns-recursor/patches: patch-misc.cc patch-misc.hh
patch-pdns__recursor.cc patch-rec-carbon.cc patch-rec__control.cc
patch-webserver.cc patch-ws-recursor.cc
Removed Files:
pkgsrc/net/powerdns-recursor/patches: patch-iputils.hh
Log Message:
net/powerdns-recursor: Update to 4.3.1
Changelog since 4.3.0:
* Released:
- 19th of May 2020
* Improvements:
- Add ubuntu focal target.
* Bug Fixes:
- Backport of security fixes for:
- CVE-2020-10995
- CVE-2020-12244
- CVE-2020-10030
- avoid a crash when loading an invalid RPZ.
- RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.
* misc:
- Update boost.m4.
net/powerdns-recursor: security fix
Revisions pulled up:
- net/powerdns-recursor/Makefile 1.36
- net/powerdns-recursor/distinfo 1.32
- net/powerdns-recursor/patches/patch-iputils.hh deleted
- net/powerdns-recursor/patches/patch-misc.cc 1.1
- net/powerdns-recursor/patches/patch-misc.hh 1.1
- net/powerdns-recursor/patches/patch-pdns__recursor.cc 1.6
- net/powerdns-recursor/patches/patch-rec-carbon.cc 1.1
- net/powerdns-recursor/patches/patch-rec__control.cc 1.1
- net/powerdns-recursor/patches/patch-webserver.cc 1.1
- net/powerdns-recursor/patches/patch-ws-recursor.cc 1.1
---
Module Name: pkgsrc
Committed By: otis
Date: Wed Jun 17 22:55:11 UTC 2020
Modified Files:
pkgsrc/net/powerdns-recursor: Makefile distinfo
Added Files:
pkgsrc/net/powerdns-recursor/patches: patch-misc.cc patch-misc.hh
patch-pdns__recursor.cc patch-rec-carbon.cc patch-rec__control.cc
patch-webserver.cc patch-ws-recursor.cc
Removed Files:
pkgsrc/net/powerdns-recursor/patches: patch-iputils.hh
Log Message:
net/powerdns-recursor: Update to 4.3.1
Changelog since 4.3.0:
* Released:
- 19th of May 2020
* Improvements:
- Add ubuntu focal target.
* Bug Fixes:
- Backport of security fixes for:
- CVE-2020-10995
- CVE-2020-12244
- CVE-2020-10030
- avoid a crash when loading an invalid RPZ.
- RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.
* misc:
- Update boost.m4.
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6243
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6243 - requested by nia
graphics/librsvg: NetBSD/arm build fix
Revisions pulled up:
- graphics/librsvg/available.mk 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jun 17 10:13:25 UTC 2020
Modified Files:
pkgsrc/graphics/librsvg: available.mk
Log Message:
librsvg: Disable rust version on NetBSD/arm (32-bit)
It doesn't have the address space to build a rust compiler so this
is currently broken.
graphics/librsvg: NetBSD/arm build fix
Revisions pulled up:
- graphics/librsvg/available.mk 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jun 17 10:13:25 UTC 2020
Modified Files:
pkgsrc/graphics/librsvg: available.mk
Log Message:
librsvg: Disable rust version on NetBSD/arm (32-bit)
It doesn't have the address space to build a rust compiler so this
is currently broken.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/ruby-websocket-extensions/Makefile@1.3.16.1
/
diff
pkgsrc/www/ruby-websocket-extensions/distinfo@1.2.16.1 / diff
pkgsrc/www/ruby-websocket-extensions/distinfo@1.2.16.1 / diff
Pullup ticket #6240 - requested by taca
www/ruby-websocket-extensions: security fix
Revisions pulled up:
- www/ruby-websocket-extensions/Makefile 1.4
- www/ruby-websocket-extensions/distinfo 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 14 15:57:43 UTC 2020
Modified Files:
pkgsrc/www/ruby-websocket-extensions: Makefile distinfo
Log Message:
devel/ruby-websocket-extensions: update to 0.1.5
Update ruby-websocket-extensions to 0.1.5.
pkgsrc change:
* Add "USE_LANGUAGES= # none".
* Change LICENSE to apache-2.0.
### 0.1.5 / 2020-06-02
- Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
### 0.1.4 / 2019-06-10
- Fix a deprecation warning for using the `=~` operator on `true`
- Change license from MIT to Apache 2.0
www/ruby-websocket-extensions: security fix
Revisions pulled up:
- www/ruby-websocket-extensions/Makefile 1.4
- www/ruby-websocket-extensions/distinfo 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 14 15:57:43 UTC 2020
Modified Files:
pkgsrc/www/ruby-websocket-extensions: Makefile distinfo
Log Message:
devel/ruby-websocket-extensions: update to 0.1.5
Update ruby-websocket-extensions to 0.1.5.
pkgsrc change:
* Add "USE_LANGUAGES= # none".
* Change LICENSE to apache-2.0.
### 0.1.5 / 2020-06-02
- Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
### 0.1.4 / 2019-06-10
- Fix a deprecation warning for using the `=~` operator on `true`
- Change license from MIT to Apache 2.0
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6239 - requested by nia
net/qbittorrent: i386 build fix
Revisions pulled up:
- net/qbittorrent/Makefile 1.14
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 11:21:29 UTC 2020
Modified Files:
pkgsrc/net/qbittorrent: Makefile
Log Message:
qbittorrent: needs 64-bit atomic ops
net/qbittorrent: i386 build fix
Revisions pulled up:
- net/qbittorrent/Makefile 1.14
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 11:21:29 UTC 2020
Modified Files:
pkgsrc/net/qbittorrent: Makefile
Log Message:
qbittorrent: needs 64-bit atomic ops
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6238 - requested by nia
net/grpc: i386 build fix
Revisions pulled up:
- net/grpc/Makefile 1.26
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 11:26:31 UTC 2020
Modified Files:
pkgsrc/net/grpc: Makefile
Log Message:
grpc: needs 64-bit atomic ops
net/grpc: i386 build fix
Revisions pulled up:
- net/grpc/Makefile 1.26
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 11:26:31 UTC 2020
Modified Files:
pkgsrc/net/grpc: Makefile
Log Message:
grpc: needs 64-bit atomic ops
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6237 - requested by nia
emulators/libretro-bsnes-mercury: NetBSD/arm build fix
Revisions pulled up:
- emulators/libretro-bsnes-mercury/Makefile.common 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 10:01:06 UTC 2020
Modified Files:
pkgsrc/emulators/libretro-bsnes-mercury: Makefile.common
Log Message:
libretro-bsnes-mercury: Uncondition HAVE_POSIX_MEMALIGN so it works on 32-bit arm
emulators/libretro-bsnes-mercury: NetBSD/arm build fix
Revisions pulled up:
- emulators/libretro-bsnes-mercury/Makefile.common 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 10:01:06 UTC 2020
Modified Files:
pkgsrc/emulators/libretro-bsnes-mercury: Makefile.common
Log Message:
libretro-bsnes-mercury: Uncondition HAVE_POSIX_MEMALIGN so it works on 32-bit arm
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6236 - requested by nia
x11/qt5-qtwebkit: NetBSD/arm build fix
Revisions pulled up:
- x11/qt5-qtwebkit/Makefile 1.79
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 09:47:40 UTC 2020
Modified Files:
pkgsrc/x11/qt5-qtwebkit: Makefile
Log Message:
qt5-qtwebkit: Remove invalid ARM linker args
x11/qt5-qtwebkit: NetBSD/arm build fix
Revisions pulled up:
- x11/qt5-qtwebkit/Makefile 1.79
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Jun 13 09:47:40 UTC 2020
Modified Files:
pkgsrc/x11/qt5-qtwebkit: Makefile
Log Message:
qt5-qtwebkit: Remove invalid ARM linker args
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/sysutils/intel-microcode-netbsd/Makefile@1.36.2.1
/
diff
pkgsrc/sysutils/intel-microcode-netbsd/distinfo@1.28.2.1 / diff
pkgsrc/sysutils/intel-microcode-netbsd/distinfo@1.28.2.1 / diff
Pullup ticket #6235 - requested by msaitoh
sysutils/intel-microcode-netbsd: security fix
Revisions pulled up:
- sysutils/intel-microcode-netbsd/Makefile 1.37-1.39
- sysutils/intel-microcode-netbsd/distinfo 1.29-1.31
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Wed May 13 05:03:24 UTC 2020
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile distinfo
Log Message:
Update intel-microcode-netbsd to 20200508.
== 20200508 Release ==
-- Updates upon 20191115 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
ICL-U/Y D1 6-7e-5/80 00000046->00000078 Core Gen10 Mobile
---- removed platforms ------------------------------------
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Mon Jun 1 15:34:40 UTC 2020
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile distinfo
Log Message:
Update intel-microcode-netbsd to 20200520.
== 20200520 Release ==
-- Updates upon 20200508 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X
SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X
---- removed platforms ------------------------------------
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Wed Jun 10 02:29:45 UTC 2020
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile distinfo
Log Message:
Update intel-microcode-netbsd to 20200609.
== 20200609 Release ==
-- Updates upon 20200520 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
HSW C0 6-3c-3/32 00000027->00000028 Core Gen4
BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5
HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4
HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4
BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5
SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable
SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable
SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx
CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2
CLX-SP B1 6-55-7/bf 0500002c->05002f01 Xeon Scalable Gen2
SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5
AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile
AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile
KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8
CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9
CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile
---- removed platforms ------------------------------------
sysutils/intel-microcode-netbsd: security fix
Revisions pulled up:
- sysutils/intel-microcode-netbsd/Makefile 1.37-1.39
- sysutils/intel-microcode-netbsd/distinfo 1.29-1.31
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Wed May 13 05:03:24 UTC 2020
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile distinfo
Log Message:
Update intel-microcode-netbsd to 20200508.
== 20200508 Release ==
-- Updates upon 20191115 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
ICL-U/Y D1 6-7e-5/80 00000046->00000078 Core Gen10 Mobile
---- removed platforms ------------------------------------
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Mon Jun 1 15:34:40 UTC 2020
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile distinfo
Log Message:
Update intel-microcode-netbsd to 20200520.
== 20200520 Release ==
-- Updates upon 20200508 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X
SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X
---- removed platforms ------------------------------------
---
Module Name: pkgsrc
Committed By: msaitoh
Date: Wed Jun 10 02:29:45 UTC 2020
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile distinfo
Log Message:
Update intel-microcode-netbsd to 20200609.
== 20200609 Release ==
-- Updates upon 20200520 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
HSW C0 6-3c-3/32 00000027->00000028 Core Gen4
BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5
HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4
HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4
BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5
SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable
SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable
SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx
CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2
CLX-SP B1 6-55-7/bf 0500002c->05002f01 Xeon Scalable Gen2
SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5
AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile
AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile
KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8
CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9
CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile
---- removed platforms ------------------------------------
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6234
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6234 - requested by wiz
devel/libntlm: security fix
Revisions pulled up:
- devel/libntlm/Makefile 1.22
- devel/libntlm/distinfo 1.12
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jun 9 06:18:18 UTC 2020
Modified Files:
pkgsrc/devel/libntlm: Makefile distinfo
Log Message:
libntlm: update to 1.6.
* Version 1.6 (released 2020-04-19)
** Fix buffer overflow in buildSmbNtlmAuth* function. CVE-2019-17455.
Reported by Kirin in <https://gitlab.com/jas/libntlm/-/issues/2> and
patch provided by Cedric Buissart. See newly introduced regression
check test_CVE-2019-17455.c for test of a vulnerable library.
** API and ABI modifications.
No changes since last version.
devel/libntlm: security fix
Revisions pulled up:
- devel/libntlm/Makefile 1.22
- devel/libntlm/distinfo 1.12
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jun 9 06:18:18 UTC 2020
Modified Files:
pkgsrc/devel/libntlm: Makefile distinfo
Log Message:
libntlm: update to 1.6.
* Version 1.6 (released 2020-04-19)
** Fix buffer overflow in buildSmbNtlmAuth* function. CVE-2019-17455.
Reported by Kirin in <https://gitlab.com/jas/libntlm/-/issues/2> and
patch provided by Cedric Buissart. See newly introduced regression
check test_CVE-2019-17455.c for test of a vulnerable library.
** API and ABI modifications.
No changes since last version.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6233 - requested by wiz
sysutils/dbus: security fix
Revisions pulled up:
- sysutils/dbus/Makefile 1.121
- sysutils/dbus/distinfo 1.93
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jun 9 07:13:31 UTC 2020
Modified Files:
pkgsrc/sysutils/dbus: Makefile distinfo
Log Message:
dbus: update to 1.12.18.
dbus 1.12.18 (2020-06-02)
=========================
The “telepathic vines” release.
Denial of service fixes:
• CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
Other fixes:
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
• Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
sysutils/dbus: security fix
Revisions pulled up:
- sysutils/dbus/Makefile 1.121
- sysutils/dbus/distinfo 1.93
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jun 9 07:13:31 UTC 2020
Modified Files:
pkgsrc/sysutils/dbus: Makefile distinfo
Log Message:
dbus: update to 1.12.18.
dbus 1.12.18 (2020-06-02)
=========================
The “telepathic vines” release.
Denial of service fixes:
• CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
Other fixes:
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
• Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/security/gnutls/Makefile@1.209.2.1
/
diff
pkgsrc/security/gnutls/PLIST@1.69.2.1 / diff
pkgsrc/security/gnutls/PLIST.guile@1.1.2.2 / diff
pkgsrc/security/gnutls/buildlink3.mk@1.36.2.1 / diff
pkgsrc/security/gnutls/distinfo@1.142.2.1 / diff
pkgsrc/security/gnutls/options.mk@1.2.2.1 / diff
pkgsrc/security/gnutls/patches/patch-configure@1.5.2.2 / diff
pkgsrc/security/gnutls/PLIST@1.69.2.1 / diff
pkgsrc/security/gnutls/PLIST.guile@1.1.2.2 / diff
pkgsrc/security/gnutls/buildlink3.mk@1.36.2.1 / diff
pkgsrc/security/gnutls/distinfo@1.142.2.1 / diff
pkgsrc/security/gnutls/options.mk@1.2.2.1 / diff
pkgsrc/security/gnutls/patches/patch-configure@1.5.2.2 / diff
Pullup ticket #6232 - requested by maya
security/gnutls: security fix
Revisions pulled up:
- security/gnutls/Makefile 1.210-1.213
- security/gnutls/PLIST 1.70-1.71
- security/gnutls/PLIST.guile 1.1
- security/gnutls/buildlink3.mk 1.37
- security/gnutls/distinfo 1.143-1.144
- security/gnutls/options.mk 1.3
- security/gnutls/patches/patch-configure 1.5
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 1 08:24:07 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-configure
Log Message:
gnutls: updated to 3.6.13
Version 3.6.13:
** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
The DTLS client would not contribute any randomness to the DTLS negotiation,
breaking the security guarantees of the DTLS protocol
[GNUTLS-SA-2020-03-31, CVSS: high]
** libgnutls: Added new APIs to access KDF algorithms.
** libgnutls: Added new callback gnutls_keylog_func that enables a custom
logging functionality.
** libgnutls: Added support for non-null terminated usernames in PSK
negotiation.
** gnutls-cli-debug: Improved support for old servers that only support
SSL 3.0.
** API and ABI modifications:
gnutls_hkdf_extract: Added
gnutls_hkdf_expand: Added
gnutls_pbkdf2: Added
gnutls_session_get_keylog_function: Added
gnutls_session_set_keylog_function: Added
gnutls_prf_hash_get: Added
gnutls_psk_server_get_username2: Added
gnutls_psk_set_client_credentials2: Added
gnutls_psk_set_client_credentials_function2: Added
gnutls_psk_set_server_credentials_function2: Added
---
Module Name: pkgsrc
Committed By: nikita
Date: Thu May 14 14:30:02 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk
Added Files:
pkgsrc/security/gnutls: PLIST.guile
Log Message:
security/gnutls: revbump, add support for building guile bindings
---
Module Name: pkgsrc
Committed By: leot
Date: Mon Jun 8 19:48:14 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
gnutls: Update to 3.6.14
Changes:
3.6.14
------
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011).
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008).
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Added several improvements on Windows Vista and later releases
(!1257, !1254, !1256). Most notably the system random number generator now
uses Windows BCrypt* API if available (!1255).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
security/gnutls: security fix
Revisions pulled up:
- security/gnutls/Makefile 1.210-1.213
- security/gnutls/PLIST 1.70-1.71
- security/gnutls/PLIST.guile 1.1
- security/gnutls/buildlink3.mk 1.37
- security/gnutls/distinfo 1.143-1.144
- security/gnutls/options.mk 1.3
- security/gnutls/patches/patch-configure 1.5
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 1 08:24:07 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-configure
Log Message:
gnutls: updated to 3.6.13
Version 3.6.13:
** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
The DTLS client would not contribute any randomness to the DTLS negotiation,
breaking the security guarantees of the DTLS protocol
[GNUTLS-SA-2020-03-31, CVSS: high]
** libgnutls: Added new APIs to access KDF algorithms.
** libgnutls: Added new callback gnutls_keylog_func that enables a custom
logging functionality.
** libgnutls: Added support for non-null terminated usernames in PSK
negotiation.
** gnutls-cli-debug: Improved support for old servers that only support
SSL 3.0.
** API and ABI modifications:
gnutls_hkdf_extract: Added
gnutls_hkdf_expand: Added
gnutls_pbkdf2: Added
gnutls_session_get_keylog_function: Added
gnutls_session_set_keylog_function: Added
gnutls_prf_hash_get: Added
gnutls_psk_server_get_username2: Added
gnutls_psk_set_client_credentials2: Added
gnutls_psk_set_client_credentials_function2: Added
gnutls_psk_set_server_credentials_function2: Added
---
Module Name: pkgsrc
Committed By: nikita
Date: Thu May 14 14:30:02 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile buildlink3.mk options.mk
Added Files:
pkgsrc/security/gnutls: PLIST.guile
Log Message:
security/gnutls: revbump, add support for building guile bindings
---
Module Name: pkgsrc
Committed By: leot
Date: Mon Jun 8 19:48:14 UTC 2020
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
gnutls: Update to 3.6.14
Changes:
3.6.14
------
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011).
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008).
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Added several improvements on Windows Vista and later releases
(!1257, !1254, !1256). Most notably the system random number generator now
uses Windows BCrypt* API if available (!1255).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/mail/sympa/Makefile@1.74.2.1
/
diff
pkgsrc/mail/sympa/PLIST@1.15.6.1 / diff
pkgsrc/mail/sympa/distinfo@1.19.6.1 / diff
pkgsrc/mail/sympa/patches/patch-aa@1.9.6.1 / diff
pkgsrc/mail/sympa/patches/patch-ab@1.7.16.1 / diff
pkgsrc/mail/sympa/patches/patch-ac@1.5.6.1 / diff
pkgsrc/mail/sympa/PLIST@1.15.6.1 / diff
pkgsrc/mail/sympa/distinfo@1.19.6.1 / diff
pkgsrc/mail/sympa/patches/patch-aa@1.9.6.1 / diff
pkgsrc/mail/sympa/patches/patch-ab@1.7.16.1 / diff
pkgsrc/mail/sympa/patches/patch-ac@1.5.6.1 / diff
Pullup ticket #6218 - requested by bouyer
mail/sympa: security fix
Revisions pulled up:
- mail/sympa/Makefile 1.75-1.76
- mail/sympa/PLIST 1.16-1.17
- mail/sympa/distinfo 1.20-1.21
- mail/sympa/patches/patch-aa 1.10
- mail/sympa/patches/patch-ab 1.8
- mail/sympa/patches/patch-ac 1.6
---
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Apr 27 17:57:52 UTC 2020
Modified Files:
pkgsrc/mail/sympa: Makefile PLIST distinfo
pkgsrc/mail/sympa/patches: patch-aa patch-ab patch-ac
Log Message:
Update to 6.2.54. Main changes since 6.2.16:
* Security and bug fixes
* more translations
* Some scenarios and list creation templates for "intranet" use cases were
made optional: They have been moved into samples/
https://github.com/sympa-community/sympa/issues/119
See also "upgrading notes" (https://sympa-community.github.io/manual/upgrade/notes.html#from-version-prior-to-6250)
for details.
* Hide full email addresses in archives
* Button for full export of subscribers
* Admin function to bulk unsubscribe
* Delete my account" button
* ARC support (Authenticated Received Chain).
---
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Jun 1 21:46:25 UTC 2020
Modified Files:
pkgsrc/mail/sympa: Makefile PLIST distinfo
Log Message:
Update to 6.2.56. Changes since 6.2.54:
Security fix for https://sympa-community.github.io/security/2020-002.html
Translation updates
mail/sympa: security fix
Revisions pulled up:
- mail/sympa/Makefile 1.75-1.76
- mail/sympa/PLIST 1.16-1.17
- mail/sympa/distinfo 1.20-1.21
- mail/sympa/patches/patch-aa 1.10
- mail/sympa/patches/patch-ab 1.8
- mail/sympa/patches/patch-ac 1.6
---
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Apr 27 17:57:52 UTC 2020
Modified Files:
pkgsrc/mail/sympa: Makefile PLIST distinfo
pkgsrc/mail/sympa/patches: patch-aa patch-ab patch-ac
Log Message:
Update to 6.2.54. Main changes since 6.2.16:
* Security and bug fixes
* more translations
* Some scenarios and list creation templates for "intranet" use cases were
made optional: They have been moved into samples/
https://github.com/sympa-community/sympa/issues/119
See also "upgrading notes" (https://sympa-community.github.io/manual/upgrade/notes.html#from-version-prior-to-6250)
for details.
* Hide full email addresses in archives
* Button for full export of subscribers
* Admin function to bulk unsubscribe
* Delete my account" button
* ARC support (Authenticated Received Chain).
---
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Jun 1 21:46:25 UTC 2020
Modified Files:
pkgsrc/mail/sympa: Makefile PLIST distinfo
Log Message:
Update to 6.2.56. Changes since 6.2.54:
Security fix for https://sympa-community.github.io/security/2020-002.html
Translation updates
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/mail/roundcube-plugin-password/distinfo@1.17.2.4
/
diff
pkgsrc/mail/roundcube/Makefile@1.92.2.1 / diff
pkgsrc/mail/roundcube/Makefile.common@1.16.2.2 / diff
pkgsrc/mail/roundcube/distinfo@1.66.2.3 / diff
pkgsrc/mail/roundcube/options.mk@1.16.14.1 / diff
pkgsrc/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php@1.3.2.2 / diff
pkgsrc/mail/roundcube/patches/patch-rcube_mime_default deleted
pkgsrc/mail/roundcube/Makefile@1.92.2.1 / diff
pkgsrc/mail/roundcube/Makefile.common@1.16.2.2 / diff
pkgsrc/mail/roundcube/distinfo@1.66.2.3 / diff
pkgsrc/mail/roundcube/options.mk@1.16.14.1 / diff
pkgsrc/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php@1.3.2.2 / diff
pkgsrc/mail/roundcube/patches/patch-rcube_mime_default deleted
Pullup ticket #6231 - requested by taca
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.18-1.19
- mail/roundcube/Makefile 1.93
- mail/roundcube/Makefile.common 1.18-1.19
- mail/roundcube/distinfo 1.69-1.70
- mail/roundcube/options.mk 1.17
- mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php 1.3
- mail/roundcube/patches/patch-rcube_mime_default deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 7 22:07:04 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile Makefile.common distinfo options.mk
Added Files:
pkgsrc/mail/roundcube/patches:
patch-program_lib_Roundcube_rcube__mime.php
Removed Files:
pkgsrc/mail/roundcube/patches: patch-rcube_mime_default
Log Message:
mail/roundcube: update to 1.4.5
Update roundcube to 1.4.5, including some security fixes.
pkgsrc change:
* Proper replace PHP interpreter.
* Fix php-sockets option to work.
RELEASE 1.4.5
-------------
- Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364)
- Fix so the database setup description is compatible with MySQL 8 (#7340)
- Markasjunk: Fix regression in jsevent driver (#7361)
- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
- Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
- Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
- Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
- Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392)
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Better fix for CVE-2020-12641
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 7 22:08:37 UTC 2020
Modified Files:
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.4.5
Update roundcube-plugin-password to 1.4.5
RELEASE 1.4.5
-------------
- Password: Fix issue with Modoboa driver (#7372)
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jun 9 00:25:19 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.14.6
Update roundcube to 1.14.6.
RELEASE 1.4.6
-------------
- Installer: Fix regression in SMTP test section (#7417)
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.18-1.19
- mail/roundcube/Makefile 1.93
- mail/roundcube/Makefile.common 1.18-1.19
- mail/roundcube/distinfo 1.69-1.70
- mail/roundcube/options.mk 1.17
- mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php 1.3
- mail/roundcube/patches/patch-rcube_mime_default deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 7 22:07:04 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile Makefile.common distinfo options.mk
Added Files:
pkgsrc/mail/roundcube/patches:
patch-program_lib_Roundcube_rcube__mime.php
Removed Files:
pkgsrc/mail/roundcube/patches: patch-rcube_mime_default
Log Message:
mail/roundcube: update to 1.4.5
Update roundcube to 1.4.5, including some security fixes.
pkgsrc change:
* Proper replace PHP interpreter.
* Fix php-sockets option to work.
RELEASE 1.4.5
-------------
- Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364)
- Fix so the database setup description is compatible with MySQL 8 (#7340)
- Markasjunk: Fix regression in jsevent driver (#7361)
- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
- Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
- Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
- Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
- Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392)
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Better fix for CVE-2020-12641
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 7 22:08:37 UTC 2020
Modified Files:
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.4.5
Update roundcube-plugin-password to 1.4.5
RELEASE 1.4.5
-------------
- Password: Fix issue with Modoboa driver (#7372)
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jun 9 00:25:19 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.14.6
Update roundcube to 1.14.6.
RELEASE 1.4.6
-------------
- Installer: Fix regression in SMTP test section (#7417)
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6227
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/net/powerdns/Makefile.common@1.28.2.1
/
diff
pkgsrc/net/powerdns/distinfo@1.38.2.1 / diff
pkgsrc/net/powerdns/patches/patch-pdns_iputils.hh deleted
pkgsrc/net/powerdns/distinfo@1.38.2.1 / diff
pkgsrc/net/powerdns/patches/patch-pdns_iputils.hh deleted
Pullup ticket #6227 - requested by otis
net/powerdns: bugfixes
Revisions pulled up:
- net/powerdns/Makefile 1.55
- net/powerdns/Makefile.common 1.29
- net/powerdns/distinfo 1.40
- net/powerdns/patches/patch-pdns_iputils.hh deleted
---
Module Name: pkgsrc
Committed By: otis
Date: Sun Jun 7 18:55:13 UTC 2020
Modified Files:
pkgsrc/net/powerdns: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/net/powerdns/patches: patch-pdns_iputils.hh
Log Message:
net/powerdns: Update to 4.2.2
Changes since 4.2.1:
* Released:
- 9th of April 2020
* New Features:
- api: add includerings option to statistics endpoint
* Improvements:
- cache: strictly enforce maximum size, and improve cleanup routine
* Bug Fixes:
- fix records ending up in wrong packet section
- avoid IXFR-in corruption when deltas come in close together.
Please see the IXFR-in corruption upgrade notes
- fix out-of-bound access for zero length "serialized" string when
using lmdbbackend.
- bind backend: pthread_mutex_t should be inited and destroyed and not be copied
* Reference:
- https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.2
net/powerdns: bugfixes
Revisions pulled up:
- net/powerdns/Makefile 1.55
- net/powerdns/Makefile.common 1.29
- net/powerdns/distinfo 1.40
- net/powerdns/patches/patch-pdns_iputils.hh deleted
---
Module Name: pkgsrc
Committed By: otis
Date: Sun Jun 7 18:55:13 UTC 2020
Modified Files:
pkgsrc/net/powerdns: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/net/powerdns/patches: patch-pdns_iputils.hh
Log Message:
net/powerdns: Update to 4.2.2
Changes since 4.2.1:
* Released:
- 9th of April 2020
* New Features:
- api: add includerings option to statistics endpoint
* Improvements:
- cache: strictly enforce maximum size, and improve cleanup routine
* Bug Fixes:
- fix records ending up in wrong packet section
- avoid IXFR-in corruption when deltas come in close together.
Please see the IXFR-in corruption upgrade notes
- fix out-of-bound access for zero length "serialized" string when
using lmdbbackend.
- bind backend: pthread_mutex_t should be inited and destroyed and not be copied
* Reference:
- https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.2
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/ruby-em-http-request/Makefile@1.4.8.1
/
diff
pkgsrc/www/ruby-em-http-request/PLIST@1.4.8.1 / diff
pkgsrc/www/ruby-em-http-request/distinfo@1.5.8.1 / diff
pkgsrc/www/ruby-em-http-request/PLIST@1.4.8.1 / diff
pkgsrc/www/ruby-em-http-request/distinfo@1.5.8.1 / diff
Pullup ticket #6224 - requested by taca
www/ruby-em-http-request: security fix
Revisions pulled up:
- www/ruby-em-http-request/Makefile 1.5
- www/ruby-em-http-request/PLIST 1.5
- www/ruby-em-http-request/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jun 2 13:46:43 UTC 2020
Modified Files:
pkgsrc/www/ruby-em-http-request: Makefile PLIST distinfo
Log Message:
www/ruby-em-http-request: update to 1.1.6
Update ruby-em-http-request to 1.1.6.
1.1.6 (2020-06-02)
- Merge TLS verification patch from Faraday (CVE-2020-13482)
- IPv6 literal support
www/ruby-em-http-request: security fix
Revisions pulled up:
- www/ruby-em-http-request/Makefile 1.5
- www/ruby-em-http-request/PLIST 1.5
- www/ruby-em-http-request/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jun 2 13:46:43 UTC 2020
Modified Files:
pkgsrc/www/ruby-em-http-request: Makefile PLIST distinfo
Log Message:
www/ruby-em-http-request: update to 1.1.6
Update ruby-em-http-request to 1.1.6.
1.1.6 (2020-06-02)
- Merge TLS verification patch from Faraday (CVE-2020-13482)
- IPv6 literal support
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6223 - requested by taca
www/ruby-puma: security fix
Revisions pulled up:
- www/ruby-puma/Makefile 1.23
- www/ruby-puma/distinfo 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 24 13:47:49 UTC 2020
Modified Files:
pkgsrc/www/ruby-puma: Makefile distinfo
Log Message:
www/ruby-puma: update to 4.3.5
Update ruby-puma to 4.3.5.
4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22
Each patchlevel release contains a separate security fix. We recommend
simply upgrading to 4.3.5/3.12.6.
* Security
Fix: Fixed two separate HTTP smuggling vulnerabilities that used the
Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.
www/ruby-puma: security fix
Revisions pulled up:
- www/ruby-puma/Makefile 1.23
- www/ruby-puma/distinfo 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 24 13:47:49 UTC 2020
Modified Files:
pkgsrc/www/ruby-puma: Makefile distinfo
Log Message:
www/ruby-puma: update to 4.3.5
Update ruby-puma to 4.3.5.
4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22
Each patchlevel release contains a separate security fix. We recommend
simply upgrading to 4.3.5/3.12.6.
* Security
Fix: Fixed two separate HTTP smuggling vulnerabilities that used the
Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/firefox68-l10n/Makefile@1.10.2.4
/
diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.4 / diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.4 / diff
Pullup ticket #6221 - requested by nia
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.14
- www/firefox68-l10n/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jun 3 13:05:58 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: sync with firefox68
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.14
- www/firefox68-l10n/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jun 3 13:05:58 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: sync with firefox68
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/firefox68/Makefile@1.15.2.4
/
diff
pkgsrc/www/firefox68/distinfo@1.11.2.4 / diff
pkgsrc/www/firefox68/patches/patch-build_moz.configure_rust.configure@1.1.2.2 / diff
pkgsrc/www/firefox68/distinfo@1.11.2.4 / diff
pkgsrc/www/firefox68/patches/patch-build_moz.configure_rust.configure@1.1.2.2 / diff
Pullup ticket #6220 - requested by nia
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.22
- www/firefox68/distinfo 1.16
- www/firefox68/patches/patch-build_moz.configure_rust.configure 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jun 3 13:00:24 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Added Files:
pkgsrc/www/firefox68/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox68: Update to 68.9.0
Security Vulnerabilities fixed in Firefox ESR 68.9
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.22
- www/firefox68/distinfo 1.16
- www/firefox68/patches/patch-build_moz.configure_rust.configure 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Jun 3 13:00:24 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Added Files:
pkgsrc/www/firefox68/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox68: Update to 68.9.0
Security Vulnerabilities fixed in Firefox ESR 68.9
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
#CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/drupal8/Makefile@1.30.2.2
/
diff
pkgsrc/www/drupal8/PLIST@1.24.2.2 / diff
pkgsrc/www/drupal8/distinfo@1.26.2.2 / diff
pkgsrc/www/drupal8/PLIST@1.24.2.2 / diff
pkgsrc/www/drupal8/distinfo@1.26.2.2 / diff
Pullup ticket #6216 - requested by taca
www/drupal8: security fix
Revisions pulled up:
- www/drupal8/Makefile 1.32-1.33
- www/drupal8/PLIST 1.26
- www/drupal8/distinfo 1.28
---
Module Name: pkgsrc
Committed By: rillig
Date: Sat May 2 13:40:18 UTC 2020
Modified Files:
pkgsrc/www/drupal8: Makefile
Log Message:
www/drupal8: remove SUBST block for nonexistent file
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 20 16:31:27 UTC 2020
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.7.14
Update drupal8 to 8.7.14.
8.7.14 (2020-05-20) -- Security update
View usage statistics for this release
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Third-party library - SA-CORE-2020-002
No other fixes are included.
www/drupal8: security fix
Revisions pulled up:
- www/drupal8/Makefile 1.32-1.33
- www/drupal8/PLIST 1.26
- www/drupal8/distinfo 1.28
---
Module Name: pkgsrc
Committed By: rillig
Date: Sat May 2 13:40:18 UTC 2020
Modified Files:
pkgsrc/www/drupal8: Makefile
Log Message:
www/drupal8: remove SUBST block for nonexistent file
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 20 16:31:27 UTC 2020
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.7.14
Update drupal8 to 8.7.14.
8.7.14 (2020-05-20) -- Security update
View usage statistics for this release
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Third-party library - SA-CORE-2020-002
No other fixes are included.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/drupal7/Makefile@1.63.2.1
/
diff
pkgsrc/www/drupal7/PLIST@1.24.2.1 / diff
pkgsrc/www/drupal7/distinfo@1.48.2.1 / diff
pkgsrc/www/drupal7/PLIST@1.24.2.1 / diff
pkgsrc/www/drupal7/distinfo@1.48.2.1 / diff
Pullup ticket #6215 - requested by taca
www/drupal7: security fix
Revisions pulled up:
- www/drupal7/Makefile 1.64
- www/drupal7/PLIST 1.25
- www/drupal7/distinfo 1.49
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 20 16:22:15 UTC 2020
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.70
Update drupal7 to 7.70.
Drupal 7.70, 2020-05-19
-----------------------
- Fixed security issues:
- SA-CORE-2020-002
- SA-CORE-2020-003
www/drupal7: security fix
Revisions pulled up:
- www/drupal7/Makefile 1.64
- www/drupal7/PLIST 1.25
- www/drupal7/distinfo 1.49
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 20 16:22:15 UTC 2020
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.70
Update drupal7 to 7.70.
Drupal 7.70, 2020-05-19
-----------------------
- Fixed security issues:
- SA-CORE-2020-002
- SA-CORE-2020-003
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/databases/ruby-activerecord60/PLIST@1.1.2.1
/
diff
pkgsrc/databases/ruby-activerecord60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activejob60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.1.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.83.2.2 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.1.2.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.1.2.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.1.2.1 / diff
pkgsrc/databases/ruby-activerecord60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activejob60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.1.2.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.1.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.83.2.2 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.1.2.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.1.2.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.1.2.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.1.2.1 / diff
Pullup ticket #6214 - requested by taca
www/ruby-rails60: security fix
Revisions pulled up:
- databases/ruby-activerecord60/PLIST 1.2
- databases/ruby-activerecord60/distinfo 1.2-1.3
- devel/ruby-activejob60/distinfo 1.2-1.3
- devel/ruby-activemodel60/distinfo 1.2-1.3
- devel/ruby-activestorage60/distinfo 1.2-1.3
- devel/ruby-activesupport60/distinfo 1.2-1.3
- devel/ruby-railties60/distinfo 1.2-1.3
- mail/ruby-actionmailbox60/distinfo 1.2-1.3
- mail/ruby-actionmailer60/distinfo 1.2-1.3
- textproc/ruby-actiontext60/distinfo 1.2-1.3
- www/ruby-actioncable60/distinfo 1.2-1.3
- www/ruby-actionpack60/distinfo 1.2-1.3
- www/ruby-actionview60/distinfo 1.2-1.3
- www/ruby-rails60/distinfo 1.2-1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:15:25 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.3
Update ruby-activesupport60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* `Array#to_sentence` no longer returns a frozen string.
Before:
['one', 'two'].to_sentence.frozen?
# => true
After:
['one', 'two'].to_sentence.frozen?
# => false
*Nicolas Dular*
* Update `ActiveSupport::Messages::Metadata#fresh?` to work for cookies with expiry set when
`ActiveSupport.parse_json_times = true`.
*Christian Gregg*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:16:16 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel60: distinfo
Log Message:
devel/ruby-activemodel60: updat to 6.0.3
Update ruby-activemodel60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:16:55 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob60: distinfo
Log Message:
devel/ruby-activejob60: update to 6.0.3
Update ruby-activejob60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* While using `perform_enqueued_jobs` test helper enqueued jobs must be stored for the later check with
`assert_enqueued_with`.
*Dmitry Polushkin*
* Add queue name support to Que adapter
*Brad Nauta*, *Wojciech Wnętrzak*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:17:34 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.3
Update ruby-actionview60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* annotated_source_code returns an empty array so TemplateErrors without a
template in the backtrace are surfaced properly by DebugExceptions.
*Guilherme Mansur*, *Kasper Timm Hansen*
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
*Guilherme Mansur*, *Gannon McGibbon*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:18:09 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.3
Update ruby-actionpack60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Include child session assertion count in ActionDispatch::IntegrationTest
`IntegrationTest#open_session` uses `dup` to create the new session, which
meant it had its own copy of `@assertions`. This prevented the assertions
from being correctly counted and reported.
Child sessions now have their `attr_accessor` overriden to delegate to the
root session.
Fixes #32142
*Sam Bostock*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:18:56 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: PLIST distinfo
Log Message:
databases/ruby-activerecord60: update to 6.0.3
Update ruby-activerecord60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Recommend applications don't use the `database` kwarg in `connected_to`
The database kwarg in `connected_to` was meant to be used for one-off scripts but is often used in requests. This is really dangerous because it re-establishes a connection every time. It's deprecated in 6.1 and will be removed in 6.2 without replacement. This change soft deprecates it in 6.0 by removing documentation.
*Eileen M. Uchitelle*
* Fix support for PostgreSQL 11+ partitioned indexes.
*Sebastián Palma*
* Add support for beginless ranges, introduced in Ruby 2.7.
*Josh Goodall*
* Fix insert_all with enum values
Fixes #38716.
*Joel Blum*
* Regexp-escape table name for MS SQL
Add `Regexp.escape` to one method in ActiveRecord, so that table names with regular expression characters in them work as expected. Since MS SQL Server uses "[" and "]" to quote table and column names, and those characters are regular expression characters, methods like `pluck` and `select` fail in certain cases when used with the MS SQL Server adapter.
*Larry Reid*
* Store advisory locks on their own named connection.
Previously advisory locks were taken out against a connection when a migration started. This works fine in single database applications but doesn't work well when migrations need to open new connections which results in the lock getting dropped.
In order to fix this we are storing the advisory lock on a new connection with the connection specification name `AdisoryLockBase`. The caveat is that we need to maintain at least 2 connections to a database while migrations are running in order to do this.
*Eileen M. Uchitelle*, *John Crepezzi*
* Ensure `:reading` connections always raise if a write is attempted.
Now Rails will raise an `ActiveRecord::ReadOnlyError` if any connection on the reading handler attempts to make a write. If your reading role needs to write you should name the role something other than `:reading`.
*Eileen M. Uchitelle*
* Enforce fresh ETag header after a collection's contents change by adding
ActiveRecord::Relation#cache_key_with_version. This method will be used by
ActionController::ConditionalGet to ensure that when collection cache versioning
is enabled, requests using ConditionalGet don't return the same ETag header
after a collection is modified. Fixes #38078.
*Aaron Lipman*
* A database URL can now contain a querystring value that contains an equal sign. This is needed to support passing PostgresSQL `options`.
*Joshua Flanagan*
* Retain explicit selections on the base model after applying `includes` and `joins`.
Resolves #34889.
*Patrick Rebsch*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:20:09 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer60: distinfo
Log Message:
mail/ruby-actionmailer60: update to 6.0.3
Update ruby-actionmailer60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:20:46 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailbox60: distinfo
Log Message:
mail/ruby-actionmailbox60: update to 6.0.3
Update ruby-actionmailbox60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Update Mandrill inbound email route to respond appropriately to HEAD requests for URL health checks from Mandrill.
*Bill Cromie*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:21:24 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable60: distinfo
Log Message:
www/ruby-actioncable60: update to 6.0.3
Update to ruby-actioncable60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:22:16 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties60: distinfo
Log Message:
devel/ruby-railties60: update to 6.0.3
Update ruby-railties60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Cache compiled view templates when running tests by default
When generating a new app without `--skip-spring`, caching classes is
disabled in `environments/test.rb`. This implicitly disables caching
view templates too. This change will enable view template caching by
adding this to the generated `environments/test.rb`:
````ruby
config.action_view.cache_template_loading = true
````
*Jorge Manrubia*
* `Rails::Application#eager_load!` is available again to load application code
manually as it was possible in previous versions.
Please, note this is not integrated with the whole eager loading logic that
runs when Rails boots with eager loading enabled, you can think of this
method as a vanilla recursive code loader.
This ability has been restored because there are some use cases for it, such
as indexers that need to have all application classes and modules in memory.
*Xavier Noria*
* Generators that inherit from NamedBase respect `--force` option
*Josh Brody*
* Regression fix: The Rake task `zeitwerk:check` supports eager loaded
namespaces which do not have eager load paths, like the recently added
`i18n`. These namespaces are only required to respond to `eager_load!`.
*Xavier Noria*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:22:55 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage60: distinfo
Log Message:
devel/ruby-activestorage60: update to 6.0.3
Update ruby-activestorage60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:23:36 UTC 2020
Modified Files:
pkgsrc/textproc/ruby-actiontext60: distinfo
Log Message:
textproc/ruby-actiontext60: update to 6.0.3
Update ruby-actiontext60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:24:28 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.3
Finally, update ruby-rails60 to 6.0.3.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:10:27 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.3.1
Update ruby-activesupport60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:11:10 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel60: distinfo
Log Message:
devel/ruby-activemodel60: update to 6.0.3.1
Update ruby-activemodel60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:11:43 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob60: distinfo
Log Message:
devel/ruby-activejob60: update to 6.0.3.1
Update ruby-activejob60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:12:16 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.3.1
Update ruby-actionview60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:12:50 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.3.1
Update ruby-actionpack60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:13:24 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
Log Message:
databases/ruby-activerecord60: update to 6.0.3.1
Update ruby-activerecord60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:14:04 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer60: distinfo
Log Message:
mail/ruby-actionmailer60: update to 6.0.3.1
Update ruby-actionmailer60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:14:41 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailbox60: distinfo
Log Message:
mail/ruby-actionmailbox60: update to 6.0.3.1
Update ruby-actionmailbox60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:15:14 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable60: distinfo
Log Message:
www/ruby-actioncable60: update to 6.0.3.1
Update ruby-actioncable60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:15:47 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties60: distinfo
Log Message:
devel/ruby-railties60: update to 6.0.3.1
Update ruby-railties60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:16:26 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage60: distinfo
Log Message:
devel/ruby-activestorage60: update to 6.0.3.1
Update ruby-activestorage60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:17:01 UTC 2020
Modified Files:
pkgsrc/textproc/ruby-actiontext60: distinfo
Log Message:
textproc/ruby-actiontext60: update to 6.0.3.1
Update ruby-actiontext60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:17:45 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.3.1.
Finally, update ruby-rails60 to 6.0.3.1.
www/ruby-rails60: security fix
Revisions pulled up:
- databases/ruby-activerecord60/PLIST 1.2
- databases/ruby-activerecord60/distinfo 1.2-1.3
- devel/ruby-activejob60/distinfo 1.2-1.3
- devel/ruby-activemodel60/distinfo 1.2-1.3
- devel/ruby-activestorage60/distinfo 1.2-1.3
- devel/ruby-activesupport60/distinfo 1.2-1.3
- devel/ruby-railties60/distinfo 1.2-1.3
- mail/ruby-actionmailbox60/distinfo 1.2-1.3
- mail/ruby-actionmailer60/distinfo 1.2-1.3
- textproc/ruby-actiontext60/distinfo 1.2-1.3
- www/ruby-actioncable60/distinfo 1.2-1.3
- www/ruby-actionpack60/distinfo 1.2-1.3
- www/ruby-actionview60/distinfo 1.2-1.3
- www/ruby-rails60/distinfo 1.2-1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:15:25 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.3
Update ruby-activesupport60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* `Array#to_sentence` no longer returns a frozen string.
Before:
['one', 'two'].to_sentence.frozen?
# => true
After:
['one', 'two'].to_sentence.frozen?
# => false
*Nicolas Dular*
* Update `ActiveSupport::Messages::Metadata#fresh?` to work for cookies with expiry set when
`ActiveSupport.parse_json_times = true`.
*Christian Gregg*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:16:16 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel60: distinfo
Log Message:
devel/ruby-activemodel60: updat to 6.0.3
Update ruby-activemodel60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:16:55 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob60: distinfo
Log Message:
devel/ruby-activejob60: update to 6.0.3
Update ruby-activejob60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* While using `perform_enqueued_jobs` test helper enqueued jobs must be stored for the later check with
`assert_enqueued_with`.
*Dmitry Polushkin*
* Add queue name support to Que adapter
*Brad Nauta*, *Wojciech Wnętrzak*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:17:34 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.3
Update ruby-actionview60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* annotated_source_code returns an empty array so TemplateErrors without a
template in the backtrace are surfaced properly by DebugExceptions.
*Guilherme Mansur*, *Kasper Timm Hansen*
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
*Guilherme Mansur*, *Gannon McGibbon*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:18:09 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.3
Update ruby-actionpack60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Include child session assertion count in ActionDispatch::IntegrationTest
`IntegrationTest#open_session` uses `dup` to create the new session, which
meant it had its own copy of `@assertions`. This prevented the assertions
from being correctly counted and reported.
Child sessions now have their `attr_accessor` overriden to delegate to the
root session.
Fixes #32142
*Sam Bostock*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:18:56 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: PLIST distinfo
Log Message:
databases/ruby-activerecord60: update to 6.0.3
Update ruby-activerecord60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Recommend applications don't use the `database` kwarg in `connected_to`
The database kwarg in `connected_to` was meant to be used for one-off scripts but is often used in requests. This is really dangerous because it re-establishes a connection every time. It's deprecated in 6.1 and will be removed in 6.2 without replacement. This change soft deprecates it in 6.0 by removing documentation.
*Eileen M. Uchitelle*
* Fix support for PostgreSQL 11+ partitioned indexes.
*Sebastián Palma*
* Add support for beginless ranges, introduced in Ruby 2.7.
*Josh Goodall*
* Fix insert_all with enum values
Fixes #38716.
*Joel Blum*
* Regexp-escape table name for MS SQL
Add `Regexp.escape` to one method in ActiveRecord, so that table names with regular expression characters in them work as expected. Since MS SQL Server uses "[" and "]" to quote table and column names, and those characters are regular expression characters, methods like `pluck` and `select` fail in certain cases when used with the MS SQL Server adapter.
*Larry Reid*
* Store advisory locks on their own named connection.
Previously advisory locks were taken out against a connection when a migration started. This works fine in single database applications but doesn't work well when migrations need to open new connections which results in the lock getting dropped.
In order to fix this we are storing the advisory lock on a new connection with the connection specification name `AdisoryLockBase`. The caveat is that we need to maintain at least 2 connections to a database while migrations are running in order to do this.
*Eileen M. Uchitelle*, *John Crepezzi*
* Ensure `:reading` connections always raise if a write is attempted.
Now Rails will raise an `ActiveRecord::ReadOnlyError` if any connection on the reading handler attempts to make a write. If your reading role needs to write you should name the role something other than `:reading`.
*Eileen M. Uchitelle*
* Enforce fresh ETag header after a collection's contents change by adding
ActiveRecord::Relation#cache_key_with_version. This method will be used by
ActionController::ConditionalGet to ensure that when collection cache versioning
is enabled, requests using ConditionalGet don't return the same ETag header
after a collection is modified. Fixes #38078.
*Aaron Lipman*
* A database URL can now contain a querystring value that contains an equal sign. This is needed to support passing PostgresSQL `options`.
*Joshua Flanagan*
* Retain explicit selections on the base model after applying `includes` and `joins`.
Resolves #34889.
*Patrick Rebsch*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:20:09 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer60: distinfo
Log Message:
mail/ruby-actionmailer60: update to 6.0.3
Update ruby-actionmailer60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:20:46 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailbox60: distinfo
Log Message:
mail/ruby-actionmailbox60: update to 6.0.3
Update ruby-actionmailbox60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Update Mandrill inbound email route to respond appropriately to HEAD requests for URL health checks from Mandrill.
*Bill Cromie*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:21:24 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable60: distinfo
Log Message:
www/ruby-actioncable60: update to 6.0.3
Update to ruby-actioncable60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:22:16 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties60: distinfo
Log Message:
devel/ruby-railties60: update to 6.0.3
Update ruby-railties60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Cache compiled view templates when running tests by default
When generating a new app without `--skip-spring`, caching classes is
disabled in `environments/test.rb`. This implicitly disables caching
view templates too. This change will enable view template caching by
adding this to the generated `environments/test.rb`:
````ruby
config.action_view.cache_template_loading = true
````
*Jorge Manrubia*
* `Rails::Application#eager_load!` is available again to load application code
manually as it was possible in previous versions.
Please, note this is not integrated with the whole eager loading logic that
runs when Rails boots with eager loading enabled, you can think of this
method as a vanilla recursive code loader.
This ability has been restored because there are some use cases for it, such
as indexers that need to have all application classes and modules in memory.
*Xavier Noria*
* Generators that inherit from NamedBase respect `--force` option
*Josh Brody*
* Regression fix: The Rake task `zeitwerk:check` supports eager loaded
namespaces which do not have eager load paths, like the recently added
`i18n`. These namespaces are only required to respond to `eager_load!`.
*Xavier Noria*
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:22:55 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage60: distinfo
Log Message:
devel/ruby-activestorage60: update to 6.0.3
Update ruby-activestorage60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:23:36 UTC 2020
Modified Files:
pkgsrc/textproc/ruby-actiontext60: distinfo
Log Message:
textproc/ruby-actiontext60: update to 6.0.3
Update ruby-actiontext60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 16 14:24:28 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.3
Finally, update ruby-rails60 to 6.0.3.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:10:27 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.3.1
Update ruby-activesupport60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:11:10 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel60: distinfo
Log Message:
devel/ruby-activemodel60: update to 6.0.3.1
Update ruby-activemodel60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:11:43 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob60: distinfo
Log Message:
devel/ruby-activejob60: update to 6.0.3.1
Update ruby-activejob60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:12:16 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.3.1
Update ruby-actionview60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:12:50 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.3.1
Update ruby-actionpack60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:13:24 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
Log Message:
databases/ruby-activerecord60: update to 6.0.3.1
Update ruby-activerecord60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:14:04 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer60: distinfo
Log Message:
mail/ruby-actionmailer60: update to 6.0.3.1
Update ruby-actionmailer60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:14:41 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailbox60: distinfo
Log Message:
mail/ruby-actionmailbox60: update to 6.0.3.1
Update ruby-actionmailbox60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:15:14 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable60: distinfo
Log Message:
www/ruby-actioncable60: update to 6.0.3.1
Update ruby-actioncable60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:15:47 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties60: distinfo
Log Message:
devel/ruby-railties60: update to 6.0.3.1
Update ruby-railties60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:16:26 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage60: distinfo
Log Message:
devel/ruby-activestorage60: update to 6.0.3.1
Update ruby-activestorage60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:17:01 UTC 2020
Modified Files:
pkgsrc/textproc/ruby-actiontext60: distinfo
Log Message:
textproc/ruby-actiontext60: update to 6.0.3.1
Update ruby-actiontext60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 17:17:45 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.3.1.
Finally, update ruby-rails60 to 6.0.3.1.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/databases/ruby-activerecord52/distinfo@1.3.2.1
/
diff
pkgsrc/devel/ruby-activejob52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activemodel52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activestorage52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activesupport52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-railties52/distinfo@1.3.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.83.2.1 / diff
pkgsrc/mail/ruby-actionmailer52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-actioncable52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-actionpack52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-actionview52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-rails52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activejob52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activemodel52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activestorage52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-activesupport52/distinfo@1.3.2.1 / diff
pkgsrc/devel/ruby-railties52/distinfo@1.3.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.83.2.1 / diff
pkgsrc/mail/ruby-actionmailer52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-actioncable52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-actionpack52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-actionview52/distinfo@1.3.2.1 / diff
pkgsrc/www/ruby-rails52/distinfo@1.3.2.1 / diff
Pullup ticket #6213 - requested by taca
www/ruby-rails52: security fix
Revisions pulled up:
- lang/ruby/rails.mk patch
- databases/ruby-activerecord52/distinfo 1.4
- devel/ruby-activejob52/distinfo 1.4
- devel/ruby-activemodel52/distinfo 1.4
- devel/ruby-activestorage52/distinfo 1.4
- devel/ruby-activesupport52/distinfo 1.4
- devel/ruby-railties52/distinfo 1.4
- mail/ruby-actionmailer52/distinfo 1.4
- www/ruby-actioncable52/distinfo 1.4
- www/ruby-actionpack52/distinfo 1.4
- www/ruby-actionview52/distinfo 1.4
- www/ruby-rails52/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:33:41 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport52: distinfo
Log Message:
devel/ruby-activesupport52: update to 5.2.4.3
Update ruby-activesupport52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:34:47 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel52: distinfo
Log Message:
devel/ruby-activemodel52: update to 5.2.4.3
Update ruby-activemodel52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:35:30 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob52: distinfo
Log Message:
devel/ruby-activejob52: update to 5.2.4.3
Update ruby-activejob52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:36:18 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview52: distinfo
Log Message:
www/ruby-actionview52: update to 5.2.4.3
Update ruby-actionview52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:36:58 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack52: distinfo
Log Message:
www/ruby-actionpack52: update to 5.2.4.3
Update ruby-actionpack52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:37:46 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable52: distinfo
Log Message:
www/ruby-actioncable52: update to 5.2.4.3
Update ruby-actioncable52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:38:35 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
Log Message:
databases/ruby-activerecord52: update to 5.2.4.3
Update ruby-activerecord52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:39:12 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage52: distinfo
Log Message:
devel/ruby-activestorage52: update to 5.2.4.3
Update ruby-activestorage52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:39:54 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer52: distinfo
Log Message:
mail/ruby-actionmailer52: update to 5.2.4.3
Update ruby-actionmailer52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:40:32 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties52: distinfo
Log Message:
devel/ruby-railties52: update to 5.2.4.3
Update ruby-railties52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:41:07 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.4.3
Finally, update ruby-rails52 to 5.2.4.3.
www/ruby-rails52: security fix
Revisions pulled up:
- lang/ruby/rails.mk patch
- databases/ruby-activerecord52/distinfo 1.4
- devel/ruby-activejob52/distinfo 1.4
- devel/ruby-activemodel52/distinfo 1.4
- devel/ruby-activestorage52/distinfo 1.4
- devel/ruby-activesupport52/distinfo 1.4
- devel/ruby-railties52/distinfo 1.4
- mail/ruby-actionmailer52/distinfo 1.4
- www/ruby-actioncable52/distinfo 1.4
- www/ruby-actionpack52/distinfo 1.4
- www/ruby-actionview52/distinfo 1.4
- www/ruby-rails52/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:33:41 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activesupport52: distinfo
Log Message:
devel/ruby-activesupport52: update to 5.2.4.3
Update ruby-activesupport52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:34:47 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activemodel52: distinfo
Log Message:
devel/ruby-activemodel52: update to 5.2.4.3
Update ruby-activemodel52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:35:30 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activejob52: distinfo
Log Message:
devel/ruby-activejob52: update to 5.2.4.3
Update ruby-activejob52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:36:18 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionview52: distinfo
Log Message:
www/ruby-actionview52: update to 5.2.4.3
Update ruby-actionview52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:36:58 UTC 2020
Modified Files:
pkgsrc/www/ruby-actionpack52: distinfo
Log Message:
www/ruby-actionpack52: update to 5.2.4.3
Update ruby-actionpack52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:37:46 UTC 2020
Modified Files:
pkgsrc/www/ruby-actioncable52: distinfo
Log Message:
www/ruby-actioncable52: update to 5.2.4.3
Update ruby-actioncable52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:38:35 UTC 2020
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
Log Message:
databases/ruby-activerecord52: update to 5.2.4.3
Update ruby-activerecord52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:39:12 UTC 2020
Modified Files:
pkgsrc/devel/ruby-activestorage52: distinfo
Log Message:
devel/ruby-activestorage52: update to 5.2.4.3
Update ruby-activestorage52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:39:54 UTC 2020
Modified Files:
pkgsrc/mail/ruby-actionmailer52: distinfo
Log Message:
mail/ruby-actionmailer52: update to 5.2.4.3
Update ruby-actionmailer52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:40:32 UTC 2020
Modified Files:
pkgsrc/devel/ruby-railties52: distinfo
Log Message:
devel/ruby-railties52: update to 5.2.4.3
Update ruby-railties52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 15:41:07 UTC 2020
Modified Files:
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.4.3
Finally, update ruby-rails52 to 5.2.4.3.
pkgsrc-2020Q1 commitmail json YAML
Mention last batch of pull-ups
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/audio/adplay/Makefile@1.3.2.1
/
diff
pkgsrc/audio/adplay/distinfo@1.1.4.1 / diff
pkgsrc/audio/adplay/patches/patch-configure@1.2.2.2 / diff
pkgsrc/audio/adplay/distinfo@1.1.4.1 / diff
pkgsrc/audio/adplay/patches/patch-configure@1.2.2.2 / diff
Pullup ticket #6212 - requested by nia
audio/adplay: dependent update
Revisions pulled up:
- audio/adplay/Makefile 1.4
- audio/adplay/distinfo 1.2
- audio/adplay/patches/patch-configure 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 21 21:00:49 UTC 2020
Modified Files:
pkgsrc/audio/adplay: Makefile distinfo
Added Files:
pkgsrc/audio/adplay/patches: patch-configure
Log Message:
adplay: Work around breakage caused by adplug-2.3.2
Pointed out by joerg
audio/adplay: dependent update
Revisions pulled up:
- audio/adplay/Makefile 1.4
- audio/adplay/distinfo 1.2
- audio/adplay/patches/patch-configure 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 21 21:00:49 UTC 2020
Modified Files:
pkgsrc/audio/adplay: Makefile distinfo
Added Files:
pkgsrc/audio/adplay/patches: patch-configure
Log Message:
adplay: Work around breakage caused by adplug-2.3.2
Pointed out by joerg
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/audio/adplug/Makefile@1.10.4.1
/
diff
pkgsrc/audio/adplug/PLIST@1.3.10.1 / diff
pkgsrc/audio/adplug/distinfo@1.7.10.1 / diff
pkgsrc/audio/adplug/PLIST@1.3.10.1 / diff
pkgsrc/audio/adplug/distinfo@1.7.10.1 / diff
Pullup ticket #6211 - requested by nia
audio/adplug: security fix
Revisions pulled up:
- audio/adplug/Makefile 1.11
- audio/adplug/PLIST 1.4
- audio/adplug/distinfo 1.8
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 21 13:39:55 UTC 2020
Modified Files:
pkgsrc/audio/adplug: Makefile PLIST distinfo
Log Message:
adplug: Update to 2.3.2
Changes for version 2.3.2:
--------------------------
- Bug fixes:
- FMOPL: Fix global variable pointer double-free (CVE-2018-17825)
- HERAD: Fix compilation on GCC 4.2.1
- ADL: Calling rewind() before update() causes access violation
- Move OPL reset/init code to rewind() for some players
audio/adplug: security fix
Revisions pulled up:
- audio/adplug/Makefile 1.11
- audio/adplug/PLIST 1.4
- audio/adplug/distinfo 1.8
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 21 13:39:55 UTC 2020
Modified Files:
pkgsrc/audio/adplug: Makefile PLIST distinfo
Log Message:
adplug: Update to 2.3.2
Changes for version 2.3.2:
--------------------------
- Bug fixes:
- FMOPL: Fix global variable pointer double-free (CVE-2018-17825)
- HERAD: Fix compilation on GCC 4.2.1
- ADL: Calling rewind() before update() causes access violation
- Move OPL reset/init code to rewind() for some players
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6210 - requested by adam
www/py-httplib2: security fix
Revisions pulled up:
- www/py-httplib2/Makefile 1.24-1.25
- www/py-httplib2/distinfo 1.21-1.22
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 20 15:29:53 UTC 2020
Modified Files:
pkgsrc/www/py-httplib2: Makefile distinfo
Log Message:
py-httplib2: updated to 0.18.0
0.18.0
IMPORTANT security vulnerability CWE-93 CRLF injection
Force %xx quote of space, CR, LF characters in uri.
Special thanks to Recar https://github.com/Ciyfly for discrete notification.
https://cwe.mitre.org/data/definitions/93.html
0.17.4
Ship test suite in source dist
https://github.com/httplib2/httplib2/pull/168
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 21 06:19:59 UTC 2020
Modified Files:
pkgsrc/www/py-httplib2: Makefile distinfo
Log Message:
py-httplib2: updated to 0.18.1
0.18.1
explicit build-backend workaround for pip build isolation bug
"AttributeError: 'module' object has no attribute '__legacy__'" on pip install
www/py-httplib2: security fix
Revisions pulled up:
- www/py-httplib2/Makefile 1.24-1.25
- www/py-httplib2/distinfo 1.21-1.22
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 20 15:29:53 UTC 2020
Modified Files:
pkgsrc/www/py-httplib2: Makefile distinfo
Log Message:
py-httplib2: updated to 0.18.0
0.18.0
IMPORTANT security vulnerability CWE-93 CRLF injection
Force %xx quote of space, CR, LF characters in uri.
Special thanks to Recar https://github.com/Ciyfly for discrete notification.
https://cwe.mitre.org/data/definitions/93.html
0.17.4
Ship test suite in source dist
https://github.com/httplib2/httplib2/pull/168
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 21 06:19:59 UTC 2020
Modified Files:
pkgsrc/www/py-httplib2: Makefile distinfo
Log Message:
py-httplib2: updated to 0.18.1
0.18.1
explicit build-backend workaround for pip build isolation bug
"AttributeError: 'module' object has no attribute '__legacy__'" on pip install
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/chat/irssi/Makefile@1.97.2.1
/
diff
pkgsrc/chat/irssi/distinfo@1.51.4.1 / diff
pkgsrc/chat/irssi/patches/patch-src_fe-text_term-terminfo.c@1.1.2.2 / diff
pkgsrc/chat/irssi/distinfo@1.51.4.1 / diff
pkgsrc/chat/irssi/patches/patch-src_fe-text_term-terminfo.c@1.1.2.2 / diff
Pullup ticket #6202 - requested by maya
chat/irssi: bugfix
Revisions pulled up:
- chat/irssi/Makefile 1.98-1.99
- chat/irssi/distinfo 1.52
- chat/irssi/patches/patch-src_fe-text_term-terminfo.c 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Mon May 18 18:38:31 UTC 2020
Modified Files:
pkgsrc/chat/irssi: Makefile distinfo
Added Files:
pkgsrc/chat/irssi/patches: patch-src_fe-text_term-terminfo.c
Log Message:
irssi: grab pull request from upstream fixing hangs with ctrl+space
bump pkgrevision
---
Module Name: pkgsrc
Committed By: maya
Date: Mon May 18 19:15:38 UTC 2020
Modified Files:
pkgsrc/chat/irssi: Makefile
Log Message:
irssi: remove random debug leftover
chat/irssi: bugfix
Revisions pulled up:
- chat/irssi/Makefile 1.98-1.99
- chat/irssi/distinfo 1.52
- chat/irssi/patches/patch-src_fe-text_term-terminfo.c 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Mon May 18 18:38:31 UTC 2020
Modified Files:
pkgsrc/chat/irssi: Makefile distinfo
Added Files:
pkgsrc/chat/irssi/patches: patch-src_fe-text_term-terminfo.c
Log Message:
irssi: grab pull request from upstream fixing hangs with ctrl+space
bump pkgrevision
---
Module Name: pkgsrc
Committed By: maya
Date: Mon May 18 19:15:38 UTC 2020
Modified Files:
pkgsrc/chat/irssi: Makefile
Log Message:
irssi: remove random debug leftover
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6209
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6209 - requested by taca
net/bind914: security fix
Revisions pulled up:
- net/bind914/Makefile 1.21
- net/bind914/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 10:23:04 UTC 2020
Modified Files:
pkgsrc/net/bind914: Makefile distinfo
Log Message:
net/bind914: update to 9.14.12
Update bind914 to 9.14.12 (BIND 9.14.12).
Note from release announce:
BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
9.14 branch.
--- 9.14.12 released ---
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
net/bind914: security fix
Revisions pulled up:
- net/bind914/Makefile 1.21
- net/bind914/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 10:23:04 UTC 2020
Modified Files:
pkgsrc/net/bind914: Makefile distinfo
Log Message:
net/bind914: update to 9.14.12
Update bind914 to 9.14.12 (BIND 9.14.12).
Note from release announce:
BIND 9.14.12 is the final planned release in the now End-of-Life (EOL)
9.14 branch.
--- 9.14.12 released ---
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. This was a side effect of 5315.
[GL !3137]
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/net/bind911/Makefile@1.22.2.1
/
diff
pkgsrc/net/bind911/PLIST@1.2.4.1 / diff
pkgsrc/net/bind911/distinfo@1.16.2.1 / diff
pkgsrc/net/bind911/PLIST@1.2.4.1 / diff
pkgsrc/net/bind911/distinfo@1.16.2.1 / diff
Pullup ticket #6208 - requested by taca
net/bind911: security fix
Revisions pulled up:
- net/bind911/Makefile 1.23-1.24
- net/bind911/PLIST 1.3
- net/bind911/distinfo 1.17-1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 18 06:12:28 UTC 2020
Modified Files:
pkgsrc/net/bind911: Makefile PLIST distinfo
Log Message:
net/bind911: update to 9.11.18
Update bind911 to 9.11.18 (BIND 9.11.18).
--- 9.11.18 released ---
5380. [contrib] Fix building MySQL DLZ modules against MySQL 8
libraries. [GL #1678]
5379. [doc] Clean up serve-stale related options that leaked into
the BIND 9.11 release. [GL !3265]
5378. [bug] Receiving invalid DNS data was triggering an assertion
failure in nslookup. [GL #1652]
5377. [feature] Detect atomic operations support on ppc64le. Thanks to
Petr Men=A8=EDk. [GL !3295]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5368. [bug] Named failed to restart if 'rndc addzone' names
contained special characters (e.g. '/'). [GL #1655]
--- 9.11.17 released ---
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. The was a side effect of 5315.
[GL !3137]
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 10:21:25 UTC 2020
Modified Files:
pkgsrc/net/bind911: Makefile distinfo
Log Message:
net/bind911: update to 9.11.19
Update bind911 to 9.11.19 (BIND 9.11.19).
--- 9.11.19 released ---
5404. [bug] 'named-checkconf -z' could incorrectly indicate
success if errors were found in one view but not in a
subsequent one. [GL #1807]
5398. [bug] Named could fail to restart if a zone with a double
quote (") in its name was added with 'rndc addzone'.
[GL #1695]
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5394. [cleanup] Named formerly attempted to change the effective UID an=
d
GID in named_os_openfile(), which could trigger a
spurious log message if they were already set to the
desired values. This has been fixed. [GL #1042]
[GL #1090]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5387. [func] Warn about AXFR streams with inconsistent message IDs.
[GL #1674]
net/bind911: security fix
Revisions pulled up:
- net/bind911/Makefile 1.23-1.24
- net/bind911/PLIST 1.3
- net/bind911/distinfo 1.17-1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 18 06:12:28 UTC 2020
Modified Files:
pkgsrc/net/bind911: Makefile PLIST distinfo
Log Message:
net/bind911: update to 9.11.18
Update bind911 to 9.11.18 (BIND 9.11.18).
--- 9.11.18 released ---
5380. [contrib] Fix building MySQL DLZ modules against MySQL 8
libraries. [GL #1678]
5379. [doc] Clean up serve-stale related options that leaked into
the BIND 9.11 release. [GL !3265]
5378. [bug] Receiving invalid DNS data was triggering an assertion
failure in nslookup. [GL #1652]
5377. [feature] Detect atomic operations support on ppc64le. Thanks to
Petr Men=A8=EDk. [GL !3295]
5376. [bug] Fix ineffective DNS rebinding protection when BIND is
configured as a forwarding DNS server. Thanks to Tobias
Klein. [GL #1574]
5368. [bug] Named failed to restart if 'rndc addzone' names
contained special characters (e.g. '/'). [GL #1655]
--- 9.11.17 released ---
5358. [bug] Inline master zones whose master files were touched
but otherwise unchanged and were subsequently reloaded
may have stopped re-signing. [GL !3135]
5357. [bug] Newly added RRSIG records with expiry times before
the previous earliest expiry times might not be
re-signed in time. The was a side effect of 5315.
[GL !3137]
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 19 10:21:25 UTC 2020
Modified Files:
pkgsrc/net/bind911: Makefile distinfo
Log Message:
net/bind911: update to 9.11.19
Update bind911 to 9.11.19 (BIND 9.11.19).
--- 9.11.19 released ---
5404. [bug] 'named-checkconf -z' could incorrectly indicate
success if errors were found in one view but not in a
subsequent one. [GL #1807]
5398. [bug] Named could fail to restart if a zone with a double
quote (") in its name was added with 'rndc addzone'.
[GL #1695]
5395. [security] Further limit the number of queries that can be
triggered from a request. Root and TLD servers
are no longer exempt from max-recursion-queries.
Fetches for missing name server address records
are limited to 4 for any domain. (CVE-2020-8616)
[GL #1388]
5394. [cleanup] Named formerly attempted to change the effective UID an=
d
GID in named_os_openfile(), which could trigger a
spurious log message if they were already set to the
desired values. This has been fixed. [GL #1042]
[GL #1090]
5390. [security] Replaying a TSIG BADTIME response as a request could
trigger an assertion failure. (CVE-2020-8617)
[GL #1703]
5387. [func] Warn about AXFR streams with inconsistent message IDs.
[GL #1674]
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/games/teeworlds/Makefile@1.15.2.1
/
diff
pkgsrc/games/teeworlds/PLIST@1.3.2.1 / diff
pkgsrc/games/teeworlds/distinfo@1.4.2.1 / diff
pkgsrc/games/teeworlds/PLIST@1.3.2.1 / diff
pkgsrc/games/teeworlds/distinfo@1.4.2.1 / diff
Pullup ticket #6206 - requested by nia
games/teeworlds: security fix
Revisions pulled up:
- games/teeworlds/Makefile 1.16
- games/teeworlds/PLIST 1.4
- games/teeworlds/distinfo 1.5
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 19 11:46:26 UTC 2020
Modified Files:
pkgsrc/games/teeworlds: Makefile PLIST distinfo
Log Message:
teeworlds: Update to 0.7.5
An exploit was discovered, that allows to crash any 0.7 Teeworlds server.
Though it does not compromise the security of the host (e.g. no arbitrary
accesses in memory) it lets an attacker force a server to repetitively shut
down (CVE-2020-12066).
The 0.7.5 release is a security update that aims to patch this server
exploit. As such, it is very light in features, and is mostly made of fixes.
games/teeworlds: security fix
Revisions pulled up:
- games/teeworlds/Makefile 1.16
- games/teeworlds/PLIST 1.4
- games/teeworlds/distinfo 1.5
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 19 11:46:26 UTC 2020
Modified Files:
pkgsrc/games/teeworlds: Makefile PLIST distinfo
Log Message:
teeworlds: Update to 0.7.5
An exploit was discovered, that allows to crash any 0.7 Teeworlds server.
Though it does not compromise the security of the host (e.g. no arbitrary
accesses in memory) it lets an attacker force a server to repetitively shut
down (CVE-2020-12066).
The 0.7.5 release is a security update that aims to patch this server
exploit. As such, it is very light in features, and is mostly made of fixes.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/graphics/libexif/Makefile@1.47.2.1
/
diff
pkgsrc/graphics/libexif/PLIST@1.21.42.1 / diff
pkgsrc/graphics/libexif/distinfo@1.31.2.1 / diff
pkgsrc/graphics/libexif/patches/patch-libexif_exif-data.c deleted
pkgsrc/graphics/libexif/PLIST@1.21.42.1 / diff
pkgsrc/graphics/libexif/distinfo@1.31.2.1 / diff
pkgsrc/graphics/libexif/patches/patch-libexif_exif-data.c deleted
Pullup ticket #6205 - requested by nia
graphics/libexif: security fix
Revisions pulled up:
- graphics/libexif/Makefile 1.48
- graphics/libexif/PLIST 1.22
- graphics/libexif/distinfo 1.32
- graphics/libexif/patches/patch-libexif_exif-data.c deleted
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 19 11:20:01 UTC 2020
Modified Files:
pkgsrc/graphics/libexif: Makefile PLIST distinfo
Removed Files:
pkgsrc/graphics/libexif/patches: patch-libexif_exif-data.c
Log Message:
libexif: Update to 0.6.22
libexif-0.6.22 (2020-05-18):
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS
* CVE-2020-13114: Time consumption DoS when parsing canon array markers
* CVE-2020-13113: Potential use of uninitialized memory
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
* CVE-2020-0093: read overflow
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs
* CVE-2020-12767: fixed division by zero
* CVE-2016-6328: fixed integer overflow when parsing maker notes
* CVE-2017-7544: fixed buffer overread
graphics/libexif: security fix
Revisions pulled up:
- graphics/libexif/Makefile 1.48
- graphics/libexif/PLIST 1.22
- graphics/libexif/distinfo 1.32
- graphics/libexif/patches/patch-libexif_exif-data.c deleted
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 19 11:20:01 UTC 2020
Modified Files:
pkgsrc/graphics/libexif: Makefile PLIST distinfo
Removed Files:
pkgsrc/graphics/libexif/patches: patch-libexif_exif-data.c
Log Message:
libexif: Update to 0.6.22
libexif-0.6.22 (2020-05-18):
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS
* CVE-2020-13114: Time consumption DoS when parsing canon array markers
* CVE-2020-13113: Potential use of uninitialized memory
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
* CVE-2020-0093: read overflow
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs
* CVE-2020-12767: fixed division by zero
* CVE-2016-6328: fixed integer overflow when parsing maker notes
* CVE-2017-7544: fixed buffer overread
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6204 - requested by he
net/unbound: security fix
Revisions pulled up:
- net/unbound/Makefile 1.78
- net/unbound/distinfo 1.58
---
Module Name: pkgsrc
Committed By: he
Date: Tue May 19 08:39:31 UTC 2020
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update unbound to version 1.10.1.
Pkgsrc changes:
* None.
Upstream changes:
This release fixes CVE-2020-12662 and CVE-2020-12663.
Bug Fixes:
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
net/unbound: security fix
Revisions pulled up:
- net/unbound/Makefile 1.78
- net/unbound/distinfo 1.58
---
Module Name: pkgsrc
Committed By: he
Date: Tue May 19 08:39:31 UTC 2020
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update unbound to version 1.10.1.
Pkgsrc changes:
* None.
Upstream changes:
This release fixes CVE-2020-12662 and CVE-2020-12663.
Bug Fixes:
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6203 - requested by taca
mail/dovecot2: security fix
Revisions pulled up:
- mail/dovecot2/Makefile.common 1.40
- mail/dovecot2/distinfo 1.104
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 18 14:20:47 UTC 2020
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common distinfo
pkgsrc/mail/dovecot2-sqlite: Makefile
Log Message:
mail/dovecot2: update to 2.3.10.1
Update dovecot2 to 2.3.10.1.
v2.3.10.1 2020-05-18 Aki Tuomi <aki.tuomi@open-xchange.com>
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
mail/dovecot2: security fix
Revisions pulled up:
- mail/dovecot2/Makefile.common 1.40
- mail/dovecot2/distinfo 1.104
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 18 14:20:47 UTC 2020
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common distinfo
pkgsrc/mail/dovecot2-sqlite: Makefile
Log Message:
mail/dovecot2: update to 2.3.10.1
Update dovecot2 to 2.3.10.1.
v2.3.10.1 2020-05-18 Aki Tuomi <aki.tuomi@open-xchange.com>
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6201
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/mail/mailman/Makefile@1.90.2.1
/
diff
pkgsrc/mail/mailman/PLIST@1.28.8.1 / diff
pkgsrc/mail/mailman/distinfo@1.26.8.1 / diff
pkgsrc/mail/mailman/PLIST@1.28.8.1 / diff
pkgsrc/mail/mailman/distinfo@1.26.8.1 / diff
Pullup ticket #6201 - requested by nia
mail/mailman: security fix
Revisions pulled up:
- mail/mailman/Makefile 1.91
- mail/mailman/PLIST 1.29
- mail/mailman/distinfo 1.27
---
Module Name: pkgsrc
Committed By: nia
Date: Fri May 15 09:40:46 UTC 2020
Modified Files:
pkgsrc/mail/mailman: Makefile PLIST distinfo
Log Message:
mailman: Update to 2.1.33
>From jcea via pkgsrc-wip
2.1.33 (07-May-2020)
Security
- A content injection vulnerability via the private login page has been
fixed. (LP: #1877379)
2.1.32 (05-May-2020)
i18n
Fixed a typo in the Spanish translation and uptated mailman.pot and
the message catalog for 2.1.31 security fix.
2.1.31 (05-May-2020)
Security
- A content injection vulnerability via the options login page has been
discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)
i18n
- The Spanish translation has been updated by Omar Walid Llorente.
Bug Fixes and other patches
- Bounce recognition for a non-compliant Yahoo format is added.
- Archiving workaround for non-ascii in string.lowercase in some Python
packages is added.
2.1.30 (13-Apr-2020)
New Features
- Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
list setting that can be used to apply dmarc_moderation_action to mail
From: addresses listed or matching listed regexps. This can be used
to modify mail to addresses that don't accept external mail From:
themselves.
- There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
obtains a list of the names of all the all the lists in the installation
in order to determine the maximum length of a legitimate list name. It
does this on every web access and on sites with a very large number of
lists, this can have performance implications. See the description in
Defaults.py for more information.
- Thanks to Ralf Jung there is now the ability to add text based captchas
(aka textchas) to the listinfo subscribe form. See the documentation
for the new CAPTCHA setting in Defaults.py for how to enable this. Also
note that if you have custom listinfo.html templates, you will have to
add a <mm-captcha-ui> tag to those templates to make this work. This
feature can be used in combination with or instead of the Google
reCAPTCHA feature added in 2.1.26.
- Thanks to Ralf Hildebrandt the web admin Membership Management section
now has a feature to sync the list's membership with a list of email
addresses as with the bin/sync_members command.
- There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This
controls the dropping of addresses from the Cc: header in delivered
messages by the duplicate avoidance process. (LP: #1845751)
- There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
a second request to subscribe to a list when there is already a pending
confirmation for that user. This can be set to Yes to prevent
mailbombing of a third party by repeatedly posting the subscribe form.
(LP: #1859104)
i18n
- The Japanese translation has been updated by Yasuhito FUTATSUKI.
- The German translation has been updated by Ludwig Reiter.
- The Spanish translation has been updated by Omar Walid Llorente.
- The Brazilian Portugese translation has been updated by Emerson de Mello.
Bug Fixes and other patches
- Fixed the confirm CGI to catch a rare TypeError on simultaneous
confirmations of the same token. (LP: #1785854)
- Scrubbed application/octet-stream MIME parts will now be given a
.bin extension instead of .obj.
- Added bounce recognition for a non-compliant opensmtpd DSN with
Action: error. (LP: #1805137)
- Corrected and augmented some security log messages. (LP: #1810098)
- Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
(LP: #1818205)
- Leading/trailing spaces in provided email addresses for login to private
archives and the user options page are now ignored. (LP: #1818872)
- Fixed the spelling of the --no-restart option for mailmanctl.
- Fixed an issue where certain combinations of charset and invalid
characters in a list's description could produce a List-ID header
without angle brackets. (LP: #1831321)
- With the Postfix MTA and virtual domains, mappings for the site list
-bounces and -request addresses in each virtual domain are now added
to data/virtual-mailman (-owner was done in 2.1.24). (LP: #1831777)
- The paths.py module now extends sys.path with the result of
site.getsitepackages() if available. (LP: #1838866)
- A bug causing a UnicodeDecodeError in preparing to send the confirmation
request message to a new subscriber has been fixed. (LP: #1851442)
- The SimpleMatch heuristic bounce recognizer has been improved to not
return most invalid email addresses. (LP: #1859011)
mail/mailman: security fix
Revisions pulled up:
- mail/mailman/Makefile 1.91
- mail/mailman/PLIST 1.29
- mail/mailman/distinfo 1.27
---
Module Name: pkgsrc
Committed By: nia
Date: Fri May 15 09:40:46 UTC 2020
Modified Files:
pkgsrc/mail/mailman: Makefile PLIST distinfo
Log Message:
mailman: Update to 2.1.33
>From jcea via pkgsrc-wip
2.1.33 (07-May-2020)
Security
- A content injection vulnerability via the private login page has been
fixed. (LP: #1877379)
2.1.32 (05-May-2020)
i18n
Fixed a typo in the Spanish translation and uptated mailman.pot and
the message catalog for 2.1.31 security fix.
2.1.31 (05-May-2020)
Security
- A content injection vulnerability via the options login page has been
discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)
i18n
- The Spanish translation has been updated by Omar Walid Llorente.
Bug Fixes and other patches
- Bounce recognition for a non-compliant Yahoo format is added.
- Archiving workaround for non-ascii in string.lowercase in some Python
packages is added.
2.1.30 (13-Apr-2020)
New Features
- Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
list setting that can be used to apply dmarc_moderation_action to mail
From: addresses listed or matching listed regexps. This can be used
to modify mail to addresses that don't accept external mail From:
themselves.
- There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
obtains a list of the names of all the all the lists in the installation
in order to determine the maximum length of a legitimate list name. It
does this on every web access and on sites with a very large number of
lists, this can have performance implications. See the description in
Defaults.py for more information.
- Thanks to Ralf Jung there is now the ability to add text based captchas
(aka textchas) to the listinfo subscribe form. See the documentation
for the new CAPTCHA setting in Defaults.py for how to enable this. Also
note that if you have custom listinfo.html templates, you will have to
add a <mm-captcha-ui> tag to those templates to make this work. This
feature can be used in combination with or instead of the Google
reCAPTCHA feature added in 2.1.26.
- Thanks to Ralf Hildebrandt the web admin Membership Management section
now has a feature to sync the list's membership with a list of email
addresses as with the bin/sync_members command.
- There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This
controls the dropping of addresses from the Cc: header in delivered
messages by the duplicate avoidance process. (LP: #1845751)
- There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
a second request to subscribe to a list when there is already a pending
confirmation for that user. This can be set to Yes to prevent
mailbombing of a third party by repeatedly posting the subscribe form.
(LP: #1859104)
i18n
- The Japanese translation has been updated by Yasuhito FUTATSUKI.
- The German translation has been updated by Ludwig Reiter.
- The Spanish translation has been updated by Omar Walid Llorente.
- The Brazilian Portugese translation has been updated by Emerson de Mello.
Bug Fixes and other patches
- Fixed the confirm CGI to catch a rare TypeError on simultaneous
confirmations of the same token. (LP: #1785854)
- Scrubbed application/octet-stream MIME parts will now be given a
.bin extension instead of .obj.
- Added bounce recognition for a non-compliant opensmtpd DSN with
Action: error. (LP: #1805137)
- Corrected and augmented some security log messages. (LP: #1810098)
- Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
(LP: #1818205)
- Leading/trailing spaces in provided email addresses for login to private
archives and the user options page are now ignored. (LP: #1818872)
- Fixed the spelling of the --no-restart option for mailmanctl.
- Fixed an issue where certain combinations of charset and invalid
characters in a list's description could produce a List-ID header
without angle brackets. (LP: #1831321)
- With the Postfix MTA and virtual domains, mappings for the site list
-bounces and -request addresses in each virtual domain are now added
to data/virtual-mailman (-owner was done in 2.1.24). (LP: #1831777)
- The paths.py module now extends sys.path with the result of
site.getsitepackages() if available. (LP: #1838866)
- A bug causing a UnicodeDecodeError in preparing to send the confirmation
request message to a new subscriber has been fixed. (LP: #1851442)
- The SimpleMatch heuristic bounce recognizer has been improved to not
return most invalid email addresses. (LP: #1859011)
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6200 - requested by taca
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.298
- lang/php72/distinfo 1.55
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:26:59 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.31
Update php72 to 7.2.31 (PHP 7.2.31).
14 May 2020, PHP 7.2.31
- Core:
. Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned).
(CVE-2019-11048) (cmb)
. Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp
files are not cleaned). (CVE-2019-11048) (cmb)
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.298
- lang/php72/distinfo 1.55
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:26:59 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.31
Update php72 to 7.2.31 (PHP 7.2.31).
14 May 2020, PHP 7.2.31
- Core:
. Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned).
(CVE-2019-11048) (cmb)
. Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp
files are not cleaned). (CVE-2019-11048) (cmb)
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6199 - requested by taca
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.297
- lang/php74/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:24:53 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.6
Update php74 to 7.4.6 (PHP 7.4.6).
14 May 2020, PHP 7.4.6
- Core:
. Fixed bug #78434 (Generator yields no items after valid() call). (Nikita)
. Fixed bug #79477 (casting object into array creates references). (Nikita)
. Fixed bug #79514 (Memory leaks while including unexistent file). (cmb,
Nikita)
. Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
(cmb)
. Fixed bug #78784 (Unable to interact with files inside a VFS for Git
repository). (cmb)
. Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned).
(cmb) (CVE-2019-11048)
. Fixed bug #78876 (Long variables cause OOM and temp files are not cleaned).
(cmb) (CVE-2019-11048)
- DOM:
. Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
(cmb)
- EXIF:
. Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
(Nikita)
- FCGI:
. Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
- MBString:
. Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
(Girgias)
- OpenSSL:
. Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes
with <1s timeout). (Joe Cai)
- PCRE:
. Upgraded to PCRE2 10.34. (cmb)
- Phar:
. Fixed bug #79503 (Memory leak on duplicate metadata). (cmb)
- SimpleXML:
. Fixed bug #79528 (Different object of the same xml between 7.4.5 and
7.4.4). (cmb)
- SPL:
. Fixed bug #69264 (__debugInfo() ignored while extending SPL classes). (cmb)
. Fixed bug #67369 (ArrayObject serialization drops the iterator class).
(Alex Dowad)
- Standard:
. Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
appended). (dinosaur)
. Fixed bug #79447 (Serializing uninitialized typed properties with __sleep
should not throw). (nicolas-grekas)
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.297
- lang/php74/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:24:53 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.6
Update php74 to 7.4.6 (PHP 7.4.6).
14 May 2020, PHP 7.4.6
- Core:
. Fixed bug #78434 (Generator yields no items after valid() call). (Nikita)
. Fixed bug #79477 (casting object into array creates references). (Nikita)
. Fixed bug #79514 (Memory leaks while including unexistent file). (cmb,
Nikita)
. Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
(cmb)
. Fixed bug #78784 (Unable to interact with files inside a VFS for Git
repository). (cmb)
. Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned).
(cmb) (CVE-2019-11048)
. Fixed bug #78876 (Long variables cause OOM and temp files are not cleaned).
(cmb) (CVE-2019-11048)
- DOM:
. Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
(cmb)
- EXIF:
. Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
(Nikita)
- FCGI:
. Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
- MBString:
. Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
(Girgias)
- OpenSSL:
. Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes
with <1s timeout). (Joe Cai)
- PCRE:
. Upgraded to PCRE2 10.34. (cmb)
- Phar:
. Fixed bug #79503 (Memory leak on duplicate metadata). (cmb)
- SimpleXML:
. Fixed bug #79528 (Different object of the same xml between 7.4.5 and
7.4.4). (cmb)
- SPL:
. Fixed bug #69264 (__debugInfo() ignored while extending SPL classes). (cmb)
. Fixed bug #67369 (ArrayObject serialization drops the iterator class).
(Alex Dowad)
- Standard:
. Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
appended). (dinosaur)
. Fixed bug #79447 (Serializing uninitialized typed properties with __sleep
should not throw). (nicolas-grekas)
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/devel/SDL/Makefile@1.138.2.1
/
diff
pkgsrc/devel/SDL/distinfo@1.82.4.1 / diff
pkgsrc/devel/SDL/patches/patch-src_video_SDL__bmp.c@1.1.6.1 / diff
pkgsrc/devel/SDL/distinfo@1.82.4.1 / diff
pkgsrc/devel/SDL/patches/patch-src_video_SDL__bmp.c@1.1.6.1 / diff
Pullup ticket #6197 - requested by nia
devel/SDL: security fix
Revisions pulled up:
- devel/SDL/Makefile 1.139
- devel/SDL/distinfo 1.83
- devel/SDL/patches/patch-src_video_SDL__bmp.c 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 14 14:44:17 UTC 2020
Modified Files:
pkgsrc/devel/SDL: Makefile distinfo
pkgsrc/devel/SDL/patches: patch-src_video_SDL__bmp.c
Log Message:
SDL: fix CVE-2019-13616
bump PKGREVISION
devel/SDL: security fix
Revisions pulled up:
- devel/SDL/Makefile 1.139
- devel/SDL/distinfo 1.83
- devel/SDL/patches/patch-src_video_SDL__bmp.c 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 14 14:44:17 UTC 2020
Modified Files:
pkgsrc/devel/SDL: Makefile distinfo
pkgsrc/devel/SDL/patches: patch-src_video_SDL__bmp.c
Log Message:
SDL: fix CVE-2019-13616
bump PKGREVISION
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6198 - requested by taca
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.296
- lang/php73/distinfo 1.22
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:23:08 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.18
Update php73 to 7.3.18 (PHP 7.3.18).
14 May 2020, PHP 7.3.18
- Core:
. Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned).
(CVE-2019-11048) (cmb)
. Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp
files are not cleaned). (CVE-2019-11048) (cmb)
. Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference
on !CS constant). (Nikita)
. Fixed bug #79477 (casting object into array creates references). (Nikita)
. Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
(cmb)
. Fixed bug #78784 (Unable to interact with files inside a VFS for Git
repository). (cmb)
- DOM:
. Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
(cmb)
- FCGI:
. Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
- MBString:
. Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
(Girgias)
- OpenSSL:
. Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes
with <1s timeout). (Joe Cai)
- Phar:
. Fix bug #79503 (Memory leak on duplicate metadata). (cmb)
- SimpleXML:
. Fixed bug #79528 (Different object of the same xml between 7.4.5 and
7.4.4). (cmb)
- Standard:
. Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
appended). (dinosaur)
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.296
- lang/php73/distinfo 1.22
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:23:08 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.18
Update php73 to 7.3.18 (PHP 7.3.18).
14 May 2020, PHP 7.3.18
- Core:
. Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned).
(CVE-2019-11048) (cmb)
. Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp
files are not cleaned). (CVE-2019-11048) (cmb)
. Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference
on !CS constant). (Nikita)
. Fixed bug #79477 (casting object into array creates references). (Nikita)
. Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
(cmb)
. Fixed bug #78784 (Unable to interact with files inside a VFS for Git
repository). (cmb)
- DOM:
. Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
(cmb)
- FCGI:
. Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
- MBString:
. Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
(Girgias)
- OpenSSL:
. Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes
with <1s timeout). (Joe Cai)
- Phar:
. Fix bug #79503 (Memory leak on duplicate metadata). (cmb)
- SimpleXML:
. Fixed bug #79528 (Different object of the same xml between 7.4.5 and
7.4.4). (cmb)
- Standard:
. Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
appended). (dinosaur)
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/security/cyrus-sasl/Makefile@1.76.2.1
/
diff
pkgsrc/security/cyrus-sasl/distinfo@1.37.4.1 / diff
pkgsrc/security/cyrus-sasl/patches/patch-CVE-2019-19906@1.1.2.2 / diff
pkgsrc/security/cyrus-sasl/distinfo@1.37.4.1 / diff
pkgsrc/security/cyrus-sasl/patches/patch-CVE-2019-19906@1.1.2.2 / diff
Pullup ticket #6196 - requested by nia
security/cyrus-sasl: security fix
Revisions pulled up:
- security/cyrus-sasl/Makefile 1.77
- security/cyrus-sasl/distinfo 1.38
- security/cyrus-sasl/patches/patch-CVE-2019-19906 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 14 14:27:32 UTC 2020
Modified Files:
pkgsrc/security/cyrus-sasl: Makefile distinfo
Added Files:
pkgsrc/security/cyrus-sasl/patches: patch-CVE-2019-19906
Log Message:
cyrus-sasl: Fix CVE-2019-19906
security/cyrus-sasl: security fix
Revisions pulled up:
- security/cyrus-sasl/Makefile 1.77
- security/cyrus-sasl/distinfo 1.38
- security/cyrus-sasl/patches/patch-CVE-2019-19906 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu May 14 14:27:32 UTC 2020
Modified Files:
pkgsrc/security/cyrus-sasl: Makefile distinfo
Added Files:
pkgsrc/security/cyrus-sasl/patches: patch-CVE-2019-19906
Log Message:
cyrus-sasl: Fix CVE-2019-19906
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/security/clamav/Makefile@1.63.2.1
/
diff
pkgsrc/security/clamav/Makefile.common@1.15.2.1 / diff
pkgsrc/security/clamav/distinfo@1.32.2.1 / diff
pkgsrc/security/clamav/Makefile.common@1.15.2.1 / diff
pkgsrc/security/clamav/distinfo@1.32.2.1 / diff
Pullup ticket #6195 - requested by taca
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.64-1.65
- security/clamav/Makefile.common 1.16
- security/clamav/distinfo 1.33
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 6 14:05:09 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile
Log Message:
revbump after boost update
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 13 14:58:58 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
Log Message:
security/clamav: update to 0.102.3
Update clamav to 0.102.3.
## 0.102.3
ClamAV 0.102.3 is a bug patch release to address the following issues.
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
an unsigned variable results in an out-of-bounds read which causes a crash.
Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
parsing vulnerability.
- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an out-of-
bounds read which may cause a crash. Bug found by OSS-Fuzz.
- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
- Fix a couple of minor memory leaks.
- Updated libclamunrar to UnRAR 5.9.2.
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.64-1.65
- security/clamav/Makefile.common 1.16
- security/clamav/distinfo 1.33
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 6 14:05:09 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile
Log Message:
revbump after boost update
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 13 14:58:58 UTC 2020
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
Log Message:
security/clamav: update to 0.102.3
Update clamav to 0.102.3.
## 0.102.3
ClamAV 0.102.3 is a bug patch release to address the following issues.
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
an unsigned variable results in an out-of-bounds read which causes a crash.
Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
parsing vulnerability.
- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an out-of-
bounds read which may cause a crash. Bug found by OSS-Fuzz.
- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
- Fix a couple of minor memory leaks.
- Updated libclamunrar to UnRAR 5.9.2.
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6193
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/graphics/openjpeg/Makefile@1.20.2.1
/
diff
pkgsrc/graphics/openjpeg/distinfo@1.17.2.1 / diff
pkgsrc/graphics/openjpeg/patches/patch-src_lib_openjp2_j2k.c@1.1.2.2 / diff
pkgsrc/graphics/openjpeg/patches/patch-src_lib_openjp2_tcd.c@1.1.2.2 / diff
pkgsrc/graphics/openjpeg/distinfo@1.17.2.1 / diff
pkgsrc/graphics/openjpeg/patches/patch-src_lib_openjp2_j2k.c@1.1.2.2 / diff
pkgsrc/graphics/openjpeg/patches/patch-src_lib_openjp2_tcd.c@1.1.2.2 / diff
Pullup ticket #6193 - requested by nia
graphics/openjpeg: security fix
Revisions pulled up:
- graphics/openjpeg/Makefile 1.21
- graphics/openjpeg/distinfo 1.18
- graphics/openjpeg/patches/patch-src_lib_openjp2_j2k.c 1.1
- graphics/openjpeg/patches/patch-src_lib_openjp2_tcd.c 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 12 10:44:46 UTC 2020
Modified Files:
pkgsrc/graphics/openjpeg: Makefile distinfo
Added Files:
pkgsrc/graphics/openjpeg/patches: patch-src_lib_openjp2_j2k.c
patch-src_lib_openjp2_tcd.c
Log Message:
openjpeg: Cherrypick fixes for the following CVEs from upstream:
https://nvd.nist.gov/vuln/detail/CVE-2020-6851 - out-of-bounds-write
https://nvd.nist.gov/vuln/detail/CVE-2020-8112 - heap-overflow
Please make releases for your software. :/
Bump PKGREVISION
graphics/openjpeg: security fix
Revisions pulled up:
- graphics/openjpeg/Makefile 1.21
- graphics/openjpeg/distinfo 1.18
- graphics/openjpeg/patches/patch-src_lib_openjp2_j2k.c 1.1
- graphics/openjpeg/patches/patch-src_lib_openjp2_tcd.c 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Tue May 12 10:44:46 UTC 2020
Modified Files:
pkgsrc/graphics/openjpeg: Makefile distinfo
Added Files:
pkgsrc/graphics/openjpeg/patches: patch-src_lib_openjp2_j2k.c
patch-src_lib_openjp2_tcd.c
Log Message:
openjpeg: Cherrypick fixes for the following CVEs from upstream:
https://nvd.nist.gov/vuln/detail/CVE-2020-6851 - out-of-bounds-write
https://nvd.nist.gov/vuln/detail/CVE-2020-8112 - heap-overflow
Please make releases for your software. :/
Bump PKGREVISION
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6192 - requested by leot
net/youtube-dl: update for extractor changes
Revisions pulled up:
- net/youtube-dl/Makefile 1.205-1.206
- net/youtube-dl/distinfo 1.187-1.188
---
Module Name: pkgsrc
Committed By: leot
Date: Sat May 2 17:17:21 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20200503
Changes:
20200503
--------
Core
+ [extractor/common] Extract multiple JSON-LD entries
* [options] Clarify doc on --exec command (#19087, #24883)
* [extractor/common] Skip malformed ISM manifest XMLs while extracting
ISM formats (#24667)
Extractors
* [crunchyroll] Fix and improve extraction (#25096, #25060)
* [youtube] Improve player id extraction
* [youtube] Use redirected video id if any (#25063)
* [yahoo] Fix GYAO Player extraction and relax URL regular expression
(#24178, #24778)
* [tvplay] Fix Viafree extraction (#15189, #24473, #24789)
* [tenplay] Relax URL regular expression (#25001)
+ [prosiebensat1] Extract series metadata
* [prosiebensat1] Improve extraction and remove 7tv.de support (#24948)
- [prosiebensat1] Remove 7tv.de support (#24948)
* [youtube] Fix DRM videos detection (#24736)
* [thisoldhouse] Fix video id extraction (#24548, #24549)
+ [soundcloud] Extract AAC format (#19173, #24708)
* [youtube] Skip broken multifeed videos (#24711)
* [nova:embed] Fix extraction (#24700)
* [motherless] Fix extraction (#24699)
* [twitch:clips] Extend URL regular expression (#24290, #24642)
* [tv4] Fix ISM formats extraction (#24667)
* [tele5] Fix extraction (#24553)
+ [mofosex] Add support for generic embeds (#24633)
+ [youporn] Add support for generic embeds
+ [spankwire] Add support for generic embeds (#24633)
* [spankwire] Fix extraction (#18924, #20648)
---
Module Name: pkgsrc
Committed By: leot
Date: Fri May 8 11:21:09 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20200508
Changes:
20200508
--------
Core
* [downloader/http] Request last data block of exact remaining size
* [downloader/http] Finish downloading once received data length matches
expected
* [extractor/common] Use compat_cookiejar_Cookie for _set_cookie to always
ensure cookie name and value are bytestrings on python 2 (#23256, #24776)
+ [compat] Introduce compat_cookiejar_Cookie
* [utils] Improve cookie files support
+ Add support for UTF-8 in cookie files
* Skip malformed cookie file entries instead of crashing (invalid entry
length, invalid expires at)
Extractors
* [youtube] Improve signature cipher extraction (#25187, #25188)
* [iprima] Improve extraction (#25138)
* [uol] Fix extraction (#22007)
+ [orf] Add support for more radio stations (#24938, #24968)
* [dailymotion] Fix typo
- [puhutv] Remove no longer available HTTP formats (#25124)
net/youtube-dl: update for extractor changes
Revisions pulled up:
- net/youtube-dl/Makefile 1.205-1.206
- net/youtube-dl/distinfo 1.187-1.188
---
Module Name: pkgsrc
Committed By: leot
Date: Sat May 2 17:17:21 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20200503
Changes:
20200503
--------
Core
+ [extractor/common] Extract multiple JSON-LD entries
* [options] Clarify doc on --exec command (#19087, #24883)
* [extractor/common] Skip malformed ISM manifest XMLs while extracting
ISM formats (#24667)
Extractors
* [crunchyroll] Fix and improve extraction (#25096, #25060)
* [youtube] Improve player id extraction
* [youtube] Use redirected video id if any (#25063)
* [yahoo] Fix GYAO Player extraction and relax URL regular expression
(#24178, #24778)
* [tvplay] Fix Viafree extraction (#15189, #24473, #24789)
* [tenplay] Relax URL regular expression (#25001)
+ [prosiebensat1] Extract series metadata
* [prosiebensat1] Improve extraction and remove 7tv.de support (#24948)
- [prosiebensat1] Remove 7tv.de support (#24948)
* [youtube] Fix DRM videos detection (#24736)
* [thisoldhouse] Fix video id extraction (#24548, #24549)
+ [soundcloud] Extract AAC format (#19173, #24708)
* [youtube] Skip broken multifeed videos (#24711)
* [nova:embed] Fix extraction (#24700)
* [motherless] Fix extraction (#24699)
* [twitch:clips] Extend URL regular expression (#24290, #24642)
* [tv4] Fix ISM formats extraction (#24667)
* [tele5] Fix extraction (#24553)
+ [mofosex] Add support for generic embeds (#24633)
+ [youporn] Add support for generic embeds
+ [spankwire] Add support for generic embeds (#24633)
* [spankwire] Fix extraction (#18924, #20648)
---
Module Name: pkgsrc
Committed By: leot
Date: Fri May 8 11:21:09 UTC 2020
Modified Files:
pkgsrc/net/youtube-dl: Makefile distinfo
Log Message:
youtube-dl: Update to 20200508
Changes:
20200508
--------
Core
* [downloader/http] Request last data block of exact remaining size
* [downloader/http] Finish downloading once received data length matches
expected
* [extractor/common] Use compat_cookiejar_Cookie for _set_cookie to always
ensure cookie name and value are bytestrings on python 2 (#23256, #24776)
+ [compat] Introduce compat_cookiejar_Cookie
* [utils] Improve cookie files support
+ Add support for UTF-8 in cookie files
* Skip malformed cookie file entries instead of crashing (invalid entry
length, invalid expires at)
Extractors
* [youtube] Improve signature cipher extraction (#25187, #25188)
* [iprima] Improve extraction (#25138)
* [uol] Fix extraction (#22007)
+ [orf] Add support for more radio stations (#24938, #24968)
* [dailymotion] Fix typo
- [puhutv] Remove no longer available HTTP formats (#25124)
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/firefox68-l10n/Makefile@1.10.2.3
/
diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.3 / diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.3 / diff
Pullup ticket #6191 - requested by nia
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.13
- www/firefox68-l10n/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Sat May 9 13:21:31 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Sync with firefox68
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.13
- www/firefox68-l10n/distinfo 1.10
---
Module Name: pkgsrc
Committed By: nia
Date: Sat May 9 13:21:31 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Sync with firefox68
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/firefox68/Makefile@1.15.2.3
/
diff
pkgsrc/www/firefox68/PLIST@1.5.2.1 / diff
pkgsrc/www/firefox68/distinfo@1.11.2.3 / diff
pkgsrc/www/firefox68/PLIST@1.5.2.1 / diff
pkgsrc/www/firefox68/distinfo@1.11.2.3 / diff
Pullup ticket #6190 - requested by nia
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.20
- www/firefox68/PLIST 1.6
- www/firefox68/distinfo 1.15
---
Module Name: pkgsrc
Committed By: nia
Date: Sat May 9 13:08:01 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile PLIST distinfo
Log Message:
firefox68: Update to 68.8.0
Security Vulnerabilities fixed in Firefox ESR 68.8
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
#CVE-2020-12389: Sandbox escape with improperly separated process types
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.20
- www/firefox68/PLIST 1.6
- www/firefox68/distinfo 1.15
---
Module Name: pkgsrc
Committed By: nia
Date: Sat May 9 13:08:01 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile PLIST distinfo
Log Message:
firefox68: Update to 68.8.0
Security Vulnerabilities fixed in Firefox ESR 68.8
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
#CVE-2020-12389: Sandbox escape with improperly separated process types
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
#CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/devel/libffi/Makefile@1.39.2.1
/
diff
pkgsrc/devel/libffi/distinfo@1.52.2.1 / diff
pkgsrc/devel/libffi/patches/patch-src_arm_sysv.S@1.9.2.2 / diff
pkgsrc/devel/libffi/distinfo@1.52.2.1 / diff
pkgsrc/devel/libffi/patches/patch-src_arm_sysv.S@1.9.2.2 / diff
Pullup ticket #6187 - requested by tnn
devel/libffi: NetBSD/evbarm build fix
Revisions pulled up:
- devel/libffi/Makefile 1.40
- devel/libffi/distinfo 1.53
- devel/libffi/patches/patch-src_arm_sysv.S 1.9
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Apr 8 13:40:11 UTC 2020
Modified Files:
pkgsrc/devel/libffi: Makefile distinfo
Added Files:
pkgsrc/devel/libffi/patches: patch-src_arm_sysv.S
Log Message:
libffi: fix ARM build
Restore ifdef toggling .eh_frame exception unwinding.
Seems to have been lost in previous update. PR pkg/55107. Bump.
devel/libffi: NetBSD/evbarm build fix
Revisions pulled up:
- devel/libffi/Makefile 1.40
- devel/libffi/distinfo 1.53
- devel/libffi/patches/patch-src_arm_sysv.S 1.9
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Apr 8 13:40:11 UTC 2020
Modified Files:
pkgsrc/devel/libffi: Makefile distinfo
Added Files:
pkgsrc/devel/libffi/patches: patch-src_arm_sysv.S
Log Message:
libffi: fix ARM build
Restore ifdef toggling .eh_frame exception unwinding.
Seems to have been lost in previous update. PR pkg/55107. Bump.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/databases/lmdb/Makefile@1.9.4.1
/
diff
pkgsrc/databases/lmdb/distinfo@1.9.2.1 / diff
pkgsrc/databases/openldap-doc/Makefile@1.29.10.1 / diff
pkgsrc/databases/openldap-doc/distinfo@1.21.2.1 / diff
pkgsrc/databases/openldap/Makefile.version@1.19.2.1 / diff
pkgsrc/databases/openldap/distinfo@1.114.2.1 / diff
pkgsrc/databases/lmdb/distinfo@1.9.2.1 / diff
pkgsrc/databases/openldap-doc/Makefile@1.29.10.1 / diff
pkgsrc/databases/openldap-doc/distinfo@1.21.2.1 / diff
pkgsrc/databases/openldap/Makefile.version@1.19.2.1 / diff
pkgsrc/databases/openldap/distinfo@1.114.2.1 / diff
Pullup ticket #6186 - requested by adam
databases/openldap: security fix
databases/lmdb: dependent update
Revisions pulled up:
- databases/lmdb/Makefile 1.10
- databases/lmdb/distinfo 1.10
- databases/openldap-doc/Makefile 1.30
- databases/openldap-doc/distinfo 1.22
- databases/openldap-server/Makefile 1.58
- databases/openldap/Makefile.version 1.20
- databases/openldap/distinfo 1.115
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 29 07:31:53 UTC 2020
Modified Files:
pkgsrc/databases/lmdb: Makefile distinfo
pkgsrc/databases/openldap: Makefile.version distinfo
pkgsrc/databases/openldap-doc: Makefile distinfo
pkgsrc/databases/openldap-server: Makefile
Log Message:
openldap: updated to 2.4.50
OpenLDAP 2.4.50 Engineering
Fixed client benign typos
Fixed libldap type cast
Fixed libldap retry loop in ldap_int_tls_connect
Fixed libldap_r race on Windows mutex initialization
Fixed liblunicode memory leak
Fixed slapd benign typos
Fixed slapd-mdb memory leak in dnSuperiorMatch
Fixed slapo-pcache database initialization
Fixed slapo-ppolicy callback
Build
Fix olcDatabaseDummy initialization for windows
Fix detection for ws2tcpip.h for windows
Fix back-mdb types for windows
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures
Added pw-argon2 module
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior
slapd-meta(5) - Remove client-pr option
slapdinex(8) - Fix truncate option information for back-mdb
databases/openldap: security fix
databases/lmdb: dependent update
Revisions pulled up:
- databases/lmdb/Makefile 1.10
- databases/lmdb/distinfo 1.10
- databases/openldap-doc/Makefile 1.30
- databases/openldap-doc/distinfo 1.22
- databases/openldap-server/Makefile 1.58
- databases/openldap/Makefile.version 1.20
- databases/openldap/distinfo 1.115
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 29 07:31:53 UTC 2020
Modified Files:
pkgsrc/databases/lmdb: Makefile distinfo
pkgsrc/databases/openldap: Makefile.version distinfo
pkgsrc/databases/openldap-doc: Makefile distinfo
pkgsrc/databases/openldap-server: Makefile
Log Message:
openldap: updated to 2.4.50
OpenLDAP 2.4.50 Engineering
Fixed client benign typos
Fixed libldap type cast
Fixed libldap retry loop in ldap_int_tls_connect
Fixed libldap_r race on Windows mutex initialization
Fixed liblunicode memory leak
Fixed slapd benign typos
Fixed slapd-mdb memory leak in dnSuperiorMatch
Fixed slapo-pcache database initialization
Fixed slapo-ppolicy callback
Build
Fix olcDatabaseDummy initialization for windows
Fix detection for ws2tcpip.h for windows
Fix back-mdb types for windows
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures
Added pw-argon2 module
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior
slapd-meta(5) - Remove client-pr option
slapdinex(8) - Fix truncate option information for back-mdb
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6185
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/mail/roundcube-plugin-password/Makefile@1.7.2.2
/
diff
pkgsrc/mail/roundcube-plugin-password/distinfo@1.17.2.3 / diff
pkgsrc/mail/roundcube/Makefile.common@1.16.2.1 / diff
pkgsrc/mail/roundcube/PLIST@1.47.2.1 / diff
pkgsrc/mail/roundcube/distinfo@1.66.2.2 / diff
pkgsrc/mail/roundcube-plugin-password/distinfo@1.17.2.3 / diff
pkgsrc/mail/roundcube/Makefile.common@1.16.2.1 / diff
pkgsrc/mail/roundcube/PLIST@1.47.2.1 / diff
pkgsrc/mail/roundcube/distinfo@1.66.2.2 / diff
Pullup ticket #6185 - requested by taca
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/Makefile 1.9
- mail/roundcube-plugin-password/distinfo 1.17
- mail/roundcube/Makefile.common 1.17
- mail/roundcube/PLIST 1.48
- mail/roundcube/distinfo 1.68
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 30 07:09:34 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
Log Message:
mail/roundcube: update to 1.4.4
Update roundcube, roundcube-plugin-enigma and roundcube-plugin-zipdownload to
1.4.4. This includes security fixes..
RELEASE 1.4.4
-------------
- Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
- Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
- Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
- Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
- Elastic: Fix color of a folder with recent messages (#7281)
- Elastic: Restrict logo size in print view (#7275)
- Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261)
- Fix missing contact display name in QR Code data (#7257)
- Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
- Fix regression in testing database schema on MSSQL (#7227)
- Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
- Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
- Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
- Fix handling keyservers configured with protocol prefix (#7295)
- Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
- Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
- Fix so imap error message is displayed to the user on folder create/update (#7245)
- Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
- Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
- Fix characters encoding in group rename input after group creation/rename (#7330)
- Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
- Make install-jsdeps.sh script working without the 'file' program installed (#7325)
- Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
- Security: Fix XSS issue in handling of CDATA in HTML messages
- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)
RELEASE 1.4.3
-------------
- Enigma: Fix so key list selection is reset when opening key creation form (#7154)
- Enigma: Fix so using list checkbox selection does not load the key preview frame
- Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
- Enigma: Display IDN domains of key users and identities in UTF8
- Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
- Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
- Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
- Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
- Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
- Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
- Elastic: Fix text selection in recipient inputs (#7129)
- Elastic: Fix missing Close button in "more recipients" dialog
- Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
- Fix regression where "Open in new window" action didn't work (#7155)
- Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
- Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
- Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
- Fix bug where files in skins/ directory were listed on skins list (#7180)
- Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
- Fix display issues with mail subject that contains line-breaks (#7191)
- Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
- Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
- Fix using unix:///path/to/socket.file in memcached driver (#7210)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 30 07:11:16 UTC 2020
Modified Files:
pkgsrc/mail/roundcube-plugin-password: Makefile distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.4.4
Update roundcube-plugin-password to 1.4.4.
pkgsrc change: add dependecy to lang/tcl-expect.
RELEASE 1.4.3
-------------
- Password: Make chpass-wrapper.py Python 3 compatible (#7135)
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/Makefile 1.9
- mail/roundcube-plugin-password/distinfo 1.17
- mail/roundcube/Makefile.common 1.17
- mail/roundcube/PLIST 1.48
- mail/roundcube/distinfo 1.68
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 30 07:09:34 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
Log Message:
mail/roundcube: update to 1.4.4
Update roundcube, roundcube-plugin-enigma and roundcube-plugin-zipdownload to
1.4.4. This includes security fixes..
RELEASE 1.4.4
-------------
- Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
- Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
- Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
- Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
- Elastic: Fix color of a folder with recent messages (#7281)
- Elastic: Restrict logo size in print view (#7275)
- Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261)
- Fix missing contact display name in QR Code data (#7257)
- Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
- Fix regression in testing database schema on MSSQL (#7227)
- Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
- Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
- Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
- Fix handling keyservers configured with protocol prefix (#7295)
- Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
- Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
- Fix so imap error message is displayed to the user on folder create/update (#7245)
- Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
- Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
- Fix characters encoding in group rename input after group creation/rename (#7330)
- Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
- Make install-jsdeps.sh script working without the 'file' program installed (#7325)
- Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
- Security: Fix XSS issue in handling of CDATA in HTML messages
- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)
RELEASE 1.4.3
-------------
- Enigma: Fix so key list selection is reset when opening key creation form (#7154)
- Enigma: Fix so using list checkbox selection does not load the key preview frame
- Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
- Enigma: Display IDN domains of key users and identities in UTF8
- Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
- Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
- Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
- Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
- Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
- Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
- Elastic: Fix text selection in recipient inputs (#7129)
- Elastic: Fix missing Close button in "more recipients" dialog
- Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
- Fix regression where "Open in new window" action didn't work (#7155)
- Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
- Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
- Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
- Fix bug where files in skins/ directory were listed on skins list (#7180)
- Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
- Fix display issues with mail subject that contains line-breaks (#7191)
- Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
- Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
- Fix using unix:///path/to/socket.file in memcached driver (#7210)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 30 07:11:16 UTC 2020
Modified Files:
pkgsrc/mail/roundcube-plugin-password: Makefile distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.4.4
Update roundcube-plugin-password to 1.4.4.
pkgsrc change: add dependecy to lang/tcl-expect.
RELEASE 1.4.3
-------------
- Password: Make chpass-wrapper.py Python 3 compatible (#7135)
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/drupal8/Makefile@1.30.2.1
/
diff
pkgsrc/www/drupal8/PLIST@1.24.2.1 / diff
pkgsrc/www/drupal8/distinfo@1.26.2.1 / diff
pkgsrc/www/drupal8/PLIST@1.24.2.1 / diff
pkgsrc/www/drupal8/distinfo@1.26.2.1 / diff
Pullup ticket #6183 - requested by taca
www/drupal8: security fix
Revisions pulled up:
- www/drupal8/Makefile 1.31
- www/drupal8/PLIST 1.25
- www/drupal8/distinfo 1.27
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 26 09:18:43 UTC 2020
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.7.12
Update drupal8 to 8.7.12.
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
No other fixes are included.
Which release do I choose? Security coverage information
* Sites on 8.7.x will receive security coverage until June 3, 2020 (when
Drupal 8.9.0 is scheduled for release).
* Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive
security coverage.
Important update information
No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary if your site is already on the previous
release.
www/drupal8: security fix
Revisions pulled up:
- www/drupal8/Makefile 1.31
- www/drupal8/PLIST 1.25
- www/drupal8/distinfo 1.27
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 26 09:18:43 UTC 2020
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.7.12
Update drupal8 to 8.7.12.
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001
No other fixes are included.
Which release do I choose? Security coverage information
* Sites on 8.7.x will receive security coverage until June 3, 2020 (when
Drupal 8.9.0 is scheduled for release).
* Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive
security coverage.
Important update information
No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary if your site is already on the previous
release.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/mail/roundcube-plugin-password/Makefile@1.7.2.1
/
diff
pkgsrc/mail/roundcube-plugin-password/distinfo@1.17.2.2 / diff
pkgsrc/mail/roundcube-plugin-password/patches/patch-plugins_password_helpers_passwd-expect@1.1.2.2 / diff
pkgsrc/mail/roundcube/distinfo@1.66.2.1 / diff
pkgsrc/mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect deleted
pkgsrc/mail/roundcube-plugin-password/distinfo@1.17.2.2 / diff
pkgsrc/mail/roundcube-plugin-password/patches/patch-plugins_password_helpers_passwd-expect@1.1.2.2 / diff
pkgsrc/mail/roundcube/distinfo@1.66.2.1 / diff
pkgsrc/mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect deleted
Pullup ticket #6182 - requested by taca
mail/roundcube-plugin-password: bugfix
Revisions pulled up:
- mail/roundcube-plugin-password/Makefile 1.8
- mail/roundcube-plugin-password/distinfo 1.16
- mail/roundcube-plugin-password/patches/patch-plugins_password_helpers_passwd-expect 1.1
- mail/roundcube/distinfo 1.67
- mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 26 08:48:24 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: distinfo
pkgsrc/mail/roundcube-plugin-password: Makefile
Added Files:
pkgsrc/mail/roundcube-plugin-password: distinfo
pkgsrc/mail/roundcube-plugin-password/patches:
patch-plugins_password_helpers_passwd-expect
Removed Files:
pkgsrc/mail/roundcube/patches:
patch-plugins_password_helpers_passwd-expect
Log Message:
mail/roundcube-plugin-password: fix runtime problem
Fix roundcube-plugin-password.
* Patch for roundcube-plugin-password had not been applied accidently.
* More changes were required to make it work on *BSD system.
Bump PKGREVISION.
mail/roundcube-plugin-password: bugfix
Revisions pulled up:
- mail/roundcube-plugin-password/Makefile 1.8
- mail/roundcube-plugin-password/distinfo 1.16
- mail/roundcube-plugin-password/patches/patch-plugins_password_helpers_passwd-expect 1.1
- mail/roundcube/distinfo 1.67
- mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 26 08:48:24 UTC 2020
Modified Files:
pkgsrc/mail/roundcube: distinfo
pkgsrc/mail/roundcube-plugin-password: Makefile
Added Files:
pkgsrc/mail/roundcube-plugin-password: distinfo
pkgsrc/mail/roundcube-plugin-password/patches:
patch-plugins_password_helpers_passwd-expect
Removed Files:
pkgsrc/mail/roundcube/patches:
patch-plugins_password_helpers_passwd-expect
Log Message:
mail/roundcube-plugin-password: fix runtime problem
Fix roundcube-plugin-password.
* Patch for roundcube-plugin-password had not been applied accidently.
* More changes were required to make it work on *BSD system.
Bump PKGREVISION.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6181 - requested by leot
devel/git-base: security fix
(via patch)
---
git: Update to 2.25.4
Changes:
2.25.4
------
This release is to address the security issue: CVE-2020-11008
* With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
The attack has been made impossible by refusing to work with
under-specified credential patterns.
Credit for finding the vulnerability goes to Carlo Arenas.
devel/git-base: security fix
(via patch)
---
git: Update to 2.25.4
Changes:
2.25.4
------
This release is to address the security issue: CVE-2020-11008
* With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
The attack has been made impossible by refusing to work with
under-specified credential patterns.
Credit for finding the vulnerability goes to Carlo Arenas.
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6179
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/squid4/Makefile@1.5.2.1
/
diff
pkgsrc/www/squid4/distinfo@1.3.2.1 / diff
pkgsrc/www/squid4/patches/patch-acinclude_os-deps.m4@1.2.2.2 / diff
pkgsrc/www/squid4/patches/patch-configure@1.2.2.1 / diff
pkgsrc/www/squid4/patches/patch-src_ip_Intercept.cc@1.1.2.2 / diff
pkgsrc/www/squid4/distinfo@1.3.2.1 / diff
pkgsrc/www/squid4/patches/patch-acinclude_os-deps.m4@1.2.2.2 / diff
pkgsrc/www/squid4/patches/patch-configure@1.2.2.1 / diff
pkgsrc/www/squid4/patches/patch-src_ip_Intercept.cc@1.1.2.2 / diff
Pullup ticket #6179 - requested by taca
www/squid4: security fix
Revisions pulled up:
- www/squid4/Makefile 1.6-1.7
- www/squid4/distinfo 1.4-1.6
- www/squid4/patches/patch-acinclude_os-deps.m4 1.1-1.2
- www/squid4/patches/patch-configure 1.3-1.5
- www/squid4/patches/patch-src_ip_Intercept.cc 1.1
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 9 09:45:20 UTC 2020
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
pkgsrc/www/squid4/patches: patch-configure
Added Files:
pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4
patch-src_ip_Intercept.cc
Log Message:
Fix IPFilter transparent proxy support by:
- including correct headers in configure tests
- using correct autoconf value output by configure
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 9 16:27:15 UTC 2020
Modified Files:
pkgsrc/www/squid4: distinfo
pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4 patch-configure
Log Message:
Generate correct #defines for the IPFilter IPv6 detection with no trailing
underscores
---
Module Name: pkgsrc
Committed By: mef
Date: Thu Apr 23 13:52:24 UTC 2020
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
pkgsrc/www/squid4/patches: patch-configure
Log Message:
(www/squid4) Updated to 4.10 (and clear pkglint one point in patch)
Changes to squid-4.11 (18 Apr 2020):
- Bug 5036: capital 'L's in logs when daemon queue overflows
- Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
- Bug 5016: systemd thinks Squid is ready before Squid listens
- kerberos_ldap_group: fix encryption type for cross realm check
- HTTP: Ignore malformed Host header in intercept and reverse proxy mode
- Fix Digest authentication nonce handling
- Supply ALE to request_header_add/reply_header_add
- ... and some documentation updates
- ... and some compile fixes
www/squid4: security fix
Revisions pulled up:
- www/squid4/Makefile 1.6-1.7
- www/squid4/distinfo 1.4-1.6
- www/squid4/patches/patch-acinclude_os-deps.m4 1.1-1.2
- www/squid4/patches/patch-configure 1.3-1.5
- www/squid4/patches/patch-src_ip_Intercept.cc 1.1
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 9 09:45:20 UTC 2020
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
pkgsrc/www/squid4/patches: patch-configure
Added Files:
pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4
patch-src_ip_Intercept.cc
Log Message:
Fix IPFilter transparent proxy support by:
- including correct headers in configure tests
- using correct autoconf value output by configure
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 9 16:27:15 UTC 2020
Modified Files:
pkgsrc/www/squid4: distinfo
pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4 patch-configure
Log Message:
Generate correct #defines for the IPFilter IPv6 detection with no trailing
underscores
---
Module Name: pkgsrc
Committed By: mef
Date: Thu Apr 23 13:52:24 UTC 2020
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
pkgsrc/www/squid4/patches: patch-configure
Log Message:
(www/squid4) Updated to 4.10 (and clear pkglint one point in patch)
Changes to squid-4.11 (18 Apr 2020):
- Bug 5036: capital 'L's in logs when daemon queue overflows
- Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
- Bug 5016: systemd thinks Squid is ready before Squid listens
- kerberos_ldap_group: fix encryption type for cross realm check
- HTTP: Ignore malformed Host header in intercept and reverse proxy mode
- Fix Digest authentication nonce handling
- Supply ALE to request_header_add/reply_header_add
- ... and some documentation updates
- ... and some compile fixes
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/multimedia/ffmpeg2/Makefile@1.54.2.1
/
diff
pkgsrc/multimedia/ffmpeg2/Makefile.common@1.58.2.1 / diff
pkgsrc/multimedia/ffmpeg2/distinfo@1.57.8.1 / diff
pkgsrc/multimedia/ffmpeg2/Makefile.common@1.58.2.1 / diff
pkgsrc/multimedia/ffmpeg2/distinfo@1.57.8.1 / diff
Pullup ticket #6177 - requested by nia
multimedia/ffmpeg2: security fix
Revisions pulled up:
- multimedia/ffmpeg2/Makefile 1.56
- multimedia/ffmpeg2/Makefile.common 1.59
- multimedia/ffmpeg2/distinfo 1.58
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Apr 23 16:34:21 UTC 2020
Modified Files:
pkgsrc/multimedia/ffmpeg2: Makefile Makefile.common distinfo
Log Message:
ffmpeg2: Very late update to 2.8.15
version 2.8.15:
- avcodec/dvdsub_parser: Allocate input padding
- avcodec/dvdsub_parser: Init output buf/size
- avcodec/imgconvert: fix possible null pointer dereference
- swresample/arm: rename labels to fix xcode build error
- avformat/utils: fix mixed declarations and code
- libwebpenc_animencoder: add missing braces to struct initialization
- avformat/movenc: Check input sample count
- avcodec/mjpegdec: Check for odd progressive RGB
- avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
- avformat/mms: Add missing chunksize check
- avformat/pva: Check for EOF before retrying in read_part_of_packet()
- avcodec/indeo4: Check for end of bitstream in decode_mb_info()
- avcodec/shorten: Fix undefined addition in shorten_decode_frame()
- avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
- avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
- avcodec/escape124: Fix spelling errors in comment
- avcodec/ra144: Fix integer overflow in ff_eval_refl()
- avcodec/cscd: Check output buffer size for lzo.
- avcodec/escape124: Check buf_size against num_superblocks
- avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Sanity check nmeans
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- lavf/http.c: Free allocated client URLContext in case of error.
- avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
- avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
- avcodec/dfa: Check dimension against maximum
- avcodec/cinepak: Skip empty frames
- avcodec/cinepak: move some checks prior to frame allocation
- swresample/arm: remove unintentional relocation.
- doc/APIchanges: Fix typos in hashes
- avformat/utils: Check cur_dts in update_initial_timestamps() more
- avcodec/utils: Enforce minimum width also for VP5/6
- avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
- avcodec/mjpegdec: Check input buffer size.
- lavc/libopusdec: Allow avcodec_open2 to call .close
- avcodec/movtextdec: Check style_start/end
- avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
- swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
- avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
- avcodec/cscd: Error out when LZ* decompression fails
- avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
- avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
- avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
- avcodec/get_bits: Make sure the input bitstream with padding can be addressed
- avformat/mov: Check STSC and remove invalid entries
- avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
- avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
- avcodec/wmalosslessdec: Reset num_saved_bits on error path
- avformat/mov: Fix integer overflows related to sample_duration
- avformat/oggparseogm: Check lb against psize
- avformat/oggparseogm: Fix undefined shift in ogm_packet()
- avformat/avidec: Fix integer overflow in cum_len check
- avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
- avformat/utils: Fix integer overflow of fps_first/last_dts
- libavformat/oggparsevorbis: Fix memleak on multiple headers
- avcodec/bintext: sanity check dimensions
- avcodec/utvideodec: Check subsample factors
- avcodec/smc: Check input packet size
- avcodec/cavsdec: Check alpha/beta offset
- avcodec/diracdec: Fix integer overflow in mv computation
- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
- avcodec/diracdec: Use int64 in global mv to prevent overflow
- avformat/hvcc: zero initialize the nal buffers past the last written byte
multimedia/ffmpeg2: security fix
Revisions pulled up:
- multimedia/ffmpeg2/Makefile 1.56
- multimedia/ffmpeg2/Makefile.common 1.59
- multimedia/ffmpeg2/distinfo 1.58
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Apr 23 16:34:21 UTC 2020
Modified Files:
pkgsrc/multimedia/ffmpeg2: Makefile Makefile.common distinfo
Log Message:
ffmpeg2: Very late update to 2.8.15
version 2.8.15:
- avcodec/dvdsub_parser: Allocate input padding
- avcodec/dvdsub_parser: Init output buf/size
- avcodec/imgconvert: fix possible null pointer dereference
- swresample/arm: rename labels to fix xcode build error
- avformat/utils: fix mixed declarations and code
- libwebpenc_animencoder: add missing braces to struct initialization
- avformat/movenc: Check input sample count
- avcodec/mjpegdec: Check for odd progressive RGB
- avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
- avformat/mms: Add missing chunksize check
- avformat/pva: Check for EOF before retrying in read_part_of_packet()
- avcodec/indeo4: Check for end of bitstream in decode_mb_info()
- avcodec/shorten: Fix undefined addition in shorten_decode_frame()
- avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
- avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
- avcodec/escape124: Fix spelling errors in comment
- avcodec/ra144: Fix integer overflow in ff_eval_refl()
- avcodec/cscd: Check output buffer size for lzo.
- avcodec/escape124: Check buf_size against num_superblocks
- avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Sanity check nmeans
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- lavf/http.c: Free allocated client URLContext in case of error.
- avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
- avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
- avcodec/dfa: Check dimension against maximum
- avcodec/cinepak: Skip empty frames
- avcodec/cinepak: move some checks prior to frame allocation
- swresample/arm: remove unintentional relocation.
- doc/APIchanges: Fix typos in hashes
- avformat/utils: Check cur_dts in update_initial_timestamps() more
- avcodec/utils: Enforce minimum width also for VP5/6
- avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
- avcodec/mjpegdec: Check input buffer size.
- lavc/libopusdec: Allow avcodec_open2 to call .close
- avcodec/movtextdec: Check style_start/end
- avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
- swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
- avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
- avcodec/cscd: Error out when LZ* decompression fails
- avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
- avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
- avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
- avcodec/get_bits: Make sure the input bitstream with padding can be addressed
- avformat/mov: Check STSC and remove invalid entries
- avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
- avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
- avcodec/wmalosslessdec: Reset num_saved_bits on error path
- avformat/mov: Fix integer overflows related to sample_duration
- avformat/oggparseogm: Check lb against psize
- avformat/oggparseogm: Fix undefined shift in ogm_packet()
- avformat/avidec: Fix integer overflow in cum_len check
- avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
- avformat/utils: Fix integer overflow of fps_first/last_dts
- libavformat/oggparsevorbis: Fix memleak on multiple headers
- avcodec/bintext: sanity check dimensions
- avcodec/utvideodec: Check subsample factors
- avcodec/smc: Check input packet size
- avcodec/cavsdec: Check alpha/beta offset
- avcodec/diracdec: Fix integer overflow in mv computation
- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
- avcodec/diracdec: Use int64 in global mv to prevent overflow
- avformat/hvcc: zero initialize the nal buffers past the last written byte
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6175 - requested by taca
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.295
- lang/php72/distinfo 1.54
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 19 02:34:58 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.30
Update php72 to 7.2.30.
16 Apr 2020, PHP 7.2.30
- Standard:
. Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
appended). (dinosaur)
. Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
. Fixed bug #79465 (OOB Read in urldecode()). (stas)
lang/php72: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.295
- lang/php72/distinfo 1.54
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 19 02:34:58 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.30
Update php72 to 7.2.30.
16 Apr 2020, PHP 7.2.30
- Standard:
. Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter
appended). (dinosaur)
. Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
. Fixed bug #79465 (OOB Read in urldecode()). (stas)
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6174 - requested by taca
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.294
- lang/php74/distinfo 1.7
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 18 05:01:45 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.5
Update php74 to 7.4.5.
16 Apr 2020, PHP 7.4.5
- Core:
. Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
. Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)
- CURL:
. Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)
- Date:
. Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
Brunette)
. Fixed bug #74940 (DateTimeZone loose comparison always true). (cmb)
- FPM:
. Implement request #77062 (Allow numeric [UG]ID in FPM listen.{owner,group})
(Andre Nathan)
- Iconv:
. Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)
- OPcache:
. Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
(Dmitry)
- Session:
. Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)
- Shmop:
. Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)
- SimpleXML:
. Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)
- SOAP:
. Fixed bug #79357 (SOAP request segfaults when any request parameter is
missing). (Nikita)
- Spl:
. Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
. Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
(cmb)
- Standard:
. Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
. Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
without newline). (Christian Schneider)
. Fixed bug #79465 (OOB Read in urldecode()). (stas)
- Zip:
. Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
. Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
(Max Rees)
lang/php74: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.294
- lang/php74/distinfo 1.7
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 18 05:01:45 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.5
Update php74 to 7.4.5.
16 Apr 2020, PHP 7.4.5
- Core:
. Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
. Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)
- CURL:
. Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)
- Date:
. Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
Brunette)
. Fixed bug #74940 (DateTimeZone loose comparison always true). (cmb)
- FPM:
. Implement request #77062 (Allow numeric [UG]ID in FPM listen.{owner,group})
(Andre Nathan)
- Iconv:
. Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)
- OPcache:
. Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
(Dmitry)
- Session:
. Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)
- Shmop:
. Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)
- SimpleXML:
. Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)
- SOAP:
. Fixed bug #79357 (SOAP request segfaults when any request parameter is
missing). (Nikita)
- Spl:
. Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
. Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
(cmb)
- Standard:
. Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
. Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
without newline). (Christian Schneider)
. Fixed bug #79465 (OOB Read in urldecode()). (stas)
- Zip:
. Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
. Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
(Max Rees)
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6173
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6171 - requested by taca
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.293
- lang/php73/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 18 04:59:41 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.17.
Update php73 to 7.3.17.
16 Apr 2020, PHP 7.3.17
- Core:
. Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
. Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)
- CURL:
. Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)
- Date:
. Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
Brunette)
- Iconv:
. Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)
- OPcache:
. Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
(Dmitry)
- Session:
. Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)
- Shmop:
. Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)
- SimpleXML:
. Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)
- Spl:
. Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
. Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
(cmb)
- Standard:
. Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
. Fixed bug #79465 (OOB Read in urldecode()). (stas)
. Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
without newline). (Christian Schneider)
- Zip:
. Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
. Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
(Max Rees)
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.293
- lang/php73/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 18 04:59:41 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.17.
Update php73 to 7.3.17.
16 Apr 2020, PHP 7.3.17
- Core:
. Fixed bug #79364 (When copy empty array, next key is unspecified). (cmb)
. Fixed bug #78210 (Invalid pointer address). (cmb, Nikita)
- CURL:
. Fixed bug #79199 (curl_copy_handle() memory leak). (cmb)
- Date:
. Fixed bug #79396 (DateTime hour incorrect during DST jump forward). (Nate
Brunette)
- Iconv:
. Fixed bug #79200 (Some iconv functions cut Windows-1258). (cmb)
- OPcache:
. Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
(Dmitry)
- Session:
. Fixed bug #79413 (session_create_id() fails for active sessions). (cmb)
- Shmop:
. Fixed bug #79427 (Integer Overflow in shmop_open()). (cmb)
- SimpleXML:
. Fixed bug #61597 (SXE properties may lack attributes and content). (cmb)
- Spl:
. Fixed bug #75673 (SplStack::unserialize() behavior). (cmb)
. Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
(cmb)
- Standard:
. Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
. Fixed bug #79465 (OOB Read in urldecode()). (stas)
. Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
without newline). (Christian Schneider)
- Zip:
. Fixed Bug #79296 (ZipArchive::open fails on empty file). (Remi)
. Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
(Max Rees)
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6173 - requested by nia
games/supertux: build fix
Revisions pulled up:
- games/supertux/Makefile 1.22
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Mar 31 09:44:34 UTC 2020
Modified Files:
pkgsrc/games/supertux: Makefile
Log Message:
supertux: Disable pointless portability check...
games/supertux: build fix
Revisions pulled up:
- games/supertux/Makefile 1.22
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Mar 31 09:44:34 UTC 2020
Modified Files:
pkgsrc/games/supertux: Makefile
Log Message:
supertux: Disable pointless portability check...
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6172 - requested by nia
x11/qt5-qtwebkit: build fix
Revisions pulled up:
- x11/qt5-qtwebkit/Makefile 1.78
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Apr 21 09:51:52 UTC 2020
Modified Files:
pkgsrc/x11/qt5-qtwebkit: Makefile
Log Message:
qt5-qtwebkit: Unlimit cputime
x11/qt5-qtwebkit: build fix
Revisions pulled up:
- x11/qt5-qtwebkit/Makefile 1.78
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Apr 21 09:51:52 UTC 2020
Modified Files:
pkgsrc/x11/qt5-qtwebkit: Makefile
Log Message:
qt5-qtwebkit: Unlimit cputime
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6169 - requested by taca
devel/ruby-redmine_jenkins: build fix
Revisions pulled up:
- devel/ruby-redmine_jenkins/Makefile 1.6
---
Module Name: pkgsrc
Committed By: mef
Date: Sat Apr 4 04:02:11 UTC 2020
Modified Files:
pkgsrc/devel/ruby-redmine_jenkins: Makefile
Log Message:
(devel/ruby-redmine_jenkins) Convert obsolete option --no-ri to --no-document
devel/ruby-redmine_jenkins: build fix
Revisions pulled up:
- devel/ruby-redmine_jenkins/Makefile 1.6
---
Module Name: pkgsrc
Committed By: mef
Date: Sat Apr 4 04:02:11 UTC 2020
Modified Files:
pkgsrc/devel/ruby-redmine_jenkins: Makefile
Log Message:
(devel/ruby-redmine_jenkins) Convert obsolete option --no-ri to --no-document
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6170 - requested by nia
security/mbedtls: security fix
Revisions pulled up:
- security/mbedtls/Makefile 1.14
- security/mbedtls/distinfo 1.9
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 18 14:21:56 UTC 2020
Modified Files:
pkgsrc/security/mbedtls: Makefile distinfo
Log Message:
mbedtls: Update to 2.16.6
= mbed TLS 2.16.6 branch released 2020-04-14
Security
* Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information (typically an
untrusted operating system attacking a secure enclave) to fully recover
an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
* Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
* Fix a function name in a debug message. Contributed by Ercan Ozturk in
#3013.
security/mbedtls: security fix
Revisions pulled up:
- security/mbedtls/Makefile 1.14
- security/mbedtls/distinfo 1.9
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 18 14:21:56 UTC 2020
Modified Files:
pkgsrc/security/mbedtls: Makefile distinfo
Log Message:
mbedtls: Update to 2.16.6
= mbed TLS 2.16.6 branch released 2020-04-14
Security
* Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information (typically an
untrusted operating system attacking a secure enclave) to fully recover
an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
* Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message.
Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
* Fix a function name in a debug message. Contributed by Ercan Ozturk in
#3013.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6168 - requested by taca
devel/ruby-fiddle: dependent update
Revisions pulled up:
- devel/ruby-fiddle/Makefile 1.20
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:29:11 UTC 2020
Modified Files:
pkgsrc/devel/ruby-fiddle: Makefile
Log Message:
devel/ruby-fiddle: reset PKGREVISION
Reset PKGREVISION by updates of all ruby2* packages.
devel/ruby-fiddle: dependent update
Revisions pulled up:
- devel/ruby-fiddle/Makefile 1.20
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:29:11 UTC 2020
Modified Files:
pkgsrc/devel/ruby-fiddle: Makefile
Log Message:
devel/ruby-fiddle: reset PKGREVISION
Reset PKGREVISION by updates of all ruby2* packages.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.217.2.4
/
diff
pkgsrc/lang/ruby25-base/Makefile@1.15.2.1 / diff
pkgsrc/lang/ruby25-base/PLIST@1.3.4.1 / diff
pkgsrc/lang/ruby25-base/distinfo@1.12.2.1 / diff
pkgsrc/lang/ruby25-base/Makefile@1.15.2.1 / diff
pkgsrc/lang/ruby25-base/PLIST@1.3.4.1 / diff
pkgsrc/lang/ruby25-base/distinfo@1.12.2.1 / diff
Pullup ticket #6166 - requested by taca
lang/ruby25-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.220
- lang/ruby25-base/Makefile 1.16
- lang/ruby25-base/PLIST 1.4
- lang/ruby25-base/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:25:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby25-base: Makefile PLIST distinfo
Log Message:
lang/ruby25-base: update to 2.5.8
Update ruby25-base (and ruby25) to 2.5.8.
2.5.8 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
lang/ruby25-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.220
- lang/ruby25-base/Makefile 1.16
- lang/ruby25-base/PLIST 1.4
- lang/ruby25-base/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:25:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby25-base: Makefile PLIST distinfo
Log Message:
lang/ruby25-base: update to 2.5.8
Update ruby25-base (and ruby25) to 2.5.8.
2.5.8 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6167 - requested by taca
lang/ruby24-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.221
- lang/ruby24-base/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:27:40 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby24-base: update to 2.4.10
Update ruby24-base (and ruby24) to 2.4.10.
This release includes a security fix. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
Ruby 2.4 is now under the state of the security maintenance phase, until the
end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. Thus, this release would be the last of Ruby 2.4 series. We
recommend you immediately upgrade Ruby to newer versions, such as 2.7 or 2.6
or 2.5.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Apr 2 12:20:51 UTC 2020
Modified Files:
pkgsrc/lang/ruby24-base: distinfo
Log Message:
ruby24-base: update distinfo for 2.4.10 release
lang/ruby24-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.221
- lang/ruby24-base/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:27:40 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby24-base: update to 2.4.10
Update ruby24-base (and ruby24) to 2.4.10.
This release includes a security fix. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
Ruby 2.4 is now under the state of the security maintenance phase, until the
end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. Thus, this release would be the last of Ruby 2.4 series. We
recommend you immediately upgrade Ruby to newer versions, such as 2.7 or 2.6
or 2.5.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Apr 2 12:20:51 UTC 2020
Modified Files:
pkgsrc/lang/ruby24-base: distinfo
Log Message:
ruby24-base: update distinfo for 2.4.10 release
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.217.2.2
/
diff
pkgsrc/lang/ruby27-base/PLIST@1.1.2.1 / diff
pkgsrc/lang/ruby27-base/distinfo@1.1.2.1 / diff
pkgsrc/lang/ruby27-base/PLIST@1.1.2.1 / diff
pkgsrc/lang/ruby27-base/distinfo@1.1.2.1 / diff
Pullup ticket #6165 - requested by taca
lang/ruby27-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.219
- lang/ruby27-base/PLIST 1.2
- lang/ruby27-base/distinfo 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:23:15 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: PLIST distinfo
Log Message:
lang/ruby27-base: update to 2.7.1
Update ruby27-base (and ruby27) to 2.7.1.
2.7.1 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
lang/ruby27-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.219
- lang/ruby27-base/PLIST 1.2
- lang/ruby27-base/distinfo 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:23:15 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: PLIST distinfo
Log Message:
lang/ruby27-base: update to 2.7.1
Update ruby27-base (and ruby27) to 2.7.1.
2.7.1 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.217.2.1
/
diff
pkgsrc/lang/ruby26-base/Makefile@1.9.2.1 / diff
pkgsrc/lang/ruby26-base/PLIST@1.3.4.1 / diff
pkgsrc/lang/ruby26-base/distinfo@1.7.2.1 / diff
pkgsrc/lang/ruby26-base/Makefile@1.9.2.1 / diff
pkgsrc/lang/ruby26-base/PLIST@1.3.4.1 / diff
pkgsrc/lang/ruby26-base/distinfo@1.7.2.1 / diff
Pullup ticket #6164 - requested by taca
lang/ruby26-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.218
- lang/ruby26-base/Makefile 1.10
- lang/ruby26-base/PLIST 1.4
- lang/ruby26-base/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:21:57 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby26-base: Makefile PLIST distinfo
Log Message:
lang/ruby26-base: update to 2.6.6
Update ruby26-base (and ruby26 related packages) to 2.6.6.
2.6.6 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
lang/ruby26-base: security fix
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.218
- lang/ruby26-base/Makefile 1.10
- lang/ruby26-base/PLIST 1.4
- lang/ruby26-base/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Apr 1 15:21:57 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby26-base: Makefile PLIST distinfo
Log Message:
lang/ruby26-base: update to 2.6.6
Update ruby26-base (and ruby26 related packages) to 2.6.6.
2.6.6 (2020-03-31)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/databases/phpmyadmin/Makefile@1.162.2.1
/
diff
pkgsrc/databases/phpmyadmin/PLIST@1.50.2.1 / diff
pkgsrc/databases/phpmyadmin/distinfo@1.112.2.1 / diff
pkgsrc/databases/phpmyadmin/PLIST@1.50.2.1 / diff
pkgsrc/databases/phpmyadmin/distinfo@1.112.2.1 / diff
Pullup ticket #6163 - requested by taca
databases/phpmyadmin: security fix
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.163
- databases/phpmyadmin/PLIST 1.51
- databases/phpmyadmin/distinfo 1.113
---
Module Name: pkgsrc
Committed By: tm
Date: Wed Apr 1 08:36:16 UTC 2020
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
phpmyadmin: update to 4.9.5
4.9.5 (2020-03-20)
- issue [security] Fix SQL injection with certain usernames (PMASA-2020-2)
- issue [security] Fix SQL injection in particular search situations (PMASA-2020-3)
- issue [security] Fix SQL injection and XSS flaw (PMASA-2020-4)
- issue Deprecate "options" for the external transformation; options must now be hard-coded along with the program name directly in the file.
databases/phpmyadmin: security fix
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.163
- databases/phpmyadmin/PLIST 1.51
- databases/phpmyadmin/distinfo 1.113
---
Module Name: pkgsrc
Committed By: tm
Date: Wed Apr 1 08:36:16 UTC 2020
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
phpmyadmin: update to 4.9.5
4.9.5 (2020-03-20)
- issue [security] Fix SQL injection with certain usernames (PMASA-2020-2)
- issue [security] Fix SQL injection in particular search situations (PMASA-2020-3)
- issue [security] Fix SQL injection and XSS flaw (PMASA-2020-4)
- issue Deprecate "options" for the external transformation; options must now be hard-coded along with the program name directly in the file.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6162 - requested by taca
devel/ruby-redmine_bootstrap_kit: build fix
Revisions pulled up:
- devel/ruby-redmine_bootstrap_kit/Makefile 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Mar 30 10:24:34 UTC 2020
Modified Files:
pkgsrc/devel/ruby-redmine_bootstrap_kit: Makefile
Log Message:
devel/ruby-redmine_bootstrap_kit: avoid using obsolete rdoc options
Avoid using obsolete rdoc options.
## require pull-up
devel/ruby-redmine_bootstrap_kit: build fix
Revisions pulled up:
- devel/ruby-redmine_bootstrap_kit/Makefile 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Mar 30 10:24:34 UTC 2020
Modified Files:
pkgsrc/devel/ruby-redmine_bootstrap_kit: Makefile
Log Message:
devel/ruby-redmine_bootstrap_kit: avoid using obsolete rdoc options
Avoid using obsolete rdoc options.
## require pull-up
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets #6159 to #6161
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6161 - requested by sborrill
mk/pkginstall: NetBSD 7 bugfix
Revisions pulled up:
- mk/pkginstall/files 1.11
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Apr 15 13:33:32 UTC 2020
Modified Files:
pkgsrc/mk/pkginstall: files
Log Message:
Work around a potential shell bug where "${FOO=${BAR%/*}}" does not work
if quoted. Seen on NetBSD 7.
#!/bin/sh
in="/path/to/dir with space/file"
: "${file=${in##*/}}"
: "${dir=${in%/*}}"
echo "dir:$dir"
echo "file:$file"
[ "$dir" = "$file" ] && echo "dir and file are same"
Leads to errors when adding packages such as:
./+FILES: cannot create
/var/db/pkg.refcount/files/etc/rc.d/xenguest//var/db/pkg/xe-guest-utilities-7.0.0:
directory nonexistent
mk/pkginstall: NetBSD 7 bugfix
Revisions pulled up:
- mk/pkginstall/files 1.11
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Apr 15 13:33:32 UTC 2020
Modified Files:
pkgsrc/mk/pkginstall: files
Log Message:
Work around a potential shell bug where "${FOO=${BAR%/*}}" does not work
if quoted. Seen on NetBSD 7.
#!/bin/sh
in="/path/to/dir with space/file"
: "${file=${in##*/}}"
: "${dir=${in%/*}}"
echo "dir:$dir"
echo "file:$file"
[ "$dir" = "$file" ] && echo "dir and file are same"
Leads to errors when adding packages such as:
./+FILES: cannot create
/var/db/pkg.refcount/files/etc/rc.d/xenguest//var/db/pkg/xe-guest-utilities-7.0.0:
directory nonexistent
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/sysutils/xenkernel411/Makefile@1.12.2.1
/
diff
pkgsrc/sysutils/xenkernel411/distinfo@1.9.2.1 / diff
pkgsrc/sysutils/xenkernel411/patches/patch-XSA313@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel411/patches/patch-XSA316@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel411/patches/patch-XSA318@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel411/distinfo@1.9.2.1 / diff
pkgsrc/sysutils/xenkernel411/patches/patch-XSA313@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel411/patches/patch-XSA316@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel411/patches/patch-XSA318@1.1.2.2 / diff
Pullup ticket #6160 - requested by bouyer
sysutils/xenkernel411: security fix
Revisions pulled up:
- sysutils/xenkernel411/Makefile 1.13
- sysutils/xenkernel411/distinfo 1.10-1.11
- sysutils/xenkernel411/patches/patch-XSA313 1.1
- sysutils/xenkernel411/patches/patch-XSA316 1.1
- sysutils/xenkernel411/patches/patch-XSA318 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Apr 15 15:37:20 UTC 2020
Modified Files:
pkgsrc/sysutils/xenkernel411: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel411/patches: patch-XSA313 patch-XSA318
Log Message:
Apply upstream patches for security issues XSA313 and XSA318.
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Apr 15 15:45:05 UTC 2020
Modified Files:
pkgsrc/sysutils/xenkernel411: distinfo
Added Files:
pkgsrc/sysutils/xenkernel411/patches: patch-XSA316
Log Message:
Also apply patch for XSA316. ride previous PKGREVISION bump
sysutils/xenkernel411: security fix
Revisions pulled up:
- sysutils/xenkernel411/Makefile 1.13
- sysutils/xenkernel411/distinfo 1.10-1.11
- sysutils/xenkernel411/patches/patch-XSA313 1.1
- sysutils/xenkernel411/patches/patch-XSA316 1.1
- sysutils/xenkernel411/patches/patch-XSA318 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Apr 15 15:37:20 UTC 2020
Modified Files:
pkgsrc/sysutils/xenkernel411: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel411/patches: patch-XSA313 patch-XSA318
Log Message:
Apply upstream patches for security issues XSA313 and XSA318.
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Apr 15 15:45:05 UTC 2020
Modified Files:
pkgsrc/sysutils/xenkernel411: distinfo
Added Files:
pkgsrc/sysutils/xenkernel411/patches: patch-XSA316
Log Message:
Also apply patch for XSA316. ride previous PKGREVISION bump
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6159 - requested by leot
devel/git-base: security fix
(via patch)
---
git: Update to 2.25.3
Changes:
2.25.3
------
This release is to address the security issue: CVE-2020-5260
* With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for
a wrong host. The attack has been made impossible by forbidding
a newline character in any value passed via the credential
protocol.
Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.
devel/git-base: security fix
(via patch)
---
git: Update to 2.25.3
Changes:
2.25.3
------
This release is to address the security issue: CVE-2020-5260
* With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for
a wrong host. The attack has been made impossible by forbidding
a newline character in any value passed via the credential
protocol.
Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.
pkgsrc-2020Q1 commitmail json YAML
Pullup tickets up to #6158
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6158 - requested by leot
lang/scala: build fix
Revisions pulled up:
- lang/scala/Makefile 1.17
---
Module Name: pkgsrc
Committed By: mef
Date: Sat Apr 4 04:19:36 UTC 2020
Modified Files:
pkgsrc/lang/scala: Makefile
Log Message:
(lang/scala) Fix install stage, ${TAR} was not defined
lang/scala: build fix
Revisions pulled up:
- lang/scala/Makefile 1.17
---
Module Name: pkgsrc
Committed By: mef
Date: Sat Apr 4 04:19:36 UTC 2020
Modified Files:
pkgsrc/lang/scala: Makefile
Log Message:
(lang/scala) Fix install stage, ${TAR} was not defined
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/security/tor-browser/Makefile@1.56.2.2
/
diff
pkgsrc/security/tor-browser/distinfo@1.14.2.2 / diff
pkgsrc/security/tor-browser/distinfo@1.14.2.2 / diff
Pullup ticket #6157 - requested by wiz
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.58-1.59
- security/tor-browser/distinfo 1.16-1.17
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 7 15:16:07 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Log Message:
tor-browser: update to 9.0.8.
Tor Browser 9.0.8 -- April 5 2020
* All Platforms
* Mozilla Bug 1620818 - Release nsDocShell::mContentViewer properly
* Mozilla Bug 1626728 - Normalize shutdown
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 10 19:18:00 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Log Message:
tor-browser: update to 9.0.9.
All Platforms
Update Firefox to 68.7.0esr
Bump NoScript to 11.0.23
Bug 33630: Remove noisebridge01 default bridge
Windows + OS X + Linux
Bug 33771: Update some existing licenses and add Libevent license
Bug 33723: Bump openssl version to 1.1.1f
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.58-1.59
- security/tor-browser/distinfo 1.16-1.17
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 7 15:16:07 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Log Message:
tor-browser: update to 9.0.8.
Tor Browser 9.0.8 -- April 5 2020
* All Platforms
* Mozilla Bug 1620818 - Release nsDocShell::mContentViewer properly
* Mozilla Bug 1626728 - Normalize shutdown
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 10 19:18:00 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Log Message:
tor-browser: update to 9.0.9.
All Platforms
Update Firefox to 68.7.0esr
Bump NoScript to 11.0.23
Bug 33630: Remove noisebridge01 default bridge
Windows + OS X + Linux
Bug 33771: Update some existing licenses and add Libevent license
Bug 33723: Bump openssl version to 1.1.1f
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/firefox68-l10n/Makefile@1.10.2.2
/
diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.2 / diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.2 / diff
Pullup ticket #6156 - requested by nia
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.12
- www/firefox68-l10n/distinfo 1.9
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 10 11:02:33 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.7.0
Sync with firefox68.
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.12
- www/firefox68-l10n/distinfo 1.9
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 10 11:02:33 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.7.0
Sync with firefox68.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6155 - requested by nia
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.17
- www/firefox68/distinfo 1.14
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 10 10:41:50 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Log Message:
firefox68: Update to 68.7.0
Security Vulnerabilities fixed in Firefox ESR 68.7
#CVE-2020-6828: Preference overwrite via crafted Intent from malicious
Android application
#CVE-2020-6827: Custom Tabs in Firefox for Android could have the URI
spoofed
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL
copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large
images
#CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.17
- www/firefox68/distinfo 1.14
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 10 10:41:50 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Log Message:
firefox68: Update to 68.7.0
Security Vulnerabilities fixed in Firefox ESR 68.7
#CVE-2020-6828: Preference overwrite via crafted Intent from malicious
Android application
#CVE-2020-6827: Custom Tabs in Firefox for Android could have the URI
spoofed
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL
copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large
images
#CVE-2020-6825: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
pkgsrc-2020Q1 commitmail json YAML
Five more pullups.
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/security/tor-browser/Makefile@1.56.2.1
/
diff
pkgsrc/security/tor-browser/distinfo@1.14.2.1 / diff
pkgsrc/security/tor-browser/distinfo@1.14.2.1 / diff
Pullup ticket #6154 - requested by wiz
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.57
- security/tor-browser/distinfo 1.15
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 7 14:29:09 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Log Message:
tor-browser: update to 9.0.7.
Tor Browser 9.0.7 -- March 20 2020
* All Platforms
* Bump NoScript to 11.0.19
* Bump Https-Everywhere to 2020.3.16
* Bug 33613: Disable Javascript on Safest security level
security/tor-browser: security fix
Revisions pulled up:
- security/tor-browser/Makefile 1.57
- security/tor-browser/distinfo 1.15
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 7 14:29:09 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo
Log Message:
tor-browser: update to 9.0.7.
Tor Browser 9.0.7 -- March 20 2020
* All Platforms
* Bump NoScript to 11.0.19
* Bump Https-Everywhere to 2020.3.16
* Bug 33613: Disable Javascript on Safest security level
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/apache24/Makefile@1.88.2.1
/
diff
pkgsrc/www/apache24/PLIST@1.31.4.1 / diff
pkgsrc/www/apache24/distinfo@1.41.4.1 / diff
pkgsrc/www/apache24/PLIST@1.31.4.1 / diff
pkgsrc/www/apache24/distinfo@1.41.4.1 / diff
Pullup ticket #6153 - requested by wiz
www/apache24: Security fix
Revisions pulled up:
- www/apache24/Makefile 1.89
- www/apache24/PLIST 1.32
- www/apache24/distinfo 1.42
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 6 08:27:26 UTC 2020
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
Log Message:
apache: update to 2.4.43.
Changes with Apache 2.4.43
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
Changes with Apache 2.4.42
*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
with an empty body (regression introduced in 2.4.41). PR63891.
[Yann Ylavic]
*) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
identifier under load, see <https://github.com/icing/mod_h2/issues/195>.
[Michael Kaufmann, Stefan Eissing]
*) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
PR64140. [Renier Velazco <renier.velazco upr.edu>]
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.
*) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
to allow customization of the usertrack cookie. PR64077.
[Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]
*) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
*) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
*) Add a config layout for OpenWRT. [Graham Leggett]
*) Add support for cross compiling to apxs. If apxs is being executed from
somewhere other than its target location, add that prefix to includes and
library directories. Without this, apxs would fail to find config_vars.mk
and exit. [Graham Leggett]
*) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
[Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
*) mod_ssl: Support use of private keys and certificates from an
OpenSSL ENGINE via PKCS#11 URIs in SSLCertificateFile/KeyFile.
[Anderson Sasaki <ansasaki redhat.com>, Joe Orton]
*) mod_md:
- Prefer MDContactEmail directive to ServerAdmin for registration. New directive
thanks to Timothe Litt (@tlhackque).
- protocol check for pre-configured "tls-alpn-01" challenge has been improved. It will now
check all matching virtual hosts for protocol support. Thanks to @mkauf.
- Corrected a check when OCSP stapling was configured for hosts
where the responsible MDomain is not clear, by Michal Karm Babacek (@Karm).
- Softening the restrictions where mod_md configuration directives may appear. This should
allow for use in <If> and <Macro> sections. If all possible variations lead to the configuration
you wanted in the first place, is another matter.
[Michael Kaufmann <mail michael-kaufmann.ch>, Timothe Litt (@tlhackque),
Michal Karm Babacek (@Karm), Stefan Eissing (@icing)]
*) test: Added continuous testing with Travis CI.
This tests various scenarios on Ubuntu with the full test suite.
Architectures tested: amd64, s390x, ppc64le, arm64
The tests pass successfully.
[Luca Toscano, Joe Orton, Mike Rumph, and others]
*) core: Be stricter in parsing of Transfer-Encoding headers.
[ZeddYu <zeddyu.lu gmail.com>, Eric Covener]
*) mod_ssl: negotiate the TLS protocol version per name based vhost
configuration, when linked with OpenSSL-1.1.1 or later. The base vhost's
SSLProtocol (from the first vhost declared on the IP:port) is now only
relevant if no SSLProtocol is declared for the vhost or globally,
otherwise the vhost or global value apply. [Yann Ylavic]
*) mod_cgi, mod_cgid: Fix a memory leak in some error cases with large script
output. PR 64096. [Joe Orton]
*) config: Speed up graceful restarts by using pre-hashed command table. PR 64066.
[Giovanni Bechis <giovanni paclan.it>, Jim Jagielski]
*) mod_systemd: New module providing integration with systemd. [Jan Kaluza]
*) mod_lua: Add r:headers_in_table, r:headers_out_table, r:err_headers_out_table,
r:notes_table, r:subprocess_env_table as read-only native table alternatives
that can be iterated over. [Eric Covener]
*) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
[Yann Ylavic, Stefan Eissing]
*) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
r.headers_out, etc) to remove the key from the table. PR63971.
[Eric Covener]
*) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
always `on`, regardless of configuration. Found and reported by
<Armin.Abfalterer@united-security-providers.ch> and
<Marcial.Rion@united-security-providers.ch>. [Stefan Eissing]
*) mod_http2: Multiple field length violations in the same request no longer cause
several log entries to be written. [@mkauf]
*) mod_ssl: OCSP does not apply to proxy mode. PR 63679.
[Lubos Uhliarik <luhliari redhat.com>, Yann Ylavic]
*) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
[Jim Jagielski]
*) mod_authn_socache: Increase the maximum length of strings that can be cached by
the module from 100 to 256. PR 62149 [<thorsten.meinl knime.com>]
*) mod_proxy: Fix crash by resolving pool concurrency problems. PR 63503
[Ruediger Pluem, Eric Covener]
*) core: On Windows, fix a start-up crash if <IfFile ...> is used with a path that is not
valid (For example, testing for a file on a flash drive that is not mounted)
[Christophe Jaillet]
*) mod_deflate, mod_brotli: honor "Accept-Encoding: foo;q=0" as per RFC 7231; which
means 'foo' is "not acceptable". PR 58158 [Chistophe Jaillet]
*) mod_md v2.2.3:
- Configuring MDCAChallenges replaces any previous existing challenge configuration. It
had been additive before which was not the intended behaviour. [@mkauf]
- Fixing order of ACME challenges used when nothing else configured. Code now behaves as
documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this.
- Fixing a potential, low memory null pointer dereference [thanks to @uhliarik].
- Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted
"transfer-encoding" to POST requests. This failed in directy communication with
Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing]
*) mod_md: Adding the several new features.
The module offers an implementation of OCSP Stapling that can replace fully or
for a limited set of domains the existing one from mod_ssl. OCSP handling
is part of mod_md's monitoring and message notifications. If can be used
for sites that do not have ACME certificates.
The url for a CTLog Monitor can be configured. It is used in the server-status
to link to the external status page of a certicate.
The MDMessageCmd is called with argument "installed" when a new certificate
has been activated on server restart/reload. This allows for processing of
the new certificate, for example to applications that require it in different
locations or formats.
[Stefan Eissing]
*) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS
protection. PR 63688. [Armin Abfalterer <a.abfalterer gmail.com>]
www/apache24: Security fix
Revisions pulled up:
- www/apache24/Makefile 1.89
- www/apache24/PLIST 1.32
- www/apache24/distinfo 1.42
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 6 08:27:26 UTC 2020
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
Log Message:
apache: update to 2.4.43.
Changes with Apache 2.4.43
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
Changes with Apache 2.4.42
*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
with an empty body (regression introduced in 2.4.41). PR63891.
[Yann Ylavic]
*) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
identifier under load, see <https://github.com/icing/mod_h2/issues/195>.
[Michael Kaufmann, Stefan Eissing]
*) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
PR64140. [Renier Velazco <renier.velazco upr.edu>]
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.
*) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
to allow customization of the usertrack cookie. PR64077.
[Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]
*) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
*) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
*) Add a config layout for OpenWRT. [Graham Leggett]
*) Add support for cross compiling to apxs. If apxs is being executed from
somewhere other than its target location, add that prefix to includes and
library directories. Without this, apxs would fail to find config_vars.mk
and exit. [Graham Leggett]
*) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
[Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
*) mod_ssl: Support use of private keys and certificates from an
OpenSSL ENGINE via PKCS#11 URIs in SSLCertificateFile/KeyFile.
[Anderson Sasaki <ansasaki redhat.com>, Joe Orton]
*) mod_md:
- Prefer MDContactEmail directive to ServerAdmin for registration. New directive
thanks to Timothe Litt (@tlhackque).
- protocol check for pre-configured "tls-alpn-01" challenge has been improved. It will now
check all matching virtual hosts for protocol support. Thanks to @mkauf.
- Corrected a check when OCSP stapling was configured for hosts
where the responsible MDomain is not clear, by Michal Karm Babacek (@Karm).
- Softening the restrictions where mod_md configuration directives may appear. This should
allow for use in <If> and <Macro> sections. If all possible variations lead to the configuration
you wanted in the first place, is another matter.
[Michael Kaufmann <mail michael-kaufmann.ch>, Timothe Litt (@tlhackque),
Michal Karm Babacek (@Karm), Stefan Eissing (@icing)]
*) test: Added continuous testing with Travis CI.
This tests various scenarios on Ubuntu with the full test suite.
Architectures tested: amd64, s390x, ppc64le, arm64
The tests pass successfully.
[Luca Toscano, Joe Orton, Mike Rumph, and others]
*) core: Be stricter in parsing of Transfer-Encoding headers.
[ZeddYu <zeddyu.lu gmail.com>, Eric Covener]
*) mod_ssl: negotiate the TLS protocol version per name based vhost
configuration, when linked with OpenSSL-1.1.1 or later. The base vhost's
SSLProtocol (from the first vhost declared on the IP:port) is now only
relevant if no SSLProtocol is declared for the vhost or globally,
otherwise the vhost or global value apply. [Yann Ylavic]
*) mod_cgi, mod_cgid: Fix a memory leak in some error cases with large script
output. PR 64096. [Joe Orton]
*) config: Speed up graceful restarts by using pre-hashed command table. PR 64066.
[Giovanni Bechis <giovanni paclan.it>, Jim Jagielski]
*) mod_systemd: New module providing integration with systemd. [Jan Kaluza]
*) mod_lua: Add r:headers_in_table, r:headers_out_table, r:err_headers_out_table,
r:notes_table, r:subprocess_env_table as read-only native table alternatives
that can be iterated over. [Eric Covener]
*) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection.
[Yann Ylavic, Stefan Eissing]
*) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env,
r.headers_out, etc) to remove the key from the table. PR63971.
[Eric Covener]
*) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
always `on`, regardless of configuration. Found and reported by
<Armin.Abfalterer@united-security-providers.ch> and
<Marcial.Rion@united-security-providers.ch>. [Stefan Eissing]
*) mod_http2: Multiple field length violations in the same request no longer cause
several log entries to be written. [@mkauf]
*) mod_ssl: OCSP does not apply to proxy mode. PR 63679.
[Lubos Uhliarik <luhliari redhat.com>, Yann Ylavic]
*) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
[Jim Jagielski]
*) mod_authn_socache: Increase the maximum length of strings that can be cached by
the module from 100 to 256. PR 62149 [<thorsten.meinl knime.com>]
*) mod_proxy: Fix crash by resolving pool concurrency problems. PR 63503
[Ruediger Pluem, Eric Covener]
*) core: On Windows, fix a start-up crash if <IfFile ...> is used with a path that is not
valid (For example, testing for a file on a flash drive that is not mounted)
[Christophe Jaillet]
*) mod_deflate, mod_brotli: honor "Accept-Encoding: foo;q=0" as per RFC 7231; which
means 'foo' is "not acceptable". PR 58158 [Chistophe Jaillet]
*) mod_md v2.2.3:
- Configuring MDCAChallenges replaces any previous existing challenge configuration. It
had been additive before which was not the intended behaviour. [@mkauf]
- Fixing order of ACME challenges used when nothing else configured. Code now behaves as
documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this.
- Fixing a potential, low memory null pointer dereference [thanks to @uhliarik].
- Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted
"transfer-encoding" to POST requests. This failed in directy communication with
Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing]
*) mod_md: Adding the several new features.
The module offers an implementation of OCSP Stapling that can replace fully or
for a limited set of domains the existing one from mod_ssl. OCSP handling
is part of mod_md's monitoring and message notifications. If can be used
for sites that do not have ACME certificates.
The url for a CTLog Monitor can be configured. It is used in the server-status
to link to the external status page of a certicate.
The MDMessageCmd is called with argument "installed" when a new certificate
has been activated on server restart/reload. This allows for processing of
the new certificate, for example to applications that require it in different
locations or formats.
[Stefan Eissing]
*) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS
protection. PR 63688. [Armin Abfalterer <a.abfalterer gmail.com>]
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/net/haproxy/Makefile@1.59.2.1
/
diff
pkgsrc/net/haproxy/distinfo@1.52.2.1 / diff
pkgsrc/net/haproxy/options.mk@1.8.2.1 / diff
pkgsrc/net/haproxy/distinfo@1.52.2.1 / diff
pkgsrc/net/haproxy/options.mk@1.8.2.1 / diff
Pullup ticket #6152 - requested by adam
net/haproxy: security fix (CVE-2020-11100)
Revisions pulled up:
- net/haproxy/Makefile 1.60
- net/haproxy/distinfo 1.53
- net/haproxy/options.mk 1.9
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 3 16:34:13 UTC 2020
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo options.mk
Log Message:
haproxy: updated to 2.1.4
2.1.4
- SCRIPTS: make announce-release executable again
- BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
- BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
- BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
- MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex
- SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
- MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
- MINOR: filters: Forward data only if the last filter forwards something
- BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
- BUG/MINOR: http-htx: Don't return error if authority is updated without changes
- BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
- MINOR: http-ana: Match on the path if the monitor-uri starts by a /
- BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
- MINOR: ist: add an iststop() function
- BUG/MINOR: http: http-request replace-path duplicates the query string
- BUG/MEDIUM: shctx: make sure to keep all blocks aligned
- MINOR: compiler: move CPU capabilities definition from config.h and complete them
- BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
- BUILD: fix recent build failure on unaligned archs
- CLEANUP: cfgparse: Fix type of second calloc() parameter
- BUG/MINOR: sample: fix the json converter's endian-sensitivity
- BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
- BUG/MINOR: connection: make sure to correctly tag local PROXY connections
- MINOR: compiler: add new alignment macros
- BUILD: ebtree: improve architecture-specific alignment
- BUG/MINOR: h2: reject again empty :path pseudo-headers
- BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
- BUG/MINOR: dns: ignore trailing dot
- BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
- MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
- MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
- BUG/MEDIUM: random: initialize the random pool a bit better
- MINOR: tools: add 64-bit rotate operators
- BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
- MINOR: backend: use a single call to ha_random32() for the random LB algo
- BUG/MINOR: checks/threads: use ha_random() and not rand()
- BUG/MAJOR: list: fix invalid element address calculation
- MINOR: debug: report the task handler's pointer relative to main
- BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
- MINOR: haproxy: export main to ease access from debugger
- BUILD: tools: remove obsolete and conflicting trace() from standard.c
- BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
- DOC: fix incorrect indentation of http_auth_*
- OPTIM: startup: fast unique_id allocation for acl.
- BUG/MINOR: pattern: Do not pass len = 0 to calloc()
- DOC: configuration.txt: fix various typos
- DOC: assorted typo fixes in the documentation and Makefile
- BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
- BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
- REGTEST: make the PROXY TLV validation depend on version 2.2
- BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
- BUG/MINOR: filters: Forward everything if no data filters are called
- MINOR: htx: Add a function to return a block at a specific offset
- BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
- BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
- BUG/MINOR: http-ana: Reset request analysers on a response side error
- BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
- BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
- BUG/MINOR: http-rules: Fix a typo in the reject action function
- BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
- BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
- DOC: fix typo about no-tls-tickets
- DOC: improve description of no-tls-tickets
- DOC: assorted typo fixes in the documentation
- DOC: ssl: clarify security implications of TLS tickets
- BUILD: wdt: only test for SI_TKILL when compiled with thread support
- BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
- MINOR: mt_lists: Appease gcc.
- BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
- BUG/MEDIUM: pools: Always update free_list in pool_gc().
- BUG/MINOR: haproxy: always initialize sleeping_thread_mask
- BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
- BUG/MINOR: haproxy/threads: try to make all threads leave together
- DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
- DOC: correct typo in alert message about rspirep
- BUILD: on ARM, must be linked to libatomic.
- BUILD: makefile: fix regex syntax in ARM platform detection
- BUILD: makefile: fix expression again to detect ARM platform
- BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
- DOC: assorted typo fixes in the documentation
- MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
- BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
- MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
- BUG/MINOR: connections: Make sure we free the connection on failure.
- REGTESTS: use "command -v" instead of "which"
- REGTEST: increase timeouts on the seamless-reload test
- BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
- BUG/MINOR: peers: Use after free of "peers" section.
- MINOR: listener: add so_name sample fetch
- BUILD: ssl: only pass unsigned chars to isspace()
- BUG/MINOR: stats: Fix color of draining servers on stats page
- DOC: internals: Fix spelling errors in filters.txt
- MINOR: http-rules: Add a flag on redirect rules to know the rule direction
- BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
- MINOR: http-rules: Handle the rule direction when a redirect is evaluated
- BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
- BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
net/haproxy: security fix (CVE-2020-11100)
Revisions pulled up:
- net/haproxy/Makefile 1.60
- net/haproxy/distinfo 1.53
- net/haproxy/options.mk 1.9
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 3 16:34:13 UTC 2020
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo options.mk
Log Message:
haproxy: updated to 2.1.4
2.1.4
- SCRIPTS: make announce-release executable again
- BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
- BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
- BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
- MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex
- SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
- MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
- MINOR: filters: Forward data only if the last filter forwards something
- BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
- BUG/MINOR: http-htx: Don't return error if authority is updated without changes
- BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
- MINOR: http-ana: Match on the path if the monitor-uri starts by a /
- BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
- MINOR: ist: add an iststop() function
- BUG/MINOR: http: http-request replace-path duplicates the query string
- BUG/MEDIUM: shctx: make sure to keep all blocks aligned
- MINOR: compiler: move CPU capabilities definition from config.h and complete them
- BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
- BUILD: fix recent build failure on unaligned archs
- CLEANUP: cfgparse: Fix type of second calloc() parameter
- BUG/MINOR: sample: fix the json converter's endian-sensitivity
- BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
- BUG/MINOR: connection: make sure to correctly tag local PROXY connections
- MINOR: compiler: add new alignment macros
- BUILD: ebtree: improve architecture-specific alignment
- BUG/MINOR: h2: reject again empty :path pseudo-headers
- BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
- BUG/MINOR: dns: ignore trailing dot
- BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
- MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
- MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
- BUG/MEDIUM: random: initialize the random pool a bit better
- MINOR: tools: add 64-bit rotate operators
- BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
- MINOR: backend: use a single call to ha_random32() for the random LB algo
- BUG/MINOR: checks/threads: use ha_random() and not rand()
- BUG/MAJOR: list: fix invalid element address calculation
- MINOR: debug: report the task handler's pointer relative to main
- BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
- MINOR: haproxy: export main to ease access from debugger
- BUILD: tools: remove obsolete and conflicting trace() from standard.c
- BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
- DOC: fix incorrect indentation of http_auth_*
- OPTIM: startup: fast unique_id allocation for acl.
- BUG/MINOR: pattern: Do not pass len = 0 to calloc()
- DOC: configuration.txt: fix various typos
- DOC: assorted typo fixes in the documentation and Makefile
- BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
- BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
- REGTEST: make the PROXY TLV validation depend on version 2.2
- BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
- BUG/MINOR: filters: Forward everything if no data filters are called
- MINOR: htx: Add a function to return a block at a specific offset
- BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
- BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
- BUG/MINOR: http-ana: Reset request analysers on a response side error
- BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
- BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
- BUG/MINOR: http-rules: Fix a typo in the reject action function
- BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
- BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
- DOC: fix typo about no-tls-tickets
- DOC: improve description of no-tls-tickets
- DOC: assorted typo fixes in the documentation
- DOC: ssl: clarify security implications of TLS tickets
- BUILD: wdt: only test for SI_TKILL when compiled with thread support
- BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
- MINOR: mt_lists: Appease gcc.
- BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
- BUG/MEDIUM: pools: Always update free_list in pool_gc().
- BUG/MINOR: haproxy: always initialize sleeping_thread_mask
- BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
- BUG/MINOR: haproxy/threads: try to make all threads leave together
- DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
- DOC: correct typo in alert message about rspirep
- BUILD: on ARM, must be linked to libatomic.
- BUILD: makefile: fix regex syntax in ARM platform detection
- BUILD: makefile: fix expression again to detect ARM platform
- BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
- DOC: assorted typo fixes in the documentation
- MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
- BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
- MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
- BUG/MINOR: connections: Make sure we free the connection on failure.
- REGTESTS: use "command -v" instead of "which"
- REGTEST: increase timeouts on the seamless-reload test
- BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
- BUG/MINOR: peers: Use after free of "peers" section.
- MINOR: listener: add so_name sample fetch
- BUILD: ssl: only pass unsigned chars to isspace()
- BUG/MINOR: stats: Fix color of draining servers on stats page
- DOC: internals: Fix spelling errors in filters.txt
- MINOR: http-rules: Add a flag on redirect rules to know the rule direction
- BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
- MINOR: http-rules: Handle the rule direction when a redirect is evaluated
- BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
- BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
pkgsrc-2020Q1 commitmail json YAML
pkgsrc/www/firefox68-l10n/Makefile@1.10.2.1
/
diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.1 / diff
pkgsrc/www/firefox68-l10n/distinfo@1.7.2.1 / diff
Pullup ticket #6151 - requested by nia
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.11
- www/firefox68-l10n/distinfo 1.8
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 4 17:02:34 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.6.1
Sync with firefox68.
www/firefox68-l10n: dependent update
Revisions pulled up:
- www/firefox68-l10n/Makefile 1.11
- www/firefox68-l10n/distinfo 1.8
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 4 17:02:34 UTC 2020
Modified Files:
pkgsrc/www/firefox68-l10n: Makefile distinfo
Log Message:
firefox68-l10n: Update to 68.6.1
Sync with firefox68.
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6150 - requested by nia
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.16
- www/firefox68/distinfo 1.13
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 4 15:26:42 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Log Message:
firefox68: Update to 68.6.1
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
#CVE-2020-6820: Use-after-free when handling a ReadableStream
www/firefox68: security fix
Revisions pulled up:
- www/firefox68/Makefile 1.16
- www/firefox68/distinfo 1.13
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Apr 4 15:26:42 UTC 2020
Modified Files:
pkgsrc/www/firefox68: Makefile distinfo
Log Message:
firefox68: Update to 68.6.1
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
#CVE-2020-6820: Use-after-free when handling a ReadableStream
pkgsrc-2020Q1 commitmail json YAML
I hereby declare this pullup season open!
pkgsrc-2020Q1 commitmail json YAML
Pullup ticket #6149 - requested by ryoon
devel/glibmm: bugfix (for inkscape)
Revisions pulled up:
- devel/glibmm/Makefile 1.85
- devel/glibmm/distinfo 1.59
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Mar 30 12:50:45 UTC 2020
Modified Files:
pkgsrc/devel/glibmm: Makefile distinfo
Log Message:
glibmm: Update to 2.64.2
Changelog:
2020-03-22 Kjell Ahlstedt <kjellahlstedt@gmail.com>
2.64.2
2020-03-20 Kjell Ahlstedt <kjellahlstedt@gmail.com>
Glib::build_filename(): Fix the template overload
and add some tests to tests/glibmm_buildfilename/main.cc.
Fixes #71
2020-03-19 Kjell Ahlstedt <kjellahlstedt@gmail.com>
Meson build: Install generate_extra_defs.h
Fixes #70
2020-03-19 Kjell Ahlstedt <kjellahlstedt@gmail.com>
README: Fix a misspelling
devel/glibmm: bugfix (for inkscape)
Revisions pulled up:
- devel/glibmm/Makefile 1.85
- devel/glibmm/distinfo 1.59
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Mar 30 12:50:45 UTC 2020
Modified Files:
pkgsrc/devel/glibmm: Makefile distinfo
Log Message:
glibmm: Update to 2.64.2
Changelog:
2020-03-22 Kjell Ahlstedt <kjellahlstedt@gmail.com>
2.64.2
2020-03-20 Kjell Ahlstedt <kjellahlstedt@gmail.com>
Glib::build_filename(): Fix the template overload
and add some tests to tests/glibmm_buildfilename/main.cc.
Fixes #71
2020-03-19 Kjell Ahlstedt <kjellahlstedt@gmail.com>
Meson build: Install generate_extra_defs.h
Fixes #70
2020-03-19 Kjell Ahlstedt <kjellahlstedt@gmail.com>
README: Fix a misspelling
pkgsrc-2020Q1 commitmail json YAML
doc: Add CHANGES file for the pkgsrc-2020Q1 branch.