Now
pkgsrc-2023Q1 commitmail json YAML
Pullup tickets #6763 to #6765
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/www/firefox102-l10n/Makefile@1.9.2.3
/
diff
pkgsrc/www/firefox102-l10n/distinfo@1.8.2.3 / diff
pkgsrc/www/firefox102/Makefile@1.16.2.3 / diff
pkgsrc/www/firefox102/distinfo@1.10.2.3 / diff
pkgsrc/www/firefox102-l10n/distinfo@1.8.2.3 / diff
pkgsrc/www/firefox102/Makefile@1.16.2.3 / diff
pkgsrc/www/firefox102/distinfo@1.10.2.3 / diff
Pullup ticket #6765 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.12
- www/firefox102-l10n/distinfo 1.11
- www/firefox102/Makefile 1.21
- www/firefox102/distinfo 1.13
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Jun 25 16:07:08 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: update to 102.12
Security Vulnerabilities fixed in Firefox ESR 102.12
#CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR
102.12
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.12
- www/firefox102-l10n/distinfo 1.11
- www/firefox102/Makefile 1.21
- www/firefox102/distinfo 1.13
---
Module Name: pkgsrc
Committed By: nia
Date: Sun Jun 25 16:07:08 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: update to 102.12
Security Vulnerabilities fixed in Firefox ESR 102.12
#CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
#CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR
102.12
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/net/bind918/Makefile@1.8.2.1
/
diff
pkgsrc/net/bind918/PLIST@1.3.2.1 / diff
pkgsrc/net/bind918/distinfo@1.6.2.1 / diff
pkgsrc/net/bind918/options.mk@1.1.4.1 / diff
pkgsrc/net/bind918/PLIST@1.3.2.1 / diff
pkgsrc/net/bind918/distinfo@1.6.2.1 / diff
pkgsrc/net/bind918/options.mk@1.1.4.1 / diff
Pullup ticket #6764 - requested by taca
net/bind918: security fix
Revisions pulled up:
- net/bind918/Makefile 1.10-1.12
- net/bind918/PLIST 1.4
- net/bind918/distinfo 1.7-1.9
- net/bind918/options.mk 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 24 13:48:06 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile PLIST distinfo options.mk
Log Message:
net/bind918: update to 9.18.14
pkgsrc change: reduce some pkglint warnings.
--- 9.18.14 released ---
6145. [bug] Fix a possible use-after-free bug in the
dns__catz_done_cb() function. [GL #3997]
6143. [bug] A reference counting problem on the error path in
the xfrin_connect_done() might cause an assertion
failure on shutdown. [GL #3989]
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6141. [bug] Fix several issues in nsupdate timeout handling and
update the -t option's documentation. [GL #3674]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6136. [cleanup] Remove the isc_fsaccess API in favor of creating
temporary file first and atomically replace the key
with non-truncated content. [GL #3982]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6128. [bug] Fix an omission in an earlier commit to avoid a race
between the 'dns__catz_update_cb()' and
'dns_catz_dbupdate_callback()' functions. [GL #3968]
6126. [cleanup] Deprecate zone type "delegation-only" and the
"delegation-only" and "root-delegation-only"
options. [GL #3953]
6125. [bug] Hold a catz reference while the update process is
running, so that the catalog zone is not destroyed
during shutdown until the update process is finished or
properly canceled by the activated 'shuttingdown' flag.
[GL #3955]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
6121. [bug] Fix BIND and dig zone transfer hanging when
downloading large zones over TLS from a primary server,
especially over unstable connections. [GL #3867]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 17 13:43:52 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.15
--- 9.18.15 released ---
6164. [bug] Set the rndc idle read timeout back to 60 seconds,
from the netmgr default of 30 seconds, in order to
match the behavior of 9.16 and earlier. [GL #4046]
6161. [bug] Fix log file rotation when using absolute path as
file. [GL #3991]
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
6156. [bug] Reimplement the maximum and idle timeouts for incoming
zone tranfers. [GL #4004]
6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error
in the dispatch code to avoid retrying with the
same server. [GL #4005]
6152. [bug] In dispatch, honour the configured source-port
selection when UDP connection fails with address
in use error.
Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
[GL #3986]
6149. [test] As a workaround, include an OpenSSL header file before
including cmocka.h in the unit tests, because OpenSSL
3.1.0 uses __attribute__(malloc), conflicting with a
redefined malloc in cmocka.h. [GL #4000]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 21 14:42:23 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.16
9.18.16 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6188. [performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
6185. [func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6182. [cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
6181. [func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
6180. [bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
6179. [bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
6176. [test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
6174. [bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
6165. [bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
net/bind918: security fix
Revisions pulled up:
- net/bind918/Makefile 1.10-1.12
- net/bind918/PLIST 1.4
- net/bind918/distinfo 1.7-1.9
- net/bind918/options.mk 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 24 13:48:06 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile PLIST distinfo options.mk
Log Message:
net/bind918: update to 9.18.14
pkgsrc change: reduce some pkglint warnings.
--- 9.18.14 released ---
6145. [bug] Fix a possible use-after-free bug in the
dns__catz_done_cb() function. [GL #3997]
6143. [bug] A reference counting problem on the error path in
the xfrin_connect_done() might cause an assertion
failure on shutdown. [GL #3989]
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6141. [bug] Fix several issues in nsupdate timeout handling and
update the -t option's documentation. [GL #3674]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6136. [cleanup] Remove the isc_fsaccess API in favor of creating
temporary file first and atomically replace the key
with non-truncated content. [GL #3982]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6128. [bug] Fix an omission in an earlier commit to avoid a race
between the 'dns__catz_update_cb()' and
'dns_catz_dbupdate_callback()' functions. [GL #3968]
6126. [cleanup] Deprecate zone type "delegation-only" and the
"delegation-only" and "root-delegation-only"
options. [GL #3953]
6125. [bug] Hold a catz reference while the update process is
running, so that the catalog zone is not destroyed
during shutdown until the update process is finished or
properly canceled by the activated 'shuttingdown' flag.
[GL #3955]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
6121. [bug] Fix BIND and dig zone transfer hanging when
downloading large zones over TLS from a primary server,
especially over unstable connections. [GL #3867]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 17 13:43:52 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.15
--- 9.18.15 released ---
6164. [bug] Set the rndc idle read timeout back to 60 seconds,
from the netmgr default of 30 seconds, in order to
match the behavior of 9.16 and earlier. [GL #4046]
6161. [bug] Fix log file rotation when using absolute path as
file. [GL #3991]
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
6156. [bug] Reimplement the maximum and idle timeouts for incoming
zone tranfers. [GL #4004]
6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error
in the dispatch code to avoid retrying with the
same server. [GL #4005]
6152. [bug] In dispatch, honour the configured source-port
selection when UDP connection fails with address
in use error.
Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
[GL #3986]
6149. [test] As a workaround, include an OpenSSL header file before
including cmocka.h in the unit tests, because OpenSSL
3.1.0 uses __attribute__(malloc), conflicting with a
redefined malloc in cmocka.h. [GL #4000]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 21 14:42:23 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.16
9.18.16 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6188. [performance] Reduce memory consumption by allocating properly
sized send buffers for stream-based transports.
[GL #4038]
6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
'stale-answer-enable' options was enabled and the
'stale-answer-client-timeout' option was enabled and
larger than 0, named was taking two places from the
'clients-per-query' limit for each client and was
failing to gradually auto-tune its value, as configured.
[GL #4074]
6185. [func] Add "ClientQuota" statistics channel counter, which
indicates the number of the resolver's spilled queries
due to reaching the clients per query quota. [GL !7978]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6182. [cleanup] Remove configure checks for epoll, kqueue and
/dev/poll. [GL #4098]
6181. [func] The "tkey-dhkey" option has been deprecated; a
warning will be logged when it is used. In a future
release, Diffie-Hellman TKEY mode will be removed.
[GL #3905]
6180. [bug] The session key object could be incorrectly added
to multiple different views' keyrings. [GL #4079]
6179. [bug] Fix an interfacemgr use-after-free error in
zoneconf.c:isself(). [GL #3765]
6176. [test] Add support for using pytest & pytest-xdist to
execute the system test suite. [GL #3978]
6174. [bug] BIND could get stuck on reconfiguration when a
'listen' statement for HTTP is removed from the
configuration. That has been fixed. [GL #4071]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
6165. [bug] Fix a logic error in dighost.c which could call the
dighost_shutdown() callback twice and cause problems
if the callback function was not idempotent. [GL #4039]
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/net/bind916/Makefile@1.54.2.1
/
diff
pkgsrc/net/bind916/distinfo@1.46.2.1 / diff
pkgsrc/net/bind916/options.mk@1.4.20.1 / diff
pkgsrc/net/bind916/distinfo@1.46.2.1 / diff
pkgsrc/net/bind916/options.mk@1.4.20.1 / diff
Pullup ticket #6763 - requested by taca
net/bind916: security fix
Revisions pulled up:
- net/bind916/Makefile 1.56-1.58
- net/bind916/distinfo 1.47-1.49
- net/bind916/options.mk 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 24 13:45:10 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.40
--- 9.16.40 released ---
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
5741. [bug] Log files with "timestamp" suffixes could be left in
place after rolling, even if the number of preserved
log files exceeded the configured "versions" limit.
[GL #828] [GL #3959]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 17 13:41:58 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.41
--- 9.16.41 released ---
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 21 14:40:43 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo options.mk
Log Message:
net/bind916: update to 9.16.42
pkgsrc change: reduce pkglint warnings.
9.16.42 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
net/bind916: security fix
Revisions pulled up:
- net/bind916/Makefile 1.56-1.58
- net/bind916/distinfo 1.47-1.49
- net/bind916/options.mk 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 24 13:45:10 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.40
--- 9.16.40 released ---
6142. [bug] Reduce the number of dns_dnssec_verify calls made
determining if revoked keys needs to be removed from
the trust anchors. [GL #3981]
6138. [doc] Fix the DF-flag documentation on the outgoing
UDP packets. [GL #3710]
6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
6129. [cleanup] Value stored to 'source' during its initialization is
never read. [GL #3965]
6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
an NSEC3 incapable DNSSEC algorithm using KASP the zone
could sometimes be incompletely signed. [GL #3937]
5741. [bug] Log files with "timestamp" suffixes could be left in
place after rolling, even if the number of preserved
log files exceeded the configured "versions" limit.
[GL #828] [GL #3959]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 17 13:41:58 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.41
--- 9.16.41 released ---
6157. [bug] When removing delegations in an OPTOUT range
empty-non-terminal NSEC3 records generated by
those delegations were not removed. [GL #4027]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 21 14:40:43 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo options.mk
Log Message:
net/bind916: update to 9.16.42
pkgsrc change: reduce pkglint warnings.
9.16.42 (2023-06-21)
Security release:
- CVE-2023-2828
- CVE-2023-2911
6192. [security] A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache.
If the fetch is aborted for exceeding the recursion
quota, it was possible for 'named' to enter an infinite
callback loop and crash due to stack overflow. This has
been fixed. (CVE-2023-2911) [GL #4089]
6190. [security] Improve the overmem cleaning process to prevent the
cache going over the configured limit. (CVE-2023-2828)
[GL #4055]
6183. [bug] Fix a serve-stale bug where a delegation from cache
could be returned to the client. [GL #3950]
6173. [bug] Properly process extra "nameserver" lines in
resolv.conf otherwise the next line is not properly
processed. [GL #4066]
6169. [bug] named could crash when deleting inline-signing zones
with "rndc delzone". [GL #4054]
pkgsrc-2023Q1 commitmail json YAML
Ticket #6762
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/security/heimdal/Makefile@1.157.2.1
/
diff
pkgsrc/security/heimdal/distinfo@1.56.2.1 / diff
pkgsrc/security/heimdal/patches/patch-lib_krb5_store-int.c@1.1.2.2 / diff
pkgsrc/security/heimdal/distinfo@1.56.2.1 / diff
pkgsrc/security/heimdal/patches/patch-lib_krb5_store-int.c@1.1.2.2 / diff
Pullup ticket #6762 - requested by riastradh
security/heimdal: security fix
Revisions pulled up:
- security/heimdal/Makefile 1.160
- security/heimdal/distinfo 1.57
- security/heimdal/patches/patch-lib_krb5_store-int.c 1.1
---
Module Name: pkgsrc
Committed By: riastradh
Date: Mon Jun 19 19:13:03 UTC 2023
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-lib_krb5_store-int.c
Log Message:
security/heimdal: Patch CVE-2022-42898 away.
security/heimdal: security fix
Revisions pulled up:
- security/heimdal/Makefile 1.160
- security/heimdal/distinfo 1.57
- security/heimdal/patches/patch-lib_krb5_store-int.c 1.1
---
Module Name: pkgsrc
Committed By: riastradh
Date: Mon Jun 19 19:13:03 UTC 2023
Modified Files:
pkgsrc/security/heimdal: Makefile distinfo
Added Files:
pkgsrc/security/heimdal/patches: patch-lib_krb5_store-int.c
Log Message:
security/heimdal: Patch CVE-2022-42898 away.
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/print/cups-base/Makefile@1.54.2.1
/
diff
pkgsrc/print/cups-base/distinfo@1.32.6.1 / diff
pkgsrc/print/cups-base/patches/patch-cups_string.c@1.1.2.2 / diff
pkgsrc/print/cups-base/distinfo@1.32.6.1 / diff
pkgsrc/print/cups-base/patches/patch-cups_string.c@1.1.2.2 / diff
Pullup ticket #6761 - requested by bsiegert
print/cups-base: security fix
Revisions pulled up:
- print/cups-base/Makefile 1.57
- print/cups-base/distinfo 1.33
- print/cups-base/patches/patch-cups_string.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 1 11:39:33 UTC 2023
Modified Files:
pkgsrc/print/cups-base: Makefile distinfo
Added Files:
pkgsrc/print/cups-base/patches: patch-cups_string.c
Log Message:
cups-base: fix security problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c
print/cups-base: security fix
Revisions pulled up:
- print/cups-base/Makefile 1.57
- print/cups-base/distinfo 1.33
- print/cups-base/patches/patch-cups_string.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 1 11:39:33 UTC 2023
Modified Files:
pkgsrc/print/cups-base: Makefile distinfo
Added Files:
pkgsrc/print/cups-base/patches: patch-cups_string.c
Log Message:
cups-base: fix security problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c
pkgsrc-2023Q1 commitmail json YAML
Mention ticket #6760
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/www/firefox102-l10n/Makefile@1.9.2.2
/
diff
pkgsrc/www/firefox102-l10n/distinfo@1.8.2.2 / diff
pkgsrc/www/firefox102/Makefile@1.16.2.2 / diff
pkgsrc/www/firefox102/distinfo@1.10.2.2 / diff
pkgsrc/www/firefox102-l10n/distinfo@1.8.2.2 / diff
pkgsrc/www/firefox102/Makefile@1.16.2.2 / diff
pkgsrc/www/firefox102/distinfo@1.10.2.2 / diff
Pullup ticket #6760 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.11
- www/firefox102-l10n/distinfo 1.10
- www/firefox102/Makefile 1.20
- www/firefox102/distinfo 1.12
---
Module Name: pkgsrc
Committed By: nia
Date: Sun May 14 19:50:11 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: update to 102.11
Security Vulnerabilities fixed in Firefox ESR 102.11
#CVE-2023-32205: Browser prompts could have been obscured by popups
#CVE-2023-32206: Crash in RLBox Expat driver
#CVE-2023-32207: Potential permissions request bypass via clickjacking
#CVE-2023-32211: Content process crash due to invalid wasm code
#CVE-2023-32212: Potential spoof due to obscured address bar
#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
#CVE-2023-32214: Potential DoS via exposed protocol handlers
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.11
- www/firefox102-l10n/distinfo 1.10
- www/firefox102/Makefile 1.20
- www/firefox102/distinfo 1.12
---
Module Name: pkgsrc
Committed By: nia
Date: Sun May 14 19:50:11 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: update to 102.11
Security Vulnerabilities fixed in Firefox ESR 102.11
#CVE-2023-32205: Browser prompts could have been obscured by popups
#CVE-2023-32206: Crash in RLBox Expat driver
#CVE-2023-32207: Potential permissions request bypass via clickjacking
#CVE-2023-32211: Content process crash due to invalid wasm code
#CVE-2023-32212: Potential spoof due to obscured address bar
#CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
#CVE-2023-32214: Potential DoS via exposed protocol handlers
pkgsrc-2023Q1 commitmail json YAML
pullups 6756, 6757, 6758 and 6759
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6759 - requested by he
security/gnutls: build fix
Revisions pulled up:
- security/gnutls/Makefile 1.240
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Sun May 14 08:11:51 UTC 2023
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
gnutls: require minimum gcc 6, and indicte use of c++11.
The in-tree compiler on NetBSD/macppc 8.0 (gcc 5 based)
fails to build this package, with what now looks like a
bug in gcc 5.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/security/gnutls/Makefile
security/gnutls: build fix
Revisions pulled up:
- security/gnutls/Makefile 1.240
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Sun May 14 08:11:51 UTC 2023
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
gnutls: require minimum gcc 6, and indicte use of c++11.
The in-tree compiler on NetBSD/macppc 8.0 (gcc 5 based)
fails to build this package, with what now looks like a
bug in gcc 5.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/security/gnutls/Makefile
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6758 - requested by taca
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.79
- www/drupal7/distinfo 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon May 1 14:34:00 UTC 2023
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
www/drupal7: update to 7.97
7.96 (2023-04-19)
This is a security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcements:
* Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
No other fixes are included.
7.97 (2023-04-21)
This is a "hotfix" release to address a PHP 5.x regression caused by
SA-CORE-2023-005.
Changes since 7.96:
* #3355216 by poker10: Fix PHP 5.x regression caused by ::class constant
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/drupal7/distinfo
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.79
- www/drupal7/distinfo 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon May 1 14:34:00 UTC 2023
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
www/drupal7: update to 7.97
7.96 (2023-04-19)
This is a security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcements:
* Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
No other fixes are included.
7.97 (2023-04-21)
This is a "hotfix" release to address a PHP 5.x regression caused by
SA-CORE-2023-005.
Changes since 7.96:
* #3355216 by poker10: Fix PHP 5.x regression caused by ::class constant
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/drupal7/distinfo
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/archivers/zstd/distinfo@1.34.2.1
/
diff
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S@1.1.2.2 / diff
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S@1.1.2.2 / diff
Pullup ticket #6757 - requested by dholland
archivers/zstd: build fix
Revisions pulled up:
- archivers/zstd/distinfo 1.36
- archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 30 01:39:20 UTC 2023
Modified Files:
pkgsrc/archivers/zstd: distinfo
Added Files:
pkgsrc/archivers/zstd/patches:
patch-lib_decompress_huf__decompress__amd64.S
Log Message:
PR 57383 Mike Owens: zstd assembler bug on SPARC
Put amd64 assembler directives inside the amd64 ifdefs so they don't
get assembled on other targets.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/archivers/zstd/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S
archivers/zstd: build fix
Revisions pulled up:
- archivers/zstd/distinfo 1.36
- archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 30 01:39:20 UTC 2023
Modified Files:
pkgsrc/archivers/zstd: distinfo
Added Files:
pkgsrc/archivers/zstd/patches:
patch-lib_decompress_huf__decompress__amd64.S
Log Message:
PR 57383 Mike Owens: zstd assembler bug on SPARC
Put amd64 assembler directives inside the amd64 ifdefs so they don't
get assembled on other targets.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/archivers/zstd/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6756 - requested by taca
devel/git-base: security update
devel/git: version update
Revisions pulled up:
- devel/git-base/Makefile 1.104
- devel/git-base/distinfo 1.133
- devel/git/Makefile.version 1.117
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 26 08:44:38 UTC 2023
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
Log Message:
git: updated to 2.40.1
Git v2.40.1 Release Notes
============
This release merges up the fix that appears in v2.30.9, v2.31.8,
v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5
and v2.39.3 to address the security issues CVE-2023-25652,
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
versions for details.
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.103 -r1.104 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.132 -r1.133 pkgsrc/devel/git-base/distinfo
devel/git-base: security update
devel/git: version update
Revisions pulled up:
- devel/git-base/Makefile 1.104
- devel/git-base/distinfo 1.133
- devel/git/Makefile.version 1.117
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 26 08:44:38 UTC 2023
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
Log Message:
git: updated to 2.40.1
Git v2.40.1 Release Notes
============
This release merges up the fix that appears in v2.30.9, v2.31.8,
v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5
and v2.39.3 to address the security issues CVE-2023-25652,
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
versions for details.
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.103 -r1.104 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.132 -r1.133 pkgsrc/devel/git-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Tickets #6754 and #6755
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/www/firefox102-l10n/Makefile@1.9.2.1
/
diff
pkgsrc/www/firefox102-l10n/distinfo@1.8.2.1 / diff
pkgsrc/www/firefox102/Makefile@1.16.2.1 / diff
pkgsrc/www/firefox102/distinfo@1.10.2.1 / diff
pkgsrc/www/firefox102-l10n/distinfo@1.8.2.1 / diff
pkgsrc/www/firefox102/Makefile@1.16.2.1 / diff
pkgsrc/www/firefox102/distinfo@1.10.2.1 / diff
Pullup ticket #6754 - requested by nia
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.10
- www/firefox102-l10n/distinfo 1.9
- www/firefox102/Makefile 1.17
- www/firefox102/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 14 08:53:12 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: Update to 102.10.0
Security Vulnerabilities fixed in Firefox ESR 102.10
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector
compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
File Download
#CVE-2023-29541: Files with malicious extensions could have been downloaded
unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-1945: Memory Corruption in Safe Browsing Code
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR
102.10
www/firefox102: security fix
www/firefox102-l10n: dependent update
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.10
- www/firefox102-l10n/distinfo 1.9
- www/firefox102/Makefile 1.17
- www/firefox102/distinfo 1.11
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 14 08:53:12 UTC 2023
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: Update to 102.10.0
Security Vulnerabilities fixed in Firefox ESR 102.10
#CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
#CVE-2023-29533: Fullscreen notification obscured
#CVE-2023-29535: Potential Memory Corruption following Garbage Collector
compaction
#CVE-2023-29536: Invalid free from JavaScript code
#CVE-2023-29539: Content-Disposition filename truncation leads to Reflected
File Download
#CVE-2023-29541: Files with malicious extensions could have been downloaded
unsafely on Linux
#CVE-2023-29542: Bypass of file download extension restrictions
#CVE-2023-1945: Memory Corruption in Safe Browsing Code
#CVE-2023-29548: Incorrect optimization result on ARM64
#CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR
102.10
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/sysutils/amanda-common/Makefile.common@1.45.28.1
/
diff
pkgsrc/sysutils/amanda-common/distinfo@1.25.12.1 / diff
pkgsrc/sysutils/amanda-common/patches/patch-config_amanda_libs.m4@1.1.2.2 / diff
pkgsrc/sysutils/amanda-common/distinfo@1.25.12.1 / diff
pkgsrc/sysutils/amanda-common/patches/patch-config_amanda_libs.m4@1.1.2.2 / diff
Pullup ticket #6755 - requested by nia
sysutils/amanda-common
Revisions pulled up:
- sysutils/amanda-common/Makefile.common 1.46
- sysutils/amanda-common/distinfo 1.26
- sysutils/amanda-common/patches/patch-config_amanda_libs.m4 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 14 22:58:24 UTC 2023
Modified Files:
pkgsrc/sysutils/amanda-common: Makefile.common distinfo
Added Files:
pkgsrc/sysutils/amanda-common/patches: patch-config_amanda_libs.m4
Log Message:
amanda-common: Configure fixes
The configure script creates massive amounts of spam when using NetBSD's
sh due to the non-standard test(1) args.
For some reason, the test for compiler flag -msse4.2 is failing, even
though it's present in the cc -v --help output (is cwrappers doing
something strange?). For now, commit a workaround. The package is actually
doing runtime detection of SSE4.2 properly, but expects compiler support
for -msse4.2 to be provided on x86.
PR 57130
sysutils/amanda-common
Revisions pulled up:
- sysutils/amanda-common/Makefile.common 1.46
- sysutils/amanda-common/distinfo 1.26
- sysutils/amanda-common/patches/patch-config_amanda_libs.m4 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Fri Apr 14 22:58:24 UTC 2023
Modified Files:
pkgsrc/sysutils/amanda-common: Makefile.common distinfo
Added Files:
pkgsrc/sysutils/amanda-common/patches: patch-config_amanda_libs.m4
Log Message:
amanda-common: Configure fixes
The configure script creates massive amounts of spam when using NetBSD's
sh due to the non-standard test(1) args.
For some reason, the test for compiler flag -msse4.2 is failing, even
though it's present in the cc -v --help output (is cwrappers doing
something strange?). For now, commit a workaround. The package is actually
doing runtime detection of SSE4.2 properly, but expects compiler support
for -msse4.2 to be provided on x86.
PR 57130
pkgsrc-2023Q1 commitmail json YAML
Note ticket #6753
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/textproc/libxml2/Makefile@1.167.2.1
/
diff
pkgsrc/textproc/libxml2/Makefile.common@1.19.2.1 / diff
pkgsrc/textproc/libxml2/distinfo@1.143.2.1 / diff
pkgsrc/textproc/py-libxml2/Makefile@1.84.2.1 / diff
pkgsrc/textproc/libxml2/Makefile.common@1.19.2.1 / diff
pkgsrc/textproc/libxml2/distinfo@1.143.2.1 / diff
pkgsrc/textproc/py-libxml2/Makefile@1.84.2.1 / diff
Pullup ticket #6753 - requested by gutteridge
textproc/libxml2: security fix
textproc/py-libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile 1.169
- textproc/libxml2/Makefile.common 1.20
- textproc/libxml2/distinfo 1.144
- textproc/py-libxml2/Makefile 1.85
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Sat Apr 15 13:06:22 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common distinfo
pkgsrc/textproc/py-libxml2: Makefile
Log Message:
libxml2 & py-libxml2: update to 2.10.4
v2.10.4: Apr 11 2023
### Security
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
### Regressions
- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes
textproc/libxml2: security fix
textproc/py-libxml2: security fix
Revisions pulled up:
- textproc/libxml2/Makefile 1.169
- textproc/libxml2/Makefile.common 1.20
- textproc/libxml2/distinfo 1.144
- textproc/py-libxml2/Makefile 1.85
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Sat Apr 15 13:06:22 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common distinfo
pkgsrc/textproc/py-libxml2: Makefile
Log Message:
libxml2 & py-libxml2: update to 2.10.4
v2.10.4: Apr 11 2023
### Security
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
### Regressions
- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes
pkgsrc-2023Q1 commitmail json YAML
#6750 and #6752
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6752 - requested by wiz
print/a2ps: restore functionality
Revisions pulled up:
- print/a2ps/Makefile 1.93-1.96
- print/a2ps/distinfo 1.23-1.24
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Mar 29 08:20:03 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile distinfo
Log Message:
a2ps: update to 4.15.2.
* Noteworthy changes in release 4.15.2 (2023-03-19) [stable]
* Bug fixes:
- Fix old crash when using --stdin="".
* Build
- Make configure stop if libpaper is not found.
- Enable building the manual for gnu.org.
---
Module Name: pkgsrc
Committed By: mrg
Date: Thu Mar 30 05:34:10 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile
Log Message:
use ${PKG_SYSCONFBASE} instead of ${PREFIX}/etc
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 7 21:25:40 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile distinfo
Log Message:
a2ps: update to 4.15.3.
* Noteworthy changes in release 4.15.3 (2023-03-26) [stable]
* Bug fixes:
- Fix fixps to use GhostScript窶冱 ps2write device instead of defunct
pswrite.
* Build:
- Fix a problem building PDF version of manual.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Apr 8 23:18:51 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile
Log Message:
a2ps: depend on misc/getopt for a2ps-lpr-wrapper
From John D. Baker.
Fix some pkglint while here and bump PKGREVISION.
print/a2ps: restore functionality
Revisions pulled up:
- print/a2ps/Makefile 1.93-1.96
- print/a2ps/distinfo 1.23-1.24
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Mar 29 08:20:03 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile distinfo
Log Message:
a2ps: update to 4.15.2.
* Noteworthy changes in release 4.15.2 (2023-03-19) [stable]
* Bug fixes:
- Fix old crash when using --stdin="".
* Build
- Make configure stop if libpaper is not found.
- Enable building the manual for gnu.org.
---
Module Name: pkgsrc
Committed By: mrg
Date: Thu Mar 30 05:34:10 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile
Log Message:
use ${PKG_SYSCONFBASE} instead of ${PREFIX}/etc
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 7 21:25:40 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile distinfo
Log Message:
a2ps: update to 4.15.3.
* Noteworthy changes in release 4.15.3 (2023-03-26) [stable]
* Bug fixes:
- Fix fixps to use GhostScript窶冱 ps2write device instead of defunct
pswrite.
* Build:
- Fix a problem building PDF version of manual.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Apr 8 23:18:51 UTC 2023
Modified Files:
pkgsrc/print/a2ps: Makefile
Log Message:
a2ps: depend on misc/getopt for a2ps-lpr-wrapper
From John D. Baker.
Fix some pkglint while here and bump PKGREVISION.
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6750 - requested by taca
lang/ruby32-base: build fix
Revisions pulled up:
- lang/ruby32-base/options.mk 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Tue Apr 4 12:20:30 UTC 2023
Modified Files:
pkgsrc/lang/ruby32-base: options.mk
Log Message:
ruby32-base: default to yjit only on platforms supporting it.
That would be x86_64, aarch64 and (possibly) aarch64be.
OK'ed by taca@
lang/ruby32-base: build fix
Revisions pulled up:
- lang/ruby32-base/options.mk 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Tue Apr 4 12:20:30 UTC 2023
Modified Files:
pkgsrc/lang/ruby32-base: options.mk
Log Message:
ruby32-base: default to yjit only on platforms supporting it.
That would be x86_64, aarch64 and (possibly) aarch64be.
OK'ed by taca@
pkgsrc-2023Q1 commitmail json YAML
#6745-#6749
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6749 - requested by taca
textproc/ruby-kramdown-rfc2629: dependency fix
Revisions pulled up:
- textproc/ruby-kramdown-rfc2629/Makefile 1.20
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 10:14:21 UTC 2023
Modified Files:
pkgsrc/textproc/ruby-kramdown-rfc2629: Makefile
Log Message:
textproc/ruby-kramdown-rfc2629: remove reference to json_pure gem
Remove reference to json_pure gem and add json gem.
The problem was reporeted by riastradh@ via private e-mail.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/textproc/ruby-kramdown-rfc2629/Makefile
textproc/ruby-kramdown-rfc2629: dependency fix
Revisions pulled up:
- textproc/ruby-kramdown-rfc2629/Makefile 1.20
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 10:14:21 UTC 2023
Modified Files:
pkgsrc/textproc/ruby-kramdown-rfc2629: Makefile
Log Message:
textproc/ruby-kramdown-rfc2629: remove reference to json_pure gem
Remove reference to json_pure gem and add json gem.
The problem was reporeted by riastradh@ via private e-mail.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/textproc/ruby-kramdown-rfc2629/Makefile
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.260.2.4
/
diff
pkgsrc/lang/ruby32-base/PLIST@1.2.2.1 / diff
pkgsrc/lang/ruby32-base/distinfo@1.3.2.1 / diff
pkgsrc/lang/ruby32-base/PLIST@1.2.2.1 / diff
pkgsrc/lang/ruby32-base/distinfo@1.3.2.1 / diff
Pullup ticket #6748 - requested by taca
lang/ruby32-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.264
- lang/ruby32-base/PLIST 1.3
- lang/ruby32-base/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:26:58 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby32-base: PLIST distinfo
Log Message:
lang/ruby32: update to 3.2.2
Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023
Ruby 3.2.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Backport [Bug #19158] for Ruby 3.2 by hsbt � Pull Request #7356
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19400: YJIT fails to boot on ARM64 systems with 64 KiB pages
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19444: YJIT String#+@ miscompilations
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19439: Marshal.load doesn't load Regexp instance variables
* Bug #19459: Is length of IO::Buffer#read required or optional?
* Bug #19464: YJIT miscompiles BasicObject#__send__ to alias methods of send
* Bug #19468: Ruby 3.2: net/http sets UTF-8 encoding for binary responses
* Bug #19469: Crash when resizing generic iv list
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #19467: Some linear_time regexp does not match in linear time
* Bug #19476: Regexp unexpected partial match
* Bug #19536: Frozen status loss when moving objects
* Bug #19485: Unexpected behavior in squiggly heredocs
* Bug #19471: Regexp::compile does not handle :timeout argument
* Use URI-0.12.1 for Ruby 3.2 by hsbt � Pull Request #7603
* Merge RubyGems-3.4.10 and Bundler-2.4.10 by hsbt � Pull Request #7479
* Merge Time-0.2.2 by hsbt � Pull Request #7623
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.263 -r1.264 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby32-base/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/ruby32-base/distinfo
lang/ruby32-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.264
- lang/ruby32-base/PLIST 1.3
- lang/ruby32-base/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:26:58 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby32-base: PLIST distinfo
Log Message:
lang/ruby32: update to 3.2.2
Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023
Ruby 3.2.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Backport [Bug #19158] for Ruby 3.2 by hsbt � Pull Request #7356
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19400: YJIT fails to boot on ARM64 systems with 64 KiB pages
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19444: YJIT String#+@ miscompilations
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19439: Marshal.load doesn't load Regexp instance variables
* Bug #19459: Is length of IO::Buffer#read required or optional?
* Bug #19464: YJIT miscompiles BasicObject#__send__ to alias methods of send
* Bug #19468: Ruby 3.2: net/http sets UTF-8 encoding for binary responses
* Bug #19469: Crash when resizing generic iv list
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #19467: Some linear_time regexp does not match in linear time
* Bug #19476: Regexp unexpected partial match
* Bug #19536: Frozen status loss when moving objects
* Bug #19485: Unexpected behavior in squiggly heredocs
* Bug #19471: Regexp::compile does not handle :timeout argument
* Use URI-0.12.1 for Ruby 3.2 by hsbt � Pull Request #7603
* Merge RubyGems-3.4.10 and Bundler-2.4.10 by hsbt � Pull Request #7479
* Merge Time-0.2.2 by hsbt � Pull Request #7623
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.263 -r1.264 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby32-base/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/ruby32-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6747 - requested by taca
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.263
- lang/ruby31-base/distinfo 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:17:15 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31: update to 3.1.4
Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023
Ruby 3.1.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Bug #19187: Ruby 3.1.3 testsuite fails after timezone 2022g update is
applied
* Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie
domains is prefixed with a dot
* Bug #18629: block args array splatting assigns to higher scope _ var
* Bug #18765: Wrong description introduced by
https://github.com/ruby/ruby/pull/4938/files
* Bug #19189: Ruby 3.1.3/3.2.x can no longer find pkg-config if not present
at buildtime
* Bug #19292: Time object's wday, yday, and isdst returns broken value (and
so does to_a) when kwarg in: 'UTC' was given
* Bug #19305: TracePoint#parameters segfaults when certain method creation
pattern is used
* Bug #19319: Crash in rb_str_casemap
* Bug #19316: YJIT crash in 3.2.0
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19320: Crash during compaction while traversing the stack
* Bug #19389: StringIO gets(..., chomp: true) behaves differently to File/IO.
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19398: Memory leak in WeakMap
* Bug #19403: Unable to Build Native Gems on Mac with Ruby 3.1.0+
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #18989: Backport f229b36087f1b387d77af8f3fa50f9bffd2fd44e to ruby_3_1
* Bug #18748: Range#cover? returns true for beginless range of different
type
* Bug #18827: __ENCODING__ is not set to the source encoding when saving
script lines
* Bug #19242: Circular cause by Marshal
* Bug #19243: Windows: Dir.home returns string in wrong encoding
* Bug #19115: RubyGems fails to detect OpenSSL in --with-static-linked-ext
builds
* Bug #18464: RUBY_INTERNAL_EVENT_NEWOBJ tracepoint causes an interpreter
crash when combined with Ractors
* Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction
* Bug #19485: Unexpected behavior in squiggly heredocs
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.262 -r1.263 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby31-base/distinfo
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.263
- lang/ruby31-base/distinfo 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:17:15 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31: update to 3.1.4
Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023
Ruby 3.1.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Bug #19187: Ruby 3.1.3 testsuite fails after timezone 2022g update is
applied
* Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie
domains is prefixed with a dot
* Bug #18629: block args array splatting assigns to higher scope _ var
* Bug #18765: Wrong description introduced by
https://github.com/ruby/ruby/pull/4938/files
* Bug #19189: Ruby 3.1.3/3.2.x can no longer find pkg-config if not present
at buildtime
* Bug #19292: Time object's wday, yday, and isdst returns broken value (and
so does to_a) when kwarg in: 'UTC' was given
* Bug #19305: TracePoint#parameters segfaults when certain method creation
pattern is used
* Bug #19319: Crash in rb_str_casemap
* Bug #19316: YJIT crash in 3.2.0
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19320: Crash during compaction while traversing the stack
* Bug #19389: StringIO gets(..., chomp: true) behaves differently to File/IO.
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19398: Memory leak in WeakMap
* Bug #19403: Unable to Build Native Gems on Mac with Ruby 3.1.0+
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #18989: Backport f229b36087f1b387d77af8f3fa50f9bffd2fd44e to ruby_3_1
* Bug #18748: Range#cover? returns true for beginless range of different
type
* Bug #18827: __ENCODING__ is not set to the source encoding when saving
script lines
* Bug #19242: Circular cause by Marshal
* Bug #19243: Windows: Dir.home returns string in wrong encoding
* Bug #19115: RubyGems fails to detect OpenSSL in --with-static-linked-ext
builds
* Bug #18464: RUBY_INTERNAL_EVENT_NEWOBJ tracepoint causes an interpreter
crash when combined with Ractors
* Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction
* Bug #19485: Unexpected behavior in squiggly heredocs
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.262 -r1.263 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby31-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6746 - requested by taca
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.262
- lang/ruby30-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:08:51 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: distinfo
Log Message:
lang/ruby30: update to 3.0.6
Ruby 3.0.6 Released Posted by usa on 30 Mar 2023
Ruby 3.0.6 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the GitHub releases for
further details.
After this release, we end the normal maintenance phase of Ruby 3.0, and
Ruby 3.0 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 3.0 except security fixes.
The term of the security maintenance phase is scheduled for a year. Ruby
3.0 reaches EOL and its official support ends by the end of the security
maintenance phase. Therefore, we recommend that you start to plan upgrade
to Ruby 3.1 or 3.2.
To generate a diff of this commit:
cvs rdiff -u -r1.261 -r1.262 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby30-base/distinfo
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.262
- lang/ruby30-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:08:51 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: distinfo
Log Message:
lang/ruby30: update to 3.0.6
Ruby 3.0.6 Released Posted by usa on 30 Mar 2023
Ruby 3.0.6 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the GitHub releases for
further details.
After this release, we end the normal maintenance phase of Ruby 3.0, and
Ruby 3.0 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 3.0 except security fixes.
The term of the security maintenance phase is scheduled for a year. Ruby
3.0 reaches EOL and its official support ends by the end of the security
maintenance phase. Therefore, we recommend that you start to plan upgrade
to Ruby 3.1 or 3.2.
To generate a diff of this commit:
cvs rdiff -u -r1.261 -r1.262 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby30-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6745 - requested by taca
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.261
- lang/ruby27-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:59:44 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: distinfo
Log Message:
lang/ruby27: update to 2.7.8
Ruby 2.7.8 Released Posted by usa on 30 Mar 2023
Ruby 2.7.8 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some build problem fixes. See the GitHub releases
for further details.
After this release, Ruby 2.7 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9
even if a security vulnerability is found (but could release if a severe
regression is found). We recommend all Ruby 2.7 users to start migration to
Ruby 3.2, 3.1, or 3.0 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.260 -r1.261 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby27-base/distinfo
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.261
- lang/ruby27-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:59:44 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: distinfo
Log Message:
lang/ruby27: update to 2.7.8
Ruby 2.7.8 Released Posted by usa on 30 Mar 2023
Ruby 2.7.8 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some build problem fixes. See the GitHub releases
for further details.
After this release, Ruby 2.7 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9
even if a security vulnerability is found (but could release if a severe
regression is found). We recommend all Ruby 2.7 users to start migration to
Ruby 3.2, 3.1, or 3.0 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.260 -r1.261 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby27-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup tickets #6743 and #6744
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6744 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.161
- net/samba4/distinfo 1.91
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:49:05 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.17.7
==============================
Release Notes for Samba 4.17.7
March 29, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.161
- net/samba4/distinfo 1.91
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:49:05 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.17.7
==============================
Release Notes for Samba 4.17.7
March 29, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/databases/ldb/Makefile@1.33.2.1
/
diff
pkgsrc/databases/ldb/distinfo@1.23.2.1 / diff
pkgsrc/databases/ldb/patches/patch-common_ldb__match.c@1.1.6.1 / diff
pkgsrc/databases/ldb/distinfo@1.23.2.1 / diff
pkgsrc/databases/ldb/patches/patch-common_ldb__match.c@1.1.6.1 / diff
Pullup ticket #6743 - requested by taca
databases/ldb: dependent update
Revisions pulled up:
- databases/ldb/Makefile 1.34
- databases/ldb/distinfo 1.24
- databases/ldb/patches/patch-common_ldb__match.c 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:47:37 UTC 2023
Modified Files:
pkgsrc/databases/ldb: Makefile distinfo
pkgsrc/databases/ldb/patches: patch-common_ldb__match.c
Log Message:
databases/ldb: update to 2.6.2
samba-4.17.7 require ldb 2.6.2.
Changes from 2.6.1 are not available except commit log:
<https://github.com/samba-team/samba/compare/ldb-2.6.1...ldb-2.6.2>.
databases/ldb: dependent update
Revisions pulled up:
- databases/ldb/Makefile 1.34
- databases/ldb/distinfo 1.24
- databases/ldb/patches/patch-common_ldb__match.c 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:47:37 UTC 2023
Modified Files:
pkgsrc/databases/ldb: Makefile distinfo
pkgsrc/databases/ldb/patches: patch-common_ldb__match.c
Log Message:
databases/ldb: update to 2.6.2
samba-4.17.7 require ldb 2.6.2.
Changes from 2.6.1 are not available except commit log:
<https://github.com/samba-team/samba/compare/ldb-2.6.1...ldb-2.6.2>.
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/graphics/openexr/Makefile@1.47.2.1
/
diff
pkgsrc/graphics/openexr/PLIST@1.20.8.1 / diff
pkgsrc/graphics/openexr/distinfo@1.45.8.1 / diff
pkgsrc/graphics/openexr/PLIST@1.20.8.1 / diff
pkgsrc/graphics/openexr/distinfo@1.45.8.1 / diff
Pullup ticket #6742 - requested by bsiegert
graphics/openexr: security update
Revisions pulled up:
- graphics/openexr/Makefile 1.48
- graphics/openexr/PLIST 1.21
- graphics/openexr/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Mar 30 16:38:14 UTC 2023
Modified Files:
pkgsrc/graphics/openexr: Makefile PLIST distinfo
Log Message:
openexr: update to 3.1.6 (security)
Patch release that address various bug/build issues and optimizations:
- NEON optimizations for ZIP reading
- Enable fast Huffman & Huffman zig-zag transform for Arm Neon
- Support relative and absolute libdir/incluedir in pkg-config generation
- Fix for reading memory mapped files with DWA compression
- Enable SSE4 support on Windows
- Fast huf decoder
- CMake config for generating docs is now BUILD_DOC
Also, this release includes a major update and reorganization of the repo
documentation and the https://openexr.com website.
In addition, numerous typos and misspellings in comments and doxygen content
have been fixed via codespell.
Specific OSS-fuzz issues address:
- OSS-fuzz 52730 Heap-buffer-overflow in fasthuf_initialize
- OSS-fuzz 49698 Heap-buffer-overflow in fasthuf_decode
- OSS-fuzz 47517 Integer-overflow in reconstruct_chunk_table
- OSS-fuzz 47503 Heap-buffer-overflow in uncompress_b44_impl
- OSS-fuzz 47483 Heap-buffer-overflow in generic_unpack
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/graphics/openexr/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/openexr/PLIST
cvs rdiff -u -r1.45 -r1.46 pkgsrc/graphics/openexr/distinfo
graphics/openexr: security update
Revisions pulled up:
- graphics/openexr/Makefile 1.48
- graphics/openexr/PLIST 1.21
- graphics/openexr/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Mar 30 16:38:14 UTC 2023
Modified Files:
pkgsrc/graphics/openexr: Makefile PLIST distinfo
Log Message:
openexr: update to 3.1.6 (security)
Patch release that address various bug/build issues and optimizations:
- NEON optimizations for ZIP reading
- Enable fast Huffman & Huffman zig-zag transform for Arm Neon
- Support relative and absolute libdir/incluedir in pkg-config generation
- Fix for reading memory mapped files with DWA compression
- Enable SSE4 support on Windows
- Fast huf decoder
- CMake config for generating docs is now BUILD_DOC
Also, this release includes a major update and reorganization of the repo
documentation and the https://openexr.com website.
In addition, numerous typos and misspellings in comments and doxygen content
have been fixed via codespell.
Specific OSS-fuzz issues address:
- OSS-fuzz 52730 Heap-buffer-overflow in fasthuf_initialize
- OSS-fuzz 49698 Heap-buffer-overflow in fasthuf_decode
- OSS-fuzz 47517 Integer-overflow in reconstruct_chunk_table
- OSS-fuzz 47503 Heap-buffer-overflow in uncompress_b44_impl
- OSS-fuzz 47483 Heap-buffer-overflow in generic_unpack
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/graphics/openexr/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/openexr/PLIST
cvs rdiff -u -r1.45 -r1.46 pkgsrc/graphics/openexr/distinfo
pkgsrc-2023Q1 commitmail json YAML
Add CHANGES files for pkgsrc-2023Q1