Now
MAIN commitmail json YAML
set NOT_FOR_BULK_PLATFORM
pkgsrc-2024Q1 commitmail json YAML
Pullup #6848bis: add the change to lang/php/phpversion.mk for PHP83_VERSION
that pullup #6848 was supposed to contain but didn't.
that pullup #6848 was supposed to contain but didn't.
MAIN commitmail json YAML
as discussed with schmonz@: solfege doesn't build on -10 due to:
pbulk 3199 99.0 0.0 87192 27196 pts/2 Ol+ 10:44PM 358:30.23 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/inverting-intervals help/C/ly/inverting-intervals.ly
pbulk 9966 99.0 0.0 87552 27176 pts/2 Ol+ 10:44PM 357:16.89 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-seconds-1 help/C/ly/theory-intervals-seconds-1.ly
pbulk 14989 99.0 0.0 87192 27204 pts/2 Ol+ 10:44PM 358:51.72 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-fourths help/C/ly/theory-intervals-fourths.ly
pbulk 25109 99.0 0.0 87192 27196 pts/2 Ol+ 10:44PM 358:11.23 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-seconds-2 help/C/ly/theory-intervals-seconds-2.ly
pbulk 28250 99.0 0.0 87552 27164 pts/2 Ol+ 10:44PM 359:00.45 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-fifths help/C/ly/theory-intervals-fifths.ly
root 9813 0.0 0.0 20520 2120 pts/3 S+ 4:50AM 0:00.00 grep lily
pbulk 3199 99.0 0.0 87192 27196 pts/2 Ol+ 10:44PM 358:30.23 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/inverting-intervals help/C/ly/inverting-intervals.ly
pbulk 9966 99.0 0.0 87552 27176 pts/2 Ol+ 10:44PM 357:16.89 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-seconds-1 help/C/ly/theory-intervals-seconds-1.ly
pbulk 14989 99.0 0.0 87192 27204 pts/2 Ol+ 10:44PM 358:51.72 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-fourths help/C/ly/theory-intervals-fourths.ly
pbulk 25109 99.0 0.0 87192 27196 pts/2 Ol+ 10:44PM 358:11.23 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-seconds-2 help/C/ly/theory-intervals-seconds-2.ly
pbulk 28250 99.0 0.0 87552 27164 pts/2 Ol+ 10:44PM 359:00.45 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-fifths help/C/ly/theory-intervals-fifths.ly
root 9813 0.0 0.0 20520 2120 pts/3 S+ 4:50AM 0:00.00 grep lily
pkgsrc-2023Q4 commitmail json YAML
Pullup ticket #6833 - requested by bsiegert
sysutils/strace: bugfix
Revisions pulled up:
- sysutils/strace/Makefile 1.35
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jan 11 06:23:44 UTC 2024
Modified Files:
pkgsrc/sysutils/strace: Makefile
Log Message:
strace: remove incorrect pattern that disallows NetBSD<4
NetBSD 4 has been desupported for so long, we don't need this any longer.
Addresses PR 57834 by George Georgalis.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/strace/Makefile
sysutils/strace: bugfix
Revisions pulled up:
- sysutils/strace/Makefile 1.35
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jan 11 06:23:44 UTC 2024
Modified Files:
pkgsrc/sysutils/strace: Makefile
Log Message:
strace: remove incorrect pattern that disallows NetBSD<4
NetBSD 4 has been desupported for so long, we don't need this any longer.
Addresses PR 57834 by George Georgalis.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/strace/Makefile
MAIN commitmail json YAML
pkgsrc/security/openssl/distinfo@1.171
/
diff
pkgsrc/security/openssl/patches/patch-util_perl_OpenSSL_config.pm@1.1 / diff
pkgsrc/security/openssl/patches/patch-util_perl_OpenSSL_config.pm@1.1 / diff
openssl: fix configure for NetBSD/i386
MAIN commitmail json YAML
py-rapidfuzz: sort out simd for i386
MAIN commitmail json YAML
rt5: depend on p5-Data-Page to make the install phase complete
MAIN commitmail json YAML
pkgsrc/misc/calibre/Makefile@1.296
/
diff
pkgsrc/misc/calibre/distinfo@1.116 / diff
pkgsrc/misc/calibre/patches/patch-src_calibre_ebooks_chardet.py@1.1 / diff
pkgsrc/misc/calibre/distinfo@1.116 / diff
pkgsrc/misc/calibre/patches/patch-src_calibre_ebooks_chardet.py@1.1 / diff
calibre: make conversion of books from plain text to epub work
MAIN commitmail json YAML
the previous change broke checksum, fix it
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/audio/gospt/Makefile@1.22.2.2
/
diff
pkgsrc/audio/ymuse/Makefile@1.9.2.2 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.2 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.2 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.2 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.2 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.2 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.2 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.2 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.2 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.2 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.2 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.2 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.2 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.2 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.2 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.2 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.2 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.2 / diff
pkgsrc/devel/fq/Makefile@1.12.2.2 / diff
:
(more 138 files)
pkgsrc/audio/ymuse/Makefile@1.9.2.2 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.2 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.2 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.2 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.2 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.2 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.2 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.2 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.2 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.2 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.2 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.2 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.2 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.2 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.2 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.2 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.2 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.2 / diff
pkgsrc/devel/fq/Makefile@1.12.2.2 / diff
:
(more 138 files)
Pullup ticket #6822 - requested by bsiegert
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump
Revisions pulled up:
- lang/go/version.mk 1.194
- lang/go120/PLIST 1.10
- lang/go120/distinfo 1.12
- lang/go121/PLIST 1.4
- lang/go121/distinfo 1.4
- audio/gospt/Makefile by patch
- audio/ymuse/Makefile by patch
- chat/coyim/Makefile by patch
- chat/gomuks/Makefile by patch
- chat/matterircd/Makefile by patch
- chat/senpai/Makefile by patch
- chat/ssh-chat/Makefile by patch
- databases/go-ldap/Makefile by patch
- databases/influxdb/Makefile by patch
- databases/mongo-tools/Makefile by patch
- databases/mysqld_exporter/Makefile by patch
- databases/postgres_exporter/Makefile by patch
- databases/prometheus/Makefile by patch
- databases/promscale/Makefile by patch
- databases/sqlc/Makefile by patch
- databases/timescaledb-tune/Makefile by patch
- devel/asmfmt/Makefile by patch
- devel/conftest/Makefile by patch
- devel/errcheck/Makefile by patch
- devel/fq/Makefile by patch
- devel/git-lfs/Makefile by patch
- devel/go-ed25519/Makefile by patch
- devel/go-gocode/Makefile by patch
- devel/go-golang-lru/Makefile by patch
- devel/go-gopkgs/Makefile by patch
- devel/go-goptlib/Makefile by patch
- devel/go-goreturns/Makefile by patch
- devel/go-gox/Makefile by patch
- devel/go-impl/Makefile by patch
- devel/go-logrus/Makefile by patch
- devel/go-nbreader/Makefile by patch
- devel/go-pty/Makefile by patch
- devel/go-review/Makefile by patch
- devel/go-siphash/Makefile by patch
- devel/go-staticcheck/Makefile by patch
- devel/go-swagger/Makefile by patch
- devel/go-sys/Makefile by patch
- devel/go-tools/Makefile by patch
- devel/go-wire/Makefile by patch
- devel/go-xerrors/Makefile by patch
- devel/golangci-lint/Makefile by patch
- devel/golint/Makefile by patch
- devel/gomodifytags/Makefile by patch
- devel/gopls/Makefile by patch
- devel/goredo/Makefile by patch
- devel/gotags/Makefile by patch
- devel/gotests/Makefile by patch
- devel/govulncheck/Makefile by patch
- devel/lazygit/Makefile by patch
- devel/mob/Makefile by patch
- devel/nancy/Makefile by patch
- devel/opa/Makefile by patch
- devel/packr/Makefile by patch
- devel/reftools/Makefile by patch
- devel/regal/Makefile by patch
- devel/revive/Makefile by patch
- devel/shfmt/Makefile by patch
- devel/syft/Makefile by patch
- editors/micro/Makefile by patch
- filesystems/kubo/Makefile by patch
- graphics/gif2png/Makefile by patch
- lang/joker/Makefile by patch
- mail/opensmtpd-filter-rspamd/Makefile by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile by patch
- misc/exercism/Makefile by patch
- net/amazon-ecs-cli/Makefile by patch
- net/amfora/Makefile by patch
- net/bombadillo/Makefile by patch
- net/croc/Makefile by patch
- net/czds/Makefile by patch
- net/dnscontrol/Makefile by patch
- net/dnscrypt-proxy2/Makefile by patch
- net/gh/Makefile by patch
- net/go-dnstap/Makefile by patch
- net/go-net/Makefile by patch
- net/go-websocket/Makefile by patch
- net/gunison/Makefile by patch
- net/gvproxy/Makefile by patch
- net/hub/Makefile by patch
- net/ipget/Makefile by patch
- net/kubectl/Makefile by patch
- net/libquic/Makefile by patch
- net/mangos/Makefile by patch
- net/nats-server/Makefile by patch
- net/obfs4proxy/Makefile by patch
- net/rclone/Makefile by patch
- net/stern/Makefile by patch
- net/syncthing/Makefile by patch
- net/terraform-provider-archive/Makefile by patch
- net/terraform-provider-aws/Makefile by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile by patch
- net/terraform-provider-null/Makefile by patch
- net/terraform-provider-random/Makefile by patch
- net/terraform-provider-template/Makefile by patch
- net/terraform-provider-vultr/Makefile by patch
- net/terraform/Makefile by patch
- net/tut/Makefile by patch
- net/vultr-cli/Makefile by patch
- pkgtools/pkglint/Makefile by patch
- security/2fa/Makefile by patch
- security/age/Makefile by patch
- security/amass/Makefile by patch
- security/authelia/Makefile by patch
- security/cfssl/Makefile by patch
- security/dnsx/Makefile by patch
- security/go-asn1-ber/Makefile by patch
- security/go-crypto/Makefile by patch
- security/go-getpass/Makefile by patch
- security/go-mkcert/Makefile by patch
- security/gopass/Makefile by patch
- security/httpx/Makefile by patch
- security/nuclei/Makefile by patch
- security/oauth2c/Makefile by patch
- security/osv-scanner/Makefile by patch
- security/subfinder/Makefile by patch
- security/tlsx/Makefile by patch
- security/trufflehog/Makefile by patch
- security/vault/Makefile by patch
- shells/elvish/Makefile by patch
- shells/oh-my-posh/Makefile by patch
- sysutils/beats/Makefile by patch
- sysutils/consul/Makefile by patch
- sysutils/direnv/Makefile by patch
- sysutils/fzf/Makefile by patch
- sysutils/goreman/Makefile by patch
- sysutils/lf/Makefile by patch
- sysutils/node_exporter/Makefile by patch
- sysutils/packer/Makefile by patch
- sysutils/podman/Makefile by patch
- sysutils/restic/Makefile by patch
- sysutils/vultr/Makefile by patch
- textproc/glow/Makefile by patch
- textproc/go-kr-text/Makefile by patch
- textproc/go-md2man/Makefile by patch
- textproc/go-mmark/Makefile by patch
- textproc/go-text/Makefile by patch
- textproc/miller/Makefile by patch
- textproc/sift/Makefile by patch
- www/apisprout/Makefile by patch
- www/caddy/Makefile by patch
- www/gitea/Makefile by patch
- www/go-ffuf/Makefile by patch
- www/go-minify/Makefile by patch
- www/gotosocial/Makefile by patch
- www/grafana/Makefile by patch
- www/hugo/Makefile by patch
- www/jira-cli/Makefile by patch
- www/mycorrhiza/Makefile by patch
- www/pup/Makefile by patch
- www/restish/Makefile by patch
- www/shoutrrr/Makefile by patch
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Nov 10 15:39:34 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
pkgsrc/lang/go121: PLIST distinfo
Log Message:
Update go120 to 1.20.11 and go121 to 1.21.4 (security).
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize \??\ as a Root Local Device path prefix.
On Windows, a path beginning with \??\ is a Root Local Device path equivalent
to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
arbitrary locations on the system. For example, the path \??\c:\x is
equivalent to the more common path c:\x.
The filepath package did not recognize paths with a \??\ prefix as special.
Clean could convert a rooted path such as \a\..\??\b into
the root local device path \??\b. It will now convert this
path into .\??\b.
IsAbs did not report paths beginning with \??\ as absolute.
It now does so.
VolumeName now reports the \??\ prefix as a volume name.
Join(`\`, `??`, `b`) could convert a seemingly innocent
sequence of path elements into the root local device path
\??\b. It will now convert this to \.\??\b.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The IsLocal function did not correctly detect reserved names in some cases:
reserved names followed by spaces, such as "COM1 ".
"COM" or "LPT" followed by a superscript 1, 2, or 3.
IsLocal now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump
Revisions pulled up:
- lang/go/version.mk 1.194
- lang/go120/PLIST 1.10
- lang/go120/distinfo 1.12
- lang/go121/PLIST 1.4
- lang/go121/distinfo 1.4
- audio/gospt/Makefile by patch
- audio/ymuse/Makefile by patch
- chat/coyim/Makefile by patch
- chat/gomuks/Makefile by patch
- chat/matterircd/Makefile by patch
- chat/senpai/Makefile by patch
- chat/ssh-chat/Makefile by patch
- databases/go-ldap/Makefile by patch
- databases/influxdb/Makefile by patch
- databases/mongo-tools/Makefile by patch
- databases/mysqld_exporter/Makefile by patch
- databases/postgres_exporter/Makefile by patch
- databases/prometheus/Makefile by patch
- databases/promscale/Makefile by patch
- databases/sqlc/Makefile by patch
- databases/timescaledb-tune/Makefile by patch
- devel/asmfmt/Makefile by patch
- devel/conftest/Makefile by patch
- devel/errcheck/Makefile by patch
- devel/fq/Makefile by patch
- devel/git-lfs/Makefile by patch
- devel/go-ed25519/Makefile by patch
- devel/go-gocode/Makefile by patch
- devel/go-golang-lru/Makefile by patch
- devel/go-gopkgs/Makefile by patch
- devel/go-goptlib/Makefile by patch
- devel/go-goreturns/Makefile by patch
- devel/go-gox/Makefile by patch
- devel/go-impl/Makefile by patch
- devel/go-logrus/Makefile by patch
- devel/go-nbreader/Makefile by patch
- devel/go-pty/Makefile by patch
- devel/go-review/Makefile by patch
- devel/go-siphash/Makefile by patch
- devel/go-staticcheck/Makefile by patch
- devel/go-swagger/Makefile by patch
- devel/go-sys/Makefile by patch
- devel/go-tools/Makefile by patch
- devel/go-wire/Makefile by patch
- devel/go-xerrors/Makefile by patch
- devel/golangci-lint/Makefile by patch
- devel/golint/Makefile by patch
- devel/gomodifytags/Makefile by patch
- devel/gopls/Makefile by patch
- devel/goredo/Makefile by patch
- devel/gotags/Makefile by patch
- devel/gotests/Makefile by patch
- devel/govulncheck/Makefile by patch
- devel/lazygit/Makefile by patch
- devel/mob/Makefile by patch
- devel/nancy/Makefile by patch
- devel/opa/Makefile by patch
- devel/packr/Makefile by patch
- devel/reftools/Makefile by patch
- devel/regal/Makefile by patch
- devel/revive/Makefile by patch
- devel/shfmt/Makefile by patch
- devel/syft/Makefile by patch
- editors/micro/Makefile by patch
- filesystems/kubo/Makefile by patch
- graphics/gif2png/Makefile by patch
- lang/joker/Makefile by patch
- mail/opensmtpd-filter-rspamd/Makefile by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile by patch
- misc/exercism/Makefile by patch
- net/amazon-ecs-cli/Makefile by patch
- net/amfora/Makefile by patch
- net/bombadillo/Makefile by patch
- net/croc/Makefile by patch
- net/czds/Makefile by patch
- net/dnscontrol/Makefile by patch
- net/dnscrypt-proxy2/Makefile by patch
- net/gh/Makefile by patch
- net/go-dnstap/Makefile by patch
- net/go-net/Makefile by patch
- net/go-websocket/Makefile by patch
- net/gunison/Makefile by patch
- net/gvproxy/Makefile by patch
- net/hub/Makefile by patch
- net/ipget/Makefile by patch
- net/kubectl/Makefile by patch
- net/libquic/Makefile by patch
- net/mangos/Makefile by patch
- net/nats-server/Makefile by patch
- net/obfs4proxy/Makefile by patch
- net/rclone/Makefile by patch
- net/stern/Makefile by patch
- net/syncthing/Makefile by patch
- net/terraform-provider-archive/Makefile by patch
- net/terraform-provider-aws/Makefile by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile by patch
- net/terraform-provider-null/Makefile by patch
- net/terraform-provider-random/Makefile by patch
- net/terraform-provider-template/Makefile by patch
- net/terraform-provider-vultr/Makefile by patch
- net/terraform/Makefile by patch
- net/tut/Makefile by patch
- net/vultr-cli/Makefile by patch
- pkgtools/pkglint/Makefile by patch
- security/2fa/Makefile by patch
- security/age/Makefile by patch
- security/amass/Makefile by patch
- security/authelia/Makefile by patch
- security/cfssl/Makefile by patch
- security/dnsx/Makefile by patch
- security/go-asn1-ber/Makefile by patch
- security/go-crypto/Makefile by patch
- security/go-getpass/Makefile by patch
- security/go-mkcert/Makefile by patch
- security/gopass/Makefile by patch
- security/httpx/Makefile by patch
- security/nuclei/Makefile by patch
- security/oauth2c/Makefile by patch
- security/osv-scanner/Makefile by patch
- security/subfinder/Makefile by patch
- security/tlsx/Makefile by patch
- security/trufflehog/Makefile by patch
- security/vault/Makefile by patch
- shells/elvish/Makefile by patch
- shells/oh-my-posh/Makefile by patch
- sysutils/beats/Makefile by patch
- sysutils/consul/Makefile by patch
- sysutils/direnv/Makefile by patch
- sysutils/fzf/Makefile by patch
- sysutils/goreman/Makefile by patch
- sysutils/lf/Makefile by patch
- sysutils/node_exporter/Makefile by patch
- sysutils/packer/Makefile by patch
- sysutils/podman/Makefile by patch
- sysutils/restic/Makefile by patch
- sysutils/vultr/Makefile by patch
- textproc/glow/Makefile by patch
- textproc/go-kr-text/Makefile by patch
- textproc/go-md2man/Makefile by patch
- textproc/go-mmark/Makefile by patch
- textproc/go-text/Makefile by patch
- textproc/miller/Makefile by patch
- textproc/sift/Makefile by patch
- www/apisprout/Makefile by patch
- www/caddy/Makefile by patch
- www/gitea/Makefile by patch
- www/go-ffuf/Makefile by patch
- www/go-minify/Makefile by patch
- www/gotosocial/Makefile by patch
- www/grafana/Makefile by patch
- www/hugo/Makefile by patch
- www/jira-cli/Makefile by patch
- www/mycorrhiza/Makefile by patch
- www/pup/Makefile by patch
- www/restish/Makefile by patch
- www/shoutrrr/Makefile by patch
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Nov 10 15:39:34 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
pkgsrc/lang/go121: PLIST distinfo
Log Message:
Update go120 to 1.20.11 and go121 to 1.21.4 (security).
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize \??\ as a Root Local Device path prefix.
On Windows, a path beginning with \??\ is a Root Local Device path equivalent
to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
arbitrary locations on the system. For example, the path \??\c:\x is
equivalent to the more common path c:\x.
The filepath package did not recognize paths with a \??\ prefix as special.
Clean could convert a rooted path such as \a\..\??\b into
the root local device path \??\b. It will now convert this
path into .\??\b.
IsAbs did not report paths beginning with \??\ as absolute.
It now does so.
VolumeName now reports the \??\ prefix as a volume name.
Join(`\`, `??`, `b`) could convert a seemingly innocent
sequence of path elements into the root local device path
\??\b. It will now convert this to \.\??\b.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The IsLocal function did not correctly detect reserved names in some cases:
reserved names followed by spaces, such as "COM1 ".
"COM" or "LPT" followed by a superscript 1, 2, or 3.
IsLocal now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
pkgsrc-2023Q3 commitmail json YAML
#6816 #6818 #6819
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6819 - requested by gutteridge
audio/openal-soft: build fix
Revisions pulled up:
- audio/openal-soft/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Sun Oct 22 00:55:55 UTC 2023
Added Files:
pkgsrc/audio/openal-soft: hacks.mk
Log Message:
openal-soft: fix builds for aarch64 on NetBSD 9.x
For aarch64, older NetBSD releases will end up pulling in GCC 10
because of the C++20 requirement. We apply -mno-outline-atomics as one
way of getting around linking issues that otherwise occur. (This was
breaking 492 dependent builds.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/audio/openal-soft/hacks.mk
audio/openal-soft: build fix
Revisions pulled up:
- audio/openal-soft/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Sun Oct 22 00:55:55 UTC 2023
Added Files:
pkgsrc/audio/openal-soft: hacks.mk
Log Message:
openal-soft: fix builds for aarch64 on NetBSD 9.x
For aarch64, older NetBSD releases will end up pulling in GCC 10
because of the C++20 requirement. We apply -mno-outline-atomics as one
way of getting around linking issues that otherwise occur. (This was
breaking 492 dependent builds.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/audio/openal-soft/hacks.mk
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6818 - requested by gutteridge
devel/libatomic; build fix
Revisions pulled up:
- devel/libatomic/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Oct 17 02:01:43 UTC 2023
Added Files:
pkgsrc/devel/libatomic: hacks.mk
Log Message:
libatomic: fix aarch64 builds on NetBSD 9.x
For aarch64, GCC expects a recent version of itself that accepts
-mno-outline-atomics. Some packages pull in libatomic for aarch64,
e.g., net/haproxy for __atomic_compare_exchange_16. (haproxy was
compile tested after applying this fix.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libatomic/hacks.mk
devel/libatomic; build fix
Revisions pulled up:
- devel/libatomic/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Oct 17 02:01:43 UTC 2023
Added Files:
pkgsrc/devel/libatomic: hacks.mk
Log Message:
libatomic: fix aarch64 builds on NetBSD 9.x
For aarch64, GCC expects a recent version of itself that accepts
-mno-outline-atomics. Some packages pull in libatomic for aarch64,
e.g., net/haproxy for __atomic_compare_exchange_16. (haproxy was
compile tested after applying this fix.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libatomic/hacks.mk
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/lang/go/version.mk@1.189.2.2
/
diff
pkgsrc/lang/go121/PLIST@1.2.2.1 / diff
pkgsrc/lang/go121/distinfo@1.2.2.1 / diff
pkgsrc/lang/go121/PLIST@1.2.2.1 / diff
pkgsrc/lang/go121/distinfo@1.2.2.1 / diff
Pullup ticket #6816 - requested by bsiegert
lang/go121: security update
lang/go: metadata update
Revisions pulled up:
- lang/go/version.mk 1.191
- lang/go121/PLIST 1.3
- lang/go121/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 09:26:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go121: PLIST distinfo
Log Message:
go121: update to 1.21.3 (security)
1.21.3
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
1.21.2
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
lang/go121: security update
lang/go: metadata update
Revisions pulled up:
- lang/go/version.mk 1.191
- lang/go121/PLIST 1.3
- lang/go121/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 09:26:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go121: PLIST distinfo
Log Message:
go121: update to 1.21.3 (security)
1.21.3
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
1.21.2
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/audio/gospt/Makefile@1.22.2.1
/
diff
pkgsrc/audio/ymuse/Makefile@1.9.2.1 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.1 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.1 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.1 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.1 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.1 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.1 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.1 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.1 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.1 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.1 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.1 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.1 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.1 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.1 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.1 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.1 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.1 / diff
pkgsrc/devel/fq/Makefile@1.12.2.1 / diff
:
(more 137 files)
pkgsrc/audio/ymuse/Makefile@1.9.2.1 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.1 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.1 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.1 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.1 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.1 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.1 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.1 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.1 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.1 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.1 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.1 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.1 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.1 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.1 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.1 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.1 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.1 / diff
pkgsrc/devel/fq/Makefile@1.12.2.1 / diff
:
(more 137 files)
Pullup ticket #6812 - requested by bsiegert
lang/go120: security update
lang/go: version info update
audio/gospt: RevBump
audio/ymuse: RevBump
chat/coyim: RevBump
chat/gomuks: RevBump
chat/matterircd: RevBump
chat/senpai: RevBump
chat/ssh-chat: RevBump
databases/go-ldap: RevBump
databases/influxdb: RevBump
databases/mongo-tools: RevBump
databases/mysqld_exporter: RevBump
databases/postgres_exporter: RevBump
databases/prometheus: RevBump
databases/promscale: RevBump
databases/sqlc: RevBump
databases/timescaledb-tune: RevBump
devel/asmfmt: RevBump
devel/conftest: RevBump
devel/errcheck: RevBump
devel/fq: RevBump
devel/git-lfs: RevBump
devel/go-ed25519: RevBump
devel/go-gocode: RevBump
devel/go-golang-lru: RevBump
devel/go-gopkgs: RevBump
devel/go-goptlib: RevBump
devel/go-goreturns: RevBump
devel/go-gox: RevBump
devel/go-impl: RevBump
devel/go-logrus: RevBump
devel/go-nbreader: RevBump
devel/go-pty: RevBump
devel/go-review: RevBump
devel/go-siphash: RevBump
devel/go-staticcheck: RevBump
devel/go-swagger: RevBump
devel/go-sys: RevBump
devel/go-tools: RevBump
devel/go-wire: RevBump
devel/go-xerrors: RevBump
devel/golangci-lint: RevBump
devel/golint: RevBump
devel/gomodifytags: RevBump
devel/gopls: RevBump
devel/goredo: RevBump
devel/gotags: RevBump
devel/gotests: RevBump
devel/govulncheck: RevBump
devel/lazygit: RevBump
devel/mob: RevBump
devel/nancy: RevBump
devel/opa: RevBump
devel/packr: RevBump
devel/reftools: RevBump
devel/regal: RevBump
devel/revive: RevBump
devel/shfmt: RevBump
devel/syft: RevBump
editors/micro: RevBump
filesystems/kubo: RevBump
graphics/gif2png: RevBump
lang/joker: RevBump
mail/opensmtpd-filter-rspamd: RevBump
mail/opensmtpd-filter-senderscore: RevBump
mail/postforward: RevBump
meta-pkgs/bulk-test-essential: RevBump
misc/exercism: RevBump
net/amazon-ecs-cli: RevBump
net/amfora: RevBump
net/bombadillo: RevBump
net/croc: RevBump
net/czds: RevBump
net/dnscontrol: RevBump
net/dnscrypt-proxy2: RevBump
net/gh: RevBump
net/go-dnstap: RevBump
net/go-net: RevBump
net/go-websocket: RevBump
net/gunison: RevBump
net/gvproxy: RevBump
net/hub: RevBump
net/ipget: RevBump
net/kubectl: RevBump
net/libquic: RevBump
net/mangos: RevBump
net/nats-server: RevBump
net/obfs4proxy: RevBump
net/rclone: RevBump
net/stern: RevBump
net/syncthing: RevBump
net/terraform-provider-archive: RevBump
net/terraform-provider-aws: RevBump
net/terraform-provider-kubernetes: RevBump
net/terraform-provider-local: RevBump
net/terraform-provider-null: RevBump
net/terraform-provider-random: RevBump
net/terraform-provider-template: RevBump
net/terraform-provider-vultr: RevBump
net/terraform: RevBump
net/tut: RevBump
net/vultr-cli: RevBump
pkgtools/pkglint: RevBump
security/2fa: RevBump
security/age: RevBump
security/amass: RevBump
security/authelia: RevBump
security/cfssl: RevBump
security/dnsx: RevBump
security/go-asn1-ber: RevBump
security/go-crypto: RevBump
security/go-getpass: RevBump
security/go-mkcert: RevBump
security/gopass: RevBump
security/httpx: RevBump
security/nuclei: RevBump
security/oauth2c: RevBump
security/osv-scanner: RevBump
security/subfinder: RevBump
security/tlsx: RevBump
security/trufflehog: RevBump
security/vault: RevBump
shells/elvish: RevBump
shells/oh-my-posh: RevBump
sysutils/beats: RevBump
sysutils/consul: RevBump
sysutils/direnv: RevBump
sysutils/fzf: RevBump
sysutils/goreman: RevBump
sysutils/lf: RevBump
sysutils/node_exporter: RevBump
sysutils/packer: RevBump
sysutils/podman: RevBump
sysutils/restic: RevBump
sysutils/vultr: RevBump
textproc/glow: RevBump
textproc/go-kr-text: RevBump
textproc/go-md2man: RevBump
textproc/go-mmark: RevBump
textproc/go-text: RevBump
textproc/miller: RevBump
textproc/sift: RevBump
www/apisprout: RevBump
www/caddy: RevBump
www/gitea: RevBump
www/go-ffuf: RevBump
www/go-minify: RevBump
www/gotosocial: RevBump
www/grafana: RevBump
www/hugo: RevBump
www/jira-cli: RevBump
www/mycorrhiza: RevBump
www/pup: RevBump
www/restish: RevBump
www/shoutrrr: RevBump
Revisions pulled up:
- lang/go/version.mk 1.190,1.192
- lang/go120/PLIST 1.9
- lang/go120/distinfo 1.10-1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Oct 7 18:09:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
Log Message:
go120: update to 1.20.9 (security).
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.9
To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 11:02:08 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: distinfo
Log Message:
go120: update to 1.20.10 (security)
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go120/distinfo
lang/go120: security update
lang/go: version info update
audio/gospt: RevBump
audio/ymuse: RevBump
chat/coyim: RevBump
chat/gomuks: RevBump
chat/matterircd: RevBump
chat/senpai: RevBump
chat/ssh-chat: RevBump
databases/go-ldap: RevBump
databases/influxdb: RevBump
databases/mongo-tools: RevBump
databases/mysqld_exporter: RevBump
databases/postgres_exporter: RevBump
databases/prometheus: RevBump
databases/promscale: RevBump
databases/sqlc: RevBump
databases/timescaledb-tune: RevBump
devel/asmfmt: RevBump
devel/conftest: RevBump
devel/errcheck: RevBump
devel/fq: RevBump
devel/git-lfs: RevBump
devel/go-ed25519: RevBump
devel/go-gocode: RevBump
devel/go-golang-lru: RevBump
devel/go-gopkgs: RevBump
devel/go-goptlib: RevBump
devel/go-goreturns: RevBump
devel/go-gox: RevBump
devel/go-impl: RevBump
devel/go-logrus: RevBump
devel/go-nbreader: RevBump
devel/go-pty: RevBump
devel/go-review: RevBump
devel/go-siphash: RevBump
devel/go-staticcheck: RevBump
devel/go-swagger: RevBump
devel/go-sys: RevBump
devel/go-tools: RevBump
devel/go-wire: RevBump
devel/go-xerrors: RevBump
devel/golangci-lint: RevBump
devel/golint: RevBump
devel/gomodifytags: RevBump
devel/gopls: RevBump
devel/goredo: RevBump
devel/gotags: RevBump
devel/gotests: RevBump
devel/govulncheck: RevBump
devel/lazygit: RevBump
devel/mob: RevBump
devel/nancy: RevBump
devel/opa: RevBump
devel/packr: RevBump
devel/reftools: RevBump
devel/regal: RevBump
devel/revive: RevBump
devel/shfmt: RevBump
devel/syft: RevBump
editors/micro: RevBump
filesystems/kubo: RevBump
graphics/gif2png: RevBump
lang/joker: RevBump
mail/opensmtpd-filter-rspamd: RevBump
mail/opensmtpd-filter-senderscore: RevBump
mail/postforward: RevBump
meta-pkgs/bulk-test-essential: RevBump
misc/exercism: RevBump
net/amazon-ecs-cli: RevBump
net/amfora: RevBump
net/bombadillo: RevBump
net/croc: RevBump
net/czds: RevBump
net/dnscontrol: RevBump
net/dnscrypt-proxy2: RevBump
net/gh: RevBump
net/go-dnstap: RevBump
net/go-net: RevBump
net/go-websocket: RevBump
net/gunison: RevBump
net/gvproxy: RevBump
net/hub: RevBump
net/ipget: RevBump
net/kubectl: RevBump
net/libquic: RevBump
net/mangos: RevBump
net/nats-server: RevBump
net/obfs4proxy: RevBump
net/rclone: RevBump
net/stern: RevBump
net/syncthing: RevBump
net/terraform-provider-archive: RevBump
net/terraform-provider-aws: RevBump
net/terraform-provider-kubernetes: RevBump
net/terraform-provider-local: RevBump
net/terraform-provider-null: RevBump
net/terraform-provider-random: RevBump
net/terraform-provider-template: RevBump
net/terraform-provider-vultr: RevBump
net/terraform: RevBump
net/tut: RevBump
net/vultr-cli: RevBump
pkgtools/pkglint: RevBump
security/2fa: RevBump
security/age: RevBump
security/amass: RevBump
security/authelia: RevBump
security/cfssl: RevBump
security/dnsx: RevBump
security/go-asn1-ber: RevBump
security/go-crypto: RevBump
security/go-getpass: RevBump
security/go-mkcert: RevBump
security/gopass: RevBump
security/httpx: RevBump
security/nuclei: RevBump
security/oauth2c: RevBump
security/osv-scanner: RevBump
security/subfinder: RevBump
security/tlsx: RevBump
security/trufflehog: RevBump
security/vault: RevBump
shells/elvish: RevBump
shells/oh-my-posh: RevBump
sysutils/beats: RevBump
sysutils/consul: RevBump
sysutils/direnv: RevBump
sysutils/fzf: RevBump
sysutils/goreman: RevBump
sysutils/lf: RevBump
sysutils/node_exporter: RevBump
sysutils/packer: RevBump
sysutils/podman: RevBump
sysutils/restic: RevBump
sysutils/vultr: RevBump
textproc/glow: RevBump
textproc/go-kr-text: RevBump
textproc/go-md2man: RevBump
textproc/go-mmark: RevBump
textproc/go-text: RevBump
textproc/miller: RevBump
textproc/sift: RevBump
www/apisprout: RevBump
www/caddy: RevBump
www/gitea: RevBump
www/go-ffuf: RevBump
www/go-minify: RevBump
www/gotosocial: RevBump
www/grafana: RevBump
www/hugo: RevBump
www/jira-cli: RevBump
www/mycorrhiza: RevBump
www/pup: RevBump
www/restish: RevBump
www/shoutrrr: RevBump
Revisions pulled up:
- lang/go/version.mk 1.190,1.192
- lang/go120/PLIST 1.9
- lang/go120/distinfo 1.10-1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Oct 7 18:09:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
Log Message:
go120: update to 1.20.9 (security).
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.9
To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 11:02:08 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: distinfo
Log Message:
go120: update to 1.20.10 (security)
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go120/distinfo
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/textproc/libcue/Makefile@1.1.24.1
/
diff
pkgsrc/textproc/libcue/distinfo@1.3.16.1 / diff
pkgsrc/textproc/libcue/patches/patch-cd.c@1.1.2.2 / diff
pkgsrc/textproc/libcue/distinfo@1.3.16.1 / diff
pkgsrc/textproc/libcue/patches/patch-cd.c@1.1.2.2 / diff
Pullup ticket #6811 - requested by bsiegert
textproc/libcue: security patch
Revisions pulled up:
- textproc/libcue/Makefile 1.2
- textproc/libcue/distinfo 1.4
- textproc/libcue/patches/patch-cd.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Oct 9 17:35:38 UTC 2023
Modified Files:
pkgsrc/textproc/libcue: Makefile distinfo
Added Files:
pkgsrc/textproc/libcue/patches: patch-cd.c
Log Message:
libcue: add fix for CVE-2023-43641
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libcue/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libcue/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libcue/patches/patch-cd.c
textproc/libcue: security patch
Revisions pulled up:
- textproc/libcue/Makefile 1.2
- textproc/libcue/distinfo 1.4
- textproc/libcue/patches/patch-cd.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Oct 9 17:35:38 UTC 2023
Modified Files:
pkgsrc/textproc/libcue: Makefile distinfo
Added Files:
pkgsrc/textproc/libcue/patches: patch-cd.c
Log Message:
libcue: add fix for CVE-2023-43641
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libcue/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libcue/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libcue/patches/patch-cd.c
pkgsrc-2023Q2 commitmail json YAML
pkgsrc/print/ghostscript-agpl/Makefile@1.76.2.1
/
diff
pkgsrc/print/ghostscript-agpl/Makefile.common@1.29.2.1 / diff
pkgsrc/print/ghostscript-agpl/distinfo@1.44.2.1 / diff
pkgsrc/print/ghostscript-agpl/Makefile.common@1.29.2.1 / diff
pkgsrc/print/ghostscript-agpl/distinfo@1.44.2.1 / diff
Pullup ticket #6776 - requested by bsiegert
print/ghostscript-agpl: security update
Revisions pulled up:
- print/ghostscript-agpl/Makefile 1.77
- print/ghostscript-agpl/Makefile.common 1.30
- print/ghostscript-agpl/distinfo 1.45
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Jun 26 11:27:25 UTC 2023
Modified Files:
pkgsrc/print/ghostscript-agpl: Makefile Makefile.common distinfo
Log Message:
ghostscript-agpl: updated to 10.01.2
Version 10.01.2 (2023-06-21)
Highlights in this release include:
We've continued to improve the performance of the PDF interpreter
written in C and improve it's behaviour in edge and
out-of-specification cases.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental
improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR
engine. In such a build, new devices are available
(pdfocr8/pdfocr24/pdfocr32) which render the output file to an image,
OCR that image, and output the image "wrapped" up as a PDF file, with
the OCR generated text information included as "invisible" text (in
PDF terms, text rendering mode 3).
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/print/ghostscript-agpl/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/print/ghostscript-agpl/Makefile.common
cvs rdiff -u -r1.44 -r1.45 pkgsrc/print/ghostscript-agpl/distinfo
print/ghostscript-agpl: security update
Revisions pulled up:
- print/ghostscript-agpl/Makefile 1.77
- print/ghostscript-agpl/Makefile.common 1.30
- print/ghostscript-agpl/distinfo 1.45
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Jun 26 11:27:25 UTC 2023
Modified Files:
pkgsrc/print/ghostscript-agpl: Makefile Makefile.common distinfo
Log Message:
ghostscript-agpl: updated to 10.01.2
Version 10.01.2 (2023-06-21)
Highlights in this release include:
We've continued to improve the performance of the PDF interpreter
written in C and improve it's behaviour in edge and
out-of-specification cases.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental
improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR
engine. In such a build, new devices are available
(pdfocr8/pdfocr24/pdfocr32) which render the output file to an image,
OCR that image, and output the image "wrapped" up as a PDF file, with
the OCR generated text information included as "invisible" text (in
PDF terms, text rendering mode 3).
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/print/ghostscript-agpl/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/print/ghostscript-agpl/Makefile.common
cvs rdiff -u -r1.44 -r1.45 pkgsrc/print/ghostscript-agpl/distinfo
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/print/cups-base/Makefile@1.54.2.1
/
diff
pkgsrc/print/cups-base/distinfo@1.32.6.1 / diff
pkgsrc/print/cups-base/patches/patch-cups_string.c@1.1.2.2 / diff
pkgsrc/print/cups-base/distinfo@1.32.6.1 / diff
pkgsrc/print/cups-base/patches/patch-cups_string.c@1.1.2.2 / diff
Pullup ticket #6761 - requested by bsiegert
print/cups-base: security fix
Revisions pulled up:
- print/cups-base/Makefile 1.57
- print/cups-base/distinfo 1.33
- print/cups-base/patches/patch-cups_string.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 1 11:39:33 UTC 2023
Modified Files:
pkgsrc/print/cups-base: Makefile distinfo
Added Files:
pkgsrc/print/cups-base/patches: patch-cups_string.c
Log Message:
cups-base: fix security problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c
print/cups-base: security fix
Revisions pulled up:
- print/cups-base/Makefile 1.57
- print/cups-base/distinfo 1.33
- print/cups-base/patches/patch-cups_string.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 1 11:39:33 UTC 2023
Modified Files:
pkgsrc/print/cups-base: Makefile distinfo
Added Files:
pkgsrc/print/cups-base/patches: patch-cups_string.c
Log Message:
cups-base: fix security problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c
MAIN commitmail json YAML
doc: added net/iana-enterprise-numbers, updated sysutils/ipmitool
MAIN commitmail json YAML
pkgsrc/sysutils/ipmitool/Makefile@1.26
/
diff
pkgsrc/sysutils/ipmitool/PLIST@1.6 / diff
pkgsrc/sysutils/ipmitool/distinfo@1.14 / diff
pkgsrc/sysutils/ipmitool/patches/patch-ad deleted
pkgsrc/sysutils/ipmitool/patches/patch-ae@1.2 / diff
pkgsrc/sysutils/ipmitool/patches/patch-configure.ac@1.1 / diff
pkgsrc/sysutils/ipmitool/patches/patch-lib_ipmi__cfgp.c deleted
pkgsrc/sysutils/ipmitool/patches/patch-lib_ipmi__main.c deleted
pkgsrc/sysutils/ipmitool/patches/patch-src_plugins_lanplus_lanplus__crypt__impl.c deleted
pkgsrc/sysutils/ipmitool/PLIST@1.6 / diff
pkgsrc/sysutils/ipmitool/distinfo@1.14 / diff
pkgsrc/sysutils/ipmitool/patches/patch-ad deleted
pkgsrc/sysutils/ipmitool/patches/patch-ae@1.2 / diff
pkgsrc/sysutils/ipmitool/patches/patch-configure.ac@1.1 / diff
pkgsrc/sysutils/ipmitool/patches/patch-lib_ipmi__cfgp.c deleted
pkgsrc/sysutils/ipmitool/patches/patch-lib_ipmi__main.c deleted
pkgsrc/sysutils/ipmitool/patches/patch-src_plugins_lanplus_lanplus__crypt__impl.c deleted
update ipmitool to version 1.8.19
fixes CVE-2020-5208
upstream changelog:
version 1.8.19 2022-08-31
* Cast type before the left shift
* sel: Fix the deasserted thresholds inequality
* man: Update the text for -C option
* chassis restart_cause: Add new causes
* sel: Remove redundant "Reserve SEL"
* zero initialize the recv structure on the stack
* zero initialize the recv structure on the stack
* ci: Add support for MacOS-11
* ci: Remove ubuntu-16.04 support
* sdr: Fix modifier unit
* Fix compile error
* Refactor bridging level detection to dedicated function
* Fix double bridge detection in get_max_(req|rsp)_data_size()
* ipmi_mc: Fix the IPM_DEV_FWREV1_MAJOR_MASK
* helper: Fix stderr file descriptor
* Fix codefactor-io / CodeFactor warnings
* Use /run instead of /var/run
* oem: Update product IDs for YADRO
* lan: Add processing of get/set specific CCs
* lan: Refactor pointer style
* doc: update lanplus doc to reflect default cipher suite change
* ekanalyzer: Fix internal use area off-by-one bug
* ekanalyzer frushow: Fix internal area size calc
* sel: Fix "power supply inactive" flag offset
* ci: Add support for Ubuntu 20.04
* ci: Fix Ubuntu builds
* Fix compiler warning
* Fix compiler warning
* Fix compiler warning
* ci: Update for GitHub Actions v2.274.2
* free: Fix implicit function declarations
* Use "#pragma once" for headers
* Remove unneeded execution bits from C source files and a header file
* Convert line endings to LF
* Fixed compiler warning.
* RPM support: fixed broken build due to use of headers from kernel
* imbapi: replace __FUNCTION__ to eleminate compiler warnings
* lanplus: remove unused variable
* hpmfwupg: Clean up / refactor
* fru: Fix crashes on 6-bit ASCII strings
* oem: Add product ID for YADRO VEGMAN
* configure.ac: add '--location' for curl to follow location
* configure.ac: replace '-#' by '--progress-bar' with curl
* Add version info to debug output
* doc, ci: Fix an error in package name for Windows
* doc: Fix a small typo in INSTALL
* RPM support: updated spec file changelog
* RPM support: simplified build process
* RPM support: fixed broken RPM build
* doc: Update INSTALL with Windows info
* ci: Add Windows/cygwin config
* doc: Update INSTALL for new CI
* ci: Add github workflow, drop travis
* Fix compatibility with OpenBSD and macOS
* dist: Fix dependencies and cleanup
* dist: Add missing ipmi_time.h header to packaging
* configure: Fix compatibility with non-bash systems
* Finalize refactoring of string comparisons
* channel: Refactor set_user_access option processing
* Refactor string comparisons
* sel: Fix OEM record definition example
* sdr: harden against bad records
* fru: fix memory leak in ipmi_spd_print_fru
* ipmi_sel_set_time: fix strptime() return check
* hpm: use portable __max() in hpmfwupg
* hpmfwupg: move variable definition to .c file
* sel: time: fix null pointer dereference in set
* fru, sdr: Fix id_string buffer overflows
* lanp: Fix buffer overflows in get_lan_param_select
* channel: Fix buffer overflow
* session: Fix buffer overflow in ipmi_get_session_info
* fru: Fix buffer overflow in ipmi_spd_print_fru
* fru: Fix buffer overflow vulnerabilities
* configure: Drop requirement for curses et. al libs
* configure: remove some duplicate code
* doc: Update INSTALL to fix installation errors
* ipmi_dcmi: fix typo in nm_policy_options initialization.
* Docs: Add info on packages to install on Ubuntu 16.04
* chassis: Refactor to get rid of strncmp()
* chassis: Refactor main for centralized exiting
* chassis: bootdev: Refactor more
* chassis: bootdev: Refactor to reduce nesting
* chassis: bootdev: Fix help message and its formatting
* chassis: bootparam/bootdev: Refactor for less magic
* oem: supermicro: Add product codes from IPMICFG
* doc: Update man page regarding `user set password`
* user: Cleanup/refactor ipmi_user_password()
* user: Improve password length handling
* user: Alter "set password" usage information
* intf: Add missing function declarations
* doc: fix URL in README
* event: Clean up event sending from a file
* event: Clean up the event sending code
* event: Fix event submission via SSIF
* make: Use DESTDIR to install IANA PEN database
* lanplus: Fix embedded bridged responses handling
* Update .gitignore
* mc: Fix reporting of manufacturers > 64K
* Add installation of enterprise-numbers database
* Update documentation in regard to IANA PEN registry
* Use configurable path to IANA PEN registry
* Load IANA PEN registry from a file
* dbus: Replace obsolete INCLUDES with AM_CPPFLAGS
* oem: name change from Newisys to Viking Enterprise Solutions
* Fix default interface to behave as it did before
* man: Add documentation for chassis bootmbox
* man: Update the chassis bootparam section
* chassis: Add boot initiator mailbox support
* chassis: Use command-specific completion code parser
* Add support for command-specific completion codes
* Add a helper htoipmi24() function
* Add a helper args2buf() function
* man: Cleanup the manpage formatting tags
* create_pen_list: only print if values are set
* chassis: Refactor to reduce code duplication
* sdr: Fix segfault on invalid unit types
* vendor: Add YADRO TATLIN Storage Controller ID
* exchange-bmc-os-info: Remove dependency on ipmi.service
* Add mechanism to configure to set the default interface
* ci: Update INSTALL to reflect recent changes
* ci: Set up matrix builds with Travis CI
* Enable Travis build of D-Bus interface
* add OpenBMC D-Bus interface
* Fix "ipmitool pef {status,info}" not printing final newline
* Remove unused include
* Fix IPMI DCMI message typo
* open: swap free() calls for free_n()
* open: checking received msg id against expectation
* open: fix whitespace
* Refactor free_n() function
* fru: swap free() calls for free_n()
* fru: Fix write chunk reduction code
* fru: add macro FRU_AREA macros
* fru: replace magic return codes with macros
* fru header: add return error codes specific to fru
* fru: fix ipmi_fru_picmg_ext_edit as bool
* fru: use bool with ipmi_fru_oemkontron_edit
* fru: change ipmi_fru_query_new_value to return bool
* fru: mark ipmi_fru_query_new_value as static
* fru: add fru_cc_rq2big helper method for code checks
* fru: cleanup ipmi_fru_upg_ekeying
* fru: use ipmi_cc defined maros for return codes
* fru: drop extraneous parentheses on negative returns
* fru: delete unused variable matchInstance
* fru: cleanup ipmi_fru_oemkontron_get
* fru: fixup array bounds checking
* hpm: Adhere to centralized exiting
* hpm: Minor refactoring
* hpm: Fix resource leak
* sol: Make interface timeout obey the -N option
* helper: add free_n method to handle clearing pointers
* cygwin: imb: Fix build error (wchar_t)
* lanplus: Fix segfault for truncated dcmi response
* Move led color static array to source file
* drop unused static arrays
* move static objects to source file
* cleanup all unused-parameter warnings
* use __UNUSED__ macro instead of gcc specific attribute
* implement __UNUSED__ macro for marking unused
* Add .dirstamp to .gitignore
* fru: Fix processing of unspecified board mfg. date
* [compiler-warnings-fixes] use correct fall through comment
* [compiler-warnings-fixes] ipmi_start_daemon: check return values
* [compiler-warnings-fixes] ipmi_sdr.c: remove unused function parameters
* lan: Fix processing disabled VLAN
* Make ipmitool respect system locale settings
* Fix strftime() non-literal argument warning
* Refactor timestamp handling
* doc: Update manpage with new contact info
* lanplus: Refactoring
* lanplus: Fix -C option processing
* lanplus: Auto-select 'best' cipher suite available
* lanplus: Fix compile with deprecated APIs disabled.
* doc: Update home page links
* doc: Update formatting of ipmitool man page
* sensor: Refactor ipmi_sensor_print_fc_threshold()
* sensor: Add support for csv output
* plugins: open: Properly enable event receiver (#35)
* lan: Refactoring: Remove unused function
* general: Get rid of some unused parameter warnings
* mc: guid: Implement encoding autodetection
* mc: guid: Fix timestamp decoding
* mc: guid: Add support for non-standard encodings
* mc: guid: Fix byte ordering to follow IPMI spec
* Refactoring: optimize pointer checks
* imb: Refactoring: remove duplicate code
* Refactoring: get rid of superfluous comparisons
* Refactoring. Improve code reuse ratio.
* general: Fix several misspellings
* mc: Fix compiler warnings
* general: Add array_byteswap() to helper
* lanplus: Make byteswapping generic
* framework: Update .gitignore
* framework: Switch to C11 standard with GNU extensions
* framework: ci: Add support for Travis CI
* oem: Add basic support for Quanta
* intf: Refactoring. Remove unused sendrsp()
* dummy: Add default dummy socket
* mc: Fix manufacturer ID masking
* Refactoring. Remove useless feature test macros.
* general: Make byteswapping arch-independent
* sel: Minor refactoring
* sdr: Refactor/optimize code. No functional changes.
* Add an option to display all dates in UTC
* mc: Code refactor to reduce copy-paste ratio
* mc: watchdog set: Refactor to reduce complexity
* mc: watchdog set: Fix intr setting
* mc: watchdog get: Update to match IPMI 2.0 spec
* mc: watchdog: Add `set` command
* framework: Make git ignore cscope.out
* plugins/open: Fix for interrupted select
* nm: Fix policy range (#12)
* Replace user_id masks with a macro (#8)
* fru: internaluse: Fix segmentation fault (#9)
* dcmi: Refactor
* ID:508 - Fix segfaults in dcmi command handlers
* vendor: Add YADRO VESNIN identification
* ID:491 - Fetch vendor IDs from IANA
* ID:472 - Fix The Most recent Addition/Erase date
* ID:480 - Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup()
* ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
* Make git revision more descriptive
* ID:477 - fru: Fix decoding of non-text data in get_fru_area_str()
* ID:479 - ekanalyzer: fix processing of custom mfg. fields
* ID:478 - ekanalyzer: Fixed decoding of FRU fields
* Add some more configure/build/editor byproducts to .gitignore
* Add git hash and dirty mark to ipmitool version
* Prevent autoreconf from complaining about missing NEWS
* Add bootstrap support for Mac
* ID:474 - Compile fix on nonlinux systems
* ID:461 - Make compiler happier about changes related to OpenSSL 1.1
* ID:461 - OpenSSL 1.1 compatibility - "error: storage size of 'ctx' isn't known"
fixes CVE-2020-5208
upstream changelog:
version 1.8.19 2022-08-31
* Cast type before the left shift
* sel: Fix the deasserted thresholds inequality
* man: Update the text for -C option
* chassis restart_cause: Add new causes
* sel: Remove redundant "Reserve SEL"
* zero initialize the recv structure on the stack
* zero initialize the recv structure on the stack
* ci: Add support for MacOS-11
* ci: Remove ubuntu-16.04 support
* sdr: Fix modifier unit
* Fix compile error
* Refactor bridging level detection to dedicated function
* Fix double bridge detection in get_max_(req|rsp)_data_size()
* ipmi_mc: Fix the IPM_DEV_FWREV1_MAJOR_MASK
* helper: Fix stderr file descriptor
* Fix codefactor-io / CodeFactor warnings
* Use /run instead of /var/run
* oem: Update product IDs for YADRO
* lan: Add processing of get/set specific CCs
* lan: Refactor pointer style
* doc: update lanplus doc to reflect default cipher suite change
* ekanalyzer: Fix internal use area off-by-one bug
* ekanalyzer frushow: Fix internal area size calc
* sel: Fix "power supply inactive" flag offset
* ci: Add support for Ubuntu 20.04
* ci: Fix Ubuntu builds
* Fix compiler warning
* Fix compiler warning
* Fix compiler warning
* ci: Update for GitHub Actions v2.274.2
* free: Fix implicit function declarations
* Use "#pragma once" for headers
* Remove unneeded execution bits from C source files and a header file
* Convert line endings to LF
* Fixed compiler warning.
* RPM support: fixed broken build due to use of headers from kernel
* imbapi: replace __FUNCTION__ to eleminate compiler warnings
* lanplus: remove unused variable
* hpmfwupg: Clean up / refactor
* fru: Fix crashes on 6-bit ASCII strings
* oem: Add product ID for YADRO VEGMAN
* configure.ac: add '--location' for curl to follow location
* configure.ac: replace '-#' by '--progress-bar' with curl
* Add version info to debug output
* doc, ci: Fix an error in package name for Windows
* doc: Fix a small typo in INSTALL
* RPM support: updated spec file changelog
* RPM support: simplified build process
* RPM support: fixed broken RPM build
* doc: Update INSTALL with Windows info
* ci: Add Windows/cygwin config
* doc: Update INSTALL for new CI
* ci: Add github workflow, drop travis
* Fix compatibility with OpenBSD and macOS
* dist: Fix dependencies and cleanup
* dist: Add missing ipmi_time.h header to packaging
* configure: Fix compatibility with non-bash systems
* Finalize refactoring of string comparisons
* channel: Refactor set_user_access option processing
* Refactor string comparisons
* sel: Fix OEM record definition example
* sdr: harden against bad records
* fru: fix memory leak in ipmi_spd_print_fru
* ipmi_sel_set_time: fix strptime() return check
* hpm: use portable __max() in hpmfwupg
* hpmfwupg: move variable definition to .c file
* sel: time: fix null pointer dereference in set
* fru, sdr: Fix id_string buffer overflows
* lanp: Fix buffer overflows in get_lan_param_select
* channel: Fix buffer overflow
* session: Fix buffer overflow in ipmi_get_session_info
* fru: Fix buffer overflow in ipmi_spd_print_fru
* fru: Fix buffer overflow vulnerabilities
* configure: Drop requirement for curses et. al libs
* configure: remove some duplicate code
* doc: Update INSTALL to fix installation errors
* ipmi_dcmi: fix typo in nm_policy_options initialization.
* Docs: Add info on packages to install on Ubuntu 16.04
* chassis: Refactor to get rid of strncmp()
* chassis: Refactor main for centralized exiting
* chassis: bootdev: Refactor more
* chassis: bootdev: Refactor to reduce nesting
* chassis: bootdev: Fix help message and its formatting
* chassis: bootparam/bootdev: Refactor for less magic
* oem: supermicro: Add product codes from IPMICFG
* doc: Update man page regarding `user set password`
* user: Cleanup/refactor ipmi_user_password()
* user: Improve password length handling
* user: Alter "set password" usage information
* intf: Add missing function declarations
* doc: fix URL in README
* event: Clean up event sending from a file
* event: Clean up the event sending code
* event: Fix event submission via SSIF
* make: Use DESTDIR to install IANA PEN database
* lanplus: Fix embedded bridged responses handling
* Update .gitignore
* mc: Fix reporting of manufacturers > 64K
* Add installation of enterprise-numbers database
* Update documentation in regard to IANA PEN registry
* Use configurable path to IANA PEN registry
* Load IANA PEN registry from a file
* dbus: Replace obsolete INCLUDES with AM_CPPFLAGS
* oem: name change from Newisys to Viking Enterprise Solutions
* Fix default interface to behave as it did before
* man: Add documentation for chassis bootmbox
* man: Update the chassis bootparam section
* chassis: Add boot initiator mailbox support
* chassis: Use command-specific completion code parser
* Add support for command-specific completion codes
* Add a helper htoipmi24() function
* Add a helper args2buf() function
* man: Cleanup the manpage formatting tags
* create_pen_list: only print if values are set
* chassis: Refactor to reduce code duplication
* sdr: Fix segfault on invalid unit types
* vendor: Add YADRO TATLIN Storage Controller ID
* exchange-bmc-os-info: Remove dependency on ipmi.service
* Add mechanism to configure to set the default interface
* ci: Update INSTALL to reflect recent changes
* ci: Set up matrix builds with Travis CI
* Enable Travis build of D-Bus interface
* add OpenBMC D-Bus interface
* Fix "ipmitool pef {status,info}" not printing final newline
* Remove unused include
* Fix IPMI DCMI message typo
* open: swap free() calls for free_n()
* open: checking received msg id against expectation
* open: fix whitespace
* Refactor free_n() function
* fru: swap free() calls for free_n()
* fru: Fix write chunk reduction code
* fru: add macro FRU_AREA macros
* fru: replace magic return codes with macros
* fru header: add return error codes specific to fru
* fru: fix ipmi_fru_picmg_ext_edit as bool
* fru: use bool with ipmi_fru_oemkontron_edit
* fru: change ipmi_fru_query_new_value to return bool
* fru: mark ipmi_fru_query_new_value as static
* fru: add fru_cc_rq2big helper method for code checks
* fru: cleanup ipmi_fru_upg_ekeying
* fru: use ipmi_cc defined maros for return codes
* fru: drop extraneous parentheses on negative returns
* fru: delete unused variable matchInstance
* fru: cleanup ipmi_fru_oemkontron_get
* fru: fixup array bounds checking
* hpm: Adhere to centralized exiting
* hpm: Minor refactoring
* hpm: Fix resource leak
* sol: Make interface timeout obey the -N option
* helper: add free_n method to handle clearing pointers
* cygwin: imb: Fix build error (wchar_t)
* lanplus: Fix segfault for truncated dcmi response
* Move led color static array to source file
* drop unused static arrays
* move static objects to source file
* cleanup all unused-parameter warnings
* use __UNUSED__ macro instead of gcc specific attribute
* implement __UNUSED__ macro for marking unused
* Add .dirstamp to .gitignore
* fru: Fix processing of unspecified board mfg. date
* [compiler-warnings-fixes] use correct fall through comment
* [compiler-warnings-fixes] ipmi_start_daemon: check return values
* [compiler-warnings-fixes] ipmi_sdr.c: remove unused function parameters
* lan: Fix processing disabled VLAN
* Make ipmitool respect system locale settings
* Fix strftime() non-literal argument warning
* Refactor timestamp handling
* doc: Update manpage with new contact info
* lanplus: Refactoring
* lanplus: Fix -C option processing
* lanplus: Auto-select 'best' cipher suite available
* lanplus: Fix compile with deprecated APIs disabled.
* doc: Update home page links
* doc: Update formatting of ipmitool man page
* sensor: Refactor ipmi_sensor_print_fc_threshold()
* sensor: Add support for csv output
* plugins: open: Properly enable event receiver (#35)
* lan: Refactoring: Remove unused function
* general: Get rid of some unused parameter warnings
* mc: guid: Implement encoding autodetection
* mc: guid: Fix timestamp decoding
* mc: guid: Add support for non-standard encodings
* mc: guid: Fix byte ordering to follow IPMI spec
* Refactoring: optimize pointer checks
* imb: Refactoring: remove duplicate code
* Refactoring: get rid of superfluous comparisons
* Refactoring. Improve code reuse ratio.
* general: Fix several misspellings
* mc: Fix compiler warnings
* general: Add array_byteswap() to helper
* lanplus: Make byteswapping generic
* framework: Update .gitignore
* framework: Switch to C11 standard with GNU extensions
* framework: ci: Add support for Travis CI
* oem: Add basic support for Quanta
* intf: Refactoring. Remove unused sendrsp()
* dummy: Add default dummy socket
* mc: Fix manufacturer ID masking
* Refactoring. Remove useless feature test macros.
* general: Make byteswapping arch-independent
* sel: Minor refactoring
* sdr: Refactor/optimize code. No functional changes.
* Add an option to display all dates in UTC
* mc: Code refactor to reduce copy-paste ratio
* mc: watchdog set: Refactor to reduce complexity
* mc: watchdog set: Fix intr setting
* mc: watchdog get: Update to match IPMI 2.0 spec
* mc: watchdog: Add `set` command
* framework: Make git ignore cscope.out
* plugins/open: Fix for interrupted select
* nm: Fix policy range (#12)
* Replace user_id masks with a macro (#8)
* fru: internaluse: Fix segmentation fault (#9)
* dcmi: Refactor
* ID:508 - Fix segfaults in dcmi command handlers
* vendor: Add YADRO VESNIN identification
* ID:491 - Fetch vendor IDs from IANA
* ID:472 - Fix The Most recent Addition/Erase date
* ID:480 - Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup()
* ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
* Make git revision more descriptive
* ID:477 - fru: Fix decoding of non-text data in get_fru_area_str()
* ID:479 - ekanalyzer: fix processing of custom mfg. fields
* ID:478 - ekanalyzer: Fixed decoding of FRU fields
* Add some more configure/build/editor byproducts to .gitignore
* Add git hash and dirty mark to ipmitool version
* Prevent autoreconf from complaining about missing NEWS
* Add bootstrap support for Mac
* ID:474 - Compile fix on nonlinux systems
* ID:461 - Make compiler happier about changes related to OpenSSL 1.1
* ID:461 - OpenSSL 1.1 compatibility - "error: storage size of 'ctx' isn't known"
MAIN commitmail json YAML
the package name better copy the subdir name
MAIN commitmail json YAML
pkgsrc/net/Makefile@1.1514
/
diff
pkgsrc/net/iana-enterprise-numbers/DESCR@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/Makefile@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/PLIST@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/distinfo@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/DESCR@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/Makefile@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/PLIST@1.1 / diff
pkgsrc/net/iana-enterprise-numbers/distinfo@1.1 / diff
add a package for the IANA Private Enterprise Numbers (PENs), see RFC 9371
pkgsrc-2023Q1 commitmail json YAML
pullups 6756, 6757, 6758 and 6759
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6759 - requested by he
security/gnutls: build fix
Revisions pulled up:
- security/gnutls/Makefile 1.240
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Sun May 14 08:11:51 UTC 2023
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
gnutls: require minimum gcc 6, and indicte use of c++11.
The in-tree compiler on NetBSD/macppc 8.0 (gcc 5 based)
fails to build this package, with what now looks like a
bug in gcc 5.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/security/gnutls/Makefile
security/gnutls: build fix
Revisions pulled up:
- security/gnutls/Makefile 1.240
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Sun May 14 08:11:51 UTC 2023
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
gnutls: require minimum gcc 6, and indicte use of c++11.
The in-tree compiler on NetBSD/macppc 8.0 (gcc 5 based)
fails to build this package, with what now looks like a
bug in gcc 5.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/security/gnutls/Makefile
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6758 - requested by taca
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.79
- www/drupal7/distinfo 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon May 1 14:34:00 UTC 2023
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
www/drupal7: update to 7.97
7.96 (2023-04-19)
This is a security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcements:
* Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
No other fixes are included.
7.97 (2023-04-21)
This is a "hotfix" release to address a PHP 5.x regression caused by
SA-CORE-2023-005.
Changes since 7.96:
* #3355216 by poker10: Fix PHP 5.x regression caused by ::class constant
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/drupal7/distinfo
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.79
- www/drupal7/distinfo 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon May 1 14:34:00 UTC 2023
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
www/drupal7: update to 7.97
7.96 (2023-04-19)
This is a security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcements:
* Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
No other fixes are included.
7.97 (2023-04-21)
This is a "hotfix" release to address a PHP 5.x regression caused by
SA-CORE-2023-005.
Changes since 7.96:
* #3355216 by poker10: Fix PHP 5.x regression caused by ::class constant
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/drupal7/distinfo
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/archivers/zstd/distinfo@1.34.2.1
/
diff
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S@1.1.2.2 / diff
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S@1.1.2.2 / diff
Pullup ticket #6757 - requested by dholland
archivers/zstd: build fix
Revisions pulled up:
- archivers/zstd/distinfo 1.36
- archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 30 01:39:20 UTC 2023
Modified Files:
pkgsrc/archivers/zstd: distinfo
Added Files:
pkgsrc/archivers/zstd/patches:
patch-lib_decompress_huf__decompress__amd64.S
Log Message:
PR 57383 Mike Owens: zstd assembler bug on SPARC
Put amd64 assembler directives inside the amd64 ifdefs so they don't
get assembled on other targets.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/archivers/zstd/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S
archivers/zstd: build fix
Revisions pulled up:
- archivers/zstd/distinfo 1.36
- archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 30 01:39:20 UTC 2023
Modified Files:
pkgsrc/archivers/zstd: distinfo
Added Files:
pkgsrc/archivers/zstd/patches:
patch-lib_decompress_huf__decompress__amd64.S
Log Message:
PR 57383 Mike Owens: zstd assembler bug on SPARC
Put amd64 assembler directives inside the amd64 ifdefs so they don't
get assembled on other targets.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/archivers/zstd/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6756 - requested by taca
devel/git-base: security update
devel/git: version update
Revisions pulled up:
- devel/git-base/Makefile 1.104
- devel/git-base/distinfo 1.133
- devel/git/Makefile.version 1.117
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 26 08:44:38 UTC 2023
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
Log Message:
git: updated to 2.40.1
Git v2.40.1 Release Notes
============
This release merges up the fix that appears in v2.30.9, v2.31.8,
v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5
and v2.39.3 to address the security issues CVE-2023-25652,
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
versions for details.
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.103 -r1.104 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.132 -r1.133 pkgsrc/devel/git-base/distinfo
devel/git-base: security update
devel/git: version update
Revisions pulled up:
- devel/git-base/Makefile 1.104
- devel/git-base/distinfo 1.133
- devel/git/Makefile.version 1.117
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 26 08:44:38 UTC 2023
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
Log Message:
git: updated to 2.40.1
Git v2.40.1 Release Notes
============
This release merges up the fix that appears in v2.30.9, v2.31.8,
v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5
and v2.39.3 to address the security issues CVE-2023-25652,
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
versions for details.
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.103 -r1.104 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.132 -r1.133 pkgsrc/devel/git-base/distinfo
MAIN commitmail json YAML
inn has been updated
MAIN commitmail json YAML
pkgsrc/news/inn/MESSAGE@1.9
/
diff
pkgsrc/news/inn/Makefile@1.138 / diff
pkgsrc/news/inn/PLIST@1.29 / diff
pkgsrc/news/inn/distinfo@1.41 / diff
pkgsrc/news/inn/options.mk@1.10 / diff
pkgsrc/news/inn/patches/patch-aa@1.14 / diff
pkgsrc/news/inn/patches/patch-ab@1.12 / diff
pkgsrc/news/inn/patches/patch-ac@1.14 / diff
pkgsrc/news/inn/patches/patch-ad@1.9 / diff
pkgsrc/news/inn/patches/patch-ag@1.14 / diff
pkgsrc/news/inn/patches/patch-ah@1.18 / diff
pkgsrc/news/inn/patches/patch-ak@1.4 / diff
pkgsrc/news/inn/patches/patch-al@1.3 / diff
pkgsrc/news/inn/Makefile@1.138 / diff
pkgsrc/news/inn/PLIST@1.29 / diff
pkgsrc/news/inn/distinfo@1.41 / diff
pkgsrc/news/inn/options.mk@1.10 / diff
pkgsrc/news/inn/patches/patch-aa@1.14 / diff
pkgsrc/news/inn/patches/patch-ab@1.12 / diff
pkgsrc/news/inn/patches/patch-ac@1.14 / diff
pkgsrc/news/inn/patches/patch-ad@1.9 / diff
pkgsrc/news/inn/patches/patch-ag@1.14 / diff
pkgsrc/news/inn/patches/patch-ah@1.18 / diff
pkgsrc/news/inn/patches/patch-ak@1.4 / diff
pkgsrc/news/inn/patches/patch-al@1.3 / diff
update inn to 2.7.1
adding canlock option kudos micha@
upstream changelog:
Changes in 2.7.1 (2023-04-16)
* Added a new *groupexactcount* parameter in readers.conf to force nnrpd
to report the exact number of still existing articles in newsgroups
instead of an estimated count. When the estimated number of articles
is strictly below *groupexactcount* (set to 5 by default), nnrpd now
recounts them and reports the actual value (articles that have been
cancelled or overwritten in self-expiring CNFS buffers may otherwise
still be counted in the estimate). News clients will then be directly
aware of empty newsgroups; they would otherwise have tried to retrieve
possible articles, to finally not show anything to the user.
* Programs sending mails now include, when appropriate, an
Auto-Submitted header field in the message headers (either set to
"auto-generated" or "auto-replied", following the recommendation in
RFC 3834). Thanks to Harald Dunkel for this suggestion which will for
instance help to avoid unnecessary vacation replies.
* Added a new -a option to innmail to specify additional header fields
to add in the headers of messages. This is notably used to internally
support the addition of the Auto-Submitted header field in outgoing
mails.
* Added new ovsqlite-util program to perform some basic consistency
checks and dump operations on an overview database using the ovsqlite
method. More checks and features will be added in future releases.
You'll need the "DBI" Perl module with the "DBD::SQLite" driver
installed on your system to use this program.
* Added TLS support in pullnews for connections to upstream servers
configured in pullnews.marks, and to the downstream server in the
existing -s flag. A port can now also be specified for connections to
upstream servers (it was already possible for the downstream server
only).
* Added a new -L option to pullnews to specify the largest wanted
article size in bytes. Articles whose size exceeds that value will no
longer be downloaded by pullnews.
* pullnews now detects a socket timeout while downloading articles from
a remote peer. The download gracefully stops, and another attempt can
be automatically made according to the setting given with the -t flag.
Thanks to Jesse Rehmer for the bug report.
* Fixed the generation and the handling of storage tokens on wrapped
CNFS buffers, thanks to bug reports from Kamil Jonca:
* Duplicate entries were returned by makehistory on fully wrapped
cyclic buffers (the first article of the cyclic buffer appeared
twice in the output).
* The first article of a fully wrapped cyclic buffer was removed too
soon from history (expire wrongly thought its storage token was no
longer existing after a wrap).
* The first article of the previous cycle number of a cyclic buffer
containing articles from two different cycle numbers was wrongly
considered by makehistory to belong to the current cycle number.
* innd no longer dies when a newsfeeds entry has an unexpected trailing
whitespace.
* The size of duplicated articles was counted twice in totals, average
article sizes and graphs by innreport, when parsing innd checkpoints.
Thanks to Hauke Lampe for the patch to count it only once.
* Customizing the domain part of Message-IDs generated by nnrpd and the
server name indicated in Injection-Info header fields is now easier:
the *domain* parameter in the access blocks of readers.conf can be
directly used (without needing to set *virtualhost* as it was
previously the case).
* If the *domain* parameter is set in inn.conf or in a readers.conf
access block, and has invalid characters, or if the fully qualified
domain name (FQDN) of the news server has invalid characters when
*domain* is unset, a fatal error is now reported at startup. It is a
basic configuration error which otherwise leads to the generation of
invalid article Message-IDs.
* Improved the speed of article searches with HDR, LAST, NEXT, and XPAT
commands when there is a (huge) gap in article numbers. On newsgroups
with several millions of consecutive missing articles (which is a rare
situation), these commands could take several seconds to run.
* Incoming articles in newsgroups that have exceeded the maximum number
of articles they can contain (2^31-1) are now correctly rejected. INN
was otherwise happily accepting them but either numbers returned in
NNTP responses were not right, or some news clients choked when
receiving unexpected large article numbers. (The current version of
the NNTP protocol only allows article numbers up to 2^31-1.)
* Fixed the renumbering of reported low water marks for empty newsgroups
in active after overview expiration, when using the ovsqlite method.
They were set to 1 for empty newsgroups whereas they were not supposed
to decrease. (These reported low water marks regained their expected
values during the next overview expiration, provided that the
newsgroup was no longer empty.)
* The reported high water mark of empty newsgroups is now correctly set
to one less than the reported low water mark in overview data.
(Previously, the reported low water mark was set to one more than the
reported high water mark.)
* Fixed the output of the "ctlinnd feedinfo ''" command that was
returning information only for the first site, and the output of the
"ctlinnd name channel" command that was returning partial information
for the requested channel.
* The build of external programs which include inn/storage.h was failing
because of the unexpected inclusion of config.h in one of the included
headers. Also, a few Autoconf results were not correctly made
available to external programs. This is now fixed.
* Fixed the build on systems whose default shell does not completely
meet the Posix standard. A few build scripts were run with the
default shell instead of the one found by Autoconf and afterwards used
for INN.
* Use standard daemon(3) C function, when available, to daemonize innd,
nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific
function.
Upgrading from 2.6 to 2.7
The following changes require your full attention because a manual
intervention may be needed:
* The *require_ssl* parameter in readers.conf has been renamed to
*require_encryption* as it applies to any kind of encryption layers,
including TLS and SASL security layers. Since innupgrade only takes
care of the change in the file named readers.conf, you will have to
manually rename that parameter in configuration files for nnrpd with
an alternate name.
* The innreport.conf file in *pathetc* has been split into a general
configuration file (innreport.conf itself) and a display configuration
file (innreport-display.conf in *pathlib*). If you made local changes
in sections other than the *default* section in innreport.conf, and
wish to keep them, then you need renaming the new
innreport-display.conf file to another name in *pathlib*, setting this
local file name in the new *display_conf_file* option in
innreport.conf, and re-applying your local changes to that local
display configuration file.
As a matter of fact, the default display configuration file would
otherwise be overwritten each time INN is updated. Bug fixes or
enhancements are made from time to time to the display configuration
of innreport, and previously couldn't be automatically be merged in
innreport.conf on update. This new separate configuration file to
parameterize the display will now permit an automatic update (if of
course you use the default display configuration file).
* A new inn-secrets.conf configuration file has been added in *pathetc*.
The intent is that, from now on, new secrets used by INN are added to
that file, and that all secrets currently stored in several other
configuration files eventually move to that file. Make sure it is
properly created during the upgrade, and not world-readable. It
currently only stores the secrets used for the new Cancel-Lock
functionality.
* The -C flag given to innd to disable the execution of cancels has been
deprecated and is no longer taken into account (an error message will
be present in your logs if innd is started with it). Instead, a new
parameter has been added in inn.conf to tune the types of cancels innd
should process. If *docancels* is set to "require-auth", which is the
default if INN has Cancel-Lock support, only articles originally
protected by the Cancel-Lock authentication mechanism can be withdrawn
by a valid authenticated cancel article or a valid authenticated
supersede request. Withdrawals of articles not originally protected
by Cancel-Lock will not be executed. See inn.conf(5) for more details
about the different values of the new *docancels* parameter, and make
sure to parameterize it according to your needs.
* The *refusecybercancels* and *verifycancels* parameters have been
removed from inn.conf. The first was performing an inefficient and
inexact check (that should be done, if wanted, in the special "ME"
entry in newsfeeds, or even better, ask your peers not to feed you
articles with "cyberspam" in the Path header field body); the second
check performed on the newsgroups present in cancel articles was not
useful in innd (this check is relevant to posting agents).
The related lines in inn.conf will be commented by innupgrade during
the upgrade.
* The XBATCH command is no longer enabled by default in innd. You'll
have to explicitly enable that capability by setting the new *xbatch*
parameter to true in incoming.conf for the peers sending you such
compressed batches.
* The *nolist* and *noresendid* parameters in incoming.conf have been
respectively renamed to *list* and *resendid* (and the meaning of
their related boolean values is now the opposite). Besides, the
unused *comment* and *email* parameters in incoming.conf have been
removed. innupgrade will take care of the changes (inverting the
boolean values, and commenting the lines with removed parameters).
* filechan is no longer shipped with INN; it was just a simple version
of buffchan. All calls to "filechan" will be changed to "buffchan -u"
(for its unbuffered mode) in newsfeeds by innupgrade. If you have
local scripts running filechan, you will have to manually take care of
the change.
* send-nntp is no longer shipped with INN. If you have local scripts
running it, you will have to manually adjust them to use nntpsend
which basically does the same thing, better. Or, even greater, use
innfeed if that is possible.
* Wrappers around old Perl and Python authentication and access hooks,
pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and
*nnrppythonauth* parameters in inn.conf, are no longer shipped as
samples in INN releases. If not already done, you should either
replace old hooks with new modern hooks or use the possibilities that
readers.conf and regular authenticator and resolver programs offer.
* The libauth.h header file and the libstorage library have been renamed
to libinnauth.h and libinnstorage to homogenize their name with
existing libinnhist library. External programs building or linking
against them need a manual change.
If you are upgrading from a version prior to INN 2.6, see also
"Upgrading from 2.5 to 2.6".
Changes in 2.7.0 (2022-07-10)
* Upgrading to a major release is a good time to ensure that your
configuration files, that are usually kept untouched during normal
updates, are up-to-date: notably control.ctl (with your local changes
in a separate control.ctl.local file), new better default values in
inn.conf and innfeed.conf, improvements in innreport.conf (along with
innreport-display.conf) and innreport.css, fixes in innwatch.ctl,
updated moderators and nocem.ctl files.
You may also want to check that the PGP keys used to verify the
signature of control articles and NoCeM notices are still up-to-date
and working. The keys of a few hierarchies and NoCeM issuers have
recently changed.
* Bo Lindbergh has implemented a new overview storage method based on
SQLite, known for its long-term stability and compatibility. Robust
and faster at reading ranges of overview data, but somewhat slower at
writing, this new SQLite-based method is a perfect choice to store
overview data.
To select it as your overview method, set the *ovmethod* parameter in
inn.conf to "ovsqlite". Details about ovsqlite, the ovsqlite.conf
configuration file and how to switch to that new modern overview
storage method can be found in the ovsqlite(5) and makehistory(8) man
pages.
* Julien Elie has implemented Cancel-Lock support in innd and nnrpd,
based on RFC 8315 and libcanlock. A new inn-secrets.conf
configuration file has been added in *pathetc* wherein you can set the
secrets to use for Cancel-Lock. See the inn-secrets.conf(5) man page
for more details.
A new -F flag is recognized by innconfval to indicate the type of file
to parse (by default, "inn.conf"); just run "innconfval -F
inn-secrets.conf" to get the values of that new configuration file.
Another new flag, -f, permits specifying another file name to parse
than the standard one.
The *addcanlockuser* parameter has been added in readers.conf to
deactivate the generation of user-specific hashes when several
different posters have the same identity in an access group. This
parameter also permits setting whether the hash, when generated, is
based on the username or the (static) IP of the connection.
* Added a new tool, gencancel, to help the news administrator generate
authenticated cancel control messages, with the expected admin
Cancel-Key hashes. See the gencancel(1) man page for more details.
* A new *docancels* parameter has been added in inn.conf to define which
types of cancels innd should process. The -C flag given to innd is
deprecated in favour of that new parameter (you'll see in your logs
the message "innd -C flag has been deprecated and has no effect; use
docancels in inn.conf" in case you're passing that flag to innd).
* Andreas Kempe has implemented blacklistd support in nnrpd. This
daemon, available notably in FreeBSD and NetBSD, can be used to
prevent brute force attacks by blocking attackers after a number of
failed login attempts. When nnrpd is run with the new -B flag, and
INN has been configured with the new --with-blacklist option, it will
report login attempts to the blacklistd daemon for potential blocking.
* Building INN with TLS support using LibreSSL is now supported (only
OpenSSL was previously officially supported and tested).
* Fixed the parsing of *hosts* and *localaddress* parameters in
readers.conf; exclusion patterns (beginning with "!") have not been
working since INN 2.5.0.
* Improved the robustness of innxmit when receiving 500 or 501 response
codes from peers, indicating they do not understand the NNTP command
or (wrongly) think there is a syntax error. Richard Kettlewell added
a proper handling of these responses, making innxmit dropping the
refused article instead of keeping sending it over and over (and thus
receiving each time the same error in response codes).
* innreport now collects statistics from innxbatch and generates a
section for them in its reports.
* The innreport.conf file in *pathetc*, previously containing almost
2500 lines, has been split into a general configuration file
(innreport.conf itself, still in *pathetc*, with about 60 lines) and a
display configuration file (innreport-display.conf, a new separate
file in *pathlib*). The name of this display configuration file can
be parameterized in the new *display_conf_file* option in
innreport.conf.
* The -m flag given to mailpost now sets a List-ID header field instead
of a Mailing-List header field.
* rc.news, used to start and stop INN daemons, now checks whether it is
run as the news user. It will exit if not the case, to ensure not to
tamper with the ownership of files INN manipulates.
* filechan has been removed; it was just a simple version of buffchan,
which should now be used.
* send-nntp has been removed; it was just a simple version of nntpsend,
which should now be used (or, even better, innfeed).
* The *refusecybercancels* and *verifycancels* parameters have been
removed from inn.conf. Besides, inews no longer checks if the From or
Sender header fields of a cancel or supersede request match the ones
of the original article being withdrawn. All of these were either
inefficient or inexact checks.
* The *xbatch* parameter has been added in incoming.conf to enable the
XBATCH command in innd for specific remote peers. The default is to
disable the capability.
* The *nolist* and *noresendid* parameters in incoming.conf have been
respectively renamed to *list* and *resendid* (and the meaning of
their related boolean values is now the opposite). Besides, the
unused *comment* and *email* parameters in incoming.conf have been
removed.
* inews no longer adds a Sender header field nor overwrites an existing
one in articles it processes if the new -P flag is used. The Path
header field, if unset, no longer systematically contains the path
identity of the local news server (you may want to add it manually
with the -x flag, if needed). Finally, inews also no longer adds the
obsolescent Lines header field.
* A new -E flag can now be given to inews to silently discard empty
articles, instead of bailing out with an error. Another new -m flag
permits setting the Message-ID instead of letting inews generate one.
And a third new flag, -Y, forces inews to authenticate to the remote
news server even if not asked to.
* signcontrol has been removed as it embeds per-site configuration which
is overwritten each time INN is updated to a newer version, and it is
unlikely you ever need it. Nonetheless, if you need to issue
PGP-signed control messages, you can still download it from
<https://ftp.isc.org/pub/pgpcontrol/>.
* Support in controlchan for obsolete *sendsys*, *senduuname* and
*version* control messages has been removed. These control messages,
long been deprecated, should no longer be sent nor honoured nowadays.
Besides, the "doifarg" keyword in control.ctl is no longer recognized
(it was only used for these three kinds of control messages).
* The *require_ssl* parameter in readers.conf has been renamed to
*require_encryption*, which is a better name as it applies to any kind
of encryption layers, including TLS and SASL security layers.
* Fixed the use of a deprecated API in Kerberos V5. INN now requires
version 1.6.1 or higher of MIT Kerberos v5 to build.
* The libauth.h header file and the libstorage library have been renamed
to libinnauth.h and libinnstorage to homogenize their name with
existing libinnhist library.
* All of the applicable bug fixes from the INN 2.6 STABLE series are
also included in INN 2.7.
adding canlock option kudos micha@
upstream changelog:
Changes in 2.7.1 (2023-04-16)
* Added a new *groupexactcount* parameter in readers.conf to force nnrpd
to report the exact number of still existing articles in newsgroups
instead of an estimated count. When the estimated number of articles
is strictly below *groupexactcount* (set to 5 by default), nnrpd now
recounts them and reports the actual value (articles that have been
cancelled or overwritten in self-expiring CNFS buffers may otherwise
still be counted in the estimate). News clients will then be directly
aware of empty newsgroups; they would otherwise have tried to retrieve
possible articles, to finally not show anything to the user.
* Programs sending mails now include, when appropriate, an
Auto-Submitted header field in the message headers (either set to
"auto-generated" or "auto-replied", following the recommendation in
RFC 3834). Thanks to Harald Dunkel for this suggestion which will for
instance help to avoid unnecessary vacation replies.
* Added a new -a option to innmail to specify additional header fields
to add in the headers of messages. This is notably used to internally
support the addition of the Auto-Submitted header field in outgoing
mails.
* Added new ovsqlite-util program to perform some basic consistency
checks and dump operations on an overview database using the ovsqlite
method. More checks and features will be added in future releases.
You'll need the "DBI" Perl module with the "DBD::SQLite" driver
installed on your system to use this program.
* Added TLS support in pullnews for connections to upstream servers
configured in pullnews.marks, and to the downstream server in the
existing -s flag. A port can now also be specified for connections to
upstream servers (it was already possible for the downstream server
only).
* Added a new -L option to pullnews to specify the largest wanted
article size in bytes. Articles whose size exceeds that value will no
longer be downloaded by pullnews.
* pullnews now detects a socket timeout while downloading articles from
a remote peer. The download gracefully stops, and another attempt can
be automatically made according to the setting given with the -t flag.
Thanks to Jesse Rehmer for the bug report.
* Fixed the generation and the handling of storage tokens on wrapped
CNFS buffers, thanks to bug reports from Kamil Jonca:
* Duplicate entries were returned by makehistory on fully wrapped
cyclic buffers (the first article of the cyclic buffer appeared
twice in the output).
* The first article of a fully wrapped cyclic buffer was removed too
soon from history (expire wrongly thought its storage token was no
longer existing after a wrap).
* The first article of the previous cycle number of a cyclic buffer
containing articles from two different cycle numbers was wrongly
considered by makehistory to belong to the current cycle number.
* innd no longer dies when a newsfeeds entry has an unexpected trailing
whitespace.
* The size of duplicated articles was counted twice in totals, average
article sizes and graphs by innreport, when parsing innd checkpoints.
Thanks to Hauke Lampe for the patch to count it only once.
* Customizing the domain part of Message-IDs generated by nnrpd and the
server name indicated in Injection-Info header fields is now easier:
the *domain* parameter in the access blocks of readers.conf can be
directly used (without needing to set *virtualhost* as it was
previously the case).
* If the *domain* parameter is set in inn.conf or in a readers.conf
access block, and has invalid characters, or if the fully qualified
domain name (FQDN) of the news server has invalid characters when
*domain* is unset, a fatal error is now reported at startup. It is a
basic configuration error which otherwise leads to the generation of
invalid article Message-IDs.
* Improved the speed of article searches with HDR, LAST, NEXT, and XPAT
commands when there is a (huge) gap in article numbers. On newsgroups
with several millions of consecutive missing articles (which is a rare
situation), these commands could take several seconds to run.
* Incoming articles in newsgroups that have exceeded the maximum number
of articles they can contain (2^31-1) are now correctly rejected. INN
was otherwise happily accepting them but either numbers returned in
NNTP responses were not right, or some news clients choked when
receiving unexpected large article numbers. (The current version of
the NNTP protocol only allows article numbers up to 2^31-1.)
* Fixed the renumbering of reported low water marks for empty newsgroups
in active after overview expiration, when using the ovsqlite method.
They were set to 1 for empty newsgroups whereas they were not supposed
to decrease. (These reported low water marks regained their expected
values during the next overview expiration, provided that the
newsgroup was no longer empty.)
* The reported high water mark of empty newsgroups is now correctly set
to one less than the reported low water mark in overview data.
(Previously, the reported low water mark was set to one more than the
reported high water mark.)
* Fixed the output of the "ctlinnd feedinfo ''" command that was
returning information only for the first site, and the output of the
"ctlinnd name channel" command that was returning partial information
for the requested channel.
* The build of external programs which include inn/storage.h was failing
because of the unexpected inclusion of config.h in one of the included
headers. Also, a few Autoconf results were not correctly made
available to external programs. This is now fixed.
* Fixed the build on systems whose default shell does not completely
meet the Posix standard. A few build scripts were run with the
default shell instead of the one found by Autoconf and afterwards used
for INN.
* Use standard daemon(3) C function, when available, to daemonize innd,
nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific
function.
Upgrading from 2.6 to 2.7
The following changes require your full attention because a manual
intervention may be needed:
* The *require_ssl* parameter in readers.conf has been renamed to
*require_encryption* as it applies to any kind of encryption layers,
including TLS and SASL security layers. Since innupgrade only takes
care of the change in the file named readers.conf, you will have to
manually rename that parameter in configuration files for nnrpd with
an alternate name.
* The innreport.conf file in *pathetc* has been split into a general
configuration file (innreport.conf itself) and a display configuration
file (innreport-display.conf in *pathlib*). If you made local changes
in sections other than the *default* section in innreport.conf, and
wish to keep them, then you need renaming the new
innreport-display.conf file to another name in *pathlib*, setting this
local file name in the new *display_conf_file* option in
innreport.conf, and re-applying your local changes to that local
display configuration file.
As a matter of fact, the default display configuration file would
otherwise be overwritten each time INN is updated. Bug fixes or
enhancements are made from time to time to the display configuration
of innreport, and previously couldn't be automatically be merged in
innreport.conf on update. This new separate configuration file to
parameterize the display will now permit an automatic update (if of
course you use the default display configuration file).
* A new inn-secrets.conf configuration file has been added in *pathetc*.
The intent is that, from now on, new secrets used by INN are added to
that file, and that all secrets currently stored in several other
configuration files eventually move to that file. Make sure it is
properly created during the upgrade, and not world-readable. It
currently only stores the secrets used for the new Cancel-Lock
functionality.
* The -C flag given to innd to disable the execution of cancels has been
deprecated and is no longer taken into account (an error message will
be present in your logs if innd is started with it). Instead, a new
parameter has been added in inn.conf to tune the types of cancels innd
should process. If *docancels* is set to "require-auth", which is the
default if INN has Cancel-Lock support, only articles originally
protected by the Cancel-Lock authentication mechanism can be withdrawn
by a valid authenticated cancel article or a valid authenticated
supersede request. Withdrawals of articles not originally protected
by Cancel-Lock will not be executed. See inn.conf(5) for more details
about the different values of the new *docancels* parameter, and make
sure to parameterize it according to your needs.
* The *refusecybercancels* and *verifycancels* parameters have been
removed from inn.conf. The first was performing an inefficient and
inexact check (that should be done, if wanted, in the special "ME"
entry in newsfeeds, or even better, ask your peers not to feed you
articles with "cyberspam" in the Path header field body); the second
check performed on the newsgroups present in cancel articles was not
useful in innd (this check is relevant to posting agents).
The related lines in inn.conf will be commented by innupgrade during
the upgrade.
* The XBATCH command is no longer enabled by default in innd. You'll
have to explicitly enable that capability by setting the new *xbatch*
parameter to true in incoming.conf for the peers sending you such
compressed batches.
* The *nolist* and *noresendid* parameters in incoming.conf have been
respectively renamed to *list* and *resendid* (and the meaning of
their related boolean values is now the opposite). Besides, the
unused *comment* and *email* parameters in incoming.conf have been
removed. innupgrade will take care of the changes (inverting the
boolean values, and commenting the lines with removed parameters).
* filechan is no longer shipped with INN; it was just a simple version
of buffchan. All calls to "filechan" will be changed to "buffchan -u"
(for its unbuffered mode) in newsfeeds by innupgrade. If you have
local scripts running filechan, you will have to manually take care of
the change.
* send-nntp is no longer shipped with INN. If you have local scripts
running it, you will have to manually adjust them to use nntpsend
which basically does the same thing, better. Or, even greater, use
innfeed if that is possible.
* Wrappers around old Perl and Python authentication and access hooks,
pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and
*nnrppythonauth* parameters in inn.conf, are no longer shipped as
samples in INN releases. If not already done, you should either
replace old hooks with new modern hooks or use the possibilities that
readers.conf and regular authenticator and resolver programs offer.
* The libauth.h header file and the libstorage library have been renamed
to libinnauth.h and libinnstorage to homogenize their name with
existing libinnhist library. External programs building or linking
against them need a manual change.
If you are upgrading from a version prior to INN 2.6, see also
"Upgrading from 2.5 to 2.6".
Changes in 2.7.0 (2022-07-10)
* Upgrading to a major release is a good time to ensure that your
configuration files, that are usually kept untouched during normal
updates, are up-to-date: notably control.ctl (with your local changes
in a separate control.ctl.local file), new better default values in
inn.conf and innfeed.conf, improvements in innreport.conf (along with
innreport-display.conf) and innreport.css, fixes in innwatch.ctl,
updated moderators and nocem.ctl files.
You may also want to check that the PGP keys used to verify the
signature of control articles and NoCeM notices are still up-to-date
and working. The keys of a few hierarchies and NoCeM issuers have
recently changed.
* Bo Lindbergh has implemented a new overview storage method based on
SQLite, known for its long-term stability and compatibility. Robust
and faster at reading ranges of overview data, but somewhat slower at
writing, this new SQLite-based method is a perfect choice to store
overview data.
To select it as your overview method, set the *ovmethod* parameter in
inn.conf to "ovsqlite". Details about ovsqlite, the ovsqlite.conf
configuration file and how to switch to that new modern overview
storage method can be found in the ovsqlite(5) and makehistory(8) man
pages.
* Julien Elie has implemented Cancel-Lock support in innd and nnrpd,
based on RFC 8315 and libcanlock. A new inn-secrets.conf
configuration file has been added in *pathetc* wherein you can set the
secrets to use for Cancel-Lock. See the inn-secrets.conf(5) man page
for more details.
A new -F flag is recognized by innconfval to indicate the type of file
to parse (by default, "inn.conf"); just run "innconfval -F
inn-secrets.conf" to get the values of that new configuration file.
Another new flag, -f, permits specifying another file name to parse
than the standard one.
The *addcanlockuser* parameter has been added in readers.conf to
deactivate the generation of user-specific hashes when several
different posters have the same identity in an access group. This
parameter also permits setting whether the hash, when generated, is
based on the username or the (static) IP of the connection.
* Added a new tool, gencancel, to help the news administrator generate
authenticated cancel control messages, with the expected admin
Cancel-Key hashes. See the gencancel(1) man page for more details.
* A new *docancels* parameter has been added in inn.conf to define which
types of cancels innd should process. The -C flag given to innd is
deprecated in favour of that new parameter (you'll see in your logs
the message "innd -C flag has been deprecated and has no effect; use
docancels in inn.conf" in case you're passing that flag to innd).
* Andreas Kempe has implemented blacklistd support in nnrpd. This
daemon, available notably in FreeBSD and NetBSD, can be used to
prevent brute force attacks by blocking attackers after a number of
failed login attempts. When nnrpd is run with the new -B flag, and
INN has been configured with the new --with-blacklist option, it will
report login attempts to the blacklistd daemon for potential blocking.
* Building INN with TLS support using LibreSSL is now supported (only
OpenSSL was previously officially supported and tested).
* Fixed the parsing of *hosts* and *localaddress* parameters in
readers.conf; exclusion patterns (beginning with "!") have not been
working since INN 2.5.0.
* Improved the robustness of innxmit when receiving 500 or 501 response
codes from peers, indicating they do not understand the NNTP command
or (wrongly) think there is a syntax error. Richard Kettlewell added
a proper handling of these responses, making innxmit dropping the
refused article instead of keeping sending it over and over (and thus
receiving each time the same error in response codes).
* innreport now collects statistics from innxbatch and generates a
section for them in its reports.
* The innreport.conf file in *pathetc*, previously containing almost
2500 lines, has been split into a general configuration file
(innreport.conf itself, still in *pathetc*, with about 60 lines) and a
display configuration file (innreport-display.conf, a new separate
file in *pathlib*). The name of this display configuration file can
be parameterized in the new *display_conf_file* option in
innreport.conf.
* The -m flag given to mailpost now sets a List-ID header field instead
of a Mailing-List header field.
* rc.news, used to start and stop INN daemons, now checks whether it is
run as the news user. It will exit if not the case, to ensure not to
tamper with the ownership of files INN manipulates.
* filechan has been removed; it was just a simple version of buffchan,
which should now be used.
* send-nntp has been removed; it was just a simple version of nntpsend,
which should now be used (or, even better, innfeed).
* The *refusecybercancels* and *verifycancels* parameters have been
removed from inn.conf. Besides, inews no longer checks if the From or
Sender header fields of a cancel or supersede request match the ones
of the original article being withdrawn. All of these were either
inefficient or inexact checks.
* The *xbatch* parameter has been added in incoming.conf to enable the
XBATCH command in innd for specific remote peers. The default is to
disable the capability.
* The *nolist* and *noresendid* parameters in incoming.conf have been
respectively renamed to *list* and *resendid* (and the meaning of
their related boolean values is now the opposite). Besides, the
unused *comment* and *email* parameters in incoming.conf have been
removed.
* inews no longer adds a Sender header field nor overwrites an existing
one in articles it processes if the new -P flag is used. The Path
header field, if unset, no longer systematically contains the path
identity of the local news server (you may want to add it manually
with the -x flag, if needed). Finally, inews also no longer adds the
obsolescent Lines header field.
* A new -E flag can now be given to inews to silently discard empty
articles, instead of bailing out with an error. Another new -m flag
permits setting the Message-ID instead of letting inews generate one.
And a third new flag, -Y, forces inews to authenticate to the remote
news server even if not asked to.
* signcontrol has been removed as it embeds per-site configuration which
is overwritten each time INN is updated to a newer version, and it is
unlikely you ever need it. Nonetheless, if you need to issue
PGP-signed control messages, you can still download it from
<https://ftp.isc.org/pub/pgpcontrol/>.
* Support in controlchan for obsolete *sendsys*, *senduuname* and
*version* control messages has been removed. These control messages,
long been deprecated, should no longer be sent nor honoured nowadays.
Besides, the "doifarg" keyword in control.ctl is no longer recognized
(it was only used for these three kinds of control messages).
* The *require_ssl* parameter in readers.conf has been renamed to
*require_encryption*, which is a better name as it applies to any kind
of encryption layers, including TLS and SASL security layers.
* Fixed the use of a deprecated API in Kerberos V5. INN now requires
version 1.6.1 or higher of MIT Kerberos v5 to build.
* The libauth.h header file and the libstorage library have been renamed
to libinnauth.h and libinnstorage to homogenize their name with
existing libinnhist library.
* All of the applicable bug fixes from the INN 2.6 STABLE series are
also included in INN 2.7.
MAIN commitmail json YAML
pkgsrc/x11/py-sip-qt6/DESCR@1.1
/
diff
pkgsrc/x11/py-sip-qt6/Makefile@1.1 / diff
pkgsrc/x11/py-sip-qt6/PLIST@1.1 / diff
pkgsrc/x11/py-sip-qt6/distinfo@1.1 / diff
pkgsrc/x11/py-sip-qt6/Makefile@1.1 / diff
pkgsrc/x11/py-sip-qt6/PLIST@1.1 / diff
pkgsrc/x11/py-sip-qt6/distinfo@1.1 / diff
a requisite to py-qt6, shamelessly copied from py-sip-qt5 with
version adjustments
version adjustments
pkgsrc-2023Q1 commitmail json YAML
#6745-#6749
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6749 - requested by taca
textproc/ruby-kramdown-rfc2629: dependency fix
Revisions pulled up:
- textproc/ruby-kramdown-rfc2629/Makefile 1.20
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 10:14:21 UTC 2023
Modified Files:
pkgsrc/textproc/ruby-kramdown-rfc2629: Makefile
Log Message:
textproc/ruby-kramdown-rfc2629: remove reference to json_pure gem
Remove reference to json_pure gem and add json gem.
The problem was reporeted by riastradh@ via private e-mail.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/textproc/ruby-kramdown-rfc2629/Makefile
textproc/ruby-kramdown-rfc2629: dependency fix
Revisions pulled up:
- textproc/ruby-kramdown-rfc2629/Makefile 1.20
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 10:14:21 UTC 2023
Modified Files:
pkgsrc/textproc/ruby-kramdown-rfc2629: Makefile
Log Message:
textproc/ruby-kramdown-rfc2629: remove reference to json_pure gem
Remove reference to json_pure gem and add json gem.
The problem was reporeted by riastradh@ via private e-mail.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/textproc/ruby-kramdown-rfc2629/Makefile
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.260.2.4
/
diff
pkgsrc/lang/ruby32-base/PLIST@1.2.2.1 / diff
pkgsrc/lang/ruby32-base/distinfo@1.3.2.1 / diff
pkgsrc/lang/ruby32-base/PLIST@1.2.2.1 / diff
pkgsrc/lang/ruby32-base/distinfo@1.3.2.1 / diff
Pullup ticket #6748 - requested by taca
lang/ruby32-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.264
- lang/ruby32-base/PLIST 1.3
- lang/ruby32-base/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:26:58 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby32-base: PLIST distinfo
Log Message:
lang/ruby32: update to 3.2.2
Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023
Ruby 3.2.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Backport [Bug #19158] for Ruby 3.2 by hsbt � Pull Request #7356
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19400: YJIT fails to boot on ARM64 systems with 64 KiB pages
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19444: YJIT String#+@ miscompilations
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19439: Marshal.load doesn't load Regexp instance variables
* Bug #19459: Is length of IO::Buffer#read required or optional?
* Bug #19464: YJIT miscompiles BasicObject#__send__ to alias methods of send
* Bug #19468: Ruby 3.2: net/http sets UTF-8 encoding for binary responses
* Bug #19469: Crash when resizing generic iv list
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #19467: Some linear_time regexp does not match in linear time
* Bug #19476: Regexp unexpected partial match
* Bug #19536: Frozen status loss when moving objects
* Bug #19485: Unexpected behavior in squiggly heredocs
* Bug #19471: Regexp::compile does not handle :timeout argument
* Use URI-0.12.1 for Ruby 3.2 by hsbt � Pull Request #7603
* Merge RubyGems-3.4.10 and Bundler-2.4.10 by hsbt � Pull Request #7479
* Merge Time-0.2.2 by hsbt � Pull Request #7623
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.263 -r1.264 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby32-base/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/ruby32-base/distinfo
lang/ruby32-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.264
- lang/ruby32-base/PLIST 1.3
- lang/ruby32-base/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:26:58 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby32-base: PLIST distinfo
Log Message:
lang/ruby32: update to 3.2.2
Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023
Ruby 3.2.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Backport [Bug #19158] for Ruby 3.2 by hsbt � Pull Request #7356
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19400: YJIT fails to boot on ARM64 systems with 64 KiB pages
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19444: YJIT String#+@ miscompilations
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19439: Marshal.load doesn't load Regexp instance variables
* Bug #19459: Is length of IO::Buffer#read required or optional?
* Bug #19464: YJIT miscompiles BasicObject#__send__ to alias methods of send
* Bug #19468: Ruby 3.2: net/http sets UTF-8 encoding for binary responses
* Bug #19469: Crash when resizing generic iv list
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #19467: Some linear_time regexp does not match in linear time
* Bug #19476: Regexp unexpected partial match
* Bug #19536: Frozen status loss when moving objects
* Bug #19485: Unexpected behavior in squiggly heredocs
* Bug #19471: Regexp::compile does not handle :timeout argument
* Use URI-0.12.1 for Ruby 3.2 by hsbt � Pull Request #7603
* Merge RubyGems-3.4.10 and Bundler-2.4.10 by hsbt � Pull Request #7479
* Merge Time-0.2.2 by hsbt � Pull Request #7623
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.263 -r1.264 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby32-base/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/ruby32-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6747 - requested by taca
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.263
- lang/ruby31-base/distinfo 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:17:15 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31: update to 3.1.4
Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023
Ruby 3.1.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Bug #19187: Ruby 3.1.3 testsuite fails after timezone 2022g update is
applied
* Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie
domains is prefixed with a dot
* Bug #18629: block args array splatting assigns to higher scope _ var
* Bug #18765: Wrong description introduced by
https://github.com/ruby/ruby/pull/4938/files
* Bug #19189: Ruby 3.1.3/3.2.x can no longer find pkg-config if not present
at buildtime
* Bug #19292: Time object's wday, yday, and isdst returns broken value (and
so does to_a) when kwarg in: 'UTC' was given
* Bug #19305: TracePoint#parameters segfaults when certain method creation
pattern is used
* Bug #19319: Crash in rb_str_casemap
* Bug #19316: YJIT crash in 3.2.0
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19320: Crash during compaction while traversing the stack
* Bug #19389: StringIO gets(..., chomp: true) behaves differently to File/IO.
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19398: Memory leak in WeakMap
* Bug #19403: Unable to Build Native Gems on Mac with Ruby 3.1.0+
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #18989: Backport f229b36087f1b387d77af8f3fa50f9bffd2fd44e to ruby_3_1
* Bug #18748: Range#cover? returns true for beginless range of different
type
* Bug #18827: __ENCODING__ is not set to the source encoding when saving
script lines
* Bug #19242: Circular cause by Marshal
* Bug #19243: Windows: Dir.home returns string in wrong encoding
* Bug #19115: RubyGems fails to detect OpenSSL in --with-static-linked-ext
builds
* Bug #18464: RUBY_INTERNAL_EVENT_NEWOBJ tracepoint causes an interpreter
crash when combined with Ractors
* Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction
* Bug #19485: Unexpected behavior in squiggly heredocs
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.262 -r1.263 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby31-base/distinfo
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.263
- lang/ruby31-base/distinfo 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:17:15 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31: update to 3.1.4
Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023
Ruby 3.1.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
What's Changed
* Bug #19187: Ruby 3.1.3 testsuite fails after timezone 2022g update is
applied
* Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie
domains is prefixed with a dot
* Bug #18629: block args array splatting assigns to higher scope _ var
* Bug #18765: Wrong description introduced by
https://github.com/ruby/ruby/pull/4938/files
* Bug #19189: Ruby 3.1.3/3.2.x can no longer find pkg-config if not present
at buildtime
* Bug #19292: Time object's wday, yday, and isdst returns broken value (and
so does to_a) when kwarg in: 'UTC' was given
* Bug #19305: TracePoint#parameters segfaults when certain method creation
pattern is used
* Bug #19319: Crash in rb_str_casemap
* Bug #19316: YJIT crash in 3.2.0
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19320: Crash during compaction while traversing the stack
* Bug #19389: StringIO gets(..., chomp: true) behaves differently to File/IO.
* Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
environment variable
* Bug #19398: Memory leak in WeakMap
* Bug #19403: Unable to Build Native Gems on Mac with Ruby 3.1.0+
* Bug #19415: Incorrect circularity warning for concurrent requires
* Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
* Bug #19445: Segmentation fault with Numeric#step
* Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
* Bug #18989: Backport f229b36087f1b387d77af8f3fa50f9bffd2fd44e to ruby_3_1
* Bug #18748: Range#cover? returns true for beginless range of different
type
* Bug #18827: __ENCODING__ is not set to the source encoding when saving
script lines
* Bug #19242: Circular cause by Marshal
* Bug #19243: Windows: Dir.home returns string in wrong encoding
* Bug #19115: RubyGems fails to detect OpenSSL in --with-static-linked-ext
builds
* Bug #18464: RUBY_INTERNAL_EVENT_NEWOBJ tracepoint causes an interpreter
crash when combined with Ractors
* Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction
* Bug #19485: Unexpected behavior in squiggly heredocs
Note: This list is automatically generated by tool/gen-github-release.rb.
Because of this, some commits may be missing.
To generate a diff of this commit:
cvs rdiff -u -r1.262 -r1.263 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby31-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6746 - requested by taca
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.262
- lang/ruby30-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:08:51 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: distinfo
Log Message:
lang/ruby30: update to 3.0.6
Ruby 3.0.6 Released Posted by usa on 30 Mar 2023
Ruby 3.0.6 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the GitHub releases for
further details.
After this release, we end the normal maintenance phase of Ruby 3.0, and
Ruby 3.0 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 3.0 except security fixes.
The term of the security maintenance phase is scheduled for a year. Ruby
3.0 reaches EOL and its official support ends by the end of the security
maintenance phase. Therefore, we recommend that you start to plan upgrade
to Ruby 3.1 or 3.2.
To generate a diff of this commit:
cvs rdiff -u -r1.261 -r1.262 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby30-base/distinfo
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.262
- lang/ruby30-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 09:08:51 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30-base: distinfo
Log Message:
lang/ruby30: update to 3.0.6
Ruby 3.0.6 Released Posted by usa on 30 Mar 2023
Ruby 3.0.6 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the GitHub releases for
further details.
After this release, we end the normal maintenance phase of Ruby 3.0, and
Ruby 3.0 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 3.0 except security fixes.
The term of the security maintenance phase is scheduled for a year. Ruby
3.0 reaches EOL and its official support ends by the end of the security
maintenance phase. Therefore, we recommend that you start to plan upgrade
to Ruby 3.1 or 3.2.
To generate a diff of this commit:
cvs rdiff -u -r1.261 -r1.262 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby30-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
Pullup ticket #6745 - requested by taca
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.261
- lang/ruby27-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:59:44 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: distinfo
Log Message:
lang/ruby27: update to 2.7.8
Ruby 2.7.8 Released Posted by usa on 30 Mar 2023
Ruby 2.7.8 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some build problem fixes. See the GitHub releases
for further details.
After this release, Ruby 2.7 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9
even if a security vulnerability is found (but could release if a severe
regression is found). We recommend all Ruby 2.7 users to start migration to
Ruby 3.2, 3.1, or 3.0 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.260 -r1.261 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby27-base/distinfo
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.261
- lang/ruby27-base/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:59:44 UTC 2023
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27-base: distinfo
Log Message:
lang/ruby27: update to 2.7.8
Ruby 2.7.8 Released Posted by usa on 30 Mar 2023
Ruby 2.7.8 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2023-28755: ReDoS vulnerability in URI
* CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some build problem fixes. See the GitHub releases
for further details.
After this release, Ruby 2.7 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.7 series. We will not release Ruby 2.7.9
even if a security vulnerability is found (but could release if a severe
regression is found). We recommend all Ruby 2.7 users to start migration to
Ruby 3.2, 3.1, or 3.0 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.260 -r1.261 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby27-base/distinfo
pkgsrc-2023Q1 commitmail json YAML
pkgsrc/graphics/openexr/Makefile@1.47.2.1
/
diff
pkgsrc/graphics/openexr/PLIST@1.20.8.1 / diff
pkgsrc/graphics/openexr/distinfo@1.45.8.1 / diff
pkgsrc/graphics/openexr/PLIST@1.20.8.1 / diff
pkgsrc/graphics/openexr/distinfo@1.45.8.1 / diff
Pullup ticket #6742 - requested by bsiegert
graphics/openexr: security update
Revisions pulled up:
- graphics/openexr/Makefile 1.48
- graphics/openexr/PLIST 1.21
- graphics/openexr/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Mar 30 16:38:14 UTC 2023
Modified Files:
pkgsrc/graphics/openexr: Makefile PLIST distinfo
Log Message:
openexr: update to 3.1.6 (security)
Patch release that address various bug/build issues and optimizations:
- NEON optimizations for ZIP reading
- Enable fast Huffman & Huffman zig-zag transform for Arm Neon
- Support relative and absolute libdir/incluedir in pkg-config generation
- Fix for reading memory mapped files with DWA compression
- Enable SSE4 support on Windows
- Fast huf decoder
- CMake config for generating docs is now BUILD_DOC
Also, this release includes a major update and reorganization of the repo
documentation and the https://openexr.com website.
In addition, numerous typos and misspellings in comments and doxygen content
have been fixed via codespell.
Specific OSS-fuzz issues address:
- OSS-fuzz 52730 Heap-buffer-overflow in fasthuf_initialize
- OSS-fuzz 49698 Heap-buffer-overflow in fasthuf_decode
- OSS-fuzz 47517 Integer-overflow in reconstruct_chunk_table
- OSS-fuzz 47503 Heap-buffer-overflow in uncompress_b44_impl
- OSS-fuzz 47483 Heap-buffer-overflow in generic_unpack
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/graphics/openexr/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/openexr/PLIST
cvs rdiff -u -r1.45 -r1.46 pkgsrc/graphics/openexr/distinfo
graphics/openexr: security update
Revisions pulled up:
- graphics/openexr/Makefile 1.48
- graphics/openexr/PLIST 1.21
- graphics/openexr/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Mar 30 16:38:14 UTC 2023
Modified Files:
pkgsrc/graphics/openexr: Makefile PLIST distinfo
Log Message:
openexr: update to 3.1.6 (security)
Patch release that address various bug/build issues and optimizations:
- NEON optimizations for ZIP reading
- Enable fast Huffman & Huffman zig-zag transform for Arm Neon
- Support relative and absolute libdir/incluedir in pkg-config generation
- Fix for reading memory mapped files with DWA compression
- Enable SSE4 support on Windows
- Fast huf decoder
- CMake config for generating docs is now BUILD_DOC
Also, this release includes a major update and reorganization of the repo
documentation and the https://openexr.com website.
In addition, numerous typos and misspellings in comments and doxygen content
have been fixed via codespell.
Specific OSS-fuzz issues address:
- OSS-fuzz 52730 Heap-buffer-overflow in fasthuf_initialize
- OSS-fuzz 49698 Heap-buffer-overflow in fasthuf_decode
- OSS-fuzz 47517 Integer-overflow in reconstruct_chunk_table
- OSS-fuzz 47503 Heap-buffer-overflow in uncompress_b44_impl
- OSS-fuzz 47483 Heap-buffer-overflow in generic_unpack
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/graphics/openexr/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/openexr/PLIST
cvs rdiff -u -r1.45 -r1.46 pkgsrc/graphics/openexr/distinfo
MAIN commitmail json YAML
MAIN commitmail json YAML
pkgsrc/archivers/gtar-base/Makefile@1.96
/
diff
pkgsrc/archivers/gtar-base/distinfo@1.49 / diff
pkgsrc/archivers/gtar-base/patches/patch-CVE-2022-48303@1.1 / diff
pkgsrc/archivers/gtar-base/distinfo@1.49 / diff
pkgsrc/archivers/gtar-base/patches/patch-CVE-2022-48303@1.1 / diff
add the patch for CVE-2022-48303 from the gtar git
pkgsrc-2022Q4 commitmail json YAML
#6737 addendum
pkgsrc-2022Q4 commitmail json YAML
Pullup ticket #6737 addendum - requested by gutteridge
textproc/py-libxml2: fix build after pullup #6737
Revisions pulled up:
- textproc/py-libxml2/Makefile by patch
textproc/py-libxml2: fix build after pullup #6737
Revisions pulled up:
- textproc/py-libxml2/Makefile by patch
pkgsrc-2022Q4 commitmail json YAML
Pullups #6729 #6732 #6733 #6734 #6737 #6738 #6739
pkgsrc-2022Q4 commitmail json YAML
Pullup ticket #6738 - requested by taca
www/ruby-rack: security update
Revisions pulled up:
pkgsrc/www/ruby-rack/Makefile by patch
pkgsrc/www/ruby-rack/distinfo by patch
-------------------------------------------------------------------
Log Message:
www/ruby-rack2: update to 2.2.6.2
2.2.6 (2022-01-17)
* Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError
error. (#2011, @byroot)
2.2.6.1 (2022-01-17)
* [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
* [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
2.2.6.2 (2022-01-17)
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
www/ruby-rack: security update
Revisions pulled up:
pkgsrc/www/ruby-rack/Makefile by patch
pkgsrc/www/ruby-rack/distinfo by patch
-------------------------------------------------------------------
Log Message:
www/ruby-rack2: update to 2.2.6.2
2.2.6 (2022-01-17)
* Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError
error. (#2011, @byroot)
2.2.6.1 (2022-01-17)
* [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
* [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
2.2.6.2 (2022-01-17)
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/databases/ruby-activerecord70/distinfo@1.8.4.1
/
diff
pkgsrc/devel/ruby-activejob70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activemodel70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activestorage70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activesupport70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-railties70/distinfo@1.8.4.1 / diff
pkgsrc/lang/ruby/rails.mk@1.137.4.3 / diff
pkgsrc/mail/ruby-actionmailbox70/distinfo@1.8.4.1 / diff
pkgsrc/mail/ruby-actionmailer70/distinfo@1.8.4.1 / diff
pkgsrc/textproc/ruby-actiontext70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-actioncable70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-actionpack70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-actionview70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-rails70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activejob70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activemodel70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activestorage70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-activesupport70/distinfo@1.8.4.1 / diff
pkgsrc/devel/ruby-railties70/distinfo@1.8.4.1 / diff
pkgsrc/lang/ruby/rails.mk@1.137.4.3 / diff
pkgsrc/mail/ruby-actionmailbox70/distinfo@1.8.4.1 / diff
pkgsrc/mail/ruby-actionmailer70/distinfo@1.8.4.1 / diff
pkgsrc/textproc/ruby-actiontext70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-actioncable70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-actionpack70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-actionview70/distinfo@1.8.4.1 / diff
pkgsrc/www/ruby-rails70/distinfo@1.8.4.1 / diff
Pullup ticket #6734 - requested by taca
databases/ruby-activerecord70: security update
devel/ruby-activejob70: distinfo update
devel/ruby-activemodel70: distinfo update
devel/ruby-activestorage70: distinfo update
devel/ruby-activesupport70: security update
devel/ruby-railties70: distinfo update
mail/ruby-actionmailbox70: distinfo update
mail/ruby-actionmailer70: distinfo update
textproc/ruby-actiontext70: distinfo update
www/ruby-actioncable70: distinfo update
www/ruby-actionpack70: security update
www/ruby-actionview70: distinfo update
www/ruby-rails70: distinfo update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.9-1.10
- devel/ruby-activejob70/distinfo 1.9-1.10
- devel/ruby-activemodel70/distinfo 1.9-1.10
- devel/ruby-activestorage70/distinfo 1.9-1.10
- devel/ruby-activesupport70/distinfo 1.9-1.10
- devel/ruby-railties70/distinfo 1.9-1.10
- lang/ruby/rails.mk 1.140,1.142
- mail/ruby-actionmailbox70/distinfo 1.9-1.10
- mail/ruby-actionmailer70/distinfo 1.9-1.10
- textproc/ruby-actiontext70/distinfo 1.9-1.10
- www/ruby-actioncable70/distinfo 1.9-1.10
- www/ruby-actionpack70/distinfo 1.9-1.10
- www/ruby-actionview70/distinfo 1.9-1.10
- www/ruby-rails70/distinfo 1.9-1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:34:27 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: Makefile distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.4.1
Rails 7.0.4.1 (2023-01-17)
devel/ruby-activesupport70
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
www/ruby-actionpack70
* Fix sec issue with _url_host_allowed?
Disallow certain strings from `_url_host_allowed?` to avoid a redirect
to malicious sites.
[CVE-2023-22797]
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
databases/ruby-activerecord70
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.139 -r1.140 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/ruby-actionpack70/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-rails70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 25 13:31:17 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.4.2
Rails 7.0.4.2 (2023-01-24)
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.141 -r1.142 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-rails70/distinfo
databases/ruby-activerecord70: security update
devel/ruby-activejob70: distinfo update
devel/ruby-activemodel70: distinfo update
devel/ruby-activestorage70: distinfo update
devel/ruby-activesupport70: security update
devel/ruby-railties70: distinfo update
mail/ruby-actionmailbox70: distinfo update
mail/ruby-actionmailer70: distinfo update
textproc/ruby-actiontext70: distinfo update
www/ruby-actioncable70: distinfo update
www/ruby-actionpack70: security update
www/ruby-actionview70: distinfo update
www/ruby-rails70: distinfo update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.9-1.10
- devel/ruby-activejob70/distinfo 1.9-1.10
- devel/ruby-activemodel70/distinfo 1.9-1.10
- devel/ruby-activestorage70/distinfo 1.9-1.10
- devel/ruby-activesupport70/distinfo 1.9-1.10
- devel/ruby-railties70/distinfo 1.9-1.10
- lang/ruby/rails.mk 1.140,1.142
- mail/ruby-actionmailbox70/distinfo 1.9-1.10
- mail/ruby-actionmailer70/distinfo 1.9-1.10
- textproc/ruby-actiontext70/distinfo 1.9-1.10
- www/ruby-actioncable70/distinfo 1.9-1.10
- www/ruby-actionpack70/distinfo 1.9-1.10
- www/ruby-actionview70/distinfo 1.9-1.10
- www/ruby-rails70/distinfo 1.9-1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:34:27 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: Makefile distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.4.1
Rails 7.0.4.1 (2023-01-17)
devel/ruby-activesupport70
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
www/ruby-actionpack70
* Fix sec issue with _url_host_allowed?
Disallow certain strings from `_url_host_allowed?` to avoid a redirect
to malicious sites.
[CVE-2023-22797]
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
databases/ruby-activerecord70
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.139 -r1.140 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/ruby-actionpack70/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-rails70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 25 13:31:17 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.4.2
Rails 7.0.4.2 (2023-01-24)
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.141 -r1.142 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-rails70/distinfo
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/databases/ruby-activerecord61/distinfo@1.15.4.1
/
diff
pkgsrc/devel/ruby-activejob61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activemodel61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activestorage61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activesupport61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-railties61/distinfo@1.15.4.1 / diff
pkgsrc/lang/ruby/rails.mk@1.137.4.2 / diff
pkgsrc/mail/ruby-actionmailbox61/distinfo@1.15.4.1 / diff
pkgsrc/mail/ruby-actionmailer61/distinfo@1.15.4.1 / diff
pkgsrc/textproc/ruby-actiontext61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-actioncable61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-actionpack61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-actionview61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-rails61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activejob61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activemodel61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activestorage61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-activesupport61/distinfo@1.15.4.1 / diff
pkgsrc/devel/ruby-railties61/distinfo@1.15.4.1 / diff
pkgsrc/lang/ruby/rails.mk@1.137.4.2 / diff
pkgsrc/mail/ruby-actionmailbox61/distinfo@1.15.4.1 / diff
pkgsrc/mail/ruby-actionmailer61/distinfo@1.15.4.1 / diff
pkgsrc/textproc/ruby-actiontext61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-actioncable61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-actionpack61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-actionview61/distinfo@1.15.4.1 / diff
pkgsrc/www/ruby-rails61/distinfo@1.15.4.1 / diff
Pullup ticket #6733 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: distinfo update
devel/ruby-activemodel61: distinfo update
devel/ruby-activestorage61: distinfo update
devel/ruby-activesupport61: security update
devel/ruby-railties61: distinfo update
mail/ruby-actionmailbox61: distinfo update
mail/ruby-actionmailer61: distinfo update
textproc/ruby-actiontext61: sdistinfo update
www/ruby-actioncable61: distinfo update
www/ruby-actionpack61: security update
www/ruby-actionview61: distinfo update
www/ruby-rails61: distinfo update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.16-1.17
- devel/ruby-activejob61/distinfo 1.16-1.17
- devel/ruby-activemodel61/distinfo 1.16-1.17
- devel/ruby-activestorage61/distinfo 1.16-1.17
- devel/ruby-activesupport61/distinfo 1.16-1.17
- devel/ruby-railties61/distinfo 1.16-1.17
- lang/ruby/rails.mk 1.139,1.141
- mail/ruby-actionmailbox61/distinfo 1.16-1.17
- mail/ruby-actionmailer61/distinfo 1.16-1.17
- textproc/ruby-actiontext61/distinfo 1.16-1.17
- www/ruby-actioncable61/distinfo 1.16-1.17
- www/ruby-actionpack61/Makefile 1.4
- www/ruby-actionpack61/distinfo 1.16-1.17
- www/ruby-actionview61/distinfo 1.16-1.17
- www/ruby-rails61/distinfo 1.16-1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:31:11 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: Makefile distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.7.1
Rails 6.1.7.1 (2023-01-17)
devel/ruby-activesupport61
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
www/ruby-actionpack61
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
databases/ruby-activerecord61
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 25 13:27:10 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.7.2
Rails 6.1.7.2 (2023-01-24)
www/ruby-actionpack61
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo
databases/ruby-activerecord61: security update
devel/ruby-activejob61: distinfo update
devel/ruby-activemodel61: distinfo update
devel/ruby-activestorage61: distinfo update
devel/ruby-activesupport61: security update
devel/ruby-railties61: distinfo update
mail/ruby-actionmailbox61: distinfo update
mail/ruby-actionmailer61: distinfo update
textproc/ruby-actiontext61: sdistinfo update
www/ruby-actioncable61: distinfo update
www/ruby-actionpack61: security update
www/ruby-actionview61: distinfo update
www/ruby-rails61: distinfo update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.16-1.17
- devel/ruby-activejob61/distinfo 1.16-1.17
- devel/ruby-activemodel61/distinfo 1.16-1.17
- devel/ruby-activestorage61/distinfo 1.16-1.17
- devel/ruby-activesupport61/distinfo 1.16-1.17
- devel/ruby-railties61/distinfo 1.16-1.17
- lang/ruby/rails.mk 1.139,1.141
- mail/ruby-actionmailbox61/distinfo 1.16-1.17
- mail/ruby-actionmailer61/distinfo 1.16-1.17
- textproc/ruby-actiontext61/distinfo 1.16-1.17
- www/ruby-actioncable61/distinfo 1.16-1.17
- www/ruby-actionpack61/Makefile 1.4
- www/ruby-actionpack61/distinfo 1.16-1.17
- www/ruby-actionview61/distinfo 1.16-1.17
- www/ruby-rails61/distinfo 1.16-1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:31:11 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: Makefile distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.7.1
Rails 6.1.7.1 (2023-01-17)
devel/ruby-activesupport61
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
www/ruby-actionpack61
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
databases/ruby-activerecord61
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 25 13:27:10 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.7.2
Rails 6.1.7.2 (2023-01-24)
www/ruby-actionpack61
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/databases/ruby-activerecord60/distinfo@1.20.4.1
/
diff
pkgsrc/devel/ruby-activejob60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.20.4.1 / diff
pkgsrc/lang/ruby/rails.mk@1.137.4.1 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.20.4.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.20.4.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activejob60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.20.4.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.20.4.1 / diff
pkgsrc/lang/ruby/rails.mk@1.137.4.1 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.20.4.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.20.4.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.20.4.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.20.4.1 / diff
Pullup ticket #6732 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: distinfo update
devel/ruby-activemodel60: distinfo update
devel/ruby-activestorage60: distinfo update
devel/ruby-activesupport60: distinfo update
devel/ruby-railties60: distinfo update
mail/ruby-actionmailbox60: distinfo update
mail/ruby-actionmailer60: distinfo update
textproc/ruby-actiontext60: distinfo update
www/ruby-actioncable60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionview60: distinfo update
www/ruby-rails60: distinfo update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.21
- devel/ruby-activejob60/distinfo 1.21
- devel/ruby-activemodel60/distinfo 1.21
- devel/ruby-activestorage60/distinfo 1.21
- devel/ruby-activesupport60/distinfo 1.21
- devel/ruby-railties60/distinfo 1.21
- lang/ruby/rails.mk 1.138
- mail/ruby-actionmailbox60/distinfo 1.21
- mail/ruby-actionmailer60/distinfo 1.21
- textproc/ruby-actiontext60/distinfo 1.21
- www/ruby-actioncable60/distinfo 1.21
- www/ruby-actionpack60/Makefile 1.5
- www/ruby-actionpack60/distinfo 1.21
- www/ruby-actionview60/distinfo 1.21
- www/ruby-rails60/distinfo 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:27:26 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: Makefile distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.6.1
Only databases/ruby-activerecord61 has updated.
Rails 6.0.6.1 (2023-01-17)
* Make `sanitize_as_sql_comment` more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.137 -r1.138 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack60/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-rails60/distinfo
databases/ruby-activerecord60: security update
devel/ruby-activejob60: distinfo update
devel/ruby-activemodel60: distinfo update
devel/ruby-activestorage60: distinfo update
devel/ruby-activesupport60: distinfo update
devel/ruby-railties60: distinfo update
mail/ruby-actionmailbox60: distinfo update
mail/ruby-actionmailer60: distinfo update
textproc/ruby-actiontext60: distinfo update
www/ruby-actioncable60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionview60: distinfo update
www/ruby-rails60: distinfo update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.21
- devel/ruby-activejob60/distinfo 1.21
- devel/ruby-activemodel60/distinfo 1.21
- devel/ruby-activestorage60/distinfo 1.21
- devel/ruby-activesupport60/distinfo 1.21
- devel/ruby-railties60/distinfo 1.21
- lang/ruby/rails.mk 1.138
- mail/ruby-actionmailbox60/distinfo 1.21
- mail/ruby-actionmailer60/distinfo 1.21
- textproc/ruby-actiontext60/distinfo 1.21
- www/ruby-actioncable60/distinfo 1.21
- www/ruby-actionpack60/Makefile 1.5
- www/ruby-actionpack60/distinfo 1.21
- www/ruby-actionview60/distinfo 1.21
- www/ruby-rails60/distinfo 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 14:27:26 UTC 2023
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: Makefile distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.6.1
Only databases/ruby-activerecord61 has updated.
Rails 6.0.6.1 (2023-01-17)
* Make `sanitize_as_sql_comment` more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.137 -r1.138 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack60/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-rails60/distinfo
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/devel/ruby-globalid/Makefile@1.13.10.1
/
diff
pkgsrc/devel/ruby-globalid/distinfo@1.7.10.1 / diff
pkgsrc/devel/ruby-globalid/distinfo@1.7.10.1 / diff
Pullup ticket #6729 - requested by taca
devel/ruby-globalid: security update
Revisions pulled up:
- devel/ruby-globalid/Makefile 1.14
- devel/ruby-globalid/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 13:58:19 UTC 2023
Modified Files:
pkgsrc/devel/ruby-globalid: Makefile distinfo
Log Message:
devel/ruby-globalid: update to 1.0.1
1.0.1 (2023-01-17)
Possible ReDoS based DoS vulnerability in GlobalID
There is a ReDoS based DoS vulnerability in the GlobalID gem. This
vulnerability has been assigned the CVE identifier CVE-2023-22799.
Versions Affected: >= 0.2.1
Not affected: NOTAFFECTED
Fixed Versions: 1.0.1
Impact
There is a possible DoS vulnerability in the model name parsing section of
the GlobalID gem. Carefully crafted input can cause the regular expression
engine to take an unexpected amount of time. All users running an affected
release should either upgrade or use one of the workarounds immediately.
Releases
The FIXED releases are available at the normal locations.
Workarounds
There are no feasible workarounds for this issue.
Credits
Thank you ooooooo_k for reporting this!
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-globalid/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/ruby-globalid/distinfo
devel/ruby-globalid: security update
Revisions pulled up:
- devel/ruby-globalid/Makefile 1.14
- devel/ruby-globalid/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 19 13:58:19 UTC 2023
Modified Files:
pkgsrc/devel/ruby-globalid: Makefile distinfo
Log Message:
devel/ruby-globalid: update to 1.0.1
1.0.1 (2023-01-17)
Possible ReDoS based DoS vulnerability in GlobalID
There is a ReDoS based DoS vulnerability in the GlobalID gem. This
vulnerability has been assigned the CVE identifier CVE-2023-22799.
Versions Affected: >= 0.2.1
Not affected: NOTAFFECTED
Fixed Versions: 1.0.1
Impact
There is a possible DoS vulnerability in the model name parsing section of
the GlobalID gem. Carefully crafted input can cause the regular expression
engine to take an unexpected amount of time. All users running an affected
release should either upgrade or use one of the workarounds immediately.
Releases
The FIXED releases are available at the normal locations.
Workarounds
There are no feasible workarounds for this issue.
Credits
Thank you ooooooo_k for reporting this!
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-globalid/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/ruby-globalid/distinfo
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/www/apache24/Makefile@1.114.2.1
/
diff
pkgsrc/www/apache24/PLIST@1.35.10.1 / diff
pkgsrc/www/apache24/distinfo@1.53.6.1 / diff
pkgsrc/www/apache24/patches/patch-configure@1.2.8.1 / diff
pkgsrc/www/apache24/PLIST@1.35.10.1 / diff
pkgsrc/www/apache24/distinfo@1.53.6.1 / diff
pkgsrc/www/apache24/patches/patch-configure@1.2.8.1 / diff
Pullup ticket #6739 - requested by taca
www/apache24: security update
Revisions pulled up:
- www/apache24/Makefile 1.115
- www/apache24/PLIST 1.36
- www/apache24/distinfo 1.54
- www/apache24/patches/patch-configure 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jan 20 14:03:16 UTC 2023
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
pkgsrc/www/apache24/patches: patch-configure
Log Message:
apache24: updated to 2.4.55
Changes with Apache 2.4.55
*) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
2.4.55 allows a backend to trigger HTTP response splitting
(cve.mitre.org)
Prior to Apache HTTP Server 2.4.55, a malicious backend can
cause the response headers to be truncated early, resulting in
some headers being incorporated into the response body. If the
later headers have any security purpose, they will not be
interpreted by the client.
Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
*) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
Possible request smuggling (cve.mitre.org)
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.54 and prior versions.
Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
at Qi'anxin Group
*) SECURITY: CVE-2006-20001: mod_dav out of bounds read, or write
of zero byte (cve.mitre.org)
A carefully crafted If: request header can cause a memory read,
or write of a single zero byte, in a pool (heap) memory location
beyond the header value sent. This could cause the process to
crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
*) mod_dav: Open the lock database read-only when possible.
*) mod_proxy_http2: apply the standard httpd content type handling
to responses from the backend, as other proxy modules do.
*) mod_dav: mod_dav overrides dav_fs response on PUT failure.
*) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic]
*) mod_http2: version 2.0.10 of the module, synchronizing changes
with the gitgub version. This is a partial rewrite of how connections
and streams are handled.
- an APR pollset and pipes (where supported) are used to monitor
the main connection and react to IO for request/response handling.
This replaces the stuttered timed waits of earlier versions.
- H2SerializeHeaders directive still exists, but has no longer an effect.
- Clients that seemingly misbehave still get less resources allocated,
but ongoing requests are no longer disrupted.
- Fixed an issue since 1.15.24 that "Server" headers in proxied requests
were overwritten instead of preserved.
- A regression in v1.15.24 was fixed that could lead to httpd child
processes not being terminated on a graceful reload or when reaching
MaxConnectionsPerChild. When unprocessed h2 requests were queued at
the time, these could stall.
- Improved information displayed in 'server-status' for H2 connections when
Extended Status is enabled. Now one can see the last request that IO
operations happened on and transferred IO stats are updated as well.
- When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.
- :scheme pseudo-header values, not matching the
connection scheme, are forwarded via absolute uris to the
http protocol processing to preserve semantics of the request.
Checks on combinations of pseudo-headers values/absence
have been added as described in RFC 7540. Fixes #230.
- A bug that prevented trailers (e.g. HEADER frame at the end) to be
generated in certain cases was fixed. See #233 where it prevented
gRPC responses to be properly generated.
- Request and response header values are automatically stripped of leading
and trialing space/tab characters. This is equivalent behaviour to what
Apache httpd's http/1.1 parser does.
The checks for this in nghttp2 v1.50.0+ are disabled.
- Extensive testing in production done by Alessandro Bianchi (@alexskynet)
on the v2.0.x versions for stability. Many thanks!
*) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
request ':authority' is known. Improved test case that did not catch that
the previous 'fix' was incorrect.
*) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
*) mod_proxy: The AH03408 warning for a forcibly closed backend
connection is now logged at INFO level. [Yann Ylavic]
*) mod_ssl: When dumping the configuration, the existence of
certificate/key files is no longer tested. [Joe Orton]
*) mod_authn_core: Add expression support to AuthName and AuthType.
[Graham Leggett]
*) mod_ssl: when a proxy connection had handled a request using SSL, an
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error.
*) mod_proxy_hcheck: Re-enable workers in standard ERROR state.
*) mod_proxy_hcheck: Detect AJP/CPING support correctly.
*) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
*) mod_md: a new directive `MDStoreLocks` can be used on cluster
setups with a shared file system for `MDStoreDir` to order
activation of renewed certificates when several cluster nodes are
restarted at the same time. Store locks are not enabled by default.
Restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that.
Fixes <https://github.com/icing/mod_md/issues/293>.
*) core: Avoid an overflow on large inputs in ap_is_matchexp.
*) mod_heartmonitor: Allow "HeartbeatMaxServers 0" to use file based
storage instead of slotmem. Needed after setting
HeartbeatMaxServers default to the documented value 10 in 2.4.54.
*) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery
This is a game changer for performances if client use PROPFIND a lot.
To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/apache24/PLIST
cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache24/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/apache24/patches/patch-configure
www/apache24: security update
Revisions pulled up:
- www/apache24/Makefile 1.115
- www/apache24/PLIST 1.36
- www/apache24/distinfo 1.54
- www/apache24/patches/patch-configure 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jan 20 14:03:16 UTC 2023
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
pkgsrc/www/apache24/patches: patch-configure
Log Message:
apache24: updated to 2.4.55
Changes with Apache 2.4.55
*) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
2.4.55 allows a backend to trigger HTTP response splitting
(cve.mitre.org)
Prior to Apache HTTP Server 2.4.55, a malicious backend can
cause the response headers to be truncated early, resulting in
some headers being incorporated into the response body. If the
later headers have any security purpose, they will not be
interpreted by the client.
Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
*) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
Possible request smuggling (cve.mitre.org)
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.54 and prior versions.
Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
at Qi'anxin Group
*) SECURITY: CVE-2006-20001: mod_dav out of bounds read, or write
of zero byte (cve.mitre.org)
A carefully crafted If: request header can cause a memory read,
or write of a single zero byte, in a pool (heap) memory location
beyond the header value sent. This could cause the process to
crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
*) mod_dav: Open the lock database read-only when possible.
*) mod_proxy_http2: apply the standard httpd content type handling
to responses from the backend, as other proxy modules do.
*) mod_dav: mod_dav overrides dav_fs response on PUT failure.
*) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic]
*) mod_http2: version 2.0.10 of the module, synchronizing changes
with the gitgub version. This is a partial rewrite of how connections
and streams are handled.
- an APR pollset and pipes (where supported) are used to monitor
the main connection and react to IO for request/response handling.
This replaces the stuttered timed waits of earlier versions.
- H2SerializeHeaders directive still exists, but has no longer an effect.
- Clients that seemingly misbehave still get less resources allocated,
but ongoing requests are no longer disrupted.
- Fixed an issue since 1.15.24 that "Server" headers in proxied requests
were overwritten instead of preserved.
- A regression in v1.15.24 was fixed that could lead to httpd child
processes not being terminated on a graceful reload or when reaching
MaxConnectionsPerChild. When unprocessed h2 requests were queued at
the time, these could stall.
- Improved information displayed in 'server-status' for H2 connections when
Extended Status is enabled. Now one can see the last request that IO
operations happened on and transferred IO stats are updated as well.
- When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.
- :scheme pseudo-header values, not matching the
connection scheme, are forwarded via absolute uris to the
http protocol processing to preserve semantics of the request.
Checks on combinations of pseudo-headers values/absence
have been added as described in RFC 7540. Fixes #230.
- A bug that prevented trailers (e.g. HEADER frame at the end) to be
generated in certain cases was fixed. See #233 where it prevented
gRPC responses to be properly generated.
- Request and response header values are automatically stripped of leading
and trialing space/tab characters. This is equivalent behaviour to what
Apache httpd's http/1.1 parser does.
The checks for this in nghttp2 v1.50.0+ are disabled.
- Extensive testing in production done by Alessandro Bianchi (@alexskynet)
on the v2.0.x versions for stability. Many thanks!
*) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
request ':authority' is known. Improved test case that did not catch that
the previous 'fix' was incorrect.
*) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
*) mod_proxy: The AH03408 warning for a forcibly closed backend
connection is now logged at INFO level. [Yann Ylavic]
*) mod_ssl: When dumping the configuration, the existence of
certificate/key files is no longer tested. [Joe Orton]
*) mod_authn_core: Add expression support to AuthName and AuthType.
[Graham Leggett]
*) mod_ssl: when a proxy connection had handled a request using SSL, an
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error.
*) mod_proxy_hcheck: Re-enable workers in standard ERROR state.
*) mod_proxy_hcheck: Detect AJP/CPING support correctly.
*) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
*) mod_md: a new directive `MDStoreLocks` can be used on cluster
setups with a shared file system for `MDStoreDir` to order
activation of renewed certificates when several cluster nodes are
restarted at the same time. Store locks are not enabled by default.
Restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that.
Fixes <https://github.com/icing/mod_md/issues/293>.
*) core: Avoid an overflow on large inputs in ap_is_matchexp.
*) mod_heartmonitor: Allow "HeartbeatMaxServers 0" to use file based
storage instead of slotmem. Needed after setting
HeartbeatMaxServers default to the documented value 10 in 2.4.54.
*) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery
This is a game changer for performances if client use PROPFIND a lot.
To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 pkgsrc/www/apache24/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/apache24/PLIST
cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache24/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/apache24/patches/patch-configure
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/textproc/libxml2/Makefile@1.165.2.1
/
diff
pkgsrc/textproc/libxml2/Makefile.common@1.16.6.1 / diff
pkgsrc/textproc/libxml2/PLIST@1.47.8.1 / diff
pkgsrc/textproc/libxml2/distinfo@1.141.6.1 / diff
pkgsrc/textproc/libxml2/patches/patch-Makefile.in deleted
pkgsrc/textproc/libxml2/patches/patch-catalog.c deleted
pkgsrc/textproc/libxml2/patches/patch-configure@1.4.8.1 / diff
pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in deleted
pkgsrc/textproc/libxml2/patches/patch-encoding.c@1.3.18.1 / diff
pkgsrc/textproc/libxml2/patches/patch-error.c@1.1.2.2 / diff
pkgsrc/textproc/libxml2/patches/patch-python_libxml.c deleted
pkgsrc/textproc/libxml2/patches/patch-python_libxml.py deleted
pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py deleted
pkgsrc/textproc/libxml2/patches/patch-python_setup.py deleted
pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c deleted
pkgsrc/textproc/libxml2/Makefile.common@1.16.6.1 / diff
pkgsrc/textproc/libxml2/PLIST@1.47.8.1 / diff
pkgsrc/textproc/libxml2/distinfo@1.141.6.1 / diff
pkgsrc/textproc/libxml2/patches/patch-Makefile.in deleted
pkgsrc/textproc/libxml2/patches/patch-catalog.c deleted
pkgsrc/textproc/libxml2/patches/patch-configure@1.4.8.1 / diff
pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in deleted
pkgsrc/textproc/libxml2/patches/patch-encoding.c@1.3.18.1 / diff
pkgsrc/textproc/libxml2/patches/patch-error.c@1.1.2.2 / diff
pkgsrc/textproc/libxml2/patches/patch-python_libxml.c deleted
pkgsrc/textproc/libxml2/patches/patch-python_libxml.py deleted
pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py deleted
pkgsrc/textproc/libxml2/patches/patch-python_setup.py deleted
pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c deleted
Pullup ticket #6737 - requested by taca
textproc/libxml2: security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.166-1.167
- textproc/libxml2/Makefile.common 1.17-1.19
- textproc/libxml2/PLIST 1.48
- textproc/libxml2/distinfo 1.142-1.143
- textproc/libxml2/patches/patch-Makefile.in deleted
- textproc/libxml2/patches/patch-catalog.c deleted
- textproc/libxml2/patches/patch-configure 1.5
- textproc/libxml2/patches/patch-doc_examples_Makefile.in deleted
- textproc/libxml2/patches/patch-encoding.c 1.4
- textproc/libxml2/patches/patch-error.c 1.1
- textproc/libxml2/patches/patch-python_libxml.c deleted
- textproc/libxml2/patches/patch-python_libxml.py deleted
- textproc/libxml2/patches/patch-python_libxml2.py deleted
- textproc/libxml2/patches/patch-python_setup.py deleted
- textproc/libxml2/patches/patch-xmlcatalog.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 22 10:30:09 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common PLIST distinfo
pkgsrc/textproc/libxml2/patches: patch-configure patch-encoding.c
Removed Files:
pkgsrc/textproc/libxml2/patches: patch-Makefile.in patch-catalog.c
patch-doc_examples_Makefile.in patch-python_libxml.c
patch-python_libxml.py patch-python_libxml2.py
patch-python_setup.py patch-xmlcatalog.c
Log Message:
libxml2: update to 2.10.3.
NEWS file for libxml2
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.47 -r1.48 pkgsrc/textproc/libxml2/PLIST
cvs rdiff -u -r1.141 -r1.142 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/textproc/libxml2/patches/patch-Makefile.in \
pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in \
pkgsrc/textproc/libxml2/patches/patch-python_setup.py
cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/libxml2/patches/patch-catalog.c \
pkgsrc/textproc/libxml2/patches/patch-python_libxml.py \
pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py \
pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c
cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/libxml2/patches/patch-configure
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libxml2/patches/patch-encoding.c
cvs rdiff -u -r1.4 -r0 pkgsrc/textproc/libxml2/patches/patch-python_libxml.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Jan 26 01:49:16 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-error.c
Log Message:
libxml2: Make sure that error messages are valid UTF-8
Fixes segfaults with itstool, which were breaking various MATE package
builds. (This is the third time a variant of a patch to fix this same
issue has been applied here.)
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.142 -r1.143 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-error.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Jan 27 14:49:37 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common
Log Message:
libxml2: Ensure --sysconfdir is passed.
Fixes widespread breakage of recent update on systems where PKG_SYSCONFDIR
is not PREFIX/etc so the catalog files could not be found.
Move PKGREVISION out of Makefile.common and bump.
To generate a diff of this commit:
cvs rdiff -u -r1.166 -r1.167 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/Makefile.common
textproc/libxml2: security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.166-1.167
- textproc/libxml2/Makefile.common 1.17-1.19
- textproc/libxml2/PLIST 1.48
- textproc/libxml2/distinfo 1.142-1.143
- textproc/libxml2/patches/patch-Makefile.in deleted
- textproc/libxml2/patches/patch-catalog.c deleted
- textproc/libxml2/patches/patch-configure 1.5
- textproc/libxml2/patches/patch-doc_examples_Makefile.in deleted
- textproc/libxml2/patches/patch-encoding.c 1.4
- textproc/libxml2/patches/patch-error.c 1.1
- textproc/libxml2/patches/patch-python_libxml.c deleted
- textproc/libxml2/patches/patch-python_libxml.py deleted
- textproc/libxml2/patches/patch-python_libxml2.py deleted
- textproc/libxml2/patches/patch-python_setup.py deleted
- textproc/libxml2/patches/patch-xmlcatalog.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 22 10:30:09 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common PLIST distinfo
pkgsrc/textproc/libxml2/patches: patch-configure patch-encoding.c
Removed Files:
pkgsrc/textproc/libxml2/patches: patch-Makefile.in patch-catalog.c
patch-doc_examples_Makefile.in patch-python_libxml.c
patch-python_libxml.py patch-python_libxml2.py
patch-python_setup.py patch-xmlcatalog.c
Log Message:
libxml2: update to 2.10.3.
NEWS file for libxml2
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.47 -r1.48 pkgsrc/textproc/libxml2/PLIST
cvs rdiff -u -r1.141 -r1.142 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r1.2 -r0 pkgsrc/textproc/libxml2/patches/patch-Makefile.in \
pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in \
pkgsrc/textproc/libxml2/patches/patch-python_setup.py
cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/libxml2/patches/patch-catalog.c \
pkgsrc/textproc/libxml2/patches/patch-python_libxml.py \
pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py \
pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c
cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/libxml2/patches/patch-configure
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libxml2/patches/patch-encoding.c
cvs rdiff -u -r1.4 -r0 pkgsrc/textproc/libxml2/patches/patch-python_libxml.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Jan 26 01:49:16 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile.common distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-error.c
Log Message:
libxml2: Make sure that error messages are valid UTF-8
Fixes segfaults with itstool, which were breaking various MATE package
builds. (This is the third time a variant of a patch to fix this same
issue has been applied here.)
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/textproc/libxml2/Makefile.common
cvs rdiff -u -r1.142 -r1.143 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-error.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Jan 27 14:49:37 UTC 2023
Modified Files:
pkgsrc/textproc/libxml2: Makefile Makefile.common
Log Message:
libxml2: Ensure --sysconfdir is passed.
Fixes widespread breakage of recent update on systems where PKG_SYSCONFDIR
is not PREFIX/etc so the catalog files could not be found.
Move PKGREVISION out of Makefile.common and bump.
To generate a diff of this commit:
cvs rdiff -u -r1.166 -r1.167 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/Makefile.common
pkgsrc-2022Q4 commitmail json YAML
6728, 6735, 6736
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/net/bind918/Makefile@1.3.2.1
/
diff
pkgsrc/net/bind918/PLIST@1.1.2.1 / diff
pkgsrc/net/bind918/distinfo@1.3.2.1 / diff
pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c@1.1.2.1 / diff
pkgsrc/net/bind918/patches/patch-lib_isc_time.c@1.1.2.1 / diff
pkgsrc/net/bind918/patches/patch-lib_ns_update.c@1.1.2.1 / diff
pkgsrc/net/bind918/PLIST@1.1.2.1 / diff
pkgsrc/net/bind918/distinfo@1.3.2.1 / diff
pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c@1.1.2.1 / diff
pkgsrc/net/bind918/patches/patch-lib_isc_time.c@1.1.2.1 / diff
pkgsrc/net/bind918/patches/patch-lib_ns_update.c@1.1.2.1 / diff
Pullup ticket #6736 - requested by taca
net/bind918: security update
Revisions pulled up:
- net/bind918/Makefile 1.6
- net/bind918/PLIST 1.2
- net/bind918/distinfo 1.4
- net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
- net/bind918/patches/patch-lib_isc_siphash.c 1.2
- net/bind918/patches/patch-lib_isc_time.c 1.2
- net/bind918/patches/patch-lib_ns_update.c 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 8 00:13:44 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile PLIST distinfo
pkgsrc/net/bind918/patches: patch-lib_isc_siphash.c
patch-lib_isc_time.c patch-lib_ns_update.c
Removed Files:
pkgsrc/net/bind918/patches:
patch-bin_tests_system_keyfromlabel_tests.sh
Log Message:
net/bind918: update to 9.18.11
Approved by MAINTAINER (sekiya@).
--- 9.18.11 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has been
nonfunctional for some time, is now marked as
obsolete and the implementation has been removed.
Configuring DSCP values in named.conf has no
effect, and a warning will be logged that
the feature should no longer be used. [GL #3773]
6061. [bug] Fix unexpected "Prohibited" extended DNS error
on allow-recursion. [GL #3743]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]
6053. [bug] Fix an ADB quota management bug in resolver. [GL #3752]
6051. [bug] Improve thread safety in the dns_dispatch unit.
[GL #3178] [GL #3636]
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6049. [bug] Exclude ABD hashtables from the ADB memory
overmem checks and don't clean ADB names
and ADB entries used in the last 10 seconds
(ADB_CACHE_MINIMUM). [GL #3739]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]
6047. [bug] Try the next server instead of trying the same
server again on an outgoing query timeout.
[GL #3637]
6046. [bug] TLS session resumption might lead to handshake
failures when client certificates are used for
authentication (Mutual TLS). This has been fixed.
[GL #3725]
6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]
5830. [func] Implement incremental resizing of isc_ht hash tables to
perform the rehashing gradually. The catalog zone
implementation has been optimized to work with hundreds
of thousands of member zones. [GL #3212] [GL #3744]
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c \
pkgsrc/net/bind918/patches/patch-lib_isc_time.c \
pkgsrc/net/bind918/patches/patch-lib_ns_update.c
net/bind918: security update
Revisions pulled up:
- net/bind918/Makefile 1.6
- net/bind918/PLIST 1.2
- net/bind918/distinfo 1.4
- net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
- net/bind918/patches/patch-lib_isc_siphash.c 1.2
- net/bind918/patches/patch-lib_isc_time.c 1.2
- net/bind918/patches/patch-lib_ns_update.c 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 8 00:13:44 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile PLIST distinfo
pkgsrc/net/bind918/patches: patch-lib_isc_siphash.c
patch-lib_isc_time.c patch-lib_ns_update.c
Removed Files:
pkgsrc/net/bind918/patches:
patch-bin_tests_system_keyfromlabel_tests.sh
Log Message:
net/bind918: update to 9.18.11
Approved by MAINTAINER (sekiya@).
--- 9.18.11 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has been
nonfunctional for some time, is now marked as
obsolete and the implementation has been removed.
Configuring DSCP values in named.conf has no
effect, and a warning will be logged that
the feature should no longer be used. [GL #3773]
6061. [bug] Fix unexpected "Prohibited" extended DNS error
on allow-recursion. [GL #3743]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]
6053. [bug] Fix an ADB quota management bug in resolver. [GL #3752]
6051. [bug] Improve thread safety in the dns_dispatch unit.
[GL #3178] [GL #3636]
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6049. [bug] Exclude ABD hashtables from the ADB memory
overmem checks and don't clean ADB names
and ADB entries used in the last 10 seconds
(ADB_CACHE_MINIMUM). [GL #3739]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]
6047. [bug] Try the next server instead of trying the same
server again on an outgoing query timeout.
[GL #3637]
6046. [bug] TLS session resumption might lead to handshake
failures when client certificates are used for
authentication (Mutual TLS). This has been fixed.
[GL #3725]
6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]
5830. [func] Implement incremental resizing of isc_ht hash tables to
perform the rehashing gradually. The catalog zone
implementation has been optimized to work with hundreds
of thousands of member zones. [GL #3212] [GL #3744]
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c \
pkgsrc/net/bind918/patches/patch-lib_isc_time.c \
pkgsrc/net/bind918/patches/patch-lib_ns_update.c
pkgsrc-2022Q4 commitmail json YAML
Pullup ticket #6735 - requested by taca
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.194
- security/sudo/distinfo 1.126
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 6 14:35:32 UTC 2023
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
security/sudo: update to 1.9.12p2
1.9.12.p2 (2023-01-18)
* Fixed a compilation error on Linux/aarch64. GitHub issue #197.
* Fixed a potential crash introduced in the fix for GitHub issue #134.
If a user's sudoers entry did not have any RunAs user's set,
running "sudo -U otheruser -l" would dereference a NULL pointer.
* Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
from creating a I/O files when the "iolog_file" sudoers setting
contains six or more Xs.
* Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
that coud allow a malicious user with sudoedit privileges to
edit arbitrary files.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/security/sudo/distinfo
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.194
- security/sudo/distinfo 1.126
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 6 14:35:32 UTC 2023
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
security/sudo: update to 1.9.12p2
1.9.12.p2 (2023-01-18)
* Fixed a compilation error on Linux/aarch64. GitHub issue #197.
* Fixed a potential crash introduced in the fix for GitHub issue #134.
If a user's sudoers entry did not have any RunAs user's set,
running "sudo -U otheruser -l" would dereference a NULL pointer.
* Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
from creating a I/O files when the "iolog_file" sudoers setting
contains six or more Xs.
* Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
that coud allow a malicious user with sudoedit privileges to
edit arbitrary files.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/security/sudo/distinfo
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/net/samba4/Makefile@1.154.2.1
/
diff
pkgsrc/net/samba4/PLIST@1.48.2.1 / diff
pkgsrc/net/samba4/distinfo@1.87.2.1 / diff
pkgsrc/net/samba4/options.mk@1.17.8.1 / diff
pkgsrc/net/samba4/PLIST@1.48.2.1 / diff
pkgsrc/net/samba4/distinfo@1.87.2.1 / diff
pkgsrc/net/samba4/options.mk@1.17.8.1 / diff
Pullup ticket #6728 - requested by taca
net/samba4: security update
Revisions pulled up:
- net/samba4/Makefile 1.155,1.157-1.159
- net/samba4/PLIST 1.49-1.50
- net/samba4/distinfo 1.88-1.89
- net/samba4/options.mk 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 3 15:27:23 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo options.mk
Log Message:
samba: update to 4.17.4.
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
-----------------------------------------------------
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.155 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/samba4/PLIST
cvs rdiff -u -r1.87 -r1.88 pkgsrc/net/samba4/distinfo
cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/samba4/options.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Tue Jan 10 02:12:40 UTC 2023
Modified Files:
pkgsrc/net/samba4: PLIST
Log Message:
samba4: fix PLIST error when option ads is off
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/samba4/PLIST
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: hauke
Date: Thu Jan 19 16:32:54 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
Un-break FreeBSD build - it does not define ENODATA.
See also this thread
<kern/2012/04/30/msg013090.html>.">https://mail-index.netbsd.org/tech-kern/2012/04/30/msg013090.html>.
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 23 09:13:52 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
samba4: add upper bound for ldb and remove reference to non-existent file
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 28 13:52:03 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.17.5
===============
Release Notes for Samba 4.17.5
January 26, 2023
===============
This is the latest stable release of the Samba 4.17 release series.
Changes since 4.17.4
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value).
o Samuel Cabrero <scabrero@samba.org>
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
o Volker Lendecke <vl@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
o Stefan Metzmacher <metze@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
o Andreas Schneider <asn@samba.org>
* BUG 15268: smbclient segfaults with use after free on an optimized build.
o Jones Syue <jonessyue@qnap.com>
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
o Andrew Walker <awalker@ixsystems.com>
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer.
o Florian Weimer <fweimer@redhat.com>
* BUG 15281: Avoid relying on C89 features in a few places.
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/net/samba4/distinfo
net/samba4: security update
Revisions pulled up:
- net/samba4/Makefile 1.155,1.157-1.159
- net/samba4/PLIST 1.49-1.50
- net/samba4/distinfo 1.88-1.89
- net/samba4/options.mk 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 3 15:27:23 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo options.mk
Log Message:
samba: update to 4.17.4.
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
-----------------------------------------------------
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.155 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/samba4/PLIST
cvs rdiff -u -r1.87 -r1.88 pkgsrc/net/samba4/distinfo
cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/samba4/options.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Tue Jan 10 02:12:40 UTC 2023
Modified Files:
pkgsrc/net/samba4: PLIST
Log Message:
samba4: fix PLIST error when option ads is off
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/samba4/PLIST
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: hauke
Date: Thu Jan 19 16:32:54 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
Un-break FreeBSD build - it does not define ENODATA.
See also this thread
<kern/2012/04/30/msg013090.html>.">https://mail-index.netbsd.org/tech-kern/2012/04/30/msg013090.html>.
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 23 09:13:52 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
samba4: add upper bound for ldb and remove reference to non-existent file
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 28 13:52:03 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.17.5
===============
Release Notes for Samba 4.17.5
January 26, 2023
===============
This is the latest stable release of the Samba 4.17 release series.
Changes since 4.17.4
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value).
o Samuel Cabrero <scabrero@samba.org>
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
o Volker Lendecke <vl@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
o Stefan Metzmacher <metze@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
o Andreas Schneider <asn@samba.org>
* BUG 15268: smbclient segfaults with use after free on an optimized build.
o Jones Syue <jonessyue@qnap.com>
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
o Andrew Walker <awalker@ixsystems.com>
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer.
o Florian Weimer <fweimer@redhat.com>
* BUG 15281: Avoid relying on C89 features in a few places.
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/net/samba4/distinfo
pkgsrc-2022Q4 commitmail json YAML
6710, 6724
pkgsrc-2022Q4 commitmail json YAML
Pullup ticket #6724 - requested by bsiegert
lang/ruby31-base: build fix
Revisions pulled up:
- lang/ruby31-base/Makefile 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Mon Jan 16 06:33:51 UTC 2023
Modified Files:
pkgsrc/lang/ruby31-base: Makefile
Log Message:
lang/ruby31-base: quote ${CC}; PR 57167
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby31-base/Makefile
lang/ruby31-base: build fix
Revisions pulled up:
- lang/ruby31-base/Makefile 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Mon Jan 16 06:33:51 UTC 2023
Modified Files:
pkgsrc/lang/ruby31-base: Makefile
Log Message:
lang/ruby31-base: quote ${CC}; PR 57167
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby31-base/Makefile
pkgsrc-2022Q4 commitmail json YAML
Pullup ticket #6710 - requested by bsiegert
security/libksba: security update
Revisions pulled up:
- security/libksba/Makefile 1.39
- security/libksba/distinfo 1.29
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Dec 28 09:38:22 UTC 2022
Modified Files:
pkgsrc/security/libksba: Makefile distinfo
Log Message:
libksba: updated to 1.6.3
Noteworthy changes in version 1.6.3 (2022-12-06)
------------------------------------------------
* Fix another integer overflow in the CRL parser.
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/security/libksba/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/libksba/distinfo
security/libksba: security update
Revisions pulled up:
- security/libksba/Makefile 1.39
- security/libksba/distinfo 1.29
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Dec 28 09:38:22 UTC 2022
Modified Files:
pkgsrc/security/libksba: Makefile distinfo
Log Message:
libksba: updated to 1.6.3
Noteworthy changes in version 1.6.3 (2022-12-06)
------------------------------------------------
* Fix another integer overflow in the CRL parser.
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/security/libksba/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/libksba/distinfo
pkgsrc-2022Q4 commitmail json YAML
pkgsrc/converters/wkhtmltopdf/Makefile@1.14.4.2
/
diff
pkgsrc/converters/wkhtmltopdf/distinfo@1.6.10.2 / diff
pkgsrc/converters/wkhtmltopdf/patches/patch-src_image_image.pro@1.2.22.2 / diff
pkgsrc/converters/wkhtmltopdf/patches/patch-src_lib_lib.pro@1.1.44.2 / diff
pkgsrc/converters/wkhtmltopdf/patches/patch-src_pdf_pdf.pro@1.2.22.2 / diff
pkgsrc/converters/wkhtmltopdf/distinfo@1.6.10.2 / diff
pkgsrc/converters/wkhtmltopdf/patches/patch-src_image_image.pro@1.2.22.2 / diff
pkgsrc/converters/wkhtmltopdf/patches/patch-src_lib_lib.pro@1.1.44.2 / diff
pkgsrc/converters/wkhtmltopdf/patches/patch-src_pdf_pdf.pro@1.2.22.2 / diff
revert erroneous commit to the pkgsrc-2022Q4 branch as requested by manu@
in admin ticket #265306
in admin ticket #265306
MAIN commitmail json YAML
Updated print/podofo to 0.9.8
MAIN commitmail json YAML
pkgsrc/print/podofo/Makefile@1.40
/
diff
pkgsrc/print/podofo/PLIST@1.6 / diff
pkgsrc/print/podofo/distinfo@1.24 / diff
pkgsrc/print/podofo/patches/patch-src_CMakeLists.txt deleted
pkgsrc/print/podofo/patches/patch-src_base_PdfMemoryManagement.cpp deleted
pkgsrc/print/podofo/patches/patch-src_doc_PdfImage.cpp deleted
pkgsrc/print/podofo/patches/patch-src_podofo_CMakeLists.txt@1.1 / diff
pkgsrc/print/podofo/patches/patch-src_podofo_base_PdfMemoryManagement.cpp@1.1 / diff
pkgsrc/print/podofo/patches/patch-src_podofo_doc_PdfImage.cpp@1.1 / diff
pkgsrc/print/podofo/patches/patch-test_TokenizerTest_CMakeLists.txt deleted
pkgsrc/print/podofo/PLIST@1.6 / diff
pkgsrc/print/podofo/distinfo@1.24 / diff
pkgsrc/print/podofo/patches/patch-src_CMakeLists.txt deleted
pkgsrc/print/podofo/patches/patch-src_base_PdfMemoryManagement.cpp deleted
pkgsrc/print/podofo/patches/patch-src_doc_PdfImage.cpp deleted
pkgsrc/print/podofo/patches/patch-src_podofo_CMakeLists.txt@1.1 / diff
pkgsrc/print/podofo/patches/patch-src_podofo_base_PdfMemoryManagement.cpp@1.1 / diff
pkgsrc/print/podofo/patches/patch-src_podofo_doc_PdfImage.cpp@1.1 / diff
pkgsrc/print/podofo/patches/patch-test_TokenizerTest_CMakeLists.txt deleted
Update print/podofo to version 0.9.8
Fixes many CVE.
Note upstream pushed their src/ contents to src/podofo so patches
had to move that didn't otherwise change.
upstream changelog:
PoDoFo 0.9.8 released - last release on current code base
May 3rd 2022
The PoDoFo developers are happy to announce the release of PoDoFo 0.9.8.
This release contains over 25 patches submitted by various contributors
(see SVN Log for details). We encourage all users to upgrade to this
release.
Also, this will be the final release of PoDoFo based on the current
codebase.
After the release we plan to introduce two major changes to PoDoFo
development.
First of all, we will lock/close the current SVN trunk and switch PoDoFo
development to a more modern development platform, where we can leverage
state of the art development features such as Continuous Integration or
Pull Requests. The mailing list and webpage will stay on SourceForge
as well as the issue tracker. Still, we will open a new issue tracker
for the new development environment and gradually migrate open issues.
We will share more news on this, once the new development environment
was set up.
Secondly and most importantly, we will replace the current codebase
of PoDoFo with the amazing work Francesco Pretto has done with pdfmm.
pdfmm is based on PoDoFo but with an improved and reworked API based
on C++17 which we consider more suitable for future development of PoDoFo.
After rebasing PoDoFo on pdfmm, we plan to release PoDoFo 1.0.0.
Please note, PoDoFo 1.0.0 will be API incompatible (binary and in
source code) with PoDoFo 0.9.8. We expect migration steps to be necessary.
PoDoFo Tools are currently being ported to pdfmm as a showcase for
the migration.
PoDoFo 0.9.7 released
January 9th 2021
PoDoFo 0.9.7 was released today, after over 2 year of development
and with the help of many new contributors.
As there are so many improvements, patches and fixes that made it
into this release, we are not able to list them, so please stick with
the svn log.
This release also includes a release of podofobrowser which was
ported to Qt5.
Fixes many CVE.
Note upstream pushed their src/ contents to src/podofo so patches
had to move that didn't otherwise change.
upstream changelog:
PoDoFo 0.9.8 released - last release on current code base
May 3rd 2022
The PoDoFo developers are happy to announce the release of PoDoFo 0.9.8.
This release contains over 25 patches submitted by various contributors
(see SVN Log for details). We encourage all users to upgrade to this
release.
Also, this will be the final release of PoDoFo based on the current
codebase.
After the release we plan to introduce two major changes to PoDoFo
development.
First of all, we will lock/close the current SVN trunk and switch PoDoFo
development to a more modern development platform, where we can leverage
state of the art development features such as Continuous Integration or
Pull Requests. The mailing list and webpage will stay on SourceForge
as well as the issue tracker. Still, we will open a new issue tracker
for the new development environment and gradually migrate open issues.
We will share more news on this, once the new development environment
was set up.
Secondly and most importantly, we will replace the current codebase
of PoDoFo with the amazing work Francesco Pretto has done with pdfmm.
pdfmm is based on PoDoFo but with an improved and reworked API based
on C++17 which we consider more suitable for future development of PoDoFo.
After rebasing PoDoFo on pdfmm, we plan to release PoDoFo 1.0.0.
Please note, PoDoFo 1.0.0 will be API incompatible (binary and in
source code) with PoDoFo 0.9.8. We expect migration steps to be necessary.
PoDoFo Tools are currently being ported to pdfmm as a showcase for
the migration.
PoDoFo 0.9.7 released
January 9th 2021
PoDoFo 0.9.7 was released today, after over 2 year of development
and with the help of many new contributors.
As there are so many improvements, patches and fixes that made it
into this release, we are not able to list them, so please stick with
the svn log.
This release also includes a release of podofobrowser which was
ported to Qt5.
pkgsrc-2022Q3 commitmail json YAML
#6696 + #6705
pkgsrc-2022Q3 commitmail json YAML
pkgsrc/databases/redis/Makefile@1.73.4.1
/
diff
pkgsrc/databases/redis/distinfo@1.66.4.1 / diff
pkgsrc/databases/redis/patches/patch-src_Makefile@1.5.8.1 / diff
pkgsrc/databases/redis/distinfo@1.66.4.1 / diff
pkgsrc/databases/redis/patches/patch-src_Makefile@1.5.8.1 / diff
Pullup ticket #6705 - requested by bsiegert
databases/redis: security update
Revisions pulled up:
- databases/redis/Makefile 1.74
- databases/redis/distinfo 1.67
- databases/redis/patches/patch-src_Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Tue Nov 22 19:11:11 UTC 2022
Modified Files:
pkgsrc/databases/redis: Makefile distinfo
pkgsrc/databases/redis/patches: patch-src_Makefile
Log Message:
redis: updated to 7.0.5
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Module API changes
=========
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration
Bug Fixes
====
* Fix a hang when eviction is combined with lazy-free and
maxmemory-eviction-tenacity is set to 100
* Fix a crash when a replica may attempt to set itself as its master
as a result of a manual failover
* Fix a bug where a cluster-enabled replica node may permanently set
its master's hostname to '?'
* Fix a crash when a Lua script returns a meta-table
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET
* Fix crash when a key is lazy expired during cluster key migration
* Fix AOF rewrite to fsync the old AOF file when a new one is created
* Fix some crashes involving a list containing entries larger than 1GB
* Correctly handle scripts with a non-read-only shebang on a cluster replica
* Fix memory leak when unloading a module
* Fix bug with scripts ignoring client tracking NOLOOP
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL /
SWAPDB is used inside MULTI-EXEC
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed
with read-only key permission
* Fix missing sections for INFO ALL when also requesting a module info section
========================================
Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
========================================
Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Performance and resource utilization improvements
========================
* Optimize zset conversion on large ZRANGESTORE
* Optimize the performance of sending PING on large clusters
* Allow for faster restart of Redis in cluster mode
INFO fields and introspection changes
==================
* Add missing sharded pubsub keychannel count to CLIENT LIST
* Add missing pubsubshard_channels field in INFO STATS
Module API changes
=========
* Add RM_StringToULongLong and RM_CreateStringFromULongLong
* Add RM_SetClientNameById and RM_GetClientNameById
Changes in CLI tools
==========
* Add missing cluster-port support to redis-cli --cluster
Other General Improvements
=============
* Account sharded pubsub channels memory consumption
* Allow ECHO in loading and stale modes
* Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
commands when the node only has some of the keys
Bug Fixes
====
* TLS: Notify clients on connection shutdown
* Fsync directory while persisting AOF manifest, RDB file, and config file
* Script that made modification will not break with unexpected NOREPLICAS error
* Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
after a replica reboots
* Cluster: Fix crash during handshake and cluster shards call
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* TLS: Fix issues with large replies
* Correctly report the startup warning for vm.overcommit_memory
* redis-server command line allow passing config name and value in the
same argument
* Support --save command line argument with no value for backwards compatibility
* Fix CLUSTER RESET command regression requiring an argument
========================================
Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Bug Fixes
====
* Fixed SET and BITFIELD commands being wrongly marked movablekeys
Regression in 7.0 possibly resulting in excessive roundtrip from
cluster clients.
* Fix crash when /proc/sys/vm/overcommit_memory is inaccessible
Regression in 7.0.1 resulting in crash on startup on some configurations.
========================================
Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains some behavior changes for new 7.0 features and important
fixes for bugs in previous 7.0 releases.
Improvements
======
* Add warning for suspected slow system clocksource setting
Add --check-system command line option.
* Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
during CLIENT PAUSE WRITE
* Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO
* redis-server command line arguments now accept one string with spaces
for multi-arg configs
Potentially Breaking Changes
==============
* Omitting a config option value in command line argument no longer works
* Hide the `may_replicate` flag from the COMMAND command response
Potentially Breaking Changes for new Redis 7.0 features
-------------------------------------------------------
* Protocol: Sharded pubsub publish emits `smessage` instead of `message`
* CLUSTER SHARDS returns slots as RESP integers, not strings
* Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes)
* Scripts that declare the `no-writes` flag are implicitly `allow-oom` too
Changes in CLI tools
==========
* redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C
Platform / toolchain support related improvements
========================
* Support tcp-keepalive config interval on MacOs
* Support RSS metrics on Haiku OS
INFO fields and introspection changes
==================
* Add isolated network metrics for replication.
Module API changes
=========
* Add two more new checks to RM_Call script mode
* Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands
* Add module API RM_MallocUsableSize
* Add missing REDISMODULE_NOTIFY_NEW
* Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements
* Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug
* Fix bugs in enum configs with overlapping bit flags
Bug Fixes
====
* FLUSHALL correctly resets rdb_changes_since_last_save INFO field
* FLUSHDB is now propagated to replicas / AOF, even if the db is empty
* Replica fail and retry the PSYNC if the master is unresponsive
* Fix ZRANGESTORE crash when zset_max_listpack_entries is 0
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* CONFIG REWRITE could cause a config change to be dropped for aliased configs
* CONFIG REWRITE would omit rename-command and include lines
NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
should review and fix the file.
* Fix broken protocol after MISCONF (persistence) error
* Fix --save command line regression
* Fix possible regression around TLS config changes. re-load files even if the
file name didn't change.
* Re-add SENTINEL SLAVES command, missing in redis 7.0
* BZMPOP gets unblocked by non-key args and returns them
* Fix possible memory leak in XADD and XTRIM
========================================
Redis 7.0.0 GA Released Wed Apr 27 12:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
New Features
======
* Keyspace event for new keys
Command replies that have been extended
---------------------------------------
* COMMAND DOCS shows deprecated_since field in command args
* COMMAND DOCS shows module name where applicable
Potentially Breaking Changes
==============
* Replicas panic when they fail writing persistence
* Prevent cross slot operations in functions and scripts with shebang
* Rephrased some error responses about invalid commands or args
* Lua scripts do not have access to the print() function
Performance and resource utilization improvements
========================
* Speed optimization in streams
* Speed optimization in command execution pipeline
* Speed optimization in listpack encoded sorted
* Speed optimization in latency tracking at INFO (relevant for 7.0 RCs)
* Speed optimization when there are many replicas (relevant for 7.0 RCs)
New configuration options
============
* Allow ignoring disk persistence errors on replicas
* Allow abort with panic when replica fails to execute a command sent
by the master
* Allow configuring shutdown flags of SIGTERM and SIGINT
* Allow attaching an operating system-specific identifier to Redis sockets
Module API changes
=========
* Add argument specifying ACL reason for module log entry
Breaking API compatibility with 7.0 RCs
* Add the deprecated_since field in command args of COMMAND DOCS
Breaking API/ABI compatibility with 7.0 RCs
* Add module API flag for using enum configs as bit flags
* Add RM_PublishMessageShard
* Add RM_MallocSizeString, RM_MallocSizeDict
* Add RM_TryAlloc
Bug Fixes
====
* Replica report disk persistence errors in PING
* Fixes around rejecting commands on replicas and AOF when they must
be respected
* Durability fixes for appendfsync=always policy
Fixes for issues in previous release candidates of Redis 7.0
------------------------------------------------------------
* Fix possible crash on CONFIG REWRITE
* Fix regression not aborting transaction on errors
* Fix auto-aof-rewrite-percentage based AOFRW trigger after restart
* Fix bugs when AOF enabled after startup, in case of failure before
the first rewrite completes
* Fix RM_Yield module API bug processing future commands of the current client
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 pkgsrc/databases/redis/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/databases/redis/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/redis/patches/patch-src_Makefile
databases/redis: security update
Revisions pulled up:
- databases/redis/Makefile 1.74
- databases/redis/distinfo 1.67
- databases/redis/patches/patch-src_Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Tue Nov 22 19:11:11 UTC 2022
Modified Files:
pkgsrc/databases/redis: Makefile distinfo
pkgsrc/databases/redis/patches: patch-src_Makefile
Log Message:
redis: updated to 7.0.5
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Module API changes
=========
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration
Bug Fixes
====
* Fix a hang when eviction is combined with lazy-free and
maxmemory-eviction-tenacity is set to 100
* Fix a crash when a replica may attempt to set itself as its master
as a result of a manual failover
* Fix a bug where a cluster-enabled replica node may permanently set
its master's hostname to '?'
* Fix a crash when a Lua script returns a meta-table
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET
* Fix crash when a key is lazy expired during cluster key migration
* Fix AOF rewrite to fsync the old AOF file when a new one is created
* Fix some crashes involving a list containing entries larger than 1GB
* Correctly handle scripts with a non-read-only shebang on a cluster replica
* Fix memory leak when unloading a module
* Fix bug with scripts ignoring client tracking NOLOOP
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL /
SWAPDB is used inside MULTI-EXEC
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed
with read-only key permission
* Fix missing sections for INFO ALL when also requesting a module info section
========================================
Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
========================================
Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Performance and resource utilization improvements
========================
* Optimize zset conversion on large ZRANGESTORE
* Optimize the performance of sending PING on large clusters
* Allow for faster restart of Redis in cluster mode
INFO fields and introspection changes
==================
* Add missing sharded pubsub keychannel count to CLIENT LIST
* Add missing pubsubshard_channels field in INFO STATS
Module API changes
=========
* Add RM_StringToULongLong and RM_CreateStringFromULongLong
* Add RM_SetClientNameById and RM_GetClientNameById
Changes in CLI tools
==========
* Add missing cluster-port support to redis-cli --cluster
Other General Improvements
=============
* Account sharded pubsub channels memory consumption
* Allow ECHO in loading and stale modes
* Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
commands when the node only has some of the keys
Bug Fixes
====
* TLS: Notify clients on connection shutdown
* Fsync directory while persisting AOF manifest, RDB file, and config file
* Script that made modification will not break with unexpected NOREPLICAS error
* Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
after a replica reboots
* Cluster: Fix crash during handshake and cluster shards call
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* TLS: Fix issues with large replies
* Correctly report the startup warning for vm.overcommit_memory
* redis-server command line allow passing config name and value in the
same argument
* Support --save command line argument with no value for backwards compatibility
* Fix CLUSTER RESET command regression requiring an argument
========================================
Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains fixes for bugs in previous 7.0 releases.
Bug Fixes
====
* Fixed SET and BITFIELD commands being wrongly marked movablekeys
Regression in 7.0 possibly resulting in excessive roundtrip from
cluster clients.
* Fix crash when /proc/sys/vm/overcommit_memory is inaccessible
Regression in 7.0.1 resulting in crash on startup on some configurations.
========================================
Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022
========================================
Upgrade urgency: MODERATE, specifically if you're using a previous release of
Redis 7.0, contains some behavior changes for new 7.0 features and important
fixes for bugs in previous 7.0 releases.
Improvements
======
* Add warning for suspected slow system clocksource setting
Add --check-system command line option.
* Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
during CLIENT PAUSE WRITE
* Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO
* redis-server command line arguments now accept one string with spaces
for multi-arg configs
Potentially Breaking Changes
==============
* Omitting a config option value in command line argument no longer works
* Hide the `may_replicate` flag from the COMMAND command response
Potentially Breaking Changes for new Redis 7.0 features
-------------------------------------------------------
* Protocol: Sharded pubsub publish emits `smessage` instead of `message`
* CLUSTER SHARDS returns slots as RESP integers, not strings
* Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes)
* Scripts that declare the `no-writes` flag are implicitly `allow-oom` too
Changes in CLI tools
==========
* redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C
Platform / toolchain support related improvements
========================
* Support tcp-keepalive config interval on MacOs
* Support RSS metrics on Haiku OS
INFO fields and introspection changes
==================
* Add isolated network metrics for replication.
Module API changes
=========
* Add two more new checks to RM_Call script mode
* Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands
* Add module API RM_MallocUsableSize
* Add missing REDISMODULE_NOTIFY_NEW
* Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements
* Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug
* Fix bugs in enum configs with overlapping bit flags
Bug Fixes
====
* FLUSHALL correctly resets rdb_changes_since_last_save INFO field
* FLUSHDB is now propagated to replicas / AOF, even if the db is empty
* Replica fail and retry the PSYNC if the master is unresponsive
* Fix ZRANGESTORE crash when zset_max_listpack_entries is 0
Fixes for issues in previous releases of Redis 7.0
--------------------------------------------------
* CONFIG REWRITE could cause a config change to be dropped for aliased configs
* CONFIG REWRITE would omit rename-command and include lines
NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
should review and fix the file.
* Fix broken protocol after MISCONF (persistence) error
* Fix --save command line regression
* Fix possible regression around TLS config changes. re-load files even if the
file name didn't change.
* Re-add SENTINEL SLAVES command, missing in redis 7.0
* BZMPOP gets unblocked by non-key args and returns them
* Fix possible memory leak in XADD and XTRIM
========================================
Redis 7.0.0 GA Released Wed Apr 27 12:00:00 IST 2022
========================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
New Features
======
* Keyspace event for new keys
Command replies that have been extended
---------------------------------------
* COMMAND DOCS shows deprecated_since field in command args
* COMMAND DOCS shows module name where applicable
Potentially Breaking Changes
==============
* Replicas panic when they fail writing persistence
* Prevent cross slot operations in functions and scripts with shebang
* Rephrased some error responses about invalid commands or args
* Lua scripts do not have access to the print() function
Performance and resource utilization improvements
========================
* Speed optimization in streams
* Speed optimization in command execution pipeline
* Speed optimization in listpack encoded sorted
* Speed optimization in latency tracking at INFO (relevant for 7.0 RCs)
* Speed optimization when there are many replicas (relevant for 7.0 RCs)
New configuration options
============
* Allow ignoring disk persistence errors on replicas
* Allow abort with panic when replica fails to execute a command sent
by the master
* Allow configuring shutdown flags of SIGTERM and SIGINT
* Allow attaching an operating system-specific identifier to Redis sockets
Module API changes
=========
* Add argument specifying ACL reason for module log entry
Breaking API compatibility with 7.0 RCs
* Add the deprecated_since field in command args of COMMAND DOCS
Breaking API/ABI compatibility with 7.0 RCs
* Add module API flag for using enum configs as bit flags
* Add RM_PublishMessageShard
* Add RM_MallocSizeString, RM_MallocSizeDict
* Add RM_TryAlloc
Bug Fixes
====
* Replica report disk persistence errors in PING
* Fixes around rejecting commands on replicas and AOF when they must
be respected
* Durability fixes for appendfsync=always policy
Fixes for issues in previous release candidates of Redis 7.0
------------------------------------------------------------
* Fix possible crash on CONFIG REWRITE
* Fix regression not aborting transaction on errors
* Fix auto-aof-rewrite-percentage based AOFRW trigger after restart
* Fix bugs when AOF enabled after startup, in case of failure before
the first rewrite completes
* Fix RM_Yield module API bug processing future commands of the current client
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 pkgsrc/databases/redis/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/databases/redis/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/redis/patches/patch-src_Makefile
pkgsrc-2022Q3 commitmail json YAML
Pullup ticket #6696 - requested by bsiegert
textproc/expat: security update
Revisions pulled up:
- textproc/expat/Makefile 1.54
- textproc/expat/distinfo 1.47
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 26 10:37:47 UTC 2022
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Log Message:
expat: update to 2.5.0.
Release 2.5.0 Tue October 25 2022
Security fixes:
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612 #645 Fix curruption from undefined entities
#613 #654 Fix case when parsing was suspended while processing nested
entities
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667 #668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Jann Horn
Mark Brand
Osyotr
Rhodri James
and
Google Project Zero
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.46 -r1.47 pkgsrc/textproc/expat/distinfo
textproc/expat: security update
Revisions pulled up:
- textproc/expat/Makefile 1.54
- textproc/expat/distinfo 1.47
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 26 10:37:47 UTC 2022
Modified Files:
pkgsrc/textproc/expat: Makefile distinfo
Log Message:
expat: update to 2.5.0.
Release 2.5.0 Tue October 25 2022
Security fixes:
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612 #645 Fix curruption from undefined entities
#613 #654 Fix case when parsing was suspended while processing nested
entities
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667 #668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Special thanks to:
Jann Horn
Mark Brand
Osyotr
Rhodri James
and
Google Project Zero
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/textproc/expat/Makefile
cvs rdiff -u -r1.46 -r1.47 pkgsrc/textproc/expat/distinfo
MAIN commitmail json YAML
added net/p5-Net-LibIDN2, updated mail/amavisd-new
MAIN commitmail json YAML
pkgsrc/mail/amavisd-new/Makefile@1.32
/
diff
pkgsrc/mail/amavisd-new/PLIST@1.7 / diff
pkgsrc/mail/amavisd-new/distinfo@1.11 / diff
pkgsrc/mail/amavisd-new/patches/patch-aa@1.5 / diff
pkgsrc/mail/amavisd-new/patches/patch-amavisd deleted
pkgsrc/mail/amavisd-new/PLIST@1.7 / diff
pkgsrc/mail/amavisd-new/distinfo@1.11 / diff
pkgsrc/mail/amavisd-new/patches/patch-aa@1.5 / diff
pkgsrc/mail/amavisd-new/patches/patch-amavisd deleted
update package to version 2.12.2
It's the successor to amavisd-new both in sources and in versioning,
but strictly speaking it's now "amavis". I kept the package name to
make it easier to update existing installations.
Upstream release notes:
October 13, 2021
amavis-2.12.2 release notes
BUG FIXES
- Allow $timestamp_fmt_mysql to be used with the DBD::MariaDB driver.
Reported by Marcel Evenson.
Issue: https://gitlab.com/amavis/amavis/issues/79
MR: https://gitlab.com/amavis/amavis/merge_requests/78
- Resolve utf8mb4 problems when using DBD-MariaDB.
Reported by Marcel Evenson.
Issue: https://gitlab.com/amavis/amavis/issues/67
MR: https://gitlab.com/amavis/amavis/merge_requests/80
- Set correct originating flag when using milter/AM.PDP without policy banks.
Reported by Henrik K.
Issue: https://gitlab.com/amavis/amavis/issues/61
MR: https://gitlab.com/amavis/amavis/merge_requests/81
- Resolve crash on reload with insufficient permissions.
Amavis now tests whether it is able read and evaluate its
configuration files with dropped privileges.
In case it cannot, amavis fails to start and refuses to reload.
Reported by Michael Orlitzky.
Suggestions by Ralph Seichter and Michael Orlitzky.
Issue: https://gitlab.com/amavis/amavis/issues/10
MR: https://gitlab.com/amavis/amavis/merge_requests/74
MR: https://gitlab.com/amavis/amavis/merge_requests/75
- Resolve SSL client connection hangups with broken pipe
Reported by @kolbma.
Issue: https://gitlab.com/amavis/amavis/issues/73
MR: https://gitlab.com/amavis/amavis/merge_requests/71
---------------------------------------------------------------------------
November 13, 2020
amavis-2.12.1 release notes
BUG FIXES
- Generate DKIM record comment line including the 's=' (selector) tag
instead of an 'i=' (identifier) tag when using "amavisd showkeys".
Reported by Juan Orti Alcaine.
Issue: https://gitlab.com/amavis/amavis/issues/63
MR: https://gitlab.com/amavis/amavis/merge_requests/41
- Make sure generated Authentication-Results follow RFC specification.
MR: https://gitlab.com/amavis/amavis/merge_requests/57
- Prevent re-encoding of notification templates.
Fixed by Henrik Krohns and Michael Weiser.
Issue: https://gitlab.com/amavis/amavis/issues/62
MR: https://gitlab.com/amavis/amavis/merge_requests/40
- Compare inode numbers as strings.
Reported and implemented by Mark Martinec.
Issue: https://gitlab.com/amavis/amavis/issues/48
MR: https://gitlab.com/amavis/amavis/merge_requests/21
- Resolve MySQL invalid utf8mb4 clause.
Reported by Henrik Krohns.
Issue: https://gitlab.com/amavis/amavis/issues/33
MR: https://gitlab.com/amavis/amavis/merge_requests/14
---------------------------------------------------------------------------
July 25, 2019
amavis-2.12.0 release notes
This software is renamed from amavisd-new to amavis.
NEW FEATURES
- Introduce Rspamd client extension
With this extension, Amavis can use Rspamd either running on the same
server or remotely. Connections are made using HTTP/HTTPS depending on
configuration, the latter requiring a HTTPS-capable proxy (like NGINX or
Apache) for Rspamd, which does not natively support HTTPS. Basic
authentication with name/password pairs is also available.
Implemented by Ralph Seichter.
MR: https://gitlab.com/amavis/amavis/merge_requests/11
BUG FIXES
- Treat "not an OLE file" as a successful result
Amavis supports calling the ripOLE program to extract embedded objects
from Microsoft OLE documents. However, not all Microsoft documents
contain said objects, and the underlying file format changes when they
do. Since Amavis can't tell the difference, it passes everything to
ripOLE unconditionally. Amavis now treats the "not an OLE file" error
code of ripOLE as a successful result, proceeds normally and scans the
file as a whole.
Fixed by Michael Orlitzky.
MR: https://gitlab.com/amavis/amavis/merge_requests/9
- Fix unix socket path extraction that has prevented a socket based
policy bank to be loaded;
Fixed by Boris Gulay.
MR: https://gitlab.com/amavis/amavis/merge_requests/2
MR: https://gitlab.com/amavis/amavis/merge_requests/19
- Fix DKIM signing for outbound messages.
Fixed by Ralph Seichter.
MR: https://gitlab.com/amavis/amavis/merge_requests/1
- Fix unescaped left brace regex warning in run_av() subroutine.
Fixed by Ralph Seichter.
MR: https://gitlab.com/amavis/amavis/merge_requests/10
Issue: https://gitlab.com/amavis/amavis/issues/31
- Mention default value for $myprogram_name in minimal amavisd.conf.
MR: https://gitlab.com/amavis/amavis/merge_requests/12
Issue: https://gitlab.com/amavis/amavis/issues/36
It's the successor to amavisd-new both in sources and in versioning,
but strictly speaking it's now "amavis". I kept the package name to
make it easier to update existing installations.
Upstream release notes:
October 13, 2021
amavis-2.12.2 release notes
BUG FIXES
- Allow $timestamp_fmt_mysql to be used with the DBD::MariaDB driver.
Reported by Marcel Evenson.
Issue: https://gitlab.com/amavis/amavis/issues/79
MR: https://gitlab.com/amavis/amavis/merge_requests/78
- Resolve utf8mb4 problems when using DBD-MariaDB.
Reported by Marcel Evenson.
Issue: https://gitlab.com/amavis/amavis/issues/67
MR: https://gitlab.com/amavis/amavis/merge_requests/80
- Set correct originating flag when using milter/AM.PDP without policy banks.
Reported by Henrik K.
Issue: https://gitlab.com/amavis/amavis/issues/61
MR: https://gitlab.com/amavis/amavis/merge_requests/81
- Resolve crash on reload with insufficient permissions.
Amavis now tests whether it is able read and evaluate its
configuration files with dropped privileges.
In case it cannot, amavis fails to start and refuses to reload.
Reported by Michael Orlitzky.
Suggestions by Ralph Seichter and Michael Orlitzky.
Issue: https://gitlab.com/amavis/amavis/issues/10
MR: https://gitlab.com/amavis/amavis/merge_requests/74
MR: https://gitlab.com/amavis/amavis/merge_requests/75
- Resolve SSL client connection hangups with broken pipe
Reported by @kolbma.
Issue: https://gitlab.com/amavis/amavis/issues/73
MR: https://gitlab.com/amavis/amavis/merge_requests/71
---------------------------------------------------------------------------
November 13, 2020
amavis-2.12.1 release notes
BUG FIXES
- Generate DKIM record comment line including the 's=' (selector) tag
instead of an 'i=' (identifier) tag when using "amavisd showkeys".
Reported by Juan Orti Alcaine.
Issue: https://gitlab.com/amavis/amavis/issues/63
MR: https://gitlab.com/amavis/amavis/merge_requests/41
- Make sure generated Authentication-Results follow RFC specification.
MR: https://gitlab.com/amavis/amavis/merge_requests/57
- Prevent re-encoding of notification templates.
Fixed by Henrik Krohns and Michael Weiser.
Issue: https://gitlab.com/amavis/amavis/issues/62
MR: https://gitlab.com/amavis/amavis/merge_requests/40
- Compare inode numbers as strings.
Reported and implemented by Mark Martinec.
Issue: https://gitlab.com/amavis/amavis/issues/48
MR: https://gitlab.com/amavis/amavis/merge_requests/21
- Resolve MySQL invalid utf8mb4 clause.
Reported by Henrik Krohns.
Issue: https://gitlab.com/amavis/amavis/issues/33
MR: https://gitlab.com/amavis/amavis/merge_requests/14
---------------------------------------------------------------------------
July 25, 2019
amavis-2.12.0 release notes
This software is renamed from amavisd-new to amavis.
NEW FEATURES
- Introduce Rspamd client extension
With this extension, Amavis can use Rspamd either running on the same
server or remotely. Connections are made using HTTP/HTTPS depending on
configuration, the latter requiring a HTTPS-capable proxy (like NGINX or
Apache) for Rspamd, which does not natively support HTTPS. Basic
authentication with name/password pairs is also available.
Implemented by Ralph Seichter.
MR: https://gitlab.com/amavis/amavis/merge_requests/11
BUG FIXES
- Treat "not an OLE file" as a successful result
Amavis supports calling the ripOLE program to extract embedded objects
from Microsoft OLE documents. However, not all Microsoft documents
contain said objects, and the underlying file format changes when they
do. Since Amavis can't tell the difference, it passes everything to
ripOLE unconditionally. Amavis now treats the "not an OLE file" error
code of ripOLE as a successful result, proceeds normally and scans the
file as a whole.
Fixed by Michael Orlitzky.
MR: https://gitlab.com/amavis/amavis/merge_requests/9
- Fix unix socket path extraction that has prevented a socket based
policy bank to be loaded;
Fixed by Boris Gulay.
MR: https://gitlab.com/amavis/amavis/merge_requests/2
MR: https://gitlab.com/amavis/amavis/merge_requests/19
- Fix DKIM signing for outbound messages.
Fixed by Ralph Seichter.
MR: https://gitlab.com/amavis/amavis/merge_requests/1
- Fix unescaped left brace regex warning in run_av() subroutine.
Fixed by Ralph Seichter.
MR: https://gitlab.com/amavis/amavis/merge_requests/10
Issue: https://gitlab.com/amavis/amavis/issues/31
- Mention default value for $myprogram_name in minimal amavisd.conf.
MR: https://gitlab.com/amavis/amavis/merge_requests/12
Issue: https://gitlab.com/amavis/amavis/issues/36
MAIN commitmail json YAML
pkgsrc/net/p5-Net-LibIDN2/DESCR@1.1
/
diff
pkgsrc/net/p5-Net-LibIDN2/Makefile@1.1 / diff
pkgsrc/net/p5-Net-LibIDN2/distinfo@1.1 / diff
pkgsrc/net/p5-Net-LibIDN2/Makefile@1.1 / diff
pkgsrc/net/p5-Net-LibIDN2/distinfo@1.1 / diff
new package for the perl library Net::LibIDN2
the package builds, no guarantees otherwise yet
the package builds, no guarantees otherwise yet
pkgsrc-2022Q2 commitmail json YAML
pullup #6668
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/lang/openjdk11/Makefile@1.44.2.1
/
diff
pkgsrc/lang/openjdk11/distinfo@1.34.2.1 / diff
pkgsrc/lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk deleted
pkgsrc/lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc deleted
pkgsrc/lang/openjdk8/Makefile@1.110.6.1 / diff
pkgsrc/lang/openjdk8/distinfo@1.88.2.1 / diff
pkgsrc/lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh@1.21.8.1 / diff
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp@1.1.8.1 / diff
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp deleted
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp deleted
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp deleted
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp deleted
pkgsrc/lang/openjdk11/distinfo@1.34.2.1 / diff
pkgsrc/lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk deleted
pkgsrc/lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp deleted
pkgsrc/lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc deleted
pkgsrc/lang/openjdk8/Makefile@1.110.6.1 / diff
pkgsrc/lang/openjdk8/distinfo@1.88.2.1 / diff
pkgsrc/lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh@1.21.8.1 / diff
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp@1.1.8.1 / diff
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp deleted
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp deleted
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp deleted
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp deleted
Pullup ticket #6668 - requested by khorben
lang/openjdk8: security update
lang/openjdk11: security update
Revisions pulled up:
- lang/openjdk11/Makefile 1.45
- lang/openjdk11/distinfo 1.35
- lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk deleted
- lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp deleted
- lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc deleted
- lang/openjdk8/Makefile 1.111-1.112
- lang/openjdk8/distinfo 1.89-1.91
- lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh 1.22
- lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp 1.2-1.3
- lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp deleted
- lang/openjdk8/patches/patch-make_common_MakeBase.gmk deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jul 10 14:47:25 UTC 2022
Modified Files:
pkgsrc/lang/openjdk8: Makefile distinfo
pkgsrc/lang/openjdk8/patches:
patch-common_autoconf_generated-configure.sh
patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
Added Files:
pkgsrc/lang/openjdk8/patches: patch-make_common_MakeBase.gmk
Removed Files:
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_share_vm_classfile_symbolTable.cpp
patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp
patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp
patch-hotspot_src_share_vm_memory_metaspace.cpp
Log Message:
openjdk8: Update to 1.8.332
CHangelog:
Follow OpenJDK 8u332 GA.
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/lang/openjdk8/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r1.21 -r1.22 \
pkgsrc/lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp
cvs rdiff -u -r0 -r1.3 \
pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Sun Jul 17 03:03:41 UTC 2022
Modified Files:
pkgsrc/lang/openjdk8: distinfo
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
Added Files:
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
Log Message:
openjdk8: fix NetBSD/evbarm-aarch64 build; PAC is only supported on Linux
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Mon Aug 15 12:23:06 UTC 2022
Modified Files:
pkgsrc/lang/openjdk11: Makefile distinfo
pkgsrc/lang/openjdk8: Makefile distinfo
Removed Files:
pkgsrc/lang/openjdk11/patches: patch-make_common_NativeCompilation.gmk
patch-make_lib_Awt2dLibraries.gmk
patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp
patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp
patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp
patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
patch-make_common_MakeBase.gmk
Log Message:
openjdk*: Security & bugfix update for the long term support branches
Upstream kindly merged many of the NetBSD-specific patches. Thanks! <3
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/lang/openjdk11/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/openjdk11/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk \
pkgsrc/lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
cvs rdiff -u -r1.2 -r0 \
pkgsrc/lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
cvs rdiff -u -r1.111 -r1.112 pkgsrc/lang/openjdk8/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
cvs rdiff -u -r1.3 -r0 \
pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk
lang/openjdk8: security update
lang/openjdk11: security update
Revisions pulled up:
- lang/openjdk11/Makefile 1.45
- lang/openjdk11/distinfo 1.35
- lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk deleted
- lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp deleted
- lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc deleted
- lang/openjdk8/Makefile 1.111-1.112
- lang/openjdk8/distinfo 1.89-1.91
- lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh 1.22
- lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp 1.2-1.3
- lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp deleted
- lang/openjdk8/patches/patch-make_common_MakeBase.gmk deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Jul 10 14:47:25 UTC 2022
Modified Files:
pkgsrc/lang/openjdk8: Makefile distinfo
pkgsrc/lang/openjdk8/patches:
patch-common_autoconf_generated-configure.sh
patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
Added Files:
pkgsrc/lang/openjdk8/patches: patch-make_common_MakeBase.gmk
Removed Files:
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_share_vm_classfile_symbolTable.cpp
patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp
patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp
patch-hotspot_src_share_vm_memory_metaspace.cpp
Log Message:
openjdk8: Update to 1.8.332
CHangelog:
Follow OpenJDK 8u332 GA.
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/lang/openjdk8/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r1.21 -r1.22 \
pkgsrc/lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp
cvs rdiff -u -r0 -r1.3 \
pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Sun Jul 17 03:03:41 UTC 2022
Modified Files:
pkgsrc/lang/openjdk8: distinfo
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
Added Files:
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
Log Message:
openjdk8: fix NetBSD/evbarm-aarch64 build; PAC is only supported on Linux
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Mon Aug 15 12:23:06 UTC 2022
Modified Files:
pkgsrc/lang/openjdk11: Makefile distinfo
pkgsrc/lang/openjdk8: Makefile distinfo
Removed Files:
pkgsrc/lang/openjdk11/patches: patch-make_common_NativeCompilation.gmk
patch-make_lib_Awt2dLibraries.gmk
patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp
patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp
patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp
patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
pkgsrc/lang/openjdk8/patches:
patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
patch-make_common_MakeBase.gmk
Log Message:
openjdk*: Security & bugfix update for the long term support branches
Upstream kindly merged many of the NetBSD-specific patches. Thanks! <3
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/lang/openjdk11/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/openjdk11/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk \
pkgsrc/lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp \
pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
cvs rdiff -u -r1.2 -r0 \
pkgsrc/lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
cvs rdiff -u -r1.111 -r1.112 pkgsrc/lang/openjdk8/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/lang/openjdk8/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
cvs rdiff -u -r1.3 -r0 \
pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk
pkgsrc-2022Q2 commitmail json YAML
pullups #6664 #6669
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/databases/ldb/Makefile@1.26.4.1
/
diff
pkgsrc/databases/ldb/distinfo@1.18.4.1 / diff
pkgsrc/net/samba4/Makefile@1.142.4.1 / diff
pkgsrc/net/samba4/PLIST@1.43.4.1 / diff
pkgsrc/net/samba4/distinfo@1.77.2.1 / diff
pkgsrc/databases/ldb/distinfo@1.18.4.1 / diff
pkgsrc/net/samba4/Makefile@1.142.4.1 / diff
pkgsrc/net/samba4/PLIST@1.43.4.1 / diff
pkgsrc/net/samba4/distinfo@1.77.2.1 / diff
Pullup tickets #6664 #6669 - requested by taca
net/samba4: security update
databases/ldb: dependency update
Update net/samba4 to 4.15.9 from samba-4.15.6 by patch,
since HEAD is on a later minor.
Update databases/ldb to 2.4.4 from 2.4.2 because samba-4.15.9 requires it.
net/samba4: security update
databases/ldb: dependency update
Update net/samba4 to 4.15.9 from samba-4.15.6 by patch,
since HEAD is on a later minor.
Update databases/ldb to 2.4.4 from 2.4.2 because samba-4.15.9 requires it.
pkgsrc-2022Q2 commitmail json YAML
pullups #6660 #6661 #6662 #6663 #6665 #6666 #6667
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/www/drupal9/Makefile@1.4.2.1
/
diff
pkgsrc/www/drupal9/PLIST@1.2.2.1 / diff
pkgsrc/www/drupal9/distinfo@1.2.2.1 / diff
pkgsrc/www/drupal9/PLIST@1.2.2.1 / diff
pkgsrc/www/drupal9/distinfo@1.2.2.1 / diff
Pullup ticket #6663 - requested by taca
www/drupal9: security update
Revisions pulled up:
- www/drupal9/Makefile 1.5
- www/drupal9/PLIST 1.3
- www/drupal9/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:26:59 UTC 2022
Modified Files:
pkgsrc/www/drupal9: Makefile PLIST distinfo
Log Message:
www/drupal9: update to 9.3.20
9.3.20 (2022-07-28)
This is a patch (bugfix) release of Drupal 9 and is ready for use on
production sites. Learn more about Drupal 9.
* Drupal core uses the third-party Diactoros library as its PSR-7
implementation. Diactoros has issued a security advisory:
* CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
Attack
Drupal core is unlikely to be vulnerable. This bugfix release updates the
version of Diactoros used in drupal/core-recommended to a secure version as
a precaution.
9.3.19 (2022-07-20)
This is a security release of the Drupal 9 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure -
SA-CORE-2022-012
* Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
* Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
* Drupal core - Moderately critical - Multiple vulnerabilities -
SA-CORE-2022-015
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal9/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal9/PLIST pkgsrc/www/drupal9/distinfo
www/drupal9: security update
Revisions pulled up:
- www/drupal9/Makefile 1.5
- www/drupal9/PLIST 1.3
- www/drupal9/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:26:59 UTC 2022
Modified Files:
pkgsrc/www/drupal9: Makefile PLIST distinfo
Log Message:
www/drupal9: update to 9.3.20
9.3.20 (2022-07-28)
This is a patch (bugfix) release of Drupal 9 and is ready for use on
production sites. Learn more about Drupal 9.
* Drupal core uses the third-party Diactoros library as its PSR-7
implementation. Diactoros has issued a security advisory:
* CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
Attack
Drupal core is unlikely to be vulnerable. This bugfix release updates the
version of Diactoros used in drupal/core-recommended to a secure version as
a precaution.
9.3.19 (2022-07-20)
This is a security release of the Drupal 9 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure -
SA-CORE-2022-012
* Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
* Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
* Drupal core - Moderately critical - Multiple vulnerabilities -
SA-CORE-2022-015
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal9/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal9/PLIST pkgsrc/www/drupal9/distinfo
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/www/drupal7/Makefile@1.76.2.1
/
diff
pkgsrc/www/drupal7/PLIST@1.30.2.1 / diff
pkgsrc/www/drupal7/distinfo@1.60.2.1 / diff
pkgsrc/www/drupal7/PLIST@1.30.2.1 / diff
pkgsrc/www/drupal7/distinfo@1.60.2.1 / diff
Pullup ticket #6662 - requested by taca
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.77
- www/drupal7/PLIST 1.31
- www/drupal7/distinfo 1.61
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:23:22 UTC 2022
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.91
7.91 (2022-07-20)
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.60 -r1.61 pkgsrc/www/drupal7/distinfo
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.77
- www/drupal7/PLIST 1.31
- www/drupal7/distinfo 1.61
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:23:22 UTC 2022
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.91
7.91 (2022-07-20)
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.60 -r1.61 pkgsrc/www/drupal7/distinfo
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/time/ruby-tzinfo1/Makefile@1.5.12.1
/
diff
pkgsrc/time/ruby-tzinfo1/PLIST@1.2.14.1 / diff
pkgsrc/time/ruby-tzinfo1/distinfo@1.7.6.1 / diff
pkgsrc/time/ruby-tzinfo1/PLIST@1.2.14.1 / diff
pkgsrc/time/ruby-tzinfo1/distinfo@1.7.6.1 / diff
Pullup ticket #6661 - requested by taca
time/ruby-tzinfo1: security update
Revisions pulled up:
- time/ruby-tzinfo1/Makefile 1.6
- time/ruby-tzinfo1/PLIST 1.3
- time/ruby-tzinfo1/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 30 14:20:42 UTC 2022
Modified Files:
pkgsrc/time/ruby-tzinfo1: Makefile PLIST distinfo
Log Message:
time/ruby-tzinfo1: update to 1.2.10
1.2.10 (2022-07-19)
* Fixed a relative path traversal bug that could cause arbitrary files to be
loaded with require when used with RubyDataSource. Please refer to
GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.
* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/time/ruby-tzinfo1/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/time/ruby-tzinfo1/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/time/ruby-tzinfo1/distinfo
time/ruby-tzinfo1: security update
Revisions pulled up:
- time/ruby-tzinfo1/Makefile 1.6
- time/ruby-tzinfo1/PLIST 1.3
- time/ruby-tzinfo1/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 30 14:20:42 UTC 2022
Modified Files:
pkgsrc/time/ruby-tzinfo1: Makefile PLIST distinfo
Log Message:
time/ruby-tzinfo1: update to 1.2.10
1.2.10 (2022-07-19)
* Fixed a relative path traversal bug that could cause arbitrary files to be
loaded with require when used with RubyDataSource. Please refer to
GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.
* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/time/ruby-tzinfo1/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/time/ruby-tzinfo1/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/time/ruby-tzinfo1/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6667 - requested by khorben
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.283
- security/openssl/distinfo 1.161
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 11 23:03:51 UTC 2022
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
openssl: update to 1.1.1q.
Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
(CVE-2022-2097)
To generate a diff of this commit:
cvs rdiff -u -r1.282 -r1.283 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.160 -r1.161 pkgsrc/security/openssl/distinfo
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.283
- security/openssl/distinfo 1.161
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 11 23:03:51 UTC 2022
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
openssl: update to 1.1.1q.
Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
(CVE-2022-2097)
To generate a diff of this commit:
cvs rdiff -u -r1.282 -r1.283 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.160 -r1.161 pkgsrc/security/openssl/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6666 - requested by khorben
net/unbound: security update
Revisions pulled up:
- net/unbound/Makefile 1.93,1.92
- net/unbound/distinfo 1.71,1.70
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Aug 1 12:38:46 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.2.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Jul 11 15:02:05 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.1.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo
net/unbound: security update
Revisions pulled up:
- net/unbound/Makefile 1.93,1.92
- net/unbound/distinfo 1.71,1.70
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Aug 1 12:38:46 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.2.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Jul 11 15:02:05 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.1.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6665 - requested by khorben
net/rsync: security update
Revisions pulled up:
- net/rsync/Makefile 1.122,1.121
- net/rsync/distinfo 1.56
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 22 11:11:49 UTC 2022
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Log Message:
rsync: update to 3.2.5.
# NEWS for rsync 3.2.5 (14 Aug 2022)
## Changes in this version:
### SECURITY FIXES:
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host). Fixes CVE-2022-29154.
- A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
### BUG FIXES:
- Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
- Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
- Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
- If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and disable
the XX3 hashes (since these routines didn't stabilize until 0.8).
### ENHANCEMENTS:
- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
extra file-list safety checking (should that be required).
### PACKAGING RELATED:
- A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
- The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
### DEVELOPER RELATED:
- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/net/rsync/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 23 06:55:30 UTC 2022
Modified Files:
pkgsrc/net/rsync: Makefile
Log Message:
rsync: remove reference to non-existent file
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/net/rsync/Makefile
net/rsync: security update
Revisions pulled up:
- net/rsync/Makefile 1.122,1.121
- net/rsync/distinfo 1.56
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 22 11:11:49 UTC 2022
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Log Message:
rsync: update to 3.2.5.
# NEWS for rsync 3.2.5 (14 Aug 2022)
## Changes in this version:
### SECURITY FIXES:
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host). Fixes CVE-2022-29154.
- A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
### BUG FIXES:
- Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
- Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
- Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
- If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and disable
the XX3 hashes (since these routines didn't stabilize until 0.8).
### ENHANCEMENTS:
- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
extra file-list safety checking (should that be required).
### PACKAGING RELATED:
- A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
- The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
### DEVELOPER RELATED:
- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/net/rsync/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 23 06:55:30 UTC 2022
Modified Files:
pkgsrc/net/rsync: Makefile
Log Message:
rsync: remove reference to non-existent file
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/net/rsync/Makefile
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/editors/vim-gtk2/Makefile@1.96.2.1
/
diff
pkgsrc/editors/vim-gtk3/Makefile@1.23.6.1 / diff
pkgsrc/editors/vim-motif/Makefile@1.41.6.1 / diff
pkgsrc/editors/vim-share/PLIST@1.60.2.1 / diff
pkgsrc/editors/vim-share/distinfo@1.198.2.1 / diff
pkgsrc/editors/vim-share/version.mk@1.137.2.1 / diff
pkgsrc/editors/vim-xaw/Makefile@1.64.6.1 / diff
pkgsrc/editors/vim-gtk3/Makefile@1.23.6.1 / diff
pkgsrc/editors/vim-motif/Makefile@1.41.6.1 / diff
pkgsrc/editors/vim-share/PLIST@1.60.2.1 / diff
pkgsrc/editors/vim-share/distinfo@1.198.2.1 / diff
pkgsrc/editors/vim-share/version.mk@1.137.2.1 / diff
pkgsrc/editors/vim-xaw/Makefile@1.64.6.1 / diff
Pullup ticket #6660 - requested by khorben
editors/vim-gtk2: security update
editors/vim-gtk3: security update
editors/vim-motif: security update
editors/vim-share: security update
editors/vim-xaw: security update
Revisions pulled up:
- editors/vim-gtk2/Makefile 1.97
- editors/vim-gtk3/Makefile 1.24
- editors/vim-motif/Makefile 1.42
- editors/vim-share/PLIST 1.61
- editors/vim-share/distinfo 1.199
- editors/vim-share/version.mk 1.138
- editors/vim-xaw/Makefile 1.65
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jul 27 15:13:11 UTC 2022
Modified Files:
pkgsrc/editors/vim-gtk2: Makefile
pkgsrc/editors/vim-gtk3: Makefile
pkgsrc/editors/vim-motif: Makefile
pkgsrc/editors/vim-share: PLIST distinfo version.mk
pkgsrc/editors/vim-xaw: Makefile
Log Message:
vim: update to 8.2.5172
On behalf of morr@ "please go ahead"
This includes security fixes. (more pending)
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
Changes:
8.2.4722 ending recording with mapping records too much
8.2.4723 the ModeChanged autocmd event is inefficient
8.2.4724 current instance of last search pattern not easily spotted
8.2.4725 unused variable in tiny build
8.2.4726 cannot use expand() to get the script name
8.2.4727 unused code
8.2.4728 no test that v:event cannot be modified
8.2.4729 HEEx and Surface templates do not need a separate filetype
8.2.4730 MS-Windows GUI: cannot use CTRL-/
8.2.4731 the changelist index is not remembered per buffer
8.2.4732 duplicate code to free fuzzy matches
8.2.4733 HEEx and Surface do need a separate filetype
8.2.4734 getcharpos() may change a mark position
8.2.4735 quickfix tests can be a bit hard to read
8.2.4736 build problem for Cygwin with Motif
8.2.4737 // in JavaScript string recognized as comment
8.2.4738 Esc on commandline executes command instead of abandoning it
8.2.4739 accessing freed memory after WinScrolled autocmd event
8.2.4740 when expand() fails there is no error message
8.2.4741 startup test fails
8.2.4742 there is no way to start logging very early in startup
8.2.4743 clang 14 is available on CI
8.2.4744 a terminal window can't use the bell
8.2.4745 using wrong flag for using bell in the terminal
8.2.4746 supercollider filetype not recognized
8.2.4747 no filetype override for .sys files
8.2.4748 cannot use an imported function in a mapping
8.2.4749 <script> is not expanded in autocmd context
8.2.4750 small pieces of dead code
8.2.4751 mapping <SID>name.Func does not work for autoload script
8.2.4752 wrong 'statusline' value can cause illegal memory access
8.2.4753 error from setting an option is silently ignored
8.2.4754 using cached values after unsetting some environment variables
8.2.4755 cannot use <SID>FuncRef in completion spec
8.2.4756 build error without the +eval feature
8.2.4757 list of libraries to suppress lsan errors is outdated
8.2.4758 when using an LSP channel want to get the message ID
8.2.4759 CurSearch highlight does not work for multi-line match
8.2.4760 using matchfuzzy() on a long list can take a while
8.2.4761 documentation for using LSP messages is incomplete
8.2.4762 using freed memory using synstack() and synID() in WinEnter
8.2.4763 using invalid pointer with "V:" in Ex mode
8.2.4764 CI uses an older gcc version
8.2.4765 function matchfuzzy() sorts too many items
8.2.4766 KRL files using "deffct" not recognized
8.2.4767 openscad files are not recognized
8.2.4768 CI: codecov upload sometimes does not work
8.2.4769 build warning with UCRT
8.2.4770 cannot easily mix expression and heredoc
8.2.4771 Coverity warns for not checking return value
8.2.4772 old Coverity warning for not checking ftell() return value
8.2.4773 build failure without the +eval feature
8.2.4774 crash when using a number for lambda name
8.2.4775 SpellBad highlighting does not work in Konsole
8.2.4776 GTK: 'lines' and 'columns' may change during startup
8.2.4777 screendump tests fail because of a redraw
8.2.4778 pacman files use dosini filetype
8.2.4779 lsan suppression is too version specific
8.2.4780 parsing an LSP message fails when it is split
8.2.4781 Maxima files are not recognized
8.2.4782 accessing freed memory
8.2.4783 Coverity warns for leaking memory
8.2.4784 lamba test with timer is flaky
8.2.4785 Visual mode not stopped if win_gotoid() goes to other buffer
8.2.4786 test for win_gotoid() in Visual mode fails on Mac
8.2.4787 prop_find() does not find the right property
8.2.4788 large payload for LSP message not tested
8.2.4789 cursor pos wrong when using :redraw while editing the cmdline
8.2.4790 lilypond filetype not recognized
8.2.4791 events triggered in different order when reusing buffer
8.2.4792 indent operator creates an undo entry for every line
8.2.4793 recognizing Maxima filetype even though it might be another
8.2.4794 compiler warning for not initialized variable
8.2.4795 'cursorbind' scrolling depends on whether 'cursorline' is set
8.2.4796 file left behind after running cursorline tests
8.2.4797 getwininfo() may get oudated values
8.2.4798 t_8u option was reset even when set by the user
8.2.4799 popup does not use correct topline
8.2.4800 missing test update for adjusted t_8u behavior
8.2.4801 fix for cursorbind fix not fully tested
8.2.4802 test is not cleaned up
8.2.4803 WinScrolled not always triggered when scrolling with mouse
8.2.4804 expression in heredoc doesn't work for compiled function
8.2.4805 CurSearch used for all matches in current line
8.2.4806 a mapping using <LeftDrag> does not start Select mode
8.2.4807 processing key eveints in Win32 GUI is not ideal
8.2.4808 unused item in engine struct
8.2.4809 various things not properly tested
8.2.4810 missing changes in one file
8.2.4811 Win32 GUI: caps lock doesn't work
8.2.4812 unused struct item
8.2.4813 pasting text while indent folding may mess up folds
8.2.4814 possible to leave a popup window with win_gotoid()
8.2.4815 cannot build with older GTK version
8.2.4816 still using older codecov app in some places of CI
8.2.4817 Win32 GUI: modifiers are not always used
8.2.4818 no test for what 8.2.4806 fixes
8.2.4819 unmapping simplified keys also deletes other mapping
8.2.4820 not simple programmatic way to find a specific mapping
8.2.4821 crash when imported autoload script was deleted
8.2.4822 setting ufunc to NULL twice
8.2.4823 concat more than 2 strings in :def function is inefficient
8.2.4824 expression is evaluated multiple times
8.2.4825 can only get a list of mappings
8.2.4826 .cshtml files are not recognized
8.2.4827 typo in variable name
8.2.4828 fix for unmapping simplified key not fully tested
8.2.4829 a key may be simplified to NUL
8.2.4830 possible endless loop if there is unused typahead
8.2.4831 crash when using maparg() and unmapping simplified keys
8.2.4832 passing zero instead of NULL to a pointer argument
8.2.4833 failure of mapping not checked for
8.2.4834 Vim9: some lines not covered by tests
8.2.4835 Vim9: some lines not covered by tests
8.2.4836 Vim9: some lines not covered by tests
8.2.4837 modifiers not simplified when timed out
8.2.4838 checking for absolute path is not trivial
8.2.4839 compiler warning for unused argument
8.2.4840 heredoc expression evaluated even when skipping
8.2.4841 empty string considered an error for expand()
8.2.4842 expand("%:p") is not empty when there is no buffer name
8.2.4843 treating CTRL + ALT as AltGr is not backwards compatible
8.2.4844 <C-S-I> is simplified to <S-Tab>
8.2.4845 duplicate code
8.2.4846 termcodes test fails
8.2.4847 crash when using uninitialized function pointer
8.2.4848 local completion with mappings and simplification not working
8.2.4849 Gleam filetype not detected
8.2.4850 mksession mixes up "tabpages" and "curdir" arguments
8.2.4851 compiler warning for uninitialized variable
8.2.4852 ANSI color index to RGB value not correct
8.2.4853 CI with FreeBSD is a bit outdated
8.2.4854 array size does not match usage
8.2.4855 robot files are not recognized
8.2.4856 MinGW compiler complains about unknown escape sequence
8.2.4857 Yaml indent for multiline is wrong
8.2.4858 K_SPECIAL may be escaped twice
8.2.4859 wget2 files are not recognized
8.2.4860 MS-Windows: always uses current directory for executables
8.2.4861 it is not easy to restore saved mappings
8.2.4862 Vim9: test may fail when run with valgrind
8.2.4863 accessing freed memory in test without the +channel feature
8.2.4864 Vim9: script test fails
8.2.4865 :startinsert right after :stopinsert may not work
8.2.4866 duplicate code in "get" functions
8.2.4867 listing of mapping with K_SPECIAL is wrong
8.2.4868 when closing help window autocmds triggered for wrong window
8.2.4869 expression in command block does not look after NL
8.2.4870 Vim9: expression in :substitute is not compiled
8.2.4871 Vim9: in :def function no error for misplaced range
8.2.4872 Vim9: no error for using an expression only
8.2.4873 Vim9: using "else" differs from using "endif/if !cond"
8.2.4874 Win32 GUI: horizontal scroll wheel not handled properly
8.2.4875 MS-Windows: some .exe files are not recognized
8.2.4876 MS-Windows: Shift-BS results in strange char in powershell
8.2.4877 MS-Windows: Wrongly using Normal colors for termguicolors
8.2.4878 valgrind warning for using uninitialized variable
8.2.4879 screendump test may fail when using valgrind
8.2.4880 Vim9: misplaced elseif causes invalid memory access
8.2.4881 "P" in Visual mode still changes some registers
8.2.4882 cannot make 'breakindent' use a specific column
8.2.4883 string interpolation only works in heredoc
8.2.4884 test fails without the job/channel feature
8.2.4885 test fails with the job/channel feature
8.2.4886 Vim9: redir in skipped block seen as assignment
8.2.4887 channel log does not show invoking a timer callback
8.2.4888 line number of lambda ignores line continuation
8.2.4889 CI only tests with FreeBSD 12
8.2.4890 inconsistent capitalization in error messages
8.2.4891 Vim help presentation could be better
8.2.4892 test failures because of changed error messages
8.2.4893 distributed import files are not installed
8.2.4894 MS-Windows: not using italics
8.2.4895 buffer overflow with invalid command with composing chars
8.2.4896 expression in command block does not look after NL
8.2.4897 comment inside an expression in lambda ignores the rest
8.2.4898 Coverity complains about pointer usage
8.2.4899 with latin1 encoding CTRL-W might go before the cmdline
8.2.4900 Vim9 expression test fails without the job feature
8.2.4901 NULL pointer access when using invalid pattern
8.2.4902 mouse wheel scrolling is inconsistent
8.2.4903 cannot get the current cmdline completion type and position
8.2.4904 codecov includes MS-Windows install files
8.2.4905 codecov includes MS-Windows install header file
8.2.4906 MS-Windows: cannot use transparent background
8.2.4907 some users do not want a line comment always inserted
8.2.4908 no text formatting for // comment after a statement
8.2.4909 MODE_ enum entries names are too generic
8.2.4910 imperfect coding
8.2.4911 the mode #defines are not clearly named
8.2.4912 using execute() to define a lambda doesn't work
8.2.4913 popup_hide() does not always have effect
8.2.4914 string interpolation in :def function may fail
8.2.4915 sometimes the cursor is in the wrong position
8.2.4916 mouse in Insert mode test fails
8.2.4917 fuzzy expansion of option names is not right
8.2.4918 conceal character from matchadd() displayed too many times
8.2.4919 can add invalid bytes with :spellgood
8.2.4920 MS-Windows GUI: unused variables
8.2.4921 spell test fails because of new illegal byte check
8.2.4922 mouse test fails on MS-Windows
8.2.4923 test checks for terminal feature unnecessarily
8.2.4924 maparg() may return a string that cannot be reused
8.2.4925 trailing backslash may cause reading past end of line
8.2.4926 #ifdef for crypt feature around too many lines
8.2.4927 return type of remove() incorrect when using three arguments
8.2.4928 various white space and cosmetic mistakes
8.2.4929 off-by-one error in in statusline item
8.2.4930 interpolated string expression requires escaping
8.2.4931 Crash with sequence of Perl commands
8.2.4932 not easy to filter the output of maplist()
8.2.4933 a few more capitalization mistakes in error messages
8.2.4934 string interpolation fails when not evaluating
8.2.4935 with 'foldmethod' "indent" some lines not included in fold
8.2.4936 MS-Windows: mouse coordinates for scroll event are wrong
8.2.4937 no test for what 8.2.4931 fixes
8.2.4938 crash when matching buffer with invalid pattern
8.2.4939 matchfuzzypos() with "matchseq" does not have all positions
8.2.4940 some code is never used
8.2.4941 '[ and '] marks may be wrong after undo
8.2.4942 error when setting 'filetype' in help file again
8.2.4943 changing 'switchbuf' may have no effect
8.2.4944 text properties are wrong after "cc"
8.2.4945 inconsistent use of white space
8.2.4946 Vim9: some code not covered by tests
8.2.4947 text properties not adjusted when accepting spell suggestion
8.2.4948 cannot use Perl heredoc in nested :def function
8.2.4949 Vim9: some code not covered by tests
8.2.4950 text properties position wrong after shifting text
8.2.4951 smart indenting done when not enabled
8.2.4952 GUI test will fail if color scheme changes
8.2.4953 with 'si' inserting '}' after completion goes wrong
8.2.4954 inserting line breaks text property spanning two lines
8.2.4955 text property in wrong position after auto-indent
8.2.4956 reading past end of line with "gf" in Visual block mode
8.2.4957 text properties in a wrong position after a block change
8.2.4958 a couple conditions are always true
8.2.4959 using NULL regexp program
8.2.4960 text properties that cross lines not updated for deleted line
8.2.4961 build error with a certain combination of features
8.2.4962 files show up in git status
8.2.4963 expanding path with "/**" may overrun end of buffer
8.2.4964 MS-Windows GUI: mouse event test is flaky
8.2.4965 GUI: testing mouse move event depends on screen cell size
8.2.4966 MS-Windows GUI: mouse event test gets extra event
8.2.4967 MS-Windows GUI: mouse event test sometimes fails
8.2.4968 reading past end of the line when C-indenting
8.2.4969 changing text in Visual mode may cause invalid memory access
8.2.4970 "eval 123" gives an error, "eval 'abc'" does not
8.2.4971 Vim9: interpolated string seen as range
8.2.4972 Vim9: compilation fails when using dict member when skipping
8.2.4973 Vim9: type error for list unpack mentions argument
8.2.4974 ":so" command may read after end of buffer
8.2.4975 recursive command line loop may cause a crash
8.2.4976 Coverity complains about not restoring a saved value
8.2.4977 memory access error when substitute expression changes window
8.2.4978 no error if engine selection atom is not at the start
8.2.4979 accessing freed memory when line is flushed
8.2.4980 when 'shortmess' contains 'A' loading session may still warn
8.2.4981 it is not possible to manipulate autocommands
8.2.4982 colors in terminal window are not 100% correct
8.2.4983 colors test fails in the GUI
8.2.4984 dragging statusline fails for window with winbar
8.2.4985 PVS warns for possible array underrun
8.2.4986 some github actions are outdated
8.2.4987 after deletion a small fold may be closable
8.2.4988 textprop in wrong position when replacing multi-byte chars
8.2.4989 cannot specify a function name for :defcompile
8.2.4990 memory leak when :defcompile fails
8.2.4991 no test for hwat patch 8.1.0535 fixes
8.2.4992 compiler warning for possibly uninitialized variable
8.2.4993 smart/C/lisp indenting is optional
8.2.4994 tests are using legacy functions
8.2.4995 still a compiler warning for possibly uninitialized variable
8.2.4996 setbufline() may change Visual selection
8.2.4997 Python: changing hidden buffer can cause display mess up
8.2.4998 Vim9: crash when using multiple funcref()
8.2.4999 filetype test table is not properly sorted
8.2.5000 no patch for documentation updates
8.2.5001 checking translations affects the search pattern history
8.2.5002 deletebufline() may change Visual selection
8.2.5003 cannot do bitwise shifts
8.2.5004 right shift on negative number does not work as documented
8.2.5005 compiler warning for uninitialized variable
8.2.5006 asan warns for undefined behavior
8.2.5007 spell suggestion may use uninitialized memory
8.2.5008 when 'formatoptions' contains "/" wrongly wrapping comment
8.2.5009 fold may not be closeable after appending
8.2.5010 the terminal debugger uses various global variables
8.2.5011 Replacing an autocommand requires several lines
8.2.5012 cannot select one character inside ()
8.2.5013 after text formatting cursor may be in an invalid position
8.2.5014 byte offsets are wrong when using text properties
8.2.5015 Hoon and Moonscript files are not recognized
8.2.5016 access before start of text with a put command
8.2.5017 gcc 12.1 warns for uninitialized variable
8.2.5018 Vim9: some code is not covered by tests
8.2.5019 cannot get the first screen column of a character
8.2.5020 using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'
8.2.5021 build fails with normal features and +terminal
8.2.5022 'completefunc'/'omnifunc' error does not end completion
8.2.5023 substitute overwrites allocated buffer
8.2.5024 using freed memory with "]d"
8.2.5025 Vim9: a few lines not covered by tests
8.2.5026 Vim9: a few lines not covered by tests
8.2.5027 error for missing :endif when an exception was thrown
8.2.5028 syntax regexp matching can be slow
8.2.5029 "textlock" is always zero
8.2.5030 autocmd_add() can only handle one event and pattern
8.2.5031 cannot easily run the benchmarks
8.2.5032 Python 3 test fails without the GUI
8.2.5033 build error with +eval but without +quickfix
8.2.5034 there is no way to get the byte index from a virtual column
8.2.5035 when splitting a window the changelist position moves
8.2.5036 using two counters for timeout check in NFA engine
8.2.5037 cursor position may be invalid after "0;" range
8.2.5038 a finished terminal in a popup window does not show scrollbar
8.2.5039 confusing error if first argument of popup_create() is wrong
8.2.5040 scrollbar thumb in scrolled popup not visible
8.2.5041 cannot close a terminal popup with "NONE" job
8.2.5042 scrollbar thumb in tall scrolled popup not visible
8.2.5043 can open a cmdline window from a substitute expression
8.2.5044 command line test fails
8.2.5045 can escape a terminal popup window when the job is finished
8.2.5046 vim_regsub() can overwrite the destination
8.2.5047 CurSearch highlight is often wrong
8.2.5048 when using XIM the gui test may fail
8.2.5049 insufficient tests for autocommands
8.2.5050 using freed memory when searching for pattern in path
8.2.5051 check for autocmd_add() event argument is confusing
8.2.5052 CI checkout step title is a bit cryptic
8.2.5053 cannot have a comment halfway an expression in a block
8.2.5054 no good filetype for conf files similar to dosini
8.2.5055 statusline is not updated when terminal title changes
8.2.5056 the channel log only contains some of the raw terminal output
8.2.5057 using gettimeofday() for timeout is very inefficient
8.2.5058 input() does not handle composing characters properly
8.2.5059 autoconf 2.71 produces many obsolete warnings
8.2.5060 running configure fails
8.2.5061 C89 requires signal handlers to return void
8.2.5062 Coverity warns for dead code
8.2.5063 error for a command may go over the end of IObuff
8.2.5064 no test for what 8.1.0052 fixes
8.2.5065 wrong return type for main() in tee.c
8.2.5066 can specify multispace listchars only for whole line
8.2.5067 timer_create is not available on every Mac system
8.2.5068 gcc 12.1 warning when building tee
8.2.5069 various warnings from clang on MS-Windows
8.2.5070 unnecessary code
8.2.5071 with some Mac OS version clockid_t is redefined
8.2.5072 using uninitialized value and freed memory in spell command
8.2.5073 clang on MS-Windows produces warnings
8.2.5074 spell test fails on MS-Windows
8.2.5075 clang gives an out of bounds warning
8.2.5076 unnecessary code
8.2.5077 various warnings from clang on MS-Windows
8.2.5078 substitute test has a one second delay
8.2.5079 DirChanged autocommand may use freed memory
8.2.5080 when indenting gets out of hand it is hard to stop
8.2.5081 autocmd test fails on MS-Windows
8.2.5082 retab test fails
8.2.5083 autocmd test still fails on MS-Windows
8.2.5084 when the GUI shows a dialog tests get stuck
8.2.5085 gcc gives warning for signed/unsigned difference
8.2.5086 CI runs on Windows 2019
8.2.5087 cannot build with clang on MS-Windows
8.2.5088 value of cmod_verbose is a bit complicated to use
8.2.5089 some functions return a different value on failure
8.2.5090 MS-Windows: vim.def is no longer used
8.2.5091 terminal test fails with some shell commands
8.2.5092 using "'<,'>" in Ex mode may compare unrelated pointers
8.2.5093 error message for unknown command may have the command twice
8.2.5094 MS-Windows GUI: empty command may cause a dialog
8.2.5095 terminal test still fails with some shell commands
8.2.5096 terminal test still fails with some shell commands
8.2.5097 using uninitialized memory when using 'listchars'
8.2.5098 spelldump test sometimes hangs
8.2.5099 some terminal tests are not retried
8.2.5100 memory usage tests are not retried
8.2.5101 MS-Windows with MinGW: $CC may be "cc" instead of "gcc"
8.2.5102 interrupt not caught in test
8.2.5103 build fails with small features
8.2.5104 test hangs on MS-Windows
8.2.5105 test still hangs on MS-Windows
8.2.5106 default cmdwin mappings are re-mappable
8.2.5107 some callers of rettv_list_alloc() check for not OK
8.2.5108 retab test disabled because it hangs on MS-Windows
8.2.5109 mode not updated after CTRL-O CTRL-C in Insert mode
8.2.5110 icon filetype not recognized from the first line
8.2.5111 no test for --gui-dialog-file
8.2.5112 gui test hangs on MS-Windows
8.2.5113 timer becomes invalid after fork/exec, :gui gives errors
8.2.5114 time limit on searchpair() does not work properly
8.2.5115 search timeout is overrun with some patterns
8.2.5116 "limit" option of matchfuzzy() not always respected
8.2.5117 crash when calling a Lua callback from a :def function
8.2.5118 MS-Windows: sending a message to another Vim may hang
8.2.5119 CI uses cache v2
8.2.5120 searching for quotes may go over the end of the line
8.2.5121 interrupt test sometimes fails
8.2.5122 lisp indenting my run over the end of the line
8.2.5123 using invalid index when looking for spell suggestions
8.2.5124 when syntax timeout test fails it does not show the time
8.2.5125 MS-Windows: warnings from MinGW compiler
8.2.5126 substitute may overrun destination buffer
8.2.5127 using assert_true() does not show value on failure
8.2.5128 syntax disabled when using synID() in searchpair() skip expr
8.2.5129 timeout handling is not optimal
8.2.5130 edit test for mode message fails when using valgrind
8.2.5131 timeout implementation is not optimal
8.2.5132 :mkview test doesn't test much
8.2.5133 MacOS: build fails
8.2.5134 function has confusing name
8.2.5135 running configure gives warnings for main() return type
8.2.5136 debugger test fails when run with valgrind
8.2.5137 cannot build without the +channel feature
8.2.5138 various small issues
8.2.5139 TIME_WITH_SYS_TIME is no longer supported by autoconf
8.2.5140 seachpair timeout test is flaky
8.2.5141 using "volatile int" in a signal handler might be wrong
8.2.5142 startup test fails if there is a status bar
8.2.5143 some tests fail when using valgrind
8.2.5144 with 'lazyredraw' set completion menu may be wrong
8.2.5145 exit test causes spurious valgrind reports
8.2.5146 memory leak when substitute expression nests
8.2.5147 flaky test always fails on retry
8.2.5148 invalid memory access when using expression on command line
8.2.5149 cannot build without the +eval feature
8.2.5150 read past the end of the first line with ":0;'{"
8.2.5151 reading beyond the end of the line with lisp indenting
8.2.5152 search() gets stuck with "c" and skip evaluates to true
8.2.5153 "make uninstall" does not remove colors/lists
8.2.5154 still mentioning version8, some cosmetic issues
8.2.5155 in diff mode windows may get out of sync
8.2.5156 search timeout test often fails with FreeBSD
8.2.5157 MS-Windows GUI: CTRL-key combinations do not always work
8.2.5158 TSTP and INT signal tests are not run with valgrind
8.2.5159 fix for CTRL-key combinations causes problems
8.2.5160 accessing invalid memory after changing terminal size
8.2.5161 might still access invalid memory
8.2.5162 reading before the start of the line with BS in Replace mode
8.2.5163 crash when deleting buffers in diff mode
8.2.5164 invalid memory access after diff buffer manipulations
8.2.5165 import test fails because 'diffexpr' isn't reset
8.2.5166 test for DiffUpdated fails
8.2.5167 get(Fn, 'name') on funcref returns special byte code
8.2.5168 cannot build with Python 3.11
8.2.5169 nested :source may use NULL pointer
8.2.5170 tiny issues
8.2.5171 dependencies and proto files are outdated
8.2.5172 "make menu" still uses legacy script
To generate a diff of this commit:
cvs rdiff -u -r1.96 -r1.97 pkgsrc/editors/vim-gtk2/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/editors/vim-gtk3/Makefile
cvs rdiff -u -r1.41 -r1.42 pkgsrc/editors/vim-motif/Makefile
cvs rdiff -u -r1.60 -r1.61 pkgsrc/editors/vim-share/PLIST
cvs rdiff -u -r1.198 -r1.199 pkgsrc/editors/vim-share/distinfo
cvs rdiff -u -r1.137 -r1.138 pkgsrc/editors/vim-share/version.mk
cvs rdiff -u -r1.64 -r1.65 pkgsrc/editors/vim-xaw/Makefile
editors/vim-gtk2: security update
editors/vim-gtk3: security update
editors/vim-motif: security update
editors/vim-share: security update
editors/vim-xaw: security update
Revisions pulled up:
- editors/vim-gtk2/Makefile 1.97
- editors/vim-gtk3/Makefile 1.24
- editors/vim-motif/Makefile 1.42
- editors/vim-share/PLIST 1.61
- editors/vim-share/distinfo 1.199
- editors/vim-share/version.mk 1.138
- editors/vim-xaw/Makefile 1.65
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jul 27 15:13:11 UTC 2022
Modified Files:
pkgsrc/editors/vim-gtk2: Makefile
pkgsrc/editors/vim-gtk3: Makefile
pkgsrc/editors/vim-motif: Makefile
pkgsrc/editors/vim-share: PLIST distinfo version.mk
pkgsrc/editors/vim-xaw: Makefile
Log Message:
vim: update to 8.2.5172
On behalf of morr@ "please go ahead"
This includes security fixes. (more pending)
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
Changes:
8.2.4722 ending recording with mapping records too much
8.2.4723 the ModeChanged autocmd event is inefficient
8.2.4724 current instance of last search pattern not easily spotted
8.2.4725 unused variable in tiny build
8.2.4726 cannot use expand() to get the script name
8.2.4727 unused code
8.2.4728 no test that v:event cannot be modified
8.2.4729 HEEx and Surface templates do not need a separate filetype
8.2.4730 MS-Windows GUI: cannot use CTRL-/
8.2.4731 the changelist index is not remembered per buffer
8.2.4732 duplicate code to free fuzzy matches
8.2.4733 HEEx and Surface do need a separate filetype
8.2.4734 getcharpos() may change a mark position
8.2.4735 quickfix tests can be a bit hard to read
8.2.4736 build problem for Cygwin with Motif
8.2.4737 // in JavaScript string recognized as comment
8.2.4738 Esc on commandline executes command instead of abandoning it
8.2.4739 accessing freed memory after WinScrolled autocmd event
8.2.4740 when expand() fails there is no error message
8.2.4741 startup test fails
8.2.4742 there is no way to start logging very early in startup
8.2.4743 clang 14 is available on CI
8.2.4744 a terminal window can't use the bell
8.2.4745 using wrong flag for using bell in the terminal
8.2.4746 supercollider filetype not recognized
8.2.4747 no filetype override for .sys files
8.2.4748 cannot use an imported function in a mapping
8.2.4749 <script> is not expanded in autocmd context
8.2.4750 small pieces of dead code
8.2.4751 mapping <SID>name.Func does not work for autoload script
8.2.4752 wrong 'statusline' value can cause illegal memory access
8.2.4753 error from setting an option is silently ignored
8.2.4754 using cached values after unsetting some environment variables
8.2.4755 cannot use <SID>FuncRef in completion spec
8.2.4756 build error without the +eval feature
8.2.4757 list of libraries to suppress lsan errors is outdated
8.2.4758 when using an LSP channel want to get the message ID
8.2.4759 CurSearch highlight does not work for multi-line match
8.2.4760 using matchfuzzy() on a long list can take a while
8.2.4761 documentation for using LSP messages is incomplete
8.2.4762 using freed memory using synstack() and synID() in WinEnter
8.2.4763 using invalid pointer with "V:" in Ex mode
8.2.4764 CI uses an older gcc version
8.2.4765 function matchfuzzy() sorts too many items
8.2.4766 KRL files using "deffct" not recognized
8.2.4767 openscad files are not recognized
8.2.4768 CI: codecov upload sometimes does not work
8.2.4769 build warning with UCRT
8.2.4770 cannot easily mix expression and heredoc
8.2.4771 Coverity warns for not checking return value
8.2.4772 old Coverity warning for not checking ftell() return value
8.2.4773 build failure without the +eval feature
8.2.4774 crash when using a number for lambda name
8.2.4775 SpellBad highlighting does not work in Konsole
8.2.4776 GTK: 'lines' and 'columns' may change during startup
8.2.4777 screendump tests fail because of a redraw
8.2.4778 pacman files use dosini filetype
8.2.4779 lsan suppression is too version specific
8.2.4780 parsing an LSP message fails when it is split
8.2.4781 Maxima files are not recognized
8.2.4782 accessing freed memory
8.2.4783 Coverity warns for leaking memory
8.2.4784 lamba test with timer is flaky
8.2.4785 Visual mode not stopped if win_gotoid() goes to other buffer
8.2.4786 test for win_gotoid() in Visual mode fails on Mac
8.2.4787 prop_find() does not find the right property
8.2.4788 large payload for LSP message not tested
8.2.4789 cursor pos wrong when using :redraw while editing the cmdline
8.2.4790 lilypond filetype not recognized
8.2.4791 events triggered in different order when reusing buffer
8.2.4792 indent operator creates an undo entry for every line
8.2.4793 recognizing Maxima filetype even though it might be another
8.2.4794 compiler warning for not initialized variable
8.2.4795 'cursorbind' scrolling depends on whether 'cursorline' is set
8.2.4796 file left behind after running cursorline tests
8.2.4797 getwininfo() may get oudated values
8.2.4798 t_8u option was reset even when set by the user
8.2.4799 popup does not use correct topline
8.2.4800 missing test update for adjusted t_8u behavior
8.2.4801 fix for cursorbind fix not fully tested
8.2.4802 test is not cleaned up
8.2.4803 WinScrolled not always triggered when scrolling with mouse
8.2.4804 expression in heredoc doesn't work for compiled function
8.2.4805 CurSearch used for all matches in current line
8.2.4806 a mapping using <LeftDrag> does not start Select mode
8.2.4807 processing key eveints in Win32 GUI is not ideal
8.2.4808 unused item in engine struct
8.2.4809 various things not properly tested
8.2.4810 missing changes in one file
8.2.4811 Win32 GUI: caps lock doesn't work
8.2.4812 unused struct item
8.2.4813 pasting text while indent folding may mess up folds
8.2.4814 possible to leave a popup window with win_gotoid()
8.2.4815 cannot build with older GTK version
8.2.4816 still using older codecov app in some places of CI
8.2.4817 Win32 GUI: modifiers are not always used
8.2.4818 no test for what 8.2.4806 fixes
8.2.4819 unmapping simplified keys also deletes other mapping
8.2.4820 not simple programmatic way to find a specific mapping
8.2.4821 crash when imported autoload script was deleted
8.2.4822 setting ufunc to NULL twice
8.2.4823 concat more than 2 strings in :def function is inefficient
8.2.4824 expression is evaluated multiple times
8.2.4825 can only get a list of mappings
8.2.4826 .cshtml files are not recognized
8.2.4827 typo in variable name
8.2.4828 fix for unmapping simplified key not fully tested
8.2.4829 a key may be simplified to NUL
8.2.4830 possible endless loop if there is unused typahead
8.2.4831 crash when using maparg() and unmapping simplified keys
8.2.4832 passing zero instead of NULL to a pointer argument
8.2.4833 failure of mapping not checked for
8.2.4834 Vim9: some lines not covered by tests
8.2.4835 Vim9: some lines not covered by tests
8.2.4836 Vim9: some lines not covered by tests
8.2.4837 modifiers not simplified when timed out
8.2.4838 checking for absolute path is not trivial
8.2.4839 compiler warning for unused argument
8.2.4840 heredoc expression evaluated even when skipping
8.2.4841 empty string considered an error for expand()
8.2.4842 expand("%:p") is not empty when there is no buffer name
8.2.4843 treating CTRL + ALT as AltGr is not backwards compatible
8.2.4844 <C-S-I> is simplified to <S-Tab>
8.2.4845 duplicate code
8.2.4846 termcodes test fails
8.2.4847 crash when using uninitialized function pointer
8.2.4848 local completion with mappings and simplification not working
8.2.4849 Gleam filetype not detected
8.2.4850 mksession mixes up "tabpages" and "curdir" arguments
8.2.4851 compiler warning for uninitialized variable
8.2.4852 ANSI color index to RGB value not correct
8.2.4853 CI with FreeBSD is a bit outdated
8.2.4854 array size does not match usage
8.2.4855 robot files are not recognized
8.2.4856 MinGW compiler complains about unknown escape sequence
8.2.4857 Yaml indent for multiline is wrong
8.2.4858 K_SPECIAL may be escaped twice
8.2.4859 wget2 files are not recognized
8.2.4860 MS-Windows: always uses current directory for executables
8.2.4861 it is not easy to restore saved mappings
8.2.4862 Vim9: test may fail when run with valgrind
8.2.4863 accessing freed memory in test without the +channel feature
8.2.4864 Vim9: script test fails
8.2.4865 :startinsert right after :stopinsert may not work
8.2.4866 duplicate code in "get" functions
8.2.4867 listing of mapping with K_SPECIAL is wrong
8.2.4868 when closing help window autocmds triggered for wrong window
8.2.4869 expression in command block does not look after NL
8.2.4870 Vim9: expression in :substitute is not compiled
8.2.4871 Vim9: in :def function no error for misplaced range
8.2.4872 Vim9: no error for using an expression only
8.2.4873 Vim9: using "else" differs from using "endif/if !cond"
8.2.4874 Win32 GUI: horizontal scroll wheel not handled properly
8.2.4875 MS-Windows: some .exe files are not recognized
8.2.4876 MS-Windows: Shift-BS results in strange char in powershell
8.2.4877 MS-Windows: Wrongly using Normal colors for termguicolors
8.2.4878 valgrind warning for using uninitialized variable
8.2.4879 screendump test may fail when using valgrind
8.2.4880 Vim9: misplaced elseif causes invalid memory access
8.2.4881 "P" in Visual mode still changes some registers
8.2.4882 cannot make 'breakindent' use a specific column
8.2.4883 string interpolation only works in heredoc
8.2.4884 test fails without the job/channel feature
8.2.4885 test fails with the job/channel feature
8.2.4886 Vim9: redir in skipped block seen as assignment
8.2.4887 channel log does not show invoking a timer callback
8.2.4888 line number of lambda ignores line continuation
8.2.4889 CI only tests with FreeBSD 12
8.2.4890 inconsistent capitalization in error messages
8.2.4891 Vim help presentation could be better
8.2.4892 test failures because of changed error messages
8.2.4893 distributed import files are not installed
8.2.4894 MS-Windows: not using italics
8.2.4895 buffer overflow with invalid command with composing chars
8.2.4896 expression in command block does not look after NL
8.2.4897 comment inside an expression in lambda ignores the rest
8.2.4898 Coverity complains about pointer usage
8.2.4899 with latin1 encoding CTRL-W might go before the cmdline
8.2.4900 Vim9 expression test fails without the job feature
8.2.4901 NULL pointer access when using invalid pattern
8.2.4902 mouse wheel scrolling is inconsistent
8.2.4903 cannot get the current cmdline completion type and position
8.2.4904 codecov includes MS-Windows install files
8.2.4905 codecov includes MS-Windows install header file
8.2.4906 MS-Windows: cannot use transparent background
8.2.4907 some users do not want a line comment always inserted
8.2.4908 no text formatting for // comment after a statement
8.2.4909 MODE_ enum entries names are too generic
8.2.4910 imperfect coding
8.2.4911 the mode #defines are not clearly named
8.2.4912 using execute() to define a lambda doesn't work
8.2.4913 popup_hide() does not always have effect
8.2.4914 string interpolation in :def function may fail
8.2.4915 sometimes the cursor is in the wrong position
8.2.4916 mouse in Insert mode test fails
8.2.4917 fuzzy expansion of option names is not right
8.2.4918 conceal character from matchadd() displayed too many times
8.2.4919 can add invalid bytes with :spellgood
8.2.4920 MS-Windows GUI: unused variables
8.2.4921 spell test fails because of new illegal byte check
8.2.4922 mouse test fails on MS-Windows
8.2.4923 test checks for terminal feature unnecessarily
8.2.4924 maparg() may return a string that cannot be reused
8.2.4925 trailing backslash may cause reading past end of line
8.2.4926 #ifdef for crypt feature around too many lines
8.2.4927 return type of remove() incorrect when using three arguments
8.2.4928 various white space and cosmetic mistakes
8.2.4929 off-by-one error in in statusline item
8.2.4930 interpolated string expression requires escaping
8.2.4931 Crash with sequence of Perl commands
8.2.4932 not easy to filter the output of maplist()
8.2.4933 a few more capitalization mistakes in error messages
8.2.4934 string interpolation fails when not evaluating
8.2.4935 with 'foldmethod' "indent" some lines not included in fold
8.2.4936 MS-Windows: mouse coordinates for scroll event are wrong
8.2.4937 no test for what 8.2.4931 fixes
8.2.4938 crash when matching buffer with invalid pattern
8.2.4939 matchfuzzypos() with "matchseq" does not have all positions
8.2.4940 some code is never used
8.2.4941 '[ and '] marks may be wrong after undo
8.2.4942 error when setting 'filetype' in help file again
8.2.4943 changing 'switchbuf' may have no effect
8.2.4944 text properties are wrong after "cc"
8.2.4945 inconsistent use of white space
8.2.4946 Vim9: some code not covered by tests
8.2.4947 text properties not adjusted when accepting spell suggestion
8.2.4948 cannot use Perl heredoc in nested :def function
8.2.4949 Vim9: some code not covered by tests
8.2.4950 text properties position wrong after shifting text
8.2.4951 smart indenting done when not enabled
8.2.4952 GUI test will fail if color scheme changes
8.2.4953 with 'si' inserting '}' after completion goes wrong
8.2.4954 inserting line breaks text property spanning two lines
8.2.4955 text property in wrong position after auto-indent
8.2.4956 reading past end of line with "gf" in Visual block mode
8.2.4957 text properties in a wrong position after a block change
8.2.4958 a couple conditions are always true
8.2.4959 using NULL regexp program
8.2.4960 text properties that cross lines not updated for deleted line
8.2.4961 build error with a certain combination of features
8.2.4962 files show up in git status
8.2.4963 expanding path with "/**" may overrun end of buffer
8.2.4964 MS-Windows GUI: mouse event test is flaky
8.2.4965 GUI: testing mouse move event depends on screen cell size
8.2.4966 MS-Windows GUI: mouse event test gets extra event
8.2.4967 MS-Windows GUI: mouse event test sometimes fails
8.2.4968 reading past end of the line when C-indenting
8.2.4969 changing text in Visual mode may cause invalid memory access
8.2.4970 "eval 123" gives an error, "eval 'abc'" does not
8.2.4971 Vim9: interpolated string seen as range
8.2.4972 Vim9: compilation fails when using dict member when skipping
8.2.4973 Vim9: type error for list unpack mentions argument
8.2.4974 ":so" command may read after end of buffer
8.2.4975 recursive command line loop may cause a crash
8.2.4976 Coverity complains about not restoring a saved value
8.2.4977 memory access error when substitute expression changes window
8.2.4978 no error if engine selection atom is not at the start
8.2.4979 accessing freed memory when line is flushed
8.2.4980 when 'shortmess' contains 'A' loading session may still warn
8.2.4981 it is not possible to manipulate autocommands
8.2.4982 colors in terminal window are not 100% correct
8.2.4983 colors test fails in the GUI
8.2.4984 dragging statusline fails for window with winbar
8.2.4985 PVS warns for possible array underrun
8.2.4986 some github actions are outdated
8.2.4987 after deletion a small fold may be closable
8.2.4988 textprop in wrong position when replacing multi-byte chars
8.2.4989 cannot specify a function name for :defcompile
8.2.4990 memory leak when :defcompile fails
8.2.4991 no test for hwat patch 8.1.0535 fixes
8.2.4992 compiler warning for possibly uninitialized variable
8.2.4993 smart/C/lisp indenting is optional
8.2.4994 tests are using legacy functions
8.2.4995 still a compiler warning for possibly uninitialized variable
8.2.4996 setbufline() may change Visual selection
8.2.4997 Python: changing hidden buffer can cause display mess up
8.2.4998 Vim9: crash when using multiple funcref()
8.2.4999 filetype test table is not properly sorted
8.2.5000 no patch for documentation updates
8.2.5001 checking translations affects the search pattern history
8.2.5002 deletebufline() may change Visual selection
8.2.5003 cannot do bitwise shifts
8.2.5004 right shift on negative number does not work as documented
8.2.5005 compiler warning for uninitialized variable
8.2.5006 asan warns for undefined behavior
8.2.5007 spell suggestion may use uninitialized memory
8.2.5008 when 'formatoptions' contains "/" wrongly wrapping comment
8.2.5009 fold may not be closeable after appending
8.2.5010 the terminal debugger uses various global variables
8.2.5011 Replacing an autocommand requires several lines
8.2.5012 cannot select one character inside ()
8.2.5013 after text formatting cursor may be in an invalid position
8.2.5014 byte offsets are wrong when using text properties
8.2.5015 Hoon and Moonscript files are not recognized
8.2.5016 access before start of text with a put command
8.2.5017 gcc 12.1 warns for uninitialized variable
8.2.5018 Vim9: some code is not covered by tests
8.2.5019 cannot get the first screen column of a character
8.2.5020 using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'
8.2.5021 build fails with normal features and +terminal
8.2.5022 'completefunc'/'omnifunc' error does not end completion
8.2.5023 substitute overwrites allocated buffer
8.2.5024 using freed memory with "]d"
8.2.5025 Vim9: a few lines not covered by tests
8.2.5026 Vim9: a few lines not covered by tests
8.2.5027 error for missing :endif when an exception was thrown
8.2.5028 syntax regexp matching can be slow
8.2.5029 "textlock" is always zero
8.2.5030 autocmd_add() can only handle one event and pattern
8.2.5031 cannot easily run the benchmarks
8.2.5032 Python 3 test fails without the GUI
8.2.5033 build error with +eval but without +quickfix
8.2.5034 there is no way to get the byte index from a virtual column
8.2.5035 when splitting a window the changelist position moves
8.2.5036 using two counters for timeout check in NFA engine
8.2.5037 cursor position may be invalid after "0;" range
8.2.5038 a finished terminal in a popup window does not show scrollbar
8.2.5039 confusing error if first argument of popup_create() is wrong
8.2.5040 scrollbar thumb in scrolled popup not visible
8.2.5041 cannot close a terminal popup with "NONE" job
8.2.5042 scrollbar thumb in tall scrolled popup not visible
8.2.5043 can open a cmdline window from a substitute expression
8.2.5044 command line test fails
8.2.5045 can escape a terminal popup window when the job is finished
8.2.5046 vim_regsub() can overwrite the destination
8.2.5047 CurSearch highlight is often wrong
8.2.5048 when using XIM the gui test may fail
8.2.5049 insufficient tests for autocommands
8.2.5050 using freed memory when searching for pattern in path
8.2.5051 check for autocmd_add() event argument is confusing
8.2.5052 CI checkout step title is a bit cryptic
8.2.5053 cannot have a comment halfway an expression in a block
8.2.5054 no good filetype for conf files similar to dosini
8.2.5055 statusline is not updated when terminal title changes
8.2.5056 the channel log only contains some of the raw terminal output
8.2.5057 using gettimeofday() for timeout is very inefficient
8.2.5058 input() does not handle composing characters properly
8.2.5059 autoconf 2.71 produces many obsolete warnings
8.2.5060 running configure fails
8.2.5061 C89 requires signal handlers to return void
8.2.5062 Coverity warns for dead code
8.2.5063 error for a command may go over the end of IObuff
8.2.5064 no test for what 8.1.0052 fixes
8.2.5065 wrong return type for main() in tee.c
8.2.5066 can specify multispace listchars only for whole line
8.2.5067 timer_create is not available on every Mac system
8.2.5068 gcc 12.1 warning when building tee
8.2.5069 various warnings from clang on MS-Windows
8.2.5070 unnecessary code
8.2.5071 with some Mac OS version clockid_t is redefined
8.2.5072 using uninitialized value and freed memory in spell command
8.2.5073 clang on MS-Windows produces warnings
8.2.5074 spell test fails on MS-Windows
8.2.5075 clang gives an out of bounds warning
8.2.5076 unnecessary code
8.2.5077 various warnings from clang on MS-Windows
8.2.5078 substitute test has a one second delay
8.2.5079 DirChanged autocommand may use freed memory
8.2.5080 when indenting gets out of hand it is hard to stop
8.2.5081 autocmd test fails on MS-Windows
8.2.5082 retab test fails
8.2.5083 autocmd test still fails on MS-Windows
8.2.5084 when the GUI shows a dialog tests get stuck
8.2.5085 gcc gives warning for signed/unsigned difference
8.2.5086 CI runs on Windows 2019
8.2.5087 cannot build with clang on MS-Windows
8.2.5088 value of cmod_verbose is a bit complicated to use
8.2.5089 some functions return a different value on failure
8.2.5090 MS-Windows: vim.def is no longer used
8.2.5091 terminal test fails with some shell commands
8.2.5092 using "'<,'>" in Ex mode may compare unrelated pointers
8.2.5093 error message for unknown command may have the command twice
8.2.5094 MS-Windows GUI: empty command may cause a dialog
8.2.5095 terminal test still fails with some shell commands
8.2.5096 terminal test still fails with some shell commands
8.2.5097 using uninitialized memory when using 'listchars'
8.2.5098 spelldump test sometimes hangs
8.2.5099 some terminal tests are not retried
8.2.5100 memory usage tests are not retried
8.2.5101 MS-Windows with MinGW: $CC may be "cc" instead of "gcc"
8.2.5102 interrupt not caught in test
8.2.5103 build fails with small features
8.2.5104 test hangs on MS-Windows
8.2.5105 test still hangs on MS-Windows
8.2.5106 default cmdwin mappings are re-mappable
8.2.5107 some callers of rettv_list_alloc() check for not OK
8.2.5108 retab test disabled because it hangs on MS-Windows
8.2.5109 mode not updated after CTRL-O CTRL-C in Insert mode
8.2.5110 icon filetype not recognized from the first line
8.2.5111 no test for --gui-dialog-file
8.2.5112 gui test hangs on MS-Windows
8.2.5113 timer becomes invalid after fork/exec, :gui gives errors
8.2.5114 time limit on searchpair() does not work properly
8.2.5115 search timeout is overrun with some patterns
8.2.5116 "limit" option of matchfuzzy() not always respected
8.2.5117 crash when calling a Lua callback from a :def function
8.2.5118 MS-Windows: sending a message to another Vim may hang
8.2.5119 CI uses cache v2
8.2.5120 searching for quotes may go over the end of the line
8.2.5121 interrupt test sometimes fails
8.2.5122 lisp indenting my run over the end of the line
8.2.5123 using invalid index when looking for spell suggestions
8.2.5124 when syntax timeout test fails it does not show the time
8.2.5125 MS-Windows: warnings from MinGW compiler
8.2.5126 substitute may overrun destination buffer
8.2.5127 using assert_true() does not show value on failure
8.2.5128 syntax disabled when using synID() in searchpair() skip expr
8.2.5129 timeout handling is not optimal
8.2.5130 edit test for mode message fails when using valgrind
8.2.5131 timeout implementation is not optimal
8.2.5132 :mkview test doesn't test much
8.2.5133 MacOS: build fails
8.2.5134 function has confusing name
8.2.5135 running configure gives warnings for main() return type
8.2.5136 debugger test fails when run with valgrind
8.2.5137 cannot build without the +channel feature
8.2.5138 various small issues
8.2.5139 TIME_WITH_SYS_TIME is no longer supported by autoconf
8.2.5140 seachpair timeout test is flaky
8.2.5141 using "volatile int" in a signal handler might be wrong
8.2.5142 startup test fails if there is a status bar
8.2.5143 some tests fail when using valgrind
8.2.5144 with 'lazyredraw' set completion menu may be wrong
8.2.5145 exit test causes spurious valgrind reports
8.2.5146 memory leak when substitute expression nests
8.2.5147 flaky test always fails on retry
8.2.5148 invalid memory access when using expression on command line
8.2.5149 cannot build without the +eval feature
8.2.5150 read past the end of the first line with ":0;'{"
8.2.5151 reading beyond the end of the line with lisp indenting
8.2.5152 search() gets stuck with "c" and skip evaluates to true
8.2.5153 "make uninstall" does not remove colors/lists
8.2.5154 still mentioning version8, some cosmetic issues
8.2.5155 in diff mode windows may get out of sync
8.2.5156 search timeout test often fails with FreeBSD
8.2.5157 MS-Windows GUI: CTRL-key combinations do not always work
8.2.5158 TSTP and INT signal tests are not run with valgrind
8.2.5159 fix for CTRL-key combinations causes problems
8.2.5160 accessing invalid memory after changing terminal size
8.2.5161 might still access invalid memory
8.2.5162 reading before the start of the line with BS in Replace mode
8.2.5163 crash when deleting buffers in diff mode
8.2.5164 invalid memory access after diff buffer manipulations
8.2.5165 import test fails because 'diffexpr' isn't reset
8.2.5166 test for DiffUpdated fails
8.2.5167 get(Fn, 'name') on funcref returns special byte code
8.2.5168 cannot build with Python 3.11
8.2.5169 nested :source may use NULL pointer
8.2.5170 tiny issues
8.2.5171 dependencies and proto files are outdated
8.2.5172 "make menu" still uses legacy script
To generate a diff of this commit:
cvs rdiff -u -r1.96 -r1.97 pkgsrc/editors/vim-gtk2/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/editors/vim-gtk3/Makefile
cvs rdiff -u -r1.41 -r1.42 pkgsrc/editors/vim-motif/Makefile
cvs rdiff -u -r1.60 -r1.61 pkgsrc/editors/vim-share/PLIST
cvs rdiff -u -r1.198 -r1.199 pkgsrc/editors/vim-share/distinfo
cvs rdiff -u -r1.137 -r1.138 pkgsrc/editors/vim-share/version.mk
cvs rdiff -u -r1.64 -r1.65 pkgsrc/editors/vim-xaw/Makefile
pkgsrc-2022Q2 commitmail json YAML
pullups #6649 #6657 #6658 #6659
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/chat/finch/Makefile@1.85.2.1
/
diff
pkgsrc/chat/libpurple/Makefile@1.115.2.1 / diff
pkgsrc/chat/libpurple/Makefile.common@1.55.4.1 / diff
pkgsrc/chat/libpurple/distinfo@1.55.4.1 / diff
pkgsrc/chat/pidgin-sametime/Makefile@1.65.2.1 / diff
pkgsrc/chat/pidgin-silc/Makefile@1.68.2.1 / diff
pkgsrc/chat/pidgin/Makefile@1.96.2.1 / diff
pkgsrc/chat/pidgin/PLIST@1.26.10.1 / diff
pkgsrc/chat/libpurple/Makefile@1.115.2.1 / diff
pkgsrc/chat/libpurple/Makefile.common@1.55.4.1 / diff
pkgsrc/chat/libpurple/distinfo@1.55.4.1 / diff
pkgsrc/chat/pidgin-sametime/Makefile@1.65.2.1 / diff
pkgsrc/chat/pidgin-silc/Makefile@1.68.2.1 / diff
pkgsrc/chat/pidgin/Makefile@1.96.2.1 / diff
pkgsrc/chat/pidgin/PLIST@1.26.10.1 / diff
Pullup ticket #6659 - requested by khorben
chat/libpurple: security update
chat/finch: security update
chat/pidgin: security update
chat/pidgin-sametime: security update
chat/pidgin-silc: security update
Revisions pulled up:
- chat/finch/Makefile 1.87
- chat/libpurple/Makefile 1.117
- chat/libpurple/Makefile.common 1.56
- chat/libpurple/distinfo 1.56
- chat/pidgin-sametime/Makefile 1.67
- chat/pidgin-silc/Makefile 1.70
- chat/pidgin/Makefile 1.97
- chat/pidgin/PLIST 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jul 20 02:14:13 UTC 2022
Modified Files:
pkgsrc/chat/finch: Makefile
pkgsrc/chat/libpurple: Makefile Makefile.common distinfo
pkgsrc/chat/pidgin: Makefile PLIST
pkgsrc/chat/pidgin-sametime: Makefile
pkgsrc/chat/pidgin-silc: Makefile
Log Message:
libpurple, finch, pidgin: update to 2.14.10
This notably fixes security issues (CVE-2012-1257, CVE-2022-26491).
Tested on NetBSD/amd64.
XXX pull-up to the pkgsrc-2022Q2 branch
The complete changelog for the new versions is reproduced here:
version 2.14.10 (06/02/2022):
General:
* Audit and correct the COPYRIGHT file. (RR 1425) (Richard Laager)
* Fix a spelling error in a debug message for proxies. (RR 1426) (Richard
Laager)
* Install some emojis already in the theme but not being installed.
(RR 1428) (Richard Laager)
* Drop the QQ smileys as we don't ship QQ anymore. (PIDGIN-14385) (RR 1429)
(Richard Laager)
* Modernize the desktop file. (RR 1433) (Richard Laager)
* Modernize the appdata file. (RR 1431) (Richard Laager)
* Make privacy settings persist. (PIDGIN-17137) (RR 1463) (Belgin ��tirbu)
Pidgin:
* Fix a use after free that was introduced in 2.14.9. (RR 1488) (ivanhoe)
IRC:
* Fix a crash if the server sends a short form JOIN message. (PIDGIN-17375)
(RR 1484) (Belgin ��tirbu)
XMPP:
* Fix a regression from 2.14.9 where XMPP accounts state would get lost
after failing to connect. (PIDGIN-17621) (RR 1455) (Belgin ��tirbu)
* Fix a crash when requesting your own info in an XMPP conference. (RR 1465)
(Belgin ��tirbu)
* Fix hang when completing a file transfer over XMPP. (RR 1466) (Belgin
��tirbu)
* Fix updating custom smileys. (PIDGIN-17153) (RR 1477) (Belgin ��tirbu)
* Fix unblocking users. (PIDGIN-16414) (RR 1479) (Belgin ��tirbu)
* Fix a crash when cancelling a file transfer. (PIDGIN-17189) (RR 1485)
(Belgin ��tirbu)
version 2.14.9 (04/28/2022):
Security:
* Remove _xmppconnect support. (RR 1357) (CVE-2022-26491) (Gary Kramlich)
libpurple:
* Fix a GLib CRITICAL message with typing time outs. (RR 1123) (Mohammed
Sadiq)
* Fix an issue where the unit tests for purple_str_to_time would fail.
(GENTOO-819774) (RR 1238) (Gary Kramlich)
Pidgin:
* Fix a memory leak in pidgin_conversations_set_tab_colors. (RR 1244)
(ivanhoe)
* Fixed the majority of the infinite resizing issues in the input box.
(PIDGIN-16753, PIDGIN-16999, PIDGIN-17287, PIDGIN-17413, PIDGIN-17430,
PIDGIN-17568, PIDGIN-17602) (RR 1342) (Belgin ��tirbu)
* Add transient-buddy back which is used to show some context menus and
other things. (PIDGIN-17523) (RR 1381) (Belgin ��tirbu)
Windows:
* Fix the download of dictionaries in the Windows installer. (PIDGIN-14618,
PIDGIN-15648, PIDGIN-15540, PIDGIN-14612, PIDGIN-14893) (RR 1303) (Gary
Kramlich)
Translations:
* Fix a typo in the German translations. (PIDGIN-17575) (RR 1242) (ivanhoe)
* Synced all of the translations with Transifex.
IRC:
* Fix IRC file transfers on Windows. (PIDGIN-17175) (RR 1382) (Belgin
��tirbu)
* Fix file transfers failing at 99% on IRC. (PIDGIN-15893) (RR 1385) (Belgin
��tirbu)
* Default realname and ident name in IRC to the username (nickname) of the
account. (PIDGIN-17610) (RR 1386) (Belgin ��tirbu)
* Add an advanced account option to IRC accounts for explicitly setting the
SASL login name. (PIDGIN-15451) (RR 1388) (Belgin ��tirbu)
* Added a rate limiter that should make it impossible to excess flood.
(RR 1391) (Gary Kramlich)
SIMPLE:
* Fix an issue with the CSeq numbers in SIMPLE. (PIDGIN-9675) (RR 1379)
(dohmniq)
XMPP:
* Fix XMPP attention messages being sent to incorrect JIDs. (PIDGIN-14714)
(RR 1387) (itsnotabigtruck, Belgin ��tirbu)
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 pkgsrc/chat/finch/Makefile
cvs rdiff -u -r1.116 -r1.117 pkgsrc/chat/libpurple/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/chat/libpurple/Makefile.common \
pkgsrc/chat/libpurple/distinfo
cvs rdiff -u -r1.96 -r1.97 pkgsrc/chat/pidgin/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/pidgin/PLIST
cvs rdiff -u -r1.66 -r1.67 pkgsrc/chat/pidgin-sametime/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/chat/pidgin-silc/Makefile
chat/libpurple: security update
chat/finch: security update
chat/pidgin: security update
chat/pidgin-sametime: security update
chat/pidgin-silc: security update
Revisions pulled up:
- chat/finch/Makefile 1.87
- chat/libpurple/Makefile 1.117
- chat/libpurple/Makefile.common 1.56
- chat/libpurple/distinfo 1.56
- chat/pidgin-sametime/Makefile 1.67
- chat/pidgin-silc/Makefile 1.70
- chat/pidgin/Makefile 1.97
- chat/pidgin/PLIST 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jul 20 02:14:13 UTC 2022
Modified Files:
pkgsrc/chat/finch: Makefile
pkgsrc/chat/libpurple: Makefile Makefile.common distinfo
pkgsrc/chat/pidgin: Makefile PLIST
pkgsrc/chat/pidgin-sametime: Makefile
pkgsrc/chat/pidgin-silc: Makefile
Log Message:
libpurple, finch, pidgin: update to 2.14.10
This notably fixes security issues (CVE-2012-1257, CVE-2022-26491).
Tested on NetBSD/amd64.
XXX pull-up to the pkgsrc-2022Q2 branch
The complete changelog for the new versions is reproduced here:
version 2.14.10 (06/02/2022):
General:
* Audit and correct the COPYRIGHT file. (RR 1425) (Richard Laager)
* Fix a spelling error in a debug message for proxies. (RR 1426) (Richard
Laager)
* Install some emojis already in the theme but not being installed.
(RR 1428) (Richard Laager)
* Drop the QQ smileys as we don't ship QQ anymore. (PIDGIN-14385) (RR 1429)
(Richard Laager)
* Modernize the desktop file. (RR 1433) (Richard Laager)
* Modernize the appdata file. (RR 1431) (Richard Laager)
* Make privacy settings persist. (PIDGIN-17137) (RR 1463) (Belgin ��tirbu)
Pidgin:
* Fix a use after free that was introduced in 2.14.9. (RR 1488) (ivanhoe)
IRC:
* Fix a crash if the server sends a short form JOIN message. (PIDGIN-17375)
(RR 1484) (Belgin ��tirbu)
XMPP:
* Fix a regression from 2.14.9 where XMPP accounts state would get lost
after failing to connect. (PIDGIN-17621) (RR 1455) (Belgin ��tirbu)
* Fix a crash when requesting your own info in an XMPP conference. (RR 1465)
(Belgin ��tirbu)
* Fix hang when completing a file transfer over XMPP. (RR 1466) (Belgin
��tirbu)
* Fix updating custom smileys. (PIDGIN-17153) (RR 1477) (Belgin ��tirbu)
* Fix unblocking users. (PIDGIN-16414) (RR 1479) (Belgin ��tirbu)
* Fix a crash when cancelling a file transfer. (PIDGIN-17189) (RR 1485)
(Belgin ��tirbu)
version 2.14.9 (04/28/2022):
Security:
* Remove _xmppconnect support. (RR 1357) (CVE-2022-26491) (Gary Kramlich)
libpurple:
* Fix a GLib CRITICAL message with typing time outs. (RR 1123) (Mohammed
Sadiq)
* Fix an issue where the unit tests for purple_str_to_time would fail.
(GENTOO-819774) (RR 1238) (Gary Kramlich)
Pidgin:
* Fix a memory leak in pidgin_conversations_set_tab_colors. (RR 1244)
(ivanhoe)
* Fixed the majority of the infinite resizing issues in the input box.
(PIDGIN-16753, PIDGIN-16999, PIDGIN-17287, PIDGIN-17413, PIDGIN-17430,
PIDGIN-17568, PIDGIN-17602) (RR 1342) (Belgin ��tirbu)
* Add transient-buddy back which is used to show some context menus and
other things. (PIDGIN-17523) (RR 1381) (Belgin ��tirbu)
Windows:
* Fix the download of dictionaries in the Windows installer. (PIDGIN-14618,
PIDGIN-15648, PIDGIN-15540, PIDGIN-14612, PIDGIN-14893) (RR 1303) (Gary
Kramlich)
Translations:
* Fix a typo in the German translations. (PIDGIN-17575) (RR 1242) (ivanhoe)
* Synced all of the translations with Transifex.
IRC:
* Fix IRC file transfers on Windows. (PIDGIN-17175) (RR 1382) (Belgin
��tirbu)
* Fix file transfers failing at 99% on IRC. (PIDGIN-15893) (RR 1385) (Belgin
��tirbu)
* Default realname and ident name in IRC to the username (nickname) of the
account. (PIDGIN-17610) (RR 1386) (Belgin ��tirbu)
* Add an advanced account option to IRC accounts for explicitly setting the
SASL login name. (PIDGIN-15451) (RR 1388) (Belgin ��tirbu)
* Added a rate limiter that should make it impossible to excess flood.
(RR 1391) (Gary Kramlich)
SIMPLE:
* Fix an issue with the CSeq numbers in SIMPLE. (PIDGIN-9675) (RR 1379)
(dohmniq)
XMPP:
* Fix XMPP attention messages being sent to incorrect JIDs. (PIDGIN-14714)
(RR 1387) (itsnotabigtruck, Belgin ��tirbu)
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 pkgsrc/chat/finch/Makefile
cvs rdiff -u -r1.116 -r1.117 pkgsrc/chat/libpurple/Makefile
cvs rdiff -u -r1.55 -r1.56 pkgsrc/chat/libpurple/Makefile.common \
pkgsrc/chat/libpurple/distinfo
cvs rdiff -u -r1.96 -r1.97 pkgsrc/chat/pidgin/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/pidgin/PLIST
cvs rdiff -u -r1.66 -r1.67 pkgsrc/chat/pidgin-sametime/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/chat/pidgin-silc/Makefile
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/www/firefox91-l10n/Makefile@1.12.2.1
/
diff
pkgsrc/www/firefox91-l10n/distinfo@1.14.2.1 / diff
pkgsrc/www/firefox91/Makefile@1.19.2.1 / diff
pkgsrc/www/firefox91/distinfo@1.14.2.1 / diff
pkgsrc/www/firefox91-l10n/distinfo@1.14.2.1 / diff
pkgsrc/www/firefox91/Makefile@1.19.2.1 / diff
pkgsrc/www/firefox91/distinfo@1.14.2.1 / diff
Pullup ticket #6658 - requested by nia
www/firefox91: security update
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.13
- www/firefox91-l10n/distinfo 1.15
- www/firefox91/Makefile 1.22
- www/firefox91/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 22 08:16:40 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo
www/firefox91: security update
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.13
- www/firefox91-l10n/distinfo 1.15
- www/firefox91/Makefile 1.22
- www/firefox91/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 22 08:16:40 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6657 - requested by taca
devel/git: security update
devel/git-base: security update
devel/git-docs: security update
www/gitweb: security update
Revisions pulled up:
- devel/git-base/Makefile 1.97
- devel/git-base/distinfo 1.120-1.121
- devel/git-docs/Makefile 1.21
- devel/git/Makefile.version 1.106-1.107
- www/gitweb/Makefile 1.45
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 6 11:54:00 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
pkgsrc/devel/git-docs: Makefile
pkgsrc/www/gitweb: Makefile
Log Message:
git: updated to 2.37.0
Git v2.37 Release Notes
===========
UI, Workflows & Features
* "vimdiff[123]" mergetool drivers have been reimplemented with a
more generic layout mechanism.
* "git -v" and "git -h" are now understood as "git --version" and
"git --help".
* The temporary files fed to external diff command are now generated
inside a new temporary directory under the same basename.
* "git log --since=X" will stop traversal upon seeing a commit that
is older than X, but there may be commits behind it that is younger
than X when the commit was created with a faulty clock. A new
option is added to keep digging without stopping, and instead
filter out commits with timestamp older than X.
* "git -c branch.autosetupmerge=simple branch $A $B" will set the $B
as $A's upstream only when $A and $B shares the same name, and "git
-c push.default=simple" on branch $A would push to update the
branch $A at the remote $B came from. Also more places use the
sole remote, if exists, before defaulting to 'origin'.
* A new doc has been added that lists tips for tools to work with
Git's codebase.
* "git remote -v" now shows the list-objects-filter used during
fetching from the remote, if available.
* With the new http.curloptResolve configuration, the CURLOPT_RESOLVE
mechanism that allows cURL based applications to use pre-resolved
IP addresses for the requests is exposed to the scripts.
* "git add -i" was rewritten in C some time ago and has been in
testing; the reimplementation is now exposed to general public by
default.
* Deprecate non-cone mode of the sparse-checkout feature.
* Introduce a filesystem-dependent mechanism to optimize the way the
bits for many loose object files are ensured to hit the disk
platter.
* The "do not remove the directory the user started Git in" logic,
when Git cannot tell where that directory is, is disabled. Earlier
we refused to run in such a case.
* A mechanism to pack unreachable objects into a "cruft pack",
instead of ejecting them into loose form to be reclaimed later, has
been introduced.
* Update the doctype written in gitweb output to xhtml5.
* The "transfer.credentialsInURL" configuration variable controls what
happens when a URL with embedded login credential is used on either
"fetch" or "push". Credentials are currently only detected in
`remote.<name>.url` config, not `remote.<name>.pushurl`.
* "git revert" learns "--reference" option to use more human-readable
reference to the commit it reverts in the message template it
prepares for the user.
* Various error messages that talk about the removal of
"--preserve-merges" in "rebase" have been strengthened, and "rebase
--abort" learned to get out of a state that was left by an earlier
use of the option.
Performance, Internal Implementation, Development Support etc.
* The performance of the "untracked cache" feature has been improved
when "--untracked-files=<mode>" and "status.showUntrackedFiles"
are combined.
* "git stash" works better with sparse index entries.
* "git show :<path>" learned to work better with the sparse-index
feature.
* Introduce and apply coccinelle rule to discourage an explicit
comparison between a pointer and NULL, and applies the clean-up to
the maintenance track.
* Preliminary code refactoring around transport and bundle code.
* "sparse-checkout" learns to work better with the sparse-index
feature.
* A workflow change for translators are being proposed. git.pot is
no longer version controlled and it is local responsibility of
translators to generate it.
* Plug the memory leaks from the trickiest API of all, the revision
walker.
* Rename .env_array member to .env in the child_process structure.
* The fsmonitor--daemon handles even more corner cases when
watching filesystem events.
* A new bug() and BUG_if_bug() API is introduced to make it easier to
uniformly log "detect multiple bugs and abort in the end" pattern.
Fixes since v2.36
-----------------
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
(merge 4f1ccef87c gc/submodule-update-part2 later to maint).
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
(merge f8781bfda3 jc/diff-tree-stdin-fix later to maint).
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
(merge 45a14f578e rs/name-rev-fix-free-after-use later to maint).
* "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
(merge 5cdb38458e jc/show-pathspec-fix later to maint).
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
(merge d1c25272f5 rs/fast-export-pathspec-fix later to maint).
* "git format-patch <args> -- <pathspec>" lost the pathspec when
showing the second and subsequent commits, which has been
corrected.
(merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint).
* "git clone --origin X" leaked piece of memory that held value read
from the clone.defaultRemoteName configuration variable, which has
been plugged.
(merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint).
* Get rid of a bogus and over-eager coccinelle rule.
(merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint).
* The path taken by "git multi-pack-index" command from the end user
was compared with path internally prepared by the tool without first
normalizing, which lead to duplicated paths not being noticed,
which has been corrected.
(merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint).
* Correct choices of C compilers used in various CI jobs.
(merge 3506cae04f ab/cc-package-fixes later to maint).
* Various cleanups to "git p4".
(merge 4ff0108d9e jh/p4-various-fixups later to maint).
* The progress meter of "git blame" was showing incorrect numbers
when processing only parts of the file.
(merge e5f5d7d42e ea/progress-partial-blame later to maint).
* "git rebase --keep-base <upstream> <branch-to-rebase>" computed the
commit to rebase onto incorrectly, which has been corrected.
(merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint).
* Fix a leak of FILE * in an error codepath.
(merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint).
* Avoid problems from interaction between malloc_check and address
sanitizer.
(merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint).
* The commit summary shown after making a commit is matched to what
is given in "git status" not to use the break-rewrite heuristics.
(merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint).
* Update a few end-user facing messages around EOL conversion.
(merge c970d30c2c ah/convert-warning-message later to maint).
* Trace2 documentation updates.
(merge a6c80c313c js/trace2-doc-fixes later to maint).
* Build procedure fixup.
(merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint).
* "git pull" without "--recurse-submodules=<arg>" made
submodule.recurse take precedence over fetch.recurseSubmodules by
mistake, which has been corrected.
(merge 5819417365 gc/pull-recurse-submodules later to maint).
* "git bisect" was too silent before it is ready to start computing
the actual bisection, which has been corrected.
(merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint).
* macOS CI jobs have been occasionally flaky due to tentative version
skew between perforce and the homebrew packager. Instead of
failing the whole CI job, just let it skip the p4 tests when this
happens.
(merge f15e00b463 cb/ci-make-p4-optional later to maint).
* A bit of test framework fixes with a few fixes to issues found by
valgrind.
(merge 7c898554d7 ab/valgrind-fixes later to maint).
* "git archive --add-file=<path>" picked up the raw permission bits
from the path and propagated to zip output in some cases, without
normalization, which has been corrected (tar output did not have
this issue).
(merge 6a61661967 jc/archive-add-file-normalize-mode later to maint).
* "make coverage-report" without first running "make coverage" did
not produce any meaningful result, which has been corrected.
(merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint).
* The "--current" option of "git show-branch" should have been made
incompatible with the "--reflog" mode, but this was not enforced,
which has been corrected.
(merge 41c64ae0e7 jc/show-branch-g-current later to maint).
* "git fetch" unnecessarily failed when an unexpected optional
section appeared in the output, which has been corrected.
(merge 7709acf7be jt/fetch-peek-optional-section later to maint).
* The way "git fetch" without "--update-head-ok" ensures that HEAD in
no worktree points at any ref being updated was too wasteful, which
has been optimized a bit.
(merge f7400da800 os/fetch-check-not-current-branch later to maint).
* "git fetch --recurse-submodules" from multiple remotes (either from
a remote group, or "--all") used to make one extra "git fetch" in
the submodules, which has been corrected.
(merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint).
* With a recent update to refuse access to repositories of other
people by default, "sudo make install" and "sudo git describe"
stopped working, which has been corrected.
(merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint).
* The tests that ensured merges stop when interfering local changes
are present did not make sure that local changes are preserved; now
they do.
(merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint).
* Some real problems noticed by gcc 12 have been fixed, while false
positives have been worked around.
* Update the version of FreeBSD image used in Cirrus CI.
(merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint).
* The multi-pack-index code did not protect the packfile it is going
to depend on from getting removed while in use, which has been
corrected.
(merge 4090511e40 tb/midx-race-in-pack-objects later to maint).
* Teach "git repack --geometric" work better with "--keep-pack" and
avoid corrupting the repository when packsize limit is used.
(merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint).
* The documentation on the interaction between "--add-file" and
"--prefix" options of "git archive" has been improved.
(merge a75910602a rs/document-archive-prefix later to maint).
* A git subcommand like "git add -p" spawns a separate git process
while relaying its command line arguments. A pathspec with only
negative elements was mistakenly passed with an empty string, which
has been corrected.
(merge b02fdbc80a jc/all-negative-pathspec later to maint).
* With a more targeted workaround in http.c in another topic, we may
be able to lift this blanket "GCC12 dangling-pointer warning is
broken and unsalvageable" workaround.
(merge 419141e495 cb/buggy-gcc-12-workaround later to maint).
* A misconfigured 'branch..remote' led to a bug in configuration
parsing.
(merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint).
* "git -c diff.submodule=log range-diff" did not show anything for
submodules that changed in the ranges being compared, and
"git -c diff.submodule=diff range-diff" did not work correctly.
Fix this by including the "--submodule=short" output
unconditionally to be compared.
* In Git 2.36 we revamped the way how hooks are invoked. One change
that is end-user visible is that the output of a hook is no longer
directly connected to the standard output of "git" that spawns the
hook, which was noticed post release. This is getting corrected.
(merge a082345372 ab/hooks-regression-fix later to maint).
* Updating the graft information invalidates the list of parents of
in-core commit objects that used to be in the graft file.
* "git show-ref --heads" (and "--tags") still iterated over all the
refs only to discard refs outside the specified area, which has
been corrected.
(merge c0c9d35e27 tb/show-ref-optim later to maint).
* Remove redundant copying (with index v3 and older) or possible
over-reading beyond end of mmapped memory (with index v4) has been
corrected.
(merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint).
* Sample watchman interface hook sometimes failed to produce
correctly formatted JSON message, which has been corrected.
(merge 134047b500 sn/fsmonitor-missing-clock later to maint).
* Use-after-free (with another forget-to-free) fix.
(merge 323822c72b ab/remote-free-fix later to maint).
* Remove a coccinelle rule that is no longer relevant.
(merge b1299de4a1 jc/cocci-cleanup later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge e6b2582da3 cm/reftable-0-length-memset later to maint).
(merge 0b75e5bf22 ab/misc-cleanup later to maint).
(merge 52e1ab8a76 ea/rebase-code-simplify later to maint).
(merge 756d15923b sg/safe-directory-tests-and-docs later to maint).
(merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint).
(merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint).
(merge 1da312742d gf/unused-includes later to maint).
(merge 465b30a92d pb/submodule-recurse-mode-enum later to maint).
(merge 82b28c4ed8 km/t3501-use-test-helpers later to maint).
(merge 72315e431b sa/t1011-use-helpers later to maint).
(merge 95b3002201 cg/vscode-with-gdb later to maint).
(merge fbe5f6b804 tk/p4-utf8-bom later to maint).
(merge 17f273ffba tk/p4-with-explicity-sync later to maint).
(merge 944db25c60 kf/p4-multiple-remotes later to maint).
(merge b014cee8de jc/update-ozlabs-url later to maint).
(merge 4ec5008062 pb/ggg-in-mfc-doc later to maint).
(merge af845a604d tb/receive-pack-code-cleanup later to maint).
(merge 2acf4cf001 js/ci-gcc-12-fixes later to maint).
(merge 05e280c0a6 jc/http-clear-finished-pointer later to maint).
(merge 8c49d704ef fh/transport-push-leakfix later to maint).
(merge 1d232d38bd tl/ls-tree-oid-only later to maint).
(merge db7961e6a6 gc/document-config-worktree-scope later to maint).
(merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint).
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.96 -r1.97 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.119 -r1.120 pkgsrc/devel/git-base/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/git-docs/Makefile
cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/gitweb/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Thu Jul 14 10:55:37 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: updated to 2.37.1
Git 2.37.1 Release Notes
============
This release merges up the fixes that appear in v2.30.5, v2.31.4,
v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the
security issue CVE-2022-29187; see the release notes for these
versions for details.
Fixes since Git 2.37
--------------------
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.
* Fix for CVS-2022-29187.
To generate a diff of this commit:
cvs rdiff -u -r1.106 -r1.107 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.120 -r1.121 pkgsrc/devel/git-base/distinfo
devel/git: security update
devel/git-base: security update
devel/git-docs: security update
www/gitweb: security update
Revisions pulled up:
- devel/git-base/Makefile 1.97
- devel/git-base/distinfo 1.120-1.121
- devel/git-docs/Makefile 1.21
- devel/git/Makefile.version 1.106-1.107
- www/gitweb/Makefile 1.45
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 6 11:54:00 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: Makefile distinfo
pkgsrc/devel/git-docs: Makefile
pkgsrc/www/gitweb: Makefile
Log Message:
git: updated to 2.37.0
Git v2.37 Release Notes
===========
UI, Workflows & Features
* "vimdiff[123]" mergetool drivers have been reimplemented with a
more generic layout mechanism.
* "git -v" and "git -h" are now understood as "git --version" and
"git --help".
* The temporary files fed to external diff command are now generated
inside a new temporary directory under the same basename.
* "git log --since=X" will stop traversal upon seeing a commit that
is older than X, but there may be commits behind it that is younger
than X when the commit was created with a faulty clock. A new
option is added to keep digging without stopping, and instead
filter out commits with timestamp older than X.
* "git -c branch.autosetupmerge=simple branch $A $B" will set the $B
as $A's upstream only when $A and $B shares the same name, and "git
-c push.default=simple" on branch $A would push to update the
branch $A at the remote $B came from. Also more places use the
sole remote, if exists, before defaulting to 'origin'.
* A new doc has been added that lists tips for tools to work with
Git's codebase.
* "git remote -v" now shows the list-objects-filter used during
fetching from the remote, if available.
* With the new http.curloptResolve configuration, the CURLOPT_RESOLVE
mechanism that allows cURL based applications to use pre-resolved
IP addresses for the requests is exposed to the scripts.
* "git add -i" was rewritten in C some time ago and has been in
testing; the reimplementation is now exposed to general public by
default.
* Deprecate non-cone mode of the sparse-checkout feature.
* Introduce a filesystem-dependent mechanism to optimize the way the
bits for many loose object files are ensured to hit the disk
platter.
* The "do not remove the directory the user started Git in" logic,
when Git cannot tell where that directory is, is disabled. Earlier
we refused to run in such a case.
* A mechanism to pack unreachable objects into a "cruft pack",
instead of ejecting them into loose form to be reclaimed later, has
been introduced.
* Update the doctype written in gitweb output to xhtml5.
* The "transfer.credentialsInURL" configuration variable controls what
happens when a URL with embedded login credential is used on either
"fetch" or "push". Credentials are currently only detected in
`remote.<name>.url` config, not `remote.<name>.pushurl`.
* "git revert" learns "--reference" option to use more human-readable
reference to the commit it reverts in the message template it
prepares for the user.
* Various error messages that talk about the removal of
"--preserve-merges" in "rebase" have been strengthened, and "rebase
--abort" learned to get out of a state that was left by an earlier
use of the option.
Performance, Internal Implementation, Development Support etc.
* The performance of the "untracked cache" feature has been improved
when "--untracked-files=<mode>" and "status.showUntrackedFiles"
are combined.
* "git stash" works better with sparse index entries.
* "git show :<path>" learned to work better with the sparse-index
feature.
* Introduce and apply coccinelle rule to discourage an explicit
comparison between a pointer and NULL, and applies the clean-up to
the maintenance track.
* Preliminary code refactoring around transport and bundle code.
* "sparse-checkout" learns to work better with the sparse-index
feature.
* A workflow change for translators are being proposed. git.pot is
no longer version controlled and it is local responsibility of
translators to generate it.
* Plug the memory leaks from the trickiest API of all, the revision
walker.
* Rename .env_array member to .env in the child_process structure.
* The fsmonitor--daemon handles even more corner cases when
watching filesystem events.
* A new bug() and BUG_if_bug() API is introduced to make it easier to
uniformly log "detect multiple bugs and abort in the end" pattern.
Fixes since v2.36
-----------------
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
(merge 4f1ccef87c gc/submodule-update-part2 later to maint).
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
(merge f8781bfda3 jc/diff-tree-stdin-fix later to maint).
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
(merge 45a14f578e rs/name-rev-fix-free-after-use later to maint).
* "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
(merge 5cdb38458e jc/show-pathspec-fix later to maint).
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
(merge d1c25272f5 rs/fast-export-pathspec-fix later to maint).
* "git format-patch <args> -- <pathspec>" lost the pathspec when
showing the second and subsequent commits, which has been
corrected.
(merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint).
* "git clone --origin X" leaked piece of memory that held value read
from the clone.defaultRemoteName configuration variable, which has
been plugged.
(merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint).
* Get rid of a bogus and over-eager coccinelle rule.
(merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint).
* The path taken by "git multi-pack-index" command from the end user
was compared with path internally prepared by the tool without first
normalizing, which lead to duplicated paths not being noticed,
which has been corrected.
(merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint).
* Correct choices of C compilers used in various CI jobs.
(merge 3506cae04f ab/cc-package-fixes later to maint).
* Various cleanups to "git p4".
(merge 4ff0108d9e jh/p4-various-fixups later to maint).
* The progress meter of "git blame" was showing incorrect numbers
when processing only parts of the file.
(merge e5f5d7d42e ea/progress-partial-blame later to maint).
* "git rebase --keep-base <upstream> <branch-to-rebase>" computed the
commit to rebase onto incorrectly, which has been corrected.
(merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint).
* Fix a leak of FILE * in an error codepath.
(merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint).
* Avoid problems from interaction between malloc_check and address
sanitizer.
(merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint).
* The commit summary shown after making a commit is matched to what
is given in "git status" not to use the break-rewrite heuristics.
(merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint).
* Update a few end-user facing messages around EOL conversion.
(merge c970d30c2c ah/convert-warning-message later to maint).
* Trace2 documentation updates.
(merge a6c80c313c js/trace2-doc-fixes later to maint).
* Build procedure fixup.
(merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint).
* "git pull" without "--recurse-submodules=<arg>" made
submodule.recurse take precedence over fetch.recurseSubmodules by
mistake, which has been corrected.
(merge 5819417365 gc/pull-recurse-submodules later to maint).
* "git bisect" was too silent before it is ready to start computing
the actual bisection, which has been corrected.
(merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint).
* macOS CI jobs have been occasionally flaky due to tentative version
skew between perforce and the homebrew packager. Instead of
failing the whole CI job, just let it skip the p4 tests when this
happens.
(merge f15e00b463 cb/ci-make-p4-optional later to maint).
* A bit of test framework fixes with a few fixes to issues found by
valgrind.
(merge 7c898554d7 ab/valgrind-fixes later to maint).
* "git archive --add-file=<path>" picked up the raw permission bits
from the path and propagated to zip output in some cases, without
normalization, which has been corrected (tar output did not have
this issue).
(merge 6a61661967 jc/archive-add-file-normalize-mode later to maint).
* "make coverage-report" without first running "make coverage" did
not produce any meaningful result, which has been corrected.
(merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint).
* The "--current" option of "git show-branch" should have been made
incompatible with the "--reflog" mode, but this was not enforced,
which has been corrected.
(merge 41c64ae0e7 jc/show-branch-g-current later to maint).
* "git fetch" unnecessarily failed when an unexpected optional
section appeared in the output, which has been corrected.
(merge 7709acf7be jt/fetch-peek-optional-section later to maint).
* The way "git fetch" without "--update-head-ok" ensures that HEAD in
no worktree points at any ref being updated was too wasteful, which
has been optimized a bit.
(merge f7400da800 os/fetch-check-not-current-branch later to maint).
* "git fetch --recurse-submodules" from multiple remotes (either from
a remote group, or "--all") used to make one extra "git fetch" in
the submodules, which has been corrected.
(merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint).
* With a recent update to refuse access to repositories of other
people by default, "sudo make install" and "sudo git describe"
stopped working, which has been corrected.
(merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint).
* The tests that ensured merges stop when interfering local changes
are present did not make sure that local changes are preserved; now
they do.
(merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint).
* Some real problems noticed by gcc 12 have been fixed, while false
positives have been worked around.
* Update the version of FreeBSD image used in Cirrus CI.
(merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint).
* The multi-pack-index code did not protect the packfile it is going
to depend on from getting removed while in use, which has been
corrected.
(merge 4090511e40 tb/midx-race-in-pack-objects later to maint).
* Teach "git repack --geometric" work better with "--keep-pack" and
avoid corrupting the repository when packsize limit is used.
(merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint).
* The documentation on the interaction between "--add-file" and
"--prefix" options of "git archive" has been improved.
(merge a75910602a rs/document-archive-prefix later to maint).
* A git subcommand like "git add -p" spawns a separate git process
while relaying its command line arguments. A pathspec with only
negative elements was mistakenly passed with an empty string, which
has been corrected.
(merge b02fdbc80a jc/all-negative-pathspec later to maint).
* With a more targeted workaround in http.c in another topic, we may
be able to lift this blanket "GCC12 dangling-pointer warning is
broken and unsalvageable" workaround.
(merge 419141e495 cb/buggy-gcc-12-workaround later to maint).
* A misconfigured 'branch..remote' led to a bug in configuration
parsing.
(merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint).
* "git -c diff.submodule=log range-diff" did not show anything for
submodules that changed in the ranges being compared, and
"git -c diff.submodule=diff range-diff" did not work correctly.
Fix this by including the "--submodule=short" output
unconditionally to be compared.
* In Git 2.36 we revamped the way how hooks are invoked. One change
that is end-user visible is that the output of a hook is no longer
directly connected to the standard output of "git" that spawns the
hook, which was noticed post release. This is getting corrected.
(merge a082345372 ab/hooks-regression-fix later to maint).
* Updating the graft information invalidates the list of parents of
in-core commit objects that used to be in the graft file.
* "git show-ref --heads" (and "--tags") still iterated over all the
refs only to discard refs outside the specified area, which has
been corrected.
(merge c0c9d35e27 tb/show-ref-optim later to maint).
* Remove redundant copying (with index v3 and older) or possible
over-reading beyond end of mmapped memory (with index v4) has been
corrected.
(merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint).
* Sample watchman interface hook sometimes failed to produce
correctly formatted JSON message, which has been corrected.
(merge 134047b500 sn/fsmonitor-missing-clock later to maint).
* Use-after-free (with another forget-to-free) fix.
(merge 323822c72b ab/remote-free-fix later to maint).
* Remove a coccinelle rule that is no longer relevant.
(merge b1299de4a1 jc/cocci-cleanup later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge e6b2582da3 cm/reftable-0-length-memset later to maint).
(merge 0b75e5bf22 ab/misc-cleanup later to maint).
(merge 52e1ab8a76 ea/rebase-code-simplify later to maint).
(merge 756d15923b sg/safe-directory-tests-and-docs later to maint).
(merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint).
(merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint).
(merge 1da312742d gf/unused-includes later to maint).
(merge 465b30a92d pb/submodule-recurse-mode-enum later to maint).
(merge 82b28c4ed8 km/t3501-use-test-helpers later to maint).
(merge 72315e431b sa/t1011-use-helpers later to maint).
(merge 95b3002201 cg/vscode-with-gdb later to maint).
(merge fbe5f6b804 tk/p4-utf8-bom later to maint).
(merge 17f273ffba tk/p4-with-explicity-sync later to maint).
(merge 944db25c60 kf/p4-multiple-remotes later to maint).
(merge b014cee8de jc/update-ozlabs-url later to maint).
(merge 4ec5008062 pb/ggg-in-mfc-doc later to maint).
(merge af845a604d tb/receive-pack-code-cleanup later to maint).
(merge 2acf4cf001 js/ci-gcc-12-fixes later to maint).
(merge 05e280c0a6 jc/http-clear-finished-pointer later to maint).
(merge 8c49d704ef fh/transport-push-leakfix later to maint).
(merge 1d232d38bd tl/ls-tree-oid-only later to maint).
(merge db7961e6a6 gc/document-config-worktree-scope later to maint).
(merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint).
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.96 -r1.97 pkgsrc/devel/git-base/Makefile
cvs rdiff -u -r1.119 -r1.120 pkgsrc/devel/git-base/distinfo
cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/git-docs/Makefile
cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/gitweb/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Thu Jul 14 10:55:37 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: updated to 2.37.1
Git 2.37.1 Release Notes
============
This release merges up the fixes that appear in v2.30.5, v2.31.4,
v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the
security issue CVE-2022-29187; see the release notes for these
versions for details.
Fixes since Git 2.37
--------------------
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which is an old
regression but has become widely known because the C version has
become the default in the latest release.
* Fix for CVS-2022-29187.
To generate a diff of this commit:
cvs rdiff -u -r1.106 -r1.107 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.120 -r1.121 pkgsrc/devel/git-base/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6649 - requested by khorben
chat/prosody: integration fix
Revisions pulled up:
- chat/prosody/Makefile 1.38-1.40
- chat/prosody/files/prosody.sh 1.3-1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 01:53:00 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: fix the path to the PID file in the RC script
PROSODY_RUN is set to eg /var/run/prosody/prosody.pid instead of just
/var/run/prosody.pid, which is a good thing (tm) since prosody's user
needs the access rights to write to the corresponding directory.
Unfortunately, the directory is not automatically created nor the right
permissions set yet, but this is progress.
While there, appease pkglint(1).
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 once the complete solution is in place
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 02:31:46 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: make sure pidfile always matches PROSODY_RUN in the RC script
This concludes my investigation on the correct path for the PID file.
No changes to the final binary if PROSODY_RUN is set to its default
value.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Mon Jul 25 04:47:07 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
chat/prosody: always create the directory for the PID file
The RC script for prosody now always creates the corresponding
sub-directory for prosody's PID file. This is inspired by the RC script
for mdnsd in NetBSD, and for dbus in pkgsrc; thanks spz@ for the
suggestion!
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 (completes request 6649)
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/chat/prosody/files/prosody.sh
chat/prosody: integration fix
Revisions pulled up:
- chat/prosody/Makefile 1.38-1.40
- chat/prosody/files/prosody.sh 1.3-1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 01:53:00 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: fix the path to the PID file in the RC script
PROSODY_RUN is set to eg /var/run/prosody/prosody.pid instead of just
/var/run/prosody.pid, which is a good thing (tm) since prosody's user
needs the access rights to write to the corresponding directory.
Unfortunately, the directory is not automatically created nor the right
permissions set yet, but this is progress.
While there, appease pkglint(1).
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 once the complete solution is in place
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Jul 7 02:31:46 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
prosody: make sure pidfile always matches PROSODY_RUN in the RC script
This concludes my investigation on the correct path for the PID file.
No changes to the final binary if PROSODY_RUN is set to its default
value.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/chat/prosody/files/prosody.sh
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Mon Jul 25 04:47:07 UTC 2022
Modified Files:
pkgsrc/chat/prosody: Makefile
pkgsrc/chat/prosody/files: prosody.sh
Log Message:
chat/prosody: always create the directory for the PID file
The RC script for prosody now always creates the corresponding
sub-directory for prosody's PID file. This is inspired by the RC script
for mdnsd in NetBSD, and for dbus in pkgsrc; thanks spz@ for the
suggestion!
Bumps PKGREVISION.
Tested on NetBSD/amd64.
XXX pull-up to pkgsrc-2022Q2 (completes request 6649)
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 pkgsrc/chat/prosody/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/chat/prosody/files/prosody.sh
pkgsrc-2022Q2 commitmail json YAML
pullups 6650-6656
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/databases/ruby-activerecord70/distinfo@1.6.2.1
/
diff
pkgsrc/devel/ruby-activejob70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activemodel70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activestorage70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activesupport70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-railties70/Makefile@1.4.2.1 / diff
pkgsrc/devel/ruby-railties70/distinfo@1.6.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.4 / diff
pkgsrc/mail/ruby-actionmailbox70/distinfo@1.6.2.1 / diff
pkgsrc/mail/ruby-actionmailer70/distinfo@1.6.2.1 / diff
pkgsrc/textproc/ruby-actiontext70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-actioncable70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-actionpack70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-actionview70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-rails70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activejob70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activemodel70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activestorage70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-activesupport70/distinfo@1.6.2.1 / diff
pkgsrc/devel/ruby-railties70/Makefile@1.4.2.1 / diff
pkgsrc/devel/ruby-railties70/distinfo@1.6.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.4 / diff
pkgsrc/mail/ruby-actionmailbox70/distinfo@1.6.2.1 / diff
pkgsrc/mail/ruby-actionmailer70/distinfo@1.6.2.1 / diff
pkgsrc/textproc/ruby-actiontext70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-actioncable70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-actionpack70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-actionview70/distinfo@1.6.2.1 / diff
pkgsrc/www/ruby-rails70/distinfo@1.6.2.1 / diff
Pullup ticket #6656 - requested by taca
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.7
- devel/ruby-activejob70/distinfo 1.7
- devel/ruby-activemodel70/distinfo 1.7
- devel/ruby-activestorage70/distinfo 1.7
- devel/ruby-activesupport70/distinfo 1.7
- devel/ruby-railties70/Makefile 1.5
- devel/ruby-railties70/distinfo 1.7
- lang/ruby/rails.mk 1.132
- mail/ruby-actionmailbox70/distinfo 1.7
- mail/ruby-actionmailer70/distinfo 1.7
- textproc/ruby-actiontext70/distinfo 1.7
- www/ruby-actioncable70/distinfo 1.7
- www/ruby-actionpack70/distinfo 1.7
- www/ruby-actionview70/distinfo 1.7
- www/ruby-rails70/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:48:48 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.3.1
Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only.
databases/ruby-activerecord70
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.131 -r1.132 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-rails70/distinfo
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.7
- devel/ruby-activejob70/distinfo 1.7
- devel/ruby-activemodel70/distinfo 1.7
- devel/ruby-activestorage70/distinfo 1.7
- devel/ruby-activesupport70/distinfo 1.7
- devel/ruby-railties70/Makefile 1.5
- devel/ruby-railties70/distinfo 1.7
- lang/ruby/rails.mk 1.132
- mail/ruby-actionmailbox70/distinfo 1.7
- mail/ruby-actionmailer70/distinfo 1.7
- textproc/ruby-actiontext70/distinfo 1.7
- www/ruby-actioncable70/distinfo 1.7
- www/ruby-actionpack70/distinfo 1.7
- www/ruby-actionview70/distinfo 1.7
- www/ruby-rails70/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:48:48 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.3.1
Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only.
databases/ruby-activerecord70
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.131 -r1.132 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-rails70/distinfo
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/databases/ruby-activerecord61/distinfo@1.13.2.1
/
diff
pkgsrc/devel/ruby-activejob61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activemodel61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activestorage61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activesupport61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-railties61/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-railties61/distinfo@1.13.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.3 / diff
pkgsrc/mail/ruby-actionmailbox61/distinfo@1.13.2.1 / diff
pkgsrc/mail/ruby-actionmailer61/distinfo@1.13.2.1 / diff
pkgsrc/textproc/ruby-actiontext61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-actioncable61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-actionpack61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-actionview61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-rails61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activejob61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activemodel61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activestorage61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-activesupport61/distinfo@1.13.2.1 / diff
pkgsrc/devel/ruby-railties61/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-railties61/distinfo@1.13.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.3 / diff
pkgsrc/mail/ruby-actionmailbox61/distinfo@1.13.2.1 / diff
pkgsrc/mail/ruby-actionmailer61/distinfo@1.13.2.1 / diff
pkgsrc/textproc/ruby-actiontext61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-actioncable61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-actionpack61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-actionview61/distinfo@1.13.2.1 / diff
pkgsrc/www/ruby-rails61/distinfo@1.13.2.1 / diff
Pullup ticket #6655 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.14
- devel/ruby-activejob61/distinfo 1.14
- devel/ruby-activemodel61/distinfo 1.14
- devel/ruby-activestorage61/distinfo 1.14
- devel/ruby-activesupport61/distinfo 1.14
- devel/ruby-railties61/Makefile 1.4
- devel/ruby-railties61/distinfo 1.14
- lang/ruby/rails.mk 1.131
- mail/ruby-actionmailbox61/distinfo 1.14
- mail/ruby-actionmailer61/distinfo 1.14
- textproc/ruby-actiontext61/distinfo 1.14
- www/ruby-actioncable61/distinfo 1.14
- www/ruby-actionpack61/distinfo 1.14
- www/ruby-actionview61/distinfo 1.14
- www/ruby-rails61/distinfo 1.14
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:46:24 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.6.1
Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.
databases/ruby-activerecord61
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.14
- devel/ruby-activejob61/distinfo 1.14
- devel/ruby-activemodel61/distinfo 1.14
- devel/ruby-activestorage61/distinfo 1.14
- devel/ruby-activesupport61/distinfo 1.14
- devel/ruby-railties61/Makefile 1.4
- devel/ruby-railties61/distinfo 1.14
- lang/ruby/rails.mk 1.131
- mail/ruby-actionmailbox61/distinfo 1.14
- mail/ruby-actionmailer61/distinfo 1.14
- textproc/ruby-actiontext61/distinfo 1.14
- www/ruby-actioncable61/distinfo 1.14
- www/ruby-actionpack61/distinfo 1.14
- www/ruby-actionview61/distinfo 1.14
- www/ruby-rails61/distinfo 1.14
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:46:24 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.6.1
Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.
databases/ruby-activerecord61
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/databases/ruby-activerecord60/distinfo@1.18.2.1
/
diff
pkgsrc/devel/ruby-activejob60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-railties60/Makefile@1.4.2.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.18.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.2 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.18.2.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.18.2.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activejob60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.18.2.1 / diff
pkgsrc/devel/ruby-railties60/Makefile@1.4.2.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.18.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.2 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.18.2.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.18.2.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.18.2.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.18.2.1 / diff
Pullup ticket #6654 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.19
- devel/ruby-activejob60/distinfo 1.19
- devel/ruby-activemodel60/distinfo 1.19
- devel/ruby-activestorage60/distinfo 1.19
- devel/ruby-activesupport60/distinfo 1.19
- devel/ruby-railties60/Makefile 1.5
- devel/ruby-railties60/distinfo 1.19
- lang/ruby/rails.mk 1.130
- mail/ruby-actionmailbox60/distinfo 1.19
- mail/ruby-actionmailer60/distinfo 1.19
- textproc/ruby-actiontext60/distinfo 1.19
- www/ruby-actioncable60/distinfo 1.19
- www/ruby-actionpack60/distinfo 1.19
- www/ruby-actionview60/distinfo 1.19
- www/ruby-rails60/distinfo 1.19
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:44:10 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.5.1
Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only.
databases/ruby-activerecord60
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties60/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-rails60/distinfo
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.19
- devel/ruby-activejob60/distinfo 1.19
- devel/ruby-activemodel60/distinfo 1.19
- devel/ruby-activestorage60/distinfo 1.19
- devel/ruby-activesupport60/distinfo 1.19
- devel/ruby-railties60/Makefile 1.5
- devel/ruby-railties60/distinfo 1.19
- lang/ruby/rails.mk 1.130
- mail/ruby-actionmailbox60/distinfo 1.19
- mail/ruby-actionmailer60/distinfo 1.19
- textproc/ruby-actiontext60/distinfo 1.19
- www/ruby-actioncable60/distinfo 1.19
- www/ruby-actionpack60/distinfo 1.19
- www/ruby-actionview60/distinfo 1.19
- www/ruby-rails60/distinfo 1.19
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:44:10 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.5.1
Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only.
databases/ruby-activerecord60
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties60/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-rails60/distinfo
pkgsrc-2022Q2 commitmail json YAML
pkgsrc/databases/ruby-activerecord52/distinfo@1.14.2.1
/
diff
pkgsrc/devel/ruby-activejob52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activemodel52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activestorage52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activesupport52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-railties52/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-railties52/distinfo@1.14.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.1 / diff
pkgsrc/mail/ruby-actionmailer52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-actioncable52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-actionpack52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-actionview52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-rails52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activejob52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activemodel52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activestorage52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-activesupport52/distinfo@1.14.2.1 / diff
pkgsrc/devel/ruby-railties52/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-railties52/distinfo@1.14.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.128.2.1 / diff
pkgsrc/mail/ruby-actionmailer52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-actioncable52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-actionpack52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-actionview52/distinfo@1.14.2.1 / diff
pkgsrc/www/ruby-rails52/distinfo@1.14.2.1 / diff
Pullup ticket #6653 - requested by taca
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.15
- devel/ruby-activejob52/distinfo 1.15
- devel/ruby-activemodel52/distinfo 1.15
- devel/ruby-activestorage52/distinfo 1.15
- devel/ruby-activesupport52/distinfo 1.15
- devel/ruby-railties52/Makefile 1.4
- devel/ruby-railties52/distinfo 1.15
- lang/ruby/rails.mk 1.129
- mail/ruby-actionmailer52/distinfo 1.15
- www/ruby-actioncable52/distinfo 1.15
- www/ruby-actionpack52/distinfo 1.15
- www/ruby-actionview52/distinfo 1.15
- www/ruby-rails52/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:41:09 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-activestorage52: distinfo
pkgsrc/devel/ruby-activesupport52: distinfo
pkgsrc/devel/ruby-railties52: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-actionpack52: distinfo
pkgsrc/www/ruby-actionview52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.8.1
Rails 5.2.8.1 (2022-07-12) updates databases/ruby-activerecord52 only.
databases/ruby-activerecord52
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activestorage52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activesupport52/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties52/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.128 -r1.129 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionpack52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionview52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-rails52/distinfo
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.15
- devel/ruby-activejob52/distinfo 1.15
- devel/ruby-activemodel52/distinfo 1.15
- devel/ruby-activestorage52/distinfo 1.15
- devel/ruby-activesupport52/distinfo 1.15
- devel/ruby-railties52/Makefile 1.4
- devel/ruby-railties52/distinfo 1.15
- lang/ruby/rails.mk 1.129
- mail/ruby-actionmailer52/distinfo 1.15
- www/ruby-actioncable52/distinfo 1.15
- www/ruby-actionpack52/distinfo 1.15
- www/ruby-actionview52/distinfo 1.15
- www/ruby-rails52/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:41:09 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-activestorage52: distinfo
pkgsrc/devel/ruby-activesupport52: distinfo
pkgsrc/devel/ruby-railties52: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-actionpack52: distinfo
pkgsrc/www/ruby-actionview52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.8.1
Rails 5.2.8.1 (2022-07-12) updates databases/ruby-activerecord52 only.
databases/ruby-activerecord52
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activestorage52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activesupport52/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties52/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.128 -r1.129 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionpack52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionview52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-rails52/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6652 - requested by khorben
lang/nodejs: security update
Revisions pulled up:
- lang/nodejs/Makefile 1.237
- lang/nodejs/distinfo 1.217
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:31:15 UTC 2022
Modified Files:
pkgsrc/lang/nodejs: Makefile distinfo
Log Message:
nodejs: updated to 18.5.0
Version 18.5.0 (Current), @RafaelGSS
This is a security release.
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- (SEMVER-MAJOR) src,doc,test: add --openssl-shared-config option (Daniel Bevenius)
Node.js now reads nodejs_conf section in the openssl config
- deps: update archs files for quictls/openssl-3.0.5+quic (RafaelGSS)
- deps: upgrade openssl sources to quictls/openssl-3.0.5+quic (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.236 -r1.237 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.216 -r1.217 pkgsrc/lang/nodejs/distinfo
lang/nodejs: security update
Revisions pulled up:
- lang/nodejs/Makefile 1.237
- lang/nodejs/distinfo 1.217
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:31:15 UTC 2022
Modified Files:
pkgsrc/lang/nodejs: Makefile distinfo
Log Message:
nodejs: updated to 18.5.0
Version 18.5.0 (Current), @RafaelGSS
This is a security release.
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- (SEMVER-MAJOR) src,doc,test: add --openssl-shared-config option (Daniel Bevenius)
Node.js now reads nodejs_conf section in the openssl config
- deps: update archs files for quictls/openssl-3.0.5+quic (RafaelGSS)
- deps: upgrade openssl sources to quictls/openssl-3.0.5+quic (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.236 -r1.237 pkgsrc/lang/nodejs/Makefile
cvs rdiff -u -r1.216 -r1.217 pkgsrc/lang/nodejs/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6651 - requested by khorben
lang/nodejs16: security update
Revisions pulled up:
- lang/nodejs16/Makefile 1.3
- lang/nodejs16/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:30:19 UTC 2022
Modified Files:
pkgsrc/lang/nodejs16: Makefile distinfo
Log Message:
nodejs16: updated to 16.16.0
Version 16.16.0 'Gallium' (LTS)
This is a security release.
Notable changes
deps:
upgrade openssl sources to OpenSSL_1_1_1q (RafaelGSS)
src:
add OpenSSL config appname (Daniel Bevenius)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/nodejs16/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs16/distinfo
lang/nodejs16: security update
Revisions pulled up:
- lang/nodejs16/Makefile 1.3
- lang/nodejs16/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:30:19 UTC 2022
Modified Files:
pkgsrc/lang/nodejs16: Makefile distinfo
Log Message:
nodejs16: updated to 16.16.0
Version 16.16.0 'Gallium' (LTS)
This is a security release.
Notable changes
deps:
upgrade openssl sources to OpenSSL_1_1_1q (RafaelGSS)
src:
add OpenSSL config appname (Daniel Bevenius)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/nodejs16/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs16/distinfo
pkgsrc-2022Q2 commitmail json YAML
Pullup ticket #6650 - requested by khorben
lang/nodejs14: security update
Revisions pulled up:
- lang/nodejs14/Makefile 1.4
- lang/nodejs14/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:29:36 UTC 2022
Modified Files:
pkgsrc/lang/nodejs14: Makefile distinfo
Log Message:
nodejs14: updated to 14.20.0
Version 14.20.0 'Fermium' (LTS)
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- deps: upgrade openssl sources to 1.1.1q (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs14/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/nodejs14/distinfo
lang/nodejs14: security update
Revisions pulled up:
- lang/nodejs14/Makefile 1.4
- lang/nodejs14/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Jul 8 13:29:36 UTC 2022
Modified Files:
pkgsrc/lang/nodejs14: Makefile distinfo
Log Message:
nodejs14: updated to 14.20.0
Version 14.20.0 'Fermium' (LTS)
Notable Changes
- (SEMVER-MAJOR) src,deps,build,test: add OpenSSL config appname (Daniel Bevenius)
- deps: upgrade openssl sources to 1.1.1q (RafaelGSS)
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/nodejs14/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/nodejs14/distinfo
MAIN commitmail json YAML
build fix: dependency is now on ptexenc>=1.4.0
due to a change in argument list of input_line2()
due to a change in argument list of input_line2()
MAIN commitmail json YAML
make the files the package installs not writable by group or other
pkgsrc-2022Q1 commitmail json YAML
tickets #6635 #6636 #6639 #6640 #6641 #6642
pkgsrc-2022Q1 commitmail json YAML
Pullup ticket #6642 - requested by nia
lang/gcc6: build fix
Revisions pulled up:
- lang/gcc6/Makefile 1.36
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 12:21:44 UTC 2022
Modified Files:
pkgsrc/lang/gcc6: Makefile
Log Message:
gcc6: workaround: get this at least building by disabling RELRO
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/lang/gcc6/Makefile
lang/gcc6: build fix
Revisions pulled up:
- lang/gcc6/Makefile 1.36
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 12:21:44 UTC 2022
Modified Files:
pkgsrc/lang/gcc6: Makefile
Log Message:
gcc6: workaround: get this at least building by disabling RELRO
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/lang/gcc6/Makefile
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/databases/mariadb105-client/Makefile.common@1.15.2.1
/
diff
pkgsrc/databases/mariadb105-client/distinfo@1.11.2.1 / diff
pkgsrc/databases/mariadb105-client/patches/patch-CMakeLists.txt@1.1.8.1 / diff
pkgsrc/databases/mariadb105-server/PLIST@1.9.4.1 / diff
pkgsrc/databases/mariadb105-client/distinfo@1.11.2.1 / diff
pkgsrc/databases/mariadb105-client/patches/patch-CMakeLists.txt@1.1.8.1 / diff
pkgsrc/databases/mariadb105-server/PLIST@1.9.4.1 / diff
Pullup ticket #6641 - requested by nia
databases/mariadb105-client: security update
databases/mariadb105-server: security update
Revisions pulled up:
- databases/mariadb105-client/Makefile.common 1.16
- databases/mariadb105-client/distinfo 1.13
- databases/mariadb105-client/patches/patch-CMakeLists.txt 1.2
- databases/mariadb105-server/Makefile 1.25
- databases/mariadb105-server/PLIST 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 10:38:26 UTC 2022
Modified Files:
pkgsrc/databases/mariadb105-client: Makefile.common distinfo
pkgsrc/databases/mariadb105-client/patches: patch-CMakeLists.txt
pkgsrc/databases/mariadb105-server: Makefile PLIST
Log Message:
mariadb105: Update to 10.5.16
MariaDB 10.5.16 Release Notes
Notable Items
InnoDB
* innodb_disallow_writes removed (MDEV-25975)
* InnoDB gap locking fixes (MDEV-20605, MDEV-28422)
* InnoDB performance improvements (MDEV-27557, MDEV-28185)
Replication
* Server initialization time gtid_slave_pos purge related reason of
crashing in binlog background thread is removed (MDEV-26473)
* Shutdown of the semisync master can't produce inconsistent state
anymore (MDEV-11853)
* Binlogs disappear after rsync IST (MDEV-28583)
* autocommit=0 slave hang is eliminated (DBAAS-7828)
* master crash is eliminated in compressed semisync replication protocol
with packet counting amendment (MDEV-25580)
* OPTIMIZE on a sequence does not cause counterfactual
ER_BINLOG_UNSAFE_STATEMENT anymore (MDEV-24617)
* Automatically generated Gtid_log_list_event is made to recognize
within replication event group as a formal member (MDEV-28550)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE using two or more
unique key values at a time with MIXED format binlogging is corrected
(MDEV-28310)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE stops issuing
unnessary "Unsafe statement" with MIXED binlog format (MDEV-21810)
* Incomplete replication event groups are detected to error out by the
slave IO thread (MDEV-27697)
* mysqlbinlog --stop-never --raw now flushes the result file to disk
after each processed event so the file can be listed with the actual
bytes (MDEV-14608)
Backup
* Incorrect binlogs after Galera SST using rsync and mariabackup
(MDEV-27524)
* mariabackup does not detect multi-source replication slave
(MDEV-21037)
* Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>,
old maximum was 0" during backup stage (MDEV-27343)
* mariabackup prepare fails for incrementals if a new schema is created
after full backup is taken (MDEV-28446)
Optimizer
* A SEGV in Item_field::used_tables/update_depend_map_for_order...
(MDEV-26402)
* ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
(MDEV-27699)
* Subquery in an UPDATE query uses full scan instead of range
(MDEV-22377)
* Assertion `item1->type() = Item::FIELD_ITEM ... (MDEV-19398)
* Server crashes in Expression_cache_tracker::fetch_current_stats
(MDEV-28268)
* MariaDB server crash at Item_subselect::init_expr_cache_tracker
(MDEV-26164, MDEV-26047)
* Crash with union of my_decimal type in ORDER BY clause (MDEV-25994)
* SIGSEGV in st_join_table::cleanup (MDEV-24560)
* Assertion `!eliminated' failed in Item_subselect::exec (MDEV-28437)
General
* Server error messages are now available in Chinese (MDEV-28227)
* For RHEL/CentOS 7, non x86_64 architectures are no longer supported
upstream and so our support will also be dropped with this release
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-27376
* CVE-2022-27377
* CVE-2022-27378
* CVE-2022-27379
* CVE-2022-27380
* CVE-2022-27381
* CVE-2022-27382
* CVE-2022-27383
* CVE-2022-27384
* CVE-2022-27386
* CVE-2022-27387
* CVE-2022-27444
* CVE-2022-27445
* CVE-2022-27446
* CVE-2022-27447
* CVE-2022-27448
* CVE-2022-27449
* CVE-2022-27451
* CVE-2022-27452
* CVE-2022-27455
* CVE-2022-27456
* CVE-2022-27457
* CVE-2022-27458
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mariadb105-client/Makefile.common
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/mariadb105-client/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/databases/mariadb105-client/patches/patch-CMakeLists.txt
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mariadb105-server/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/mariadb105-server/PLIST
databases/mariadb105-client: security update
databases/mariadb105-server: security update
Revisions pulled up:
- databases/mariadb105-client/Makefile.common 1.16
- databases/mariadb105-client/distinfo 1.13
- databases/mariadb105-client/patches/patch-CMakeLists.txt 1.2
- databases/mariadb105-server/Makefile 1.25
- databases/mariadb105-server/PLIST 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 10:38:26 UTC 2022
Modified Files:
pkgsrc/databases/mariadb105-client: Makefile.common distinfo
pkgsrc/databases/mariadb105-client/patches: patch-CMakeLists.txt
pkgsrc/databases/mariadb105-server: Makefile PLIST
Log Message:
mariadb105: Update to 10.5.16
MariaDB 10.5.16 Release Notes
Notable Items
InnoDB
* innodb_disallow_writes removed (MDEV-25975)
* InnoDB gap locking fixes (MDEV-20605, MDEV-28422)
* InnoDB performance improvements (MDEV-27557, MDEV-28185)
Replication
* Server initialization time gtid_slave_pos purge related reason of
crashing in binlog background thread is removed (MDEV-26473)
* Shutdown of the semisync master can't produce inconsistent state
anymore (MDEV-11853)
* Binlogs disappear after rsync IST (MDEV-28583)
* autocommit=0 slave hang is eliminated (DBAAS-7828)
* master crash is eliminated in compressed semisync replication protocol
with packet counting amendment (MDEV-25580)
* OPTIMIZE on a sequence does not cause counterfactual
ER_BINLOG_UNSAFE_STATEMENT anymore (MDEV-24617)
* Automatically generated Gtid_log_list_event is made to recognize
within replication event group as a formal member (MDEV-28550)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE using two or more
unique key values at a time with MIXED format binlogging is corrected
(MDEV-28310)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE stops issuing
unnessary "Unsafe statement" with MIXED binlog format (MDEV-21810)
* Incomplete replication event groups are detected to error out by the
slave IO thread (MDEV-27697)
* mysqlbinlog --stop-never --raw now flushes the result file to disk
after each processed event so the file can be listed with the actual
bytes (MDEV-14608)
Backup
* Incorrect binlogs after Galera SST using rsync and mariabackup
(MDEV-27524)
* mariabackup does not detect multi-source replication slave
(MDEV-21037)
* Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>,
old maximum was 0" during backup stage (MDEV-27343)
* mariabackup prepare fails for incrementals if a new schema is created
after full backup is taken (MDEV-28446)
Optimizer
* A SEGV in Item_field::used_tables/update_depend_map_for_order...
(MDEV-26402)
* ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
(MDEV-27699)
* Subquery in an UPDATE query uses full scan instead of range
(MDEV-22377)
* Assertion `item1->type() = Item::FIELD_ITEM ... (MDEV-19398)
* Server crashes in Expression_cache_tracker::fetch_current_stats
(MDEV-28268)
* MariaDB server crash at Item_subselect::init_expr_cache_tracker
(MDEV-26164, MDEV-26047)
* Crash with union of my_decimal type in ORDER BY clause (MDEV-25994)
* SIGSEGV in st_join_table::cleanup (MDEV-24560)
* Assertion `!eliminated' failed in Item_subselect::exec (MDEV-28437)
General
* Server error messages are now available in Chinese (MDEV-28227)
* For RHEL/CentOS 7, non x86_64 architectures are no longer supported
upstream and so our support will also be dropped with this release
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-27376
* CVE-2022-27377
* CVE-2022-27378
* CVE-2022-27379
* CVE-2022-27380
* CVE-2022-27381
* CVE-2022-27382
* CVE-2022-27383
* CVE-2022-27384
* CVE-2022-27386
* CVE-2022-27387
* CVE-2022-27444
* CVE-2022-27445
* CVE-2022-27446
* CVE-2022-27447
* CVE-2022-27448
* CVE-2022-27449
* CVE-2022-27451
* CVE-2022-27452
* CVE-2022-27455
* CVE-2022-27456
* CVE-2022-27457
* CVE-2022-27458
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mariadb105-client/Makefile.common
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/mariadb105-client/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/databases/mariadb105-client/patches/patch-CMakeLists.txt
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mariadb105-server/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/mariadb105-server/PLIST
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/databases/mariadb106-client/Makefile.common@1.7.2.1
/
diff
pkgsrc/databases/mariadb106-client/distinfo@1.6.2.1 / diff
pkgsrc/databases/mariadb106-client/patches/patch-CMakeLists.txt@1.2.4.1 / diff
pkgsrc/databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h@1.2.2.1 / diff
pkgsrc/databases/mariadb106-server/PLIST@1.6.4.1 / diff
pkgsrc/databases/mariadb106-client/distinfo@1.6.2.1 / diff
pkgsrc/databases/mariadb106-client/patches/patch-CMakeLists.txt@1.2.4.1 / diff
pkgsrc/databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h@1.2.2.1 / diff
pkgsrc/databases/mariadb106-server/PLIST@1.6.4.1 / diff
Pullup ticket #6640 - requested by nia
databases/mariadb106-client: security update
databases/mariadb106-server: security update
Revisions pulled up:
- databases/mariadb106-client/Makefile.common 1.8
- databases/mariadb106-client/distinfo 1.9
- databases/mariadb106-client/patches/patch-CMakeLists.txt 1.3
- databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h 1.3
- databases/mariadb106-server/Makefile 1.15
- databases/mariadb106-server/PLIST 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 09:36:03 UTC 2022
Modified Files:
pkgsrc/databases/mariadb106-client: Makefile.common distinfo
pkgsrc/databases/mariadb106-client/patches: patch-CMakeLists.txt
patch-storage_innobase_include_transactional__lock__guard.h
pkgsrc/databases/mariadb106-server: Makefile PLIST
Log Message:
mariadb106: update to 10.6.8
MariaDB 10.6.8 Release Notes
Notable Items
InnoDB
* innodb_disallow_writes removed (MDEV-25975)
* InnoDB gap locking fixes (MDEV-20605, MDEV-28422)
* InnoDB performance improvements (MDEV-27557, MDEV-28185, MDEV-27767,
MDEV-28313, MDEV-28137, MDEV-28465, MDEV-26789)
* Backup regression fixes (MDEV-27919)
* InnoDB portability: FreeBSD futexes (MDEV-26476), POWER and s390x
transactional memory (MDEV-27956)
* ALTER TABLE: Fixed bogus duplicate key errors (MDEV-15250)
* DDL and crash recovery fixes (MDEV-27274, MDEV-27234, MDEV-27817)
* Requests to recalculate persistent statistics were sometimes lost
(MDEV-27805)
Replication
* Semisync-slave server recovery is refined to correctly rollback
prepared transaction (MDEV-28461)
* Circular semisync setup endless event circulation is handled
(MDEV-27760)
* Semisync-slave server recovery is extended to work on new server_id
server (MDEV-27342)
* Server initialization time gtid_slave_pos purge related reason of
crashing in binlog background thread is removed (MDEV-26473)
* Shutdown of the semisync master can't produce inconsistent state
anymore (MDEV-11853)
* Binlogs disappear after rsync IST (MDEV-28583)
* autocommit=0 slave hang is eliminated (DBAAS-7828)
* master crash is eliminated in compressed semisync replication protocol
with packet counting amendment (MDEV-25580)
* OPTIMIZE on a sequence does not cause counterfactual
ER_BINLOG_UNSAFE_STATEMENT anymore (MDEV-24617)
* Automatically generated Gtid_log_list_event is made to recognize
within replication event group as a formal member (MDEV-28550)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE using two or more
unique key values at a time with MIXED format binlogging is corrected
(MDEV-28310)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE stops issuing
unnessary "Unsafe statement" with MIXED binlog format (MDEV-21810)
* Incomplete replication event groups are detected to error out by the
slave IO thread (MDEV-27697)
* mysqlbinlog --stop-never --raw now flushes the result file to disk
after each processed event so the file can be listed with the actual
bytes (MDEV-14608)
Backup
* Incorrect binlogs after Galera SST using rsync and mariabackup
(MDEV-27524)
* mariabackup does not detect multi-source replication slave
(MDEV-21037)
* Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>,
old maximum was 0" during backup stage (MDEV-27343)
* mariabackup prepare fails for incrementals if a new schema is created
after full backup is taken (MDEV-28446)
Optimizer
* Query performance degradation in newer MariaDB versions when using
many tables (MDEV-28073)
* A SEGV in Item_field::used_tables/update_depend_map_for_order...
(MDEV-26402)
* ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
(MDEV-27699)
* Subquery in an UPDATE query uses full scan instead of range
(MDEV-22377)
* Assertion `item1->type() = Item::FIELD_ITEM ... (MDEV-19398)
* Server crashes in Expression_cache_tracker::fetch_current_stats
(MDEV-28268)
* MariaDB server crash at Item_subselect::init_expr_cache_tracker
(MDEV-26164, MDEV-26047)
* Crash with union of my_decimal type in ORDER BY clause (MDEV-25994)
* SIGSEGV in st_join_table::cleanup (MDEV-24560)
* Assertion `!eliminated' failed in Item_subselect::exec (MDEV-28437)
General
* Server error messages are now available in Chinese (MDEV-28227)
* For RHEL/CentOS 7, non x86_64 architectures are no longer supported
upstream and so our support will also be dropped with this release
* Packages for Ubuntu 22.04 LTS "Jammy" and Fedora 36 are not yet
available pending the resolution of MDEV-28133: Backport OpenSSL-3.0
compatibility to 10.6 branch
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-27376
* CVE-2022-27377
* CVE-2022-27378
* CVE-2022-27379
* CVE-2022-27380
* CVE-2022-27381
* CVE-2022-27382
* CVE-2022-27383
* CVE-2022-27384
* CVE-2022-27386
* CVE-2022-27387
* CVE-2022-27444
* CVE-2022-27445
* CVE-2022-27446
* CVE-2022-27447
* CVE-2022-27448
* CVE-2022-27449
* CVE-2022-27451
* CVE-2022-27452
* CVE-2022-27455
* CVE-2022-27456
* CVE-2022-27457
* CVE-2022-27458
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/mariadb106-client/Makefile.common
cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/mariadb106-client/distinfo
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/databases/mariadb106-client/patches/patch-CMakeLists.txt \
pkgsrc/databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/mariadb106-server/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/mariadb106-server/PLIST
databases/mariadb106-client: security update
databases/mariadb106-server: security update
Revisions pulled up:
- databases/mariadb106-client/Makefile.common 1.8
- databases/mariadb106-client/distinfo 1.9
- databases/mariadb106-client/patches/patch-CMakeLists.txt 1.3
- databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h 1.3
- databases/mariadb106-server/Makefile 1.15
- databases/mariadb106-server/PLIST 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 09:36:03 UTC 2022
Modified Files:
pkgsrc/databases/mariadb106-client: Makefile.common distinfo
pkgsrc/databases/mariadb106-client/patches: patch-CMakeLists.txt
patch-storage_innobase_include_transactional__lock__guard.h
pkgsrc/databases/mariadb106-server: Makefile PLIST
Log Message:
mariadb106: update to 10.6.8
MariaDB 10.6.8 Release Notes
Notable Items
InnoDB
* innodb_disallow_writes removed (MDEV-25975)
* InnoDB gap locking fixes (MDEV-20605, MDEV-28422)
* InnoDB performance improvements (MDEV-27557, MDEV-28185, MDEV-27767,
MDEV-28313, MDEV-28137, MDEV-28465, MDEV-26789)
* Backup regression fixes (MDEV-27919)
* InnoDB portability: FreeBSD futexes (MDEV-26476), POWER and s390x
transactional memory (MDEV-27956)
* ALTER TABLE: Fixed bogus duplicate key errors (MDEV-15250)
* DDL and crash recovery fixes (MDEV-27274, MDEV-27234, MDEV-27817)
* Requests to recalculate persistent statistics were sometimes lost
(MDEV-27805)
Replication
* Semisync-slave server recovery is refined to correctly rollback
prepared transaction (MDEV-28461)
* Circular semisync setup endless event circulation is handled
(MDEV-27760)
* Semisync-slave server recovery is extended to work on new server_id
server (MDEV-27342)
* Server initialization time gtid_slave_pos purge related reason of
crashing in binlog background thread is removed (MDEV-26473)
* Shutdown of the semisync master can't produce inconsistent state
anymore (MDEV-11853)
* Binlogs disappear after rsync IST (MDEV-28583)
* autocommit=0 slave hang is eliminated (DBAAS-7828)
* master crash is eliminated in compressed semisync replication protocol
with packet counting amendment (MDEV-25580)
* OPTIMIZE on a sequence does not cause counterfactual
ER_BINLOG_UNSAFE_STATEMENT anymore (MDEV-24617)
* Automatically generated Gtid_log_list_event is made to recognize
within replication event group as a formal member (MDEV-28550)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE using two or more
unique key values at a time with MIXED format binlogging is corrected
(MDEV-28310)
* Replication unsafe INSERT .. ON DUPLICATE KEY UPDATE stops issuing
unnessary "Unsafe statement" with MIXED binlog format (MDEV-21810)
* Incomplete replication event groups are detected to error out by the
slave IO thread (MDEV-27697)
* mysqlbinlog --stop-never --raw now flushes the result file to disk
after each processed event so the file can be listed with the actual
bytes (MDEV-14608)
Backup
* Incorrect binlogs after Galera SST using rsync and mariabackup
(MDEV-27524)
* mariabackup does not detect multi-source replication slave
(MDEV-21037)
* Useless warning "InnoDB: Allocated tablespace ID <id> for <tablename>,
old maximum was 0" during backup stage (MDEV-27343)
* mariabackup prepare fails for incrementals if a new schema is created
after full backup is taken (MDEV-28446)
Optimizer
* Query performance degradation in newer MariaDB versions when using
many tables (MDEV-28073)
* A SEGV in Item_field::used_tables/update_depend_map_for_order...
(MDEV-26402)
* ANALYZE FORMAT=JSON fields are incorrect for UNION ALL queries
(MDEV-27699)
* Subquery in an UPDATE query uses full scan instead of range
(MDEV-22377)
* Assertion `item1->type() = Item::FIELD_ITEM ... (MDEV-19398)
* Server crashes in Expression_cache_tracker::fetch_current_stats
(MDEV-28268)
* MariaDB server crash at Item_subselect::init_expr_cache_tracker
(MDEV-26164, MDEV-26047)
* Crash with union of my_decimal type in ORDER BY clause (MDEV-25994)
* SIGSEGV in st_join_table::cleanup (MDEV-24560)
* Assertion `!eliminated' failed in Item_subselect::exec (MDEV-28437)
General
* Server error messages are now available in Chinese (MDEV-28227)
* For RHEL/CentOS 7, non x86_64 architectures are no longer supported
upstream and so our support will also be dropped with this release
* Packages for Ubuntu 22.04 LTS "Jammy" and Fedora 36 are not yet
available pending the resolution of MDEV-28133: Backport OpenSSL-3.0
compatibility to 10.6 branch
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-27376
* CVE-2022-27377
* CVE-2022-27378
* CVE-2022-27379
* CVE-2022-27380
* CVE-2022-27381
* CVE-2022-27382
* CVE-2022-27383
* CVE-2022-27384
* CVE-2022-27386
* CVE-2022-27387
* CVE-2022-27444
* CVE-2022-27445
* CVE-2022-27446
* CVE-2022-27447
* CVE-2022-27448
* CVE-2022-27449
* CVE-2022-27451
* CVE-2022-27452
* CVE-2022-27455
* CVE-2022-27456
* CVE-2022-27457
* CVE-2022-27458
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/mariadb106-client/Makefile.common
cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/mariadb106-client/distinfo
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/databases/mariadb106-client/patches/patch-CMakeLists.txt \
pkgsrc/databases/mariadb106-client/patches/patch-storage_innobase_include_transactional__lock__guard.h
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/mariadb106-server/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/mariadb106-server/PLIST
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/print/poppler/Makefile.common@1.132.2.1
/
diff
pkgsrc/print/poppler/buildlink3.mk@1.88.4.1 / diff
pkgsrc/print/poppler/buildlink3.mk@1.88.4.1 / diff
Pullup ticket #6639 - requested by nia
print/poppler: build fix
Revisions pulled up:
- print/poppler/Makefile.common 1.134
- print/poppler/buildlink3.mk 1.90
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 07:43:57 UTC 2022
Modified Files:
pkgsrc/print/poppler: Makefile.common buildlink3.mk
Log Message:
poppler: Bump GCC requirement to GCC 7, it wants std::optional.
To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/print/poppler/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/print/poppler/buildlink3.mk
print/poppler: build fix
Revisions pulled up:
- print/poppler/Makefile.common 1.134
- print/poppler/buildlink3.mk 1.90
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Sat May 21 07:43:57 UTC 2022
Modified Files:
pkgsrc/print/poppler: Makefile.common buildlink3.mk
Log Message:
poppler: Bump GCC requirement to GCC 7, it wants std::optional.
To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/print/poppler/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/print/poppler/buildlink3.mk
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/www/firefox91-l10n/Makefile@1.9.2.2
/
diff
pkgsrc/www/firefox91-l10n/distinfo@1.11.2.2 / diff
pkgsrc/www/firefox91-l10n/distinfo@1.11.2.2 / diff
Pullup ticket #6636 - requested by nia
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.11
- www/firefox91-l10n/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:21:29 UTC 2022
Modified Files:
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91-l10n: sync with firefox91
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/distinfo
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.11
- www/firefox91-l10n/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:21:29 UTC 2022
Modified Files:
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91-l10n: sync with firefox91
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/www/firefox91/Makefile@1.15.2.2
/
diff
pkgsrc/www/firefox91/distinfo@1.11.2.2 / diff
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js@1.1.6.1 / diff
pkgsrc/www/firefox91/distinfo@1.11.2.2 / diff
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js@1.1.6.1 / diff
Pullup ticket #6635 - requested by nia
www/firefox91: security update
Revisions pulled up:
- www/firefox91/Makefile 1.18
- www/firefox91/distinfo 1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:16:00 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js
Log Message:
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
www/firefox91: security update
Revisions pulled up:
- www/firefox91/Makefile 1.18
- www/firefox91/distinfo 1.13
- www/firefox91/patches/patch-browser_app_profile_firefox.js 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Mon May 16 21:16:00 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91/patches: patch-browser_app_profile_firefox.js
Log Message:
firefox91: update to 91.9.0
Security Vulnerabilities fixed in Firefox ESR 91.9
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/www/firefox91/patches/patch-browser_app_profile_firefox.js
pkgsrc-2022Q1 commitmail json YAML
pullups #6628 #6629 #6630 #6631
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/databases/ruby-activerecord70/distinfo@1.4.2.1
/
diff
pkgsrc/devel/ruby-activejob70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activemodel70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activestorage70/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-activestorage70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activesupport70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-railties70/distinfo@1.4.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.4 / diff
pkgsrc/mail/ruby-actionmailbox70/distinfo@1.4.2.1 / diff
pkgsrc/mail/ruby-actionmailer70/distinfo@1.4.2.1 / diff
pkgsrc/textproc/ruby-actiontext70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-actioncable70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-actionpack70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-actionview70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-rails70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activejob70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activemodel70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activestorage70/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-activestorage70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-activesupport70/distinfo@1.4.2.1 / diff
pkgsrc/devel/ruby-railties70/distinfo@1.4.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.4 / diff
pkgsrc/mail/ruby-actionmailbox70/distinfo@1.4.2.1 / diff
pkgsrc/mail/ruby-actionmailer70/distinfo@1.4.2.1 / diff
pkgsrc/textproc/ruby-actiontext70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-actioncable70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-actionpack70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-actionview70/distinfo@1.4.2.1 / diff
pkgsrc/www/ruby-rails70/distinfo@1.4.2.1 / diff
Pullup ticket #6631 - requested by taca
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
lang/ruby: version info update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.5
- devel/ruby-activejob70/distinfo 1.5
- devel/ruby-activemodel70/distinfo 1.5
- devel/ruby-activestorage70/Makefile 1.4
- devel/ruby-activestorage70/distinfo 1.5
- devel/ruby-activesupport70/distinfo 1.5
- devel/ruby-railties70/distinfo 1.5
- lang/ruby/rails.mk 1.122
- mail/ruby-actionmailbox70/distinfo 1.5
- mail/ruby-actionmailer70/distinfo 1.5
- textproc/ruby-actiontext70/distinfo 1.5
- www/ruby-actioncable70/distinfo 1.5
- www/ruby-actionpack70/distinfo 1.5
- www/ruby-actionview70/distinfo 1.5
- www/ruby-rails70/distinfo 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:39:02 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 7.0.2.4
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:39:53 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport70: distinfo
Log Message:
devel/ruby-activesupport70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activesupport70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:40:27 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview70: distinfo
Log Message:
www/ruby-actionview70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionview70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:40:53 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack70: distinfo
Log Message:
www/ruby-actionpack70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:41:42 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: Makefile distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
Update rest of Ruby on Rails 70 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activestorage70/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-rails70/distinfo
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
lang/ruby: version info update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.5
- devel/ruby-activejob70/distinfo 1.5
- devel/ruby-activemodel70/distinfo 1.5
- devel/ruby-activestorage70/Makefile 1.4
- devel/ruby-activestorage70/distinfo 1.5
- devel/ruby-activesupport70/distinfo 1.5
- devel/ruby-railties70/distinfo 1.5
- lang/ruby/rails.mk 1.122
- mail/ruby-actionmailbox70/distinfo 1.5
- mail/ruby-actionmailer70/distinfo 1.5
- textproc/ruby-actiontext70/distinfo 1.5
- www/ruby-actioncable70/distinfo 1.5
- www/ruby-actionpack70/distinfo 1.5
- www/ruby-actionview70/distinfo 1.5
- www/ruby-rails70/distinfo 1.5
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:39:02 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 7.0.2.4
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:39:53 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport70: distinfo
Log Message:
devel/ruby-activesupport70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activesupport70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:40:27 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview70: distinfo
Log Message:
www/ruby-actionview70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionview70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:40:53 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack70: distinfo
Log Message:
www/ruby-actionpack70: update to 7.0.2.4
## Rails 7.0.2.4 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack70/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:41:42 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: Makefile distinfo
pkgsrc/devel/ruby-railties70: distinfo
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
Update rest of Ruby on Rails 70 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activestorage70/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-rails70/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/databases/ruby-activerecord61/distinfo@1.11.2.1
/
diff
pkgsrc/devel/ruby-activejob61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activemodel61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activestorage61/Makefile@1.4.2.1 / diff
pkgsrc/devel/ruby-activestorage61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activesupport61/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-activesupport61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-railties61/distinfo@1.11.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.3 / diff
pkgsrc/mail/ruby-actionmailbox61/PLIST@1.1.10.1 / diff
pkgsrc/mail/ruby-actionmailbox61/distinfo@1.11.2.1 / diff
pkgsrc/mail/ruby-actionmailer61/PLIST@1.1.10.1 / diff
pkgsrc/mail/ruby-actionmailer61/distinfo@1.11.2.1 / diff
pkgsrc/textproc/ruby-actiontext61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-actioncable61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-actionpack61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-actionview61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-rails61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activejob61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activemodel61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activestorage61/Makefile@1.4.2.1 / diff
pkgsrc/devel/ruby-activestorage61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-activesupport61/Makefile@1.3.2.1 / diff
pkgsrc/devel/ruby-activesupport61/distinfo@1.11.2.1 / diff
pkgsrc/devel/ruby-railties61/distinfo@1.11.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.3 / diff
pkgsrc/mail/ruby-actionmailbox61/PLIST@1.1.10.1 / diff
pkgsrc/mail/ruby-actionmailbox61/distinfo@1.11.2.1 / diff
pkgsrc/mail/ruby-actionmailer61/PLIST@1.1.10.1 / diff
pkgsrc/mail/ruby-actionmailer61/distinfo@1.11.2.1 / diff
pkgsrc/textproc/ruby-actiontext61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-actioncable61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-actionpack61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-actionview61/distinfo@1.11.2.1 / diff
pkgsrc/www/ruby-rails61/distinfo@1.11.2.1 / diff
Pullup ticket #6630 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
lang/ruby: version info update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.12
- devel/ruby-activejob61/distinfo 1.12
- devel/ruby-activemodel61/distinfo 1.12
- devel/ruby-activestorage61/Makefile 1.5
- devel/ruby-activestorage61/distinfo 1.12
- devel/ruby-activesupport61/Makefile 1.4
- devel/ruby-activesupport61/distinfo 1.12
- devel/ruby-railties61/distinfo 1.12
- lang/ruby/rails.mk 1.121
- mail/ruby-actionmailbox61/PLIST 1.2
- mail/ruby-actionmailbox61/distinfo 1.12
- mail/ruby-actionmailer61/PLIST 1.2
- mail/ruby-actionmailer61/distinfo 1.12
- textproc/ruby-actiontext61/distinfo 1.12
- www/ruby-actioncable61/distinfo 1.12
- www/ruby-actionpack61/distinfo 1.12
- www/ruby-actionview61/distinfo 1.12
- www/ruby-rails61/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:38:25 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:28:21 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport61: Makefile distinfo
Log Message:
devel/ruby-activesupport61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveSupport::Duration.build` to support negative values.
The algorithm to collect the `parts` of the `ActiveSupport::Duration`
ignored the sign of the `value` and accumulated incorrect part values. This
impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
*Caleb Buxton*, *Braden Staudacher*
* `Time#change` and methods that call it (eg. `Time#advance`) will now
return a `Time` with the timezone argument provided, if the caller was
initialized with a timezone argument.
Fixes [#42467](https://github.com/rails/rails/issues/42467).
*Alex Ghiculescu*
* Clone to keep extended Logger methods for tagged logger.
*Orhan Toy*
* `assert_changes` works on including `ActiveSupport::Assertions` module.
*Pedro Medeiros*
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:28:57 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activemodel61: distinfo
Log Message:
devel/ruby-activemodel61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Clear secure password cache if password is set to `nil`
Before:
user.password = 'something'
user.password = nil
user.password # => 'something'
Now:
user.password = 'something'
user.password = nil
user.password # => nil
*Markus Doits*
* Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup`
Passing a last positional argument `{}` would be incorrectly considered as keyword argument.
*Benoit Daloze*
* Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object.
*Ryuta Kamizono*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:29:32 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview61: distinfo
Log Message:
www/ruby-actionview61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* `preload_link_tag` properly inserts `as` attributes for files with `image` MIME
types, such as JPG or SVG.
*Nate Berkopec*
* Add `autocomplete="off"` to all generated hidden fields.
Fixes #42610.
*Ryan Baumann*
* Fix `current_page?` when URL has trailing slash.
This fixes the `current_page?` helper when the given URL has a trailing slash,
and is an absolute URL or also has query params.
Fixes #33956.
*Jonathan Hefner*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:30:02 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack61: distinfo
Log Message:
www/ruby-actionpack61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `content_security_policy` returning invalid directives.
Directives such as `self`, `unsafe-eval` and few others were not
single quoted when the directive was the result of calling a lambda
returning an array.
```ruby
content_security_policy do |policy|
policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
```
With this fix the policy generated from above will now be valid.
*Edouard Chin*
* Update `HostAuthorization` middleware to render debug info only
when `config.consider_all_requests_local` is set to true.
Also, blocked host info is always logged with level `error`.
Fixes #42813.
*Nikita Vyrko*
* Dup arrays that get "converted".
Fixes #43681.
*Aaron Patterson*
* Don't show deprecation warning for equal paths.
*Anton Rieder*
* Fix crash in `ActionController::Instrumentation` with invalid HTTP formats.
Fixes #43094.
*Alex Ghiculescu*
* Add fallback host for SystemTestCase driven by RackTest.
Fixes #42780.
*Petrik de Heus*
* Add more detail about what hosts are allowed.
*Alex Ghiculescu*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:30:33 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
Log Message:
databases/ruby-activerecord61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6.
Ruby 2.6 and 2.7 have slightly different implementations of the `String#@-` method.
In Ruby 2.6, the receiver of the `String#@-` method is modified under certain circumstances.
This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
fixed in Ruby 2.7.
Before the changes in this commit, the
`ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally
calls the `String#@-` method, could also modify an input string argument in Ruby 2.6 --
changing a tainted, unfrozen string into a tainted, frozen string.
Fixes #43056
*Eric O'Hanlon*
* Fix migration compatibility to create SQLite references/belongs_to column as integer when
migration version is 6.0.
`reference`/`belongs_to` in migrations with version 6.0 were creating columns as
bigint instead of integer for the SQLite Adapter.
*Marcelo Lauxen*
* Fix dbconsole for 3-tier config.
*Eileen M. Uchitelle*
* Better handle SQL queries with invalid encoding.
```ruby
Post.create(name: "broken \xC8 UTF-8")
```
Would cause all adapters to fail in a non controlled way in the code
responsible to detect write queries.
The query is now properly passed to the database connection, which might or might
not be able to handle it, but will either succeed or failed in a more correct way.
*Jean Boussier*
* Ignore persisted in-memory records when merging target lists.
*Kevin Sj�berg*
* Fix regression bug that caused ignoring additional conditions for preloading
`has_many` through relations.
Fixes #43132
*Alexander Pauly*
* Fix `ActiveRecord::InternalMetadata` to not be broken by
`config.active_record.record_timestamps = false`
Since the model always create the timestamp columns, it has to set them, otherwise it breaks
various DB management tasks.
Fixes #42983
*Jean Boussier*
* Fix duplicate active record objects on `inverse_of`.
*Justin Carvalho*
* Fix duplicate objects stored in has many association after save.
Fixes #42549.
*Alex Ghiculescu*
* Fix performance regression in `CollectionAssocation#build`.
*Alex Ghiculescu*
* Fix retrieving default value for text column for MariaDB.
*fatkodima*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:31:02 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activestorage61: Makefile distinfo
Log Message:
devel/ruby-activestorage61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Attachments can be deleted after their association is no longer defined.
Fixes #42514
*Don Sisco*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:31:47 UTC 2022
Modified Files:
pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo
Log Message:
mail/ruby-actionmailbox61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Add `attachments` to the list of permitted parameters for inbound emails conductor.
When using the conductor to test inbound emails with attachments, this prevents an
unpermitted parameter warning in default configurations, and prevents errors for
applications that set:
```ruby
config.action_controller.action_on_unpermitted_parameters = :raise
```
*David Jones*, *Dana Henke*
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:32:28 UTC 2022
Modified Files:
pkgsrc/www/ruby-actioncable61: distinfo
Log Message:
www/ruby-actioncable61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* The Action Cable client now ensures successful channel subscriptions:
* The client maintains a set of pending subscriptions until either
the server confirms the subscription or the channel is torn down.
* Rectifies the race condition where an unsubscribe is rapidly followed
by a subscribe (on the same channel identifier) and the requests are
handled out of order by the ActionCable server, thereby ignoring the
subscribe command.
*Daniel Spinosa*
* Truncate broadcast logging messages.
*J Smith*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:32:59 UTC 2022
Modified Files:
pkgsrc/devel/ruby-railties61: distinfo
Log Message:
devel/ruby-railties61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it.
This order plays better with shared namespaces.
*Xavier Noria*
* Handle paths with spaces when editing credentials.
*Alex Ghiculescu*
* Support Psych 4 when loading secrets.
*Nat Morcos*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:33:27 UTC 2022
Modified Files:
pkgsrc/textproc/ruby-actiontext61: distinfo
Log Message:
textproc/ruby-actiontext61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Fix Action Text extra trix content wrapper.
*Alexandre Ruban*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:34:37 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/mail/ruby-actionmailer61: PLIST distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
Update rest of Ruby on Rails 61 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
lang/ruby: version info update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.12
- devel/ruby-activejob61/distinfo 1.12
- devel/ruby-activemodel61/distinfo 1.12
- devel/ruby-activestorage61/Makefile 1.5
- devel/ruby-activestorage61/distinfo 1.12
- devel/ruby-activesupport61/Makefile 1.4
- devel/ruby-activesupport61/distinfo 1.12
- devel/ruby-railties61/distinfo 1.12
- lang/ruby/rails.mk 1.121
- mail/ruby-actionmailbox61/PLIST 1.2
- mail/ruby-actionmailbox61/distinfo 1.12
- mail/ruby-actionmailer61/PLIST 1.2
- mail/ruby-actionmailer61/distinfo 1.12
- textproc/ruby-actiontext61/distinfo 1.12
- www/ruby-actioncable61/distinfo 1.12
- www/ruby-actionpack61/distinfo 1.12
- www/ruby-actionview61/distinfo 1.12
- www/ruby-rails61/distinfo 1.12
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:38:25 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: Really update of Ruby on Rails to 6.1.5.1
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:28:21 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport61: Makefile distinfo
Log Message:
devel/ruby-activesupport61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveSupport::Duration.build` to support negative values.
The algorithm to collect the `parts` of the `ActiveSupport::Duration`
ignored the sign of the `value` and accumulated incorrect part values. This
impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
*Caleb Buxton*, *Braden Staudacher*
* `Time#change` and methods that call it (eg. `Time#advance`) will now
return a `Time` with the timezone argument provided, if the caller was
initialized with a timezone argument.
Fixes [#42467](https://github.com/rails/rails/issues/42467).
*Alex Ghiculescu*
* Clone to keep extended Logger methods for tagged logger.
*Orhan Toy*
* `assert_changes` works on including `ActiveSupport::Assertions` module.
*Pedro Medeiros*
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-activesupport61/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activesupport61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:28:57 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activemodel61: distinfo
Log Message:
devel/ruby-activemodel61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Clear secure password cache if password is set to `nil`
Before:
user.password = 'something'
user.password = nil
user.password # => 'something'
Now:
user.password = 'something'
user.password = nil
user.password # => nil
*Markus Doits*
* Fix delegation in `ActiveModel::Type::Registry#lookup` and `ActiveModel::Type.lookup`
Passing a last positional argument `{}` would be incorrectly considered as keyword argument.
*Benoit Daloze*
* Fix `to_json` after `changes_applied` for `ActiveModel::Dirty` object.
*Ryuta Kamizono*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activemodel61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:29:32 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview61: distinfo
Log Message:
www/ruby-actionview61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* `preload_link_tag` properly inserts `as` attributes for files with `image` MIME
types, such as JPG or SVG.
*Nate Berkopec*
* Add `autocomplete="off"` to all generated hidden fields.
Fixes #42610.
*Ryan Baumann*
* Fix `current_page?` when URL has trailing slash.
This fixes the `current_page?` helper when the given URL has a trailing slash,
and is an absolute URL or also has query params.
Fixes #33956.
*Jonathan Hefner*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionview61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:30:02 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack61: distinfo
Log Message:
www/ruby-actionpack61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `content_security_policy` returning invalid directives.
Directives such as `self`, `unsafe-eval` and few others were not
single quoted when the directive was the result of calling a lambda
returning an array.
```ruby
content_security_policy do |policy|
policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
```
With this fix the policy generated from above will now be valid.
*Edouard Chin*
* Update `HostAuthorization` middleware to render debug info only
when `config.consider_all_requests_local` is set to true.
Also, blocked host info is always logged with level `error`.
Fixes #42813.
*Nikita Vyrko*
* Dup arrays that get "converted".
Fixes #43681.
*Aaron Patterson*
* Don't show deprecation warning for equal paths.
*Anton Rieder*
* Fix crash in `ActionController::Instrumentation` with invalid HTTP formats.
Fixes #43094.
*Alex Ghiculescu*
* Add fallback host for SystemTestCase driven by RackTest.
Fixes #42780.
*Petrik de Heus*
* Add more detail about what hosts are allowed.
*Alex Ghiculescu*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actionpack61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:30:33 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
Log Message:
databases/ruby-activerecord61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` for Ruby 2.6.
Ruby 2.6 and 2.7 have slightly different implementations of the `String#@-` method.
In Ruby 2.6, the receiver of the `String#@-` method is modified under certain circumstances.
This was later identified as a bug (https://bugs.ruby-lang.org/issues/15926) and only
fixed in Ruby 2.7.
Before the changes in this commit, the
`ActiveRecord::ConnectionAdapters::SchemaCache#deep_deduplicate` method, which internally
calls the `String#@-` method, could also modify an input string argument in Ruby 2.6 --
changing a tainted, unfrozen string into a tainted, frozen string.
Fixes #43056
*Eric O'Hanlon*
* Fix migration compatibility to create SQLite references/belongs_to column as integer when
migration version is 6.0.
`reference`/`belongs_to` in migrations with version 6.0 were creating columns as
bigint instead of integer for the SQLite Adapter.
*Marcelo Lauxen*
* Fix dbconsole for 3-tier config.
*Eileen M. Uchitelle*
* Better handle SQL queries with invalid encoding.
```ruby
Post.create(name: "broken \xC8 UTF-8")
```
Would cause all adapters to fail in a non controlled way in the code
responsible to detect write queries.
The query is now properly passed to the database connection, which might or might
not be able to handle it, but will either succeed or failed in a more correct way.
*Jean Boussier*
* Ignore persisted in-memory records when merging target lists.
*Kevin Sj�berg*
* Fix regression bug that caused ignoring additional conditions for preloading
`has_many` through relations.
Fixes #43132
*Alexander Pauly*
* Fix `ActiveRecord::InternalMetadata` to not be broken by
`config.active_record.record_timestamps = false`
Since the model always create the timestamp columns, it has to set them, otherwise it breaks
various DB management tasks.
Fixes #42983
*Jean Boussier*
* Fix duplicate active record objects on `inverse_of`.
*Justin Carvalho*
* Fix duplicate objects stored in has many association after save.
Fixes #42549.
*Alex Ghiculescu*
* Fix performance regression in `CollectionAssocation#build`.
*Alex Ghiculescu*
* Fix retrieving default value for text column for MariaDB.
*fatkodima*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/ruby-activerecord61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:31:02 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activestorage61: Makefile distinfo
Log Message:
devel/ruby-activestorage61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Attachments can be deleted after their association is no longer defined.
Fixes #42514
*Don Sisco*
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-activestorage61/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activestorage61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:31:47 UTC 2022
Modified Files:
pkgsrc/mail/ruby-actionmailbox61: PLIST distinfo
Log Message:
mail/ruby-actionmailbox61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Add `attachments` to the list of permitted parameters for inbound emails conductor.
When using the conductor to test inbound emails with attachments, this prevents an
unpermitted parameter warning in default configurations, and prevents errors for
applications that set:
```ruby
config.action_controller.action_on_unpermitted_parameters = :raise
```
*David Jones*, *Dana Henke*
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailbox61/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailbox61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:32:28 UTC 2022
Modified Files:
pkgsrc/www/ruby-actioncable61: distinfo
Log Message:
www/ruby-actioncable61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* The Action Cable client now ensures successful channel subscriptions:
* The client maintains a set of pending subscriptions until either
the server confirms the subscription or the channel is torn down.
* Rectifies the race condition where an unsubscribe is rapidly followed
by a subscribe (on the same channel identifier) and the requests are
handled out of order by the ActionCable server, thereby ignoring the
subscribe command.
*Daniel Spinosa*
* Truncate broadcast logging messages.
*J Smith*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-actioncable61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:32:59 UTC 2022
Modified Files:
pkgsrc/devel/ruby-railties61: distinfo
Log Message:
devel/ruby-railties61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* In `zeitwerk` mode, setup the `once` autoloader first, and the `main` autoloader after it.
This order plays better with shared namespaces.
*Xavier Noria*
* Handle paths with spaces when editing credentials.
*Alex Ghiculescu*
* Support Psych 4 when loading secrets.
*Nat Morcos*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-railties61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:33:27 UTC 2022
Modified Files:
pkgsrc/textproc/ruby-actiontext61: distinfo
Log Message:
textproc/ruby-actiontext61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Fix Action Text extra trix content wrapper.
*Alexandre Ruban*
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/textproc/ruby-actiontext61/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:34:37 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/mail/ruby-actionmailer61: PLIST distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
Update rest of Ruby on Rails 61 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/ruby-actionmailer61/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/ruby-rails61/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/databases/ruby-activerecord60/distinfo@1.16.2.1
/
diff
pkgsrc/devel/ruby-activejob60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.16.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.2 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.16.2.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.16.2.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activejob60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activemodel60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activestorage60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-activesupport60/distinfo@1.16.2.1 / diff
pkgsrc/devel/ruby-railties60/distinfo@1.16.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.2 / diff
pkgsrc/mail/ruby-actionmailbox60/distinfo@1.16.2.1 / diff
pkgsrc/mail/ruby-actionmailer60/distinfo@1.16.2.1 / diff
pkgsrc/textproc/ruby-actiontext60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-actioncable60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-actionpack60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-actionview60/distinfo@1.16.2.1 / diff
pkgsrc/www/ruby-rails60/distinfo@1.16.2.1 / diff
Pullup ticket #6629 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
lang/ruby: version info update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.17
- devel/ruby-activejob60/distinfo 1.17
- devel/ruby-activemodel60/distinfo 1.17
- devel/ruby-activestorage60/distinfo 1.17
- devel/ruby-activesupport60/distinfo 1.17
- devel/ruby-railties60/distinfo 1.17
- lang/ruby/rails.mk 1.120
- mail/ruby-actionmailbox60/distinfo 1.17
- mail/ruby-actionmailer60/distinfo 1.17
- textproc/ruby-actiontext60/distinfo 1.17
- www/ruby-actioncable60/distinfo 1.17
- www/ruby-actionpack60/distinfo 1.17
- www/ruby-actionview60/distinfo 1.17
- www/ruby-rails60/distinfo 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:20:39 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 6.0.4.8
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:21:25 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:12 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:48 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:24:55 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
Update rest of Ruby on Rails 60 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails60/distinfo
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
lang/ruby: version info update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.17
- devel/ruby-activejob60/distinfo 1.17
- devel/ruby-activemodel60/distinfo 1.17
- devel/ruby-activestorage60/distinfo 1.17
- devel/ruby-activesupport60/distinfo 1.17
- devel/ruby-railties60/distinfo 1.17
- lang/ruby/rails.mk 1.120
- mail/ruby-actionmailbox60/distinfo 1.17
- mail/ruby-actionmailer60/distinfo 1.17
- textproc/ruby-actiontext60/distinfo 1.17
- www/ruby-actioncable60/distinfo 1.17
- www/ruby-actionpack60/distinfo 1.17
- www/ruby-actionview60/distinfo 1.17
- www/ruby-rails60/distinfo 1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:20:39 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 6.0.4.8
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:21:25 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport60: distinfo
Log Message:
devel/ruby-activesupport60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:12 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview60: distinfo
Log Message:
www/ruby-actionview60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:23:48 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack60: distinfo
Log Message:
www/ruby-actionpack60: update to 6.0.4.8
## Rails 6.0.4.8 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack60/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:24:55 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-railties60: distinfo
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
Update rest of Ruby on Rails 60 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails60/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/databases/ruby-activerecord52/distinfo@1.12.2.1
/
diff
pkgsrc/devel/ruby-activejob52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activemodel52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activestorage52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activesupport52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-railties52/distinfo@1.12.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.1 / diff
pkgsrc/mail/ruby-actionmailer52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-actioncable52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-actionpack52/Makefile@1.1.26.1 / diff
pkgsrc/www/ruby-actionpack52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-actionview52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-rails52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activejob52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activemodel52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activestorage52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-activesupport52/distinfo@1.12.2.1 / diff
pkgsrc/devel/ruby-railties52/distinfo@1.12.2.1 / diff
pkgsrc/lang/ruby/rails.mk@1.118.2.1 / diff
pkgsrc/mail/ruby-actionmailer52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-actioncable52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-actionpack52/Makefile@1.1.26.1 / diff
pkgsrc/www/ruby-actionpack52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-actionview52/distinfo@1.12.2.1 / diff
pkgsrc/www/ruby-rails52/distinfo@1.12.2.1 / diff
Pullup ticket #6628 - requested by taca
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
lang/ruby: version info update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.13
- devel/ruby-activejob52/distinfo 1.13
- devel/ruby-activemodel52/distinfo 1.13
- devel/ruby-activestorage52/distinfo 1.13
- devel/ruby-activesupport52/distinfo 1.13
- devel/ruby-railties52/distinfo 1.13
- lang/ruby/rails.mk 1.119
- mail/ruby-actionmailer52/distinfo 1.13
- www/ruby-actioncable52/distinfo 1.13
- www/ruby-actionpack52/Makefile 1.2
- www/ruby-actionpack52/distinfo 1.13
- www/ruby-actionview52/distinfo 1.13
- www/ruby-rails52/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:02:07 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 5.2.7.1
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:03:50 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport52: distinfo
Log Message:
devel/ruby-activesupport52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* Restore support to Ruby 2.2.
*ojab*
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activesupport52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:04:44 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview52: distinfo
Log Message:
www/ruby-actionview52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actionview52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:05:24 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack52: Makefile distinfo
Log Message:
www/ruby-actionpack52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/ruby-actionpack52/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actionpack52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:06:04 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activestorage52: distinfo
Log Message:
devel/ruby-activestorage52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* No changes.
## Rails 5.2.7 (March 10, 2022) ##
* Fix `ActiveStorage.supported_image_processing_methods` and
`ActiveStorage.unsupported_image_processing_arguments` that were not being applied.
*Rafael Mendon軋 Fran軋*
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activestorage52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:08:16 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-railties52: distinfo
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
Update rest of Ruby on Rails 52 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-rails52/distinfo
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
lang/ruby: version info update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.13
- devel/ruby-activejob52/distinfo 1.13
- devel/ruby-activemodel52/distinfo 1.13
- devel/ruby-activestorage52/distinfo 1.13
- devel/ruby-activesupport52/distinfo 1.13
- devel/ruby-railties52/distinfo 1.13
- lang/ruby/rails.mk 1.119
- mail/ruby-actionmailer52/distinfo 1.13
- www/ruby-actioncable52/distinfo 1.13
- www/ruby-actionpack52/Makefile 1.2
- www/ruby-actionpack52/distinfo 1.13
- www/ruby-actionview52/distinfo 1.13
- www/ruby-rails52/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:02:07 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
lang/ruby/rails.mk: start update of Ruby on Rails to 5.2.7.1
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/lang/ruby/rails.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:03:50 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activesupport52: distinfo
Log Message:
devel/ruby-activesupport52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*チlvaro Mart�n Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* Restore support to Ruby 2.2.
*ojab*
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activesupport52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:04:44 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionview52: distinfo
Log Message:
www/ruby-actionview52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Escape dangerous characters in names of tags and names of attributes in the
tag helpers, following the XML specification. Rename the option
`:escape_attributes` to `:escape`, to simplify by applying the option to the
whole tag.
*チlvaro Mart�n Fraguas*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actionview52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:05:24 UTC 2022
Modified Files:
pkgsrc/www/ruby-actionpack52: Makefile distinfo
Log Message:
www/ruby-actionpack52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* Allow Content Security Policy DSL to generate for API responses.
*Tim Wade*
## Rails 5.2.7 (March 10, 2022) ##
* No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/ruby-actionpack52/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actionpack52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:06:04 UTC 2022
Modified Files:
pkgsrc/devel/ruby-activestorage52: distinfo
Log Message:
devel/ruby-activestorage52: update to 5.2.7.1
## Rails 5.2.7.1 (April 26, 2022) ##
* No changes.
## Rails 5.2.7 (March 10, 2022) ##
* Fix `ActiveStorage.supported_image_processing_methods` and
`ActiveStorage.unsupported_image_processing_arguments` that were not being applied.
*Rafael Mendon軋 Fran軋*
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activestorage52/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 5 03:08:16 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-railties52: distinfo
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
Update rest of Ruby on Rails 52 components.
No change except version.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/ruby-rails52/distinfo
MAIN commitmail json YAML
pkgsrc/news/inn/Makefile@1.136
/
diff
pkgsrc/news/inn/PLIST@1.28 / diff
pkgsrc/news/inn/distinfo@1.40 / diff
pkgsrc/news/inn/patches/patch-ac@1.13 / diff
pkgsrc/news/inn/PLIST@1.28 / diff
pkgsrc/news/inn/distinfo@1.40 / diff
pkgsrc/news/inn/patches/patch-ac@1.13 / diff
updating news/inn to 2.6.5
upstream changelog:
Changes in 2.6.5
* A new step in INN development has been achieved with the migration of
the INN project to GitHub. We now make use of the features GitHub
provides: issue tracker, pull requests, continuous integration, a
user-friendly interface to browse the code, etc. Our Subversion
repository has therefore been migrated to Git, and our Trac tickets to
the GitHub issue tracker.
* An up-to-date nocem.ctl file is provided with this release. You
should manually update your nocem.ctl file with the new information
recorded about NoCeM issuers, and make sure the right PGP keys are
present on your system.
* Up-to-date control.ctl and moderators files are provided with this
release. You should manually update them (notably for the fido7.*
hierarchy).
* Added a stricter validation of article numbers given in NNTP commands
so that numbers superior to 2^31 are correctly considered invalid.
Thanks to Richard Kettlewell for the patch.
* Added a check in rc.news for the existence of the *pathrun* directory.
INN won't start until this directory is writable. Previously, it
bailed out quickly after starting, without clear logs about why it
failed.
* Fixed parallel builds using "make -j". Thanks to Richard Kettlewell
for the path.
* nnrpd now properly gathers timer statistics when a compression layer
is active.
* nnrpd now properly discards data received from a news client after a
timeout when a TLS layer is active. It previously tried to read
incoming data before closing the socket, leading to decoding errors
from an underlying compression or SASL layer.
* innfeed and ovdb_stat now generate status reports in valid HTML
syntax.
* Fixed a bug in the buffindexed overview that prevented it from working
on several systems, amongst them FreeBSD. Unsupported, and useless,
permission bits were given to semaphores.
* Fixed the detection of library paths at configure time: multilib
directories (lib32 or lib64) are now also used if they exist, even it
the system does not use multilib. It will notably fix the detection
of the OpenSSL 3.0.0 library.
* The *tlscertfile* parameter in inn.conf now permits the use of a
complete certificate chain, instead of necessarily having to use
*tlscafile* for additional certificates.
* Added support for the new OpenSSL 3.0.0 API, which deprecated a few
functions.
* The inn.conf default value for *tlsprotocols* no longer contains TLS
versions 1.0 and 1.1, which have been deprecated by RFC 8996.
* A new inn.conf parameter has been added to tune the length of the
queue of pending connections to innd, nnrpd and the "ovdb" overview
storage method: the *maxlisten* parameter now permits configuring
their listen backlog, whose previously hard-coded values were 128 for
nnrpd and 25 for the others, which was not high enough for some uses.
The default value is now 128 for all of them, and configurable in
inn.conf. Thanks to Kevin Bowling for the patch.
* The name of seven man pages for routines built in libinn(3) are now
prefixed with libinn_ so as not to consume namespace and conflict with
other packages (notably, the list(3) and uwildmat(3) man pages are now
named libinn_list(3) and libinn_uwildmat(3)).
* Other minor bug fixes and documentation improvements, notably a
revised installation checklist and a section summarizing the most used
configuration at the beginning of a few complex man pages.
Changes in 2.6.4
* Added support for systemd notifications and socket activation. Use of
more features provided by systemd, including more notifications, will
come in future releases. Thanks to Marco d'Itri for this first
systemd integration into INN.
* nnrpd now adapts the length of the DH parameter used during a DHE key
exchange so as to comply with the security level OpenSSL 1.1.0 or
later expects. Thanks to Michael Baeuerle for the bug report.
* cnfsstat now also returns information about retired CNFS buffers:
buffers mentioned in cycbuff.conf as a cycbuff but not declared in a
metacycbuff.
* Switch default innreport behaviour to the common practice of
externalizing CSS into a separate file. Its name can be configured
with the *html_css_url* parameter in innreport.conf. If this
parameter is unset, the default innreport.css file name will be used
and innreport will generate this CSS file for you. Previously
generated reports are kept untouched, though, and will still contain
inline CSS if you had not already set the *html_css_url* parameter in
previous INN versions. Thanks to Richard Kettlewell for the patch.
* sm can now read and store any number of articles given in wire format
on its standard input when both -s and -R are used. Only native
format was previously possible. Thanks to Bo Lindbergh for the patch.
* Added new -a flag to rnews to disallow, if needed, the use of
additional unpackers from the rnews.libexec sub-directory of *pathbin*
(as set in inn.conf); only "rnews" and "cunbatch" will then be
recognized as valid batch commands.
* Added new -b flag to rnews to save rejected articles in the bad
sub-directory of *pathincoming* (as set in inn.conf). Otherwise,
rnews just logs and discards any articles that are rejected or cannot
be parsed for some reason.
* Added new -d flag to rnews to log via syslog the Message-ID and the
Path header value of each article rejected as a duplicate.
* Added new --enable-hardening-flags configure-time option, enabled by
default, to use hardening build flags like "-fPIE" and
"-fstack-protector-strong". This option can easily be disabled if the
compiler or the platform does not support them well. More hardening
build flags will eventually be added in future releases.
q
upstream changelog:
Changes in 2.6.5
* A new step in INN development has been achieved with the migration of
the INN project to GitHub. We now make use of the features GitHub
provides: issue tracker, pull requests, continuous integration, a
user-friendly interface to browse the code, etc. Our Subversion
repository has therefore been migrated to Git, and our Trac tickets to
the GitHub issue tracker.
* An up-to-date nocem.ctl file is provided with this release. You
should manually update your nocem.ctl file with the new information
recorded about NoCeM issuers, and make sure the right PGP keys are
present on your system.
* Up-to-date control.ctl and moderators files are provided with this
release. You should manually update them (notably for the fido7.*
hierarchy).
* Added a stricter validation of article numbers given in NNTP commands
so that numbers superior to 2^31 are correctly considered invalid.
Thanks to Richard Kettlewell for the patch.
* Added a check in rc.news for the existence of the *pathrun* directory.
INN won't start until this directory is writable. Previously, it
bailed out quickly after starting, without clear logs about why it
failed.
* Fixed parallel builds using "make -j". Thanks to Richard Kettlewell
for the path.
* nnrpd now properly gathers timer statistics when a compression layer
is active.
* nnrpd now properly discards data received from a news client after a
timeout when a TLS layer is active. It previously tried to read
incoming data before closing the socket, leading to decoding errors
from an underlying compression or SASL layer.
* innfeed and ovdb_stat now generate status reports in valid HTML
syntax.
* Fixed a bug in the buffindexed overview that prevented it from working
on several systems, amongst them FreeBSD. Unsupported, and useless,
permission bits were given to semaphores.
* Fixed the detection of library paths at configure time: multilib
directories (lib32 or lib64) are now also used if they exist, even it
the system does not use multilib. It will notably fix the detection
of the OpenSSL 3.0.0 library.
* The *tlscertfile* parameter in inn.conf now permits the use of a
complete certificate chain, instead of necessarily having to use
*tlscafile* for additional certificates.
* Added support for the new OpenSSL 3.0.0 API, which deprecated a few
functions.
* The inn.conf default value for *tlsprotocols* no longer contains TLS
versions 1.0 and 1.1, which have been deprecated by RFC 8996.
* A new inn.conf parameter has been added to tune the length of the
queue of pending connections to innd, nnrpd and the "ovdb" overview
storage method: the *maxlisten* parameter now permits configuring
their listen backlog, whose previously hard-coded values were 128 for
nnrpd and 25 for the others, which was not high enough for some uses.
The default value is now 128 for all of them, and configurable in
inn.conf. Thanks to Kevin Bowling for the patch.
* The name of seven man pages for routines built in libinn(3) are now
prefixed with libinn_ so as not to consume namespace and conflict with
other packages (notably, the list(3) and uwildmat(3) man pages are now
named libinn_list(3) and libinn_uwildmat(3)).
* Other minor bug fixes and documentation improvements, notably a
revised installation checklist and a section summarizing the most used
configuration at the beginning of a few complex man pages.
Changes in 2.6.4
* Added support for systemd notifications and socket activation. Use of
more features provided by systemd, including more notifications, will
come in future releases. Thanks to Marco d'Itri for this first
systemd integration into INN.
* nnrpd now adapts the length of the DH parameter used during a DHE key
exchange so as to comply with the security level OpenSSL 1.1.0 or
later expects. Thanks to Michael Baeuerle for the bug report.
* cnfsstat now also returns information about retired CNFS buffers:
buffers mentioned in cycbuff.conf as a cycbuff but not declared in a
metacycbuff.
* Switch default innreport behaviour to the common practice of
externalizing CSS into a separate file. Its name can be configured
with the *html_css_url* parameter in innreport.conf. If this
parameter is unset, the default innreport.css file name will be used
and innreport will generate this CSS file for you. Previously
generated reports are kept untouched, though, and will still contain
inline CSS if you had not already set the *html_css_url* parameter in
previous INN versions. Thanks to Richard Kettlewell for the patch.
* sm can now read and store any number of articles given in wire format
on its standard input when both -s and -R are used. Only native
format was previously possible. Thanks to Bo Lindbergh for the patch.
* Added new -a flag to rnews to disallow, if needed, the use of
additional unpackers from the rnews.libexec sub-directory of *pathbin*
(as set in inn.conf); only "rnews" and "cunbatch" will then be
recognized as valid batch commands.
* Added new -b flag to rnews to save rejected articles in the bad
sub-directory of *pathincoming* (as set in inn.conf). Otherwise,
rnews just logs and discards any articles that are rejected or cannot
be parsed for some reason.
* Added new -d flag to rnews to log via syslog the Message-ID and the
Path header value of each article rejected as a duplicate.
* Added new --enable-hardening-flags configure-time option, enabled by
default, to use hardening build flags like "-fPIE" and
"-fstack-protector-strong". This option can easily be disabled if the
compiler or the platform does not support them well. More hardening
build flags will eventually be added in future releases.
q
pkgsrc-2022Q1 commitmail json YAML
Tickets #6613 - #6619
pkgsrc-2022Q1 commitmail json YAML
Pullup ticket #6619 - requested by gutteridge
devel/git-base: security update
devel/git: security update
Revisions pulled up:
- devel/git-base/distinfo 1.117
- devel/git/Makefile.version 1.103
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Apr 14 23:39:21 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: update to 2.35.3
Includes a fix for CVE-2022-24765. Addresses PR pkg/56796 from
Eric N Vander Weele.
Git v2.35.2 Release Notes
============
This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.
Release notes for 2.35.3 simply state:
This release merges up the fixes that appear in v2.35.3.
To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git-base/distinfo
devel/git-base: security update
devel/git: security update
Revisions pulled up:
- devel/git-base/distinfo 1.117
- devel/git/Makefile.version 1.103
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Apr 14 23:39:21 UTC 2022
Modified Files:
pkgsrc/devel/git: Makefile.version
pkgsrc/devel/git-base: distinfo
Log Message:
git: update to 2.35.3
Includes a fix for CVE-2022-24765. Addresses PR pkg/56796 from
Eric N Vander Weele.
Git v2.35.2 Release Notes
============
This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.
Release notes for 2.35.3 simply state:
This release merges up the fixes that appear in v2.35.3.
To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 pkgsrc/devel/git/Makefile.version
cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git-base/distinfo
pkgsrc-2022Q1 commitmail json YAML
Pullup ticket #6618 - requested by taca
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.249
- lang/ruby31-base/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 15:12:13 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31-base: update to 3.1.2
Ruby 3.1.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2022-28738: Double free in Regexp compilation
* CVE-2022-28739: Buffer overrun in String-to-Float conversion
See the commit logs for further details.
To generate a diff of this commit:
cvs rdiff -u -r1.248 -r1.249 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby31-base/distinfo
lang/ruby31-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.249
- lang/ruby31-base/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 15:12:13 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby31-base: distinfo
Log Message:
lang/ruby31-base: update to 3.1.2
Ruby 3.1.2 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2022-28738: Double free in Regexp compilation
* CVE-2022-28739: Buffer overrun in String-to-Float conversion
See the commit logs for further details.
To generate a diff of this commit:
cvs rdiff -u -r1.248 -r1.249 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby31-base/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.244.2.4
/
diff
pkgsrc/lang/ruby30-base/Makefile@1.5.2.1 / diff
pkgsrc/lang/ruby30-base/PLIST@1.6.2.1 / diff
pkgsrc/lang/ruby30-base/distinfo@1.7.4.1 / diff
pkgsrc/lang/ruby30/Makefile@1.2.2.1 / diff
pkgsrc/lang/ruby30-base/Makefile@1.5.2.1 / diff
pkgsrc/lang/ruby30-base/PLIST@1.6.2.1 / diff
pkgsrc/lang/ruby30-base/distinfo@1.7.4.1 / diff
pkgsrc/lang/ruby30/Makefile@1.2.2.1 / diff
Pullup ticket #6617 - requested by taca
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.248
- lang/ruby30-base/Makefile 1.6
- lang/ruby30-base/PLIST 1.7
- lang/ruby30-base/distinfo 1.8
- lang/ruby30/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:52:27 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30: Makefile
pkgsrc/lang/ruby30-base: Makefile PLIST distinfo
Log Message:
lang/ruby30-base: update to 3.0.4
Ruby 3.0.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2022-28738: Double free in Regexp compilation
* CVE-2022-28739: Buffer overrun in String-to-Float conversion
See the commit logs for further details.
To generate a diff of this commit:
cvs rdiff -u -r1.247 -r1.248 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby30/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby30-base/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/ruby30-base/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby30-base/distinfo
lang/ruby30-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.248
- lang/ruby30-base/Makefile 1.6
- lang/ruby30-base/PLIST 1.7
- lang/ruby30-base/distinfo 1.8
- lang/ruby30/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:52:27 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby30: Makefile
pkgsrc/lang/ruby30-base: Makefile PLIST distinfo
Log Message:
lang/ruby30-base: update to 3.0.4
Ruby 3.0.4 has been released.
This release includes security fixes. Please check the topics below for
details.
* CVE-2022-28738: Double free in Regexp compilation
* CVE-2022-28739: Buffer overrun in String-to-Float conversion
See the commit logs for further details.
To generate a diff of this commit:
cvs rdiff -u -r1.247 -r1.248 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby30/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby30-base/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/ruby30-base/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby30-base/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.244.2.3
/
diff
pkgsrc/lang/ruby27-base/Makefile@1.8.2.1 / diff
pkgsrc/lang/ruby27-base/distinfo@1.9.4.1 / diff
pkgsrc/lang/ruby27/Makefile@1.2.2.1 / diff
pkgsrc/lang/ruby27-base/Makefile@1.8.2.1 / diff
pkgsrc/lang/ruby27-base/distinfo@1.9.4.1 / diff
pkgsrc/lang/ruby27/Makefile@1.2.2.1 / diff
Pullup ticket #6616 - requested by taca
lang/ruby27: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.247
- lang/ruby27-base/Makefile 1.9
- lang/ruby27-base/distinfo 1.10
- lang/ruby27/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:21:00 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27: Makefile
pkgsrc/lang/ruby27-base: Makefile distinfo
Log Message:
lang/ruby27-base: update to 2.6.7
Ruby 2.7.6 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes some bug fixes. See the commit logs for further
details.
After thies release, we end the normal maintenance phase of Ruby 2.7, and
Ruby 2.7 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.7 excpet security fixes. Ther term
of the security maintenance pahse is scheduled for a year. Ruby 2.7 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 3.0
or 3.1.
To generate a diff of this commit:
cvs rdiff -u -r1.246 -r1.247 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby27/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby27-base/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby27-base/distinfo
lang/ruby27: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.247
- lang/ruby27-base/Makefile 1.9
- lang/ruby27-base/distinfo 1.10
- lang/ruby27/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:21:00 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby27: Makefile
pkgsrc/lang/ruby27-base: Makefile distinfo
Log Message:
lang/ruby27-base: update to 2.6.7
Ruby 2.7.6 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes some bug fixes. See the commit logs for further
details.
After thies release, we end the normal maintenance phase of Ruby 2.7, and
Ruby 2.7 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.7 excpet security fixes. Ther term
of the security maintenance pahse is scheduled for a year. Ruby 2.7 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 3.0
or 3.1.
To generate a diff of this commit:
cvs rdiff -u -r1.246 -r1.247 pkgsrc/lang/ruby/rubyversion.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby27/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby27-base/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby27-base/distinfo
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.244.2.2
/
diff
pkgsrc/lang/ruby26-base/Makefile@1.16.2.1 / diff
pkgsrc/lang/ruby26-base/distinfo@1.15.4.1 / diff
pkgsrc/lang/ruby26/Makefile@1.5.2.1 / diff
pkgsrc/lang/ruby26-base/Makefile@1.16.2.1 / diff
pkgsrc/lang/ruby26-base/distinfo@1.15.4.1 / diff
pkgsrc/lang/ruby26/Makefile@1.5.2.1 / diff
Pullup ticket #6615 - requested by taca
lang/ruby26-base: security-update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.246
- lang/ruby26-base/Makefile 1.17
- lang/ruby26-base/distinfo 1.16
- lang/ruby26/Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:16:44 UTC 2022
Modified Files:
pkgsrc/lang/ruby26: Makefile
pkgsrc/lang/ruby26-base: Makefile distinfo
Log Message:
lang/ruby26-base: update to 2.6.10
Here is release announce:
Ruby 2.6.10 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes a fix of a build problem with very old compilers
and a fix of a regression of date library. See the commit logs for further
details.
After this release, Ruby 2.6 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.6 series. We will not release Ruby 2.6.11
even if a security vulnerability is found (but ocould release if a severe
regression is found). We recommend all Ruby 2.6 users to start migration to
Ruby 3.1, 3.0, or 2.7 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby26/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/ruby26-base/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:19:26 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: forgot to commit for 2.6.10
To generate a diff of this commit:
cvs rdiff -u -r1.245 -r1.246 pkgsrc/lang/ruby/rubyversion.mk
lang/ruby26-base: security-update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.246
- lang/ruby26-base/Makefile 1.17
- lang/ruby26-base/distinfo 1.16
- lang/ruby26/Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:16:44 UTC 2022
Modified Files:
pkgsrc/lang/ruby26: Makefile
pkgsrc/lang/ruby26-base: Makefile distinfo
Log Message:
lang/ruby26-base: update to 2.6.10
Here is release announce:
Ruby 2.6.10 has been released.
This release includes a security fix. Please check the topics below for
details.
CVE-2022-28739: Buffer overrun in String-to-Float conversion
This release also includes a fix of a build problem with very old compilers
and a fix of a regression of date library. See the commit logs for further
details.
After this release, Ruby 2.6 reaches EOL. In other words, this is expected
to be the last release of Ruby 2.6 series. We will not release Ruby 2.6.11
even if a security vulnerability is found (but ocould release if a severe
regression is found). We recommend all Ruby 2.6 users to start migration to
Ruby 3.1, 3.0, or 2.7 immediately.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby26/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/ruby26-base/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 12 14:19:26 UTC 2022
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: forgot to commit for 2.6.10
To generate a diff of this commit:
cvs rdiff -u -r1.245 -r1.246 pkgsrc/lang/ruby/rubyversion.mk
pkgsrc-2022Q1 commitmail json YAML
pkgsrc/devel/java-subversion/Makefile@1.61.4.1
/
diff
pkgsrc/devel/p5-subversion/Makefile@1.121.4.1 / diff
pkgsrc/devel/py-subversion/Makefile@1.94.4.1 / diff
pkgsrc/devel/ruby-subversion/Makefile@1.83.4.1 / diff
pkgsrc/devel/subversion-base/Makefile@1.129.4.1 / diff
pkgsrc/devel/subversion/Makefile@1.67.6.1 / diff
pkgsrc/devel/subversion/Makefile.version@1.87.10.1 / diff
pkgsrc/devel/subversion/distinfo@1.118.4.1 / diff
pkgsrc/devel/p5-subversion/Makefile@1.121.4.1 / diff
pkgsrc/devel/py-subversion/Makefile@1.94.4.1 / diff
pkgsrc/devel/ruby-subversion/Makefile@1.83.4.1 / diff
pkgsrc/devel/subversion-base/Makefile@1.129.4.1 / diff
pkgsrc/devel/subversion/Makefile@1.67.6.1 / diff
pkgsrc/devel/subversion/Makefile.version@1.87.10.1 / diff
pkgsrc/devel/subversion/distinfo@1.118.4.1 / diff
Pullup ticket #6613 - requested by bsiegert
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
devel/subversion: security update
Revisions pulled up:
- devel/java-subversion/Makefile 1.62
- devel/p5-subversion/Makefile 1.122
- devel/py-subversion/Makefile 1.95
- devel/ruby-subversion/Makefile 1.84
- devel/subversion-base/Makefile 1.130
- devel/subversion/Makefile 1.68
- devel/subversion/Makefile.version 1.88
- devel/subversion/distinfo 1.119
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Apr 12 16:24:29 UTC 2022
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
Log Message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Wei��schuh
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.121 -r1.122 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/subversion-base/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 12 21:40:36 UTC 2022
Modified Files:
pkgsrc/devel/subversion: Makefile
Log Message:
subversion: reset PKGREVISION after update
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/subversion/Makefile
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
devel/subversion: security update
Revisions pulled up:
- devel/java-subversion/Makefile 1.62
- devel/p5-subversion/Makefile 1.122
- devel/py-subversion/Makefile 1.95
- devel/ruby-subversion/Makefile 1.84
- devel/subversion-base/Makefile 1.130
- devel/subversion/Makefile 1.68
- devel/subversion/Makefile.version 1.88
- devel/subversion/distinfo 1.119
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Apr 12 16:24:29 UTC 2022
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
Log Message:
subversion: update to 1.4.2 (security).
HIS RELEASE CONTAINS TWO IMPORTANT SECURITY FIXES:
CVE-2021-28544
"SVN authz protected copyfrom paths regression"
The full security advisory for CVE-2021-28544 is available at:
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt.asc
A brief summary of this advisory follows:
Subversion servers reveal 'copyfrom' paths that should be hidden according to
configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
`copyfrom' path of the original. This also reveals the fact that
the node was copied.
Only the 'copyfrom' path is revealed; not its contents. Both httpd
and svnserve
servers are vulnerable.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Evgeny Kotkov
CVE-2022-24070
"Subversion's mod_dav_svn is vulnerable to memory corruption"
The full security advisory for CVE-2022-24070 is available at:
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
https://subversion.apache.org/security/CVE-2022-24070-advisory.txt.asc
A brief summary of this advisory follows:
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
We recommend all users to upgrade to a known fixed release of the
Subversion server.
This issue was reported by Thomas Wei��schuh
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/devel/java-subversion/Makefile
cvs rdiff -u -r1.121 -r1.122 pkgsrc/devel/p5-subversion/Makefile
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/py-subversion/Makefile
cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/ruby-subversion/Makefile
cvs rdiff -u -r1.87 -r1.88 pkgsrc/devel/subversion/Makefile.version
cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/subversion/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/subversion-base/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 12 21:40:36 UTC 2022
Modified Files:
pkgsrc/devel/subversion: Makefile
Log Message:
subversion: reset PKGREVISION after update
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/subversion/Makefile
pkgsrc-2022Q1 commitmail json YAML
Pullup ticket #6614 - requested by tron
mail/mutt: security update
Revisions pulled up:
- mail/mutt/Makefile 1.259
- mail/mutt/distinfo 1.107
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Apr 13 08:24:37 UTC 2022
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.2.3
This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in
the uuencoded decoder routine.
Also fixed were a possible integer overflow issue in the general iconv and
rfc2047-conversion iconv functions. These are not believed to be
exploitable.
To generate a diff of this commit:
cvs rdiff -u -r1.258 -r1.259 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.106 -r1.107 pkgsrc/mail/mutt/distinfo
mail/mutt: security update
Revisions pulled up:
- mail/mutt/Makefile 1.259
- mail/mutt/distinfo 1.107
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Apr 13 08:24:37 UTC 2022
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.2.3
This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in
the uuencoded decoder routine.
Also fixed were a possible integer overflow issue in the general iconv and
rfc2047-conversion iconv functions. These are not believed to be
exploitable.
To generate a diff of this commit:
cvs rdiff -u -r1.258 -r1.259 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.106 -r1.107 pkgsrc/mail/mutt/distinfo
MAIN commitmail json YAML
pkgsrc/www/apache-tomcat9/Makefile@1.12
/
diff
pkgsrc/www/apache-tomcat9/PLIST@1.9 / diff
pkgsrc/www/apache-tomcat9/distinfo@1.12 / diff
pkgsrc/www/apache-tomcat9/PLIST@1.9 / diff
pkgsrc/www/apache-tomcat9/distinfo@1.12 / diff
contains mitigation for the Spring4Shell vulnerability
Upstream changelog:
Tomcat 9.0.62 (remm)
Catalina
Add: Effectively disable the WebappClassLoaderBase.getResources()
method as it is not used and if something accidently exposes the class
loader this method can be used to gain access to Tomcat internals. (markt)
Tomcat 9.0.61 (remm)
Catalina
Code: Harden the CredentialHandler implementations by switching to a
constant-time implementation for credential comparisons. (schultz/markt)
Coyote
Fix: Use a constant for the default TLS cipher suite. This will allow
skipping setting it in some cases (for example, it does not make sense for
OpenSSL TLS 1.3). (remm)
Fix: #487: Improve logging of unknown settings frames. Pull request by
Thomas Hoffmann. (remm)
Add: 65975: Add a warning if a TLS virtual host is configured with
optional certificate authentication and the containing connector is also
configured to support HTTP/2 as HTTP/2 does not permit optional
certificate authentication. (markt)
Add: 65975: Add a warning if a TLS virtual host is configured for TLS
1.3 with a JSSE implementation and a web application is configured for
CLIENT-CERT authentication. CLIENT-CERT authentication requires
post-handshake authentication (PHA) when used with TLS 1.3 but the JSSE
TLS 1.3 implementation does not support PHA. (markt)
Fix: Improve the recycling of Processor objects to make it more
robust. (markt)
Jasper
Fix: 65959: Serialize Function as String[] rather Class[]. (remm)
Web applications
Fix: 65952: Align --add-opens configuration for jsvc with the current
Tomcat scripts. (markt)
Fix: Correct the AJP and HTTP/1.1 Connector configuration pages in the
documentation web application to show which attributes are applicable to
all Connectors and which are implementation specific. (markt)
Other
Fix: Correct a spelling mistake in the German translations. Thanks to
Thomas Hoffmann. (markt)
Fix: 65951: Use the tomcat.output property for OSGi bundle manifest
paths. (isapir)
Update: Update to Commons Daemon 1.3.0. (markt)
Update: Update to Checkstyle 10.0. (markt)
Update: Update to SpotBugs 4.6.0. (markt)
Add: Expand the spotbugs Ant task to also cover test code. (markt)
Update: Update to bnd 6.2.0. (markt)
Update: Remove OSGi annotations dependency as it is no longer required
with bnd 6.2.0. (markt)
Code: Refactor the resource files for the Apache Tomcat installer for
Windows so that all the resource files are located in a single directory
in the source tree. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.(markt)
Add: Improvements to Chinese translations contributed by 15625988003.
(markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations contributed by tak7iji.
(markt)
Add: Expand coverage of translations for jakarta.el package. Based on
#488 from Volodymyr Siedlecki. (markt)
2022-03-14 Tomcat 9.0.60 (remm)
Catalina
Fix: 65921: The type substitution flag for the rewrite valve should
set the content type for the response, not the request. (markt)
Fix: #479: Enable the rewrite valve to redirect requests when the
original request cannot be mapped to a context. This typically happens
when no ROOT context is defined. Pull request by elkman. (markt)
Fix: 65940: Fix NullPointerException if an exception occurs during the
destruction of a Servlet. (markt)
Coyote
Fix: Fix regression introduced with 65757 bugfix which better
identified non request threads but which introduced a similar problem when
user code was doing sequential operations in a single thread. Test case
code submitted by Istvan Szekely. (remm)
Fix: Fix potential thread-safety issue that could cause HTTP/1.1
request processing to wait, and potentially timeout, waiting for
additional data when the full request has been received. (markt)
Fix: Throw IOException rather than IllegalStateException when the
application attempts to write to an HTTP/2 stream after the client has
closed the stream. (markt)
Jasper
Fix: When resolving methods in EL expressions that use beans and/or
static fields, ensure that any custom type conversion is considered when
identifying the method to call. (markt)
Web applications
Fix: Correct the name of the value attribute in the new documentation
of OpenSSLConfCmd elements. (rjung)
2022-02-28 Tomcat 9.0.59 (remm)
Catalina
Add: Add ha-api-*.jar and jaxws-rt-*.jar to the list of JARs to skip
when scanning for TLDs, web fragments and annotations. (michaelo)
Add: Expand the default mappings used by ServletResponse.setLocale()
to include a mapping from the ja locale to the Shift_JIS encoding. (markt)
Fix: 65806: Improve the handling of session ID generation when the
default algorithm for SecureRandom (SHA1PRNG) is not supported by the
configured providers as will be the case for a FIPS compliant
configuration. (markt)
Fix: #464: Fall back to the class loader used to load JULI when the
thread context class loader is not set. In a normal Tomcat configuration,
this will be the system class loader. Based on a pull request by
jackshirazi. (markt)
Fix: #469: Include the Java Annotations API in the classes that Tomcat
will not load from web applications. Pull request provided by ppkarwasz.
(markt)
Add: #472: Add support for additional user attributes to
TomcatPrincipal and GenericPrincipal. Patch provided by Carsten Klein.
(michaelo)
Fix: Fix a potential StringIndexOutOfBoundsException exception when
generating a WebDAV multi-status response after an error during a copy or
delete. Report the paths relative to the server root for any resources
with an error. (markt)
Fix: Improve the format of WebDAV XML responses to make them easier
for humans to read. The change ensures that there is always a line break
before starting a new element. (markt)
Fix: Improve validation of the Destination header for WebDAV MOVE and
COPY requests. (markt)
Coyote
Fix: Correct a regression in the fix for 65454 that meant that
minSpareThreads and maxThreads settings were ignored when the Connector
used an internal executor. (markt)
Fix: 65776: Improve the detection of the Linux duplicate accept bug
and reduce (hopefully avoid) instances of false positives. (markt)
Fix: 65848: Revert the change that attempted to align the behaviour of
client certificate authentication with NIO or NIO2 with OpenSSL for TLS
between MacOS and Linux/Windows as the root cause was traced to
configuration differences. (markt)
Fix: #467: When system time moves backwards (e.g. after clock
correction), ensure that the cached formatted current date used for HTTP
headers tracks this change. Pull request provided by zhenguoli. (markt)
Jasper
Fix: #474: Prevent a tag file from corrupting the ELContext of the
calling page. Pull request provided by Dmitri Blinov. (markt)
Fix: Minor optimisation of serialization for FunctionMapperImpl in
response to pull request #476. (markt)
Web applications
Fix: Remove the applet example from the example web application as
applets are no longer supported in any major browser. (markt)
Code: Refactor a small number of pages in the examples web application
to avoid an issue with reproducible builds due to differences in file
ordering across different operating systems with Ant's zip task. (markt)
Fix: Better documentation for the protocol attribute of the JNDIRealm.
(markt)
Fix: Clarify the settings described in the documentation web
application to configure a cluster using static membership. (markt)
Add: Add information on the OpenSSLConf and OpenSSLConfCmd elements to
the HTTP SSL configuration page in the documentation web applications.
(markt)
jdbc-pool
Code: Use LF line endings for text files in JARs to support
reproducible builds across different operating systems. (markt)
Other
Code: Switch to building with Java 11 and using --release to target
Java 8. Once back-ported to all currently supported branches, this will
reduce the number of Java versions developers need to juggle. (markt)
Code: Use LF line endings for text files in JARs to support
reproducible builds across different operating systems. (markt)
Fix: Fix dependencies for individual test targets in Ant build file.
Based on #468 provided by Totoo chenyonghui. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.26. (remm)
Fix: Revert the cherry-pick of JavaDoc fix from DBCP applied in 9.0.57
that broke the DataSourceMXBean by using a type that isn't supported by
MXBeans. (markt)
2022-01-20 Tomcat 9.0.58 (remm)
Coyote
Fix: Correct a regression in the fix for 65785 that broke HTTP/2
server push. (markt)
not released Tomcat 9.0.57 (remm)
Catalina
Fix: Add additional locking to DataSourceUserDatabase to provide
improved protection for concurrent modifications. (markt)
Fix: Add recycling check in the input and output stream isReady to try
to give a more informative ISE when the facade has been recycled. (remm)
Update: Remove the deprecated JmxRemoteLifecycleListener. (markt)
Fix: Make the calculation of the session storage location more robust
when using file based persistent storage. (markt)
Coyote
Fix: 65726: Implement support for HTTP/1.1 upgrade when the request
includes a body. The maximum permitted size of the body is controlled by
maxSavePostSize. (markt)
Fix: Restore pre-starting of minSpareThreads lost in the fix for
65454. (markt)
Fix: Revert the previous fix for 65714 and implement a more
comprehensive fix. (markt)
Fix: 65757: Missing initial IO listener notification on Servlet
container dispatch to another container thread. (remm)
Fix: Expand the fix for 65757 so that rather than just checking if
processing is happening on a container thread, the check is now if
processing is happening on the container thread currently allocated to
this request/response. (markt)
Fix: Improve the fix for RST frame ordering added in 9.0.56 to avoid a
potential deadlock on some systems in non-default configurations. (markt)
Add: 65767: Add support for certificates that use keys encrypted using
PBES2. Based on a pull request provided by xiezhaokun. (markt)
Code: Refactor testing whether a String is a valid HTTP token. (markt)
Fix: 65785: Perform additional validation of HTTP headers when using
HTTP/2. (markt)
Fix: When a Connector or Endpoint is paused, ensure that only new
connections and new requests on existing connections are stopped while
allowing in progress requests to run to completion. (markt)
Fix: Explicitly release ByteBuffer instances associated with pooled
channels when stopping the NioEndpoint and Nio2Endpoint. (markt)
Fix: Narrow the scope of the logging of invalid cookie headers to just
the invalid cookie rather than the whole cookie header. (markt)
Jasper
Fix: 65724: Fix missing messages for some
PropertyNotWritableExceptions caused by a typo in the name used for a
resource string. (markt)
Add: Add support for specifying Java 18 (with the value 18) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
WebSocket
Add: Add support for POJO WebSocket endpoints to the programmatic
upgrade that allows applications to opt to upgrade an HTTP connection to
WebSocket. (markt)
Fix: 65763: Improve handling of WebSocket connection close if a
message write times out before the message is fully written. (markt)
Other
Update: Update the OWB module to Apache OpenWebBeans 2.0.25. (remm)
Update: Update the CXF module to Apache CXF 3.5.0. (remm)
Add: Improvements to Chinese translations contributed by zhnnn.
(markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations contributed by Shirayuking,
yoshy and tak7iji. (markt)
Add: Improvements to Korean translations. (woonsan)
Update: Update SpotBugs to 4.5.2. (markt)
Update: Update the NSIS installer to 3.08. (markt)
Update: Update UnboundID to 6.0.3. (markt)
Update: Update CheckStyle to 9.2.1. (markt)
Update: Update BND to 6.1.0. (markt)
Update: Update OSGI annotations to 1.1.1. (markt)
2021-12-02 Tomcat 9.0.56 (remm)
Catalina
Fix: Make SPNEGO authentication more robust for the case where the
provided credential has expired. (markt)
Fix: 65684: Fix a potential NullPointerException when using JULI.
(markt)
Docs: Document conditions under which the AprLifecycleListener can be
used to avoid JVM crashes. (michaelo)
Fix: Refactor the AsyncFileHandler to reduce the possibility of log
messages being lost on shutdown. (markt)
Update: Refactor the AsyncFileHandler to remove the need for the
org.apache.juli.AsyncLoggerPollInterval. If set, this property now has no
effect. (markt)
Add: Add debug logging to the RestCsrfPreventionFilter. Based on pull
request #452 by Polina Georgieva. (markt)
Add: 65710: Implement a workaround for a JVM bug that can trigger a
file descriptor leak when using multi-part upload and the application does
not explicitly close an input stream for an uploaded file that was cached
on disk. (markt)
Coyote
Fix: Improve error handling if APR/Native fails to attach TLS
capabilities to a TLS enabled client connection. (markt)
Fix: Improve error handling if APR/Native fails to accept an incoming
connection. (markt)
Add: Provide protection against a known OS bug that causes the
acceptor to report an incoming connection more than once. (markt)
Fix: Avoid unnecessary duplicate read registrations for blocking I/O
with the NIO connector. (markt)
Fix: 65677: Improve exception handling for errors during HTTP/1.1
reads with NIO2. (markt)
Fix: Refactor APR/native connector shutdown to remove a potential
source of JVM crashes on shutdown when sendfile is used. (markt)
Fix: When an error occurs that triggers a stream reset, ensure that
the first RST frame sent to the client is the one associated with the
error that triggered the reset. (markt)
Fix: 65714: Fix exceptions when the security manager is enabled and
the first request received after starting is an HTTP request to a TLS
enabled NIO2 connector. (markt)
Add: Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the
same way on MacOS as it does on Linux and Windows when no trusted
certificate authorities are configured and reject all client certificates.
(markt)
Fix: Avoid a potential deadlock during the concurrent processing of
incoming HTTP/2 frames for a stream and that stream being reset. (markt)
Other
Fix: Switch from Cobertura to JaCoCo for code coverage as Cobertura
does not support code coverage for code compiled for Java 11 onwards. It
also removes the need to use a single thread to run the tests. (markt)
2021-11-10 Tomcat 9.0.55 (remm)
Catalina
Fix: Improve robustness of JNDIRealm for exceptions occurring when
getting the connection. Also add missing close when running into issues
getting the passord of a user. (remm)
Docs: Add Javadoc comment which listeners must be nested whithin
Server elements only. (michaelo)
Add: Add support for custom caching strategies for web application
resources. This initial implementation allows control over whether or not
a resource is cached. (markt)
Update: Log warning if a listener is not nested inside a Server
element although it must have been. (michaelo)
Coyote
Code: Improve performance of Connector shutdown - primarily to reduce
the time it takes to run the test suite. (markt)
Fix: Refactor the APR/native connector shutdown to reduce the
possibility of a JVM crash during the connector shutdown. (markt)
Add: #457: Add a toString() method to MimeHeader to aid debugging.
(dblevins)
Add: Add experimental OpenSSL support through the Panama API
incubating in Java 17, with support for OpenSSL 1.1+. This no longer
requires tomcat-native or APR. Please refer to the openssl-java17 module
from the main branch for more details. (remm)
Fix: Fix APR connector stop so it correctly waits for the sendfile
thread, if any, to exit. (markt)
Fix: Do not ignore the error condition if the APR connector is not
able to open a server socket as continuing in this case will trigger a JVM
crash. (markt)
Fix: Fix a potential JVM crash when using the APR/Native connector
with TLS. A crash could occur if the connector was stopped whilst a
connection was performing a TLS handshake. (markt)
Jasper
Update: Regenerate the EL parser using JavaCC 7.0.10. (markt)
Fix: Fix a bug that prevented the EL parser correctly parsing a
literal Map that used variables rather than literals for both keys and
values. (markt)
WebSocket
Update: Add a new method WsServerContainer.upgradeHttpToWebSocket() to
align with the new method that will be available from WebSocket 2.1
onwards. (markt)
Tribes
Fix: #454: Differentiate warning messages in
KubernetesMembershipProvider so that the missing attribute is clear
to the user. PR provided by Hal Deadman. (markt)
2021-10-01 Tomcat 9.0.54 (remm)
Catalina
Fix: Provide the DataSource in the constructor of
DataSourceUserDatabase, since it is always global. (remm)
Fix: Fix delete then create object manipulations with
DataSourceUserDatabase. (remm)
Fix: 65553: Implement a work-around for a JRE bug that can trigger a
memory leak when using the JNDI realm. (markt)
Fix: 65586: Fix the bloom filter used to improve performance of
archive file look ups in the web resources implementation so it works
correctly for directory lookups whether or not the provided directory name
includes the trailing /. (markt)
Fix: #451: Improve the usefulness of the thread name cache used in
JULI. Pull request provided by t-gergely. (markt)
Coyote
Fix: 65563: Correct parsing of HTTP Content-Range headers. Tomcat was
incorrectly requiring an = character after bytes. Fix based on pull
request #449 by Thierry Gu辿rin. (markt)
Fix: Correct a potential StackOverflowException with HTTP/2 and
sendfile. (markt)
Fix: Further improvements in the management of the connection flow
control window. This addresses various bugs that caused streams to
incorrectly report that they had timed out waiting for an allocation from
the connection flow control window. (markt)
Fix: 65577: Fix a AccessControlException reporting when running an
NIO2 connector with TLS enabled. (markt)
Update: Reclassify TLS ciphers that use AESCCM8 as medium security
rather than high security to align with recent changes in OpenSSL. (markt)
Fix: Fix an issue that caused some Servlet non-blocking API reads of
the HTTP request body to incorrectly use blocking IO. (markt)
Jasper
Fix: Fix the implementation of MethodExpression.getMethodInfo() so
that it returns the expected value rather than failing when the method
expression is defined with the parameter values in the expression rather
than the types being passed explicitly to
ExpressionFactory.createMethodExpression(). (markt)
WebSocket
Fix: The internal upgrade handler should close the associated
WebConnection on destroy. (remm)
Web applications
Fix: Clarify the JASPIC configuration options in the documentation web
application. (markt)
Other
Fix: 65585: Update obsolete comments at the start of the
build.properties.default file. (markt)
2021-09-10 Tomcat 9.0.53 (remm)
Catalina
Fix: Enable Tomcat to start if an (old) XML parser is configured that
does not support allow-java-encodings. A warning will be logged if such an
XML parser is detected. (markt)
Fix: Change the behaviour of custom error pages. If an error occurs
after the response is committed, once the custom error page content has
been added to the response the connection is now closed immediately rather
than closed cleanly. i.e. the last chunk that marks the end of the
response body is no longer sent. This acts as an additional signal to the
client that the request experienced an error. (markt)
Fix: 65479: When handling requests using JASPIC authentication, ensure
that PasswordValidationCallback.getResult() returns the result of the
password validation rather than always returning false. Fixed via pull
request #438 provided by Robert Rodewald. (markt)
Code: Refactor the authenticators to delegate the check for preemptive
authentication to the individual authenticators where an authentication
scheme specific check can be performed. Based on pull request #444 by
Robert Rodewald. (markt)
Update: Improve the reusability of the UserDatabase by adding
intermediate concrete implementation classes and allowing to do partial
database updates on save. (remm)
Add: Add a UserDatabase implementation as a superset of the
DataSourceRealm functionality. (remm)
Fix: Make sure the dynamic Principal returned by UserDatabaseRealm
stays up to date with the database contents, and add an option to have it
be static, similar to the other realms. (remm)
Add: Add derby-*.jar to the list of JARs to skip when scanning for
TLDs, web fragments and annotations. (markt)
Fix: #447. Correct JPMS metadata for catalina.jar. Pull request
provided by Hui Wang. (markt)
Coyote
Fix: Correct a logic error that meant setting certificateKeystoreFile
to NONE did not have the expected effect. NONE was incorrectly treated as
a file path. Patch provided by Mikael Sterner. (markt)
Fix: 65505: When an HTTP header value is removed, ensure that the
order of the remaining header values is unchanged. (markt)
WebSocket
Fix: 65506: Fix write timeout check that was using the read timeout
value. Patch submitted by Gustavo Mahlow. (remm)
Web applications
Fix: Remove unnecessary Context settings from the examples web
application. (markt)
Fix: Document default value for unpackWARs and related clean-up. Pull
request #439 provided by Robert Rodewald. (markt)
Fix: Clarify the documentation of the compressionMinSize and
compressibleMimeType HTTP Connector attributes. Pull request #442 provided
by crisgeek. (markt)
Other
Fix: Fix failing build when building on non-English locales. Pull
request #441 provided by Dachuan J. (markt)
Update: Update to JSign version 4.0 to enable code signing without the
need for the installation of additional client tools. (markt)
Add: Update the internal fork of Apache Commons BCEL to 40d5eb4
(2021-09-01, 6.6.0-SNAPSHOT). Code clean-up only. (markt)
Add: Update the internal fork of Apache Commons Codec to fd44e6b
(2021-09-01, 1.16-SNAPSHOT). Minor refactoring. (markt)
Update: Add Apache Derby 10.14.2.0 to the testsuite dependencies, for
JDBC and DataSource testing. (remm)
Add: 65661: Update the internal fork of Apache Commons FileUpload to
33d2d79 (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. As a
result of Commons File Upload now using java.nio.file.Files, applications
using multi-part uploads need to ensure that the JVM is configured with
sufficient direct memory to store all in progress multi-part uploads.
(markt)
Add: Update the internal fork of Apache Commons Pool to 2.11.1
(2021-08-17). Improvements, code clean-up and refactoring. (markt)
Add: Update the internal fork of Apache Commons DBCP to 2.9.0
(2021-08-03). Improvements, code clean-up and refactoring. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.31 to pick up Windows binaries built with OpenSSL 1.1.1l.(markt)
Update: Switch to the CDN as the primary download location for ASF
dependencies. (markt)
Add: Improvements to Chinese translations contributed by syseal,
wolibo, ZhangJieWen and DigitalFatCat. (markt)
Add: Improvements to Japanese translations contributed by tak7iji.
(markt)
Add: Improvements to Korean translations. (woonsan)
2021-08-06 Tomcat 9.0.52 (remm)
Catalina
Code: 65476: Correct an error in some code clean-up that mean that web
application classes were not configured with the correct package. (markt)
not released Tomcat 9.0.51 (remm)
Catalina
Fix: 65411: Always close the connection when an uncaught
NamingException occurs to avoid connection locking. Submitted by Ole
Ostergaard. (remm)
Fix: 65433: Correct a regression in the fix for 65397 where a
StringIndexOutOfBoundsException could be triggered if the canonical path
of the target of a symlink was shorter than the canonical path of the
directory in which the symlink had been created. Patch provided by Cedomir
Igaly. (markt)
Add: 65443: Refactor the CorsFilter to make it easier to extend.
(markt)
Fix: To avoid unnecessary cache revalidation, do not add an HTTP
Expires header when setting adding an HTTP header of CacheControl:
private. (markt)
Coyote
Fix: When writing an HTTP/2 response via sendfile (only enabled when
useAsyncIO is true) the connection flow control window was sometimes
ignored leading to various error conditions. sendfile now checks both the
stream and connection flow control windows before writing. (markt)
Add: Add debug logging for writing an HTTP/2 response via sendfile.
(markt)
Fix: Correct bugs in the HTTP/2 connection flow control management
that meant it was possible for a connection to stall waiting for a
connection flow control window update that had already arrived. Any
streams on that connection that were trying to write when this happened
would time out. (markt)
Fix: 65448: When using TLS with NIO, it was possible for a blocking
response write to hang just before the final TLS packet associated with
the response until the connection timed out at which point the final
packet would be sent and the connection closed. (markt)
Fix: 65454: Fix a race condition that could result in a delay to a new
request. The new request could be queued to wait for an existing request
to finish processing rather than the thread pool creating a new thread to
process the new request. (markt)
Fix: 65460: Correct a regression introduced in the previous release in
the change to reduce the number of small HTTP/2 window updates sent for
streams. A logic error meant that small window updates for the connection
were dropped. This meant that the connection flow window slowly reduced
over time until nothing could be sent. (markt)
Web applications
Fix: 65404: Correct a regression in the fix for 63362 that caused the
server status page in the Manager web application to be truncated if HTTP
upgrade was used such as when starting a WebSocket connection. (markt)
Other
Add: Improvements to Chinese translations contributed by ZhangJieWen
and chengzheyan. (markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations contributed by tak7iji.
(markt)
Add: Improvements to Korean translations. (woonsan)
Fix: Use of GraalVM native images no longer automatically disables JMX
support. JMX support may still be disabled by calling
org.apache.tomcat.util.modeler.Registry.disableRegistry(). (markt)
2021-07-02 Tomcat 9.0.50 (remm)
Jasper
Fix: Jakarta to Javax backport issue in tests. (remm)
not released Tomcat 9.0.49 (remm)
Catalina
Code: Refactor the RemoteIpValve to use the common utility method for
list to comma separated string conversion. (markt)
Code: Refactor JNDIRealm$JNDIConnection so its fields are accessible
to sub-classes of JNDIRealm. (markt)
Fix: Fix serialization warnings in UserDatabasePrincipal reported by
SpotBugs. (markt)
Fix: 65397: Calls to ServletContext.getResourcePaths() no longer
include symbolic links in the results unless allowLinking has been set to
true. If a resource is skipped because of this change, a warning will be
logged as this typically indicates a configuration issue. (markt)
Coyote
Fix: 65368: Improve handling of clean closes of inbound TLS
connections. Treat them the same way as clean closes of non-TLS
connections rather than as unknown errors. (markt)
Fix: Modify the HTTP/2 connector not to sent small updates for stream
flow control windows to the user agent as, depending on how the user agent
is written, this may trigger small writes from the user agent that in turn
trigger the overhead protection. Small updates for stream flow control
windows are now combined with subsequent flow control window updates for
that stream to ensure that all stream flow control window updates sent
from Tomcat are larger than overheadWindowUpdateThreshold. (markt)
Add: Add additional debug logging to track the current state of the
HTTP/2 overhead count that Tomcat uses to detect and close potentially
malicious connections. (markt)
Update: Many HTTP/2 requests from browsers will trigger one overhead
frame and one non-overhead frame. Change the overhead calculation so that
a non-overhead frame reduces the current overhead count by 2 rather than
1. This means that, over time, the overhead count for a well-behaved
connection will trend downwards. (markt)
Update: Change the initial HTTP/2 overhead count from -10 to -10 *
overheadCountFactor. This means that, regardless of the value chosen for
overheadCountFactor, when a connection opens 10 overhead frames in a row
will be required to trigger the overhead protection. (markt)
Update: Increase the default overheadCountFactor from 1 to 10 and
change the reduction in overhead count for a non-overhead frame from -2 to
-20. This allows for a larger range (0-20) to be used for
overheadCountFactor providing for finer-grained control. (markt)
Fix: Modify the parsing of HTTP header values that use the 1#token to
ignore empty elements as per RFC 7230 section 7 instead of treating the
presence of empty elements as an error. (markt)
Fix: Expand the unit tests for HttpServlet.doHead() and correct the
flushing of the response buffer. The buffer used to behave as if it was
one byte smaller than the configured size. The buffer was flushed (and the
response committed if required) when the buffer was full. The buffer is
now flushed (and the response committed if required) if the buffer is full
and there is more data to write. (markt)
Fix: Fix an issue where concurrent HTTP/2 writes (or concurrent reads)
to the same connection could hang and eventually timeout when async IO was
enabled (it is enabled by default). (markt)
Jasper
Fix: 65390: Correct a regression in the fix for 65124 and restore code
that was removed in error leading to JSP compilation failures in some
circumstances. (markt)
Update: Update to the Eclipse JDT compiler 4.20. (markt)
Add: Add support for specifying Java 17 (with the value 17) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the latest supported version will used. (markt)
Fix: 65377: Update the Java code generation for JSPs not to use the
boxed primitive constructors as they have been deprecated in Java 9 and
marked for future removal in Java 16. valueOf() is now used instead.
(markt)
WebSocket
Code: Refactor the DigestAuthenticator to reuse a shared SecureRandom
instance rather than create a new one to generate the cnonce if required.
(markt)
Web applications
Fix: 65385: Correct the link in the documentation web application the
Maven Central repository. (markt)
Other
Update: Update the OWB module to Apache OpenWebBeans 2.0.23. (remm)
Update: Update the CXF module to Apache CXF 3.4.4. (remm)
Fix: 65369 / #422: Add the additional --add-opens=... options required
for running Tomcat on Java 16 onwards to the service.bat script to align
it with the other start-up scripts. PR provided by MCMicS. (markt)
Update: Update JUnit to version 4.13.2. (markt)
Update: Update EasyMock to 4.3. (markt)
Update: Update Objenesis to 3.2. (markt)
Update: Update UnboundID to 6.0.0. (markt)
Update: Update CheckStyle to 8.43. (markt)
Update: Update SpotBugs to 4.2.3. (markt)
Update: Update OSGi annotations to 1.1.0. (markt)
2021-06-15 Tomcat 9.0.48 (remm)
Coyote
Fix: Regression when generating reflection due to removed NIO classes
in 9.0.47. (remm)
Other
Add: Use JSign to integrate the build script with the code signing
service to enable release builds to be created on Linux as well as
Windows. (markt)
not released Tomcat 9.0.47 (remm)
Catalina
Fix: 65301: RemoteIpValve will now avoid getting the local host name
when it is not needed. (remm)
Fix: 65308: NPE in JNDIRealm when no userRoleAttribute is given.
(fschumacher)
Add: #412: Add commented out, sample users for the Tomcat Manager app
to the default tomcat-users.xml file. Based on a PR by Arnaud Dagnelies.
(markt)
Add: #418: Add a new option, pass-through, to the default servlet's
useBomIfPresent initialization parameter that causes the default servlet
to leave any BOM in place when processing a static file and not to use the
BOM to determine the encoding of the file. Based on a pull request by
Jean-Louis Monteiro. (markt)
Update: Add cookieName attribute to the SSO valve to configure the SSO
cookie name. (remm)
Fix: #419: When processing POST requests of type multipart/form-data
for parts without a filename that are added to the parameter map in String
form, check the size of the part before attempting conversion to String.
Pull request provided by tianshuang. (markt)
Fix: 62912: Don't mutate an application provided content header if it
does not contain a charset. Also remove the outdated workaround for the
buggy Adobe Reader 9 plug-in for IE. (markt)
Fix: AprLifecycleListener does not show dev version suffix for
libtcnative and libapr. (michaelo)
Update: Refactor principal handling in UserDatabaseRealm using an
inner class that extends GenericPrincipal. (remm)
Fix: Enable the default doHead() implementation in HttpServlet to
correctly handle responses where the content length needs to be
represented as a long since it is larger than the maximum value that can
be represented by an int. (markt)
Fix: Avoid synchronization on roles verification for the memory
UserDatabase. (remm)
Fix: Fix the default doHead() implementation in HttpServlet to
correctly handle responses where the Servlet calls ServletResponse.reset()
and/or ServletResponse.resetBuffer(). (markt)
Fix: Fix the default doHead() implementation in HttpServlet to
correctly handle responses generated using the Servlet non-blocking API.
(markt)
Coyote
Add: 64943: Add support for Unix Domain Sockets to
org.apache.coyote.http11.Http11AprProtocol. Depends on tomcat-native
1.2.26 and up. (minfrin)
Fix: 65303: Fix a possible NullPointerException if an error occurs on
an HTTP/1.1 connection being upgraded to HTTP/2 or on a pushed HTTP/2
stream. (markt)
Fix: 65311: Fix a race condition in the NioBlockingSelector that could
cause a delay to select operations. (markt)
Update: Simplify AprEndpoint socket bind for all platforms. (michaelo)
Update: Add back simplification of NIO block read and write, now
better validated in Tomcat 10. (remm)
Fix: Optimize NIO selector handling for Java 11. (remm)
Fix: 65340: Add missing check for a negative return value for
Hpack.decodeInteger in the HpackDecoder, which could cause a
NegativeArraySizeException exception. Submitted by Thomas, and verified
the fix is present in the donated hpack code in a further update. (remm)
Add: Add debug logging for HTTP/2 HPACK header decoding. (markt)
Fix: Correct parsing of HTTP headers consisting of a list of tokens so
that a header with an empty token is treated consistently regardless of
whether the empty token is at the start, middle or end of the list of
tokens. (markt)
Fix: Remove support for the identity transfer encoding. The inclusion
of this encoding in RFC 2616 was an error that was corrected in 2001.
Requests using this transfer encoding will now receive a 501 response.
(markt)
Fix: Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
clients. (markt)
Fix: Ensure that if the transfer encoding header contains the chunked,
that the chunked encoding is the final encoding listed. (markt)
Jasper
Code: Review code used to generate Java source from JSPs and tags and
remove code found to be unnecessary. (markt)
Code: Refactor use of internal ChildInfo class to use compile time
type checking rather than run time type checking. (markt)
Fix: 65358: Improve expression language method matching for methods
with varargs. Where multiple methods may match the provided parameters,
the method that requires the fewest varargs is preferred. (markt)
Add: 65332: Add a commented out section in catalina.policy that
provides the necessary permissions to compile JSPs with javac when running
on Java 9 onwards with a security manager. It is commented out as it will
cause errors if used with earlier Java versions. (markt)
WebSocket
Fix: 65317: When using permessage-deflate, the WebSocket connection
was incorrectly closed if the uncompressed payload size was an exact
multiple of 8192. Based on a patch provided by Saksham Verma. (markt)
Fix: 65342: Correct a regression introduced with the fix for 65262
that meant Tomcat's WebSocket implementation would only work with Tomcat's
implementation of the Java EE WebSocket API. (markt)
Web applications
Fix: Improve the description of the maxConnections and acceptCount
attributes in the Connector section of the documentation web application.
(markt)
Other
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
Fix: 65362: Correct a regression in the previous release. The change
to create OSGi Require-Capability sections in manifests for Jakarta API
JARs manually rather than with bnd annotations did not add the necessary
manual entries to the embedded JARs. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.30. Also update the minimum recommended version to 1.2.30. (markt)
2021-05-12 Tomcat 9.0.46 (markt)
Catalina
Fix: Allow APR connector creation using the listener with the flag and
the default HTTP/1.1 protocol. (rjung/remm)
Code: Expand coverage of unit tests for JNDIRealm using the UnboundID
LDAP SDK for Java. (markt)
Fix: 65224: Ensure the correct escaping of attribute values and search
filters in the JNDIRealm. (markt)
Fix: 65235: Add missing attributes to the MBean descriptor file for
the RemoteIpValve. (markt)
Fix: 65244: HandlesTypes should include classes that use the specified
annotation types on fields or methods. (remm)
Fix: 65251: Correct a regression introduced in 9.0.44 that meant that
the auto-deployment process may attempt a second, concurrent deployment of
a web application that is being deployed by the Manager resulting in one
of the deployments failing and errors being reported. (markt)
Fix: Improve the SSLValve so it is able to handle escaped client
certificate headers from Nginx. Based on a patch by Florent Guillaume.
(markt)
Coyote
Fix: Ensure that all HTTP requests that contain an invalid character
in the protocol component of the request line are rejected with a 400
response rather than some requests being rejected with a 505 response.
(markt)
Fix: When generating the error message for an HTTP request with an
invalid request line, ensure that all the available data is included in
the error message. (markt)
Fix: 65272: Restore the optional HTTP feature that allows LF to be
treated as a line terminator for the request line and/or HTTP headers
lines as well as the standard CRLF. This behaviour was previously removed
as a side-effect of the fix for CVE-2020-1935. (markt)
Jasper
Code: Review code used to generate Java source from JSPs and tags and
remove code found to be unnecessary. (markt)
Update: <servlet> entries in web.xml that include a <jsp-file> element
and a negative <load-no-startup> element that is not the default value of
-1 will no longer be loaded at start-up. This makes it possible to define
a <jsp-file> that will not be loaded at start-up. (markt)
Fix: Allow the JSP configuration option useInstanceManagerForTags to
be used with Tags that are implemented as inner classes. (markt)
WebSocket
Code: Refactor the way Tomcat passes path parameters to POJO end
points to simplify the code. (markt)
Fix: 65262: Refactor the creation of WebSocket end point, decoder and
encoder instances to be more IoC friendly. Instances are now created via
the InstanceManager where possible. (markt)
Web applications
Fix: 65235: Correct name of changeLocalName in the documentation for
the RemoteIpValve. (markt)
Fix: 65265: Avoid getting the boot classpath when it is not available
in the Manager diagnostics. (remm)
Other
Fix: Create OSGi Require-Capability sections in manifests for Jakarta
API JARs manually rather than via the
aQute.bnd.annotation.spi.ServiceConsumer annotation as this triggers TCK
failures for downstream consumers of the API JARs. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.28. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.22. (remm)
Update: Update the CXF module to Apache CXF 3.4.3. (remm)
Fix: Move SystemPropertySource to be a regular class to allow more
precise configuration if needed. The system property source will still
always be enabled. (remm)
Add: Improvements to Chinese translations. Provided by bytesgo. (mark)
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
2021-04-06 Tomcat 9.0.45 (markt)
Catalina
Fix: Avoid NPE when a JNDI reference cannot be resolved in favor of a
NamingException. (remm)
Fix: Avoid using reflection for setting properties on the webapp
classloader. Based on a patch submitted by Romain Manni-Bucau. (remm)
Coyote
Fix: Improve consistency of OpenSSL error stack handling in the TLS
engine, and log all errors found as debug. (remm)
Fix: Ensure that HTTP/2 streams are only recycled once as multiple
attempts to recycle an HTTP/2 stream may result in NullPointerExceptions.
(markt)
Code: Simplify the closing on an HTTP/2 stream when an error condition
is present. (markt)
Fix: 64771: Prevent concurrent calls to ServletInputStream.isReady()
corrupting the input buffer. (markt)
Fix: 65179: Ensure that the connection level flow control window from
the client to the server is updated when handling DATA frames received
for completed streams else the flow control window may become exhausted.
(markt)
Fix: 65203: Fix a regression introduced in 9.0.44 that meant that an
error during an asynchronous read broke all future asynchronous reads
associated with the same request instance. (markt)
Fix: Disable keep-alive when inconsistent content delimitation is
present in a request. (remm)
Jasper
Fix: Include the new org.apache.jasper.optimizations package in the
list of OSGi exported packages for the Jasper embedded JAR.
Patch provided by Sokratis Zappis. (markt)
Add: Add a new option for the trimSpaces configuration. extended will
attempt to remove leading and trailing whitespace from template text and
collapse sequences of whitespace and newlines within template text into a
single new line. Based on a pull request by kamnani. (markt)
Other
Add: Implement the first phase of reproducible builds. Sequential
builds on the same machine now produce identical output provided that
the Ant property ant.tstamp.now is set. The minimum required Ant
version is now 1.9.10. (markt)
Add: Improvements to Chinese translations. Provided by Ruan Wenjun.
(mark)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations. Provided by kfujino and
Shirayuking. (markt)
Add: Improvements to Korean translations. (woonsan)
Update: Update the packaged version of the Tomcat Native Library to
1.2.27. (markt)
2021-03-10 Tomcat 9.0.44 (markt)
Catalina
Fix: Revert an incorrect fix for a potential resource leak that broke
deployment via the Ant deploy task. (markt)
Fix: Improve error message for failed ConfigurationSource lookups in
the Catalina implementation. (remm)
Fix: 64938: Align the behaviour when null is passed to the
ServletResponse methods setCharacterEncoding(), setContentType() and
setLocale() with the recent clarification from the Jakarta Servlet
project of the expected behaviour in these cases. (markt)
Fix: 65135: Rename Context method isParallelAnnotationScanning to
getParallelAnnotationScanning for consistency and ease of use in JMX
descriptors. (remm)
Fix: Ensure that the AsyncListener.onError() event is triggered when a
I/O error occurs during non-blocking I/O. There were some cases
discovered where this was not happening. (markt)
Add: Make the non-blocking I/O error handling more robust by handling
the case where the application code swallows an IOException in
WriteListener.onWritePossible() and ReadListener.onDataAvailable().
(markt)
Fix: Correct syntax error in output of JsonErrorReportValve. Pull
request provided by Viraj Kanwade. (markt)
Code: Make the StandardContext.postWorkDirectory() protected rather
than private to help users wishing to customise the default work directory
behaviour. (markt)
Coyote
Fix: 65118: Fix a potential NullPointerException when pruning closed
HTTP/2 streams from the connection. (markt)
Fix: Avoid NullPointerException when a secure channel is closed before
the SSL engine was initialized. (remm)
Fix: Ensure that the ReadListener's onError() event is triggered if
the client closes the connection before sending the entire request body
and the server is ready the request body using non-blocking I/O. (markt)
Fix: 65137: Ensure that a response is not corrupted as well as
incomplete if the connection is closed before the response is fully
written due to a write timeout. (markt)
Fix: Related to bug 65131, make sure all errors from OpenSSL are fully
cleared, as there could be more than one error present after an operation
(confirmed in the OpenSSL API documentation). (remm)
Fix: Make handling of OpenSSL read errors more robust when plain text
data is reported to be available to read. (markt)
Fix: Correct handling of write errors during non-blocking I/O to
ensure that the associated AsyncContext was closed down correctly. (markt)
Web applications
Fix: 65136: Remove the restriction that prevented the Manager web
application deploying different web applications in parallel. This
required some refactoring, most notably to HostConfig.check() and how it
is used. (markt)
Other
Update: Update the OWB module to Apache OpenWebBeans 2.0.21. (remm)
Update: Update the CXF module to Apache CXF 3.4.2. (remm)
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
Add: Improvements to Brazilian Portuguese translations. Provided by
Thiago. (mark)
Add: Improvements to Russian translations. Provided by Azat. (mark)
Add: Improvements to Chinese translations. Provided by shawn. (mark)
Update: Update to bnd 5.3.0. (markt)
2021-02-02 Tomcat 9.0.43 (markt)
Catalina
Fix: 65106: Fix the ConfigFileLoader handling of file URIs when
running under a security manager on some JREs. (markt)
Coyote
Fix: Ensure that SNI provided host names are matched to SSL virtual
host configurations in a case insensitive manner. (markt)
Fix: 65111: Free direct memory buffers in the APR connector. (remm)
not released Tomcat 9.0.42 (markt)
Catalina
Fix: 60781: Escape elements in the access log that need to be escaped
for the access log to be parsed unambiguously. (fschumacher/markt)
Add: 64110: Add support for additional TLS related request attributes
that provide details of the protocols and ciphers requested by a client in
the initial TLS handshake. (markt)
Add: Let the RemoteCIDRValve inherit from RequestFilterValve and
support all of its features. Especially add support for connector specific
configuration using addConnectorPort. (rjung)
Add: Add peerAddress to coyote request, which contains the IP address
of the direct connection peer. If a reverse proxy sits in front of Tomcat
and the protocol used is AJP or HTTP in combination with the
RemoteIp(Valve|Filter), the peer address might differ from the
remoteAddress. The latter then contains the address of the client in front
of the reverse proxy, not the address of the proxy itself. Support for the
peer address has been added to the RemoteAddrValve and RemoteCIDRValve
with the new attribute usePeerAddress. This can be used to restrict access
to Tomcat based on the reverse proxy IP address, which is especially
useful to harden access to AJP connectors. The peer address can also be
logged in the access log using the new %{peer}a syntax. (rjung)
Fix: Avoid uncaught InaccessibleObjectException on Java 16 trying to
clear references threads. (remm)
Fix: 65033: Fix JNDI realm error handling when connecting to a failed
server when pooling was not enabled. (remm)
Fix: 65047: If the AccessLogValve is unable to open the access log
file, include information on the current user in the associated log
message (markt)
Coyote
Fix: Additional fix for 64830 to address an edge case that could
trigger request corruption with h2c connections. (markt)
Fix: 64974: Improve handling of pipelined HTTP requests in combination
with the Servlet non-blocking IO API. It was possible that some requests
could get dropped. (markt)
Add: Add support for using Unix domain sockets for NIO when running on
Java 16 or later. This uses NIO specific unixDomainSocketPath and
unixDomainSocketPathPermissions attributes. Based on a PR submitted by
Graham Leggett. (remm)
Fix: 65001: Fix error handling for exceptions thrown from calls to
ReadListener and WriteListener. (markt)
Fix: Avoid possible infinite loop in OpenSSLEngine.unwrap when the
destination buffers state is changed concurrently. (remm)
Jasper
Add: Add a new StringInterpreter interface that allows applications to
provide customised string attribute value to type conversion within JSPs.
This allows applications to provide a conversion implementation that is
optimised for the application. (markt)
Fix: 64965: JspContextWrapper.findAttribute should ignore expired
sessions rather than throw an IllegalStateException. (remm)
Update: Update to the Eclipse JDT compiler 4.18. (markt)
Web applications
Fix: 65007: Clarify that the commands shown in the TLS documentation
for importing a signed TLS certificate from a certificate authority are
typical examples that may need to be adjusted in some cases. (markt)
Tribes
Fix: Work around DNS caching for the DNS provider of the cloud
membership. (jfclere)
Other
Add: Improvements to Chinese translations. Provided by leeyazhou and
Yi Shen. (markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
Update: Update the packaged version of the Tomcat Native Library to
1.2.26. (markt)
Add: Update the internal fork of Apache Commons Pool to 2.9.1-SNAPSHOT
(2021-01-15). (markt)
Add: Update the internal fork of Apache Commons DBCP to 2.9.0-SNAPSHOT
(2021-01-15). (markt)
Update: Migrate to new code signing service. (markt)
Code: Use java.nio.file.Path to test for one directory being a
sub-directory of another in a consistent way. (markt)
Update: Update to Commons Daemon 1.2.4. (markt)
Add: Improvements to Brazilian Portuguese translations. Provided by
Rual Zaninetti Rosa and Lucas. (markt)
Add: Improvements to Russian translations. Provided by Polina and
Azat. (markt)
Update: Update the NSIS Installer used to build the Windows installer
to version 3.06.1. (kkolinko)
Upstream changelog:
Tomcat 9.0.62 (remm)
Catalina
Add: Effectively disable the WebappClassLoaderBase.getResources()
method as it is not used and if something accidently exposes the class
loader this method can be used to gain access to Tomcat internals. (markt)
Tomcat 9.0.61 (remm)
Catalina
Code: Harden the CredentialHandler implementations by switching to a
constant-time implementation for credential comparisons. (schultz/markt)
Coyote
Fix: Use a constant for the default TLS cipher suite. This will allow
skipping setting it in some cases (for example, it does not make sense for
OpenSSL TLS 1.3). (remm)
Fix: #487: Improve logging of unknown settings frames. Pull request by
Thomas Hoffmann. (remm)
Add: 65975: Add a warning if a TLS virtual host is configured with
optional certificate authentication and the containing connector is also
configured to support HTTP/2 as HTTP/2 does not permit optional
certificate authentication. (markt)
Add: 65975: Add a warning if a TLS virtual host is configured for TLS
1.3 with a JSSE implementation and a web application is configured for
CLIENT-CERT authentication. CLIENT-CERT authentication requires
post-handshake authentication (PHA) when used with TLS 1.3 but the JSSE
TLS 1.3 implementation does not support PHA. (markt)
Fix: Improve the recycling of Processor objects to make it more
robust. (markt)
Jasper
Fix: 65959: Serialize Function as String[] rather Class[]. (remm)
Web applications
Fix: 65952: Align --add-opens configuration for jsvc with the current
Tomcat scripts. (markt)
Fix: Correct the AJP and HTTP/1.1 Connector configuration pages in the
documentation web application to show which attributes are applicable to
all Connectors and which are implementation specific. (markt)
Other
Fix: Correct a spelling mistake in the German translations. Thanks to
Thomas Hoffmann. (markt)
Fix: 65951: Use the tomcat.output property for OSGi bundle manifest
paths. (isapir)
Update: Update to Commons Daemon 1.3.0. (markt)
Update: Update to Checkstyle 10.0. (markt)
Update: Update to SpotBugs 4.6.0. (markt)
Add: Expand the spotbugs Ant task to also cover test code. (markt)
Update: Update to bnd 6.2.0. (markt)
Update: Remove OSGi annotations dependency as it is no longer required
with bnd 6.2.0. (markt)
Code: Refactor the resource files for the Apache Tomcat installer for
Windows so that all the resource files are located in a single directory
in the source tree. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n.(markt)
Add: Improvements to Chinese translations contributed by 15625988003.
(markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations contributed by tak7iji.
(markt)
Add: Expand coverage of translations for jakarta.el package. Based on
#488 from Volodymyr Siedlecki. (markt)
2022-03-14 Tomcat 9.0.60 (remm)
Catalina
Fix: 65921: The type substitution flag for the rewrite valve should
set the content type for the response, not the request. (markt)
Fix: #479: Enable the rewrite valve to redirect requests when the
original request cannot be mapped to a context. This typically happens
when no ROOT context is defined. Pull request by elkman. (markt)
Fix: 65940: Fix NullPointerException if an exception occurs during the
destruction of a Servlet. (markt)
Coyote
Fix: Fix regression introduced with 65757 bugfix which better
identified non request threads but which introduced a similar problem when
user code was doing sequential operations in a single thread. Test case
code submitted by Istvan Szekely. (remm)
Fix: Fix potential thread-safety issue that could cause HTTP/1.1
request processing to wait, and potentially timeout, waiting for
additional data when the full request has been received. (markt)
Fix: Throw IOException rather than IllegalStateException when the
application attempts to write to an HTTP/2 stream after the client has
closed the stream. (markt)
Jasper
Fix: When resolving methods in EL expressions that use beans and/or
static fields, ensure that any custom type conversion is considered when
identifying the method to call. (markt)
Web applications
Fix: Correct the name of the value attribute in the new documentation
of OpenSSLConfCmd elements. (rjung)
2022-02-28 Tomcat 9.0.59 (remm)
Catalina
Add: Add ha-api-*.jar and jaxws-rt-*.jar to the list of JARs to skip
when scanning for TLDs, web fragments and annotations. (michaelo)
Add: Expand the default mappings used by ServletResponse.setLocale()
to include a mapping from the ja locale to the Shift_JIS encoding. (markt)
Fix: 65806: Improve the handling of session ID generation when the
default algorithm for SecureRandom (SHA1PRNG) is not supported by the
configured providers as will be the case for a FIPS compliant
configuration. (markt)
Fix: #464: Fall back to the class loader used to load JULI when the
thread context class loader is not set. In a normal Tomcat configuration,
this will be the system class loader. Based on a pull request by
jackshirazi. (markt)
Fix: #469: Include the Java Annotations API in the classes that Tomcat
will not load from web applications. Pull request provided by ppkarwasz.
(markt)
Add: #472: Add support for additional user attributes to
TomcatPrincipal and GenericPrincipal. Patch provided by Carsten Klein.
(michaelo)
Fix: Fix a potential StringIndexOutOfBoundsException exception when
generating a WebDAV multi-status response after an error during a copy or
delete. Report the paths relative to the server root for any resources
with an error. (markt)
Fix: Improve the format of WebDAV XML responses to make them easier
for humans to read. The change ensures that there is always a line break
before starting a new element. (markt)
Fix: Improve validation of the Destination header for WebDAV MOVE and
COPY requests. (markt)
Coyote
Fix: Correct a regression in the fix for 65454 that meant that
minSpareThreads and maxThreads settings were ignored when the Connector
used an internal executor. (markt)
Fix: 65776: Improve the detection of the Linux duplicate accept bug
and reduce (hopefully avoid) instances of false positives. (markt)
Fix: 65848: Revert the change that attempted to align the behaviour of
client certificate authentication with NIO or NIO2 with OpenSSL for TLS
between MacOS and Linux/Windows as the root cause was traced to
configuration differences. (markt)
Fix: #467: When system time moves backwards (e.g. after clock
correction), ensure that the cached formatted current date used for HTTP
headers tracks this change. Pull request provided by zhenguoli. (markt)
Jasper
Fix: #474: Prevent a tag file from corrupting the ELContext of the
calling page. Pull request provided by Dmitri Blinov. (markt)
Fix: Minor optimisation of serialization for FunctionMapperImpl in
response to pull request #476. (markt)
Web applications
Fix: Remove the applet example from the example web application as
applets are no longer supported in any major browser. (markt)
Code: Refactor a small number of pages in the examples web application
to avoid an issue with reproducible builds due to differences in file
ordering across different operating systems with Ant's zip task. (markt)
Fix: Better documentation for the protocol attribute of the JNDIRealm.
(markt)
Fix: Clarify the settings described in the documentation web
application to configure a cluster using static membership. (markt)
Add: Add information on the OpenSSLConf and OpenSSLConfCmd elements to
the HTTP SSL configuration page in the documentation web applications.
(markt)
jdbc-pool
Code: Use LF line endings for text files in JARs to support
reproducible builds across different operating systems. (markt)
Other
Code: Switch to building with Java 11 and using --release to target
Java 8. Once back-ported to all currently supported branches, this will
reduce the number of Java versions developers need to juggle. (markt)
Code: Use LF line endings for text files in JARs to support
reproducible builds across different operating systems. (markt)
Fix: Fix dependencies for individual test targets in Ant build file.
Based on #468 provided by Totoo chenyonghui. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.26. (remm)
Fix: Revert the cherry-pick of JavaDoc fix from DBCP applied in 9.0.57
that broke the DataSourceMXBean by using a type that isn't supported by
MXBeans. (markt)
2022-01-20 Tomcat 9.0.58 (remm)
Coyote
Fix: Correct a regression in the fix for 65785 that broke HTTP/2
server push. (markt)
not released Tomcat 9.0.57 (remm)
Catalina
Fix: Add additional locking to DataSourceUserDatabase to provide
improved protection for concurrent modifications. (markt)
Fix: Add recycling check in the input and output stream isReady to try
to give a more informative ISE when the facade has been recycled. (remm)
Update: Remove the deprecated JmxRemoteLifecycleListener. (markt)
Fix: Make the calculation of the session storage location more robust
when using file based persistent storage. (markt)
Coyote
Fix: 65726: Implement support for HTTP/1.1 upgrade when the request
includes a body. The maximum permitted size of the body is controlled by
maxSavePostSize. (markt)
Fix: Restore pre-starting of minSpareThreads lost in the fix for
65454. (markt)
Fix: Revert the previous fix for 65714 and implement a more
comprehensive fix. (markt)
Fix: 65757: Missing initial IO listener notification on Servlet
container dispatch to another container thread. (remm)
Fix: Expand the fix for 65757 so that rather than just checking if
processing is happening on a container thread, the check is now if
processing is happening on the container thread currently allocated to
this request/response. (markt)
Fix: Improve the fix for RST frame ordering added in 9.0.56 to avoid a
potential deadlock on some systems in non-default configurations. (markt)
Add: 65767: Add support for certificates that use keys encrypted using
PBES2. Based on a pull request provided by xiezhaokun. (markt)
Code: Refactor testing whether a String is a valid HTTP token. (markt)
Fix: 65785: Perform additional validation of HTTP headers when using
HTTP/2. (markt)
Fix: When a Connector or Endpoint is paused, ensure that only new
connections and new requests on existing connections are stopped while
allowing in progress requests to run to completion. (markt)
Fix: Explicitly release ByteBuffer instances associated with pooled
channels when stopping the NioEndpoint and Nio2Endpoint. (markt)
Fix: Narrow the scope of the logging of invalid cookie headers to just
the invalid cookie rather than the whole cookie header. (markt)
Jasper
Fix: 65724: Fix missing messages for some
PropertyNotWritableExceptions caused by a typo in the name used for a
resource string. (markt)
Add: Add support for specifying Java 18 (with the value 18) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
WebSocket
Add: Add support for POJO WebSocket endpoints to the programmatic
upgrade that allows applications to opt to upgrade an HTTP connection to
WebSocket. (markt)
Fix: 65763: Improve handling of WebSocket connection close if a
message write times out before the message is fully written. (markt)
Other
Update: Update the OWB module to Apache OpenWebBeans 2.0.25. (remm)
Update: Update the CXF module to Apache CXF 3.5.0. (remm)
Add: Improvements to Chinese translations contributed by zhnnn.
(markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations contributed by Shirayuking,
yoshy and tak7iji. (markt)
Add: Improvements to Korean translations. (woonsan)
Update: Update SpotBugs to 4.5.2. (markt)
Update: Update the NSIS installer to 3.08. (markt)
Update: Update UnboundID to 6.0.3. (markt)
Update: Update CheckStyle to 9.2.1. (markt)
Update: Update BND to 6.1.0. (markt)
Update: Update OSGI annotations to 1.1.1. (markt)
2021-12-02 Tomcat 9.0.56 (remm)
Catalina
Fix: Make SPNEGO authentication more robust for the case where the
provided credential has expired. (markt)
Fix: 65684: Fix a potential NullPointerException when using JULI.
(markt)
Docs: Document conditions under which the AprLifecycleListener can be
used to avoid JVM crashes. (michaelo)
Fix: Refactor the AsyncFileHandler to reduce the possibility of log
messages being lost on shutdown. (markt)
Update: Refactor the AsyncFileHandler to remove the need for the
org.apache.juli.AsyncLoggerPollInterval. If set, this property now has no
effect. (markt)
Add: Add debug logging to the RestCsrfPreventionFilter. Based on pull
request #452 by Polina Georgieva. (markt)
Add: 65710: Implement a workaround for a JVM bug that can trigger a
file descriptor leak when using multi-part upload and the application does
not explicitly close an input stream for an uploaded file that was cached
on disk. (markt)
Coyote
Fix: Improve error handling if APR/Native fails to attach TLS
capabilities to a TLS enabled client connection. (markt)
Fix: Improve error handling if APR/Native fails to accept an incoming
connection. (markt)
Add: Provide protection against a known OS bug that causes the
acceptor to report an incoming connection more than once. (markt)
Fix: Avoid unnecessary duplicate read registrations for blocking I/O
with the NIO connector. (markt)
Fix: 65677: Improve exception handling for errors during HTTP/1.1
reads with NIO2. (markt)
Fix: Refactor APR/native connector shutdown to remove a potential
source of JVM crashes on shutdown when sendfile is used. (markt)
Fix: When an error occurs that triggers a stream reset, ensure that
the first RST frame sent to the client is the one associated with the
error that triggered the reset. (markt)
Fix: 65714: Fix exceptions when the security manager is enabled and
the first request received after starting is an HTTP request to a TLS
enabled NIO2 connector. (markt)
Add: Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the
same way on MacOS as it does on Linux and Windows when no trusted
certificate authorities are configured and reject all client certificates.
(markt)
Fix: Avoid a potential deadlock during the concurrent processing of
incoming HTTP/2 frames for a stream and that stream being reset. (markt)
Other
Fix: Switch from Cobertura to JaCoCo for code coverage as Cobertura
does not support code coverage for code compiled for Java 11 onwards. It
also removes the need to use a single thread to run the tests. (markt)
2021-11-10 Tomcat 9.0.55 (remm)
Catalina
Fix: Improve robustness of JNDIRealm for exceptions occurring when
getting the connection. Also add missing close when running into issues
getting the passord of a user. (remm)
Docs: Add Javadoc comment which listeners must be nested whithin
Server elements only. (michaelo)
Add: Add support for custom caching strategies for web application
resources. This initial implementation allows control over whether or not
a resource is cached. (markt)
Update: Log warning if a listener is not nested inside a Server
element although it must have been. (michaelo)
Coyote
Code: Improve performance of Connector shutdown - primarily to reduce
the time it takes to run the test suite. (markt)
Fix: Refactor the APR/native connector shutdown to reduce the
possibility of a JVM crash during the connector shutdown. (markt)
Add: #457: Add a toString() method to MimeHeader to aid debugging.
(dblevins)
Add: Add experimental OpenSSL support through the Panama API
incubating in Java 17, with support for OpenSSL 1.1+. This no longer
requires tomcat-native or APR. Please refer to the openssl-java17 module
from the main branch for more details. (remm)
Fix: Fix APR connector stop so it correctly waits for the sendfile
thread, if any, to exit. (markt)
Fix: Do not ignore the error condition if the APR connector is not
able to open a server socket as continuing in this case will trigger a JVM
crash. (markt)
Fix: Fix a potential JVM crash when using the APR/Native connector
with TLS. A crash could occur if the connector was stopped whilst a
connection was performing a TLS handshake. (markt)
Jasper
Update: Regenerate the EL parser using JavaCC 7.0.10. (markt)
Fix: Fix a bug that prevented the EL parser correctly parsing a
literal Map that used variables rather than literals for both keys and
values. (markt)
WebSocket
Update: Add a new method WsServerContainer.upgradeHttpToWebSocket() to
align with the new method that will be available from WebSocket 2.1
onwards. (markt)
Tribes
Fix: #454: Differentiate warning messages in
KubernetesMembershipProvider so that the missing attribute is clear
to the user. PR provided by Hal Deadman. (markt)
2021-10-01 Tomcat 9.0.54 (remm)
Catalina
Fix: Provide the DataSource in the constructor of
DataSourceUserDatabase, since it is always global. (remm)
Fix: Fix delete then create object manipulations with
DataSourceUserDatabase. (remm)
Fix: 65553: Implement a work-around for a JRE bug that can trigger a
memory leak when using the JNDI realm. (markt)
Fix: 65586: Fix the bloom filter used to improve performance of
archive file look ups in the web resources implementation so it works
correctly for directory lookups whether or not the provided directory name
includes the trailing /. (markt)
Fix: #451: Improve the usefulness of the thread name cache used in
JULI. Pull request provided by t-gergely. (markt)
Coyote
Fix: 65563: Correct parsing of HTTP Content-Range headers. Tomcat was
incorrectly requiring an = character after bytes. Fix based on pull
request #449 by Thierry Gu辿rin. (markt)
Fix: Correct a potential StackOverflowException with HTTP/2 and
sendfile. (markt)
Fix: Further improvements in the management of the connection flow
control window. This addresses various bugs that caused streams to
incorrectly report that they had timed out waiting for an allocation from
the connection flow control window. (markt)
Fix: 65577: Fix a AccessControlException reporting when running an
NIO2 connector with TLS enabled. (markt)
Update: Reclassify TLS ciphers that use AESCCM8 as medium security
rather than high security to align with recent changes in OpenSSL. (markt)
Fix: Fix an issue that caused some Servlet non-blocking API reads of
the HTTP request body to incorrectly use blocking IO. (markt)
Jasper
Fix: Fix the implementation of MethodExpression.getMethodInfo() so
that it returns the expected value rather than failing when the method
expression is defined with the parameter values in the expression rather
than the types being passed explicitly to
ExpressionFactory.createMethodExpression(). (markt)
WebSocket
Fix: The internal upgrade handler should close the associated
WebConnection on destroy. (remm)
Web applications
Fix: Clarify the JASPIC configuration options in the documentation web
application. (markt)
Other
Fix: 65585: Update obsolete comments at the start of the
build.properties.default file. (markt)
2021-09-10 Tomcat 9.0.53 (remm)
Catalina
Fix: Enable Tomcat to start if an (old) XML parser is configured that
does not support allow-java-encodings. A warning will be logged if such an
XML parser is detected. (markt)
Fix: Change the behaviour of custom error pages. If an error occurs
after the response is committed, once the custom error page content has
been added to the response the connection is now closed immediately rather
than closed cleanly. i.e. the last chunk that marks the end of the
response body is no longer sent. This acts as an additional signal to the
client that the request experienced an error. (markt)
Fix: 65479: When handling requests using JASPIC authentication, ensure
that PasswordValidationCallback.getResult() returns the result of the
password validation rather than always returning false. Fixed via pull
request #438 provided by Robert Rodewald. (markt)
Code: Refactor the authenticators to delegate the check for preemptive
authentication to the individual authenticators where an authentication
scheme specific check can be performed. Based on pull request #444 by
Robert Rodewald. (markt)
Update: Improve the reusability of the UserDatabase by adding
intermediate concrete implementation classes and allowing to do partial
database updates on save. (remm)
Add: Add a UserDatabase implementation as a superset of the
DataSourceRealm functionality. (remm)
Fix: Make sure the dynamic Principal returned by UserDatabaseRealm
stays up to date with the database contents, and add an option to have it
be static, similar to the other realms. (remm)
Add: Add derby-*.jar to the list of JARs to skip when scanning for
TLDs, web fragments and annotations. (markt)
Fix: #447. Correct JPMS metadata for catalina.jar. Pull request
provided by Hui Wang. (markt)
Coyote
Fix: Correct a logic error that meant setting certificateKeystoreFile
to NONE did not have the expected effect. NONE was incorrectly treated as
a file path. Patch provided by Mikael Sterner. (markt)
Fix: 65505: When an HTTP header value is removed, ensure that the
order of the remaining header values is unchanged. (markt)
WebSocket
Fix: 65506: Fix write timeout check that was using the read timeout
value. Patch submitted by Gustavo Mahlow. (remm)
Web applications
Fix: Remove unnecessary Context settings from the examples web
application. (markt)
Fix: Document default value for unpackWARs and related clean-up. Pull
request #439 provided by Robert Rodewald. (markt)
Fix: Clarify the documentation of the compressionMinSize and
compressibleMimeType HTTP Connector attributes. Pull request #442 provided
by crisgeek. (markt)
Other
Fix: Fix failing build when building on non-English locales. Pull
request #441 provided by Dachuan J. (markt)
Update: Update to JSign version 4.0 to enable code signing without the
need for the installation of additional client tools. (markt)
Add: Update the internal fork of Apache Commons BCEL to 40d5eb4
(2021-09-01, 6.6.0-SNAPSHOT). Code clean-up only. (markt)
Add: Update the internal fork of Apache Commons Codec to fd44e6b
(2021-09-01, 1.16-SNAPSHOT). Minor refactoring. (markt)
Update: Add Apache Derby 10.14.2.0 to the testsuite dependencies, for
JDBC and DataSource testing. (remm)
Add: 65661: Update the internal fork of Apache Commons FileUpload to
33d2d79 (2021-09-01, 2.0-SNAPSHOT). Refactoring and code clean-up. As a
result of Commons File Upload now using java.nio.file.Files, applications
using multi-part uploads need to ensure that the JVM is configured with
sufficient direct memory to store all in progress multi-part uploads.
(markt)
Add: Update the internal fork of Apache Commons Pool to 2.11.1
(2021-08-17). Improvements, code clean-up and refactoring. (markt)
Add: Update the internal fork of Apache Commons DBCP to 2.9.0
(2021-08-03). Improvements, code clean-up and refactoring. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.31 to pick up Windows binaries built with OpenSSL 1.1.1l.(markt)
Update: Switch to the CDN as the primary download location for ASF
dependencies. (markt)
Add: Improvements to Chinese translations contributed by syseal,
wolibo, ZhangJieWen and DigitalFatCat. (markt)
Add: Improvements to Japanese translations contributed by tak7iji.
(markt)
Add: Improvements to Korean translations. (woonsan)
2021-08-06 Tomcat 9.0.52 (remm)
Catalina
Code: 65476: Correct an error in some code clean-up that mean that web
application classes were not configured with the correct package. (markt)
not released Tomcat 9.0.51 (remm)
Catalina
Fix: 65411: Always close the connection when an uncaught
NamingException occurs to avoid connection locking. Submitted by Ole
Ostergaard. (remm)
Fix: 65433: Correct a regression in the fix for 65397 where a
StringIndexOutOfBoundsException could be triggered if the canonical path
of the target of a symlink was shorter than the canonical path of the
directory in which the symlink had been created. Patch provided by Cedomir
Igaly. (markt)
Add: 65443: Refactor the CorsFilter to make it easier to extend.
(markt)
Fix: To avoid unnecessary cache revalidation, do not add an HTTP
Expires header when setting adding an HTTP header of CacheControl:
private. (markt)
Coyote
Fix: When writing an HTTP/2 response via sendfile (only enabled when
useAsyncIO is true) the connection flow control window was sometimes
ignored leading to various error conditions. sendfile now checks both the
stream and connection flow control windows before writing. (markt)
Add: Add debug logging for writing an HTTP/2 response via sendfile.
(markt)
Fix: Correct bugs in the HTTP/2 connection flow control management
that meant it was possible for a connection to stall waiting for a
connection flow control window update that had already arrived. Any
streams on that connection that were trying to write when this happened
would time out. (markt)
Fix: 65448: When using TLS with NIO, it was possible for a blocking
response write to hang just before the final TLS packet associated with
the response until the connection timed out at which point the final
packet would be sent and the connection closed. (markt)
Fix: 65454: Fix a race condition that could result in a delay to a new
request. The new request could be queued to wait for an existing request
to finish processing rather than the thread pool creating a new thread to
process the new request. (markt)
Fix: 65460: Correct a regression introduced in the previous release in
the change to reduce the number of small HTTP/2 window updates sent for
streams. A logic error meant that small window updates for the connection
were dropped. This meant that the connection flow window slowly reduced
over time until nothing could be sent. (markt)
Web applications
Fix: 65404: Correct a regression in the fix for 63362 that caused the
server status page in the Manager web application to be truncated if HTTP
upgrade was used such as when starting a WebSocket connection. (markt)
Other
Add: Improvements to Chinese translations contributed by ZhangJieWen
and chengzheyan. (markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations contributed by tak7iji.
(markt)
Add: Improvements to Korean translations. (woonsan)
Fix: Use of GraalVM native images no longer automatically disables JMX
support. JMX support may still be disabled by calling
org.apache.tomcat.util.modeler.Registry.disableRegistry(). (markt)
2021-07-02 Tomcat 9.0.50 (remm)
Jasper
Fix: Jakarta to Javax backport issue in tests. (remm)
not released Tomcat 9.0.49 (remm)
Catalina
Code: Refactor the RemoteIpValve to use the common utility method for
list to comma separated string conversion. (markt)
Code: Refactor JNDIRealm$JNDIConnection so its fields are accessible
to sub-classes of JNDIRealm. (markt)
Fix: Fix serialization warnings in UserDatabasePrincipal reported by
SpotBugs. (markt)
Fix: 65397: Calls to ServletContext.getResourcePaths() no longer
include symbolic links in the results unless allowLinking has been set to
true. If a resource is skipped because of this change, a warning will be
logged as this typically indicates a configuration issue. (markt)
Coyote
Fix: 65368: Improve handling of clean closes of inbound TLS
connections. Treat them the same way as clean closes of non-TLS
connections rather than as unknown errors. (markt)
Fix: Modify the HTTP/2 connector not to sent small updates for stream
flow control windows to the user agent as, depending on how the user agent
is written, this may trigger small writes from the user agent that in turn
trigger the overhead protection. Small updates for stream flow control
windows are now combined with subsequent flow control window updates for
that stream to ensure that all stream flow control window updates sent
from Tomcat are larger than overheadWindowUpdateThreshold. (markt)
Add: Add additional debug logging to track the current state of the
HTTP/2 overhead count that Tomcat uses to detect and close potentially
malicious connections. (markt)
Update: Many HTTP/2 requests from browsers will trigger one overhead
frame and one non-overhead frame. Change the overhead calculation so that
a non-overhead frame reduces the current overhead count by 2 rather than
1. This means that, over time, the overhead count for a well-behaved
connection will trend downwards. (markt)
Update: Change the initial HTTP/2 overhead count from -10 to -10 *
overheadCountFactor. This means that, regardless of the value chosen for
overheadCountFactor, when a connection opens 10 overhead frames in a row
will be required to trigger the overhead protection. (markt)
Update: Increase the default overheadCountFactor from 1 to 10 and
change the reduction in overhead count for a non-overhead frame from -2 to
-20. This allows for a larger range (0-20) to be used for
overheadCountFactor providing for finer-grained control. (markt)
Fix: Modify the parsing of HTTP header values that use the 1#token to
ignore empty elements as per RFC 7230 section 7 instead of treating the
presence of empty elements as an error. (markt)
Fix: Expand the unit tests for HttpServlet.doHead() and correct the
flushing of the response buffer. The buffer used to behave as if it was
one byte smaller than the configured size. The buffer was flushed (and the
response committed if required) when the buffer was full. The buffer is
now flushed (and the response committed if required) if the buffer is full
and there is more data to write. (markt)
Fix: Fix an issue where concurrent HTTP/2 writes (or concurrent reads)
to the same connection could hang and eventually timeout when async IO was
enabled (it is enabled by default). (markt)
Jasper
Fix: 65390: Correct a regression in the fix for 65124 and restore code
that was removed in error leading to JSP compilation failures in some
circumstances. (markt)
Update: Update to the Eclipse JDT compiler 4.20. (markt)
Add: Add support for specifying Java 17 (with the value 17) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the latest supported version will used. (markt)
Fix: 65377: Update the Java code generation for JSPs not to use the
boxed primitive constructors as they have been deprecated in Java 9 and
marked for future removal in Java 16. valueOf() is now used instead.
(markt)
WebSocket
Code: Refactor the DigestAuthenticator to reuse a shared SecureRandom
instance rather than create a new one to generate the cnonce if required.
(markt)
Web applications
Fix: 65385: Correct the link in the documentation web application the
Maven Central repository. (markt)
Other
Update: Update the OWB module to Apache OpenWebBeans 2.0.23. (remm)
Update: Update the CXF module to Apache CXF 3.4.4. (remm)
Fix: 65369 / #422: Add the additional --add-opens=... options required
for running Tomcat on Java 16 onwards to the service.bat script to align
it with the other start-up scripts. PR provided by MCMicS. (markt)
Update: Update JUnit to version 4.13.2. (markt)
Update: Update EasyMock to 4.3. (markt)
Update: Update Objenesis to 3.2. (markt)
Update: Update UnboundID to 6.0.0. (markt)
Update: Update CheckStyle to 8.43. (markt)
Update: Update SpotBugs to 4.2.3. (markt)
Update: Update OSGi annotations to 1.1.0. (markt)
2021-06-15 Tomcat 9.0.48 (remm)
Coyote
Fix: Regression when generating reflection due to removed NIO classes
in 9.0.47. (remm)
Other
Add: Use JSign to integrate the build script with the code signing
service to enable release builds to be created on Linux as well as
Windows. (markt)
not released Tomcat 9.0.47 (remm)
Catalina
Fix: 65301: RemoteIpValve will now avoid getting the local host name
when it is not needed. (remm)
Fix: 65308: NPE in JNDIRealm when no userRoleAttribute is given.
(fschumacher)
Add: #412: Add commented out, sample users for the Tomcat Manager app
to the default tomcat-users.xml file. Based on a PR by Arnaud Dagnelies.
(markt)
Add: #418: Add a new option, pass-through, to the default servlet's
useBomIfPresent initialization parameter that causes the default servlet
to leave any BOM in place when processing a static file and not to use the
BOM to determine the encoding of the file. Based on a pull request by
Jean-Louis Monteiro. (markt)
Update: Add cookieName attribute to the SSO valve to configure the SSO
cookie name. (remm)
Fix: #419: When processing POST requests of type multipart/form-data
for parts without a filename that are added to the parameter map in String
form, check the size of the part before attempting conversion to String.
Pull request provided by tianshuang. (markt)
Fix: 62912: Don't mutate an application provided content header if it
does not contain a charset. Also remove the outdated workaround for the
buggy Adobe Reader 9 plug-in for IE. (markt)
Fix: AprLifecycleListener does not show dev version suffix for
libtcnative and libapr. (michaelo)
Update: Refactor principal handling in UserDatabaseRealm using an
inner class that extends GenericPrincipal. (remm)
Fix: Enable the default doHead() implementation in HttpServlet to
correctly handle responses where the content length needs to be
represented as a long since it is larger than the maximum value that can
be represented by an int. (markt)
Fix: Avoid synchronization on roles verification for the memory
UserDatabase. (remm)
Fix: Fix the default doHead() implementation in HttpServlet to
correctly handle responses where the Servlet calls ServletResponse.reset()
and/or ServletResponse.resetBuffer(). (markt)
Fix: Fix the default doHead() implementation in HttpServlet to
correctly handle responses generated using the Servlet non-blocking API.
(markt)
Coyote
Add: 64943: Add support for Unix Domain Sockets to
org.apache.coyote.http11.Http11AprProtocol. Depends on tomcat-native
1.2.26 and up. (minfrin)
Fix: 65303: Fix a possible NullPointerException if an error occurs on
an HTTP/1.1 connection being upgraded to HTTP/2 or on a pushed HTTP/2
stream. (markt)
Fix: 65311: Fix a race condition in the NioBlockingSelector that could
cause a delay to select operations. (markt)
Update: Simplify AprEndpoint socket bind for all platforms. (michaelo)
Update: Add back simplification of NIO block read and write, now
better validated in Tomcat 10. (remm)
Fix: Optimize NIO selector handling for Java 11. (remm)
Fix: 65340: Add missing check for a negative return value for
Hpack.decodeInteger in the HpackDecoder, which could cause a
NegativeArraySizeException exception. Submitted by Thomas, and verified
the fix is present in the donated hpack code in a further update. (remm)
Add: Add debug logging for HTTP/2 HPACK header decoding. (markt)
Fix: Correct parsing of HTTP headers consisting of a list of tokens so
that a header with an empty token is treated consistently regardless of
whether the empty token is at the start, middle or end of the list of
tokens. (markt)
Fix: Remove support for the identity transfer encoding. The inclusion
of this encoding in RFC 2616 was an error that was corrected in 2001.
Requests using this transfer encoding will now receive a 501 response.
(markt)
Fix: Process transfer encoding headers from both HTTP 1.0 and HTTP 1.1
clients. (markt)
Fix: Ensure that if the transfer encoding header contains the chunked,
that the chunked encoding is the final encoding listed. (markt)
Jasper
Code: Review code used to generate Java source from JSPs and tags and
remove code found to be unnecessary. (markt)
Code: Refactor use of internal ChildInfo class to use compile time
type checking rather than run time type checking. (markt)
Fix: 65358: Improve expression language method matching for methods
with varargs. Where multiple methods may match the provided parameters,
the method that requires the fewest varargs is preferred. (markt)
Add: 65332: Add a commented out section in catalina.policy that
provides the necessary permissions to compile JSPs with javac when running
on Java 9 onwards with a security manager. It is commented out as it will
cause errors if used with earlier Java versions. (markt)
WebSocket
Fix: 65317: When using permessage-deflate, the WebSocket connection
was incorrectly closed if the uncompressed payload size was an exact
multiple of 8192. Based on a patch provided by Saksham Verma. (markt)
Fix: 65342: Correct a regression introduced with the fix for 65262
that meant Tomcat's WebSocket implementation would only work with Tomcat's
implementation of the Java EE WebSocket API. (markt)
Web applications
Fix: Improve the description of the maxConnections and acceptCount
attributes in the Connector section of the documentation web application.
(markt)
Other
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
Fix: 65362: Correct a regression in the previous release. The change
to create OSGi Require-Capability sections in manifests for Jakarta API
JARs manually rather than with bnd annotations did not add the necessary
manual entries to the embedded JARs. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.30. Also update the minimum recommended version to 1.2.30. (markt)
2021-05-12 Tomcat 9.0.46 (markt)
Catalina
Fix: Allow APR connector creation using the listener with the flag and
the default HTTP/1.1 protocol. (rjung/remm)
Code: Expand coverage of unit tests for JNDIRealm using the UnboundID
LDAP SDK for Java. (markt)
Fix: 65224: Ensure the correct escaping of attribute values and search
filters in the JNDIRealm. (markt)
Fix: 65235: Add missing attributes to the MBean descriptor file for
the RemoteIpValve. (markt)
Fix: 65244: HandlesTypes should include classes that use the specified
annotation types on fields or methods. (remm)
Fix: 65251: Correct a regression introduced in 9.0.44 that meant that
the auto-deployment process may attempt a second, concurrent deployment of
a web application that is being deployed by the Manager resulting in one
of the deployments failing and errors being reported. (markt)
Fix: Improve the SSLValve so it is able to handle escaped client
certificate headers from Nginx. Based on a patch by Florent Guillaume.
(markt)
Coyote
Fix: Ensure that all HTTP requests that contain an invalid character
in the protocol component of the request line are rejected with a 400
response rather than some requests being rejected with a 505 response.
(markt)
Fix: When generating the error message for an HTTP request with an
invalid request line, ensure that all the available data is included in
the error message. (markt)
Fix: 65272: Restore the optional HTTP feature that allows LF to be
treated as a line terminator for the request line and/or HTTP headers
lines as well as the standard CRLF. This behaviour was previously removed
as a side-effect of the fix for CVE-2020-1935. (markt)
Jasper
Code: Review code used to generate Java source from JSPs and tags and
remove code found to be unnecessary. (markt)
Update: <servlet> entries in web.xml that include a <jsp-file> element
and a negative <load-no-startup> element that is not the default value of
-1 will no longer be loaded at start-up. This makes it possible to define
a <jsp-file> that will not be loaded at start-up. (markt)
Fix: Allow the JSP configuration option useInstanceManagerForTags to
be used with Tags that are implemented as inner classes. (markt)
WebSocket
Code: Refactor the way Tomcat passes path parameters to POJO end
points to simplify the code. (markt)
Fix: 65262: Refactor the creation of WebSocket end point, decoder and
encoder instances to be more IoC friendly. Instances are now created via
the InstanceManager where possible. (markt)
Web applications
Fix: 65235: Correct name of changeLocalName in the documentation for
the RemoteIpValve. (markt)
Fix: 65265: Avoid getting the boot classpath when it is not available
in the Manager diagnostics. (remm)
Other
Fix: Create OSGi Require-Capability sections in manifests for Jakarta
API JARs manually rather than via the
aQute.bnd.annotation.spi.ServiceConsumer annotation as this triggers TCK
failures for downstream consumers of the API JARs. (markt)
Update: Update the packaged version of the Tomcat Native Library to
1.2.28. (markt)
Update: Update the OWB module to Apache OpenWebBeans 2.0.22. (remm)
Update: Update the CXF module to Apache CXF 3.4.3. (remm)
Fix: Move SystemPropertySource to be a regular class to allow more
precise configuration if needed. The system property source will still
always be enabled. (remm)
Add: Improvements to Chinese translations. Provided by bytesgo. (mark)
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
2021-04-06 Tomcat 9.0.45 (markt)
Catalina
Fix: Avoid NPE when a JNDI reference cannot be resolved in favor of a
NamingException. (remm)
Fix: Avoid using reflection for setting properties on the webapp
classloader. Based on a patch submitted by Romain Manni-Bucau. (remm)
Coyote
Fix: Improve consistency of OpenSSL error stack handling in the TLS
engine, and log all errors found as debug. (remm)
Fix: Ensure that HTTP/2 streams are only recycled once as multiple
attempts to recycle an HTTP/2 stream may result in NullPointerExceptions.
(markt)
Code: Simplify the closing on an HTTP/2 stream when an error condition
is present. (markt)
Fix: 64771: Prevent concurrent calls to ServletInputStream.isReady()
corrupting the input buffer. (markt)
Fix: 65179: Ensure that the connection level flow control window from
the client to the server is updated when handling DATA frames received
for completed streams else the flow control window may become exhausted.
(markt)
Fix: 65203: Fix a regression introduced in 9.0.44 that meant that an
error during an asynchronous read broke all future asynchronous reads
associated with the same request instance. (markt)
Fix: Disable keep-alive when inconsistent content delimitation is
present in a request. (remm)
Jasper
Fix: Include the new org.apache.jasper.optimizations package in the
list of OSGi exported packages for the Jasper embedded JAR.
Patch provided by Sokratis Zappis. (markt)
Add: Add a new option for the trimSpaces configuration. extended will
attempt to remove leading and trailing whitespace from template text and
collapse sequences of whitespace and newlines within template text into a
single new line. Based on a pull request by kamnani. (markt)
Other
Add: Implement the first phase of reproducible builds. Sequential
builds on the same machine now produce identical output provided that
the Ant property ant.tstamp.now is set. The minimum required Ant
version is now 1.9.10. (markt)
Add: Improvements to Chinese translations. Provided by Ruan Wenjun.
(mark)
Add: Improvements to French translations. (remm)
Add: Improvements to Japanese translations. Provided by kfujino and
Shirayuking. (markt)
Add: Improvements to Korean translations. (woonsan)
Update: Update the packaged version of the Tomcat Native Library to
1.2.27. (markt)
2021-03-10 Tomcat 9.0.44 (markt)
Catalina
Fix: Revert an incorrect fix for a potential resource leak that broke
deployment via the Ant deploy task. (markt)
Fix: Improve error message for failed ConfigurationSource lookups in
the Catalina implementation. (remm)
Fix: 64938: Align the behaviour when null is passed to the
ServletResponse methods setCharacterEncoding(), setContentType() and
setLocale() with the recent clarification from the Jakarta Servlet
project of the expected behaviour in these cases. (markt)
Fix: 65135: Rename Context method isParallelAnnotationScanning to
getParallelAnnotationScanning for consistency and ease of use in JMX
descriptors. (remm)
Fix: Ensure that the AsyncListener.onError() event is triggered when a
I/O error occurs during non-blocking I/O. There were some cases
discovered where this was not happening. (markt)
Add: Make the non-blocking I/O error handling more robust by handling
the case where the application code swallows an IOException in
WriteListener.onWritePossible() and ReadListener.onDataAvailable().
(markt)
Fix: Correct syntax error in output of JsonErrorReportValve. Pull
request provided by Viraj Kanwade. (markt)
Code: Make the StandardContext.postWorkDirectory() protected rather
than private to help users wishing to customise the default work directory
behaviour. (markt)
Coyote
Fix: 65118: Fix a potential NullPointerException when pruning closed
HTTP/2 streams from the connection. (markt)
Fix: Avoid NullPointerException when a secure channel is closed before
the SSL engine was initialized. (remm)
Fix: Ensure that the ReadListener's onError() event is triggered if
the client closes the connection before sending the entire request body
and the server is ready the request body using non-blocking I/O. (markt)
Fix: 65137: Ensure that a response is not corrupted as well as
incomplete if the connection is closed before the response is fully
written due to a write timeout. (markt)
Fix: Related to bug 65131, make sure all errors from OpenSSL are fully
cleared, as there could be more than one error present after an operation
(confirmed in the OpenSSL API documentation). (remm)
Fix: Make handling of OpenSSL read errors more robust when plain text
data is reported to be available to read. (markt)
Fix: Correct handling of write errors during non-blocking I/O to
ensure that the associated AsyncContext was closed down correctly. (markt)
Web applications
Fix: 65136: Remove the restriction that prevented the Manager web
application deploying different web applications in parallel. This
required some refactoring, most notably to HostConfig.check() and how it
is used. (markt)
Other
Update: Update the OWB module to Apache OpenWebBeans 2.0.21. (remm)
Update: Update the CXF module to Apache CXF 3.4.2. (remm)
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
Add: Improvements to Brazilian Portuguese translations. Provided by
Thiago. (mark)
Add: Improvements to Russian translations. Provided by Azat. (mark)
Add: Improvements to Chinese translations. Provided by shawn. (mark)
Update: Update to bnd 5.3.0. (markt)
2021-02-02 Tomcat 9.0.43 (markt)
Catalina
Fix: 65106: Fix the ConfigFileLoader handling of file URIs when
running under a security manager on some JREs. (markt)
Coyote
Fix: Ensure that SNI provided host names are matched to SSL virtual
host configurations in a case insensitive manner. (markt)
Fix: 65111: Free direct memory buffers in the APR connector. (remm)
not released Tomcat 9.0.42 (markt)
Catalina
Fix: 60781: Escape elements in the access log that need to be escaped
for the access log to be parsed unambiguously. (fschumacher/markt)
Add: 64110: Add support for additional TLS related request attributes
that provide details of the protocols and ciphers requested by a client in
the initial TLS handshake. (markt)
Add: Let the RemoteCIDRValve inherit from RequestFilterValve and
support all of its features. Especially add support for connector specific
configuration using addConnectorPort. (rjung)
Add: Add peerAddress to coyote request, which contains the IP address
of the direct connection peer. If a reverse proxy sits in front of Tomcat
and the protocol used is AJP or HTTP in combination with the
RemoteIp(Valve|Filter), the peer address might differ from the
remoteAddress. The latter then contains the address of the client in front
of the reverse proxy, not the address of the proxy itself. Support for the
peer address has been added to the RemoteAddrValve and RemoteCIDRValve
with the new attribute usePeerAddress. This can be used to restrict access
to Tomcat based on the reverse proxy IP address, which is especially
useful to harden access to AJP connectors. The peer address can also be
logged in the access log using the new %{peer}a syntax. (rjung)
Fix: Avoid uncaught InaccessibleObjectException on Java 16 trying to
clear references threads. (remm)
Fix: 65033: Fix JNDI realm error handling when connecting to a failed
server when pooling was not enabled. (remm)
Fix: 65047: If the AccessLogValve is unable to open the access log
file, include information on the current user in the associated log
message (markt)
Coyote
Fix: Additional fix for 64830 to address an edge case that could
trigger request corruption with h2c connections. (markt)
Fix: 64974: Improve handling of pipelined HTTP requests in combination
with the Servlet non-blocking IO API. It was possible that some requests
could get dropped. (markt)
Add: Add support for using Unix domain sockets for NIO when running on
Java 16 or later. This uses NIO specific unixDomainSocketPath and
unixDomainSocketPathPermissions attributes. Based on a PR submitted by
Graham Leggett. (remm)
Fix: 65001: Fix error handling for exceptions thrown from calls to
ReadListener and WriteListener. (markt)
Fix: Avoid possible infinite loop in OpenSSLEngine.unwrap when the
destination buffers state is changed concurrently. (remm)
Jasper
Add: Add a new StringInterpreter interface that allows applications to
provide customised string attribute value to type conversion within JSPs.
This allows applications to provide a conversion implementation that is
optimised for the application. (markt)
Fix: 64965: JspContextWrapper.findAttribute should ignore expired
sessions rather than throw an IllegalStateException. (remm)
Update: Update to the Eclipse JDT compiler 4.18. (markt)
Web applications
Fix: 65007: Clarify that the commands shown in the TLS documentation
for importing a signed TLS certificate from a certificate authority are
typical examples that may need to be adjusted in some cases. (markt)
Tribes
Fix: Work around DNS caching for the DNS provider of the cloud
membership. (jfclere)
Other
Add: Improvements to Chinese translations. Provided by leeyazhou and
Yi Shen. (markt)
Add: Improvements to French translations. (remm)
Add: Improvements to Korean translations. (woonsan)
Update: Update the packaged version of the Tomcat Native Library to
1.2.26. (markt)
Add: Update the internal fork of Apache Commons Pool to 2.9.1-SNAPSHOT
(2021-01-15). (markt)
Add: Update the internal fork of Apache Commons DBCP to 2.9.0-SNAPSHOT
(2021-01-15). (markt)
Update: Migrate to new code signing service. (markt)
Code: Use java.nio.file.Path to test for one directory being a
sub-directory of another in a consistent way. (markt)
Update: Update to Commons Daemon 1.2.4. (markt)
Add: Improvements to Brazilian Portuguese translations. Provided by
Rual Zaninetti Rosa and Lucas. (markt)
Add: Improvements to Russian translations. Provided by Polina and
Azat. (markt)
Update: Update the NSIS Installer used to build the Windows installer
to version 3.06.1. (kkolinko)
MAIN commitmail json YAML
pkgsrc/mail/libspf2/Makefile@1.15
/
diff
pkgsrc/mail/libspf2/distinfo@1.14 / diff
pkgsrc/mail/libspf2/patches/patch-src_include_spf__log.h@1.2 / diff
pkgsrc/mail/libspf2/distinfo@1.14 / diff
pkgsrc/mail/libspf2/patches/patch-src_include_spf__log.h@1.2 / diff
libspf2-1.2.11 from
https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
fixes CVE-2021-33912, CVE-2021-33913 and CVE-2021-33914
https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
fixes CVE-2021-33912, CVE-2021-33913 and CVE-2021-33914
pkgsrc-2021Q3 commitmail json YAML
Pullup ticket #6548 - requested by mlelstv
devel/nss: security-update
Revisions pulled up:
- devel/nss/Makefile 1.215-1.217
- devel/nss/distinfo 1.139,1.142-1.143
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Sep 30 21:39:55 UTC 2021
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: update to 3.71.
Changes:
- Bug 1717716 - Set nssckbi version number to 2.52.
- Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
- Bug 1717707 - Add HARICA Client ECC Root CA 2021.
- Bug 1717707 - Add HARICA Client RSA Root CA 2021.
- Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
- Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
- Bug 1728394 - Add TunTrust Root CA certificate to NSS.
To generate a diff of this commit:
cvs rdiff -u -r1.214 -r1.215 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.138 -r1.139 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Oct 28 10:03:13 UTC 2021
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: update to 3.72.
Changes:
- Documentation: release notes for NSS 3.72
- Documentation: release notes for NSS 3.71
- Remove newline at the end of coreconf.dep
- Bug 1731911 - Fix nsinstall parallel failure.
- Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.
To generate a diff of this commit:
cvs rdiff -u -r1.215 -r1.216 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.141 -r1.142 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Dec 1 17:04:11 UTC 2021
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: update to 3.73.
This contains the fix for CVE-2021-43527.
To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.142 -r1.143 pkgsrc/devel/nss/distinfo
devel/nss: security-update
Revisions pulled up:
- devel/nss/Makefile 1.215-1.217
- devel/nss/distinfo 1.139,1.142-1.143
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Sep 30 21:39:55 UTC 2021
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: update to 3.71.
Changes:
- Bug 1717716 - Set nssckbi version number to 2.52.
- Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
- Bug 1717707 - Add HARICA Client ECC Root CA 2021.
- Bug 1717707 - Add HARICA Client RSA Root CA 2021.
- Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
- Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
- Bug 1728394 - Add TunTrust Root CA certificate to NSS.
To generate a diff of this commit:
cvs rdiff -u -r1.214 -r1.215 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.138 -r1.139 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Oct 28 10:03:13 UTC 2021
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: update to 3.72.
Changes:
- Documentation: release notes for NSS 3.72
- Documentation: release notes for NSS 3.71
- Remove newline at the end of coreconf.dep
- Bug 1731911 - Fix nsinstall parallel failure.
- Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.
To generate a diff of this commit:
cvs rdiff -u -r1.215 -r1.216 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.141 -r1.142 pkgsrc/devel/nss/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Dec 1 17:04:11 UTC 2021
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
nss: update to 3.73.
This contains the fix for CVE-2021-43527.
To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 pkgsrc/devel/nss/Makefile
cvs rdiff -u -r1.142 -r1.143 pkgsrc/devel/nss/distinfo
pkgsrc-2021Q3 commitmail json YAML
pkgsrc/chat/matrix-synapse/Makefile@1.33.2.1
/
diff
pkgsrc/chat/matrix-synapse/PLIST@1.17.2.1 / diff
pkgsrc/chat/matrix-synapse/distinfo@1.23.2.1 / diff
pkgsrc/chat/matrix-synapse/PLIST@1.17.2.1 / diff
pkgsrc/chat/matrix-synapse/distinfo@1.23.2.1 / diff
Pullup ticket #6538 - requested by gdt
chat/matrix-synapse: security update
Revisions pulled up:
- chat/matrix-synapse/Makefile 1.34-1.36
- chat/matrix-synapse/PLIST 1.18-1.19
- chat/matrix-synapse/distinfo 1.24,1.27-1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: js
Date: Sat Oct 2 12:23:13 UTC 2021
Modified Files:
pkgsrc/chat/matrix-synapse: Makefile PLIST distinfo
Log Message:
Update chat/matrix-synapse to 1.43.0
Synapse 1.43.0 (2021-09-21)
=============
This release drops support for the deprecated, unstable API for [MSC2858 (Multiple SSO Identity
Providers)](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2858-Multiple-SSO-Identity-Providers.md#unstable-prefix), as well as the undocumented `experimental.msc2858_enabled` config
option. Client authors should update their clients to use the stable API, available since Synapse 1.30.
The documentation has been updated with configuration for routing `/spaces`, `/hierarchy` and `/summary` to workers. See [the upgrade
notes](https://github.com/matrix-org/synapse/blob/release-v1.43/docs/upgrade.md#upgrading-to-v1430) for more details.
No significant changes since 1.43.0rc2.
Synapse 1.43.0rc2 (2021-09-17)
===============
Bugfixes
--------
- Added opentracing logging to help debug [\#9424](https://github.com/matrix-org/synapse/issues/9424). ([\#10828](https://github.com/matrix-org/synapse/issues/10828))
Synapse 1.43.0rc1 (2021-09-14)
===============
Features
--------
- Allow room creators to send historical events specified by [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) in existing room versions.
([\#10566](https://github.com/matrix-org/synapse/issues/10566))
- Add config option to use non-default manhole password and keys. ([\#10643](https://github.com/matrix-org/synapse/issues/10643))
- Skip final GC at shutdown to improve restart performance. ([\#10712](https://github.com/matrix-org/synapse/issues/10712))
- Allow configuration of the oEmbed URLs used for URL previews. ([\#10714](https://github.com/matrix-org/synapse/issues/10714), [\#10759](https://github.com/matrix-org/synapse/issues/10759))
- Prefer [room version 9](https://github.com/matrix-org/matrix-doc/pull/3375) for restricted rooms per the [room version capabilities](https://github.com/matrix-org/matrix-doc/pull/3244) API.
([\#10772](https://github.com/matrix-org/synapse/issues/10772))
Bugfixes
--------
- Fix a long-standing bug where room avatars were not included in email notifications. ([\#10658](https://github.com/matrix-org/synapse/issues/10658))
- Fix a bug where the ordering algorithm was skipping the `origin_server_ts` step in the spaces summary resulting in unstable room orderings.
([\#10730](https://github.com/matrix-org/synapse/issues/10730))
- Fix edge case when persisting events into a room where there are multiple events we previously hadn't calculated auth chains for (and hadn't marked as needing to be calculated).
([\#10743](https://github.com/matrix-org/synapse/issues/10743))
- Fix a bug which prevented calls to `/createRoom` that included the `room_alias_name` parameter from being handled by worker processes. ([\#10757](https://github.com/matrix-org/synapse/issues/10757))
- Fix a bug which prevented user registration via SSO to require consent tracking for SSO mapping providers that don't prompt for Matrix ID selection. Contributed by @AndrewFerr.
([\#10733](https://github.com/matrix-org/synapse/issues/10733))
- Only return the stripped state events for the `m.space.child` events in a room for the spaces summary from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946).
([\#10760](https://github.com/matrix-org/synapse/issues/10760))
- Properly handle room upgrades of spaces. ([\#10774](https://github.com/matrix-org/synapse/issues/10774))
- Fix a bug which generated invalid homeserver config when the `frontend_proxy` worker type was passed to the Synapse Worker-based Complement image.
([\#10783](https://github.com/matrix-org/synapse/issues/10783))
Improved Documentation
----------------------
- Minor fix to the `media_repository` developer documentation. Contributed by @cuttingedge1109. ([\#10556](https://github.com/matrix-org/synapse/issues/10556))
- Update the documentation to note that the `/spaces` and `/hierarchy` endpoints can be routed to workers. ([\#10648](https://github.com/matrix-org/synapse/issues/10648))
- Clarify admin API documentation on undoing room deletions. ([\#10735](https://github.com/matrix-org/synapse/issues/10735))
- Split up the modules documentation and add examples for module developers. ([\#10758](https://github.com/matrix-org/synapse/issues/10758))
- Correct 2 typographical errors in the [Log Contexts documentation](https://matrix-org.github.io/synapse/latest/log_contexts.html). ([\#10795](https://github.com/matrix-org/synapse/issues/10795))
- Fix a wording mistake in the sample configuration. Contributed by @bramvdnheuvel:nltrix.net. ([\#10804](https://github.com/matrix-org/synapse/issues/10804))
Deprecations and Removals
-------------------------
- Remove the [unstable MSC2858 API](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2858-Multiple-SSO-Identity-Providers.md#unstable-prefix), including the undocumented
`experimental.msc2858_enabled` config option. The unstable API has been deprecated since Synapse 1.35. Client authors should update their clients to use the stable API introduced in Synapse 1.30 if
they have not already done so. ([\#10693](https://github.com/matrix-org/synapse/issues/10693))
Internal Changes
----------------
- Add OpenTracing logging to help debug stuck messages (as described by issue [#9424](https://github.com/matrix-org/synapse/issues/9424)).
([\#10704](https://github.com/matrix-org/synapse/issues/10704))
- Add type annotations to the `synapse.util` package. ([\#10601](https://github.com/matrix-org/synapse/issues/10601))
- Ensure `rooms.creator` field is always populated for easy lookup in [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) usage later.
([\#10697](https://github.com/matrix-org/synapse/issues/10697))
- Add missing type hints to REST servlets. ([\#10707](https://github.com/matrix-org/synapse/issues/10707), [\#10728](https://github.com/matrix-org/synapse/issues/10728),
[\#10736](https://github.com/matrix-org/synapse/issues/10736))
- Do not include rooms with unknown room versions in the spaces summary results. ([\#10727](https://github.com/matrix-org/synapse/issues/10727))
- Additional error checking for the `preset` field when creating a room. ([\#10738](https://github.com/matrix-org/synapse/issues/10738))
- Clean up some of the federation event authentication code for clarity. ([\#10744](https://github.com/matrix-org/synapse/issues/10744), [\#10745](https://github.com/matrix-org/synapse/issues/10745),
[\#10746](https://github.com/matrix-org/synapse/issues/10746), [\#10771](https://github.com/matrix-org/synapse/issues/10771), [\#10773](https://github.com/matrix-org/synapse/issues/10773),
[\#10781](https://github.com/matrix-org/synapse/issues/10781))
- Add an index to `presence_stream` to hopefully speed up startups a little. ([\#10748](https://github.com/matrix-org/synapse/issues/10748))
- Refactor event size checking code to simplify searching the codebase for the origins of certain error strings that are occasionally emitted.
([\#10750](https://github.com/matrix-org/synapse/issues/10750))
- Move tests relating to rooms having encryption out of the user directory tests. ([\#10752](https://github.com/matrix-org/synapse/issues/10752))
- Use `attrs` internally for the URL preview code & update documentation. ([\#10753](https://github.com/matrix-org/synapse/issues/10753))
- Minor speed ups when joining large rooms over federation. ([\#10754](https://github.com/matrix-org/synapse/issues/10754), [\#10755](https://github.com/matrix-org/synapse/issues/10755),
[\#10756](https://github.com/matrix-org/synapse/issues/10756), [\#10780](https://github.com/matrix-org/synapse/issues/10780), [\#10784](https://github.com/matrix-org/synapse/issues/10784))
- Add a constant for `m.federate`. ([\#10775](https://github.com/matrix-org/synapse/issues/10775))
- Add a script to update the Debian changelog in a Docker container for systems that are not Debian-based. ([\#10778](https://github.com/matrix-org/synapse/issues/10778))
- Change the format of authenticated users in logs when a user is being puppeted by and admin user. ([\#10779](https://github.com/matrix-org/synapse/issues/10779))
- Remove fixed and flakey tests from the Sytest blacklist. ([\#10788](https://github.com/matrix-org/synapse/issues/10788))
- Improve internal details of the user directory code. ([\#10789](https://github.com/matrix-org/synapse/issues/10789))
- Use direct references to config flags. ([\#10798](https://github.com/matrix-org/synapse/issues/10798))
- Ensure the Rust reporter passes type checking with jaeger-client 4.7's type annotations. ([\#10799](https://github.com/matrix-org/synapse/issues/10799))
Synapse 1.42.0 (2021-09-07)
=============
This version of Synapse removes deprecated room-management admin APIs, removes out-of-date email pushers, and improves error handling for fallback templates for user-interactive authentication. For
more information on these points, server administrators are encouraged to read [the upgrade notes](docs/upgrade.md#upgrading-to-v1420).
No significant changes since 1.42.0rc2.
Synapse 1.42.0rc2 (2021-09-06)
===============
Features
--------
- Support room version 9 from [MSC3375](https://github.com/matrix-org/matrix-doc/pull/3375). ([\#10747](https://github.com/matrix-org/synapse/issues/10747))
Internal Changes
----------------
- Print a warning when using one of the deprecated `template_dir` settings. ([\#10768](https://github.com/matrix-org/synapse/issues/10768))
Synapse 1.42.0rc1 (2021-09-01)
===============
Features
--------
- Add support for [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231): Token authenticated registration. Users can be required to submit a token during registration to authenticate
themselves. Contributed by Callum Brown. ([\#10142](https://github.com/matrix-org/synapse/issues/10142))
- Add support for [MSC3283](https://github.com/matrix-org/matrix-doc/pull/3283): Expose `enable_set_displayname` in capabilities. ([\#10452](https://github.com/matrix-org/synapse/issues/10452))
- Port the `PresenceRouter` module interface to the new generic interface. ([\#10524](https://github.com/matrix-org/synapse/issues/10524))
- Add pagination to the spaces summary based on updates to [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946). ([\#10613](https://github.com/matrix-org/synapse/issues/10613),
[\#10725](https://github.com/matrix-org/synapse/issues/10725))
Bugfixes
--------
- Validate new `m.room.power_levels` events. Contributed by @aaronraimist. ([\#10232](https://github.com/matrix-org/synapse/issues/10232))
- Display an error on User-Interactive Authentication fallback pages when authentication fails. Contributed by Callum Brown. ([\#10561](https://github.com/matrix-org/synapse/issues/10561))
- Remove pushers when deleting an e-mail address from an account. Pushers for old unlinked emails will also be deleted. ([\#10581](https://github.com/matrix-org/synapse/issues/10581),
[\#10734](https://github.com/matrix-org/synapse/issues/10734))
- Reject Client-Server `/keys/query` requests which provide `device_ids` incorrectly. ([\#10593](https://github.com/matrix-org/synapse/issues/10593))
- Rooms with unsupported room versions are no longer returned via `/sync`. ([\#10644](https://github.com/matrix-org/synapse/issues/10644))
- Enforce the maximum length for per-room display names and avatar URLs. ([\#10654](https://github.com/matrix-org/synapse/issues/10654))
- Fix a bug which caused the `synapse_user_logins_total` Prometheus metric not to be correctly initialised on restart. ([\#10677](https://github.com/matrix-org/synapse/issues/10677))
- Improve `ServerNoticeServlet` to avoid duplicate requests and add unit tests. ([\#10679](https://github.com/matrix-org/synapse/issues/10679))
- Fix long-standing issue which caused an error when a thumbnail is requested and there are multiple thumbnails with the same quality rating.
([\#10684](https://github.com/matrix-org/synapse/issues/10684))
- Fix a regression introduced in v1.41.0 which affected the performance of concurrent fetches of large sets of events, in extreme cases causing the process to hang.
([\#10703](https://github.com/matrix-org/synapse/issues/10703))
- Fix a regression introduced in Synapse 1.41 which broke email transmission on Systems using older versions of the Twisted library. ([\#10713](https://github.com/matrix-org/synapse/issues/10713))
Improved Documentation
----------------------
- Add documentation on how to connect Django with Synapse using OpenID Connect and django-oauth-toolkit. Contributed by @HugoDelval. ([\#10192](https://github.com/matrix-org/synapse/issues/10192))
- Advertise https://matrix-org.github.io/synapse documentation in the `README` and `CONTRIBUTING` files. ([\#10595](https://github.com/matrix-org/synapse/issues/10595))
- Fix some of the titles not rendering in the OpenID Connect documentation. ([\#10639](https://github.com/matrix-org/synapse/issues/10639))
- Minor clarifications to the documentation for reverse proxies. ([\#10708](https://github.com/matrix-org/synapse/issues/10708))
- Remove table of contents from the top of installation and contributing documentation pages. ([\#10711](https://github.com/matrix-org/synapse/issues/10711))
Deprecations and Removals
-------------------------
- Remove deprecated Shutdown Room and Purge Room Admin API. ([\#8830](https://github.com/matrix-org/synapse/issues/8830))
Internal Changes
----------------
- Improve type hints for the proxy agent and SRV resolver modules. Contributed by @dklimpel. ([\#10608](https://github.com/matrix-org/synapse/issues/10608))
- Clean up some of the federation event authentication code for clarity. ([\#10614](https://github.com/matrix-org/synapse/issues/10614), [\#10615](https://github.com/matrix-org/synapse/issues/10615),
[\#10624](https://github.com/matrix-org/synapse/issues/10624), [\#10640](https://github.com/matrix-org/synapse/issues/10640))
- Add a comment asking developers to leave a reason when bumping the database schema version. ([\#10621](https://github.com/matrix-org/synapse/issues/10621))
- Remove not needed database updates in modify user admin API. ([\#10627](https://github.com/matrix-org/synapse/issues/10627))
- Convert room member storage tuples to `attrs` classes. ([\#10629](https://github.com/matrix-org/synapse/issues/10629), [\#10642](https://github.com/matrix-org/synapse/issues/10642))
- Use auto-attribs for the attrs classes used in sync. ([\#10630](https://github.com/matrix-org/synapse/issues/10630))
- Make `backfill` and `get_missing_events` use the same codepath. ([\#10645](https://github.com/matrix-org/synapse/issues/10645))
- Improve the performance of the `/hierarchy` API (from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)) by caching responses received over federation.
([\#10647](https://github.com/matrix-org/synapse/issues/10647))
- Run a nightly CI build against Twisted trunk. ([\#10651](https://github.com/matrix-org/synapse/issues/10651), [\#10672](https://github.com/matrix-org/synapse/issues/10672))
- Do not print out stack traces for network errors when fetching data over federation. ([\#10662](https://github.com/matrix-org/synapse/issues/10662))
- Simplify tests for device admin rest API. ([\#10664](https://github.com/matrix-org/synapse/issues/10664))
- Add missing type hints to REST servlets. ([\#10665](https://github.com/matrix-org/synapse/issues/10665), [\#10666](https://github.com/matrix-org/synapse/issues/10666),
[\#10674](https://github.com/matrix-org/synapse/issues/10674))
- Flatten the `tests.synapse.rests` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\#10667](https://github.com/matrix-org/synapse/issues/10667))
- Update `complement.sh` to rebuild the base Docker image when run with workers. ([\#10686](https://github.com/matrix-org/synapse/issues/10686))
- Split the event-processing methods in `FederationHandler` into a separate `FederationEventHandler`. ([\#10692](https://github.com/matrix-org/synapse/issues/10692))
- Remove unused `compare_digest` function. ([\#10706](https://github.com/matrix-org/synapse/issues/10706))
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/chat/matrix-synapse/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/chat/matrix-synapse/PLIST
cvs rdiff -u -r1.23 -r1.24 pkgsrc/chat/matrix-synapse/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: js
Date: Fri Nov 19 14:06:08 UTC 2021
Modified Files:
pkgsrc/chat/matrix-synapse: Makefile PLIST distinfo
Log Message:
Update chat/matrix-synapse to 1.47.0
Synapse 1.47.0 (2021-11-17)
=============
No significant changes since 1.47.0rc3.
Synapse 1.47.0rc3 (2021-11-16)
===============
Bugfixes
--------
- Fix a bug introduced in 1.47.0rc1 which caused worker processes to not halt startup in the presence of outstanding database migrations.
([\#11346](https://github.com/matrix-org/synapse/issues/11346))
- Fix a bug introduced in 1.47.0rc1 which prevented the 'remove deleted devices from `device_inbox` column' background process from running when updating from a recent Synapse version.
([\#11303](https://github.com/matrix-org/synapse/issues/11303), [\#11353](https://github.com/matrix-org/synapse/issues/11353))
Synapse 1.47.0rc2 (2021-11-10)
===============
This fixes an issue with publishing the Debian packages for 1.47.0rc1.
It is otherwise identical to 1.47.0rc1.
Synapse 1.47.0rc1 (2021-11-09)
===============
Deprecations and Removals
-------------------------
- The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more
information. ([\#11206](https://github.com/matrix-org/synapse/issues/11206))
- Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). ([\#11213](https://github.com/matrix-org/synapse/issues/11213))
Features
--------
- Advertise support for Client-Server API r0.6.1. ([\#11097](https://github.com/matrix-org/synapse/issues/11097))
- Add search by room ID and room alias to the List Room admin API. ([\#11099](https://github.com/matrix-org/synapse/issues/11099))
- Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room. ([\#11126](https://github.com/matrix-org/synapse/issues/11126))
- Add a module API method to update a user's membership in a room. ([\#11147](https://github.com/matrix-org/synapse/issues/11147))
- Add metrics for thread pool usage. ([\#11178](https://github.com/matrix-org/synapse/issues/11178))
- Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288). ([\#11187](https://github.com/matrix-org/synapse/issues/11187))
- Add a module API method to retrieve the current state of a room. ([\#11204](https://github.com/matrix-org/synapse/issues/11204))
- Calculate a default value for `public_baseurl` based on `server_name`. ([\#11210](https://github.com/matrix-org/synapse/issues/11210))
- Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443. ([\#11211](https://github.com/matrix-org/synapse/issues/11211))
- Add admin APIs to pause, start and check the status of background updates. ([\#11263](https://github.com/matrix-org/synapse/issues/11263))
Bugfixes
--------
- Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat. ([\#10097](https://github.com/matrix-org/synapse/issues/10097))
- Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
([\#10969](https://github.com/matrix-org/synapse/issues/10969), [\#11212](https://github.com/matrix-org/synapse/issues/11212))
- Do not accept events if a third-party rule `check_event_allowed` callback raises an exception. ([\#11033](https://github.com/matrix-org/synapse/issues/11033))
- Fix long-standing bug where verification requests could fail in certain cases if a federation whitelist was in place but did not include your own homeserver.
([\#11129](https://github.com/matrix-org/synapse/issues/11129))
- Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical
messages is already part of the current room state at the given `?prev_event_id`. ([\#11188](https://github.com/matrix-org/synapse/issues/11188))
- Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p.
([\#11191](https://github.com/matrix-org/synapse/issues/11191))
- Delete `to_device` messages for hidden devices that will never be read, reducing database size. ([\#11199](https://github.com/matrix-org/synapse/issues/11199))
- Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error. ([\#11200](https://github.com/matrix-org/synapse/issues/11200))
- Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at
Beeper. ([\#11207](https://github.com/matrix-org/synapse/issues/11207))
- Fix a bug introduced in Synapse 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats. ([\#11217](https://github.com/matrix-org/synapse/issues/11217))
- Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried.
([\#11234](https://github.com/matrix-org/synapse/issues/11234))
- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection.
([\#11240](https://github.com/matrix-org/synapse/issues/11240))
- Fix a bug preventing Synapse from being rolled back to an earlier version when using workers. ([\#11255](https://github.com/matrix-org/synapse/issues/11255),
[\#11276](https://github.com/matrix-org/synapse/issues/11276))
- Fix a bug introduced in Synapse 1.37.1 which caused a remote event being processed by a worker to not get processed on restart if the worker was killed.
([\#11262](https://github.com/matrix-org/synapse/issues/11262))
- Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu.
([\#11157](https://github.com/matrix-org/synapse/issues/11157))
Updates to the Docker image
---------------------------
- Avoid changing user ID when started as a non-root user, and no explicit `UID` is set. ([\#11209](https://github.com/matrix-org/synapse/issues/11209))
Improved Documentation
----------------------
- Improve example HAProxy config in the docs to properly handle HTTP `Host` headers with port information. This is required for federation over port 443 to work correctly.
([\#11128](https://github.com/matrix-org/synapse/issues/11128))
- Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. ([\#11151](https://github.com/matrix-org/synapse/issues/11151))
- Clarify lack of support for Windows. ([\#11198](https://github.com/matrix-org/synapse/issues/11198))
- Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper. ([\#11221](https://github.com/matrix-org/synapse/issues/11221))
- Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr. ([\#11257](https://github.com/matrix-org/synapse/issues/11257))
Internal Changes
----------------
- Add type annotations for the `log_function` decorator. ([\#10943](https://github.com/matrix-org/synapse/issues/10943))
- Add type hints to `synapse.events`. ([\#11098](https://github.com/matrix-org/synapse/issues/11098))
- Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code. ([\#11137](https://github.com/matrix-org/synapse/issues/11137))
- Add type hints so that `synapse.http` passes `mypy` checks. ([\#11164](https://github.com/matrix-org/synapse/issues/11164))
- Update scripts to pass Shellcheck lints. ([\#11166](https://github.com/matrix-org/synapse/issues/11166))
- Add knock information in admin export. Contributed by Rafael Gonçalves. ([\#11171](https://github.com/matrix-org/synapse/issues/11171))
- Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly.
([\#11179](https://github.com/matrix-org/synapse/issues/11179))
- Refactor `Filter` to check different fields depending on the data type. ([\#11194](https://github.com/matrix-org/synapse/issues/11194))
- Improve type hints for the relations datastore. ([\#11205](https://github.com/matrix-org/synapse/issues/11205))
- Replace outdated links in the pull request checklist with links to the rendered documentation. ([\#11225](https://github.com/matrix-org/synapse/issues/11225))
- Fix a bug in unit test `test_block_room_and_not_purge`. ([\#11226](https://github.com/matrix-org/synapse/issues/11226))
- In `ObservableDeferred`, run observers in the order they were registered. ([\#11229](https://github.com/matrix-org/synapse/issues/11229))
- Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`. ([\#11231](https://github.com/matrix-org/synapse/issues/11231))
- Add `twine` and `towncrier` as dev dependencies, as they're used by the release script. ([\#11233](https://github.com/matrix-org/synapse/issues/11233))
- Allow `stream_writers.typing` config to be a list of one worker. ([\#11237](https://github.com/matrix-org/synapse/issues/11237))
- Remove debugging statement in tests. ([\#11239](https://github.com/matrix-org/synapse/issues/11239))
- Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers.
([\#11244](https://github.com/matrix-org/synapse/issues/11244))
- Add an additional test for the `cachedList` method decorator. ([\#11246](https://github.com/matrix-org/synapse/issues/11246))
- Make minor correction to the type of `auth_checkers` callbacks. ([\#11253](https://github.com/matrix-org/synapse/issues/11253))
- Clean up trivial aspects of the Debian package build tooling. ([\#11269](https://github.com/matrix-org/synapse/issues/11269), [\#11273](https://github.com/matrix-org/synapse/issues/11273))
- Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse. ([\#11270](https://github.com/matrix-org/synapse/issues/11270))
Synapse 1.46.0 (2021-11-02)
=============
The cause of the [performance regression affecting Synapse 1.44](https://github.com/matrix-org/synapse/issues/11049) has been identified and fixed.
([\#11177](https://github.com/matrix-org/synapse/issues/11177))
Bugfixes
--------
- Fix a bug introduced in v1.46.0rc1 where URL previews of some XML documents would fail. ([\#11196](https://github.com/matrix-org/synapse/issues/11196))
Synapse 1.46.0rc1 (2021-10-27)
===============
Features
--------
- Add support for Ubuntu 21.10 "Impish Indri". ([\#11024](https://github.com/matrix-org/synapse/issues/11024))
- Port the Password Auth Providers module interface to the new generic interface. ([\#10548](https://github.com/matrix-org/synapse/issues/10548),
[\#11180](https://github.com/matrix-org/synapse/issues/11180))
- Experimental support for the thread relation defined in [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440). ([\#11088](https://github.com/matrix-org/synapse/issues/11088),
[\#11181](https://github.com/matrix-org/synapse/issues/11181), [\#11192](https://github.com/matrix-org/synapse/issues/11192))
- Users admin API can now also modify user type in addition to allowing it to be set on user creation. ([\#11174](https://github.com/matrix-org/synapse/issues/11174))
Bugfixes
--------
- Newly-created public rooms are now only assigned an alias if the room's creation has not been blocked by permission settings. Contributed by @AndrewFerr.
([\#10930](https://github.com/matrix-org/synapse/issues/10930))
- Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. ([\#11001](https://github.com/matrix-org/synapse/issues/11001),
[\#11009](https://github.com/matrix-org/synapse/issues/11009), [\#11012](https://github.com/matrix-org/synapse/issues/11012))
- Fix 500 error on `/messages` when the server accumulates more than 5 backwards extremities at a given depth for a room. ([\#11027](https://github.com/matrix-org/synapse/issues/11027))
- Fix a bug where setting a user's `external_id` via the admin API returns 500 and deletes user's existing external mappings if that external ID is already mapped.
([\#11051](https://github.com/matrix-org/synapse/issues/11051))
- Fix a long-standing bug where users excluded from the user directory were added into the directory if they belonged to a room which became public or private.
([\#11075](https://github.com/matrix-org/synapse/issues/11075))
- Fix a long-standing bug when attempting to preview URLs which are in the `windows-1252` character encoding. ([\#11077](https://github.com/matrix-org/synapse/issues/11077),
[\#11089](https://github.com/matrix-org/synapse/issues/11089))
- Fix broken export-data admin command and add test script checking the command to CI. ([\#11078](https://github.com/matrix-org/synapse/issues/11078))
- Show an error when timestamp in seconds is provided to the `/purge_media_cache` Admin API. ([\#11101](https://github.com/matrix-org/synapse/issues/11101))
- Fix local users who left all their rooms being removed from the user directory, even if the `search_all_users` config option was enabled.
([\#11103](https://github.com/matrix-org/synapse/issues/11103))
- Fix a bug which caused the module API's `get_user_ip_and_agents` function to always fail on workers. `get_user_ip_and_agents` was introduced in 1.44.0 and did not function correctly on worker
processes at the time. ([\#11112](https://github.com/matrix-org/synapse/issues/11112))
- Identity server connection is no longer ignoring `ip_range_whitelist`. ([\#11120](https://github.com/matrix-org/synapse/issues/11120))
- Fix a bug introduced in Synapse 1.45.0 breaking the configuration file parsing script. ([\#11145](https://github.com/matrix-org/synapse/issues/11145))
- Fix a performance regression introduced in 1.44.0 which could cause client requests to time out when making large numbers of outbound requests.
([\#11177](https://github.com/matrix-org/synapse/issues/11177), [\#11190](https://github.com/matrix-org/synapse/issues/11190))
- Resolve and share `state_groups` for all [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical events in batch. ([\#10975](https://github.com/matrix-org/synapse/issues/10975))
Improved Documentation
----------------------
- Fix broken links relating to module API deprecation in the upgrade notes. ([\#11069](https://github.com/matrix-org/synapse/issues/11069))
- Add more information about what happens when a user is deactivated. ([\#11083](https://github.com/matrix-org/synapse/issues/11083))
- Clarify the the sample log config can be copied from the documentation without issue. ([\#11092](https://github.com/matrix-org/synapse/issues/11092))
- Update the admin API documentation with an updated list of the characters allowed in registration tokens. ([\#11093](https://github.com/matrix-org/synapse/issues/11093))
- Document Synapse's behaviour when dealing with multiple modules registering the same callbacks and/or handlers for the same HTTP endpoints.
([\#11096](https://github.com/matrix-org/synapse/issues/11096))
- Fix instances of `[example]{.title-ref}` in the upgrade documentation as a result of prior RST to Markdown conversion. ([\#11118](https://github.com/matrix-org/synapse/issues/11118))
- Document the version of Synapse each module callback was introduced in. ([\#11132](https://github.com/matrix-org/synapse/issues/11132))
- Document the version of Synapse that introduced each module API method. ([\#11183](https://github.com/matrix-org/synapse/issues/11183))
Internal Changes
----------------
- Fix spurious warnings about losing the logging context on the `ReplicationCommandHandler` when losing the replication connection. ([\#10984](https://github.com/matrix-org/synapse/issues/10984))
- Include rejected status when we log events. ([\#11008](https://github.com/matrix-org/synapse/issues/11008))
- Add some extra logging to the event persistence code. ([\#11014](https://github.com/matrix-org/synapse/issues/11014))
- Rearrange the internal workings of the incremental user directory updates. ([\#11035](https://github.com/matrix-org/synapse/issues/11035))
- Fix a long-standing bug where users excluded from the directory could still be added to the `users_who_share_private_rooms` table after a regular user joins a private room.
([\#11143](https://github.com/matrix-org/synapse/issues/11143))
- Add and improve type hints. ([\#10972](https://github.com/matrix-org/synapse/issues/10972), [\#11055](https://github.com/matrix-org/synapse/issues/11055),
[\#11066](https://github.com/matrix-org/synapse/issues/11066), [\#11076](https://github.com/matrix-org/synapse/issues/11076), [\#11095](https://github.com/matrix-org/synapse/issues/11095),
[\#11109](https://github.com/matrix-org/synapse/issues/11109), [\#11121](https://github.com/matrix-org/synapse/issues/11121), [\#11146](https://github.com/matrix-org/synapse/issues/11146))
- Mark the Synapse package as containing type annotations and fix export declarations so that Synapse pluggable modules may be type checked against Synapse.
([\#11054](https://github.com/matrix-org/synapse/issues/11054))
- Remove dead code from `MediaFilePaths`. ([\#11056](https://github.com/matrix-org/synapse/issues/11056))
- Be more lenient when parsing oEmbed response versions. ([\#11065](https://github.com/matrix-org/synapse/issues/11065))
- Create a separate module for the retention configuration. ([\#11070](https://github.com/matrix-org/synapse/issues/11070))
- Clean up some of the federation event authentication code for clarity. ([\#11115](https://github.com/matrix-org/synapse/issues/11115), [\#11116](https://github.com/matrix-org/synapse/issues/11116),
[\#11122](https://github.com/matrix-org/synapse/issues/11122))
- Add docstrings and comments to the application service ephemeral event sending code. ([\#11138](https://github.com/matrix-org/synapse/issues/11138))
- Update the `sign_json` script to support inline configuration of the signing key. ([\#11139](https://github.com/matrix-org/synapse/issues/11139))
- Fix broken link in the docker image README. ([\#11144](https://github.com/matrix-org/synapse/issues/11144))
- Always dump logs from unit tests during CI runs. ([\#11068](https://github.com/matrix-org/synapse/issues/11068))
- Add tests for `MediaFilePaths` class. ([\#11057](https://github.com/matrix-org/synapse/issues/11057))
- Simplify the user admin API tests. ([\#11048](https://github.com/matrix-org/synapse/issues/11048))
- Add a test for the workaround introduced in [\#11042](https://github.com/matrix-org/synapse/pull/11042) concerning the behaviour of third-party rule modules and `SynapseError`s.
([\#11071](https://github.com/matrix-org/synapse/issues/11071))
Synapse 1.45.1 (2021-10-20)
=============
Bugfixes
--------
- Revert change to counting of deactivated users towards the monthly active users limit, introduced in 1.45.0rc1. ([\#11127](https://github.com/matrix-org/synapse/issues/11127))
Synapse 1.45.0 (2021-10-19)
=============
No functional changes since Synapse 1.45.0rc2.
Known Issues
------------
- A suspected [performance regression](https://github.com/matrix-org/synapse/issues/11049) which was first reported after the release of 1.44.0 remains unresolved.
We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.
Improved Documentation
----------------------
- Reword changelog to clarify concerns about a suspected performance regression in 1.44.0. ([\#11117](https://github.com/matrix-org/synapse/issues/11117))
Synapse 1.45.0rc2 (2021-10-14)
===============
This release candidate [fixes](https://github.com/matrix-org/synapse/issues/11053) a user directory [bug](https://github.com/matrix-org/synapse/issues/11025) present in 1.45.0rc1.
Known Issues
------------
- A suspected [performance regression](https://github.com/matrix-org/synapse/issues/11049) which was first reported after the release of 1.44.0 remains unresolved.
We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.
Bugfixes
--------
- Fix a long-standing bug when using multiple event persister workers where events were not correctly sent down `/sync` due to a race. ([\#11045](https://github.com/matrix-org/synapse/issues/11045))
- Fix a bug introduced in Synapse 1.45.0rc1 where the user directory would stop updating if it processed an event from a
user not in the `users` table. ([\#11053](https://github.com/matrix-org/synapse/issues/11053))
- Fix a bug introduced in Synapse 1.44.0 when logging errors during oEmbed processing. ([\#11061](https://github.com/matrix-org/synapse/issues/11061))
Internal Changes
----------------
- Add an 'approximate difference' method to `StateFilter`. ([\#10825](https://github.com/matrix-org/synapse/issues/10825))
- Fix inconsistent behavior of `get_last_client_by_ip` when reporting data that has not been stored in the database yet. ([\#10970](https://github.com/matrix-org/synapse/issues/10970))
- Fix a bug introduced in Synapse 1.21.0 that causes opentracing and Prometheus metrics for replication requests to be measured incorrectly.
([\#10996](https://github.com/matrix-org/synapse/issues/10996))
- Ensure that cache config tests do not share state. ([\#11036](https://github.com/matrix-org/synapse/issues/11036))
Synapse 1.45.0rc1 (2021-10-12)
===============
**Note:** Media storage providers module that read from Synapse's configuration need changes as of this version, see the [upgrade
notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1450) for more information.
Known Issues
------------
- We are investigating [a performance issue](https://github.com/matrix-org/synapse/issues/11049) which was reported after the release of 1.44.0.
- We are aware of [a bug](https://github.com/matrix-org/synapse/issues/11025) with the user directory when using application services. A second release candidate is expected which will resolve this.
Features
--------
- Add [MSC3069](https://github.com/matrix-org/matrix-doc/pull/3069) support to `/account/whoami`. ([\#9655](https://github.com/matrix-org/synapse/issues/9655))
- Support autodiscovery of oEmbed previews. ([\#10822](https://github.com/matrix-org/synapse/issues/10822))
- Add a `user_may_send_3pid_invite` spam checker callback for modules to allow or deny 3PID invites. ([\#10894](https://github.com/matrix-org/synapse/issues/10894))
- Add a spam checker callback to allow or deny room joins. ([\#10910](https://github.com/matrix-org/synapse/issues/10910))
- Include an `update_synapse_database` script in the distribution. Contributed by @Fizzadar at Beeper. ([\#10954](https://github.com/matrix-org/synapse/issues/10954))
- Include exception information in JSON logging output. Contributed by @Fizzadar at Beeper. ([\#11028](https://github.com/matrix-org/synapse/issues/11028))
Bugfixes
--------
- Fix a minor bug in the response to `/_matrix/client/r0/voip/turnServer`. Contributed by @lukaslihotzki. ([\#10922](https://github.com/matrix-org/synapse/issues/10922))
- Fix a bug where empty `yyyy-mm-dd/` directories would be left behind in the media store's `url_cache_thumbnails/` directory. ([\#10924](https://github.com/matrix-org/synapse/issues/10924))
- Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8 and 9 could be applied to earlier room versions in some situations.
([\#10927](https://github.com/matrix-org/synapse/issues/10927))
- Fix a long-standing bug wherein deactivated users still count towards the monthly active users limit. ([\#10947](https://github.com/matrix-org/synapse/issues/10947))
- Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. ([\#10956](https://github.com/matrix-org/synapse/issues/10956))
- Fix a long-standing bug where rebuilding the user directory wouldn't exclude support and deactivated users. ([\#10960](https://github.com/matrix-org/synapse/issues/10960))
- Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint rejecting subsequent batches with unknown batch ID error in existing room versions from the room creator.
([\#10962](https://github.com/matrix-org/synapse/issues/10962))
- Fix a bug that could leak local users' per-room nicknames and avatars when the user directory is rebuilt. ([\#10981](https://github.com/matrix-org/synapse/issues/10981))
- Fix a long-standing bug where the remainder of a batch of user directory changes would be silently dropped if the server left a room early in the batch.
([\#10982](https://github.com/matrix-org/synapse/issues/10982))
- Correct a bugfix introduced in Synapse v1.44.0 that would catch the wrong error if a connection is lost before a response could be written to it.
([\#10995](https://github.com/matrix-org/synapse/issues/10995))
- Fix a long-standing bug where local users' per-room nicknames/avatars were visible to anyone who could see you in the user directory. ([\#11002](https://github.com/matrix-org/synapse/issues/11002))
- Fix a long-standing bug where a user's per-room nickname/avatar would overwrite their profile in the user directory when a room was made public.
([\#11003](https://github.com/matrix-org/synapse/issues/11003))
- Work around a regression, introduced in Synapse v1.39.0, that caused `SynapseError`s raised by the experimental third-party rules module callback `check_event_allowed` to be ignored.
([\#11042](https://github.com/matrix-org/synapse/issues/11042))
- Fix a bug in [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) insertion events in rooms that could cause cross-talk/conflicts between batches.
([\#10877](https://github.com/matrix-org/synapse/issues/10877))
Improved Documentation
----------------------
- Change wording ("reference homeserver") in Synapse repository documentation. Contributed by @maxkratz. ([\#10971](https://github.com/matrix-org/synapse/issues/10971))
- Fix a dead URL in development documentation (SAML) and change wording from "Riot" to "Element". Contributed by @maxkratz. ([\#10973](https://github.com/matrix-org/synapse/issues/10973))
- Add additional content to the Welcome and Overview page of the documentation. ([\#10990](https://github.com/matrix-org/synapse/issues/10990))
- Update links to MSCs in documentation. Contributed by @dklimpel. ([\#10991](https://github.com/matrix-org/synapse/issues/10991))
Internal Changes
----------------
- Improve type hinting in `synapse.util`. ([\#10888](https://github.com/matrix-org/synapse/issues/10888))
- Add further type hints to `synapse.storage.util`. ([\#10892](https://github.com/matrix-org/synapse/issues/10892))
- Fix type hints to be compatible with an upcoming change to Twisted. ([\#10895](https://github.com/matrix-org/synapse/issues/10895))
- Update utility code to handle C implementations of frozendict. ([\#10902](https://github.com/matrix-org/synapse/issues/10902))
- Drop old functionality which maintained database compatibility with Synapse versions before v1.31. ([\#10903](https://github.com/matrix-org/synapse/issues/10903))
- Clean-up configuration helper classes for the `ServerConfig` class. ([\#10915](https://github.com/matrix-org/synapse/issues/10915))
- Use direct references to config flags. ([\#10916](https://github.com/matrix-org/synapse/issues/10916), [\#10959](https://github.com/matrix-org/synapse/issues/10959),
[\#10985](https://github.com/matrix-org/synapse/issues/10985))
- Clean up some of the federation event authentication code for clarity. ([\#10926](https://github.com/matrix-org/synapse/issues/10926), [\#10940](https://github.com/matrix-org/synapse/issues/10940),
[\#10986](https://github.com/matrix-org/synapse/issues/10986), [\#10987](https://github.com/matrix-org/synapse/issues/10987), [\#10988](https://github.com/matrix-org/synapse/issues/10988),
[\#11010](https://github.com/matrix-org/synapse/issues/11010), [\#11011](https://github.com/matrix-org/synapse/issues/11011))
- Refactor various parts of the codebase to use `RoomVersion` objects instead of room version identifier strings. ([\#10934](https://github.com/matrix-org/synapse/issues/10934))
- Refactor user directory tests in preparation for upcoming changes. ([\#10935](https://github.com/matrix-org/synapse/issues/10935))
- Include the event id in the logcontext when handling PDUs received over federation. ([\#10936](https://github.com/matrix-org/synapse/issues/10936))
- Fix logged errors in unit tests. ([\#10939](https://github.com/matrix-org/synapse/issues/10939))
- Fix a broken test to ensure that consent configuration works during registration. ([\#10945](https://github.com/matrix-org/synapse/issues/10945))
- Add type hints to filtering classes. ([\#10958](https://github.com/matrix-org/synapse/issues/10958))
- Add type-hint to `HomeserverTestcase.setup_test_homeserver`. ([\#10961](https://github.com/matrix-org/synapse/issues/10961))
- Fix the test utility function `create_room_as` so that `is_public=True` will explicitly set the `visibility` parameter of room creation requests to `public`. Contributed by @AndrewFerr.
([\#10963](https://github.com/matrix-org/synapse/issues/10963))
- Make the release script more robust and transparent. ([\#10966](https://github.com/matrix-org/synapse/issues/10966))
- Refactor [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` mega function into smaller handler functions. ([\#10974](https://github.com/matrix-org/synapse/issues/10974))
- Log stack traces when a missing opentracing span is detected. ([\#10983](https://github.com/matrix-org/synapse/issues/10983))
- Update GHA config to run tests against Python 3.10 and PostgreSQL 14. ([\#10992](https://github.com/matrix-org/synapse/issues/10992))
- Fix a long-standing bug where `ReadWriteLock`s could drop logging contexts on exit. ([\#10993](https://github.com/matrix-org/synapse/issues/10993))
- Add a `CODEOWNERS` file to automatically request reviews from the `@matrix-org/synapse-core` team on new pull requests. ([\#10994](https://github.com/matrix-org/synapse/issues/10994))
- Add further type hints to `synapse.state`. ([\#11004](https://github.com/matrix-org/synapse/issues/11004))
- Remove the deprecated `BaseHandler` object. ([\#11005](https://github.com/matrix-org/synapse/issues/11005))
- Bump mypy version for CI to 0.910, and pull in new type stubs for dependencies. ([\#11006](https://github.com/matrix-org/synapse/issues/11006))
- Fix CI to run the unit tests without optional deps. ([\#11017](https://github.com/matrix-org/synapse/issues/11017))
- Ensure that cache config tests do not share state. ([\#11019](https://github.com/matrix-org/synapse/issues/11019))
- Add additional type hints to `synapse.server_notices`. ([\#11021](https://github.com/matrix-org/synapse/issues/11021))
- Add additional type hints for `synapse.push`. ([\#11023](https://github.com/matrix-org/synapse/issues/11023))
- When installing the optional developer dependencies, also include the dependencies needed for type-checking and unit testing. ([\#11034](https://github.com/matrix-org/synapse/issues/11034))
- Remove unnecessary list comprehension from `synapse_port_db` to satisfy code style requirements. ([\#11043](https://github.com/matrix-org/synapse/issues/11043))
Synapse 1.44.0 (2021-10-05)
=============
No significant changes since 1.44.0rc3.
Synapse 1.44.0rc3 (2021-10-04)
===============
Bugfixes
--------
- Fix a bug introduced in Synapse v1.40.0 where changing a user's display name or avatar in a restricted room would cause an authentication error.
([\#10933](https://github.com/matrix-org/synapse/issues/10933))
- Fix `/admin/whois/{user_id}` endpoint, which was broken in v1.44.0rc1. ([\#10968](https://github.com/matrix-org/synapse/issues/10968))
Synapse 1.44.0rc2 (2021-09-30)
===============
Bugfixes
--------
- Fix a bug introduced in v1.44.0rc1 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error.
([\#10938](https://github.com/matrix-org/synapse/issues/10938))
- Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services. ([\#10944](https://github.com/matrix-org/synapse/issues/10944))
Improved Documentation
----------------------
- Minor updates to the installation instructions. ([\#10919](https://github.com/matrix-org/synapse/issues/10919))
Synapse 1.44.0rc1 (2021-09-29)
===============
Features
--------
- Only allow the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send?chunk_id=xxx` endpoint to connect to an already existing insertion event.
([\#10776](https://github.com/matrix-org/synapse/issues/10776))
- Improve oEmbed URL previews by processing the author name, photo, and video information. ([\#10814](https://github.com/matrix-org/synapse/issues/10814),
[\#10819](https://github.com/matrix-org/synapse/issues/10819))
- Speed up responding with large JSON objects to requests. ([\#10868](https://github.com/matrix-org/synapse/issues/10868), [\#10905](https://github.com/matrix-org/synapse/issues/10905))
- Add a `user_may_create_room_with_invites` spam checker callback to allow modules to allow or deny a room creation request based on the invites and/or 3PID invites it includes.
([\#10898](https://github.com/matrix-org/synapse/issues/10898))
Bugfixes
--------
- Fix a long-standing bug that caused an `AssertionError` when purging history in certain rooms. Contributed by @Kokokokoka. ([\#10690](https://github.com/matrix-org/synapse/issues/10690))
- Fix a long-standing bug which caused deactivated users that were later reactivated to be missing from the user directory. ([\#10782](https://github.com/matrix-org/synapse/issues/10782))
- Fix a long-standing bug that caused unbanning a user by sending a membership event to fail. Contributed by @aaronraimist. ([\#10807](https://github.com/matrix-org/synapse/issues/10807))
- Fix a long-standing bug where logging contexts would go missing when federation requests time out. ([\#10810](https://github.com/matrix-org/synapse/issues/10810))
- Fix a long-standing bug causing an error in the deprecated `/initialSync` endpoint when using the undocumented `from` and `to` parameters.
([\#10827](https://github.com/matrix-org/synapse/issues/10827))
- Fix a bug causing the `remove_stale_pushers` background job to repeatedly fail and log errors. This bug affected Synapse servers that had been upgraded from version 1.28 or older and are using
SQLite. ([\#10843](https://github.com/matrix-org/synapse/issues/10843))
- Fix a long-standing bug in Unicode support of the room search admin API breaking search for rooms with non-ASCII characters. ([\#10859](https://github.com/matrix-org/synapse/issues/10859))
- Fix a bug introduced in Synapse 1.37.0 which caused `knock` membership events which we sent to remote servers to be incorrectly stored in the local database.
([\#10873](https://github.com/matrix-org/synapse/issues/10873))
- Fix invalidating one-time key count cache after claiming keys. The bug was introduced in Synapse v1.41.0. Contributed by Tulir at Beeper.
([\#10875](https://github.com/matrix-org/synapse/issues/10875))
- Fix a long-standing bug causing application service users to be subject to MAU blocking if the MAU limit had been reached, even if configured not to be blocked.
([\#10881](https://github.com/matrix-org/synapse/issues/10881))
- Fix a long-standing bug which could cause events pulled over federation to be incorrectly rejected. ([\#10907](https://github.com/matrix-org/synapse/issues/10907))
- Fix a long-standing bug causing URL cache files to be stored in storage providers. Server admins may safely delete the `url_cache/` and `url_cache_thumbnails/` directories from any configured
storage providers to reclaim space. ([\#10911](https://github.com/matrix-org/synapse/issues/10911))
- Fix a long-standing bug leading to race conditions when creating media store and config directories. ([\#10913](https://github.com/matrix-org/synapse/issues/10913))
Improved Documentation
----------------------
- Fix some crashes in the Module API example code, by adding JSON encoding/decoding. ([\#10845](https://github.com/matrix-org/synapse/issues/10845))
- Add developer documentation about experimental configuration flags. ([\#10865](https://github.com/matrix-org/synapse/issues/10865))
- Properly remove deleted files from GitHub pages when generating the documentation. ([\#10869](https://github.com/matrix-org/synapse/issues/10869))
Internal Changes
----------------
- Fix GitHub Actions config so we can run sytest on synapse from parallel branches. ([\#10659](https://github.com/matrix-org/synapse/issues/10659))
- Split out [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) meta events to their own fields in the `/batch_send` response. ([\#10777](https://github.com/matrix-org/synapse/issues/10777))
- Add missing type hints to REST servlets. ([\#10785](https://github.com/matrix-org/synapse/issues/10785), [\#10817](https://github.com/matrix-org/synapse/issues/10817))
- Simplify the internal logic which maintains the user directory database tables. ([\#10796](https://github.com/matrix-org/synapse/issues/10796))
- Use direct references to config flags. ([\#10812](https://github.com/matrix-org/synapse/issues/10812), [\#10885](https://github.com/matrix-org/synapse/issues/10885),
[\#10893](https://github.com/matrix-org/synapse/issues/10893), [\#10897](https://github.com/matrix-org/synapse/issues/10897))
- Specify the type of token in generic "Invalid token" error messages. ([\#10815](https://github.com/matrix-org/synapse/issues/10815))
- Make `StateFilter` frozen so it is hashable. ([\#10816](https://github.com/matrix-org/synapse/issues/10816))
- Fix a long-standing bug where an `m.room.message` event containing a null byte would cause an internal server error. ([\#10820](https://github.com/matrix-org/synapse/issues/10820))
- Add type hints to the state database. ([\#10823](https://github.com/matrix-org/synapse/issues/10823))
- Opt out of cache expiry for `get_users_who_share_room_with_user`, to hopefully improve `/sync` performance when you
haven't synced recently. ([\#10826](https://github.com/matrix-org/synapse/issues/10826))
- Track cache eviction rates more finely in Prometheus's monitoring. ([\#10829](https://github.com/matrix-org/synapse/issues/10829))
- Add missing type hints to `synapse.handlers`. ([\#10831](https://github.com/matrix-org/synapse/issues/10831), [\#10856](https://github.com/matrix-org/synapse/issues/10856))
- Extend the Module API to let plug-ins check whether an ID is local and to access IP + User Agent data. ([\#10833](https://github.com/matrix-org/synapse/issues/10833))
- Factor out PNG image data to a constant to be used in several tests. ([\#10834](https://github.com/matrix-org/synapse/issues/10834))
- Add a test to ensure state events sent by modules get persisted correctly. ([\#10835](https://github.com/matrix-org/synapse/issues/10835))
- Rename [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) fields and event types from `chunk` to `batch` to match the `/batch_send` endpoint.
([\#10838](https://github.com/matrix-org/synapse/issues/10838))
- Rename [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` query parameter from `?prev_event` to more obvious usage with `?prev_event_id`.
([\#10839](https://github.com/matrix-org/synapse/issues/10839))
- Add type hints to `synapse.http.site`. ([\#10867](https://github.com/matrix-org/synapse/issues/10867))
- Include outlier status when we log V2 or V3 events. ([\#10879](https://github.com/matrix-org/synapse/issues/10879))
- Break down Grafana's cache expiry time series based on reason for eviction, c.f. [\#10829](https://github.com/matrix-org/synapse/issues/10829).
([\#10880](https://github.com/matrix-org/synapse/issues/10880))
- Clean up some of the federation event authentication code for clarity. ([\#10883](https://github.com/matrix-org/synapse/issues/10883), [\#10884](https://github.com/matrix-org/synapse/issues/10884),
[\#10896](https://github.com/matrix-org/synapse/issues/10896), [\#10901](https://github.com/matrix-org/synapse/issues/10901))
- Allow the `.` and `~` characters when creating registration tokens as per the change to [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
([\#10887](https://github.com/matrix-org/synapse/issues/10887))
- Clean up some unnecessary parentheses in places around the codebase. ([\#10889](https://github.com/matrix-org/synapse/issues/10889))
- Improve type hinting in the user directory code. ([\#10891](https://github.com/matrix-org/synapse/issues/10891))
- Update development testing script `test_postgresql.sh` to use a supported Python version and make re-runs quicker. ([\#10906](https://github.com/matrix-org/synapse/issues/10906))
- Document and summarize changes in schema version `61` – `64`. ([\#10917](https://github.com/matrix-org/synapse/issues/10917))
- Update release script to sign the newly created git tags. ([\#10925](https://github.com/matrix-org/synapse/issues/10925))
- Fix Debian builds due to `dh-virtualenv` no longer being able to build their docs. ([\#10931](https://github.com/matrix-org/synapse/issues/10931))
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/chat/matrix-synapse/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/chat/matrix-synapse/PLIST
cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/matrix-synapse/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gdt
Date: Tue Nov 23 12:47:51 UTC 2021
Modified Files:
pkgsrc/chat/matrix-synapse: Makefile distinfo
Log Message:
chat/matrix-synapse: Update to 1.47.1 (security)
Synapse 1.47.1 (2021-11-23)
======This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.
Security advisory
-----------------
The following issue is fixed in 1.47.1.
- **[GHSA-3hfw-x7gx-437c](https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) / [CVE-2021-41281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281): Path traversal when downloading remote media.**
Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.
The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.
Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.
Fixed by [91f2bd090](https://github.com/matrix-org/synapse/commit/91f2bd090).
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/chat/matrix-synapse/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/chat/matrix-synapse/distinfo
chat/matrix-synapse: security update
Revisions pulled up:
- chat/matrix-synapse/Makefile 1.34-1.36
- chat/matrix-synapse/PLIST 1.18-1.19
- chat/matrix-synapse/distinfo 1.24,1.27-1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: js
Date: Sat Oct 2 12:23:13 UTC 2021
Modified Files:
pkgsrc/chat/matrix-synapse: Makefile PLIST distinfo
Log Message:
Update chat/matrix-synapse to 1.43.0
Synapse 1.43.0 (2021-09-21)
=============
This release drops support for the deprecated, unstable API for [MSC2858 (Multiple SSO Identity
Providers)](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2858-Multiple-SSO-Identity-Providers.md#unstable-prefix), as well as the undocumented `experimental.msc2858_enabled` config
option. Client authors should update their clients to use the stable API, available since Synapse 1.30.
The documentation has been updated with configuration for routing `/spaces`, `/hierarchy` and `/summary` to workers. See [the upgrade
notes](https://github.com/matrix-org/synapse/blob/release-v1.43/docs/upgrade.md#upgrading-to-v1430) for more details.
No significant changes since 1.43.0rc2.
Synapse 1.43.0rc2 (2021-09-17)
===============
Bugfixes
--------
- Added opentracing logging to help debug [\#9424](https://github.com/matrix-org/synapse/issues/9424). ([\#10828](https://github.com/matrix-org/synapse/issues/10828))
Synapse 1.43.0rc1 (2021-09-14)
===============
Features
--------
- Allow room creators to send historical events specified by [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) in existing room versions.
([\#10566](https://github.com/matrix-org/synapse/issues/10566))
- Add config option to use non-default manhole password and keys. ([\#10643](https://github.com/matrix-org/synapse/issues/10643))
- Skip final GC at shutdown to improve restart performance. ([\#10712](https://github.com/matrix-org/synapse/issues/10712))
- Allow configuration of the oEmbed URLs used for URL previews. ([\#10714](https://github.com/matrix-org/synapse/issues/10714), [\#10759](https://github.com/matrix-org/synapse/issues/10759))
- Prefer [room version 9](https://github.com/matrix-org/matrix-doc/pull/3375) for restricted rooms per the [room version capabilities](https://github.com/matrix-org/matrix-doc/pull/3244) API.
([\#10772](https://github.com/matrix-org/synapse/issues/10772))
Bugfixes
--------
- Fix a long-standing bug where room avatars were not included in email notifications. ([\#10658](https://github.com/matrix-org/synapse/issues/10658))
- Fix a bug where the ordering algorithm was skipping the `origin_server_ts` step in the spaces summary resulting in unstable room orderings.
([\#10730](https://github.com/matrix-org/synapse/issues/10730))
- Fix edge case when persisting events into a room where there are multiple events we previously hadn't calculated auth chains for (and hadn't marked as needing to be calculated).
([\#10743](https://github.com/matrix-org/synapse/issues/10743))
- Fix a bug which prevented calls to `/createRoom` that included the `room_alias_name` parameter from being handled by worker processes. ([\#10757](https://github.com/matrix-org/synapse/issues/10757))
- Fix a bug which prevented user registration via SSO to require consent tracking for SSO mapping providers that don't prompt for Matrix ID selection. Contributed by @AndrewFerr.
([\#10733](https://github.com/matrix-org/synapse/issues/10733))
- Only return the stripped state events for the `m.space.child` events in a room for the spaces summary from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946).
([\#10760](https://github.com/matrix-org/synapse/issues/10760))
- Properly handle room upgrades of spaces. ([\#10774](https://github.com/matrix-org/synapse/issues/10774))
- Fix a bug which generated invalid homeserver config when the `frontend_proxy` worker type was passed to the Synapse Worker-based Complement image.
([\#10783](https://github.com/matrix-org/synapse/issues/10783))
Improved Documentation
----------------------
- Minor fix to the `media_repository` developer documentation. Contributed by @cuttingedge1109. ([\#10556](https://github.com/matrix-org/synapse/issues/10556))
- Update the documentation to note that the `/spaces` and `/hierarchy` endpoints can be routed to workers. ([\#10648](https://github.com/matrix-org/synapse/issues/10648))
- Clarify admin API documentation on undoing room deletions. ([\#10735](https://github.com/matrix-org/synapse/issues/10735))
- Split up the modules documentation and add examples for module developers. ([\#10758](https://github.com/matrix-org/synapse/issues/10758))
- Correct 2 typographical errors in the [Log Contexts documentation](https://matrix-org.github.io/synapse/latest/log_contexts.html). ([\#10795](https://github.com/matrix-org/synapse/issues/10795))
- Fix a wording mistake in the sample configuration. Contributed by @bramvdnheuvel:nltrix.net. ([\#10804](https://github.com/matrix-org/synapse/issues/10804))
Deprecations and Removals
-------------------------
- Remove the [unstable MSC2858 API](https://github.com/matrix-org/matrix-doc/blob/master/proposals/2858-Multiple-SSO-Identity-Providers.md#unstable-prefix), including the undocumented
`experimental.msc2858_enabled` config option. The unstable API has been deprecated since Synapse 1.35. Client authors should update their clients to use the stable API introduced in Synapse 1.30 if
they have not already done so. ([\#10693](https://github.com/matrix-org/synapse/issues/10693))
Internal Changes
----------------
- Add OpenTracing logging to help debug stuck messages (as described by issue [#9424](https://github.com/matrix-org/synapse/issues/9424)).
([\#10704](https://github.com/matrix-org/synapse/issues/10704))
- Add type annotations to the `synapse.util` package. ([\#10601](https://github.com/matrix-org/synapse/issues/10601))
- Ensure `rooms.creator` field is always populated for easy lookup in [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) usage later.
([\#10697](https://github.com/matrix-org/synapse/issues/10697))
- Add missing type hints to REST servlets. ([\#10707](https://github.com/matrix-org/synapse/issues/10707), [\#10728](https://github.com/matrix-org/synapse/issues/10728),
[\#10736](https://github.com/matrix-org/synapse/issues/10736))
- Do not include rooms with unknown room versions in the spaces summary results. ([\#10727](https://github.com/matrix-org/synapse/issues/10727))
- Additional error checking for the `preset` field when creating a room. ([\#10738](https://github.com/matrix-org/synapse/issues/10738))
- Clean up some of the federation event authentication code for clarity. ([\#10744](https://github.com/matrix-org/synapse/issues/10744), [\#10745](https://github.com/matrix-org/synapse/issues/10745),
[\#10746](https://github.com/matrix-org/synapse/issues/10746), [\#10771](https://github.com/matrix-org/synapse/issues/10771), [\#10773](https://github.com/matrix-org/synapse/issues/10773),
[\#10781](https://github.com/matrix-org/synapse/issues/10781))
- Add an index to `presence_stream` to hopefully speed up startups a little. ([\#10748](https://github.com/matrix-org/synapse/issues/10748))
- Refactor event size checking code to simplify searching the codebase for the origins of certain error strings that are occasionally emitted.
([\#10750](https://github.com/matrix-org/synapse/issues/10750))
- Move tests relating to rooms having encryption out of the user directory tests. ([\#10752](https://github.com/matrix-org/synapse/issues/10752))
- Use `attrs` internally for the URL preview code & update documentation. ([\#10753](https://github.com/matrix-org/synapse/issues/10753))
- Minor speed ups when joining large rooms over federation. ([\#10754](https://github.com/matrix-org/synapse/issues/10754), [\#10755](https://github.com/matrix-org/synapse/issues/10755),
[\#10756](https://github.com/matrix-org/synapse/issues/10756), [\#10780](https://github.com/matrix-org/synapse/issues/10780), [\#10784](https://github.com/matrix-org/synapse/issues/10784))
- Add a constant for `m.federate`. ([\#10775](https://github.com/matrix-org/synapse/issues/10775))
- Add a script to update the Debian changelog in a Docker container for systems that are not Debian-based. ([\#10778](https://github.com/matrix-org/synapse/issues/10778))
- Change the format of authenticated users in logs when a user is being puppeted by and admin user. ([\#10779](https://github.com/matrix-org/synapse/issues/10779))
- Remove fixed and flakey tests from the Sytest blacklist. ([\#10788](https://github.com/matrix-org/synapse/issues/10788))
- Improve internal details of the user directory code. ([\#10789](https://github.com/matrix-org/synapse/issues/10789))
- Use direct references to config flags. ([\#10798](https://github.com/matrix-org/synapse/issues/10798))
- Ensure the Rust reporter passes type checking with jaeger-client 4.7's type annotations. ([\#10799](https://github.com/matrix-org/synapse/issues/10799))
Synapse 1.42.0 (2021-09-07)
=============
This version of Synapse removes deprecated room-management admin APIs, removes out-of-date email pushers, and improves error handling for fallback templates for user-interactive authentication. For
more information on these points, server administrators are encouraged to read [the upgrade notes](docs/upgrade.md#upgrading-to-v1420).
No significant changes since 1.42.0rc2.
Synapse 1.42.0rc2 (2021-09-06)
===============
Features
--------
- Support room version 9 from [MSC3375](https://github.com/matrix-org/matrix-doc/pull/3375). ([\#10747](https://github.com/matrix-org/synapse/issues/10747))
Internal Changes
----------------
- Print a warning when using one of the deprecated `template_dir` settings. ([\#10768](https://github.com/matrix-org/synapse/issues/10768))
Synapse 1.42.0rc1 (2021-09-01)
===============
Features
--------
- Add support for [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231): Token authenticated registration. Users can be required to submit a token during registration to authenticate
themselves. Contributed by Callum Brown. ([\#10142](https://github.com/matrix-org/synapse/issues/10142))
- Add support for [MSC3283](https://github.com/matrix-org/matrix-doc/pull/3283): Expose `enable_set_displayname` in capabilities. ([\#10452](https://github.com/matrix-org/synapse/issues/10452))
- Port the `PresenceRouter` module interface to the new generic interface. ([\#10524](https://github.com/matrix-org/synapse/issues/10524))
- Add pagination to the spaces summary based on updates to [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946). ([\#10613](https://github.com/matrix-org/synapse/issues/10613),
[\#10725](https://github.com/matrix-org/synapse/issues/10725))
Bugfixes
--------
- Validate new `m.room.power_levels` events. Contributed by @aaronraimist. ([\#10232](https://github.com/matrix-org/synapse/issues/10232))
- Display an error on User-Interactive Authentication fallback pages when authentication fails. Contributed by Callum Brown. ([\#10561](https://github.com/matrix-org/synapse/issues/10561))
- Remove pushers when deleting an e-mail address from an account. Pushers for old unlinked emails will also be deleted. ([\#10581](https://github.com/matrix-org/synapse/issues/10581),
[\#10734](https://github.com/matrix-org/synapse/issues/10734))
- Reject Client-Server `/keys/query` requests which provide `device_ids` incorrectly. ([\#10593](https://github.com/matrix-org/synapse/issues/10593))
- Rooms with unsupported room versions are no longer returned via `/sync`. ([\#10644](https://github.com/matrix-org/synapse/issues/10644))
- Enforce the maximum length for per-room display names and avatar URLs. ([\#10654](https://github.com/matrix-org/synapse/issues/10654))
- Fix a bug which caused the `synapse_user_logins_total` Prometheus metric not to be correctly initialised on restart. ([\#10677](https://github.com/matrix-org/synapse/issues/10677))
- Improve `ServerNoticeServlet` to avoid duplicate requests and add unit tests. ([\#10679](https://github.com/matrix-org/synapse/issues/10679))
- Fix long-standing issue which caused an error when a thumbnail is requested and there are multiple thumbnails with the same quality rating.
([\#10684](https://github.com/matrix-org/synapse/issues/10684))
- Fix a regression introduced in v1.41.0 which affected the performance of concurrent fetches of large sets of events, in extreme cases causing the process to hang.
([\#10703](https://github.com/matrix-org/synapse/issues/10703))
- Fix a regression introduced in Synapse 1.41 which broke email transmission on Systems using older versions of the Twisted library. ([\#10713](https://github.com/matrix-org/synapse/issues/10713))
Improved Documentation
----------------------
- Add documentation on how to connect Django with Synapse using OpenID Connect and django-oauth-toolkit. Contributed by @HugoDelval. ([\#10192](https://github.com/matrix-org/synapse/issues/10192))
- Advertise https://matrix-org.github.io/synapse documentation in the `README` and `CONTRIBUTING` files. ([\#10595](https://github.com/matrix-org/synapse/issues/10595))
- Fix some of the titles not rendering in the OpenID Connect documentation. ([\#10639](https://github.com/matrix-org/synapse/issues/10639))
- Minor clarifications to the documentation for reverse proxies. ([\#10708](https://github.com/matrix-org/synapse/issues/10708))
- Remove table of contents from the top of installation and contributing documentation pages. ([\#10711](https://github.com/matrix-org/synapse/issues/10711))
Deprecations and Removals
-------------------------
- Remove deprecated Shutdown Room and Purge Room Admin API. ([\#8830](https://github.com/matrix-org/synapse/issues/8830))
Internal Changes
----------------
- Improve type hints for the proxy agent and SRV resolver modules. Contributed by @dklimpel. ([\#10608](https://github.com/matrix-org/synapse/issues/10608))
- Clean up some of the federation event authentication code for clarity. ([\#10614](https://github.com/matrix-org/synapse/issues/10614), [\#10615](https://github.com/matrix-org/synapse/issues/10615),
[\#10624](https://github.com/matrix-org/synapse/issues/10624), [\#10640](https://github.com/matrix-org/synapse/issues/10640))
- Add a comment asking developers to leave a reason when bumping the database schema version. ([\#10621](https://github.com/matrix-org/synapse/issues/10621))
- Remove not needed database updates in modify user admin API. ([\#10627](https://github.com/matrix-org/synapse/issues/10627))
- Convert room member storage tuples to `attrs` classes. ([\#10629](https://github.com/matrix-org/synapse/issues/10629), [\#10642](https://github.com/matrix-org/synapse/issues/10642))
- Use auto-attribs for the attrs classes used in sync. ([\#10630](https://github.com/matrix-org/synapse/issues/10630))
- Make `backfill` and `get_missing_events` use the same codepath. ([\#10645](https://github.com/matrix-org/synapse/issues/10645))
- Improve the performance of the `/hierarchy` API (from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)) by caching responses received over federation.
([\#10647](https://github.com/matrix-org/synapse/issues/10647))
- Run a nightly CI build against Twisted trunk. ([\#10651](https://github.com/matrix-org/synapse/issues/10651), [\#10672](https://github.com/matrix-org/synapse/issues/10672))
- Do not print out stack traces for network errors when fetching data over federation. ([\#10662](https://github.com/matrix-org/synapse/issues/10662))
- Simplify tests for device admin rest API. ([\#10664](https://github.com/matrix-org/synapse/issues/10664))
- Add missing type hints to REST servlets. ([\#10665](https://github.com/matrix-org/synapse/issues/10665), [\#10666](https://github.com/matrix-org/synapse/issues/10666),
[\#10674](https://github.com/matrix-org/synapse/issues/10674))
- Flatten the `tests.synapse.rests` package by moving the contents of `v1` and `v2_alpha` into the parent. ([\#10667](https://github.com/matrix-org/synapse/issues/10667))
- Update `complement.sh` to rebuild the base Docker image when run with workers. ([\#10686](https://github.com/matrix-org/synapse/issues/10686))
- Split the event-processing methods in `FederationHandler` into a separate `FederationEventHandler`. ([\#10692](https://github.com/matrix-org/synapse/issues/10692))
- Remove unused `compare_digest` function. ([\#10706](https://github.com/matrix-org/synapse/issues/10706))
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/chat/matrix-synapse/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/chat/matrix-synapse/PLIST
cvs rdiff -u -r1.23 -r1.24 pkgsrc/chat/matrix-synapse/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: js
Date: Fri Nov 19 14:06:08 UTC 2021
Modified Files:
pkgsrc/chat/matrix-synapse: Makefile PLIST distinfo
Log Message:
Update chat/matrix-synapse to 1.47.0
Synapse 1.47.0 (2021-11-17)
=============
No significant changes since 1.47.0rc3.
Synapse 1.47.0rc3 (2021-11-16)
===============
Bugfixes
--------
- Fix a bug introduced in 1.47.0rc1 which caused worker processes to not halt startup in the presence of outstanding database migrations.
([\#11346](https://github.com/matrix-org/synapse/issues/11346))
- Fix a bug introduced in 1.47.0rc1 which prevented the 'remove deleted devices from `device_inbox` column' background process from running when updating from a recent Synapse version.
([\#11303](https://github.com/matrix-org/synapse/issues/11303), [\#11353](https://github.com/matrix-org/synapse/issues/11353))
Synapse 1.47.0rc2 (2021-11-10)
===============
This fixes an issue with publishing the Debian packages for 1.47.0rc1.
It is otherwise identical to 1.47.0rc1.
Synapse 1.47.0rc1 (2021-11-09)
===============
Deprecations and Removals
-------------------------
- The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more
information. ([\#11206](https://github.com/matrix-org/synapse/issues/11206))
- Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). ([\#11213](https://github.com/matrix-org/synapse/issues/11213))
Features
--------
- Advertise support for Client-Server API r0.6.1. ([\#11097](https://github.com/matrix-org/synapse/issues/11097))
- Add search by room ID and room alias to the List Room admin API. ([\#11099](https://github.com/matrix-org/synapse/issues/11099))
- Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room. ([\#11126](https://github.com/matrix-org/synapse/issues/11126))
- Add a module API method to update a user's membership in a room. ([\#11147](https://github.com/matrix-org/synapse/issues/11147))
- Add metrics for thread pool usage. ([\#11178](https://github.com/matrix-org/synapse/issues/11178))
- Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288). ([\#11187](https://github.com/matrix-org/synapse/issues/11187))
- Add a module API method to retrieve the current state of a room. ([\#11204](https://github.com/matrix-org/synapse/issues/11204))
- Calculate a default value for `public_baseurl` based on `server_name`. ([\#11210](https://github.com/matrix-org/synapse/issues/11210))
- Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443. ([\#11211](https://github.com/matrix-org/synapse/issues/11211))
- Add admin APIs to pause, start and check the status of background updates. ([\#11263](https://github.com/matrix-org/synapse/issues/11263))
Bugfixes
--------
- Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat. ([\#10097](https://github.com/matrix-org/synapse/issues/10097))
- Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
([\#10969](https://github.com/matrix-org/synapse/issues/10969), [\#11212](https://github.com/matrix-org/synapse/issues/11212))
- Do not accept events if a third-party rule `check_event_allowed` callback raises an exception. ([\#11033](https://github.com/matrix-org/synapse/issues/11033))
- Fix long-standing bug where verification requests could fail in certain cases if a federation whitelist was in place but did not include your own homeserver.
([\#11129](https://github.com/matrix-org/synapse/issues/11129))
- Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical
messages is already part of the current room state at the given `?prev_event_id`. ([\#11188](https://github.com/matrix-org/synapse/issues/11188))
- Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p.
([\#11191](https://github.com/matrix-org/synapse/issues/11191))
- Delete `to_device` messages for hidden devices that will never be read, reducing database size. ([\#11199](https://github.com/matrix-org/synapse/issues/11199))
- Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error. ([\#11200](https://github.com/matrix-org/synapse/issues/11200))
- Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at
Beeper. ([\#11207](https://github.com/matrix-org/synapse/issues/11207))
- Fix a bug introduced in Synapse 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats. ([\#11217](https://github.com/matrix-org/synapse/issues/11217))
- Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried.
([\#11234](https://github.com/matrix-org/synapse/issues/11234))
- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection.
([\#11240](https://github.com/matrix-org/synapse/issues/11240))
- Fix a bug preventing Synapse from being rolled back to an earlier version when using workers. ([\#11255](https://github.com/matrix-org/synapse/issues/11255),
[\#11276](https://github.com/matrix-org/synapse/issues/11276))
- Fix a bug introduced in Synapse 1.37.1 which caused a remote event being processed by a worker to not get processed on restart if the worker was killed.
([\#11262](https://github.com/matrix-org/synapse/issues/11262))
- Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu.
([\#11157](https://github.com/matrix-org/synapse/issues/11157))
Updates to the Docker image
---------------------------
- Avoid changing user ID when started as a non-root user, and no explicit `UID` is set. ([\#11209](https://github.com/matrix-org/synapse/issues/11209))
Improved Documentation
----------------------
- Improve example HAProxy config in the docs to properly handle HTTP `Host` headers with port information. This is required for federation over port 443 to work correctly.
([\#11128](https://github.com/matrix-org/synapse/issues/11128))
- Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. ([\#11151](https://github.com/matrix-org/synapse/issues/11151))
- Clarify lack of support for Windows. ([\#11198](https://github.com/matrix-org/synapse/issues/11198))
- Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper. ([\#11221](https://github.com/matrix-org/synapse/issues/11221))
- Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr. ([\#11257](https://github.com/matrix-org/synapse/issues/11257))
Internal Changes
----------------
- Add type annotations for the `log_function` decorator. ([\#10943](https://github.com/matrix-org/synapse/issues/10943))
- Add type hints to `synapse.events`. ([\#11098](https://github.com/matrix-org/synapse/issues/11098))
- Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code. ([\#11137](https://github.com/matrix-org/synapse/issues/11137))
- Add type hints so that `synapse.http` passes `mypy` checks. ([\#11164](https://github.com/matrix-org/synapse/issues/11164))
- Update scripts to pass Shellcheck lints. ([\#11166](https://github.com/matrix-org/synapse/issues/11166))
- Add knock information in admin export. Contributed by Rafael Gonçalves. ([\#11171](https://github.com/matrix-org/synapse/issues/11171))
- Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly.
([\#11179](https://github.com/matrix-org/synapse/issues/11179))
- Refactor `Filter` to check different fields depending on the data type. ([\#11194](https://github.com/matrix-org/synapse/issues/11194))
- Improve type hints for the relations datastore. ([\#11205](https://github.com/matrix-org/synapse/issues/11205))
- Replace outdated links in the pull request checklist with links to the rendered documentation. ([\#11225](https://github.com/matrix-org/synapse/issues/11225))
- Fix a bug in unit test `test_block_room_and_not_purge`. ([\#11226](https://github.com/matrix-org/synapse/issues/11226))
- In `ObservableDeferred`, run observers in the order they were registered. ([\#11229](https://github.com/matrix-org/synapse/issues/11229))
- Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`. ([\#11231](https://github.com/matrix-org/synapse/issues/11231))
- Add `twine` and `towncrier` as dev dependencies, as they're used by the release script. ([\#11233](https://github.com/matrix-org/synapse/issues/11233))
- Allow `stream_writers.typing` config to be a list of one worker. ([\#11237](https://github.com/matrix-org/synapse/issues/11237))
- Remove debugging statement in tests. ([\#11239](https://github.com/matrix-org/synapse/issues/11239))
- Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers.
([\#11244](https://github.com/matrix-org/synapse/issues/11244))
- Add an additional test for the `cachedList` method decorator. ([\#11246](https://github.com/matrix-org/synapse/issues/11246))
- Make minor correction to the type of `auth_checkers` callbacks. ([\#11253](https://github.com/matrix-org/synapse/issues/11253))
- Clean up trivial aspects of the Debian package build tooling. ([\#11269](https://github.com/matrix-org/synapse/issues/11269), [\#11273](https://github.com/matrix-org/synapse/issues/11273))
- Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse. ([\#11270](https://github.com/matrix-org/synapse/issues/11270))
Synapse 1.46.0 (2021-11-02)
=============
The cause of the [performance regression affecting Synapse 1.44](https://github.com/matrix-org/synapse/issues/11049) has been identified and fixed.
([\#11177](https://github.com/matrix-org/synapse/issues/11177))
Bugfixes
--------
- Fix a bug introduced in v1.46.0rc1 where URL previews of some XML documents would fail. ([\#11196](https://github.com/matrix-org/synapse/issues/11196))
Synapse 1.46.0rc1 (2021-10-27)
===============
Features
--------
- Add support for Ubuntu 21.10 "Impish Indri". ([\#11024](https://github.com/matrix-org/synapse/issues/11024))
- Port the Password Auth Providers module interface to the new generic interface. ([\#10548](https://github.com/matrix-org/synapse/issues/10548),
[\#11180](https://github.com/matrix-org/synapse/issues/11180))
- Experimental support for the thread relation defined in [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440). ([\#11088](https://github.com/matrix-org/synapse/issues/11088),
[\#11181](https://github.com/matrix-org/synapse/issues/11181), [\#11192](https://github.com/matrix-org/synapse/issues/11192))
- Users admin API can now also modify user type in addition to allowing it to be set on user creation. ([\#11174](https://github.com/matrix-org/synapse/issues/11174))
Bugfixes
--------
- Newly-created public rooms are now only assigned an alias if the room's creation has not been blocked by permission settings. Contributed by @AndrewFerr.
([\#10930](https://github.com/matrix-org/synapse/issues/10930))
- Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. ([\#11001](https://github.com/matrix-org/synapse/issues/11001),
[\#11009](https://github.com/matrix-org/synapse/issues/11009), [\#11012](https://github.com/matrix-org/synapse/issues/11012))
- Fix 500 error on `/messages` when the server accumulates more than 5 backwards extremities at a given depth for a room. ([\#11027](https://github.com/matrix-org/synapse/issues/11027))
- Fix a bug where setting a user's `external_id` via the admin API returns 500 and deletes user's existing external mappings if that external ID is already mapped.
([\#11051](https://github.com/matrix-org/synapse/issues/11051))
- Fix a long-standing bug where users excluded from the user directory were added into the directory if they belonged to a room which became public or private.
([\#11075](https://github.com/matrix-org/synapse/issues/11075))
- Fix a long-standing bug when attempting to preview URLs which are in the `windows-1252` character encoding. ([\#11077](https://github.com/matrix-org/synapse/issues/11077),
[\#11089](https://github.com/matrix-org/synapse/issues/11089))
- Fix broken export-data admin command and add test script checking the command to CI. ([\#11078](https://github.com/matrix-org/synapse/issues/11078))
- Show an error when timestamp in seconds is provided to the `/purge_media_cache` Admin API. ([\#11101](https://github.com/matrix-org/synapse/issues/11101))
- Fix local users who left all their rooms being removed from the user directory, even if the `search_all_users` config option was enabled.
([\#11103](https://github.com/matrix-org/synapse/issues/11103))
- Fix a bug which caused the module API's `get_user_ip_and_agents` function to always fail on workers. `get_user_ip_and_agents` was introduced in 1.44.0 and did not function correctly on worker
processes at the time. ([\#11112](https://github.com/matrix-org/synapse/issues/11112))
- Identity server connection is no longer ignoring `ip_range_whitelist`. ([\#11120](https://github.com/matrix-org/synapse/issues/11120))
- Fix a bug introduced in Synapse 1.45.0 breaking the configuration file parsing script. ([\#11145](https://github.com/matrix-org/synapse/issues/11145))
- Fix a performance regression introduced in 1.44.0 which could cause client requests to time out when making large numbers of outbound requests.
([\#11177](https://github.com/matrix-org/synapse/issues/11177), [\#11190](https://github.com/matrix-org/synapse/issues/11190))
- Resolve and share `state_groups` for all [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical events in batch. ([\#10975](https://github.com/matrix-org/synapse/issues/10975))
Improved Documentation
----------------------
- Fix broken links relating to module API deprecation in the upgrade notes. ([\#11069](https://github.com/matrix-org/synapse/issues/11069))
- Add more information about what happens when a user is deactivated. ([\#11083](https://github.com/matrix-org/synapse/issues/11083))
- Clarify the the sample log config can be copied from the documentation without issue. ([\#11092](https://github.com/matrix-org/synapse/issues/11092))
- Update the admin API documentation with an updated list of the characters allowed in registration tokens. ([\#11093](https://github.com/matrix-org/synapse/issues/11093))
- Document Synapse's behaviour when dealing with multiple modules registering the same callbacks and/or handlers for the same HTTP endpoints.
([\#11096](https://github.com/matrix-org/synapse/issues/11096))
- Fix instances of `[example]{.title-ref}` in the upgrade documentation as a result of prior RST to Markdown conversion. ([\#11118](https://github.com/matrix-org/synapse/issues/11118))
- Document the version of Synapse each module callback was introduced in. ([\#11132](https://github.com/matrix-org/synapse/issues/11132))
- Document the version of Synapse that introduced each module API method. ([\#11183](https://github.com/matrix-org/synapse/issues/11183))
Internal Changes
----------------
- Fix spurious warnings about losing the logging context on the `ReplicationCommandHandler` when losing the replication connection. ([\#10984](https://github.com/matrix-org/synapse/issues/10984))
- Include rejected status when we log events. ([\#11008](https://github.com/matrix-org/synapse/issues/11008))
- Add some extra logging to the event persistence code. ([\#11014](https://github.com/matrix-org/synapse/issues/11014))
- Rearrange the internal workings of the incremental user directory updates. ([\#11035](https://github.com/matrix-org/synapse/issues/11035))
- Fix a long-standing bug where users excluded from the directory could still be added to the `users_who_share_private_rooms` table after a regular user joins a private room.
([\#11143](https://github.com/matrix-org/synapse/issues/11143))
- Add and improve type hints. ([\#10972](https://github.com/matrix-org/synapse/issues/10972), [\#11055](https://github.com/matrix-org/synapse/issues/11055),
[\#11066](https://github.com/matrix-org/synapse/issues/11066), [\#11076](https://github.com/matrix-org/synapse/issues/11076), [\#11095](https://github.com/matrix-org/synapse/issues/11095),
[\#11109](https://github.com/matrix-org/synapse/issues/11109), [\#11121](https://github.com/matrix-org/synapse/issues/11121), [\#11146](https://github.com/matrix-org/synapse/issues/11146))
- Mark the Synapse package as containing type annotations and fix export declarations so that Synapse pluggable modules may be type checked against Synapse.
([\#11054](https://github.com/matrix-org/synapse/issues/11054))
- Remove dead code from `MediaFilePaths`. ([\#11056](https://github.com/matrix-org/synapse/issues/11056))
- Be more lenient when parsing oEmbed response versions. ([\#11065](https://github.com/matrix-org/synapse/issues/11065))
- Create a separate module for the retention configuration. ([\#11070](https://github.com/matrix-org/synapse/issues/11070))
- Clean up some of the federation event authentication code for clarity. ([\#11115](https://github.com/matrix-org/synapse/issues/11115), [\#11116](https://github.com/matrix-org/synapse/issues/11116),
[\#11122](https://github.com/matrix-org/synapse/issues/11122))
- Add docstrings and comments to the application service ephemeral event sending code. ([\#11138](https://github.com/matrix-org/synapse/issues/11138))
- Update the `sign_json` script to support inline configuration of the signing key. ([\#11139](https://github.com/matrix-org/synapse/issues/11139))
- Fix broken link in the docker image README. ([\#11144](https://github.com/matrix-org/synapse/issues/11144))
- Always dump logs from unit tests during CI runs. ([\#11068](https://github.com/matrix-org/synapse/issues/11068))
- Add tests for `MediaFilePaths` class. ([\#11057](https://github.com/matrix-org/synapse/issues/11057))
- Simplify the user admin API tests. ([\#11048](https://github.com/matrix-org/synapse/issues/11048))
- Add a test for the workaround introduced in [\#11042](https://github.com/matrix-org/synapse/pull/11042) concerning the behaviour of third-party rule modules and `SynapseError`s.
([\#11071](https://github.com/matrix-org/synapse/issues/11071))
Synapse 1.45.1 (2021-10-20)
=============
Bugfixes
--------
- Revert change to counting of deactivated users towards the monthly active users limit, introduced in 1.45.0rc1. ([\#11127](https://github.com/matrix-org/synapse/issues/11127))
Synapse 1.45.0 (2021-10-19)
=============
No functional changes since Synapse 1.45.0rc2.
Known Issues
------------
- A suspected [performance regression](https://github.com/matrix-org/synapse/issues/11049) which was first reported after the release of 1.44.0 remains unresolved.
We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.
Improved Documentation
----------------------
- Reword changelog to clarify concerns about a suspected performance regression in 1.44.0. ([\#11117](https://github.com/matrix-org/synapse/issues/11117))
Synapse 1.45.0rc2 (2021-10-14)
===============
This release candidate [fixes](https://github.com/matrix-org/synapse/issues/11053) a user directory [bug](https://github.com/matrix-org/synapse/issues/11025) present in 1.45.0rc1.
Known Issues
------------
- A suspected [performance regression](https://github.com/matrix-org/synapse/issues/11049) which was first reported after the release of 1.44.0 remains unresolved.
We have not been able to identify a probable cause. Affected users report that setting up a federation sender worker appears to alleviate symptoms of the regression.
Bugfixes
--------
- Fix a long-standing bug when using multiple event persister workers where events were not correctly sent down `/sync` due to a race. ([\#11045](https://github.com/matrix-org/synapse/issues/11045))
- Fix a bug introduced in Synapse 1.45.0rc1 where the user directory would stop updating if it processed an event from a
user not in the `users` table. ([\#11053](https://github.com/matrix-org/synapse/issues/11053))
- Fix a bug introduced in Synapse 1.44.0 when logging errors during oEmbed processing. ([\#11061](https://github.com/matrix-org/synapse/issues/11061))
Internal Changes
----------------
- Add an 'approximate difference' method to `StateFilter`. ([\#10825](https://github.com/matrix-org/synapse/issues/10825))
- Fix inconsistent behavior of `get_last_client_by_ip` when reporting data that has not been stored in the database yet. ([\#10970](https://github.com/matrix-org/synapse/issues/10970))
- Fix a bug introduced in Synapse 1.21.0 that causes opentracing and Prometheus metrics for replication requests to be measured incorrectly.
([\#10996](https://github.com/matrix-org/synapse/issues/10996))
- Ensure that cache config tests do not share state. ([\#11036](https://github.com/matrix-org/synapse/issues/11036))
Synapse 1.45.0rc1 (2021-10-12)
===============
**Note:** Media storage providers module that read from Synapse's configuration need changes as of this version, see the [upgrade
notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1450) for more information.
Known Issues
------------
- We are investigating [a performance issue](https://github.com/matrix-org/synapse/issues/11049) which was reported after the release of 1.44.0.
- We are aware of [a bug](https://github.com/matrix-org/synapse/issues/11025) with the user directory when using application services. A second release candidate is expected which will resolve this.
Features
--------
- Add [MSC3069](https://github.com/matrix-org/matrix-doc/pull/3069) support to `/account/whoami`. ([\#9655](https://github.com/matrix-org/synapse/issues/9655))
- Support autodiscovery of oEmbed previews. ([\#10822](https://github.com/matrix-org/synapse/issues/10822))
- Add a `user_may_send_3pid_invite` spam checker callback for modules to allow or deny 3PID invites. ([\#10894](https://github.com/matrix-org/synapse/issues/10894))
- Add a spam checker callback to allow or deny room joins. ([\#10910](https://github.com/matrix-org/synapse/issues/10910))
- Include an `update_synapse_database` script in the distribution. Contributed by @Fizzadar at Beeper. ([\#10954](https://github.com/matrix-org/synapse/issues/10954))
- Include exception information in JSON logging output. Contributed by @Fizzadar at Beeper. ([\#11028](https://github.com/matrix-org/synapse/issues/11028))
Bugfixes
--------
- Fix a minor bug in the response to `/_matrix/client/r0/voip/turnServer`. Contributed by @lukaslihotzki. ([\#10922](https://github.com/matrix-org/synapse/issues/10922))
- Fix a bug where empty `yyyy-mm-dd/` directories would be left behind in the media store's `url_cache_thumbnails/` directory. ([\#10924](https://github.com/matrix-org/synapse/issues/10924))
- Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8 and 9 could be applied to earlier room versions in some situations.
([\#10927](https://github.com/matrix-org/synapse/issues/10927))
- Fix a long-standing bug wherein deactivated users still count towards the monthly active users limit. ([\#10947](https://github.com/matrix-org/synapse/issues/10947))
- Fix a long-standing bug which meant that events received over federation were sometimes incorrectly accepted into the room state. ([\#10956](https://github.com/matrix-org/synapse/issues/10956))
- Fix a long-standing bug where rebuilding the user directory wouldn't exclude support and deactivated users. ([\#10960](https://github.com/matrix-org/synapse/issues/10960))
- Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint rejecting subsequent batches with unknown batch ID error in existing room versions from the room creator.
([\#10962](https://github.com/matrix-org/synapse/issues/10962))
- Fix a bug that could leak local users' per-room nicknames and avatars when the user directory is rebuilt. ([\#10981](https://github.com/matrix-org/synapse/issues/10981))
- Fix a long-standing bug where the remainder of a batch of user directory changes would be silently dropped if the server left a room early in the batch.
([\#10982](https://github.com/matrix-org/synapse/issues/10982))
- Correct a bugfix introduced in Synapse v1.44.0 that would catch the wrong error if a connection is lost before a response could be written to it.
([\#10995](https://github.com/matrix-org/synapse/issues/10995))
- Fix a long-standing bug where local users' per-room nicknames/avatars were visible to anyone who could see you in the user directory. ([\#11002](https://github.com/matrix-org/synapse/issues/11002))
- Fix a long-standing bug where a user's per-room nickname/avatar would overwrite their profile in the user directory when a room was made public.
([\#11003](https://github.com/matrix-org/synapse/issues/11003))
- Work around a regression, introduced in Synapse v1.39.0, that caused `SynapseError`s raised by the experimental third-party rules module callback `check_event_allowed` to be ignored.
([\#11042](https://github.com/matrix-org/synapse/issues/11042))
- Fix a bug in [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) insertion events in rooms that could cause cross-talk/conflicts between batches.
([\#10877](https://github.com/matrix-org/synapse/issues/10877))
Improved Documentation
----------------------
- Change wording ("reference homeserver") in Synapse repository documentation. Contributed by @maxkratz. ([\#10971](https://github.com/matrix-org/synapse/issues/10971))
- Fix a dead URL in development documentation (SAML) and change wording from "Riot" to "Element". Contributed by @maxkratz. ([\#10973](https://github.com/matrix-org/synapse/issues/10973))
- Add additional content to the Welcome and Overview page of the documentation. ([\#10990](https://github.com/matrix-org/synapse/issues/10990))
- Update links to MSCs in documentation. Contributed by @dklimpel. ([\#10991](https://github.com/matrix-org/synapse/issues/10991))
Internal Changes
----------------
- Improve type hinting in `synapse.util`. ([\#10888](https://github.com/matrix-org/synapse/issues/10888))
- Add further type hints to `synapse.storage.util`. ([\#10892](https://github.com/matrix-org/synapse/issues/10892))
- Fix type hints to be compatible with an upcoming change to Twisted. ([\#10895](https://github.com/matrix-org/synapse/issues/10895))
- Update utility code to handle C implementations of frozendict. ([\#10902](https://github.com/matrix-org/synapse/issues/10902))
- Drop old functionality which maintained database compatibility with Synapse versions before v1.31. ([\#10903](https://github.com/matrix-org/synapse/issues/10903))
- Clean-up configuration helper classes for the `ServerConfig` class. ([\#10915](https://github.com/matrix-org/synapse/issues/10915))
- Use direct references to config flags. ([\#10916](https://github.com/matrix-org/synapse/issues/10916), [\#10959](https://github.com/matrix-org/synapse/issues/10959),
[\#10985](https://github.com/matrix-org/synapse/issues/10985))
- Clean up some of the federation event authentication code for clarity. ([\#10926](https://github.com/matrix-org/synapse/issues/10926), [\#10940](https://github.com/matrix-org/synapse/issues/10940),
[\#10986](https://github.com/matrix-org/synapse/issues/10986), [\#10987](https://github.com/matrix-org/synapse/issues/10987), [\#10988](https://github.com/matrix-org/synapse/issues/10988),
[\#11010](https://github.com/matrix-org/synapse/issues/11010), [\#11011](https://github.com/matrix-org/synapse/issues/11011))
- Refactor various parts of the codebase to use `RoomVersion` objects instead of room version identifier strings. ([\#10934](https://github.com/matrix-org/synapse/issues/10934))
- Refactor user directory tests in preparation for upcoming changes. ([\#10935](https://github.com/matrix-org/synapse/issues/10935))
- Include the event id in the logcontext when handling PDUs received over federation. ([\#10936](https://github.com/matrix-org/synapse/issues/10936))
- Fix logged errors in unit tests. ([\#10939](https://github.com/matrix-org/synapse/issues/10939))
- Fix a broken test to ensure that consent configuration works during registration. ([\#10945](https://github.com/matrix-org/synapse/issues/10945))
- Add type hints to filtering classes. ([\#10958](https://github.com/matrix-org/synapse/issues/10958))
- Add type-hint to `HomeserverTestcase.setup_test_homeserver`. ([\#10961](https://github.com/matrix-org/synapse/issues/10961))
- Fix the test utility function `create_room_as` so that `is_public=True` will explicitly set the `visibility` parameter of room creation requests to `public`. Contributed by @AndrewFerr.
([\#10963](https://github.com/matrix-org/synapse/issues/10963))
- Make the release script more robust and transparent. ([\#10966](https://github.com/matrix-org/synapse/issues/10966))
- Refactor [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` mega function into smaller handler functions. ([\#10974](https://github.com/matrix-org/synapse/issues/10974))
- Log stack traces when a missing opentracing span is detected. ([\#10983](https://github.com/matrix-org/synapse/issues/10983))
- Update GHA config to run tests against Python 3.10 and PostgreSQL 14. ([\#10992](https://github.com/matrix-org/synapse/issues/10992))
- Fix a long-standing bug where `ReadWriteLock`s could drop logging contexts on exit. ([\#10993](https://github.com/matrix-org/synapse/issues/10993))
- Add a `CODEOWNERS` file to automatically request reviews from the `@matrix-org/synapse-core` team on new pull requests. ([\#10994](https://github.com/matrix-org/synapse/issues/10994))
- Add further type hints to `synapse.state`. ([\#11004](https://github.com/matrix-org/synapse/issues/11004))
- Remove the deprecated `BaseHandler` object. ([\#11005](https://github.com/matrix-org/synapse/issues/11005))
- Bump mypy version for CI to 0.910, and pull in new type stubs for dependencies. ([\#11006](https://github.com/matrix-org/synapse/issues/11006))
- Fix CI to run the unit tests without optional deps. ([\#11017](https://github.com/matrix-org/synapse/issues/11017))
- Ensure that cache config tests do not share state. ([\#11019](https://github.com/matrix-org/synapse/issues/11019))
- Add additional type hints to `synapse.server_notices`. ([\#11021](https://github.com/matrix-org/synapse/issues/11021))
- Add additional type hints for `synapse.push`. ([\#11023](https://github.com/matrix-org/synapse/issues/11023))
- When installing the optional developer dependencies, also include the dependencies needed for type-checking and unit testing. ([\#11034](https://github.com/matrix-org/synapse/issues/11034))
- Remove unnecessary list comprehension from `synapse_port_db` to satisfy code style requirements. ([\#11043](https://github.com/matrix-org/synapse/issues/11043))
Synapse 1.44.0 (2021-10-05)
=============
No significant changes since 1.44.0rc3.
Synapse 1.44.0rc3 (2021-10-04)
===============
Bugfixes
--------
- Fix a bug introduced in Synapse v1.40.0 where changing a user's display name or avatar in a restricted room would cause an authentication error.
([\#10933](https://github.com/matrix-org/synapse/issues/10933))
- Fix `/admin/whois/{user_id}` endpoint, which was broken in v1.44.0rc1. ([\#10968](https://github.com/matrix-org/synapse/issues/10968))
Synapse 1.44.0rc2 (2021-09-30)
===============
Bugfixes
--------
- Fix a bug introduced in v1.44.0rc1 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error.
([\#10938](https://github.com/matrix-org/synapse/issues/10938))
- Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services. ([\#10944](https://github.com/matrix-org/synapse/issues/10944))
Improved Documentation
----------------------
- Minor updates to the installation instructions. ([\#10919](https://github.com/matrix-org/synapse/issues/10919))
Synapse 1.44.0rc1 (2021-09-29)
===============
Features
--------
- Only allow the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send?chunk_id=xxx` endpoint to connect to an already existing insertion event.
([\#10776](https://github.com/matrix-org/synapse/issues/10776))
- Improve oEmbed URL previews by processing the author name, photo, and video information. ([\#10814](https://github.com/matrix-org/synapse/issues/10814),
[\#10819](https://github.com/matrix-org/synapse/issues/10819))
- Speed up responding with large JSON objects to requests. ([\#10868](https://github.com/matrix-org/synapse/issues/10868), [\#10905](https://github.com/matrix-org/synapse/issues/10905))
- Add a `user_may_create_room_with_invites` spam checker callback to allow modules to allow or deny a room creation request based on the invites and/or 3PID invites it includes.
([\#10898](https://github.com/matrix-org/synapse/issues/10898))
Bugfixes
--------
- Fix a long-standing bug that caused an `AssertionError` when purging history in certain rooms. Contributed by @Kokokokoka. ([\#10690](https://github.com/matrix-org/synapse/issues/10690))
- Fix a long-standing bug which caused deactivated users that were later reactivated to be missing from the user directory. ([\#10782](https://github.com/matrix-org/synapse/issues/10782))
- Fix a long-standing bug that caused unbanning a user by sending a membership event to fail. Contributed by @aaronraimist. ([\#10807](https://github.com/matrix-org/synapse/issues/10807))
- Fix a long-standing bug where logging contexts would go missing when federation requests time out. ([\#10810](https://github.com/matrix-org/synapse/issues/10810))
- Fix a long-standing bug causing an error in the deprecated `/initialSync` endpoint when using the undocumented `from` and `to` parameters.
([\#10827](https://github.com/matrix-org/synapse/issues/10827))
- Fix a bug causing the `remove_stale_pushers` background job to repeatedly fail and log errors. This bug affected Synapse servers that had been upgraded from version 1.28 or older and are using
SQLite. ([\#10843](https://github.com/matrix-org/synapse/issues/10843))
- Fix a long-standing bug in Unicode support of the room search admin API breaking search for rooms with non-ASCII characters. ([\#10859](https://github.com/matrix-org/synapse/issues/10859))
- Fix a bug introduced in Synapse 1.37.0 which caused `knock` membership events which we sent to remote servers to be incorrectly stored in the local database.
([\#10873](https://github.com/matrix-org/synapse/issues/10873))
- Fix invalidating one-time key count cache after claiming keys. The bug was introduced in Synapse v1.41.0. Contributed by Tulir at Beeper.
([\#10875](https://github.com/matrix-org/synapse/issues/10875))
- Fix a long-standing bug causing application service users to be subject to MAU blocking if the MAU limit had been reached, even if configured not to be blocked.
([\#10881](https://github.com/matrix-org/synapse/issues/10881))
- Fix a long-standing bug which could cause events pulled over federation to be incorrectly rejected. ([\#10907](https://github.com/matrix-org/synapse/issues/10907))
- Fix a long-standing bug causing URL cache files to be stored in storage providers. Server admins may safely delete the `url_cache/` and `url_cache_thumbnails/` directories from any configured
storage providers to reclaim space. ([\#10911](https://github.com/matrix-org/synapse/issues/10911))
- Fix a long-standing bug leading to race conditions when creating media store and config directories. ([\#10913](https://github.com/matrix-org/synapse/issues/10913))
Improved Documentation
----------------------
- Fix some crashes in the Module API example code, by adding JSON encoding/decoding. ([\#10845](https://github.com/matrix-org/synapse/issues/10845))
- Add developer documentation about experimental configuration flags. ([\#10865](https://github.com/matrix-org/synapse/issues/10865))
- Properly remove deleted files from GitHub pages when generating the documentation. ([\#10869](https://github.com/matrix-org/synapse/issues/10869))
Internal Changes
----------------
- Fix GitHub Actions config so we can run sytest on synapse from parallel branches. ([\#10659](https://github.com/matrix-org/synapse/issues/10659))
- Split out [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) meta events to their own fields in the `/batch_send` response. ([\#10777](https://github.com/matrix-org/synapse/issues/10777))
- Add missing type hints to REST servlets. ([\#10785](https://github.com/matrix-org/synapse/issues/10785), [\#10817](https://github.com/matrix-org/synapse/issues/10817))
- Simplify the internal logic which maintains the user directory database tables. ([\#10796](https://github.com/matrix-org/synapse/issues/10796))
- Use direct references to config flags. ([\#10812](https://github.com/matrix-org/synapse/issues/10812), [\#10885](https://github.com/matrix-org/synapse/issues/10885),
[\#10893](https://github.com/matrix-org/synapse/issues/10893), [\#10897](https://github.com/matrix-org/synapse/issues/10897))
- Specify the type of token in generic "Invalid token" error messages. ([\#10815](https://github.com/matrix-org/synapse/issues/10815))
- Make `StateFilter` frozen so it is hashable. ([\#10816](https://github.com/matrix-org/synapse/issues/10816))
- Fix a long-standing bug where an `m.room.message` event containing a null byte would cause an internal server error. ([\#10820](https://github.com/matrix-org/synapse/issues/10820))
- Add type hints to the state database. ([\#10823](https://github.com/matrix-org/synapse/issues/10823))
- Opt out of cache expiry for `get_users_who_share_room_with_user`, to hopefully improve `/sync` performance when you
haven't synced recently. ([\#10826](https://github.com/matrix-org/synapse/issues/10826))
- Track cache eviction rates more finely in Prometheus's monitoring. ([\#10829](https://github.com/matrix-org/synapse/issues/10829))
- Add missing type hints to `synapse.handlers`. ([\#10831](https://github.com/matrix-org/synapse/issues/10831), [\#10856](https://github.com/matrix-org/synapse/issues/10856))
- Extend the Module API to let plug-ins check whether an ID is local and to access IP + User Agent data. ([\#10833](https://github.com/matrix-org/synapse/issues/10833))
- Factor out PNG image data to a constant to be used in several tests. ([\#10834](https://github.com/matrix-org/synapse/issues/10834))
- Add a test to ensure state events sent by modules get persisted correctly. ([\#10835](https://github.com/matrix-org/synapse/issues/10835))
- Rename [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) fields and event types from `chunk` to `batch` to match the `/batch_send` endpoint.
([\#10838](https://github.com/matrix-org/synapse/issues/10838))
- Rename [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` query parameter from `?prev_event` to more obvious usage with `?prev_event_id`.
([\#10839](https://github.com/matrix-org/synapse/issues/10839))
- Add type hints to `synapse.http.site`. ([\#10867](https://github.com/matrix-org/synapse/issues/10867))
- Include outlier status when we log V2 or V3 events. ([\#10879](https://github.com/matrix-org/synapse/issues/10879))
- Break down Grafana's cache expiry time series based on reason for eviction, c.f. [\#10829](https://github.com/matrix-org/synapse/issues/10829).
([\#10880](https://github.com/matrix-org/synapse/issues/10880))
- Clean up some of the federation event authentication code for clarity. ([\#10883](https://github.com/matrix-org/synapse/issues/10883), [\#10884](https://github.com/matrix-org/synapse/issues/10884),
[\#10896](https://github.com/matrix-org/synapse/issues/10896), [\#10901](https://github.com/matrix-org/synapse/issues/10901))
- Allow the `.` and `~` characters when creating registration tokens as per the change to [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
([\#10887](https://github.com/matrix-org/synapse/issues/10887))
- Clean up some unnecessary parentheses in places around the codebase. ([\#10889](https://github.com/matrix-org/synapse/issues/10889))
- Improve type hinting in the user directory code. ([\#10891](https://github.com/matrix-org/synapse/issues/10891))
- Update development testing script `test_postgresql.sh` to use a supported Python version and make re-runs quicker. ([\#10906](https://github.com/matrix-org/synapse/issues/10906))
- Document and summarize changes in schema version `61` – `64`. ([\#10917](https://github.com/matrix-org/synapse/issues/10917))
- Update release script to sign the newly created git tags. ([\#10925](https://github.com/matrix-org/synapse/issues/10925))
- Fix Debian builds due to `dh-virtualenv` no longer being able to build their docs. ([\#10931](https://github.com/matrix-org/synapse/issues/10931))
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/chat/matrix-synapse/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/chat/matrix-synapse/PLIST
cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/matrix-synapse/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gdt
Date: Tue Nov 23 12:47:51 UTC 2021
Modified Files:
pkgsrc/chat/matrix-synapse: Makefile distinfo
Log Message:
chat/matrix-synapse: Update to 1.47.1 (security)
Synapse 1.47.1 (2021-11-23)
======This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild.
Server administrators who are unable to update Synapse may use the workarounds described in the linked GitHub Security Advisory below.
Security advisory
-----------------
The following issue is fixed in 1.47.1.
- **[GHSA-3hfw-x7gx-437c](https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c) / [CVE-2021-41281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281): Path traversal when downloading remote media.**
Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory.
The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact.
Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected.
Fixed by [91f2bd090](https://github.com/matrix-org/synapse/commit/91f2bd090).
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/chat/matrix-synapse/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/chat/matrix-synapse/distinfo
MAIN commitmail json YAML
log update of postsrsd
MAIN commitmail json YAML
pkgsrc/mail/postsrsd/MESSAGE@1.1
/
diff
pkgsrc/mail/postsrsd/Makefile@1.3 / diff
pkgsrc/mail/postsrsd/PLIST@1.3 / diff
pkgsrc/mail/postsrsd/distinfo@1.2 / diff
pkgsrc/mail/postsrsd/files/postsrsd.sh@1.1 / diff
pkgsrc/mail/postsrsd/patches/patch-postsrsd.c@1.1 / diff
pkgsrc/mail/postsrsd/Makefile@1.3 / diff
pkgsrc/mail/postsrsd/PLIST@1.3 / diff
pkgsrc/mail/postsrsd/distinfo@1.2 / diff
pkgsrc/mail/postsrsd/files/postsrsd.sh@1.1 / diff
pkgsrc/mail/postsrsd/patches/patch-postsrsd.c@1.1 / diff
update postsrsd to version 1.11
The update fixes CVE-2020-35573 and CVE-2021-35525
The update fixes CVE-2020-35573 and CVE-2021-35525
MAIN commitmail json YAML
pkgsrc/security/libgcrypt/distinfo@1.90
/
diff
pkgsrc/security/libgcrypt/patches/patch-mpi_config.links@1.4 / diff
pkgsrc/security/libgcrypt/patches/patch-mpi_config.links@1.4 / diff
build fix for NetBSD-8/m68k which calls itself netbsdelf
pkgsrc-2021Q1 commitmail json YAML
pkgsrc/www/curl/Makefile@1.239.2.1
/
diff
pkgsrc/www/curl/PLIST@1.84.2.1 / diff
pkgsrc/www/curl/distinfo@1.168.2.1 / diff
pkgsrc/www/curl/PLIST@1.84.2.1 / diff
pkgsrc/www/curl/distinfo@1.168.2.1 / diff
Pullup ticket #6435 - requested by leot
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.240
- www/curl/PLIST 1.85
- www/curl/distinfo 1.169
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Mar 31 09:52:31 UTC 2021
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: Update to 7.76.0
Changes:
7.76.0
===
This release includes the following changes:
o cookies: Support multiple -b parameters
o curl: add --fail-with-body
o doh: add options to disable ssl verification
o http: add support to read and store the referrer header
o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
o vtls: initial implementation of rustls backend
This release includes the following bugfixes:
o CVE-2021-22876: strip credentials from the auto-referer header field
o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
o asyn-ares: use consistent resolve error message
o BUG-BOUNTY: removed the cooperation mention
o build: delete unused feature guards
o build: fix --disable-dateparse
o build: fix --disable-http-auth
o build: remove all traces of USE_BLOCKING_SOCKETS
o c-hyper: Remove superfluous pointer check
o c-hyper: support automatic content-encoding
o CI/azure: disable test 433 on azure-ubuntu
o CI/azure: replace python-impacket with python3-impacket
o ci: stop building on freebsd-12-1
o cmake: fix import library name for non-MS compiler on Windows
o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
o cmake: support WinIDN
o config: fix building SMB with configure using Win32 Crypto
o config: fix detection of restricted Windows App environment
o configure: fail if --with-quiche is used and quiche isn't found
o configure: make AC_TRY_* into AC_*_IFELSE
o configure: make hyper opt-in, and fail if missing
o configure: only add OpenSSL paths if they are defined
o configure: provide Largefile feature for curl-config
o configure: remove use of deprecated macros
o configure: s/AC_HELP_STRING/AS_HELP_STRING
o cookies: Fix potential NULL pointer deref with PSL
o curl: set CURLOPT_NEW_FILE_PERMS if requested
o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
o curl_multibyte: always return a heap-allocated copy of string
o curl_multibyte: fall back to local code page stat/access on Windows
o Curl_timeleft: check both timeouts during connect
o curl_url_set.3: mention CURLU_PATH_AS_IS
o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
o docs/HTTP2: remove the outdated remark about multiplexing for the tool
o docs/Makefile.inc: format to be update-friendly
o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
o docs: add missing Arg tag to --stderr
o docs: Add SSL backend names to CURL_SSL_BACKEND
o docs: clarify timeouts for queued transfers in multi API
o docs: Explain DOH transfers inherit some SSL settings
o docs: fix FILE example url in --metalink documentation
o docs: make gen.pl support *italic* and **bold**
o doh: Fix sharing user's resolve list with DOH handles
o doh: Inherit CURLOPT_STDERR from user's easy handle
o dynbuf: bump the max HTTP request to 1MB
o examples: Remove threaded-shared-conn.c due to bug
o file: Support unicode urls on windows
o ftp: add 'list_only' to the transfer state struct
o ftp: add 'prefer_ascii' to the transfer state struct
o FTP: allow SIZE to fail when doing (resumed) upload
o ftp: avoid SIZE when asking for a TYPE A file
o ftp: fix Codacy/cppcheck warning about null pointer arithmetic
o ftp: fix memory leak in ftp_done
o ftp: never set data->set.ftp_append outside setopt
o gen.pl: quote "bare" minuses in the nroff curl.1
o github: add torture-ftp for FTP-only torture testing
o gnutls: assume nettle crypto support
o gskit: correct the gskit_send() prototype
o hostip: fix build with sync resolver
o hostip: fix crash in sync resolver builds that use DOH
o hsts: remove unused defines
o http2: don't set KEEP_SEND when there's no more data to be sent
o http2: fail if connection terminated without END_STREAM
o http: cap body data amount during send speed limiting
o http: do not add a referrer header with empty value
o http: make 416 not fail with resume + CURLOPT_FAILONERRROR
o http: remove superfluous NULL assign
o http: strip default port from URL sent to proxy
o http: use credentials from transfer, not connection
o ldap: use correct memory free function
o lib1536: check ptr against NULL before dereferencing it
o lib1537: check ptr against NULL before dereferencing it
o lib: remove 'conn->data' completely
o libssh2: kdb_callback: get the right struct pointer
o libssh2:ssh_connect: clear session pointer after free
o memdebug: close debug logfile explicitly on exit
o mingw: enable using strcasecmp()
o multi: close the connection when h2=>h1 downgrading
o multi: do once-per-transfer inits in before_perform in DID state
o multi: rename the multi transfer states
o multi: update pending list when removing handle
o ngtcp2: adapt to the new recv_datagram callback
o ngtcp2: clarify calculation precedence
o ngtcp2: Fix build error due to change in ngtcp2_addr_init
o ngtcp2: sync with recent API updates
o openldap: avoid NULL pointer dereferences
o openssl: adapt to v3's new const for a few API calls
o openssl: ensure to check SSL_CTX_set_alpn_protos return values
o openssl: remove get_ssl_version_txt in favor of SSL_get_version
o openssl: set the transfer pointer for logging early
o OS400: update for CURLOPT_AWS_SIGV4
o parse_proxy: fix a memory leak in the OOM path
o pathhelp.pm: fix use of pwd -L in Msys environment
o projects: Update VS projects for OpenSSL 1.1.x
o quiche: fix build error: use 'int' for port number
o quiche: fix crash when failing to connect
o retry-all-errors.d: Explain curl errors versus HTTP response errors
o retry.d: Clarify transient 5xx HTTP response codes
o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
o runtests.pl: add a -P option to specify an external proxy
o runtests.pl: kill processes locking test log files
o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
o test1188: change error to check for: --fail HTTP status
o test220/314: adjust to run with Hyper
o test304: header CRLF cleanup to work with Hyper
o test306: make it not run with Hyper
o tests: disable .curlrc in more environments
o tests: use %TESTNUMBER instead of fixed number
o tftp: remove the 3600 second default timeout
o time: enable 64-bit time_t in supported mingw environments
o tool_help: add missing argument for --create-file-mode
o tool_help: Increase space between option and description
o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
o travis: add a rustls build
o travis: bump wolfssl to 4.7.0
o travis: only build wolfssl when needed
o travis: split "torture" into a separate "events" build
o travis: switch ngtcp2 build over to quictls
o travis: use ubuntu nghttp2 package instead of build our own
o url.c: use consistent error message for failed resolve
o url: fix memory leak if OOM in the HSTS handling
o url: fix possible use-after-free in default protocol
o urldata: don't touch data->set.httpversion at run-time
o urldata: fix build without HTTP and MQTT
o urldata: make 'actions[]' use unsigned char instead of int
o urldata: merge "struct DynamicStatic" into "struct UrlState"
o urldata: remove the 'rtspversion' field
o urldata: remove the _ORIG suffix from string names
o version.d: Add missing features to the features list
o wolfssl: don't store a NULL sessionid
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.84 -r1.85 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/curl/distinfo
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.240
- www/curl/PLIST 1.85
- www/curl/distinfo 1.169
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Mar 31 09:52:31 UTC 2021
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: Update to 7.76.0
Changes:
7.76.0
===
This release includes the following changes:
o cookies: Support multiple -b parameters
o curl: add --fail-with-body
o doh: add options to disable ssl verification
o http: add support to read and store the referrer header
o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
o vtls: initial implementation of rustls backend
This release includes the following bugfixes:
o CVE-2021-22876: strip credentials from the auto-referer header field
o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
o asyn-ares: use consistent resolve error message
o BUG-BOUNTY: removed the cooperation mention
o build: delete unused feature guards
o build: fix --disable-dateparse
o build: fix --disable-http-auth
o build: remove all traces of USE_BLOCKING_SOCKETS
o c-hyper: Remove superfluous pointer check
o c-hyper: support automatic content-encoding
o CI/azure: disable test 433 on azure-ubuntu
o CI/azure: replace python-impacket with python3-impacket
o ci: stop building on freebsd-12-1
o cmake: fix import library name for non-MS compiler on Windows
o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
o cmake: support WinIDN
o config: fix building SMB with configure using Win32 Crypto
o config: fix detection of restricted Windows App environment
o configure: fail if --with-quiche is used and quiche isn't found
o configure: make AC_TRY_* into AC_*_IFELSE
o configure: make hyper opt-in, and fail if missing
o configure: only add OpenSSL paths if they are defined
o configure: provide Largefile feature for curl-config
o configure: remove use of deprecated macros
o configure: s/AC_HELP_STRING/AS_HELP_STRING
o cookies: Fix potential NULL pointer deref with PSL
o curl: set CURLOPT_NEW_FILE_PERMS if requested
o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
o curl_multibyte: always return a heap-allocated copy of string
o curl_multibyte: fall back to local code page stat/access on Windows
o Curl_timeleft: check both timeouts during connect
o curl_url_set.3: mention CURLU_PATH_AS_IS
o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
o docs/HTTP2: remove the outdated remark about multiplexing for the tool
o docs/Makefile.inc: format to be update-friendly
o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
o docs: add missing Arg tag to --stderr
o docs: Add SSL backend names to CURL_SSL_BACKEND
o docs: clarify timeouts for queued transfers in multi API
o docs: Explain DOH transfers inherit some SSL settings
o docs: fix FILE example url in --metalink documentation
o docs: make gen.pl support *italic* and **bold**
o doh: Fix sharing user's resolve list with DOH handles
o doh: Inherit CURLOPT_STDERR from user's easy handle
o dynbuf: bump the max HTTP request to 1MB
o examples: Remove threaded-shared-conn.c due to bug
o file: Support unicode urls on windows
o ftp: add 'list_only' to the transfer state struct
o ftp: add 'prefer_ascii' to the transfer state struct
o FTP: allow SIZE to fail when doing (resumed) upload
o ftp: avoid SIZE when asking for a TYPE A file
o ftp: fix Codacy/cppcheck warning about null pointer arithmetic
o ftp: fix memory leak in ftp_done
o ftp: never set data->set.ftp_append outside setopt
o gen.pl: quote "bare" minuses in the nroff curl.1
o github: add torture-ftp for FTP-only torture testing
o gnutls: assume nettle crypto support
o gskit: correct the gskit_send() prototype
o hostip: fix build with sync resolver
o hostip: fix crash in sync resolver builds that use DOH
o hsts: remove unused defines
o http2: don't set KEEP_SEND when there's no more data to be sent
o http2: fail if connection terminated without END_STREAM
o http: cap body data amount during send speed limiting
o http: do not add a referrer header with empty value
o http: make 416 not fail with resume + CURLOPT_FAILONERRROR
o http: remove superfluous NULL assign
o http: strip default port from URL sent to proxy
o http: use credentials from transfer, not connection
o ldap: use correct memory free function
o lib1536: check ptr against NULL before dereferencing it
o lib1537: check ptr against NULL before dereferencing it
o lib: remove 'conn->data' completely
o libssh2: kdb_callback: get the right struct pointer
o libssh2:ssh_connect: clear session pointer after free
o memdebug: close debug logfile explicitly on exit
o mingw: enable using strcasecmp()
o multi: close the connection when h2=>h1 downgrading
o multi: do once-per-transfer inits in before_perform in DID state
o multi: rename the multi transfer states
o multi: update pending list when removing handle
o ngtcp2: adapt to the new recv_datagram callback
o ngtcp2: clarify calculation precedence
o ngtcp2: Fix build error due to change in ngtcp2_addr_init
o ngtcp2: sync with recent API updates
o openldap: avoid NULL pointer dereferences
o openssl: adapt to v3's new const for a few API calls
o openssl: ensure to check SSL_CTX_set_alpn_protos return values
o openssl: remove get_ssl_version_txt in favor of SSL_get_version
o openssl: set the transfer pointer for logging early
o OS400: update for CURLOPT_AWS_SIGV4
o parse_proxy: fix a memory leak in the OOM path
o pathhelp.pm: fix use of pwd -L in Msys environment
o projects: Update VS projects for OpenSSL 1.1.x
o quiche: fix build error: use 'int' for port number
o quiche: fix crash when failing to connect
o retry-all-errors.d: Explain curl errors versus HTTP response errors
o retry.d: Clarify transient 5xx HTTP response codes
o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
o runtests.pl: add a -P option to specify an external proxy
o runtests.pl: kill processes locking test log files
o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
o test1188: change error to check for: --fail HTTP status
o test220/314: adjust to run with Hyper
o test304: header CRLF cleanup to work with Hyper
o test306: make it not run with Hyper
o tests: disable .curlrc in more environments
o tests: use %TESTNUMBER instead of fixed number
o tftp: remove the 3600 second default timeout
o time: enable 64-bit time_t in supported mingw environments
o tool_help: add missing argument for --create-file-mode
o tool_help: Increase space between option and description
o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
o travis: add a rustls build
o travis: bump wolfssl to 4.7.0
o travis: only build wolfssl when needed
o travis: split "torture" into a separate "events" build
o travis: switch ngtcp2 build over to quictls
o travis: use ubuntu nghttp2 package instead of build our own
o url.c: use consistent error message for failed resolve
o url: fix memory leak if OOM in the HSTS handling
o url: fix possible use-after-free in default protocol
o urldata: don't touch data->set.httpversion at run-time
o urldata: fix build without HTTP and MQTT
o urldata: make 'actions[]' use unsigned char instead of int
o urldata: merge "struct DynamicStatic" into "struct UrlState"
o urldata: remove the 'rtspversion' field
o urldata: remove the _ORIG suffix from string names
o version.d: Add missing features to the features list
o wolfssl: don't store a NULL sessionid
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.84 -r1.85 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/curl/distinfo
MAIN commitmail json YAML
pkgsrc/net/xymon/Makefile@1.64
/
diff
pkgsrc/net/xymon/distinfo@1.19 / diff
pkgsrc/net/xymon/patches/patch-lib_acklog.c deleted
pkgsrc/net/xymon/patches/patch-lib_availability.c deleted
pkgsrc/net/xymon/patches/patch-lib_availability.h deleted
pkgsrc/net/xymon/patches/patch-lib_eventlog.c deleted
pkgsrc/net/xymon/patches/patch-lib_holidays.c deleted
pkgsrc/net/xymon/patches/patch-lib_htmllog.c deleted
pkgsrc/net/xymon/patches/patch-lib_misc.c deleted
pkgsrc/net/xymon/patches/patch-lib_stackio.c deleted
pkgsrc/net/xymon/patches/patch-lib_timefunc.c deleted
pkgsrc/net/xymon/patches/patch-lib_tree.c deleted
pkgsrc/net/xymon/patches/patch-web_history.c deleted
pkgsrc/net/xymon/patches/patch-web_reportlog.c deleted
pkgsrc/net/xymon/patches/patch-web_showgraph.c deleted
pkgsrc/net/xymon/patches/patch-xymond_combostatus.c deleted
pkgsrc/net/xymon/patches/patch-xymond_rrd_do__temperature.c deleted
pkgsrc/net/xymon/patches/patch-xymond_xymond__history.c deleted
pkgsrc/net/xymon/patches/patch-xymonnet_xymonnet.c deleted
pkgsrc/net/xymonclient/Makefile@1.26 / diff
pkgsrc/net/xymonclient/distinfo@1.18 / diff
pkgsrc/net/xymon/distinfo@1.19 / diff
pkgsrc/net/xymon/patches/patch-lib_acklog.c deleted
pkgsrc/net/xymon/patches/patch-lib_availability.c deleted
pkgsrc/net/xymon/patches/patch-lib_availability.h deleted
pkgsrc/net/xymon/patches/patch-lib_eventlog.c deleted
pkgsrc/net/xymon/patches/patch-lib_holidays.c deleted
pkgsrc/net/xymon/patches/patch-lib_htmllog.c deleted
pkgsrc/net/xymon/patches/patch-lib_misc.c deleted
pkgsrc/net/xymon/patches/patch-lib_stackio.c deleted
pkgsrc/net/xymon/patches/patch-lib_timefunc.c deleted
pkgsrc/net/xymon/patches/patch-lib_tree.c deleted
pkgsrc/net/xymon/patches/patch-web_history.c deleted
pkgsrc/net/xymon/patches/patch-web_reportlog.c deleted
pkgsrc/net/xymon/patches/patch-web_showgraph.c deleted
pkgsrc/net/xymon/patches/patch-xymond_combostatus.c deleted
pkgsrc/net/xymon/patches/patch-xymond_rrd_do__temperature.c deleted
pkgsrc/net/xymon/patches/patch-xymond_xymond__history.c deleted
pkgsrc/net/xymon/patches/patch-xymonnet_xymonnet.c deleted
pkgsrc/net/xymonclient/Makefile@1.26 / diff
pkgsrc/net/xymonclient/distinfo@1.18 / diff
update xymon and xymonclient to version 4.3.30
Upstream release notes:
Changes for 4.3.30
==================
Various crashes and bugs relating to string handling changes have been fixed,
including problems with hostnames with dashes in them.
Combostatus tests propagated up from other combostatus tests should now
display properly.
Upstream release notes:
Changes for 4.3.30
==================
Various crashes and bugs relating to string handling changes have been fixed,
including problems with hostnames with dashes in them.
Combostatus tests propagated up from other combostatus tests should now
display properly.
pkgsrc-2020Q4 commitmail json YAML
pkgsrc/sysutils/xentools413/Makefile@1.14.2.1
/
diff
pkgsrc/sysutils/xentools413/distinfo@1.6.2.2 / diff
pkgsrc/sysutils/xentools413/patches/patch-XSA355@1.1.2.2 / diff
pkgsrc/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c@1.1.2.2 / diff
pkgsrc/sysutils/xentools413/distinfo@1.6.2.2 / diff
pkgsrc/sysutils/xentools413/patches/patch-XSA355@1.1.2.2 / diff
pkgsrc/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c@1.1.2.2 / diff
Pullup ticket #6423 - requested by bouyer
sysutils/xentools413: security patch
Revisions pulled up:
- sysutils/xentools413/Makefile 1.16
- sysutils/xentools413/distinfo 1.8
- sysutils/xentools413/patches/patch-XSA355 1.1
- sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Feb 3 22:30:22 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools413: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools413/patches: patch-XSA355
patch-tools_xenstore_xenstored_core.c
Log Message:
Add upstream patch for Xen Security Advisory 355
Also, fix xenstored looping keeping the CPU 100% busy and leaking
file descriptors.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/xentools413/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/sysutils/xentools413/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools413/patches/patch-XSA355 \
pkgsrc/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c
sysutils/xentools413: security patch
Revisions pulled up:
- sysutils/xentools413/Makefile 1.16
- sysutils/xentools413/distinfo 1.8
- sysutils/xentools413/patches/patch-XSA355 1.1
- sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Feb 3 22:30:22 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools413: Makefile distinfo
Added Files:
pkgsrc/sysutils/xentools413/patches: patch-XSA355
patch-tools_xenstore_xenstored_core.c
Log Message:
Add upstream patch for Xen Security Advisory 355
Also, fix xenstored looping keeping the CPU 100% busy and leaking
file descriptors.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/xentools413/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/sysutils/xentools413/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools413/patches/patch-XSA355 \
pkgsrc/sysutils/xentools413/patches/patch-tools_xenstore_xenstored_core.c
MAIN commitmail json YAML
pkgsrc/security/sudo/Makefile@1.183
/
diff
pkgsrc/security/sudo/distinfo@1.114 / diff
pkgsrc/security/sudo/patches/patch-configure@1.5 / diff
pkgsrc/security/sudo/distinfo@1.114 / diff
pkgsrc/security/sudo/patches/patch-configure@1.5 / diff
security/sudo: build fix for netbsdelf systems
pkgsrc-2020Q4 commitmail json YAML
Pullup ticket #6401 - requested by nia
net/bind911: build fix for i386
Revisions pulled up:
- net/bind911/Makefile 1.36
- net/bind916/Makefile 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 13 09:34:30 UTC 2021
Modified Files:
pkgsrc/net/bind911: Makefile
pkgsrc/net/bind916: Makefile
Log Message:
bind: Disable atomic operations on i386 too.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind916/Makefile
net/bind911: build fix for i386
Revisions pulled up:
- net/bind911/Makefile 1.36
- net/bind916/Makefile 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 13 09:34:30 UTC 2021
Modified Files:
pkgsrc/net/bind911: Makefile
pkgsrc/net/bind916: Makefile
Log Message:
bind: Disable atomic operations on i386 too.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind916/Makefile
pkgsrc-2020Q4 commitmail json YAML
#6411 #6412 #6413 #6414
pkgsrc-2020Q4 commitmail json YAML
Pullup ticket #6413 - requested by nia
www/firefox78-l10n: dependency update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.8
- www/firefox78-l10n/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 27 05:29:25 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox78-l10n/Makefile \
pkgsrc/www/firefox78-l10n/distinfo
www/firefox78-l10n: dependency update
Revisions pulled up:
- www/firefox78-l10n/Makefile 1.8
- www/firefox78-l10n/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 27 05:29:25 UTC 2021
Modified Files:
pkgsrc/www/firefox78-l10n: Makefile distinfo
Log Message:
firefox78-l10n: sync with firefox78
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/firefox78-l10n/Makefile \
pkgsrc/www/firefox78-l10n/distinfo
pkgsrc-2020Q4 commitmail json YAML
pkgsrc/www/firefox78/Makefile@1.15.2.2
/
diff
pkgsrc/www/firefox78/PLIST@1.1.4.1 / diff
pkgsrc/www/firefox78/distinfo@1.7.2.2 / diff
pkgsrc/www/firefox78/mozilla-common.mk@1.6.2.2 / diff
pkgsrc/www/firefox78/PLIST@1.1.4.1 / diff
pkgsrc/www/firefox78/distinfo@1.7.2.2 / diff
pkgsrc/www/firefox78/mozilla-common.mk@1.6.2.2 / diff
Pullup ticket #6412 - requested by nia
www/firefox78: security update
Revisions pulled up:
- www/firefox78/Makefile 1.18
- www/firefox78/PLIST 1.2
- www/firefox78/distinfo 1.10
- www/firefox78/mozilla-common.mk 1.9
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 27 05:24:11 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile PLIST distinfo mozilla-common.mk
Log Message:
firefox78: Update to 78.7.0
changes:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox78/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/firefox78/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/firefox78/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox78/mozilla-common.mk
www/firefox78: security update
Revisions pulled up:
- www/firefox78/Makefile 1.18
- www/firefox78/PLIST 1.2
- www/firefox78/distinfo 1.10
- www/firefox78/mozilla-common.mk 1.9
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Wed Jan 27 05:24:11 UTC 2021
Modified Files:
pkgsrc/www/firefox78: Makefile PLIST distinfo mozilla-common.mk
Log Message:
firefox78: Update to 78.7.0
changes:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/firefox78/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/firefox78/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/firefox78/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox78/mozilla-common.mk
pkgsrc-2020Q4 commitmail json YAML
pkgsrc/security/p11-kit/Makefile@1.17.4.2
/
diff
pkgsrc/security/p11-kit/distinfo@1.12.4.2 / diff
pkgsrc/security/p11-kit/patches/patch-p11-kit_lists.c@1.1.2.2 / diff
pkgsrc/security/p11-kit/distinfo@1.12.4.2 / diff
pkgsrc/security/p11-kit/patches/patch-p11-kit_lists.c@1.1.2.2 / diff
Pullup ticket #6414 - requested by sborrill
security/p11-kit: build fix for FreeBSD
Revisions pulled up:
- security/p11-kit/Makefile 1.19
- security/p11-kit/distinfo 1.14
- security/p11-kit/patches/patch-p11-kit_lists.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: triaxx
Date: Fri Jan 8 21:09:08 UTC 2021
Modified Files:
pkgsrc/security/p11-kit: Makefile distinfo
Added Files:
pkgsrc/security/p11-kit/patches: patch-p11-kit_lists.c
Log Message:
p11-kit: Fix build on FreeBSD
The build step failed on FreeBSD due to undeclared SIZE_MAX. This error
has been fixed upstream (https://github.com/p11-glue/p11-kit/commit/507c394)
and the patch could be removed at the next update.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/p11-kit/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/p11-kit/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/p11-kit/patches/patch-p11-kit_lists.c
security/p11-kit: build fix for FreeBSD
Revisions pulled up:
- security/p11-kit/Makefile 1.19
- security/p11-kit/distinfo 1.14
- security/p11-kit/patches/patch-p11-kit_lists.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: triaxx
Date: Fri Jan 8 21:09:08 UTC 2021
Modified Files:
pkgsrc/security/p11-kit: Makefile distinfo
Added Files:
pkgsrc/security/p11-kit/patches: patch-p11-kit_lists.c
Log Message:
p11-kit: Fix build on FreeBSD
The build step failed on FreeBSD due to undeclared SIZE_MAX. This error
has been fixed upstream (https://github.com/p11-glue/p11-kit/commit/507c394)
and the patch could be removed at the next update.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/p11-kit/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/p11-kit/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/p11-kit/patches/patch-p11-kit_lists.c
pkgsrc-2020Q4 commitmail json YAML
Pullup ticket #6411 - requested by tron
mail/mutt: security update
Revisions pulled up:
- mail/mutt/Makefile 1.240-1.241
- mail/mutt/distinfo 1.92-1.93
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Fri Jan 1 09:19:27 UTC 2021
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.0.4
This release fixes a few assorted bugs. Unfortunately, one of those (for
large-file support) required a change to the header cache structures; so
your header cache files will need to regenerate when opening each mailbox.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.91 -r1.92 pkgsrc/mail/mutt/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jan 23 09:46:47 UTC 2021
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.0.5
This is a bug-fix release, fixing a few memory leaks. One of them was
assigned CVE-2021-3181.
To generate a diff of this commit:
cvs rdiff -u -r1.240 -r1.241 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.92 -r1.93 pkgsrc/mail/mutt/distinfo
mail/mutt: security update
Revisions pulled up:
- mail/mutt/Makefile 1.240-1.241
- mail/mutt/distinfo 1.92-1.93
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Fri Jan 1 09:19:27 UTC 2021
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.0.4
This release fixes a few assorted bugs. Unfortunately, one of those (for
large-file support) required a change to the header cache structures; so
your header cache files will need to regenerate when opening each mailbox.
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.91 -r1.92 pkgsrc/mail/mutt/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jan 23 09:46:47 UTC 2021
Modified Files:
pkgsrc/mail/mutt: Makefile distinfo
Log Message:
mutt: Update to version 2.0.5
This is a bug-fix release, fixing a few memory leaks. One of them was
assigned CVE-2021-3181.
To generate a diff of this commit:
cvs rdiff -u -r1.240 -r1.241 pkgsrc/mail/mutt/Makefile
cvs rdiff -u -r1.92 -r1.93 pkgsrc/mail/mutt/distinfo
pkgsrc-2020Q4 commitmail json YAML
pkgsrc/sysutils/xentools413/distinfo@1.6.2.1
/
diff
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules@1.1.2.2 / diff
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_common.make@1.1.6.1 / diff
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules@1.1.2.2 / diff
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_common.make@1.1.6.1 / diff
Pullup ticket #6395 - requested by bouyer
sysutils/xentools413: build fix
Revisions pulled up:
- sysutils/xentools413/distinfo 1.7
- sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules 1.1
- sysutils/xentools413/patches/patch-tools_ocaml_common.make 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Jan 8 22:08:46 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools413: distinfo
pkgsrc/sysutils/xentools413/patches: patch-tools_ocaml_common.make
Added Files:
pkgsrc/sysutils/xentools413/patches: patch-tools_ocaml_Makefile.rules
Log Message:
Fix build with newer ocaml, from Chavdar Ivanov
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/sysutils/xentools413/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_common.make
sysutils/xentools413: build fix
Revisions pulled up:
- sysutils/xentools413/distinfo 1.7
- sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules 1.1
- sysutils/xentools413/patches/patch-tools_ocaml_common.make 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Jan 8 22:08:46 UTC 2021
Modified Files:
pkgsrc/sysutils/xentools413: distinfo
pkgsrc/sysutils/xentools413/patches: patch-tools_ocaml_common.make
Added Files:
pkgsrc/sysutils/xentools413/patches: patch-tools_ocaml_Makefile.rules
Log Message:
Fix build with newer ocaml, from Chavdar Ivanov
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/sysutils/xentools413/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_Makefile.rules
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/sysutils/xentools413/patches/patch-tools_ocaml_common.make
MAIN commitmail json YAML
notr news/inn update
MAIN commitmail json YAML
pkgsrc/news/inn/Makefile@1.133
/
diff
pkgsrc/news/inn/PLIST@1.27 / diff
pkgsrc/news/inn/distinfo@1.37 / diff
pkgsrc/news/inn/options.mk@1.9 / diff
pkgsrc/news/inn/PLIST@1.27 / diff
pkgsrc/news/inn/distinfo@1.37 / diff
pkgsrc/news/inn/options.mk@1.9 / diff
update news/inn to version 2.6.3
Changes in 2.6.3
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
* Fixed a regression since INN 2.6.1 that prevented articles with
internationalized header fields (that is to say encoded in UTF-8) from
being posted.
* Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
objects).
INN documentation and samples of Python hooks have been updated to
provide more examples.
* When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
Changes in 2.6.2
* A new *syntaxchecks* parameter has been added in inn.conf. It permits
controlling the level of checks performed by innd and nnrpd. Up to
now, only one check can be enabled/disabled: when *laxmid* is
mentioned in the values of this new parameter, INN accepts Message-IDs
that contain ".." in the left part, as well as Message-IDs with two
"@" (such Message-IDs would otherwise be considered as syntactically
invalid). See the inn.conf(5) man page for more details.
The check is disabled by default (*no-laxmid*), which corresponds to
the legacy behaviour of INN 2.6.1 and earlier.
* Use of the ovdb_server helper server is now the default when using the
ovdb overview method, that is to say the default value for the
*readserver* parameter in ovdb.conf is now set to true. It improves
stability and avoids deadlocks, timing issues and corrupted ovdb
databases.
* mailpost now removes empty header fields before attempting to post
articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly
generated header field body. Also, mailpost now sanitizes header
fields with regards to empty continuation header lines. Thanks to
Kamil Jonca for these bug reports.
* A new -z parameter has been added to mailpost to mention a list of
header fields to remove from the gated message. Thanks to Dieter
Stussy for the patch.
* Fixed a bug in inews that was rejecting articles containing header
fields whose length exceeded 998 bytes. This limitation is for the
length of a single line of a header field (and not for the length of
the whole header field, as it was wrongly the case).
* Added support for GnuPG's gpg binary (in addition to gpgv) in
pgpverify. Indeed, gpg still validates signatures made with weak
digest algorithms like MD5 whereas gpgv no longer do. Thanks to
Thomas Hochstein for the patch, which permits validating control
articles for hierarchies that are still using old PGP keys.
* Added similar support for GnuPG's gpg binary in perl-nocem to validate
NoCeM notices from issuers who are still using old PGP keys.
* A few commands listed in the "Control commands to INND" section in
daily Usenet reports were appearing as a mere letter; all of them are
now properly converted to meaningful words.
* The *tlsprotocols* parameter in inn.conf now recognizes the "TLSv1.3"
value (for OpenSSL versions implementing TLS 1.3, that is to say
starting from OpenSSL 1.1.1).
* The buffindexed overview method will now hopefully work properly on
systems with a native page size larger than 16KB.
* Other minor bug fixes and documentation improvements.
Changes in 2.6.3
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
* Fixed a regression since INN 2.6.1 that prevented articles with
internationalized header fields (that is to say encoded in UTF-8) from
being posted.
* Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
objects).
INN documentation and samples of Python hooks have been updated to
provide more examples.
* When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
Changes in 2.6.2
* A new *syntaxchecks* parameter has been added in inn.conf. It permits
controlling the level of checks performed by innd and nnrpd. Up to
now, only one check can be enabled/disabled: when *laxmid* is
mentioned in the values of this new parameter, INN accepts Message-IDs
that contain ".." in the left part, as well as Message-IDs with two
"@" (such Message-IDs would otherwise be considered as syntactically
invalid). See the inn.conf(5) man page for more details.
The check is disabled by default (*no-laxmid*), which corresponds to
the legacy behaviour of INN 2.6.1 and earlier.
* Use of the ovdb_server helper server is now the default when using the
ovdb overview method, that is to say the default value for the
*readserver* parameter in ovdb.conf is now set to true. It improves
stability and avoids deadlocks, timing issues and corrupted ovdb
databases.
* mailpost now removes empty header fields before attempting to post
articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly
generated header field body. Also, mailpost now sanitizes header
fields with regards to empty continuation header lines. Thanks to
Kamil Jonca for these bug reports.
* A new -z parameter has been added to mailpost to mention a list of
header fields to remove from the gated message. Thanks to Dieter
Stussy for the patch.
* Fixed a bug in inews that was rejecting articles containing header
fields whose length exceeded 998 bytes. This limitation is for the
length of a single line of a header field (and not for the length of
the whole header field, as it was wrongly the case).
* Added support for GnuPG's gpg binary (in addition to gpgv) in
pgpverify. Indeed, gpg still validates signatures made with weak
digest algorithms like MD5 whereas gpgv no longer do. Thanks to
Thomas Hochstein for the patch, which permits validating control
articles for hierarchies that are still using old PGP keys.
* Added similar support for GnuPG's gpg binary in perl-nocem to validate
NoCeM notices from issuers who are still using old PGP keys.
* A few commands listed in the "Control commands to INND" section in
daily Usenet reports were appearing as a mere letter; all of them are
now properly converted to meaningful words.
* The *tlsprotocols* parameter in inn.conf now recognizes the "TLSv1.3"
value (for OpenSSL versions implementing TLS 1.3, that is to say
starting from OpenSSL 1.1.1).
* The buffindexed overview method will now hopefully work properly on
systems with a native page size larger than 16KB.
* Other minor bug fixes and documentation improvements.
MAIN commitmail json YAML
qemu: don't require x11 when x11 is disabled
MAIN commitmail json YAML
pkgsrc/mail/majordomo/Makefile@1.58
/
diff
pkgsrc/mail/majordomo/distinfo@1.21 / diff
pkgsrc/mail/majordomo/patches/patch-ai@1.6 / diff
pkgsrc/mail/majordomo/distinfo@1.21 / diff
pkgsrc/mail/majordomo/patches/patch-ai@1.6 / diff
majordomo: make the List-Id header RFC2919 compliant
MAIN commitmail json YAML
pkgsrc/mail/gld/Makefile@1.34
/
diff
pkgsrc/mail/gld/files/gld.sh@1.6 / diff
pkgsrc/mail/gld/options.mk@1.8 / diff
pkgsrc/mail/gld/files/gld.sh@1.6 / diff
pkgsrc/mail/gld/options.mk@1.8 / diff
building the gld package against pgsql broke, this commit fixes it.
pkgrev bumped for the changes to files/gld.sh
pkgrev bumped for the changes to files/gld.sh
MAIN commitmail json YAML
move comment so it makes more sense
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/www/firefox-l10n/Makefile@1.185.2.1
/
diff
pkgsrc/www/firefox-l10n/PLIST@1.66.2.1 / diff
pkgsrc/www/firefox-l10n/distinfo@1.167.2.1 / diff
pkgsrc/www/firefox/Makefile@1.447.2.1 / diff
pkgsrc/www/firefox/PLIST@1.163.2.1 / diff
pkgsrc/www/firefox/distinfo@1.410.2.1 / diff
pkgsrc/www/firefox/mozilla-common.mk@1.180.2.1 / diff
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure@1.6.8.1 / diff
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk@1.4.2.1 / diff
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp@1.1.2.2 / diff
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h@1.2.4.1 / diff
pkgsrc/www/firefox/patches/patch-race_recurse.mk@1.1.2.2 / diff
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
pkgsrc/www/firefox-l10n/PLIST@1.66.2.1 / diff
pkgsrc/www/firefox-l10n/distinfo@1.167.2.1 / diff
pkgsrc/www/firefox/Makefile@1.447.2.1 / diff
pkgsrc/www/firefox/PLIST@1.163.2.1 / diff
pkgsrc/www/firefox/distinfo@1.410.2.1 / diff
pkgsrc/www/firefox/mozilla-common.mk@1.180.2.1 / diff
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure@1.6.8.1 / diff
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk@1.4.2.1 / diff
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp@1.1.2.2 / diff
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h@1.2.4.1 / diff
pkgsrc/www/firefox/patches/patch-race_recurse.mk@1.1.2.2 / diff
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
Pullup ticket #6356 - requested by maya
www/firefox: security update
www/firefox-l10n: security update
Revisions pulled up:
- www/firefox-l10n/Makefile 1.186-1.191
- www/firefox-l10n/PLIST 1.67
- www/firefox-l10n/distinfo 1.168-1.173
- www/firefox/Makefile 1.448-1.453
- www/firefox/PLIST 1.164-1.165
- www/firefox/distinfo 1.411-1.418
- www/firefox/mozilla-common.mk 1.181-1.182
- www/firefox/patches/patch-build_moz.configure_rust.configure 1.7
- www/firefox/patches/patch-config_makefiles_rust.mk 1.5
- www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp 1.1
- www/firefox/patches/patch-js_src_jsfriendapi.h 1.3
- www/firefox/patches/patch-race_recurse.mk 1.1
- www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
- www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:30:01 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
pkgsrc/www/firefox/patches: patch-config_makefiles_rust.mk
patch-js_src_jsfriendapi.h
Removed Files:
pkgsrc/www/firefox/patches:
patch-third__party_rust_getrandom_src_lib.rs
patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
Log Message:
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you don窶冲 see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
Firefox窶冱 new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* We窶况e fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files you窶况e downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
To generate a diff of this commit:
cvs rdiff -u -r1.447 -r1.448 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.163 -r1.164 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.410 -r1.411 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.4 -r1.5 \
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:31:02 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
firefox-l10n: Update to 81.0
* Add ur locale.
* Sync with www/firefox-81.0.
To generate a diff of this commit:
cvs rdiff -u -r1.185 -r1.186 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.167 -r1.168 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 29 23:20:23 UTC 2020
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
firefox: 81.0 requires nss >= 3.56
To generate a diff of this commit:
cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/firefox/mozilla-common.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:44:16 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
firefox: Update to 81.0.1
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
To generate a diff of this commit:
cvs rdiff -u -r1.448 -r1.449 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.411 -r1.412 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:45:25 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox-l10n: Update to 81.0.1
* Sync with www/firefox-81.0.1.
To generate a diff of this commit:
cvs rdiff -u -r1.186 -r1.187 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 12 23:45:35 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 81.0.2
Release notes not available yet.
To generate a diff of this commit:
cvs rdiff -u -r1.449 -r1.450 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.412 -r1.413 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 20 20:15:30 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox-l10n: Makefile distinfo
pkgsrc/www/firefox/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.450 -r1.451 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.164 -r1.165 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.413 -r1.414 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.181 -r1.182 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.170 -r1.171 pkgsrc/www/firefox-l10n/distinfo
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Fri Oct 23 12:37:14 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
Log Message:
firefox: NetBSD/aarch64 build fix
To generate a diff of this commit:
cvs rdiff -u -r1.414 -r1.415 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 26 21:20:59 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-race_recurse.mk
Log Message:
firefox: backport upstream patch to fix a build race. This appears as
libmozgtk.so missing as well as the symbols it contains.
This affects pkgsrc-stable as well.
To generate a diff of this commit:
cvs rdiff -u -r1.415 -r1.416 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox/patches/patch-race_recurse.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 27 16:59:00 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: update to 82.0.1
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
To generate a diff of this commit:
cvs rdiff -u -r1.451 -r1.452 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.416 -r1.417 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 28 15:34:41 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 82.0.2
Fixed duplication of WebSocket messages in certain cases (bug 1673340)
To generate a diff of this commit:
cvs rdiff -u -r1.452 -r1.453 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.417 -r1.418 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.190 -r1.191 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/firefox-l10n/distinfo
www/firefox: security update
www/firefox-l10n: security update
Revisions pulled up:
- www/firefox-l10n/Makefile 1.186-1.191
- www/firefox-l10n/PLIST 1.67
- www/firefox-l10n/distinfo 1.168-1.173
- www/firefox/Makefile 1.448-1.453
- www/firefox/PLIST 1.164-1.165
- www/firefox/distinfo 1.411-1.418
- www/firefox/mozilla-common.mk 1.181-1.182
- www/firefox/patches/patch-build_moz.configure_rust.configure 1.7
- www/firefox/patches/patch-config_makefiles_rust.mk 1.5
- www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp 1.1
- www/firefox/patches/patch-js_src_jsfriendapi.h 1.3
- www/firefox/patches/patch-race_recurse.mk 1.1
- www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs deleted
- www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:30:01 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo
pkgsrc/www/firefox/patches: patch-config_makefiles_rust.mk
patch-js_src_jsfriendapi.h
Removed Files:
pkgsrc/www/firefox/patches:
patch-third__party_rust_getrandom_src_lib.rs
patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
Log Message:
firefox: Update to 81.0
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you don窶冲 see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
Firefox窶冱 new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* We窶况e fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files you窶况e downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
To generate a diff of this commit:
cvs rdiff -u -r1.447 -r1.448 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.163 -r1.164 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.410 -r1.411 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.4 -r1.5 \
pkgsrc/www/firefox/patches/patch-config_makefiles_rust.mk
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/www/firefox/patches/patch-js_src_jsfriendapi.h
cvs rdiff -u -r1.1 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_getrandom_src_lib.rs
cvs rdiff -u -r1.3 -r0 \
pkgsrc/www/firefox/patches/patch-third__party_rust_libc_src_unix_bsd_netbsdlike_netbsd_mod.rs
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Sep 28 13:31:02 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile PLIST distinfo
Log Message:
firefox-l10n: Update to 81.0
* Add ur locale.
* Sync with www/firefox-81.0.
To generate a diff of this commit:
cvs rdiff -u -r1.185 -r1.186 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.66 -r1.67 pkgsrc/www/firefox-l10n/PLIST
cvs rdiff -u -r1.167 -r1.168 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Sep 29 23:20:23 UTC 2020
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
firefox: 81.0 requires nss >= 3.56
To generate a diff of this commit:
cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/firefox/mozilla-common.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:44:16 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Log Message:
firefox: Update to 81.0.1
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
To generate a diff of this commit:
cvs rdiff -u -r1.448 -r1.449 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.411 -r1.412 pkgsrc/www/firefox/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Oct 2 15:45:25 UTC 2020
Modified Files:
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox-l10n: Update to 81.0.1
* Sync with www/firefox-81.0.1.
To generate a diff of this commit:
cvs rdiff -u -r1.186 -r1.187 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 12 23:45:35 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 81.0.2
Release notes not available yet.
To generate a diff of this commit:
cvs rdiff -u -r1.449 -r1.450 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.412 -r1.413 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.169 -r1.170 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 20 20:15:30 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile PLIST distinfo mozilla-common.mk
pkgsrc/www/firefox-l10n: Makefile distinfo
pkgsrc/www/firefox/patches: patch-build_moz.configure_rust.configure
Log Message:
firefox{,-l10n}: Update to 82.0
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.450 -r1.451 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.164 -r1.165 pkgsrc/www/firefox/PLIST
cvs rdiff -u -r1.413 -r1.414 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.181 -r1.182 pkgsrc/www/firefox/mozilla-common.mk
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.170 -r1.171 pkgsrc/www/firefox-l10n/distinfo
cvs rdiff -u -r1.6 -r1.7 \
pkgsrc/www/firefox/patches/patch-build_moz.configure_rust.configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Fri Oct 23 12:37:14 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
Log Message:
firefox: NetBSD/aarch64 build fix
To generate a diff of this commit:
cvs rdiff -u -r1.414 -r1.415 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/firefox/patches/patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Mon Oct 26 21:20:59 UTC 2020
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-race_recurse.mk
Log Message:
firefox: backport upstream patch to fix a build race. This appears as
libmozgtk.so missing as well as the symbols it contains.
This affects pkgsrc-stable as well.
To generate a diff of this commit:
cvs rdiff -u -r1.415 -r1.416 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/firefox/patches/patch-race_recurse.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 27 16:59:00 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: update to 82.0.1
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
To generate a diff of this commit:
cvs rdiff -u -r1.451 -r1.452 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.416 -r1.417 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.171 -r1.172 pkgsrc/www/firefox-l10n/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 28 15:34:41 UTC 2020
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
pkgsrc/www/firefox-l10n: Makefile distinfo
Log Message:
firefox{,-l10n}: Update to 82.0.2
Fixed duplication of WebSocket messages in certain cases (bug 1673340)
To generate a diff of this commit:
cvs rdiff -u -r1.452 -r1.453 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.417 -r1.418 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r1.190 -r1.191 pkgsrc/www/firefox-l10n/Makefile
cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/firefox-l10n/distinfo
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/print/ghostscript-agpl/Makefile@1.59.2.1
/
diff
pkgsrc/print/ghostscript-agpl/distinfo@1.32.2.1 / diff
pkgsrc/print/ghostscript-agpl/patches/patch-base_fapi__ft.c@1.1.2.2 / diff
pkgsrc/print/ghostscript-agpl/distinfo@1.32.2.1 / diff
pkgsrc/print/ghostscript-agpl/patches/patch-base_fapi__ft.c@1.1.2.2 / diff
Pullup ticket #6354 - requested by maya
print/ghostscript-agpl: dependecy update triggered build fix
Revisions pulled up:
- print/ghostscript-agpl/Makefile patch
- print/ghostscript-agpl/distinfo patch
- print/ghostscript-agpl/patches/patch-base_fapi__ft.c 1.1
Make the package build with FreeType 2.10.3.
print/ghostscript-agpl: dependecy update triggered build fix
Revisions pulled up:
- print/ghostscript-agpl/Makefile patch
- print/ghostscript-agpl/distinfo patch
- print/ghostscript-agpl/patches/patch-base_fapi__ft.c 1.1
Make the package build with FreeType 2.10.3.
pkgsrc-2020Q3 commitmail json YAML
#6336-#6339
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/www/contao35/Makefile@1.47.8.1
/
diff
pkgsrc/www/contao35/distinfo@1.36.12.1 / diff
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php@1.1.2.2 / diff
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php@1.1.2.2 / diff
pkgsrc/www/contao35/distinfo@1.36.12.1 / diff
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php@1.1.2.2 / diff
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php@1.1.2.2 / diff
Pullup ticket #6339 - requested by taca
www/contao35: security patch
Revisions pulled up:
- www/contao35/Makefile 1.48
- www/contao35/distinfo 1.37
- www/contao35/patches/patch-system_modules_core_library_Contao_Input.php 1.1
- www/contao35/patches/patch-system_modules_news_dca_tl__news.php 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 06:31:02 UTC 2020
Modified Files:
pkgsrc/www/contao35: Makefile distinfo
Added Files:
pkgsrc/www/contao35/patches:
patch-system_modules_core_library_Contao_Input.php
patch-system_modules_news_dca_tl__news.php
Log Message:
www/contao35: add two fixes
* Add fix for CVE-2020-25768.
* Fix time range problem on positive timezone.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/contao35/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php \
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
www/contao35: security patch
Revisions pulled up:
- www/contao35/Makefile 1.48
- www/contao35/distinfo 1.37
- www/contao35/patches/patch-system_modules_core_library_Contao_Input.php 1.1
- www/contao35/patches/patch-system_modules_news_dca_tl__news.php 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 06:31:02 UTC 2020
Modified Files:
pkgsrc/www/contao35: Makefile distinfo
Added Files:
pkgsrc/www/contao35/patches:
patch-system_modules_core_library_Contao_Input.php
patch-system_modules_news_dca_tl__news.php
Log Message:
www/contao35: add two fixes
* Add fix for CVE-2020-25768.
* Fix time range problem on positive timezone.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/contao35/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php \
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/lang/ruby25-base/Makefile@1.16.4.1
/
diff
pkgsrc/lang/ruby25-base/distinfo@1.13.4.1 / diff
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb@1.1.2.2 / diff
pkgsrc/lang/ruby25-base/distinfo@1.13.4.1 / diff
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb@1.1.2.2 / diff
Pullup ticket #6338 - requested by taca
lang/ruby25-base: security patch
Revisions pulled up:
- lang/ruby25-base/Makefile 1.17
- lang/ruby25-base/distinfo 1.14
- lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:45:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby25-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby25-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
lang/ruby25-base: security patch
Revisions pulled up:
- lang/ruby25-base/Makefile 1.17
- lang/ruby25-base/distinfo 1.14
- lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:45:26 UTC 2020
Modified Files:
pkgsrc/lang/ruby25-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby25-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby25-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/ruby25-base/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/ruby25-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby25-base/patches/patch-lib_webrick_httprequest.rb
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/lang/ruby26-base/Makefile@1.10.4.1
/
diff
pkgsrc/lang/ruby26-base/distinfo@1.8.4.1 / diff
pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb@1.1.2.2 / diff
pkgsrc/lang/ruby26-base/distinfo@1.8.4.1 / diff
pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb@1.1.2.2 / diff
Pullup ticket #6337 - requested by taca
lang/ruby26-base: security patch
Revisions pulled up:
- lang/ruby26-base/Makefile 1.11
- lang/ruby26-base/distinfo 1.9
- lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:41:12 UTC 2020
Modified Files:
pkgsrc/lang/ruby26-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby26-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby26-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby26-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb
lang/ruby26-base: security patch
Revisions pulled up:
- lang/ruby26-base/Makefile 1.11
- lang/ruby26-base/distinfo 1.9
- lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:41:12 UTC 2020
Modified Files:
pkgsrc/lang/ruby26-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby26-base/patches: patch-lib_webrick_httprequest.rb
Log Message:
lang/ruby26-base: Add fix for CVE-2020-25613
Add fix for CVE-2020-25613.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/ruby26-base/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/ruby26-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/ruby26-base/patches/patch-lib_webrick_httprequest.rb
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/lang/ruby/rubyversion.mk@1.222.4.1
/
diff
pkgsrc/lang/ruby27-base/Makefile@1.4.4.1 / diff
pkgsrc/lang/ruby27-base/PLIST@1.2.4.1 / diff
pkgsrc/lang/ruby27-base/distinfo@1.2.4.1 / diff
pkgsrc/lang/ruby27-base/Makefile@1.4.4.1 / diff
pkgsrc/lang/ruby27-base/PLIST@1.2.4.1 / diff
pkgsrc/lang/ruby27-base/distinfo@1.2.4.1 / diff
Pullup ticket #6336 - requested by taca
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.223
- lang/ruby27-base/Makefile 1.5
- lang/ruby27-base/PLIST 1.3
- lang/ruby27-base/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:29:25 UTC 2020
Modified Files:
pkgsrc/lang/ruby27-base: Makefile PLIST distinfo
Log Message:
lang/ruby27: update to 2.7.2
Update ruby27 to 2.7.2.
Ruby 2.7.2 Released
Posted by nagachika on 2 Oct 2020
Ruby 2.7.2 has been released.
This release contains intentional incompatibility. The deprecated warnings
are off by default on 2.7.2 and later. You can turn on the deprecated
warnings by specifing command line option -w or -W:deprecated. Please check
the topics below for details.
* Feature #17000 2.7.2 turns off deprecation warnings by default
* Feature #16345 Don't emit deprecation warnings by default.
This release contains the new version of webrick with a security fix
described in the article.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/ruby27-base/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby27-base/PLIST \
pkgsrc/lang/ruby27-base/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 04:28:35 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: update version for Ruby 2.7.2
Update versions for Ruby 2.7.2, it should be commited along with update
to Ruby 2.7.2. Noted by Ryo ONODERA.
To generate a diff of this commit:
cvs rdiff -u -r1.222 -r1.223 pkgsrc/lang/ruby/rubyversion.mk
lang/ruby27-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.223
- lang/ruby27-base/Makefile 1.5
- lang/ruby27-base/PLIST 1.3
- lang/ruby27-base/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:29:25 UTC 2020
Modified Files:
pkgsrc/lang/ruby27-base: Makefile PLIST distinfo
Log Message:
lang/ruby27: update to 2.7.2
Update ruby27 to 2.7.2.
Ruby 2.7.2 Released
Posted by nagachika on 2 Oct 2020
Ruby 2.7.2 has been released.
This release contains intentional incompatibility. The deprecated warnings
are off by default on 2.7.2 and later. You can turn on the deprecated
warnings by specifing command line option -w or -W:deprecated. Please check
the topics below for details.
* Feature #17000 2.7.2 turns off deprecation warnings by default
* Feature #16345 Don't emit deprecation warnings by default.
This release contains the new version of webrick with a security fix
described in the article.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/ruby27-base/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby27-base/PLIST \
pkgsrc/lang/ruby27-base/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 04:28:35 UTC 2020
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
lang/ruby: update version for Ruby 2.7.2
Update versions for Ruby 2.7.2, it should be commited along with update
to Ruby 2.7.2. Noted by Ryo ONODERA.
To generate a diff of this commit:
cvs rdiff -u -r1.222 -r1.223 pkgsrc/lang/ruby/rubyversion.mk
pkgsrc-2020Q3 commitmail json YAML
Pullup ticket #6335 - requested by taca
lang/php72: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.311
- lang/php72/distinfo 1.58
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:14:53 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.34
Update php72 package to 7.2.34.
01 Oct 2020, PHP 7.2.34
- Core:
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
To generate a diff of this commit:
cvs rdiff -u -r1.310 -r1.311 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.57 -r1.58 pkgsrc/lang/php72/distinfo
lang/php72: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.311
- lang/php72/distinfo 1.58
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:14:53 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.34
Update php72 package to 7.2.34.
01 Oct 2020, PHP 7.2.34
- Core:
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
To generate a diff of this commit:
cvs rdiff -u -r1.310 -r1.311 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.57 -r1.58 pkgsrc/lang/php72/distinfo
pkgsrc-2020Q3 commitmail json YAML
Pullup ticket #6334 - requested by taca
lang/php74: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.310
- lang/php74/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:12:46 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.11
Update php74 to 7.4.11.
01 Oct 2020, PHP 7.4.11
- Core:
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
. Fixed bug #79979 (passing value to by-ref param via CUFA crashes). (cmb,
Nikita)
. Fixed bug #80037 (Typed property must not be accessed before initialization
when __get() declared). (Nikita)
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
. Fixed bug #80049 (Memleak when coercing integers to string via variadic
argument). (Nikita)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
(Andy Postnikov)
- COM:
. Fixed bug #64130 (COM obj parameters passed by reference are not updated).
(cmb)
- OPcache:
. Fixed bug #80002 (calc free space for new interned string is wrong).
(t-matsuno)
. Fixed bug #80046 (FREE for SWITCH_STRING optimized away). (Nikita)
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
handlers changed). (SammyK)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
- PDO:
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with
many bind parameters (Matteo)
- Standard:
. Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
. Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
. Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
(cmb)
. Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.309 -r1.310 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/php74/distinfo
lang/php74: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.310
- lang/php74/distinfo 1.13
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:12:46 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php74: distinfo
Log Message:
lang/php74: update to 7.4.11
Update php74 to 7.4.11.
01 Oct 2020, PHP 7.4.11
- Core:
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
. Fixed bug #79979 (passing value to by-ref param via CUFA crashes). (cmb,
Nikita)
. Fixed bug #80037 (Typed property must not be accessed before initialization
when __get() declared). (Nikita)
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
. Fixed bug #80049 (Memleak when coercing integers to string via variadic
argument). (Nikita)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
(Andy Postnikov)
- COM:
. Fixed bug #64130 (COM obj parameters passed by reference are not updated).
(cmb)
- OPcache:
. Fixed bug #80002 (calc free space for new interned string is wrong).
(t-matsuno)
. Fixed bug #80046 (FREE for SWITCH_STRING optimized away). (Nikita)
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
handlers changed). (SammyK)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
- PDO:
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with
many bind parameters (Matteo)
- Standard:
. Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
. Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
. Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
(cmb)
. Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.309 -r1.310 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/php74/distinfo
pkgsrc-2020Q3 commitmail json YAML
Pullup ticket #6333 - requested by taca
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.309
- lang/php73/distinfo 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:06:28 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.23
Update php73 package to 7.3.23.
01 Oct 2020, PHP 7.3.23
- Core:
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
. Fixed bug #80049 (Memleak when coercing integers to string via variadic
argument). (Nikita)
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
(Andy Postnikov)
- COM:
. Fixed bug #64130 (COM obj parameters passed by reference are not updated).
(cmb)
- OPcache:
. Fixed bug #80002 (calc free space for new interned string is wrong).
(t-matsuno)
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
handlers changed). (SammyK)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
- PDO:
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with
many bind parameters (Matteo)
- Standard:
. Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
. Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
. Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
(cmb)
. Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.308 -r1.309 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.26 -r1.27 pkgsrc/lang/php73/distinfo
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.309
- lang/php73/distinfo 1.27
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 03:06:28 UTC 2020
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.23
Update php73 package to 7.3.23.
01 Oct 2020, PHP 7.3.23
- Core:
. Fixed bug #80048 (Bug #69100 has not been fixed for Windows). (cmb)
. Fixed bug #80049 (Memleak when coercing integers to string via variadic
argument). (Nikita)
. Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-`
cookies can be sent). (CVE-2020-7070) (Stas)
- Calendar:
. Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
(Andy Postnikov)
- COM:
. Fixed bug #64130 (COM obj parameters passed by reference are not updated).
(cmb)
- OPcache:
. Fixed bug #80002 (calc free space for new interned string is wrong).
(t-matsuno)
. Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode
handlers changed). (SammyK)
- OpenSSL:
. Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12
bytes IV). (CVE-2020-7069) (Jakub Zelenka)
- PDO:
. Fixed bug #80027 (Terrible performance using $query->fetch on queries with
many bind parameters (Matteo)
- Standard:
. Fixed bug #79986 (str_ireplace bug with diacritics characters). (cmb)
. Fixed bug #80077 (getmxrr test bug). (Rainer Jung)
. Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
(cmb)
. Fixed bug #80067 (Omitting the port in bindto setting errors). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.308 -r1.309 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.26 -r1.27 pkgsrc/lang/php73/distinfo
pkgsrc-2020Q3 commitmail json YAML
#6346 + #6347
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/pkgtools/x11-links/Makefile@1.202.8.1
/
diff
pkgsrc/pkgtools/x11-links/buildlink3.mk@1.93.8.1 / diff
pkgsrc/pkgtools/x11-links/files/xorg.freetype2@1.27.10.1 / diff
pkgsrc/pkgtools/x11-links/buildlink3.mk@1.93.8.1 / diff
pkgsrc/pkgtools/x11-links/files/xorg.freetype2@1.27.10.1 / diff
Pullup ticket #6347 - requested by maya
pkgtools/x11-links: dependency-driven update
Revisions pulled up:
- pkgtools/x11-links/Makefile 1.203
- pkgtools/x11-links/buildlink3.mk 1.94
- pkgtools/x11-links/files/xorg.freetype2 1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 21 15:18:30 UTC 2020
Modified Files:
pkgsrc/pkgtools/x11-links: Makefile buildlink3.mk
pkgsrc/pkgtools/x11-links/files: xorg.freetype2
Log Message:
x11-links 1.32: updates for freetype 2.10.4
To generate a diff of this commit:
cvs rdiff -u -r1.202 -r1.203 pkgsrc/pkgtools/x11-links/Makefile
cvs rdiff -u -r1.93 -r1.94 pkgsrc/pkgtools/x11-links/buildlink3.mk
cvs rdiff -u -r1.27 -r1.28 pkgsrc/pkgtools/x11-links/files/xorg.freetype2
pkgtools/x11-links: dependency-driven update
Revisions pulled up:
- pkgtools/x11-links/Makefile 1.203
- pkgtools/x11-links/buildlink3.mk 1.94
- pkgtools/x11-links/files/xorg.freetype2 1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed Oct 21 15:18:30 UTC 2020
Modified Files:
pkgsrc/pkgtools/x11-links: Makefile buildlink3.mk
pkgsrc/pkgtools/x11-links/files: xorg.freetype2
Log Message:
x11-links 1.32: updates for freetype 2.10.4
To generate a diff of this commit:
cvs rdiff -u -r1.202 -r1.203 pkgsrc/pkgtools/x11-links/Makefile
cvs rdiff -u -r1.93 -r1.94 pkgsrc/pkgtools/x11-links/buildlink3.mk
cvs rdiff -u -r1.27 -r1.28 pkgsrc/pkgtools/x11-links/files/xorg.freetype2
pkgsrc-2020Q3 commitmail json YAML
pkgsrc/graphics/freetype2/Makefile@1.120.4.1
/
diff
pkgsrc/graphics/freetype2/PLIST@1.28.12.1 / diff
pkgsrc/graphics/freetype2/distinfo@1.68.4.1 / diff
pkgsrc/graphics/freetype2/PLIST@1.28.12.1 / diff
pkgsrc/graphics/freetype2/distinfo@1.68.4.1 / diff
Pullup ticket #6346 - requested by maya
graphics/freetype2: security update
Revisions pulled up:
- graphics/freetype2/Makefile 1.121
- graphics/freetype2/PLIST 1.29
- graphics/freetype2/distinfo 1.69
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Oct 21 08:26:08 UTC 2020
Modified Files:
pkgsrc/graphics/freetype2: Makefile PLIST distinfo
Log Message:
freetype2: updated to 2.10.4
FreeType 2.10.4
This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling (see here for more).
All users should update immediately.
FreeType 2.10.3
This is a maintenance release, having better support for TrueType glyphs with overlapping contours. See the list of changes for more details.
A warning for distribution maintainers: Version 2.10.3 and later may break the build of ghostscript, due to ghostscript's use of a withdrawn macro that wasn't intended for external usage.
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/graphics/freetype2/PLIST
cvs rdiff -u -r1.68 -r1.69 pkgsrc/graphics/freetype2/distinfo
graphics/freetype2: security update
Revisions pulled up:
- graphics/freetype2/Makefile 1.121
- graphics/freetype2/PLIST 1.29
- graphics/freetype2/distinfo 1.69
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Oct 21 08:26:08 UTC 2020
Modified Files:
pkgsrc/graphics/freetype2: Makefile PLIST distinfo
Log Message:
freetype2: updated to 2.10.4
FreeType 2.10.4
This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling (see here for more).
All users should update immediately.
FreeType 2.10.3
This is a maintenance release, having better support for TrueType glyphs with overlapping contours. See the list of changes for more details.
A warning for distribution maintainers: Version 2.10.3 and later may break the build of ghostscript, due to ghostscript's use of a withdrawn macro that wasn't intended for external usage.
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/graphics/freetype2/PLIST
cvs rdiff -u -r1.68 -r1.69 pkgsrc/graphics/freetype2/distinfo
pkgsrc-2020Q2 commitmail json YAML
pkgsrc/net/transmission-gtk/Makefile@1.45.2.1
/
diff
pkgsrc/net/transmission-gtk/PLIST@1.1.58.1 / diff
pkgsrc/net/transmission-qt/Makefile@1.52.2.1 / diff
pkgsrc/net/transmission/Makefile@1.26.2.1 / diff
pkgsrc/net/transmission/Makefile.common@1.9.8.1 / diff
pkgsrc/net/transmission/PLIST@1.3.32.1 / diff
pkgsrc/net/transmission/distinfo@1.15.8.1 / diff
pkgsrc/net/transmission/patches/patch-qt_qtr.pro@1.6.8.1 / diff
pkgsrc/net/transmission-gtk/PLIST@1.1.58.1 / diff
pkgsrc/net/transmission-qt/Makefile@1.52.2.1 / diff
pkgsrc/net/transmission/Makefile@1.26.2.1 / diff
pkgsrc/net/transmission/Makefile.common@1.9.8.1 / diff
pkgsrc/net/transmission/PLIST@1.3.32.1 / diff
pkgsrc/net/transmission/distinfo@1.15.8.1 / diff
pkgsrc/net/transmission/patches/patch-qt_qtr.pro@1.6.8.1 / diff
Pullup ticket #6272 - requested by wiz
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update
Revisions pulled up:
- net/transmission-gtk/Makefile 1.46
- net/transmission-gtk/PLIST 1.2
- net/transmission-qt/Makefile 1.54
- net/transmission/Makefile 1.27
- net/transmission/Makefile.common 1.10
- net/transmission/PLIST 1.4
- net/transmission/distinfo 1.16
- net/transmission/patches/patch-qt_qtr.pro 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 13 13:01:02 UTC 2020
Modified Files:
pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
pkgsrc/net/transmission-gtk: Makefile PLIST
pkgsrc/net/transmission-qt: Makefile
pkgsrc/net/transmission/patches: patch-qt_qtr.pro
Log Message:
transmission*: update to 3.00
### All Platforms
- Allow the RPC server to listen on an IPv6 address ([#161](https://github.com/transmission/transmission/pull/161))
- Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](https://github.com/transmission/transmission/pull/334))
- Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](https://github.com/transmission/transmission/pull/122))
- Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
- Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](https://github.com/transmission/transmission/pull/371))
- Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](https://github.com/transmission/transmission/pull/212))
- Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](https://github.com/transmission/transmission/pull/256), [#285](https://github.com/transmission/transmission/pull/285), [#355](https://github.com/transmission/transmission/pull/355), [#363](https://github.com/transmission/transmission/pull/363), [#386](https://github.com/transmission/transmission/pull/386))
- Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](https://github.com/transmission/transmission/pull/250))
- Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](https://github.com/transmission/transmission/pull/184))
- Improve ToS handling on IPv6 connections ([#128](https://github.com/transmission/transmission/pull/128), [#341](https://github.com/transmission/transmission/pull/341), [#360](https://github.com/transmission/transmission/pull/360), [#692](https://github.com/transmission/transmission/pull/692), [#737](https://github.com/transmission/transmission/pull/737))
- Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](https://github.com/transmission/transmission/pull/27))
- Don't switch trackers while announcing (leads to crash) ([#297](https://github.com/transmission/transmission/pull/297))
- Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](https://github.com/transmission/transmission/pull/405))
- Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](https://github.com/transmission/transmission/pull/861))
- Change torrent location even if no data move is needed ([#35](https://github.com/transmission/transmission/pull/35))
- Support CIDR-notated blocklists ([#230](https://github.com/transmission/transmission/pull/230), [#741](https://github.com/transmission/transmission/pull/741))
- Update the resume file before running scripts ([#825](https://github.com/transmission/transmission/pull/825))
- Make multiscrape limits adaptive ([#837](https://github.com/transmission/transmission/pull/837))
- Add labels support to libtransmission and transmission-remote ([#822](https://github.com/transmission/transmission/pull/822))
- Parse `session-id` header case-insensitively ([#765](https://github.com/transmission/transmission/pull/765))
- Sanitize suspicious path components instead of rejecting them ([#62](https://github.com/transmission/transmission/pull/62), [#294](https://github.com/transmission/transmission/pull/294))
- Load CA certs from system store on Windows / OpenSSL ([#446](https://github.com/transmission/transmission/pull/446))
- Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](https://github.com/transmission/transmission/pull/115), [#116](https://github.com/transmission/transmission/pull/116), [#284](https://github.com/transmission/transmission/pull/284), [#486](https://github.com/transmission/transmission/pull/486), [#524](https://github.com/transmission/transmission/pull/524), [#570](https://github.com/transmission/transmission/pull/570))
- Fix building against OpenSSL 1.1.0+ ([#24](https://github.com/transmission/transmission/pull/24))
- Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](https://github.com/transmission/transmission/pull/42), [#58](https://github.com/transmission/transmission/pull/58), [#312](https://github.com/transmission/transmission/pull/312))
- Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](https://github.com/transmission/transmission/pull/56))
- Bump miniupnpc version to 2.0.20170509 ([#347](https://github.com/transmission/transmission/pull/347))
- CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](https://github.com/transmission/transmission/pull/72), [#96](https://github.com/transmission/transmission/pull/96), [#117](https://github.com/transmission/transmission/pull/117), [#118](https://github.com/transmission/transmission/pull/118), [#133](https://github.com/transmission/transmission/pull/133), [#191](https://github.com/transmission/transmission/pull/191))
- Switch to submodules to manage (most of) third-party dependencies
- Fail installation on Windows if UCRT is not installed
### Mac Client
- Bump minimum macOS version to 10.10
- Dark Mode support ([#644](https://github.com/transmission/transmission/pull/644), [#722](https://github.com/transmission/transmission/pull/722), [#757](https://github.com/transmission/transmission/pull/757), [#779](https://github.com/transmission/transmission/pull/779), [#788](https://github.com/transmission/transmission/pull/788))
- Remove Growl support, notification center is always used ([#387](https://github.com/transmission/transmission/pull/387))
- Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](https://github.com/transmission/transmission/pull/121), [#600](https://github.com/transmission/transmission/pull/600))
- Transition to ARC ([#336](https://github.com/transmission/transmission/pull/336))
- Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](https://github.com/transmission/transmission/pull/11))
- Fix uncaught exception when dragging multiple items between groups ([#51](https://github.com/transmission/transmission/pull/51))
- Add flat variants of status icons for message log ([#134](https://github.com/transmission/transmission/pull/134))
- Optimize image resources size ([#304](https://github.com/transmission/transmission/pull/304), [#429](https://github.com/transmission/transmission/pull/429))
- Update file icon when file name changes ([#37](https://github.com/transmission/transmission/pull/37))
- Update translations
### GTK+ Client
- Add queue up/down hotkeys ([#158](https://github.com/transmission/transmission/pull/158))
- Modernize the .desktop file ([#162](https://github.com/transmission/transmission/pull/162))
- Add AppData file ([#224](https://github.com/transmission/transmission/pull/224))
- Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](https://github.com/transmission/transmission/pull/414), [#449](https://github.com/transmission/transmission/pull/449))
- Update file icon when its name changes ([#37](https://github.com/transmission/transmission/pull/37))
- Switch from intltool to gettext for translations ([#584](https://github.com/transmission/transmission/pull/584), [#647](https://github.com/transmission/transmission/pull/647))
- Update translations, add new translations for Portuguese (Portugal)
### Qt Client
- Bump minimum Qt version to 5.2
- Fix dropping .torrent files into main window on Windows ([#269](https://github.com/transmission/transmission/pull/269))
- Fix prepending of drive letter to various user-selected paths on Windows ([#236](https://github.com/transmission/transmission/pull/236), [#307](https://github.com/transmission/transmission/pull/307), [#404](https://github.com/transmission/transmission/pull/404), [#437](https://github.com/transmission/transmission/pull/437), [#699](https://github.com/transmission/transmission/pull/699), [#723](https://github.com/transmission/transmission/pull/723), [#877](https://github.com/transmission/transmission/pull/877))
- Fix sorting by progress in presence of magnet transfers ([#234](https://github.com/transmission/transmission/pull/234))
- Fix .torrent file trashing upon addition ([#262](https://github.com/transmission/transmission/pull/262))
- Add queue up/down hotkeys ([#158](https://github.com/transmission/transmission/pull/158))
- Reduce torrent properties (file tree) memory usage
- Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](https://github.com/transmission/transmission/pull/411))
- Improve UI look on hi-dpi displays (YMMV)
- Use session ID (if available) to check if session is local or not ([#861](https://github.com/transmission/transmission/pull/861))
- Use default (instead of system) locale to be more flexible ([#130](https://github.com/transmission/transmission/pull/130))
- Modernize the .desktop file ([#162](https://github.com/transmission/transmission/pull/162))
- Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokm虱, Slovenian
### Daemon
- Use libsystemd instead of libsystemd-daemon (TRAC-5921)
- Harden transmission-daemon.service by disallowing privileges elevation ([#795](https://github.com/transmission/transmission/pull/795))
- Fix exit code to be zero when dumping settings ([#487](https://github.com/transmission/transmission/pull/487))
### Web Client
- Fix tracker error XSS in inspector (CVE-?)
- Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
- Fix recognition of `https://` links in comments field ([#41](https://github.com/transmission/transmission/pull/41), [#180](https://github.com/transmission/transmission/pull/180))
- Fix torrent list style in Google Chrome 59+ ([#384](https://github.com/transmission/transmission/pull/384))
- Show ETA in compact view on non-mobile devices ([#146](https://github.com/transmission/transmission/pull/146))
- Show upload file button on mobile devices ([#320](https://github.com/transmission/transmission/pull/320), [#431](https://github.com/transmission/transmission/pull/431), [#956](https://github.com/transmission/transmission/pull/956))
- Add keyboard hotkeys for web interface ([#351](https://github.com/transmission/transmission/pull/351))
- Disable autocompletion in torrent URL field ([#367](https://github.com/transmission/transmission/pull/367))
### Utils
- Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](https://github.com/transmission/transmission/pull/609))
- Handle IPv6 RPC addresses in transmission-remote ([#247](https://github.com/transmission/transmission/pull/247))
- Add `--unsorted` option to transmission-show ([#767](https://github.com/transmission/transmission/pull/767))
- Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](https://github.com/transmission/transmission/pull/840))
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 25 20:20:05 UTC 2020
Modified Files:
pkgsrc/net/transmission-qt: Makefile
Log Message:
transmission-qt: needs gcc 7.x (for <optional>)
Reported and tested by spz.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update
Revisions pulled up:
- net/transmission-gtk/Makefile 1.46
- net/transmission-gtk/PLIST 1.2
- net/transmission-qt/Makefile 1.54
- net/transmission/Makefile 1.27
- net/transmission/Makefile.common 1.10
- net/transmission/PLIST 1.4
- net/transmission/distinfo 1.16
- net/transmission/patches/patch-qt_qtr.pro 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 13 13:01:02 UTC 2020
Modified Files:
pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
pkgsrc/net/transmission-gtk: Makefile PLIST
pkgsrc/net/transmission-qt: Makefile
pkgsrc/net/transmission/patches: patch-qt_qtr.pro
Log Message:
transmission*: update to 3.00
### All Platforms
- Allow the RPC server to listen on an IPv6 address ([#161](https://github.com/transmission/transmission/pull/161))
- Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](https://github.com/transmission/transmission/pull/334))
- Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](https://github.com/transmission/transmission/pull/122))
- Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
- Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](https://github.com/transmission/transmission/pull/371))
- Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](https://github.com/transmission/transmission/pull/212))
- Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](https://github.com/transmission/transmission/pull/256), [#285](https://github.com/transmission/transmission/pull/285), [#355](https://github.com/transmission/transmission/pull/355), [#363](https://github.com/transmission/transmission/pull/363), [#386](https://github.com/transmission/transmission/pull/386))
- Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](https://github.com/transmission/transmission/pull/250))
- Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](https://github.com/transmission/transmission/pull/184))
- Improve ToS handling on IPv6 connections ([#128](https://github.com/transmission/transmission/pull/128), [#341](https://github.com/transmission/transmission/pull/341), [#360](https://github.com/transmission/transmission/pull/360), [#692](https://github.com/transmission/transmission/pull/692), [#737](https://github.com/transmission/transmission/pull/737))
- Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](https://github.com/transmission/transmission/pull/27))
- Don't switch trackers while announcing (leads to crash) ([#297](https://github.com/transmission/transmission/pull/297))
- Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](https://github.com/transmission/transmission/pull/405))
- Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](https://github.com/transmission/transmission/pull/861))
- Change torrent location even if no data move is needed ([#35](https://github.com/transmission/transmission/pull/35))
- Support CIDR-notated blocklists ([#230](https://github.com/transmission/transmission/pull/230), [#741](https://github.com/transmission/transmission/pull/741))
- Update the resume file before running scripts ([#825](https://github.com/transmission/transmission/pull/825))
- Make multiscrape limits adaptive ([#837](https://github.com/transmission/transmission/pull/837))
- Add labels support to libtransmission and transmission-remote ([#822](https://github.com/transmission/transmission/pull/822))
- Parse `session-id` header case-insensitively ([#765](https://github.com/transmission/transmission/pull/765))
- Sanitize suspicious path components instead of rejecting them ([#62](https://github.com/transmission/transmission/pull/62), [#294](https://github.com/transmission/transmission/pull/294))
- Load CA certs from system store on Windows / OpenSSL ([#446](https://github.com/transmission/transmission/pull/446))
- Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](https://github.com/transmission/transmission/pull/115), [#116](https://github.com/transmission/transmission/pull/116), [#284](https://github.com/transmission/transmission/pull/284), [#486](https://github.com/transmission/transmission/pull/486), [#524](https://github.com/transmission/transmission/pull/524), [#570](https://github.com/transmission/transmission/pull/570))
- Fix building against OpenSSL 1.1.0+ ([#24](https://github.com/transmission/transmission/pull/24))
- Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](https://github.com/transmission/transmission/pull/42), [#58](https://github.com/transmission/transmission/pull/58), [#312](https://github.com/transmission/transmission/pull/312))
- Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](https://github.com/transmission/transmission/pull/56))
- Bump miniupnpc version to 2.0.20170509 ([#347](https://github.com/transmission/transmission/pull/347))
- CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](https://github.com/transmission/transmission/pull/72), [#96](https://github.com/transmission/transmission/pull/96), [#117](https://github.com/transmission/transmission/pull/117), [#118](https://github.com/transmission/transmission/pull/118), [#133](https://github.com/transmission/transmission/pull/133), [#191](https://github.com/transmission/transmission/pull/191))
- Switch to submodules to manage (most of) third-party dependencies
- Fail installation on Windows if UCRT is not installed
### Mac Client
- Bump minimum macOS version to 10.10
- Dark Mode support ([#644](https://github.com/transmission/transmission/pull/644), [#722](https://github.com/transmission/transmission/pull/722), [#757](https://github.com/transmission/transmission/pull/757), [#779](https://github.com/transmission/transmission/pull/779), [#788](https://github.com/transmission/transmission/pull/788))
- Remove Growl support, notification center is always used ([#387](https://github.com/transmission/transmission/pull/387))
- Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](https://github.com/transmission/transmission/pull/121), [#600](https://github.com/transmission/transmission/pull/600))
- Transition to ARC ([#336](https://github.com/transmission/transmission/pull/336))
- Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](https://github.com/transmission/transmission/pull/11))
- Fix uncaught exception when dragging multiple items between groups ([#51](https://github.com/transmission/transmission/pull/51))
- Add flat variants of status icons for message log ([#134](https://github.com/transmission/transmission/pull/134))
- Optimize image resources size ([#304](https://github.com/transmission/transmission/pull/304), [#429](https://github.com/transmission/transmission/pull/429))
- Update file icon when file name changes ([#37](https://github.com/transmission/transmission/pull/37))
- Update translations
### GTK+ Client
- Add queue up/down hotkeys ([#158](https://github.com/transmission/transmission/pull/158))
- Modernize the .desktop file ([#162](https://github.com/transmission/transmission/pull/162))
- Add AppData file ([#224](https://github.com/transmission/transmission/pull/224))
- Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](https://github.com/transmission/transmission/pull/414), [#449](https://github.com/transmission/transmission/pull/449))
- Update file icon when its name changes ([#37](https://github.com/transmission/transmission/pull/37))
- Switch from intltool to gettext for translations ([#584](https://github.com/transmission/transmission/pull/584), [#647](https://github.com/transmission/transmission/pull/647))
- Update translations, add new translations for Portuguese (Portugal)
### Qt Client
- Bump minimum Qt version to 5.2
- Fix dropping .torrent files into main window on Windows ([#269](https://github.com/transmission/transmission/pull/269))
- Fix prepending of drive letter to various user-selected paths on Windows ([#236](https://github.com/transmission/transmission/pull/236), [#307](https://github.com/transmission/transmission/pull/307), [#404](https://github.com/transmission/transmission/pull/404), [#437](https://github.com/transmission/transmission/pull/437), [#699](https://github.com/transmission/transmission/pull/699), [#723](https://github.com/transmission/transmission/pull/723), [#877](https://github.com/transmission/transmission/pull/877))
- Fix sorting by progress in presence of magnet transfers ([#234](https://github.com/transmission/transmission/pull/234))
- Fix .torrent file trashing upon addition ([#262](https://github.com/transmission/transmission/pull/262))
- Add queue up/down hotkeys ([#158](https://github.com/transmission/transmission/pull/158))
- Reduce torrent properties (file tree) memory usage
- Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](https://github.com/transmission/transmission/pull/411))
- Improve UI look on hi-dpi displays (YMMV)
- Use session ID (if available) to check if session is local or not ([#861](https://github.com/transmission/transmission/pull/861))
- Use default (instead of system) locale to be more flexible ([#130](https://github.com/transmission/transmission/pull/130))
- Modernize the .desktop file ([#162](https://github.com/transmission/transmission/pull/162))
- Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokm虱, Slovenian
### Daemon
- Use libsystemd instead of libsystemd-daemon (TRAC-5921)
- Harden transmission-daemon.service by disallowing privileges elevation ([#795](https://github.com/transmission/transmission/pull/795))
- Fix exit code to be zero when dumping settings ([#487](https://github.com/transmission/transmission/pull/487))
### Web Client
- Fix tracker error XSS in inspector (CVE-?)
- Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
- Fix recognition of `https://` links in comments field ([#41](https://github.com/transmission/transmission/pull/41), [#180](https://github.com/transmission/transmission/pull/180))
- Fix torrent list style in Google Chrome 59+ ([#384](https://github.com/transmission/transmission/pull/384))
- Show ETA in compact view on non-mobile devices ([#146](https://github.com/transmission/transmission/pull/146))
- Show upload file button on mobile devices ([#320](https://github.com/transmission/transmission/pull/320), [#431](https://github.com/transmission/transmission/pull/431), [#956](https://github.com/transmission/transmission/pull/956))
- Add keyboard hotkeys for web interface ([#351](https://github.com/transmission/transmission/pull/351))
- Disable autocompletion in torrent URL field ([#367](https://github.com/transmission/transmission/pull/367))
### Utils
- Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](https://github.com/transmission/transmission/pull/609))
- Handle IPv6 RPC addresses in transmission-remote ([#247](https://github.com/transmission/transmission/pull/247))
- Add `--unsorted` option to transmission-show ([#767](https://github.com/transmission/transmission/pull/767))
- Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](https://github.com/transmission/transmission/pull/840))
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 25 20:20:05 UTC 2020
Modified Files:
pkgsrc/net/transmission-qt: Makefile
Log Message:
transmission-qt: needs gcc 7.x (for <optional>)
Reported and tested by spz.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
pkgsrc-2020Q2 commitmail json YAML
pullups 6278 6279
pkgsrc-2020Q2 commitmail json YAML
pkgsrc/lang/go/version.mk@1.92.2.2
/
diff
pkgsrc/lang/go114/PLIST@1.4.2.1 / diff
pkgsrc/lang/go114/distinfo@1.7.2.1 / diff
pkgsrc/lang/go114/PLIST@1.4.2.1 / diff
pkgsrc/lang/go114/distinfo@1.7.2.1 / diff
Pullup ticket #6279 - requested by bsiegert
lang/go114: security update
Revisions pulled up:
- lang/go/version.mk 1.94
- lang/go114/PLIST 1.5
- lang/go114/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 17 17:20:06 UTC 2020
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go114: PLIST distinfo
Log Message:
Update go114 to 1.14.6.
go1.14.5 (released 2020/07/14) includes security fixes to the crypto/x509
and
net/http packages. See the Go 1.14.5 milestone on our issue tracker for
details.
go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler,
the linker, vet, and the database/sql, encoding/json, net/http, reflect, and
testing packages. See the Go 1.14.6 milestone on our issue tracker for
details.
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go114/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go114/distinfo
lang/go114: security update
Revisions pulled up:
- lang/go/version.mk 1.94
- lang/go114/PLIST 1.5
- lang/go114/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 17 17:20:06 UTC 2020
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go114: PLIST distinfo
Log Message:
Update go114 to 1.14.6.
go1.14.5 (released 2020/07/14) includes security fixes to the crypto/x509
and
net/http packages. See the Go 1.14.5 milestone on our issue tracker for
details.
go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler,
the linker, vet, and the database/sql, encoding/json, net/http, reflect, and
testing packages. See the Go 1.14.6 milestone on our issue tracker for
details.
To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go114/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go114/distinfo
pkgsrc-2020Q2 commitmail json YAML
pkgsrc/lang/go/version.mk@1.92.2.1
/
diff
pkgsrc/lang/go113/PLIST@1.3.2.1 / diff
pkgsrc/lang/go113/distinfo@1.7.2.1 / diff
pkgsrc/lang/go113/PLIST@1.3.2.1 / diff
pkgsrc/lang/go113/distinfo@1.7.2.1 / diff
Pullup ticket #6278 - requested by bsiegert
lang/go113: security update
Revisions pulled up:
- lang/go/version.mk 1.93
- lang/go113/PLIST 1.4
- lang/go113/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 17 17:10:20 UTC 2020
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go113: PLIST distinfo
Log Message:
Update go113 to 1.13.14.
go1.13.12 (released 2020/06/01) includes fixes to the runtime, and the
go/types
and math/big packages. See the Go 1.13.12 milestone on our issue tracker for
details.
go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509
and
net/http packages. See the Go 1.13.13 milestone on our issue tracker for
details.
go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the
database/sql, net/http, and reflect packages. See the Go 1.13.14 milestone
on our issue tracker for details.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go113/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go113/distinfo
lang/go113: security update
Revisions pulled up:
- lang/go/version.mk 1.93
- lang/go113/PLIST 1.4
- lang/go113/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 17 17:10:20 UTC 2020
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go113: PLIST distinfo
Log Message:
Update go113 to 1.13.14.
go1.13.12 (released 2020/06/01) includes fixes to the runtime, and the
go/types
and math/big packages. See the Go 1.13.12 milestone on our issue tracker for
details.
go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509
and
net/http packages. See the Go 1.13.13 milestone on our issue tracker for
details.
go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the
database/sql, net/http, and reflect packages. See the Go 1.13.14 milestone
on our issue tracker for details.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go113/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go113/distinfo
MAIN commitmail json YAML
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/DESCR@1.1
/
diff
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/Makefile@1.1 / diff
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/PLIST@1.1 / diff
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/distinfo@1.1 / diff
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/Makefile@1.1 / diff
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/PLIST@1.1 / diff
pkgsrc/devel/p5-RT-Extension-ArticleTemplates/distinfo@1.1 / diff
An extension for RT4 that makes RT parse the content of Articles as
a template, when inserting the article into a ticket, using the
Text::Template module; this can be used to make your Articles dynamic.
Text::Template is the same module that RT's Templates use as well.
You need this extension to be able to generate form responses that
contain fields from the ticket.
a template, when inserting the article into a ticket, using the
Text::Template module; this can be used to make your Articles dynamic.
Text::Template is the same module that RT's Templates use as well.
You need this extension to be able to generate form responses that
contain fields from the ticket.
MAIN commitmail json YAML
pkgsrc/net/xymon/Makefile@1.57
/
diff
pkgsrc/net/xymon/distinfo@1.18 / diff
pkgsrc/net/xymon/patches/patch-build_Makefile.Linux@1.3 / diff
pkgsrc/net/xymon/patches/patch-lib_acklog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_availability.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_availability.h@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_eventlog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_holidays.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_htmllog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_misc.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_stackio.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_timefunc.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_tree.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-web_history.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-web_reportlog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-web_showgraph.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymond_combostatus.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymond_rrd_do__temperature.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymond_xymond__history.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymonnet_xymonnet.c@1.1 / diff
:
(more 3 files)
pkgsrc/net/xymon/distinfo@1.18 / diff
pkgsrc/net/xymon/patches/patch-build_Makefile.Linux@1.3 / diff
pkgsrc/net/xymon/patches/patch-lib_acklog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_availability.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_availability.h@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_eventlog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_holidays.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_htmllog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_misc.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_stackio.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_timefunc.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-lib_tree.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-web_history.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-web_reportlog.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-web_showgraph.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymond_combostatus.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymond_rrd_do__temperature.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymond_xymond__history.c@1.1 / diff
pkgsrc/net/xymon/patches/patch-xymonnet_xymonnet.c@1.1 / diff
:
(more 3 files)
Update xymon and xymonclient to version 4.3.29.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.
Upstream changelog:
Changes for 4.3.29
==================
Several buffer overflow security issues have been resolved, as well as
a potential XSS attack on certain CGI interfaces. Although the ability
to exploit is limited, all users are urged to upgrade.
The assigned CVE numbers are:
CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
In addition, revisions have been made to a number of places throughout
the code to convert the most common sprintf statements to snprintf for
safer processing, which should reduce the impact of similar parsing.
Additional work on this will continue in the future.
The affected CGIs are:
history.c (overflow of histlogfn) = CVE-2019-13451
reportlog.c (overflow of histlogfn) = CVE-2019-13452
csvinfo.c (overflow of dbfn) = CVE-2019-13273
csvinfo.c (reflected XSS) = CVE-2019-13274
acknowledge.c (overflow of msgline) = CVE-2019-13455
appfeed.c (overflow of errtxt) = CVE-2019-13484
history.c (overflow of selfurl) = CVE-2019-13485
svcstatus.c (overflow of errtxt) = CVE-2019-13486
We would like to thank the University of Cambridge Computer Security
Incident Response Team for their assistance in reporting and helping
resolve these issues.
Additional Changes:
On Linux, a few additional tmpfs volumes are ignored by default
on new (or unmodified) installs. This includes /run/user/<uid>,
which is a transient, per-session tmpfs on some systems. To re-
enable monitoring for this (if you are running services under
a user with a login session), you may need to edit the analysis.cfg(5)
file.
After upgrade, these partitions will no longer be alerted on or
tracked, and their associated RRD files may also be removed:
/run/user/<uid> (but NOT /run)
/dev (but NOT /dev/shm)
/sys/fs/cgroup
/lib/init/rw
The default hard limit for an incoming message has been raised from
10MB to 64MB
The secure apache config snippet no longer requires a xymongroups file
to be present (and module loaded), since it's not used by default. This
will not affect existing installs.
A --no-cpu-listing option has been added to xymond_client to suppress the
'top' output in cpu test status messages.
The conversation used in SMTP checks has been adjusted to perform a proper
"EHLO" greeting against servers, using the host string 'xymonnet'. If the
string needs to be adjusted, however, see protocols.cfg(5)
"Actual" memory usage (as a percentage) may be >100% on some platforms
in certain situations. This alone will not be tagged as "invalid" data
and should be graphed in RRD.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.
Upstream changelog:
Changes for 4.3.29
==================
Several buffer overflow security issues have been resolved, as well as
a potential XSS attack on certain CGI interfaces. Although the ability
to exploit is limited, all users are urged to upgrade.
The assigned CVE numbers are:
CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
In addition, revisions have been made to a number of places throughout
the code to convert the most common sprintf statements to snprintf for
safer processing, which should reduce the impact of similar parsing.
Additional work on this will continue in the future.
The affected CGIs are:
history.c (overflow of histlogfn) = CVE-2019-13451
reportlog.c (overflow of histlogfn) = CVE-2019-13452
csvinfo.c (overflow of dbfn) = CVE-2019-13273
csvinfo.c (reflected XSS) = CVE-2019-13274
acknowledge.c (overflow of msgline) = CVE-2019-13455
appfeed.c (overflow of errtxt) = CVE-2019-13484
history.c (overflow of selfurl) = CVE-2019-13485
svcstatus.c (overflow of errtxt) = CVE-2019-13486
We would like to thank the University of Cambridge Computer Security
Incident Response Team for their assistance in reporting and helping
resolve these issues.
Additional Changes:
On Linux, a few additional tmpfs volumes are ignored by default
on new (or unmodified) installs. This includes /run/user/<uid>,
which is a transient, per-session tmpfs on some systems. To re-
enable monitoring for this (if you are running services under
a user with a login session), you may need to edit the analysis.cfg(5)
file.
After upgrade, these partitions will no longer be alerted on or
tracked, and their associated RRD files may also be removed:
/run/user/<uid> (but NOT /run)
/dev (but NOT /dev/shm)
/sys/fs/cgroup
/lib/init/rw
The default hard limit for an incoming message has been raised from
10MB to 64MB
The secure apache config snippet no longer requires a xymongroups file
to be present (and module loaded), since it's not used by default. This
will not affect existing installs.
A --no-cpu-listing option has been added to xymond_client to suppress the
'top' output in cpu test status messages.
The conversation used in SMTP checks has been adjusted to perform a proper
"EHLO" greeting against servers, using the host string 'xymonnet'. If the
string needs to be adjusted, however, see protocols.cfg(5)
"Actual" memory usage (as a percentage) may be >100% on some platforms
in certain situations. This alone will not be tagged as "invalid" data
and should be graphed in RRD.
pkgsrc-2019Q3 commitmail json YAML
pullups 6080 and 6083
pkgsrc-2019Q3 commitmail json YAML
pkgsrc/archivers/go-xz/Makefile@1.10.2.1
/
diff
pkgsrc/chat/coyim/Makefile@1.7.2.1 / diff
pkgsrc/chat/matterircd/Makefile@1.17.2.1 / diff
pkgsrc/databases/go-etcd/Makefile@1.16.2.1 / diff
pkgsrc/databases/go-ldap/Makefile@1.5.2.1 / diff
pkgsrc/databases/influxdb/Makefile@1.5.2.1 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.4.2.1 / diff
pkgsrc/databases/prometheus/Makefile@1.8.2.1 / diff
pkgsrc/devel/git-lfs/Makefile@1.13.2.1 / diff
pkgsrc/devel/go-afero/Makefile@1.16.2.1 / diff
pkgsrc/devel/go-amber/Makefile@1.16.2.1 / diff
pkgsrc/devel/go-appengine/Makefile@1.11.2.1 / diff
pkgsrc/devel/go-assert/Makefile@1.9.2.1 / diff
pkgsrc/devel/go-blackfriday/Makefile@1.15.2.1 / diff
pkgsrc/devel/go-buffruneio/Makefile@1.15.2.1 / diff
pkgsrc/devel/go-cast/Makefile@1.15.2.1 / diff
pkgsrc/devel/go-check/Makefile@1.19.2.1 / diff
pkgsrc/devel/go-cli/Makefile@1.17.2.1 / diff
pkgsrc/devel/go-cobra/Makefile@1.17.2.1 / diff
pkgsrc/devel/go-colorable/Makefile@1.10.2.1 / diff
:
(more 138 files)
pkgsrc/chat/coyim/Makefile@1.7.2.1 / diff
pkgsrc/chat/matterircd/Makefile@1.17.2.1 / diff
pkgsrc/databases/go-etcd/Makefile@1.16.2.1 / diff
pkgsrc/databases/go-ldap/Makefile@1.5.2.1 / diff
pkgsrc/databases/influxdb/Makefile@1.5.2.1 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.4.2.1 / diff
pkgsrc/databases/prometheus/Makefile@1.8.2.1 / diff
pkgsrc/devel/git-lfs/Makefile@1.13.2.1 / diff
pkgsrc/devel/go-afero/Makefile@1.16.2.1 / diff
pkgsrc/devel/go-amber/Makefile@1.16.2.1 / diff
pkgsrc/devel/go-appengine/Makefile@1.11.2.1 / diff
pkgsrc/devel/go-assert/Makefile@1.9.2.1 / diff
pkgsrc/devel/go-blackfriday/Makefile@1.15.2.1 / diff
pkgsrc/devel/go-buffruneio/Makefile@1.15.2.1 / diff
pkgsrc/devel/go-cast/Makefile@1.15.2.1 / diff
pkgsrc/devel/go-check/Makefile@1.19.2.1 / diff
pkgsrc/devel/go-cli/Makefile@1.17.2.1 / diff
pkgsrc/devel/go-cobra/Makefile@1.17.2.1 / diff
pkgsrc/devel/go-colorable/Makefile@1.10.2.1 / diff
:
(more 138 files)
Pullup ticket #6083 - requested by leot
lang/go112: security update
lang/go: update available version
Revisions pulled up:
- lang/go/version.mk 1.70
- lang/go112/PLIST 1.8
- lang/go112/distinfo 1.8
Revision bump for:
- archivers/go-xz/Makefile
- chat/coyim/Makefile
- chat/matterircd/Makefile
- databases/go-etcd/Makefile
- databases/go-ldap/Makefile
- databases/influxdb/Makefile
- databases/postgres_exporter/Makefile
- databases/prometheus/Makefile
- devel/git-lfs/Makefile
- devel/go-afero/Makefile
- devel/go-amber/Makefile
- devel/go-appengine/Makefile
- devel/go-assert/Makefile
- devel/go-blackfriday/Makefile
- devel/go-buffruneio/Makefile
- devel/go-cast/Makefile
- devel/go-check/Makefile
- devel/go-cli/Makefile
- devel/go-cobra/Makefile
- devel/go-colorable/Makefile
- devel/go-colortext/Makefile
- devel/go-colour/Makefile
- devel/go-consul-api/Makefile
- devel/go-debounce/Makefile
- devel/go-ed25519/Makefile
- devel/go-emoji/Makefile
- devel/go-errors/Makefile
- devel/go-flags-svent/Makefile
- devel/go-fnmatch/Makefile
- devel/go-fs/Makefile
- devel/go-fsnotify/Makefile
- devel/go-fsync/Makefile
- devel/go-gitmap/Makefile
- devel/go-glog/Makefile
- devel/go-gls/Makefile
- devel/go-gocode/Makefile
- devel/go-godef/Makefile
- devel/go-godirwalk/Makefile
- devel/go-godotenv/Makefile
- devel/go-golang-lru/Makefile
- devel/go-goorgeous/Makefile
- devel/go-gopkgs/Makefile
- devel/go-goptlib/Makefile
- devel/go-goreturns/Makefile
- devel/go-gox/Makefile
- devel/go-hashstructure/Makefile
- devel/go-homedir/Makefile
- devel/go-humanize/Makefile
- devel/go-i18n/Makefile
- devel/go-immutable-radix/Makefile
- devel/go-ini/Makefile
- devel/go-iochan/Makefile
- devel/go-isatty/Makefile
- devel/go-jwalterweatherman/Makefile
- devel/go-kingpin.v3-unstable/Makefile
- devel/go-locker/Makefile
- devel/go-logrus/Makefile
- devel/go-mapstructure/Makefile
- devel/go-mapstructure-bep/Makefile
- devel/go-mow-cli/Makefile
- devel/go-nbreader/Makefile
- devel/go-nitro/Makefile
- devel/go-osext/Makefile
- devel/go-pflag/Makefile
- devel/go-properties/Makefile
- devel/go-protobuf/Makefile
- devel/go-purell/Makefile
- devel/go-ratelimit/Makefile
- devel/go-repr/Makefile
- devel/go-review/Makefile
- devel/go-sanitized_anchor_name/Makefile
- devel/go-shellwords/Makefile
- devel/go-shuffle/Makefile
- devel/go-siphash/Makefile
- devel/go-sync/Makefile
- devel/go-sys/Makefile
- devel/go-termbox/Makefile
- devel/go-testify/Makefile
- devel/go-thrift/Makefile
- devel/go-tools/Makefile
- devel/go-try/Makefile
- devel/go-viper/Makefile
- devel/go-yaml/Makefile
- devel/golint/Makefile
- devel/google-api-go-client/Makefile
- graphics/go-image/Makefile
- graphics/go-imaging/Makefile
- graphics/go-resize/Makefile
- graphics/go-smartcrop/Makefile
- lang/go-hcl/Makefile
- mail/postforward/Makefile
- math/go-stats/Makefile
- math/go-units/Makefile
- misc/go-genproto/Makefile
- misc/go-genproto-googleapis-rpc/Makefile
- net/aws-sdk-go/Makefile
- net/dnscrypt-proxy2/Makefile
- net/gcloud-golang-metadata/Makefile
- net/go-dns/Makefile
- net/go-dnstap/Makefile
- net/go-framestream/Makefile
- net/go-grpc/Makefile
- net/go-net/Makefile
- net/go-ovh/Makefile
- net/go-websocket/Makefile
- net/hub/Makefile
- net/obfs4proxy/Makefile
- net/syncthing/Makefile
- pkgtools/pkglint/Makefile
- security/2fa/Makefile
- security/go-asn1-ber/Makefile
- security/go-crypt/Makefile
- security/go-crypto/Makefile
- security/go-mkcert/Makefile
- security/go-oauth2/Makefile
- security/go-sftp/Makefile
- security/vault/Makefile
- sysutils/beats/Makefile
- sysutils/consul/Makefile
- sysutils/fzf/Makefile
- sysutils/goreman/Makefile
- sysutils/lf/Makefile
- sysutils/node_exporter/Makefile
- sysutils/vultr/Makefile
- textproc/go-chroma/Makefile
- textproc/go-diff/Makefile
- textproc/go-glob/Makefile
- textproc/go-inflect/Makefile
- textproc/go-md2man/Makefile
- textproc/go-mmark/Makefile
- textproc/go-prose/Makefile
- textproc/go-regexp2/Makefile
- textproc/go-runewidth/Makefile
- textproc/go-sentences/Makefile
- textproc/go-tablewriter/Makefile
- textproc/go-text/Makefile
- textproc/sift/Makefile
- www/caddy/Makefile
- www/gitea/Makefile
- www/go-ace/Makefile
- www/go-cssmin/Makefile
- www/go-gogs-client/Makefile
- www/go-gohtml/Makefile
- www/go-libsass/Makefile
- www/go-minify/Makefile
- www/go-parse/Makefile
- www/go-spritewell/Makefile
- www/go-tocss/Makefile
- www/go-toml-burntsushi/Makefile
- www/go-toml-pelletier/Makefile
- www/go-urlesc/Makefile
- www/go-webhooks/Makefile
- www/grafana/Makefile
- www/hugo/Makefile
- www/pup/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Oct 18 14:48:29 UTC 2019
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go112: PLIST distinfo
Log Message:
Update go112 to 1.12.12.
qo1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa
package. See the Go 1.12.11 milestone on our issue tracker for details.
go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime,
syscall and net packages. See the Go 1.12.12 milestone on our issue tracker
for details.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go112/PLIST pkgsrc/lang/go112/distinfo
lang/go112: security update
lang/go: update available version
Revisions pulled up:
- lang/go/version.mk 1.70
- lang/go112/PLIST 1.8
- lang/go112/distinfo 1.8
Revision bump for:
- archivers/go-xz/Makefile
- chat/coyim/Makefile
- chat/matterircd/Makefile
- databases/go-etcd/Makefile
- databases/go-ldap/Makefile
- databases/influxdb/Makefile
- databases/postgres_exporter/Makefile
- databases/prometheus/Makefile
- devel/git-lfs/Makefile
- devel/go-afero/Makefile
- devel/go-amber/Makefile
- devel/go-appengine/Makefile
- devel/go-assert/Makefile
- devel/go-blackfriday/Makefile
- devel/go-buffruneio/Makefile
- devel/go-cast/Makefile
- devel/go-check/Makefile
- devel/go-cli/Makefile
- devel/go-cobra/Makefile
- devel/go-colorable/Makefile
- devel/go-colortext/Makefile
- devel/go-colour/Makefile
- devel/go-consul-api/Makefile
- devel/go-debounce/Makefile
- devel/go-ed25519/Makefile
- devel/go-emoji/Makefile
- devel/go-errors/Makefile
- devel/go-flags-svent/Makefile
- devel/go-fnmatch/Makefile
- devel/go-fs/Makefile
- devel/go-fsnotify/Makefile
- devel/go-fsync/Makefile
- devel/go-gitmap/Makefile
- devel/go-glog/Makefile
- devel/go-gls/Makefile
- devel/go-gocode/Makefile
- devel/go-godef/Makefile
- devel/go-godirwalk/Makefile
- devel/go-godotenv/Makefile
- devel/go-golang-lru/Makefile
- devel/go-goorgeous/Makefile
- devel/go-gopkgs/Makefile
- devel/go-goptlib/Makefile
- devel/go-goreturns/Makefile
- devel/go-gox/Makefile
- devel/go-hashstructure/Makefile
- devel/go-homedir/Makefile
- devel/go-humanize/Makefile
- devel/go-i18n/Makefile
- devel/go-immutable-radix/Makefile
- devel/go-ini/Makefile
- devel/go-iochan/Makefile
- devel/go-isatty/Makefile
- devel/go-jwalterweatherman/Makefile
- devel/go-kingpin.v3-unstable/Makefile
- devel/go-locker/Makefile
- devel/go-logrus/Makefile
- devel/go-mapstructure/Makefile
- devel/go-mapstructure-bep/Makefile
- devel/go-mow-cli/Makefile
- devel/go-nbreader/Makefile
- devel/go-nitro/Makefile
- devel/go-osext/Makefile
- devel/go-pflag/Makefile
- devel/go-properties/Makefile
- devel/go-protobuf/Makefile
- devel/go-purell/Makefile
- devel/go-ratelimit/Makefile
- devel/go-repr/Makefile
- devel/go-review/Makefile
- devel/go-sanitized_anchor_name/Makefile
- devel/go-shellwords/Makefile
- devel/go-shuffle/Makefile
- devel/go-siphash/Makefile
- devel/go-sync/Makefile
- devel/go-sys/Makefile
- devel/go-termbox/Makefile
- devel/go-testify/Makefile
- devel/go-thrift/Makefile
- devel/go-tools/Makefile
- devel/go-try/Makefile
- devel/go-viper/Makefile
- devel/go-yaml/Makefile
- devel/golint/Makefile
- devel/google-api-go-client/Makefile
- graphics/go-image/Makefile
- graphics/go-imaging/Makefile
- graphics/go-resize/Makefile
- graphics/go-smartcrop/Makefile
- lang/go-hcl/Makefile
- mail/postforward/Makefile
- math/go-stats/Makefile
- math/go-units/Makefile
- misc/go-genproto/Makefile
- misc/go-genproto-googleapis-rpc/Makefile
- net/aws-sdk-go/Makefile
- net/dnscrypt-proxy2/Makefile
- net/gcloud-golang-metadata/Makefile
- net/go-dns/Makefile
- net/go-dnstap/Makefile
- net/go-framestream/Makefile
- net/go-grpc/Makefile
- net/go-net/Makefile
- net/go-ovh/Makefile
- net/go-websocket/Makefile
- net/hub/Makefile
- net/obfs4proxy/Makefile
- net/syncthing/Makefile
- pkgtools/pkglint/Makefile
- security/2fa/Makefile
- security/go-asn1-ber/Makefile
- security/go-crypt/Makefile
- security/go-crypto/Makefile
- security/go-mkcert/Makefile
- security/go-oauth2/Makefile
- security/go-sftp/Makefile
- security/vault/Makefile
- sysutils/beats/Makefile
- sysutils/consul/Makefile
- sysutils/fzf/Makefile
- sysutils/goreman/Makefile
- sysutils/lf/Makefile
- sysutils/node_exporter/Makefile
- sysutils/vultr/Makefile
- textproc/go-chroma/Makefile
- textproc/go-diff/Makefile
- textproc/go-glob/Makefile
- textproc/go-inflect/Makefile
- textproc/go-md2man/Makefile
- textproc/go-mmark/Makefile
- textproc/go-prose/Makefile
- textproc/go-regexp2/Makefile
- textproc/go-runewidth/Makefile
- textproc/go-sentences/Makefile
- textproc/go-tablewriter/Makefile
- textproc/go-text/Makefile
- textproc/sift/Makefile
- www/caddy/Makefile
- www/gitea/Makefile
- www/go-ace/Makefile
- www/go-cssmin/Makefile
- www/go-gogs-client/Makefile
- www/go-gohtml/Makefile
- www/go-libsass/Makefile
- www/go-minify/Makefile
- www/go-parse/Makefile
- www/go-spritewell/Makefile
- www/go-tocss/Makefile
- www/go-toml-burntsushi/Makefile
- www/go-toml-pelletier/Makefile
- www/go-urlesc/Makefile
- www/go-webhooks/Makefile
- www/grafana/Makefile
- www/hugo/Makefile
- www/pup/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Oct 18 14:48:29 UTC 2019
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go112: PLIST distinfo
Log Message:
Update go112 to 1.12.12.
qo1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa
package. See the Go 1.12.11 milestone on our issue tracker for details.
go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime,
syscall and net packages. See the Go 1.12.12 milestone on our issue tracker
for details.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go112/PLIST pkgsrc/lang/go112/distinfo
pkgsrc-2019Q3 commitmail json YAML
Pullup ticket #6080 - requested by bouyer
geography/opencpn: build fix
Revisions pulled up:
- geography/opencpn/Makefile 1.37
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Sun Oct 27 17:44:33 UTC 2019
Modified Files:
pkgsrc/geography/opencpn: Makefile
Log Message:
Hack to make it build with new pango (pango-coverage.h does
#include <hb.h>)
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 pkgsrc/geography/opencpn/Makefile
geography/opencpn: build fix
Revisions pulled up:
- geography/opencpn/Makefile 1.37
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Sun Oct 27 17:44:33 UTC 2019
Modified Files:
pkgsrc/geography/opencpn: Makefile
Log Message:
Hack to make it build with new pango (pango-coverage.h does
#include <hb.h>)
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 pkgsrc/geography/opencpn/Makefile
MAIN commitmail json YAML
update libtasn1 to version 4.14:
* Noteworthy changes in release 4.14 (released 2019-07-21) [stable]
- New #defines for version checking: ASN1_VERSION_MAJOR, ASN1_VERSION_MINOR,
ASN1_VERSION_PATCH, ASN1_VERSION_NUMBER. The next release will switch
to semantic version semantics.
- Simplify ordering of SET OF elements by using qsort().
- Marked explicitly const uses of asn1_node with the introduction
of the (compatible) asn1_node_const type.
- Limit recursion in _asn1_expand_object_id() to detect infinite
recursion in incorrect .asn files (#4).
- asn1_array2tree(): fixed thread safety issues.
- Several fixes in gtk-doc generation.
fixes CVE-2018-1000654
* Noteworthy changes in release 4.14 (released 2019-07-21) [stable]
- New #defines for version checking: ASN1_VERSION_MAJOR, ASN1_VERSION_MINOR,
ASN1_VERSION_PATCH, ASN1_VERSION_NUMBER. The next release will switch
to semantic version semantics.
- Simplify ordering of SET OF elements by using qsort().
- Marked explicitly const uses of asn1_node with the introduction
of the (compatible) asn1_node_const type.
- Limit recursion in _asn1_expand_object_id() to detect infinite
recursion in incorrect .asn files (#4).
- asn1_array2tree(): fixed thread safety issues.
- Several fixes in gtk-doc generation.
fixes CVE-2018-1000654
MAIN commitmail json YAML
pkgsrc/devel/p5-Module-Install-RTx/Makefile@1.24
/
diff
pkgsrc/devel/p5-Module-Install-RTx/distinfo@1.11 / diff
pkgsrc/devel/p5-Module-Install-RTx/patches/patch-lib_Module_Install_RTx.pm@1.1 / diff
pkgsrc/devel/p5-Module-Install-RTx/distinfo@1.11 / diff
pkgsrc/devel/p5-Module-Install-RTx/patches/patch-lib_Module_Install_RTx.pm@1.1 / diff
make
INSTALLVENDORMAN1DIR => "@PREFIX@/@PKGMANDIR@/man1"
INSTALLVENDORMAN3DIR => "@PREFIX@/@PKGMANDIR@/man3"
and INSTALLVENDORARCH located with the rest of the plugin
instead of hardwiring them to /usr/share/man/*
INSTALLVENDORMAN1DIR => "@PREFIX@/@PKGMANDIR@/man1"
INSTALLVENDORMAN3DIR => "@PREFIX@/@PKGMANDIR@/man3"
and INSTALLVENDORARCH located with the rest of the plugin
instead of hardwiring them to /usr/share/man/*
pkgsrc-2019Q1 commitmail json YAML
pullups 5977 5978
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/net/py-rt/Makefile@1.1.6.1
/
diff
pkgsrc/net/py-rt/distinfo@1.1.6.1 / diff
pkgsrc/net/py-rt/patches/patch-rt.py@1.1.2.2 / diff
pkgsrc/net/py-rt/distinfo@1.1.6.1 / diff
pkgsrc/net/py-rt/patches/patch-rt.py@1.1.2.2 / diff
Pullup ticket #5978 - requested by leot
net/py-rt: functionality fix
Revisions pulled up:
- net/py-rt/Makefile 1.2
- net/py-rt/distinfo 1.2
- net/py-rt/patches/patch-rt.py 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun Jun 9 13:57:27 UTC 2019
Modified Files:
pkgsrc/net/py-rt: Makefile distinfo
Added Files:
pkgsrc/net/py-rt/patches: patch-rt.py
Log Message:
py-rt: Backport upstream patch to fix search() Format='s' and Format='i'
At least on RT 4 blank lines can be present at the end of the search response,
backport upstream commit bb07009c4f62dd2ac393aab82fded6424eead82f to address
that.
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/py-rt/Makefile pkgsrc/net/py-rt/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/py-rt/patches/patch-rt.py
net/py-rt: functionality fix
Revisions pulled up:
- net/py-rt/Makefile 1.2
- net/py-rt/distinfo 1.2
- net/py-rt/patches/patch-rt.py 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun Jun 9 13:57:27 UTC 2019
Modified Files:
pkgsrc/net/py-rt: Makefile distinfo
Added Files:
pkgsrc/net/py-rt/patches: patch-rt.py
Log Message:
py-rt: Backport upstream patch to fix search() Format='s' and Format='i'
At least on RT 4 blank lines can be present at the end of the search response,
backport upstream commit bb07009c4f62dd2ac393aab82fded6424eead82f to address
that.
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/py-rt/Makefile pkgsrc/net/py-rt/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/py-rt/patches/patch-rt.py
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/databases/phpmyadmin/Makefile@1.156.4.1
/
diff
pkgsrc/databases/phpmyadmin/PLIST@1.47.4.1 / diff
pkgsrc/databases/phpmyadmin/distinfo@1.108.4.1 / diff
pkgsrc/databases/phpmyadmin/PLIST@1.47.4.1 / diff
pkgsrc/databases/phpmyadmin/distinfo@1.108.4.1 / diff
Pullup ticket #5977 - requested by tm
databases/phpmyadmin: security update
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.159
- databases/phpmyadmin/PLIST 1.48
- databases/phpmyadmin/distinfo 1.109
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tm
Date: Fri Jun 7 10:09:43 UTC 2019
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
phpmyadmin: update to 4.9.0.1
4.9.0.1 (2019-06-04)
- issue #14478 phpMyAdmin no longer streams the export data
- issue #14514 Tables with SYSTEM VERSIONING show up as views instead of tables
- issue #14515 Values cannot be edited in SYSTEM VERSIONING tables with INVISIBLE timestamps
- issue Fix header icon on server plugins page
- issue #14298 Fixed error 500 on MultiTableQuery page when a empty query is passed
- issue #14402 Fixed fatal javascript error while adding index to a new column
- issue #14896 Fixed issue with plus/minus icon when refreshing an expanded database
- issue #14922 Fixed json encode error in export
- issue #13975 Fixed missing query time in German (fix decimal number format issue)
- issue #14503 Fixed JavaScript events not activating on input (sql bookmark issue)
- issue #14898 Fixed Bottom table is blocked in database list (left panel)
- issue #14425 Fixed Null Checkbox automatically unmarked
- issue #14870 Display correct date and time in Zip files
- issue #14763 Fixed the loading symbol not appearing when refreshing the navigation
- issue #14607 Count rows only if needed
- issue #14832 Show Designer combo boxes when adding a constraint
- issue #14948 Fix change password is not showing password strength difference at the second attempt
- issue #14868 Fix edit view
- issue #14943 Fixed loading Forever when creating new view without filling any field
- issue #14843 Fix Bookmark::get() id matching SQL
- issue #14734 Fixed invalid default value for bit field
- issue #14311 Fixed undefined index in setup script
- issue #14991 Fixed TypeError in GIS editor
- issue Fixed GIS data editor for multi server setup
- issue #14312 Fixed type error in setup script when adding new server
- issue #14053 Fix missed padding on query results
- issue #14826 Fixed javascript error PMA_messages is not defined
- issue Show error message if config-set fails and not "loading..." forever
- issue #14359 Prevent multiple error modals, and error-report request spamming from script
- issue Fixed error reporting javascript errors on multi server setup
- issue Fixed wrong property name on TableStructureController
- issue #14811 Fix SHOW FULL TABLES FROM when a table is locked
- issue #14916 Fix bug when creating or editing views
- issue #14931 Fixed php error when using a query like SELECT 1 INTO @a; SELECT @a; in inline query edit
- issue #15074 Make the server logo visible on theme "original"
- issue #15077 Fixed incorrect page numbers
- issue #14205 Fixed "No tables found in database" when you delete all tables from last page
- issue #14957 Virtuality is not selected when editing generated column (added virtuality(stored) option for mariadb)
- issue #14853 Insert page should not allow entering things into virtual columns
- issue #15110 Fixed TypeError e.preventDefaulut is not a function
- issue #15115 Improved label in Settings export, clarifying that it's a JSON file
- issue #14816 Fixed [designer] Cannot read property 'style' of null
- issue Fixed [designer] Add new tables with database/table list modal
- issue Fixed query format on multi server setup
- issue Fixed remove partitioning on multi server setup
- issue Fixed normalization
- issue Fixed 'RESET SLAVE' button on replication slave
- issue Fixed sending a php error report on multi server setup
- issue Fixed downloading of monitor parameters for IE 11, Edge, Chrome and others
- issue #15141 Fixed php notice Undefined index: designer_settings
- issue #12729 Fixed sticky table header over dropdown menu
- issue #15140 Fixed edit link does not work on failed insert
- issue #14334 Fixed export table structure shows rows fields
- issue #15010 Fixed empty SQL preview modal on tbl_relation
- issue #14673 Fixed innodb & MySQL 8: DYNAMIC & COMPRESSED ROW_FORMAT missing
- issue Fixed empty success message when adding a new INDEX from left panel
- issue #15150 Fixed generate password hidden on second open of change password modal
- issue Fixed import XML data with leading zeros
- issue #15036 Fixed missing input fields checks for MaxSizeForInputField
- issue #15119 Fixed uninterpreted HTML on Settings->Export page
- issue #15159 Fixed missing query time and database in console
- issue #13713 Fixed column comments in the floating table header
- issue #15177 Fixed label alignment on login page
- issue #15210 Fixed a typo in the english name of the Albanian language
- issue Fixed issue when resetting charset in import.php
- issue #14460 Fixed forms where submitted multiple times on CTRL + ENTER
- issue #15038 Fixed console height was allowing a negative values
- issue #15219 Fixed 'No Password' option does not switch automatically to 'Use Text Field' in add user account
- issue Fixed importing the exported config on Server status monitor page
- issue #15228 Fixed php notice 'Undefined index: foreign_keys_data' on designer when the user has column access
- issue #12900 Fixed designer page saving gives error when configuration storage is not set up
- issue #15229 Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4)
- issue #14527 Fixed import settings function not working
- issue #14908 Fixed uninterpreted HTML on Settings->Import (missing data error descriptions)
- issue #14800 Fixed status->Processes doesn't show full query process list page
- issue #14833 Fixed sort by Time not working in process list page
- issue #14982 Fixed setting "null" keep an "enum" value
- issue #14401 Fixed insert rows keypress Enter behavior
- issue #15146 Fixed error reports can not be sent because they are too large
- issue #15205 Fixed useless backquotes on sql preview modal when deleting an index
- issue #13178 Fixed issues with uppercase table and database names (lower_case_table_names=1)
- issue #14383 Fixed warning when browsing certain tables (GIS data)
- issue #12865 Fixed MySQL 8.0.0 issues with GIS display
- issue #15059 Fixed "Server charset" in "Database server" tab showing wrong information
- issue #14614 Fixed mysql error "#2014 - Commands out of sync; you can't run this command now" on sql query
- issue #15238 Fixed phpMyAdmin 4.8.5 doesn't show privileges of procedures (raw html displayed instead)
- issue #13726 Fixed can not copy user on Percona Server 5.7
- issue #15239 Fixed javascript error while fetching latest version info and switching pages
- issue #14301 Fixed javascript error when editing a JSON data type column
- issue #15240 Fixed apply a Settings form with errors shows a JSON response after using return back
- issue #15043 Fixed multiple errors printing on Settings page
- issue #15037 Fixed unexpected behavior of reset button on Settings
- issue #15157 Fixed 'Settings' tab not marked as active when browsing 2FA settings
- issue #14934 Fixed all fields readonly on Edit/Insert screens
- issue #14588 Fixed export of geometry objects, GIS objects are now exported as hex
- issue #14412 Better handling of errors with Signon authentication type
- issue Added support for AUTO_INCREMENT when using ROCKSDB, on Operations page
- issue #15276 Fixed partitioning is missing in Structure page UI (MySQL 8.0)
- issue #14252 Fixed DisableIS and database tree list (new database missing when refreshing the list)
- issue #14621 Removed "Propose table structure" on MySQL 8.0
- issue Fixed editing of virtual columns on PerconaDB
- issue #13854 Fixed column options are ignored for GENERATED/VIRTUAL/STORED columns
- issue #15262 Fixed incorrect display of charset column (raw html)
- issue Added explicit parentheses in nested ternary operators
- issue #15287 Fix auto_increment field is too small
- issue #15283 Fix tries to change collation on views when changing collation on all tables/fields
- issue Fixed empty PMA_gotoWhitelist JavaScript array
- issue #15079 Fixed responsive behaviour of instruction dialog box
- issue #10846 Fixed javascript error when renaming a table
- issue Updated sql-parser to version 4.3.2
- issue [security] SQL injection in Designer (PMASA-2019-3)
- issue [security] CSRF attack on 'cookie' login form (PMASA-2019-4)
4.8.5 (2019-01-25)
- issue Developer debug data was saved to the PHP error log
- issue #14217 Fix issue when adding user on MySQL 8.0.11
- issue #13788 Exporting a view structure based on another view with a sub-query throws no database selected error
- issue #14635 Fix PHP error in GitRevision, error in processing request, error code 200
- issue #14787 Cannot execute stored procedure
- issue Add Burmese language
- issue #14794 Not responding to click, frozen interface, plugin Text_Plain_Sql error
- issue #14786 Table level Operations functions missing
- issue #14791 PHP warning, db_export.php#L91 urldecode()
- issue #14775 Export to SQL format not available for tables
- issue #14782 Error message shown instead of two-factor QR code when adding 2fa to a user
- issue [security] Arbitrary file read/delete relating to MySQL LOAD DATA LOCAL INFILE and an evil server instance (PMASA-2019-1)
- issue [security] SQL injection in Designer (PMASA-2019-2)
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/databases/phpmyadmin/PLIST
cvs rdiff -u -r1.108 -r1.109 pkgsrc/databases/phpmyadmin/distinfo
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tm
Date: Sun Jun 16 09:13:11 UTC 2019
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile
Log Message:
phpmyadmin: provide correct shell script for replace_sh (pkg/54296)
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 pkgsrc/databases/phpmyadmin/Makefile
databases/phpmyadmin: security update
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.159
- databases/phpmyadmin/PLIST 1.48
- databases/phpmyadmin/distinfo 1.109
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tm
Date: Fri Jun 7 10:09:43 UTC 2019
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
phpmyadmin: update to 4.9.0.1
4.9.0.1 (2019-06-04)
- issue #14478 phpMyAdmin no longer streams the export data
- issue #14514 Tables with SYSTEM VERSIONING show up as views instead of tables
- issue #14515 Values cannot be edited in SYSTEM VERSIONING tables with INVISIBLE timestamps
- issue Fix header icon on server plugins page
- issue #14298 Fixed error 500 on MultiTableQuery page when a empty query is passed
- issue #14402 Fixed fatal javascript error while adding index to a new column
- issue #14896 Fixed issue with plus/minus icon when refreshing an expanded database
- issue #14922 Fixed json encode error in export
- issue #13975 Fixed missing query time in German (fix decimal number format issue)
- issue #14503 Fixed JavaScript events not activating on input (sql bookmark issue)
- issue #14898 Fixed Bottom table is blocked in database list (left panel)
- issue #14425 Fixed Null Checkbox automatically unmarked
- issue #14870 Display correct date and time in Zip files
- issue #14763 Fixed the loading symbol not appearing when refreshing the navigation
- issue #14607 Count rows only if needed
- issue #14832 Show Designer combo boxes when adding a constraint
- issue #14948 Fix change password is not showing password strength difference at the second attempt
- issue #14868 Fix edit view
- issue #14943 Fixed loading Forever when creating new view without filling any field
- issue #14843 Fix Bookmark::get() id matching SQL
- issue #14734 Fixed invalid default value for bit field
- issue #14311 Fixed undefined index in setup script
- issue #14991 Fixed TypeError in GIS editor
- issue Fixed GIS data editor for multi server setup
- issue #14312 Fixed type error in setup script when adding new server
- issue #14053 Fix missed padding on query results
- issue #14826 Fixed javascript error PMA_messages is not defined
- issue Show error message if config-set fails and not "loading..." forever
- issue #14359 Prevent multiple error modals, and error-report request spamming from script
- issue Fixed error reporting javascript errors on multi server setup
- issue Fixed wrong property name on TableStructureController
- issue #14811 Fix SHOW FULL TABLES FROM when a table is locked
- issue #14916 Fix bug when creating or editing views
- issue #14931 Fixed php error when using a query like SELECT 1 INTO @a; SELECT @a; in inline query edit
- issue #15074 Make the server logo visible on theme "original"
- issue #15077 Fixed incorrect page numbers
- issue #14205 Fixed "No tables found in database" when you delete all tables from last page
- issue #14957 Virtuality is not selected when editing generated column (added virtuality(stored) option for mariadb)
- issue #14853 Insert page should not allow entering things into virtual columns
- issue #15110 Fixed TypeError e.preventDefaulut is not a function
- issue #15115 Improved label in Settings export, clarifying that it's a JSON file
- issue #14816 Fixed [designer] Cannot read property 'style' of null
- issue Fixed [designer] Add new tables with database/table list modal
- issue Fixed query format on multi server setup
- issue Fixed remove partitioning on multi server setup
- issue Fixed normalization
- issue Fixed 'RESET SLAVE' button on replication slave
- issue Fixed sending a php error report on multi server setup
- issue Fixed downloading of monitor parameters for IE 11, Edge, Chrome and others
- issue #15141 Fixed php notice Undefined index: designer_settings
- issue #12729 Fixed sticky table header over dropdown menu
- issue #15140 Fixed edit link does not work on failed insert
- issue #14334 Fixed export table structure shows rows fields
- issue #15010 Fixed empty SQL preview modal on tbl_relation
- issue #14673 Fixed innodb & MySQL 8: DYNAMIC & COMPRESSED ROW_FORMAT missing
- issue Fixed empty success message when adding a new INDEX from left panel
- issue #15150 Fixed generate password hidden on second open of change password modal
- issue Fixed import XML data with leading zeros
- issue #15036 Fixed missing input fields checks for MaxSizeForInputField
- issue #15119 Fixed uninterpreted HTML on Settings->Export page
- issue #15159 Fixed missing query time and database in console
- issue #13713 Fixed column comments in the floating table header
- issue #15177 Fixed label alignment on login page
- issue #15210 Fixed a typo in the english name of the Albanian language
- issue Fixed issue when resetting charset in import.php
- issue #14460 Fixed forms where submitted multiple times on CTRL + ENTER
- issue #15038 Fixed console height was allowing a negative values
- issue #15219 Fixed 'No Password' option does not switch automatically to 'Use Text Field' in add user account
- issue Fixed importing the exported config on Server status monitor page
- issue #15228 Fixed php notice 'Undefined index: foreign_keys_data' on designer when the user has column access
- issue #12900 Fixed designer page saving gives error when configuration storage is not set up
- issue #15229 Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4)
- issue #14527 Fixed import settings function not working
- issue #14908 Fixed uninterpreted HTML on Settings->Import (missing data error descriptions)
- issue #14800 Fixed status->Processes doesn't show full query process list page
- issue #14833 Fixed sort by Time not working in process list page
- issue #14982 Fixed setting "null" keep an "enum" value
- issue #14401 Fixed insert rows keypress Enter behavior
- issue #15146 Fixed error reports can not be sent because they are too large
- issue #15205 Fixed useless backquotes on sql preview modal when deleting an index
- issue #13178 Fixed issues with uppercase table and database names (lower_case_table_names=1)
- issue #14383 Fixed warning when browsing certain tables (GIS data)
- issue #12865 Fixed MySQL 8.0.0 issues with GIS display
- issue #15059 Fixed "Server charset" in "Database server" tab showing wrong information
- issue #14614 Fixed mysql error "#2014 - Commands out of sync; you can't run this command now" on sql query
- issue #15238 Fixed phpMyAdmin 4.8.5 doesn't show privileges of procedures (raw html displayed instead)
- issue #13726 Fixed can not copy user on Percona Server 5.7
- issue #15239 Fixed javascript error while fetching latest version info and switching pages
- issue #14301 Fixed javascript error when editing a JSON data type column
- issue #15240 Fixed apply a Settings form with errors shows a JSON response after using return back
- issue #15043 Fixed multiple errors printing on Settings page
- issue #15037 Fixed unexpected behavior of reset button on Settings
- issue #15157 Fixed 'Settings' tab not marked as active when browsing 2FA settings
- issue #14934 Fixed all fields readonly on Edit/Insert screens
- issue #14588 Fixed export of geometry objects, GIS objects are now exported as hex
- issue #14412 Better handling of errors with Signon authentication type
- issue Added support for AUTO_INCREMENT when using ROCKSDB, on Operations page
- issue #15276 Fixed partitioning is missing in Structure page UI (MySQL 8.0)
- issue #14252 Fixed DisableIS and database tree list (new database missing when refreshing the list)
- issue #14621 Removed "Propose table structure" on MySQL 8.0
- issue Fixed editing of virtual columns on PerconaDB
- issue #13854 Fixed column options are ignored for GENERATED/VIRTUAL/STORED columns
- issue #15262 Fixed incorrect display of charset column (raw html)
- issue Added explicit parentheses in nested ternary operators
- issue #15287 Fix auto_increment field is too small
- issue #15283 Fix tries to change collation on views when changing collation on all tables/fields
- issue Fixed empty PMA_gotoWhitelist JavaScript array
- issue #15079 Fixed responsive behaviour of instruction dialog box
- issue #10846 Fixed javascript error when renaming a table
- issue Updated sql-parser to version 4.3.2
- issue [security] SQL injection in Designer (PMASA-2019-3)
- issue [security] CSRF attack on 'cookie' login form (PMASA-2019-4)
4.8.5 (2019-01-25)
- issue Developer debug data was saved to the PHP error log
- issue #14217 Fix issue when adding user on MySQL 8.0.11
- issue #13788 Exporting a view structure based on another view with a sub-query throws no database selected error
- issue #14635 Fix PHP error in GitRevision, error in processing request, error code 200
- issue #14787 Cannot execute stored procedure
- issue Add Burmese language
- issue #14794 Not responding to click, frozen interface, plugin Text_Plain_Sql error
- issue #14786 Table level Operations functions missing
- issue #14791 PHP warning, db_export.php#L91 urldecode()
- issue #14775 Export to SQL format not available for tables
- issue #14782 Error message shown instead of two-factor QR code when adding 2fa to a user
- issue [security] Arbitrary file read/delete relating to MySQL LOAD DATA LOCAL INFILE and an evil server instance (PMASA-2019-1)
- issue [security] SQL injection in Designer (PMASA-2019-2)
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/databases/phpmyadmin/PLIST
cvs rdiff -u -r1.108 -r1.109 pkgsrc/databases/phpmyadmin/distinfo
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tm
Date: Sun Jun 16 09:13:11 UTC 2019
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile
Log Message:
phpmyadmin: provide correct shell script for replace_sh (pkg/54296)
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 pkgsrc/databases/phpmyadmin/Makefile
pkgsrc-2019Q1 commitmail json YAML
tickets 5972-5975
pkgsrc-2019Q1 commitmail json YAML
Pullup ticket #5975 - requested by taca
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.260
- lang/php73/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:36:02 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.6
Update to php73 to 7.3.6.
30 May 2019, PHP 7.3.6
- cURL:
. Implemented FR #72189 (Add missing CURL_VERSION_* constants). (Javier
Spagnoletti)
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- FPM:
. Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
. Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
- GD:
. Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- JSON:
. Fixed bug #77843 (Use after free with json serializer). (Nikita)
- Opcache:
. Fixed possible crashes, because of inconsistent PCRE cache and opcache
SHM reset. (Alexey Kalinin, Dmitry)
- PDO_MySQL:
. Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
- Reflection:
. Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)
- Session:
. Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)
- SOAP:
. Fixed bug #77945 (Segmentation fault when constructing SoapClient with
WSDL_CACHE_BOTH). (Nikita)
- SPL:
. Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
Duncan)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
- Standard:
. Fixed bug #77931 (Warning for array_map mentions wrong type). (Nikita)
. Fixed bug #78003 (strip_tags output change since PHP 7.3). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.259 -r1.260 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/php73/distinfo
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.260
- lang/php73/distinfo 1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:36:02 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.6
Update to php73 to 7.3.6.
30 May 2019, PHP 7.3.6
- cURL:
. Implemented FR #72189 (Add missing CURL_VERSION_* constants). (Javier
Spagnoletti)
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- FPM:
. Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
. Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
- GD:
. Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- JSON:
. Fixed bug #77843 (Use after free with json serializer). (Nikita)
- Opcache:
. Fixed possible crashes, because of inconsistent PCRE cache and opcache
SHM reset. (Alexey Kalinin, Dmitry)
- PDO_MySQL:
. Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
- Reflection:
. Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)
- Session:
. Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)
- SOAP:
. Fixed bug #77945 (Segmentation fault when constructing SoapClient with
WSDL_CACHE_BOTH). (Nikita)
- SPL:
. Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
Duncan)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
- Standard:
. Fixed bug #77931 (Warning for array_map mentions wrong type). (Nikita)
. Fixed bug #78003 (strip_tags output change since PHP 7.3). (cmb)
To generate a diff of this commit:
cvs rdiff -u -r1.259 -r1.260 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/php73/distinfo
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/lang/php/phpversion.mk@1.251.2.8
/
diff
pkgsrc/lang/php72/distinfo@1.38.2.3 / diff
pkgsrc/meta-pkgs/php72-extensions/Makefile@1.2.4.1 / diff
pkgsrc/lang/php72/distinfo@1.38.2.3 / diff
pkgsrc/meta-pkgs/php72-extensions/Makefile@1.2.4.1 / diff
Pullup ticket #5974 - requested by taca
lang/php72: security update
meta-pkgs/php72-extensions: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.259
- lang/php72/distinfo 1.41
- meta-pkgs/php72-extensions/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:33:52 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.19
Update php72 to 7.2.19.
30 May 2019, PHP 7.2.19
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- FPM:
. Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
. Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
- GD:
. Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- JSON:
. Fixed bug #77843 (Use after free with json serializer). (Nikita)
- Opcache:
. Fixed possible crashes, because of inconsistent PCRE cache and opcache
SHM reset. (Alexey Kalinin, Dmitry)
- PDO_MySQL:
. Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
- Reflection:
. Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)
- Session:
. Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)
- SPL:
. Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
Duncan)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
To generate a diff of this commit:
cvs rdiff -u -r1.258 -r1.259 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.40 -r1.41 pkgsrc/lang/php72/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:35:05 UTC 2019
Modified Files:
pkgsrc/meta-pkgs/php72-extensions: Makefile
Log Message:
meta-pkgs/php72-extensions: reset PKGREVISION
Reset PKGREVISION along with update of lang/php72.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/meta-pkgs/php72-extensions/Makefile
lang/php72: security update
meta-pkgs/php72-extensions: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.259
- lang/php72/distinfo 1.41
- meta-pkgs/php72-extensions/Makefile 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:33:52 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.19
Update php72 to 7.2.19.
30 May 2019, PHP 7.2.19
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- FPM:
. Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
. Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)
- GD:
. Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- JSON:
. Fixed bug #77843 (Use after free with json serializer). (Nikita)
- Opcache:
. Fixed possible crashes, because of inconsistent PCRE cache and opcache
SHM reset. (Alexey Kalinin, Dmitry)
- PDO_MySQL:
. Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)
- Reflection:
. Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)
- Session:
. Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)
- SPL:
. Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig
Duncan)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
To generate a diff of this commit:
cvs rdiff -u -r1.258 -r1.259 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.40 -r1.41 pkgsrc/lang/php72/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:35:05 UTC 2019
Modified Files:
pkgsrc/meta-pkgs/php72-extensions: Makefile
Log Message:
meta-pkgs/php72-extensions: reset PKGREVISION
Reset PKGREVISION along with update of lang/php72.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/meta-pkgs/php72-extensions/Makefile
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/lang/php/phpversion.mk@1.251.2.7
/
diff
pkgsrc/lang/php71/distinfo@1.49.2.3 / diff
pkgsrc/meta-pkgs/php71-extensions/Makefile@1.5.4.1 / diff
pkgsrc/lang/php71/distinfo@1.49.2.3 / diff
pkgsrc/meta-pkgs/php71-extensions/Makefile@1.5.4.1 / diff
Pullup ticket #5973 - requested by taca
lang/php71: security update
meta-pkgs/php71-extensions: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.258
- lang/php71/distinfo 1.52
- meta-pkgs/php71-extensions/Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:28:07 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: update to 7.1.30
Update php71 to 7.1.30.
30 May 2019, PHP 7.1.30
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- GD:
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
To generate a diff of this commit:
cvs rdiff -u -r1.257 -r1.258 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.51 -r1.52 pkgsrc/lang/php71/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:29:40 UTC 2019
Modified Files:
pkgsrc/meta-pkgs/php71-extensions: Makefile
Log Message:
meta-pkgs/php71-extensions: reset PKGREVISION
Reset PKGREVISION along with update of lang/php71.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/meta-pkgs/php71-extensions/Makefile
lang/php71: security update
meta-pkgs/php71-extensions: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.258
- lang/php71/distinfo 1.52
- meta-pkgs/php71-extensions/Makefile 1.6
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:28:07 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: update to 7.1.30
Update php71 to 7.1.30.
30 May 2019, PHP 7.1.30
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040) (Stas)
- GD:
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038) (cmb)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039). (maris dot adam)
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
To generate a diff of this commit:
cvs rdiff -u -r1.257 -r1.258 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.51 -r1.52 pkgsrc/lang/php71/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 1 15:29:40 UTC 2019
Modified Files:
pkgsrc/meta-pkgs/php71-extensions: Makefile
Log Message:
meta-pkgs/php71-extensions: reset PKGREVISION
Reset PKGREVISION along with update of lang/php71.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/meta-pkgs/php71-extensions/Makefile
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/net/samba4/Makefile@1.63.2.2
/
diff
pkgsrc/net/samba4/PLIST.Linux@1.1.6.1 / diff
pkgsrc/net/samba4/distinfo@1.25.2.2 / diff
pkgsrc/net/samba4/PLIST.Linux@1.1.6.1 / diff
pkgsrc/net/samba4/distinfo@1.25.2.2 / diff
Pullup ticket #5972 - requested by taca
net/samba4: security update
Revisions pulled up:
- net/samba4/Makefile 1.67
- net/samba4/PLIST.Linux 1.2
- net/samba4/distinfo 1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Apr 23 07:42:53 UTC 2019
Modified Files:
pkgsrc/net/samba4: PLIST.Linux
Log Message:
samba4: update Linux-specific PLIST entries
from mmoll in https://github.com/NetBSD/pkgsrc/pull/46
I am not adding the SunOS part because the files are in the non-OS specific
PLIST, now (the SunOS entries seem to be duplicated)
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/samba4/PLIST.Linux
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Thu Apr 25 07:33:32 UTC 2019
Modified Files:
pkgsrc/archivers/bmap-tools: Makefile
pkgsrc/archivers/engrampa: Makefile
pkgsrc/archivers/rox-archive: Makefile
pkgsrc/audio/aeneas: Makefile
pkgsrc/audio/amaroc: Makefile
pkgsrc/audio/ardour: Makefile
pkgsrc/audio/aubio: Makefile
pkgsrc/audio/cplay: Makefile
pkgsrc/audio/csound5: Makefile
pkgsrc/audio/csound6: Makefile
pkgsrc/audio/csound6-manual: Makefile
pkgsrc/audio/exaile: Makefile
pkgsrc/audio/eyeD3: Makefile
pkgsrc/audio/gtkpod: Makefile
pkgsrc/audio/icecast1: Makefile
pkgsrc/audio/ices-mp3: Makefile
pkgsrc/audio/libmatemixer: Makefile
pkgsrc/audio/lilv: Makefile
pkgsrc/audio/lv2: Makefile
pkgsrc/audio/moss: Makefile
pkgsrc/audio/picard: Makefile
pkgsrc/audio/playitslowly: Makefile
pkgsrc/audio/pocketsphinx: Makefile
pkgsrc/audio/pulseaudio: Makefile
pkgsrc/audio/py-beets: Makefile
pkgsrc/audio/quodlibet2: Makefile
pkgsrc/audio/rhythmbox: Makefile
pkgsrc/audio/solfege: Makefile
pkgsrc/audio/sonata: Makefile
pkgsrc/audio/sphinxtrain: Makefile
pkgsrc/audio/suil: Makefile
pkgsrc/audio/tunapie: Makefile
pkgsrc/benchmarks/fio: Makefile
pkgsrc/benchmarks/glmark2: Makefile
pkgsrc/biology/bcftools: Makefile
pkgsrc/biology/hisat2: Makefile
pkgsrc/biology/ncbi-blast+: Makefile
pkgsrc/biology/samtools: Makefile
pkgsrc/biology/stacks: Makefile
pkgsrc/cad/geda: Makefile
pkgsrc/cad/klayout: Makefile
pkgsrc/cad/openscad: Makefile
pkgsrc/chat/bitlbee: Makefile
pkgsrc/chat/centerim: Makefile
pkgsrc/chat/centerim5: Makefile
pkgsrc/chat/empathy: Makefile
pkgsrc/chat/gajim: Makefile
pkgsrc/chat/gajim-plugin-omemo: Makefile
pkgsrc/chat/hexchat: Makefile
pkgsrc/chat/konversation: Makefile
pkgsrc/chat/libpurple: Makefile
pkgsrc/chat/libtelepathy: Makefile
pkgsrc/chat/spectrum: Makefile
pkgsrc/chat/swift: Makefile
pkgsrc/chat/telepathy-farsight: Makefile
pkgsrc/chat/telepathy-gabble: Makefile
pkgsrc/chat/telepathy-glib: Makefile
pkgsrc/chat/telepathy-idle: Makefile
pkgsrc/chat/telepathy-logger: Makefile
pkgsrc/chat/telepathy-mission-control: Makefile
pkgsrc/chat/telepathy-mission-control5: Makefile
pkgsrc/chat/telepathy-qt: Makefile
pkgsrc/chat/tootstream: Makefile
pkgsrc/comms/multisync-gui: Makefile
pkgsrc/converters/libkkc: Makefile
pkgsrc/converters/sratom: Makefile
pkgsrc/converters/unoconv: Makefile
pkgsrc/converters/wkhtmltopdf: Makefile
pkgsrc/databases/apache-cassandra: Makefile
pkgsrc/databases/apache-cassandra2: Makefile
pkgsrc/databases/gourmet: Makefile
pkgsrc/databases/gramps3: Makefile
pkgsrc/databases/ldb: Makefile
pkgsrc/databases/libpqxx: Makefile
pkgsrc/databases/luma: Makefile
pkgsrc/databases/mongodb: Makefile
pkgsrc/databases/mysql-cluster: Makefile
pkgsrc/databases/mysql-workbench: Makefile
pkgsrc/databases/oraedit: Makefile
pkgsrc/databases/postgresql10-plpython: Makefile
pkgsrc/databases/postgresql11-plpython: Makefile
pkgsrc/databases/postgresql93-plpython: Makefile
pkgsrc/databases/postgresql94-plpython: Makefile
pkgsrc/databases/postgresql95-plpython: Makefile
pkgsrc/databases/postgresql96-plpython: Makefile
pkgsrc/databases/skytools: Makefile
pkgsrc/databases/sqlrelay-nodejs: Makefile
pkgsrc/databases/tdb: Makefile
pkgsrc/devel/ExmanIDE: Makefile
pkgsrc/devel/GConf: Makefile
pkgsrc/devel/RBTools: Makefile
pkgsrc/devel/accerciser: Makefile
pkgsrc/devel/accerciser3: Makefile
pkgsrc/devel/anjuta: Makefile
pkgsrc/devel/appdata-tools: Makefile
pkgsrc/devel/arcanist: Makefile
pkgsrc/devel/boa-constructor: Makefile
pkgsrc/devel/bpython: Makefile
pkgsrc/devel/bzr: Makefile
pkgsrc/devel/bzr-explorer: Makefile
pkgsrc/devel/bzr-gtk: Makefile
pkgsrc/devel/bzr-svn: Makefile
pkgsrc/devel/bzrtools: Makefile
pkgsrc/devel/clion-bin: Makefile
pkgsrc/devel/coccinelle: Makefile
pkgsrc/devel/codeville: Makefile
pkgsrc/devel/cppcheck: Makefile
pkgsrc/devel/ctemplate: Makefile
pkgsrc/devel/cvs-fast-export: Makefile
pkgsrc/devel/cvs2svn: Makefile
pkgsrc/devel/dconf: Makefile
pkgsrc/devel/diffuse: Makefile
pkgsrc/devel/distcc-pump: Makefile
pkgsrc/devel/doxygen: Makefile
pkgsrc/devel/epydoc: Makefile
pkgsrc/devel/eric4: Makefile
pkgsrc/devel/etrace: Makefile
pkgsrc/devel/fromcvs: Makefile
pkgsrc/devel/gdb: Makefile
pkgsrc/devel/gdb7: Makefile
pkgsrc/devel/gdbus-codegen: Makefile
pkgsrc/devel/git-remote-hg: Makefile
pkgsrc/devel/glib2: Makefile
pkgsrc/devel/glib2-tools: Makefile
pkgsrc/devel/global: Makefile
pkgsrc/devel/gnatpython: Makefile
pkgsrc/devel/go-cli: Makefile
pkgsrc/devel/go-termbox: Makefile
pkgsrc/devel/gobject-introspection: Makefile
pkgsrc/devel/gps: Makefile
pkgsrc/devel/hyperscan: Makefile
pkgsrc/devel/include-what-you-use: Makefile
pkgsrc/devel/intellij-ce-bin: Makefile
pkgsrc/devel/intellij-ue-bin: Makefile
pkgsrc/devel/kcachegrind: Makefile
pkgsrc/devel/kde-dev-scripts: Makefile
pkgsrc/devel/ko-po-check: Makefile
pkgsrc/devel/kpackage: Makefile
pkgsrc/devel/kpeople: Makefile
pkgsrc/devel/kpty: Makefile
pkgsrc/devel/kservice: Makefile
pkgsrc/devel/lettuce: Makefile
pkgsrc/devel/libdbusmenu-tools: Makefile
pkgsrc/devel/libftdi1: Makefile
pkgsrc/devel/libgit2: Makefile
pkgsrc/devel/libhid: Makefile
pkgsrc/devel/libpeas: Makefile
pkgsrc/devel/librdkafka: Makefile
pkgsrc/devel/lld: Makefile
pkgsrc/devel/lldb: Makefile
pkgsrc/devel/lokalize: Makefile
pkgsrc/devel/mate-common: Makefile
pkgsrc/devel/meld: Makefile
pkgsrc/devel/mercurial: Makefile
pkgsrc/devel/ncc: Makefile
pkgsrc/devel/netbeans-ide: Makefile
pkgsrc/devel/ninja-build: Makefile
pkgsrc/devel/phpstorm-bin: Makefile
pkgsrc/devel/ply: Makefile
pkgsrc/devel/py-gobject-shared: Makefile
pkgsrc/devel/py-proteus: Makefile
pkgsrc/devel/pycharm-bin: Makefile
pkgsrc/devel/pythontidy: Makefile
pkgsrc/devel/qbzr: Makefile
pkgsrc/devel/radare2-cutter: Makefile
pkgsrc/devel/reposurgeon: Makefile
pkgsrc/devel/ropper: Makefile
pkgsrc/devel/roundup: Makefile
pkgsrc/devel/rox-lib: Makefile
pkgsrc/devel/rubymine-bin: Makefile
pkgsrc/devel/sdcc3: Makefile
pkgsrc/devel/stgit: Makefile
pkgsrc/devel/subversion: Makefile
pkgsrc/devel/swig2: Makefile
pkgsrc/devel/tailor: Makefile
pkgsrc/devel/talloc: Makefile
pkgsrc/devel/tevent: Makefile
pkgsrc/devel/umbrello: Makefile
pkgsrc/devel/undebt: Makefile
pkgsrc/devel/waf: Makefile
pkgsrc/editors/Sigil: Makefile
pkgsrc/editors/TeXmacs: Makefile
pkgsrc/editors/cooledit: Makefile
pkgsrc/editors/gedit-python: Makefile
pkgsrc/editors/gedit3: Makefile
pkgsrc/editors/kate: Makefile
pkgsrc/editors/lyx: Makefile
pkgsrc/editors/medit: Makefile
pkgsrc/editors/nts: Makefile
pkgsrc/editors/pluma: Makefile
pkgsrc/editors/retext: Makefile
pkgsrc/editors/rox-edit: Makefile
pkgsrc/emulators/dynagen: Makefile
pkgsrc/emulators/fs-uae-arcade: Makefile
pkgsrc/emulators/fs-uae-launcher: Makefile
pkgsrc/emulators/gns3: Makefile
pkgsrc/emulators/hatari: Makefile
pkgsrc/emulators/keystone: Makefile
pkgsrc/emulators/libretro-dolphin: Makefile
pkgsrc/emulators/mame: Makefile
pkgsrc/emulators/openmsx: Makefile
pkgsrc/emulators/qemu: Makefile
pkgsrc/emulators/simulavr: Makefile
pkgsrc/emulators/snes9x-gtk: Makefile
pkgsrc/emulators/unicorn: Makefile
pkgsrc/filesystems/fuse-gmailfs: Makefile
pkgsrc/filesystems/fuse-pcachefs: Makefile
pkgsrc/filesystems/fuse-wikipediafs: Makefile
pkgsrc/filesystems/glusterfs: Makefile
pkgsrc/filesystems/tahoe-lafs: Makefile
pkgsrc/finance/gnucash: Makefile
pkgsrc/finance/ledger: Makefile
pkgsrc/finance/moneyguru: Makefile
pkgsrc/fonts/fontforge: Makefile
pkgsrc/fonts/mftrace: Makefile
pkgsrc/fonts/mkfontalias: Makefile
pkgsrc/games/4stAttack: Makefile
pkgsrc/games/accelerator3d: Makefile
pkgsrc/games/blindmine: Makefile
pkgsrc/games/crossfire-server: Makefile
pkgsrc/games/duckmaze: Makefile
pkgsrc/games/flare-engine: Makefile
pkgsrc/games/flare-game: Makefile
pkgsrc/games/gcompris: Makefile
pkgsrc/games/gnome-games: Makefile
pkgsrc/games/jools: Makefile
pkgsrc/games/kajongg: Makefile
pkgsrc/games/kye: Makefile
pkgsrc/games/monsterz: Makefile
pkgsrc/games/pysolfc: Makefile
pkgsrc/games/pytraffic: Makefile
pkgsrc/games/quakeforge: Makefile
pkgsrc/games/scid: Makefile
pkgsrc/games/singularity: Makefile
pkgsrc/games/stegavorto: Makefile
pkgsrc/games/teeworlds: Makefile
pkgsrc/games/wesnoth: Makefile
pkgsrc/geography/gpsd: Makefile
pkgsrc/geography/proj-swig: Makefile
pkgsrc/geography/qgis: Makefile
pkgsrc/graphics/MesaLib: Makefile
pkgsrc/graphics/MesaLib18: Makefile
pkgsrc/graphics/MesaLib7: Makefile
pkgsrc/graphics/aqsis: Makefile
pkgsrc/graphics/asymptote: Makefile
pkgsrc/graphics/blender: Makefile
pkgsrc/graphics/cinepaint: Makefile
pkgsrc/graphics/comix: Makefile
pkgsrc/graphics/dia-python: Makefile
pkgsrc/graphics/edje: Makefile
pkgsrc/graphics/eog: Makefile
pkgsrc/graphics/gif2png: Makefile
pkgsrc/graphics/graphite2: Makefile
pkgsrc/graphics/hugin: Makefile
pkgsrc/graphics/inkscape: Makefile
pkgsrc/graphics/jbig2dec: Makefile
pkgsrc/graphics/kiconthemes: Makefile
pkgsrc/graphics/krita: Makefile
pkgsrc/graphics/lensfun: Makefile
pkgsrc/graphics/libepoxy: Makefile
pkgsrc/graphics/libscigraphica: Makefile
pkgsrc/graphics/mate-backgrounds: Makefile
pkgsrc/graphics/mate-icon-theme: Makefile
pkgsrc/graphics/mate-icon-theme-faenza: Makefile
pkgsrc/graphics/mate-themes: Makefile
pkgsrc/graphics/mypaint: Makefile
pkgsrc/graphics/opencv: Makefile
pkgsrc/graphics/opencv-contrib-face: Makefile
pkgsrc/graphics/opencv2: Makefile
pkgsrc/graphics/scidavis: Makefile
pkgsrc/graphics/scigraphica: Makefile
pkgsrc/graphics/skencil: Makefile
pkgsrc/graphics/veusz: Makefile
pkgsrc/graphics/xdot: Makefile
pkgsrc/ham/chirp: Makefile
pkgsrc/ham/cwtext: Makefile
pkgsrc/ham/gr-fcdproplus: Makefile
pkgsrc/ham/gr-osmosdr: Makefile
pkgsrc/ham/hackrf: Makefile
pkgsrc/ham/uhd: Makefile
pkgsrc/inputmethod/ibus: Makefile
pkgsrc/inputmethod/ibus-anthy: Makefile
pkgsrc/inputmethod/ibus-array: Makefile
pkgsrc/inputmethod/ibus-hangul: Makefile
pkgsrc/inputmethod/ibus-libpinyin: Makefile
pkgsrc/inputmethod/ibus-pinyin: Makefile
pkgsrc/inputmethod/ibus-table: Makefile
pkgsrc/inputmethod/ibus-table-others: Makefile
pkgsrc/inputmethod/ibus-tegaki: Makefile
pkgsrc/inputmethod/tegaki-pygtk: Makefile
pkgsrc/inputmethod/tegaki-python: Makefile
pkgsrc/inputmethod/tegaki-recognize: Makefile
pkgsrc/inputmethod/tegaki-tools: Makefile
pkgsrc/inputmethod/tegaki-train: Makefile
pkgsrc/inputmethod/tegaki-wagomu: Makefile
pkgsrc/lang/clang: Makefile
pkgsrc/lang/clang-static-analyzer: Makefile
pkgsrc/lang/clang-tools-extra: Makefile
pkgsrc/lang/compiler-rt: Makefile
pkgsrc/lang/coq: Makefile
pkgsrc/lang/coreclr: Makefile
pkgsrc/lang/gcc8: Makefile
pkgsrc/lang/libLLVM: Makefile
pkgsrc/lang/libLLVM34: Makefile
pkgsrc/lang/libLLVM4: Makefile
pkgsrc/lang/likepython: Makefile
pkgsrc/lang/llvm: Makefile
pkgsrc/lang/micropython: Makefile
pkgsrc/lang/mono: Makefile
pkgsrc/lang/mono2: Makefile
pkgsrc/lang/npm: Makefile
pkgsrc/lang/nuitka: Makefile
pkgsrc/lang/pfe: Makefile
pkgsrc/lang/rust: Makefile
pkgsrc/lang/spidermonkey185: Makefile
pkgsrc/lang/spidermonkey52: Makefile
pkgsrc/mail/archivemail: Makefile
pkgsrc/mail/evolution-data-server: Makefile
pkgsrc/mail/fetchmailconf: Makefile
pkgsrc/mail/getmail: Makefile
pkgsrc/mail/mailman: Makefile
pkgsrc/mail/newspipe: Makefile
pkgsrc/mail/notmuch: Makefile
pkgsrc/mail/offlineimap: Makefile
pkgsrc/mail/pymsgauth: Makefile
pkgsrc/mail/queue-repair: Makefile
pkgsrc/mail/roundcube-plugin-enigma: Makefile
pkgsrc/mail/roundcube-plugin-password: Makefile
pkgsrc/mail/roundcube-plugin-zipdownload: Makefile
pkgsrc/mail/rss2email: Makefile
pkgsrc/mail/tmda: Makefile
pkgsrc/math/cantor: Makefile
pkgsrc/math/crfsuite: Makefile
pkgsrc/math/djbsort: Makefile
pkgsrc/math/gnumeric112: Makefile
pkgsrc/math/libshorttext: Makefile
pkgsrc/math/libsvm: Makefile
pkgsrc/math/maxima: Makefile
pkgsrc/math/sundials: Makefile
pkgsrc/math/units: Makefile
pkgsrc/math/z3: Makefile
pkgsrc/meta-pkgs/boost: Makefile
pkgsrc/meta-pkgs/bulk-large: Makefile
pkgsrc/meta-pkgs/bulk-medium: Makefile
pkgsrc/meta-pkgs/bulk-small: Makefile
pkgsrc/meta-pkgs/gnome: Makefile
pkgsrc/meta-pkgs/py-gnome-bindings: Makefile
pkgsrc/meta-pkgs/qmail-server: Makefile
pkgsrc/misc/byobu: Makefile
pkgsrc/misc/calibre: Makefile
pkgsrc/misc/deskbar-applet: Makefile
pkgsrc/misc/gaupol: Makefile
pkgsrc/misc/khard: Makefile
pkgsrc/misc/kig: Makefile
pkgsrc/misc/kunitconversion: Makefile
pkgsrc/misc/labelnation: Makefile
pkgsrc/misc/libkkc-data: Makefile
pkgsrc/misc/libmateweather: Makefile
pkgsrc/misc/libreoffice: Makefile
pkgsrc/misc/mate-calc: Makefile
pkgsrc/misc/mate-utils: Makefile
pkgsrc/misc/mnemosyne: Makefile
pkgsrc/misc/mtail: Makefile
pkgsrc/misc/orca: Makefile
pkgsrc/misc/rlwrap: Makefile
pkgsrc/misc/routeplanner-cli: Makefile
pkgsrc/misc/rox-memo: Makefile
pkgsrc/misc/superkaramba: Makefile
pkgsrc/misc/tellico: Makefile
pkgsrc/misc/todoman: Makefile
pkgsrc/multimedia/farsight2: Makefile
pkgsrc/multimedia/kodi: Makefile
pkgsrc/multimedia/mate-media: Makefile
pkgsrc/multimedia/mpv: Makefile
pkgsrc/multimedia/pitivi: Makefile
pkgsrc/multimedia/streamlink: Makefile
pkgsrc/net/Radicale: Makefile
pkgsrc/net/Radicale2: Makefile
pkgsrc/net/bittornado: Makefile
pkgsrc/net/bittornado-gui: Makefile
pkgsrc/net/bittorrent: Makefile
pkgsrc/net/bittorrent-gui: Makefile
pkgsrc/net/calypso: Makefile
pkgsrc/net/coda: Makefile
pkgsrc/net/coherence: Makefile
pkgsrc/net/coursera-dl: Makefile
pkgsrc/net/exabgp: Makefile
pkgsrc/net/flow-tools: Makefile
pkgsrc/net/freeradius-python: Makefile
pkgsrc/net/gallery-dl: Makefile
pkgsrc/net/gitso: Makefile
pkgsrc/net/glib-networking: Makefile
pkgsrc/net/gupnp: Makefile
pkgsrc/net/httpstat: Makefile
pkgsrc/net/ipcheck: Makefile
pkgsrc/net/knot: Makefile
pkgsrc/net/mate-user-share: Makefile
pkgsrc/net/mimms: Makefile
pkgsrc/net/mitmproxy: Makefile
pkgsrc/net/nagstamon: Makefile
pkgsrc/net/ndiff: Makefile
pkgsrc/net/netatalk3: Makefile
pkgsrc/net/netatalk30: Makefile
pkgsrc/net/nicotine: Makefile
pkgsrc/net/nicovideo-dl: Makefile
pkgsrc/net/ntop: Makefile
pkgsrc/net/nyx: Makefile
pkgsrc/net/omniORB: Makefile
pkgsrc/net/onionbalance: Makefile
pkgsrc/net/openconnect: Makefile
pkgsrc/net/pygopherd: Makefile
pkgsrc/net/rabbitmq: Makefile
pkgsrc/net/ruby-recog: Makefile
pkgsrc/net/samba4: Makefile
pkgsrc/net/scapy: Makefile
pkgsrc/net/speedtest-cli: Makefile
pkgsrc/net/syncthing-gtk: Makefile
pkgsrc/net/upnpinspector: Makefile
pkgsrc/net/wireshark: Makefile
pkgsrc/net/youtube-dl: Makefile
pkgsrc/net/zenmap: Makefile
pkgsrc/news/hellanzb: Makefile
pkgsrc/news/lottanzb: Makefile
pkgsrc/parallel/ganglia-monitor-core: Makefile
pkgsrc/parallel/slurm-wlm: Makefile
pkgsrc/pkgtools/gnome-packagekit: Makefile
pkgsrc/pkgtools/packagekit: Makefile
pkgsrc/print/atril: Makefile
pkgsrc/print/bg5pdf: Makefile
pkgsrc/print/bg5ps: Makefile
pkgsrc/print/electrix: Makefile
pkgsrc/print/hplip: Makefile
pkgsrc/print/lilypond: Makefile
pkgsrc/print/pdf-redact-tools: Makefile
pkgsrc/print/pdfshuffler: Makefile
pkgsrc/print/poppler-glib: Makefile
pkgsrc/print/scribus-qt4: Makefile
pkgsrc/print/tex-changes: Makefile
pkgsrc/print/tex-minted: Makefile
pkgsrc/security/PACK: Makefile
pkgsrc/security/botan: Makefile
pkgsrc/security/botan-devel: Makefile
pkgsrc/security/fail2ban: Makefile
pkgsrc/security/flawfinder: Makefile
pkgsrc/security/fsh: Makefile
pkgsrc/security/hitch: Makefile
pkgsrc/security/kwallet: Makefile
pkgsrc/security/libprelude-python: Makefile
pkgsrc/security/libpreludedb-python: Makefile
pkgsrc/security/mate-polkit: Makefile
pkgsrc/security/mbedtls: Makefile
pkgsrc/security/mixminion: Makefile
pkgsrc/security/pcsc-lite: Makefile
pkgsrc/security/prelude-correlator: Makefile
pkgsrc/security/pyca: Makefile
pkgsrc/security/sqlmap: Makefile
pkgsrc/security/sshfp: Makefile
pkgsrc/security/volatility: Makefile
pkgsrc/shells/autojump: Makefile
pkgsrc/shells/fish: Makefile
pkgsrc/shells/lshell: Makefile
pkgsrc/shells/xonsh: Makefile
pkgsrc/sysutils/ansible2: Makefile
pkgsrc/sysutils/binwalk: Makefile
pkgsrc/sysutils/bup: Makefile
pkgsrc/sysutils/caja: Makefile
pkgsrc/sysutils/caja-dropbox: Makefile
pkgsrc/sysutils/caja-extensions: Makefile
pkgsrc/sysutils/cuisine: Makefile
pkgsrc/sysutils/dbus-python-common: Makefile
pkgsrc/sysutils/dupeguru: Makefile
pkgsrc/sysutils/duplicity: Makefile
pkgsrc/sysutils/fabric: Makefile
pkgsrc/sysutils/gnome-commander: Makefile
pkgsrc/sysutils/htop: Makefile
pkgsrc/sysutils/kfilemetadata5: Makefile
pkgsrc/sysutils/libvirt: Makefile
pkgsrc/sysutils/lnav: Makefile
pkgsrc/sysutils/logfinder: Makefile
pkgsrc/sysutils/manifold: Makefile
pkgsrc/sysutils/mate-notification-daemon: Makefile
pkgsrc/sysutils/mate-power-manager: Makefile
pkgsrc/sysutils/mate-sensors-applet: Makefile
pkgsrc/sysutils/monitoring: Makefile
pkgsrc/sysutils/munin-doc: Makefile
pkgsrc/sysutils/munin-node: Makefile
pkgsrc/sysutils/openstack_init: Makefile
pkgsrc/sysutils/openxenmanager: Makefile
pkgsrc/sysutils/ovmf: Makefile
pkgsrc/sysutils/polysh: Makefile
pkgsrc/sysutils/rdiff-backup: Makefile
pkgsrc/sysutils/rsyslog: Makefile
pkgsrc/sysutils/rsyslog-dbi: Makefile
pkgsrc/sysutils/rsyslog-elasticsearch: Makefile
pkgsrc/sysutils/rsyslog-gnutls: Makefile
pkgsrc/sysutils/rsyslog-gssapi: Makefile
pkgsrc/sysutils/rsyslog-kafka: Makefile
pkgsrc/sysutils/rsyslog-libgcrypt: Makefile
pkgsrc/sysutils/rsyslog-mysql: Makefile
pkgsrc/sysutils/rsyslog-omprog: Makefile
pkgsrc/sysutils/rsyslog-pgsql: Makefile
pkgsrc/sysutils/rsyslog-rabbitmq: Makefile
pkgsrc/sysutils/rsyslog-relp: Makefile
pkgsrc/sysutils/rsyslog-snmp: Makefile
pkgsrc/sysutils/salt: Makefile
pkgsrc/sysutils/salt-docs: Makefile
pkgsrc/sysutils/tdir: Makefile
pkgsrc/sysutils/virt-manager: Makefile
pkgsrc/sysutils/virtinst: Makefile
pkgsrc/sysutils/vxargs: Makefile
pkgsrc/sysutils/xenkernel411: Makefile
pkgsrc/sysutils/xenkernel42: Makefile
pkgsrc/sysutils/xenkernel45: Makefile
pkgsrc/sysutils/xenkernel46: Makefile
pkgsrc/sysutils/xenkernel48: Makefile
pkgsrc/sysutils/xenstoretools: Makefile
pkgsrc/sysutils/xentools411: Makefile
pkgsrc/sysutils/xentools42: Makefile
pkgsrc/sysutils/xentools45: Makefile
pkgsrc/sysutils/xentools46: Makefile
pkgsrc/sysutils/xentools48: Makefile
pkgsrc/textproc/asciidoc: Makefile
pkgsrc/textproc/cmark: Makefile
pkgsrc/textproc/coccigrep: Makefile
pkgsrc/textproc/csvkit: Makefile
pkgsrc/textproc/csvtomd: Makefile
pkgsrc/textproc/dblatex: Makefile
pkgsrc/textproc/doclifter: Makefile
pkgsrc/textproc/gnome-doc-utils: Makefile
pkgsrc/textproc/gtk-doc: Makefile
pkgsrc/textproc/icu: Makefile
pkgsrc/textproc/iso-codes: Makefile
pkgsrc/textproc/ispell-lt: Makefile
pkgsrc/textproc/itstool: Makefile
pkgsrc/textproc/kapidox: Makefile
pkgsrc/textproc/libplist: Makefile
pkgsrc/textproc/libxlsxwriter: Makefile
pkgsrc/textproc/queequeg: Makefile
pkgsrc/textproc/rubber: Makefile
pkgsrc/textproc/serd: Makefile
pkgsrc/textproc/sord: Makefile
pkgsrc/textproc/subliminal: Makefile
pkgsrc/textproc/translate-toolkit: Makefile
pkgsrc/textproc/xmlada: Makefile
pkgsrc/textproc/xxdiff-scripts: Makefile
pkgsrc/textproc/yelp-tools: Makefile
pkgsrc/textproc/yelp-xsl: Makefile
pkgsrc/textproc/yodl: Makefile
pkgsrc/time/etm: Makefile
pkgsrc/time/hamster-applet: Makefile
pkgsrc/time/khal: Makefile
pkgsrc/time/ntpsec: Makefile
pkgsrc/time/wxRemind: Makefile
pkgsrc/wm/bmpanel2: Makefile
pkgsrc/wm/ccsm: Makefile
pkgsrc/wm/marco: Makefile
pkgsrc/wm/mate-netbook: Makefile
pkgsrc/wm/openbox: Makefile
pkgsrc/wm/oroborox: Makefile
pkgsrc/www/aws: Makefile
pkgsrc/www/bluefish: Makefile
pkgsrc/www/browser-bookmarks-menu: Makefile
pkgsrc/www/cherokee: Makefile
pkgsrc/www/clearsilver: Makefile
pkgsrc/www/cliqz: Makefile
pkgsrc/www/cppcms: Makefile
pkgsrc/www/ies4linux: Makefile
pkgsrc/www/ikiwiki: Makefile
pkgsrc/www/libpsl: Makefile
pkgsrc/www/loggerhead: Makefile
pkgsrc/www/nghttp2: Makefile
pkgsrc/www/php-concrete5: Makefile
pkgsrc/www/php-nextcloud: Makefile
pkgsrc/www/php-owncloud: Makefile
pkgsrc/www/py-flask-restplus: Makefile
pkgsrc/www/ruby-pygments.rb: Makefile
pkgsrc/www/trac: Makefile
pkgsrc/www/trafficserver: Makefile
pkgsrc/www/urlgrabber: Makefile
pkgsrc/www/varnish: Makefile
pkgsrc/www/viewvc: Makefile
pkgsrc/www/webkit-gtk: Makefile
pkgsrc/www/zopeedit: Makefile
pkgsrc/x11/alacarte: Makefile
pkgsrc/x11/arandr: Makefile
pkgsrc/x11/avant-window-navigator: Makefile
pkgsrc/x11/caribou: Makefile
pkgsrc/x11/driconf: Makefile
pkgsrc/x11/gnome-applets: Makefile
pkgsrc/x11/gnome-desktop: Makefile
pkgsrc/x11/gnome-mag: Makefile
pkgsrc/x11/gnome-terminal: Makefile
pkgsrc/x11/gtk2: Makefile
pkgsrc/x11/gtkada: Makefile
pkgsrc/x11/kconfigwidgets: Makefile
pkgsrc/x11/kde-runtime4: Makefile
pkgsrc/x11/kde-workspace4: Makefile
pkgsrc/x11/kde4-l10n-sr: Makefile
pkgsrc/x11/kitty: Makefile
pkgsrc/x11/ktextwidgets: Makefile
pkgsrc/x11/kxmlgui: Makefile
pkgsrc/x11/libdesktop-agnostic: Makefile
pkgsrc/x11/libmatekbd: Makefile
pkgsrc/x11/libxcb: Makefile
pkgsrc/x11/mate-applets: Makefile
pkgsrc/x11/mate-control-center: Makefile
pkgsrc/x11/mate-desktop: Makefile
pkgsrc/x11/mate-indicator-applet: Makefile
pkgsrc/x11/mate-menus: Makefile
pkgsrc/x11/mate-panel: Makefile
pkgsrc/x11/mate-screensaver: Makefile
pkgsrc/x11/mate-session-manager: Makefile
pkgsrc/x11/mate-settings-daemon: Makefile
pkgsrc/x11/mate-terminal: Makefile
pkgsrc/x11/mozo: Makefile
pkgsrc/x11/qt5-qtdeclarative: Makefile
pkgsrc/x11/qt5-qtwebkit: Makefile
pkgsrc/x11/rox-session: Makefile
pkgsrc/x11/rox-wallpaper: Makefile
pkgsrc/x11/xcb-proto: Makefile
Log Message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.
This is a semi-manual PKGREVISION bump.
To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed May 15 09:07:21 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.3
Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum).
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.67 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/samba4/distinfo
net/samba4: security update
Revisions pulled up:
- net/samba4/Makefile 1.67
- net/samba4/PLIST.Linux 1.2
- net/samba4/distinfo 1.28
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue Apr 23 07:42:53 UTC 2019
Modified Files:
pkgsrc/net/samba4: PLIST.Linux
Log Message:
samba4: update Linux-specific PLIST entries
from mmoll in https://github.com/NetBSD/pkgsrc/pull/46
I am not adding the SunOS part because the files are in the non-OS specific
PLIST, now (the SunOS entries seem to be duplicated)
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/samba4/PLIST.Linux
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Thu Apr 25 07:33:32 UTC 2019
Modified Files:
pkgsrc/archivers/bmap-tools: Makefile
pkgsrc/archivers/engrampa: Makefile
pkgsrc/archivers/rox-archive: Makefile
pkgsrc/audio/aeneas: Makefile
pkgsrc/audio/amaroc: Makefile
pkgsrc/audio/ardour: Makefile
pkgsrc/audio/aubio: Makefile
pkgsrc/audio/cplay: Makefile
pkgsrc/audio/csound5: Makefile
pkgsrc/audio/csound6: Makefile
pkgsrc/audio/csound6-manual: Makefile
pkgsrc/audio/exaile: Makefile
pkgsrc/audio/eyeD3: Makefile
pkgsrc/audio/gtkpod: Makefile
pkgsrc/audio/icecast1: Makefile
pkgsrc/audio/ices-mp3: Makefile
pkgsrc/audio/libmatemixer: Makefile
pkgsrc/audio/lilv: Makefile
pkgsrc/audio/lv2: Makefile
pkgsrc/audio/moss: Makefile
pkgsrc/audio/picard: Makefile
pkgsrc/audio/playitslowly: Makefile
pkgsrc/audio/pocketsphinx: Makefile
pkgsrc/audio/pulseaudio: Makefile
pkgsrc/audio/py-beets: Makefile
pkgsrc/audio/quodlibet2: Makefile
pkgsrc/audio/rhythmbox: Makefile
pkgsrc/audio/solfege: Makefile
pkgsrc/audio/sonata: Makefile
pkgsrc/audio/sphinxtrain: Makefile
pkgsrc/audio/suil: Makefile
pkgsrc/audio/tunapie: Makefile
pkgsrc/benchmarks/fio: Makefile
pkgsrc/benchmarks/glmark2: Makefile
pkgsrc/biology/bcftools: Makefile
pkgsrc/biology/hisat2: Makefile
pkgsrc/biology/ncbi-blast+: Makefile
pkgsrc/biology/samtools: Makefile
pkgsrc/biology/stacks: Makefile
pkgsrc/cad/geda: Makefile
pkgsrc/cad/klayout: Makefile
pkgsrc/cad/openscad: Makefile
pkgsrc/chat/bitlbee: Makefile
pkgsrc/chat/centerim: Makefile
pkgsrc/chat/centerim5: Makefile
pkgsrc/chat/empathy: Makefile
pkgsrc/chat/gajim: Makefile
pkgsrc/chat/gajim-plugin-omemo: Makefile
pkgsrc/chat/hexchat: Makefile
pkgsrc/chat/konversation: Makefile
pkgsrc/chat/libpurple: Makefile
pkgsrc/chat/libtelepathy: Makefile
pkgsrc/chat/spectrum: Makefile
pkgsrc/chat/swift: Makefile
pkgsrc/chat/telepathy-farsight: Makefile
pkgsrc/chat/telepathy-gabble: Makefile
pkgsrc/chat/telepathy-glib: Makefile
pkgsrc/chat/telepathy-idle: Makefile
pkgsrc/chat/telepathy-logger: Makefile
pkgsrc/chat/telepathy-mission-control: Makefile
pkgsrc/chat/telepathy-mission-control5: Makefile
pkgsrc/chat/telepathy-qt: Makefile
pkgsrc/chat/tootstream: Makefile
pkgsrc/comms/multisync-gui: Makefile
pkgsrc/converters/libkkc: Makefile
pkgsrc/converters/sratom: Makefile
pkgsrc/converters/unoconv: Makefile
pkgsrc/converters/wkhtmltopdf: Makefile
pkgsrc/databases/apache-cassandra: Makefile
pkgsrc/databases/apache-cassandra2: Makefile
pkgsrc/databases/gourmet: Makefile
pkgsrc/databases/gramps3: Makefile
pkgsrc/databases/ldb: Makefile
pkgsrc/databases/libpqxx: Makefile
pkgsrc/databases/luma: Makefile
pkgsrc/databases/mongodb: Makefile
pkgsrc/databases/mysql-cluster: Makefile
pkgsrc/databases/mysql-workbench: Makefile
pkgsrc/databases/oraedit: Makefile
pkgsrc/databases/postgresql10-plpython: Makefile
pkgsrc/databases/postgresql11-plpython: Makefile
pkgsrc/databases/postgresql93-plpython: Makefile
pkgsrc/databases/postgresql94-plpython: Makefile
pkgsrc/databases/postgresql95-plpython: Makefile
pkgsrc/databases/postgresql96-plpython: Makefile
pkgsrc/databases/skytools: Makefile
pkgsrc/databases/sqlrelay-nodejs: Makefile
pkgsrc/databases/tdb: Makefile
pkgsrc/devel/ExmanIDE: Makefile
pkgsrc/devel/GConf: Makefile
pkgsrc/devel/RBTools: Makefile
pkgsrc/devel/accerciser: Makefile
pkgsrc/devel/accerciser3: Makefile
pkgsrc/devel/anjuta: Makefile
pkgsrc/devel/appdata-tools: Makefile
pkgsrc/devel/arcanist: Makefile
pkgsrc/devel/boa-constructor: Makefile
pkgsrc/devel/bpython: Makefile
pkgsrc/devel/bzr: Makefile
pkgsrc/devel/bzr-explorer: Makefile
pkgsrc/devel/bzr-gtk: Makefile
pkgsrc/devel/bzr-svn: Makefile
pkgsrc/devel/bzrtools: Makefile
pkgsrc/devel/clion-bin: Makefile
pkgsrc/devel/coccinelle: Makefile
pkgsrc/devel/codeville: Makefile
pkgsrc/devel/cppcheck: Makefile
pkgsrc/devel/ctemplate: Makefile
pkgsrc/devel/cvs-fast-export: Makefile
pkgsrc/devel/cvs2svn: Makefile
pkgsrc/devel/dconf: Makefile
pkgsrc/devel/diffuse: Makefile
pkgsrc/devel/distcc-pump: Makefile
pkgsrc/devel/doxygen: Makefile
pkgsrc/devel/epydoc: Makefile
pkgsrc/devel/eric4: Makefile
pkgsrc/devel/etrace: Makefile
pkgsrc/devel/fromcvs: Makefile
pkgsrc/devel/gdb: Makefile
pkgsrc/devel/gdb7: Makefile
pkgsrc/devel/gdbus-codegen: Makefile
pkgsrc/devel/git-remote-hg: Makefile
pkgsrc/devel/glib2: Makefile
pkgsrc/devel/glib2-tools: Makefile
pkgsrc/devel/global: Makefile
pkgsrc/devel/gnatpython: Makefile
pkgsrc/devel/go-cli: Makefile
pkgsrc/devel/go-termbox: Makefile
pkgsrc/devel/gobject-introspection: Makefile
pkgsrc/devel/gps: Makefile
pkgsrc/devel/hyperscan: Makefile
pkgsrc/devel/include-what-you-use: Makefile
pkgsrc/devel/intellij-ce-bin: Makefile
pkgsrc/devel/intellij-ue-bin: Makefile
pkgsrc/devel/kcachegrind: Makefile
pkgsrc/devel/kde-dev-scripts: Makefile
pkgsrc/devel/ko-po-check: Makefile
pkgsrc/devel/kpackage: Makefile
pkgsrc/devel/kpeople: Makefile
pkgsrc/devel/kpty: Makefile
pkgsrc/devel/kservice: Makefile
pkgsrc/devel/lettuce: Makefile
pkgsrc/devel/libdbusmenu-tools: Makefile
pkgsrc/devel/libftdi1: Makefile
pkgsrc/devel/libgit2: Makefile
pkgsrc/devel/libhid: Makefile
pkgsrc/devel/libpeas: Makefile
pkgsrc/devel/librdkafka: Makefile
pkgsrc/devel/lld: Makefile
pkgsrc/devel/lldb: Makefile
pkgsrc/devel/lokalize: Makefile
pkgsrc/devel/mate-common: Makefile
pkgsrc/devel/meld: Makefile
pkgsrc/devel/mercurial: Makefile
pkgsrc/devel/ncc: Makefile
pkgsrc/devel/netbeans-ide: Makefile
pkgsrc/devel/ninja-build: Makefile
pkgsrc/devel/phpstorm-bin: Makefile
pkgsrc/devel/ply: Makefile
pkgsrc/devel/py-gobject-shared: Makefile
pkgsrc/devel/py-proteus: Makefile
pkgsrc/devel/pycharm-bin: Makefile
pkgsrc/devel/pythontidy: Makefile
pkgsrc/devel/qbzr: Makefile
pkgsrc/devel/radare2-cutter: Makefile
pkgsrc/devel/reposurgeon: Makefile
pkgsrc/devel/ropper: Makefile
pkgsrc/devel/roundup: Makefile
pkgsrc/devel/rox-lib: Makefile
pkgsrc/devel/rubymine-bin: Makefile
pkgsrc/devel/sdcc3: Makefile
pkgsrc/devel/stgit: Makefile
pkgsrc/devel/subversion: Makefile
pkgsrc/devel/swig2: Makefile
pkgsrc/devel/tailor: Makefile
pkgsrc/devel/talloc: Makefile
pkgsrc/devel/tevent: Makefile
pkgsrc/devel/umbrello: Makefile
pkgsrc/devel/undebt: Makefile
pkgsrc/devel/waf: Makefile
pkgsrc/editors/Sigil: Makefile
pkgsrc/editors/TeXmacs: Makefile
pkgsrc/editors/cooledit: Makefile
pkgsrc/editors/gedit-python: Makefile
pkgsrc/editors/gedit3: Makefile
pkgsrc/editors/kate: Makefile
pkgsrc/editors/lyx: Makefile
pkgsrc/editors/medit: Makefile
pkgsrc/editors/nts: Makefile
pkgsrc/editors/pluma: Makefile
pkgsrc/editors/retext: Makefile
pkgsrc/editors/rox-edit: Makefile
pkgsrc/emulators/dynagen: Makefile
pkgsrc/emulators/fs-uae-arcade: Makefile
pkgsrc/emulators/fs-uae-launcher: Makefile
pkgsrc/emulators/gns3: Makefile
pkgsrc/emulators/hatari: Makefile
pkgsrc/emulators/keystone: Makefile
pkgsrc/emulators/libretro-dolphin: Makefile
pkgsrc/emulators/mame: Makefile
pkgsrc/emulators/openmsx: Makefile
pkgsrc/emulators/qemu: Makefile
pkgsrc/emulators/simulavr: Makefile
pkgsrc/emulators/snes9x-gtk: Makefile
pkgsrc/emulators/unicorn: Makefile
pkgsrc/filesystems/fuse-gmailfs: Makefile
pkgsrc/filesystems/fuse-pcachefs: Makefile
pkgsrc/filesystems/fuse-wikipediafs: Makefile
pkgsrc/filesystems/glusterfs: Makefile
pkgsrc/filesystems/tahoe-lafs: Makefile
pkgsrc/finance/gnucash: Makefile
pkgsrc/finance/ledger: Makefile
pkgsrc/finance/moneyguru: Makefile
pkgsrc/fonts/fontforge: Makefile
pkgsrc/fonts/mftrace: Makefile
pkgsrc/fonts/mkfontalias: Makefile
pkgsrc/games/4stAttack: Makefile
pkgsrc/games/accelerator3d: Makefile
pkgsrc/games/blindmine: Makefile
pkgsrc/games/crossfire-server: Makefile
pkgsrc/games/duckmaze: Makefile
pkgsrc/games/flare-engine: Makefile
pkgsrc/games/flare-game: Makefile
pkgsrc/games/gcompris: Makefile
pkgsrc/games/gnome-games: Makefile
pkgsrc/games/jools: Makefile
pkgsrc/games/kajongg: Makefile
pkgsrc/games/kye: Makefile
pkgsrc/games/monsterz: Makefile
pkgsrc/games/pysolfc: Makefile
pkgsrc/games/pytraffic: Makefile
pkgsrc/games/quakeforge: Makefile
pkgsrc/games/scid: Makefile
pkgsrc/games/singularity: Makefile
pkgsrc/games/stegavorto: Makefile
pkgsrc/games/teeworlds: Makefile
pkgsrc/games/wesnoth: Makefile
pkgsrc/geography/gpsd: Makefile
pkgsrc/geography/proj-swig: Makefile
pkgsrc/geography/qgis: Makefile
pkgsrc/graphics/MesaLib: Makefile
pkgsrc/graphics/MesaLib18: Makefile
pkgsrc/graphics/MesaLib7: Makefile
pkgsrc/graphics/aqsis: Makefile
pkgsrc/graphics/asymptote: Makefile
pkgsrc/graphics/blender: Makefile
pkgsrc/graphics/cinepaint: Makefile
pkgsrc/graphics/comix: Makefile
pkgsrc/graphics/dia-python: Makefile
pkgsrc/graphics/edje: Makefile
pkgsrc/graphics/eog: Makefile
pkgsrc/graphics/gif2png: Makefile
pkgsrc/graphics/graphite2: Makefile
pkgsrc/graphics/hugin: Makefile
pkgsrc/graphics/inkscape: Makefile
pkgsrc/graphics/jbig2dec: Makefile
pkgsrc/graphics/kiconthemes: Makefile
pkgsrc/graphics/krita: Makefile
pkgsrc/graphics/lensfun: Makefile
pkgsrc/graphics/libepoxy: Makefile
pkgsrc/graphics/libscigraphica: Makefile
pkgsrc/graphics/mate-backgrounds: Makefile
pkgsrc/graphics/mate-icon-theme: Makefile
pkgsrc/graphics/mate-icon-theme-faenza: Makefile
pkgsrc/graphics/mate-themes: Makefile
pkgsrc/graphics/mypaint: Makefile
pkgsrc/graphics/opencv: Makefile
pkgsrc/graphics/opencv-contrib-face: Makefile
pkgsrc/graphics/opencv2: Makefile
pkgsrc/graphics/scidavis: Makefile
pkgsrc/graphics/scigraphica: Makefile
pkgsrc/graphics/skencil: Makefile
pkgsrc/graphics/veusz: Makefile
pkgsrc/graphics/xdot: Makefile
pkgsrc/ham/chirp: Makefile
pkgsrc/ham/cwtext: Makefile
pkgsrc/ham/gr-fcdproplus: Makefile
pkgsrc/ham/gr-osmosdr: Makefile
pkgsrc/ham/hackrf: Makefile
pkgsrc/ham/uhd: Makefile
pkgsrc/inputmethod/ibus: Makefile
pkgsrc/inputmethod/ibus-anthy: Makefile
pkgsrc/inputmethod/ibus-array: Makefile
pkgsrc/inputmethod/ibus-hangul: Makefile
pkgsrc/inputmethod/ibus-libpinyin: Makefile
pkgsrc/inputmethod/ibus-pinyin: Makefile
pkgsrc/inputmethod/ibus-table: Makefile
pkgsrc/inputmethod/ibus-table-others: Makefile
pkgsrc/inputmethod/ibus-tegaki: Makefile
pkgsrc/inputmethod/tegaki-pygtk: Makefile
pkgsrc/inputmethod/tegaki-python: Makefile
pkgsrc/inputmethod/tegaki-recognize: Makefile
pkgsrc/inputmethod/tegaki-tools: Makefile
pkgsrc/inputmethod/tegaki-train: Makefile
pkgsrc/inputmethod/tegaki-wagomu: Makefile
pkgsrc/lang/clang: Makefile
pkgsrc/lang/clang-static-analyzer: Makefile
pkgsrc/lang/clang-tools-extra: Makefile
pkgsrc/lang/compiler-rt: Makefile
pkgsrc/lang/coq: Makefile
pkgsrc/lang/coreclr: Makefile
pkgsrc/lang/gcc8: Makefile
pkgsrc/lang/libLLVM: Makefile
pkgsrc/lang/libLLVM34: Makefile
pkgsrc/lang/libLLVM4: Makefile
pkgsrc/lang/likepython: Makefile
pkgsrc/lang/llvm: Makefile
pkgsrc/lang/micropython: Makefile
pkgsrc/lang/mono: Makefile
pkgsrc/lang/mono2: Makefile
pkgsrc/lang/npm: Makefile
pkgsrc/lang/nuitka: Makefile
pkgsrc/lang/pfe: Makefile
pkgsrc/lang/rust: Makefile
pkgsrc/lang/spidermonkey185: Makefile
pkgsrc/lang/spidermonkey52: Makefile
pkgsrc/mail/archivemail: Makefile
pkgsrc/mail/evolution-data-server: Makefile
pkgsrc/mail/fetchmailconf: Makefile
pkgsrc/mail/getmail: Makefile
pkgsrc/mail/mailman: Makefile
pkgsrc/mail/newspipe: Makefile
pkgsrc/mail/notmuch: Makefile
pkgsrc/mail/offlineimap: Makefile
pkgsrc/mail/pymsgauth: Makefile
pkgsrc/mail/queue-repair: Makefile
pkgsrc/mail/roundcube-plugin-enigma: Makefile
pkgsrc/mail/roundcube-plugin-password: Makefile
pkgsrc/mail/roundcube-plugin-zipdownload: Makefile
pkgsrc/mail/rss2email: Makefile
pkgsrc/mail/tmda: Makefile
pkgsrc/math/cantor: Makefile
pkgsrc/math/crfsuite: Makefile
pkgsrc/math/djbsort: Makefile
pkgsrc/math/gnumeric112: Makefile
pkgsrc/math/libshorttext: Makefile
pkgsrc/math/libsvm: Makefile
pkgsrc/math/maxima: Makefile
pkgsrc/math/sundials: Makefile
pkgsrc/math/units: Makefile
pkgsrc/math/z3: Makefile
pkgsrc/meta-pkgs/boost: Makefile
pkgsrc/meta-pkgs/bulk-large: Makefile
pkgsrc/meta-pkgs/bulk-medium: Makefile
pkgsrc/meta-pkgs/bulk-small: Makefile
pkgsrc/meta-pkgs/gnome: Makefile
pkgsrc/meta-pkgs/py-gnome-bindings: Makefile
pkgsrc/meta-pkgs/qmail-server: Makefile
pkgsrc/misc/byobu: Makefile
pkgsrc/misc/calibre: Makefile
pkgsrc/misc/deskbar-applet: Makefile
pkgsrc/misc/gaupol: Makefile
pkgsrc/misc/khard: Makefile
pkgsrc/misc/kig: Makefile
pkgsrc/misc/kunitconversion: Makefile
pkgsrc/misc/labelnation: Makefile
pkgsrc/misc/libkkc-data: Makefile
pkgsrc/misc/libmateweather: Makefile
pkgsrc/misc/libreoffice: Makefile
pkgsrc/misc/mate-calc: Makefile
pkgsrc/misc/mate-utils: Makefile
pkgsrc/misc/mnemosyne: Makefile
pkgsrc/misc/mtail: Makefile
pkgsrc/misc/orca: Makefile
pkgsrc/misc/rlwrap: Makefile
pkgsrc/misc/routeplanner-cli: Makefile
pkgsrc/misc/rox-memo: Makefile
pkgsrc/misc/superkaramba: Makefile
pkgsrc/misc/tellico: Makefile
pkgsrc/misc/todoman: Makefile
pkgsrc/multimedia/farsight2: Makefile
pkgsrc/multimedia/kodi: Makefile
pkgsrc/multimedia/mate-media: Makefile
pkgsrc/multimedia/mpv: Makefile
pkgsrc/multimedia/pitivi: Makefile
pkgsrc/multimedia/streamlink: Makefile
pkgsrc/net/Radicale: Makefile
pkgsrc/net/Radicale2: Makefile
pkgsrc/net/bittornado: Makefile
pkgsrc/net/bittornado-gui: Makefile
pkgsrc/net/bittorrent: Makefile
pkgsrc/net/bittorrent-gui: Makefile
pkgsrc/net/calypso: Makefile
pkgsrc/net/coda: Makefile
pkgsrc/net/coherence: Makefile
pkgsrc/net/coursera-dl: Makefile
pkgsrc/net/exabgp: Makefile
pkgsrc/net/flow-tools: Makefile
pkgsrc/net/freeradius-python: Makefile
pkgsrc/net/gallery-dl: Makefile
pkgsrc/net/gitso: Makefile
pkgsrc/net/glib-networking: Makefile
pkgsrc/net/gupnp: Makefile
pkgsrc/net/httpstat: Makefile
pkgsrc/net/ipcheck: Makefile
pkgsrc/net/knot: Makefile
pkgsrc/net/mate-user-share: Makefile
pkgsrc/net/mimms: Makefile
pkgsrc/net/mitmproxy: Makefile
pkgsrc/net/nagstamon: Makefile
pkgsrc/net/ndiff: Makefile
pkgsrc/net/netatalk3: Makefile
pkgsrc/net/netatalk30: Makefile
pkgsrc/net/nicotine: Makefile
pkgsrc/net/nicovideo-dl: Makefile
pkgsrc/net/ntop: Makefile
pkgsrc/net/nyx: Makefile
pkgsrc/net/omniORB: Makefile
pkgsrc/net/onionbalance: Makefile
pkgsrc/net/openconnect: Makefile
pkgsrc/net/pygopherd: Makefile
pkgsrc/net/rabbitmq: Makefile
pkgsrc/net/ruby-recog: Makefile
pkgsrc/net/samba4: Makefile
pkgsrc/net/scapy: Makefile
pkgsrc/net/speedtest-cli: Makefile
pkgsrc/net/syncthing-gtk: Makefile
pkgsrc/net/upnpinspector: Makefile
pkgsrc/net/wireshark: Makefile
pkgsrc/net/youtube-dl: Makefile
pkgsrc/net/zenmap: Makefile
pkgsrc/news/hellanzb: Makefile
pkgsrc/news/lottanzb: Makefile
pkgsrc/parallel/ganglia-monitor-core: Makefile
pkgsrc/parallel/slurm-wlm: Makefile
pkgsrc/pkgtools/gnome-packagekit: Makefile
pkgsrc/pkgtools/packagekit: Makefile
pkgsrc/print/atril: Makefile
pkgsrc/print/bg5pdf: Makefile
pkgsrc/print/bg5ps: Makefile
pkgsrc/print/electrix: Makefile
pkgsrc/print/hplip: Makefile
pkgsrc/print/lilypond: Makefile
pkgsrc/print/pdf-redact-tools: Makefile
pkgsrc/print/pdfshuffler: Makefile
pkgsrc/print/poppler-glib: Makefile
pkgsrc/print/scribus-qt4: Makefile
pkgsrc/print/tex-changes: Makefile
pkgsrc/print/tex-minted: Makefile
pkgsrc/security/PACK: Makefile
pkgsrc/security/botan: Makefile
pkgsrc/security/botan-devel: Makefile
pkgsrc/security/fail2ban: Makefile
pkgsrc/security/flawfinder: Makefile
pkgsrc/security/fsh: Makefile
pkgsrc/security/hitch: Makefile
pkgsrc/security/kwallet: Makefile
pkgsrc/security/libprelude-python: Makefile
pkgsrc/security/libpreludedb-python: Makefile
pkgsrc/security/mate-polkit: Makefile
pkgsrc/security/mbedtls: Makefile
pkgsrc/security/mixminion: Makefile
pkgsrc/security/pcsc-lite: Makefile
pkgsrc/security/prelude-correlator: Makefile
pkgsrc/security/pyca: Makefile
pkgsrc/security/sqlmap: Makefile
pkgsrc/security/sshfp: Makefile
pkgsrc/security/volatility: Makefile
pkgsrc/shells/autojump: Makefile
pkgsrc/shells/fish: Makefile
pkgsrc/shells/lshell: Makefile
pkgsrc/shells/xonsh: Makefile
pkgsrc/sysutils/ansible2: Makefile
pkgsrc/sysutils/binwalk: Makefile
pkgsrc/sysutils/bup: Makefile
pkgsrc/sysutils/caja: Makefile
pkgsrc/sysutils/caja-dropbox: Makefile
pkgsrc/sysutils/caja-extensions: Makefile
pkgsrc/sysutils/cuisine: Makefile
pkgsrc/sysutils/dbus-python-common: Makefile
pkgsrc/sysutils/dupeguru: Makefile
pkgsrc/sysutils/duplicity: Makefile
pkgsrc/sysutils/fabric: Makefile
pkgsrc/sysutils/gnome-commander: Makefile
pkgsrc/sysutils/htop: Makefile
pkgsrc/sysutils/kfilemetadata5: Makefile
pkgsrc/sysutils/libvirt: Makefile
pkgsrc/sysutils/lnav: Makefile
pkgsrc/sysutils/logfinder: Makefile
pkgsrc/sysutils/manifold: Makefile
pkgsrc/sysutils/mate-notification-daemon: Makefile
pkgsrc/sysutils/mate-power-manager: Makefile
pkgsrc/sysutils/mate-sensors-applet: Makefile
pkgsrc/sysutils/monitoring: Makefile
pkgsrc/sysutils/munin-doc: Makefile
pkgsrc/sysutils/munin-node: Makefile
pkgsrc/sysutils/openstack_init: Makefile
pkgsrc/sysutils/openxenmanager: Makefile
pkgsrc/sysutils/ovmf: Makefile
pkgsrc/sysutils/polysh: Makefile
pkgsrc/sysutils/rdiff-backup: Makefile
pkgsrc/sysutils/rsyslog: Makefile
pkgsrc/sysutils/rsyslog-dbi: Makefile
pkgsrc/sysutils/rsyslog-elasticsearch: Makefile
pkgsrc/sysutils/rsyslog-gnutls: Makefile
pkgsrc/sysutils/rsyslog-gssapi: Makefile
pkgsrc/sysutils/rsyslog-kafka: Makefile
pkgsrc/sysutils/rsyslog-libgcrypt: Makefile
pkgsrc/sysutils/rsyslog-mysql: Makefile
pkgsrc/sysutils/rsyslog-omprog: Makefile
pkgsrc/sysutils/rsyslog-pgsql: Makefile
pkgsrc/sysutils/rsyslog-rabbitmq: Makefile
pkgsrc/sysutils/rsyslog-relp: Makefile
pkgsrc/sysutils/rsyslog-snmp: Makefile
pkgsrc/sysutils/salt: Makefile
pkgsrc/sysutils/salt-docs: Makefile
pkgsrc/sysutils/tdir: Makefile
pkgsrc/sysutils/virt-manager: Makefile
pkgsrc/sysutils/virtinst: Makefile
pkgsrc/sysutils/vxargs: Makefile
pkgsrc/sysutils/xenkernel411: Makefile
pkgsrc/sysutils/xenkernel42: Makefile
pkgsrc/sysutils/xenkernel45: Makefile
pkgsrc/sysutils/xenkernel46: Makefile
pkgsrc/sysutils/xenkernel48: Makefile
pkgsrc/sysutils/xenstoretools: Makefile
pkgsrc/sysutils/xentools411: Makefile
pkgsrc/sysutils/xentools42: Makefile
pkgsrc/sysutils/xentools45: Makefile
pkgsrc/sysutils/xentools46: Makefile
pkgsrc/sysutils/xentools48: Makefile
pkgsrc/textproc/asciidoc: Makefile
pkgsrc/textproc/cmark: Makefile
pkgsrc/textproc/coccigrep: Makefile
pkgsrc/textproc/csvkit: Makefile
pkgsrc/textproc/csvtomd: Makefile
pkgsrc/textproc/dblatex: Makefile
pkgsrc/textproc/doclifter: Makefile
pkgsrc/textproc/gnome-doc-utils: Makefile
pkgsrc/textproc/gtk-doc: Makefile
pkgsrc/textproc/icu: Makefile
pkgsrc/textproc/iso-codes: Makefile
pkgsrc/textproc/ispell-lt: Makefile
pkgsrc/textproc/itstool: Makefile
pkgsrc/textproc/kapidox: Makefile
pkgsrc/textproc/libplist: Makefile
pkgsrc/textproc/libxlsxwriter: Makefile
pkgsrc/textproc/queequeg: Makefile
pkgsrc/textproc/rubber: Makefile
pkgsrc/textproc/serd: Makefile
pkgsrc/textproc/sord: Makefile
pkgsrc/textproc/subliminal: Makefile
pkgsrc/textproc/translate-toolkit: Makefile
pkgsrc/textproc/xmlada: Makefile
pkgsrc/textproc/xxdiff-scripts: Makefile
pkgsrc/textproc/yelp-tools: Makefile
pkgsrc/textproc/yelp-xsl: Makefile
pkgsrc/textproc/yodl: Makefile
pkgsrc/time/etm: Makefile
pkgsrc/time/hamster-applet: Makefile
pkgsrc/time/khal: Makefile
pkgsrc/time/ntpsec: Makefile
pkgsrc/time/wxRemind: Makefile
pkgsrc/wm/bmpanel2: Makefile
pkgsrc/wm/ccsm: Makefile
pkgsrc/wm/marco: Makefile
pkgsrc/wm/mate-netbook: Makefile
pkgsrc/wm/openbox: Makefile
pkgsrc/wm/oroborox: Makefile
pkgsrc/www/aws: Makefile
pkgsrc/www/bluefish: Makefile
pkgsrc/www/browser-bookmarks-menu: Makefile
pkgsrc/www/cherokee: Makefile
pkgsrc/www/clearsilver: Makefile
pkgsrc/www/cliqz: Makefile
pkgsrc/www/cppcms: Makefile
pkgsrc/www/ies4linux: Makefile
pkgsrc/www/ikiwiki: Makefile
pkgsrc/www/libpsl: Makefile
pkgsrc/www/loggerhead: Makefile
pkgsrc/www/nghttp2: Makefile
pkgsrc/www/php-concrete5: Makefile
pkgsrc/www/php-nextcloud: Makefile
pkgsrc/www/php-owncloud: Makefile
pkgsrc/www/py-flask-restplus: Makefile
pkgsrc/www/ruby-pygments.rb: Makefile
pkgsrc/www/trac: Makefile
pkgsrc/www/trafficserver: Makefile
pkgsrc/www/urlgrabber: Makefile
pkgsrc/www/varnish: Makefile
pkgsrc/www/viewvc: Makefile
pkgsrc/www/webkit-gtk: Makefile
pkgsrc/www/zopeedit: Makefile
pkgsrc/x11/alacarte: Makefile
pkgsrc/x11/arandr: Makefile
pkgsrc/x11/avant-window-navigator: Makefile
pkgsrc/x11/caribou: Makefile
pkgsrc/x11/driconf: Makefile
pkgsrc/x11/gnome-applets: Makefile
pkgsrc/x11/gnome-desktop: Makefile
pkgsrc/x11/gnome-mag: Makefile
pkgsrc/x11/gnome-terminal: Makefile
pkgsrc/x11/gtk2: Makefile
pkgsrc/x11/gtkada: Makefile
pkgsrc/x11/kconfigwidgets: Makefile
pkgsrc/x11/kde-runtime4: Makefile
pkgsrc/x11/kde-workspace4: Makefile
pkgsrc/x11/kde4-l10n-sr: Makefile
pkgsrc/x11/kitty: Makefile
pkgsrc/x11/ktextwidgets: Makefile
pkgsrc/x11/kxmlgui: Makefile
pkgsrc/x11/libdesktop-agnostic: Makefile
pkgsrc/x11/libmatekbd: Makefile
pkgsrc/x11/libxcb: Makefile
pkgsrc/x11/mate-applets: Makefile
pkgsrc/x11/mate-control-center: Makefile
pkgsrc/x11/mate-desktop: Makefile
pkgsrc/x11/mate-indicator-applet: Makefile
pkgsrc/x11/mate-menus: Makefile
pkgsrc/x11/mate-panel: Makefile
pkgsrc/x11/mate-screensaver: Makefile
pkgsrc/x11/mate-session-manager: Makefile
pkgsrc/x11/mate-settings-daemon: Makefile
pkgsrc/x11/mate-terminal: Makefile
pkgsrc/x11/mozo: Makefile
pkgsrc/x11/qt5-qtdeclarative: Makefile
pkgsrc/x11/qt5-qtwebkit: Makefile
pkgsrc/x11/rox-session: Makefile
pkgsrc/x11/rox-wallpaper: Makefile
pkgsrc/x11/xcb-proto: Makefile
Log Message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.
This is a semi-manual PKGREVISION bump.
To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed May 15 09:07:21 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.3
Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum).
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.67 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/samba4/distinfo
pkgsrc-2019Q1 commitmail json YAML
tickets 5966-5971
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/misc/mate-utils/Makefile@1.16.2.1
/
diff
pkgsrc/misc/mate-utils/PLIST@1.5.2.1 / diff
pkgsrc/misc/mate-utils/distinfo@1.6.2.1 / diff
pkgsrc/misc/mate-utils/patches/patch-gsearchtool_help_Makefile.in@1.2.2.2 / diff
pkgsrc/misc/mate-utils/PLIST@1.5.2.1 / diff
pkgsrc/misc/mate-utils/distinfo@1.6.2.1 / diff
pkgsrc/misc/mate-utils/patches/patch-gsearchtool_help_Makefile.in@1.2.2.2 / diff
Pullup ticket #5966 - requested by gutteridge
misc/mate-utils: build fix
Revisions pulled up:
- misc/mate-utils/Makefile 1.17
- misc/mate-utils/PLIST 1.6
- misc/mate-utils/distinfo 1.7
- misc/mate-utils/patches/patch-gsearchtool_help_Makefile.in 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Wed Apr 10 01:07:10 UTC 2019
Modified Files:
pkgsrc/misc/mate-utils: Makefile PLIST distinfo
Added Files:
pkgsrc/misc/mate-utils/patches: patch-gsearchtool_help_Makefile.in
Log Message:
mate-utils: work around issue with itstool failures
Disable the pt translations for one mate-utils component for now, to
work around an issue where itstool is intermittently failing. This
addresses PR pkg/54071. Okay youri@.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/misc/mate-utils/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/misc/mate-utils/PLIST
cvs rdiff -u -r1.6 -r1.7 pkgsrc/misc/mate-utils/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/misc/mate-utils/patches/patch-gsearchtool_help_Makefile.in
misc/mate-utils: build fix
Revisions pulled up:
- misc/mate-utils/Makefile 1.17
- misc/mate-utils/PLIST 1.6
- misc/mate-utils/distinfo 1.7
- misc/mate-utils/patches/patch-gsearchtool_help_Makefile.in 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Wed Apr 10 01:07:10 UTC 2019
Modified Files:
pkgsrc/misc/mate-utils: Makefile PLIST distinfo
Added Files:
pkgsrc/misc/mate-utils/patches: patch-gsearchtool_help_Makefile.in
Log Message:
mate-utils: work around issue with itstool failures
Disable the pt translations for one mate-utils component for now, to
work around an issue where itstool is intermittently failing. This
addresses PR pkg/54071. Okay youri@.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/misc/mate-utils/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/misc/mate-utils/PLIST
cvs rdiff -u -r1.6 -r1.7 pkgsrc/misc/mate-utils/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/misc/mate-utils/patches/patch-gsearchtool_help_Makefile.in
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/sysutils/intel-microcode-netbsd/Makefile@1.27.6.1
/
diff
pkgsrc/sysutils/intel-microcode-netbsd/PLIST@1.14.6.1 / diff
pkgsrc/sysutils/intel-microcode-netbsd/distinfo@1.21.6.1 / diff
pkgsrc/sysutils/intel-microcode-netbsd/PLIST@1.14.6.1 / diff
pkgsrc/sysutils/intel-microcode-netbsd/distinfo@1.21.6.1 / diff
Pullup ticket #5970 - requested by maya
sysutils/intel-microcode-netbsd: security-update
Revisions pulled up:
- sysutils/intel-microcode-netbsd/Makefile 1.28-1.29
- sysutils/intel-microcode-netbsd/PLIST 1.15-1.16
- sysutils/intel-microcode-netbsd/distinfo 1.22-1.23
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: msaitoh
Date: Fri Apr 12 04:07:24 UTC 2019
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile PLIST distinfo
Log Message:
Update intel-microcode-netbsd to 20171117.
= 20190312 Release =
-- Updates upon 20180807 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile
WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile
CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop
CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile
---- updated platforms ------------------------------------
HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3
SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable
SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx
BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87
BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53
APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx
GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx
KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile
KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/sysutils/intel-microcode-netbsd/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/sysutils/intel-microcode-netbsd/PLIST
cvs rdiff -u -r1.21 -r1.22 pkgsrc/sysutils/intel-microcode-netbsd/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: msaitoh
Date: Tue May 14 17:22:01 UTC 2019
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile PLIST distinfo
Log Message:
Update intel-microcode-netbsd to 20190514.
= 20190514 Release =
-- Updates upon 20190312 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
VLV C0 6-37-8/02 00000838 Atom Z series
VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx
VLV D0 6-37-9/0F 0000090c Atom E38xx
CHV C0 6-4c-3/01 00000368 Atom X series
CHV D0 6-4c-4/01 00000411 Atom X series
CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2
---- updated platforms ------------------------------------
SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3
HSW C0 6-3c-3/32 00000025->00000027 Core Gen4
BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5
IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2
IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2
HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3
HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4
HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4
BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5
SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6
BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx
SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx
BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87
BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53
APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
DNV B0 6-5f-1/01 00000024->0000002e Atom C Series
GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx
AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8
CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9
CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 pkgsrc/sysutils/intel-microcode-netbsd/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/intel-microcode-netbsd/PLIST
cvs rdiff -u -r1.22 -r1.23 pkgsrc/sysutils/intel-microcode-netbsd/distinfo
sysutils/intel-microcode-netbsd: security-update
Revisions pulled up:
- sysutils/intel-microcode-netbsd/Makefile 1.28-1.29
- sysutils/intel-microcode-netbsd/PLIST 1.15-1.16
- sysutils/intel-microcode-netbsd/distinfo 1.22-1.23
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: msaitoh
Date: Fri Apr 12 04:07:24 UTC 2019
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile PLIST distinfo
Log Message:
Update intel-microcode-netbsd to 20171117.
= 20190312 Release =
-- Updates upon 20180807 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile
WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile
CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop
CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile
---- updated platforms ------------------------------------
HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3
SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable
SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx
BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87
BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53
APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx
GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx
KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile
KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/sysutils/intel-microcode-netbsd/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/sysutils/intel-microcode-netbsd/PLIST
cvs rdiff -u -r1.21 -r1.22 pkgsrc/sysutils/intel-microcode-netbsd/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: msaitoh
Date: Tue May 14 17:22:01 UTC 2019
Modified Files:
pkgsrc/sysutils/intel-microcode-netbsd: Makefile PLIST distinfo
Log Message:
Update intel-microcode-netbsd to 20190514.
= 20190514 Release =
-- Updates upon 20190312 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
VLV C0 6-37-8/02 00000838 Atom Z series
VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx
VLV D0 6-37-9/0F 0000090c Atom E38xx
CHV C0 6-4c-3/01 00000368 Atom X series
CHV D0 6-4c-4/01 00000411 Atom X series
CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2
---- updated platforms ------------------------------------
SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3
HSW C0 6-3c-3/32 00000025->00000027 Core Gen4
BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5
IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2
IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2
HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3
HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3
HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4
HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4
BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5
SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6
BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx
SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx
BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87
BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53
APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
DNV B0 6-5f-1/01 00000024->0000002e Atom C Series
GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx
AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8
CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9
CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 pkgsrc/sysutils/intel-microcode-netbsd/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/intel-microcode-netbsd/PLIST
cvs rdiff -u -r1.22 -r1.23 pkgsrc/sysutils/intel-microcode-netbsd/distinfo
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/net/wget/Makefile@1.144.2.2
/
diff
pkgsrc/net/wget/distinfo@1.58.2.2 / diff
pkgsrc/net/wget/patches/patch-src_openssl.c@1.1.2.2 / diff
pkgsrc/net/wget/distinfo@1.58.2.2 / diff
pkgsrc/net/wget/patches/patch-src_openssl.c@1.1.2.2 / diff
Pullup ticket #5971 - requested by leot
net/wget: security patch
Revisions pulled up:
- net/wget/Makefile 1.147
- net/wget/distinfo 1.60
- net/wget/patches/patch-src_openssl.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun May 26 18:10:49 UTC 2019
Modified Files:
pkgsrc/net/wget: Makefile distinfo
Added Files:
pkgsrc/net/wget/patches: patch-src_openssl.c
Log Message:
wget: Fix https:// handling with OpenSSL 1.1.1
Backport upstream commit 14e3712b8c39165219fa227bd11f6feae7b09a33
to fix https:// handling when openssl.cnf file is not found.
PKGREVISION++
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/net/wget/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/net/wget/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/wget/patches/patch-src_openssl.c
net/wget: security patch
Revisions pulled up:
- net/wget/Makefile 1.147
- net/wget/distinfo 1.60
- net/wget/patches/patch-src_openssl.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun May 26 18:10:49 UTC 2019
Modified Files:
pkgsrc/net/wget: Makefile distinfo
Added Files:
pkgsrc/net/wget/patches: patch-src_openssl.c
Log Message:
wget: Fix https:// handling with OpenSSL 1.1.1
Backport upstream commit 14e3712b8c39165219fa227bd11f6feae7b09a33
to fix https:// handling when openssl.cnf file is not found.
PKGREVISION++
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/net/wget/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/net/wget/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/wget/patches/patch-src_openssl.c
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/www/drupal8/Makefile@1.20.2.2
/
diff
pkgsrc/www/drupal8/PLIST@1.17.2.2 / diff
pkgsrc/www/drupal8/distinfo@1.19.2.2 / diff
pkgsrc/www/drupal8/PLIST@1.17.2.2 / diff
pkgsrc/www/drupal8/distinfo@1.19.2.2 / diff
Pullup ticket #5969 - requested by taca
www/drupal8: security update
Revisions pulled up:
- www/drupal8/Makefile 1.22
- www/drupal8/PLIST 1.19
- www/drupal8/distinfo 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat May 11 06:59:05 UTC 2019
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.6.16
- Fixed security issues of SA-CORE-2019-007.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/drupal8/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/drupal8/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/drupal8/distinfo
www/drupal8: security update
Revisions pulled up:
- www/drupal8/Makefile 1.22
- www/drupal8/PLIST 1.19
- www/drupal8/distinfo 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat May 11 06:59:05 UTC 2019
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.6.16
- Fixed security issues of SA-CORE-2019-007.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/drupal8/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/drupal8/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/drupal8/distinfo
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/www/drupal7/Makefile@1.57.2.2
/
diff
pkgsrc/www/drupal7/PLIST@1.21.2.2 / diff
pkgsrc/www/drupal7/distinfo@1.45.2.2 / diff
pkgsrc/www/drupal7/PLIST@1.21.2.2 / diff
pkgsrc/www/drupal7/distinfo@1.45.2.2 / diff
Pullup ticket #5968 - requested by taca
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.59
- www/drupal7/PLIST 1.23
- www/drupal7/distinfo 1.47
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat May 11 06:48:43 UTC 2019
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.67
Update drupal7 to 7.67.
Drupal 7.67, 2019-05-08
-----------------------
- Fixed security issues:
- SA-CORE-2019-007
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/drupal7/distinfo
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.59
- www/drupal7/PLIST 1.23
- www/drupal7/distinfo 1.47
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat May 11 06:48:43 UTC 2019
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.67
Update drupal7 to 7.67.
Drupal 7.67, 2019-05-08
-----------------------
- Fixed security issues:
- SA-CORE-2019-007
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/drupal7/distinfo
pkgsrc-2019Q1 commitmail json YAML
Pullup ticket #5967 - requested by taca
lang/php71: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.257
- lang/php71/distinfo 1.51
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri May 3 08:31:09 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: Update to 7.1.29
Update php71 to 7.1.29.
02 May 2019, PHP 7.1.29
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Mail
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
04 Apr 2019, PHP 7.1.28
- EXIF:
. Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
(Stas)
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
(CVE-2019-11035) (Stas)
- SQLite3:
. Added sqlite3.defensive INI directive. (BohwaZ)
To generate a diff of this commit:
cvs rdiff -u -r1.256 -r1.257 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.50 -r1.51 pkgsrc/lang/php71/distinfo
lang/php71: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.257
- lang/php71/distinfo 1.51
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri May 3 08:31:09 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: distinfo
Log Message:
lang/php71: Update to 7.1.29
Update php71 to 7.1.29.
02 May 2019, PHP 7.1.29
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
04 Apr 2019, PHP 7.1.28
- EXIF:
. Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
(Stas)
. Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
(CVE-2019-11035) (Stas)
- SQLite3:
. Added sqlite3.defensive INI directive. (BohwaZ)
To generate a diff of this commit:
cvs rdiff -u -r1.256 -r1.257 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.50 -r1.51 pkgsrc/lang/php71/distinfo
pkgsrc-2019Q1 commitmail json YAML
pullups 5961, 5962, 5964, 5965
pkgsrc-2019Q1 commitmail json YAML
Pullup ticket #5965 - requested by taca
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.256
- lang/php73/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 2 13:45:28 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.5
Update php73 to 7.3.5.
02 May 2019, PHP 7.3.5
- Core:
. Fixed bug #77903 (ArrayIterator stops iterating after offsetSet call).
(Nikita)
- CLI:
. Fixed bug #77794 (Incorrect Date header format in built-in server).
(kelunik)
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Interbase:
. Fixed bug #72175 (Impossibility of creating multiple connections to
Interbase with php 7.x). (Nikita)
- Intl:
. Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
= null). (Nikita)
- litespeed:
. LiteSpeed SAPI 7.3.1, better process management, new API function
litespeed_finish_request(). (George Wang)
- LDAP:
. Fixed bug #77869 (Core dump when using server controls) (mcmic)
- Mail
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
- mbstring:
. Implemented FR #72777 (Implement regex stack limits for mbregex functions).
(Yasuo Ohgaki, Stas)
- MySQLi:
. Fixed bug #77773 (Unbuffered queries leak memory - MySQLi / mysqlnd).
(Nikita)
- PCRE:
. Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
cmb)
- PDO:
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
(camporter)
- phpdbg:
. Fixed bug #76801 (too many open files). (alekitto)
. Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
(krakjoe)
. Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
- Reflection:
. Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
. Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)
- Standard:
. Fixed bug #77793 (Segmentation fault in extract() when overwriting
reference with itself). (Nikita)
. Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
INI_SCANNER_TYPED). (Nikita)
. Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
haystack). (Nikita)
To generate a diff of this commit:
cvs rdiff -u -r1.255 -r1.256 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php73/distinfo
lang/php73: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.256
- lang/php73/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 2 13:45:28 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.5
Update php73 to 7.3.5.
02 May 2019, PHP 7.3.5
- Core:
. Fixed bug #77903 (ArrayIterator stops iterating after offsetSet call).
(Nikita)
- CLI:
. Fixed bug #77794 (Incorrect Date header format in built-in server).
(kelunik)
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Interbase:
. Fixed bug #72175 (Impossibility of creating multiple connections to
Interbase with php 7.x). (Nikita)
- Intl:
. Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
= null). (Nikita)
- litespeed:
. LiteSpeed SAPI 7.3.1, better process management, new API function
litespeed_finish_request(). (George Wang)
- LDAP:
. Fixed bug #77869 (Core dump when using server controls) (mcmic)
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
- mbstring:
. Implemented FR #72777 (Implement regex stack limits for mbregex functions).
(Yasuo Ohgaki, Stas)
- MySQLi:
. Fixed bug #77773 (Unbuffered queries leak memory - MySQLi / mysqlnd).
(Nikita)
- PCRE:
. Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
cmb)
- PDO:
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
(camporter)
- phpdbg:
. Fixed bug #76801 (too many open files). (alekitto)
. Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
(krakjoe)
. Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
- Reflection:
. Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
. Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)
- Standard:
. Fixed bug #77793 (Segmentation fault in extract() when overwriting
reference with itself). (Nikita)
. Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
INI_SCANNER_TYPED). (Nikita)
. Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
haystack). (Nikita)
To generate a diff of this commit:
cvs rdiff -u -r1.255 -r1.256 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php73/distinfo
pkgsrc-2019Q1 commitmail json YAML
Pullup ticket #5964 - requested by taca
lang/php72: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.255
- lang/php72/distinfo 1.40
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 2 13:43:38 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.18
Update php72 to update to 7.2.18.
02 May 2019, PHP 7.2.18
- CLI:
. Fixed bug #77794 (Incorrect Date header format in built-in server).
(kelunik)
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Interbase:
. Fixed bug #72175 (Impossibility of creating multiple connections to
Interbase with php 7.x). (Nikita)
- Intl:
. Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
= null). (Nikita)
- litespeed:
. LiteSpeed SAPI 7.3.1, better process management, new API function
litespeed_finish_request(). (George Wang)
- Mail
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
- PCRE:
. Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
cmb)
- PDO:
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
(camporter)
- phpdbg:
. Fixed bug #76801 (too many open files). (alekitto)
. Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
(krakjoe)
. Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
- Reflection:
. Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
. Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)
- Standard:
. Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect).
(Vlad Temian)
. Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
INI_SCANNER_TYPED). (Nikita)
. Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
haystack). (Nikita)
To generate a diff of this commit:
cvs rdiff -u -r1.254 -r1.255 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.39 -r1.40 pkgsrc/lang/php72/distinfo
lang/php72: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.255
- lang/php72/distinfo 1.40
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 2 13:43:38 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php72: distinfo
Log Message:
lang/php72: update to 7.2.18
Update php72 to update to 7.2.18.
02 May 2019, PHP 7.2.18
- CLI:
. Fixed bug #77794 (Incorrect Date header format in built-in server).
(kelunik)
- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
(CVE-2019-11036) (Stas)
- Interbase:
. Fixed bug #72175 (Impossibility of creating multiple connections to
Interbase with php 7.x). (Nikita)
- Intl:
. Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
= null). (Nikita)
- litespeed:
. LiteSpeed SAPI 7.3.1, better process management, new API function
litespeed_finish_request(). (George Wang)
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)
- PCRE:
. Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
cmb)
- PDO:
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
(camporter)
- phpdbg:
. Fixed bug #76801 (too many open files). (alekitto)
. Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
(krakjoe)
. Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)
- Reflection:
. Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
. Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)
- Standard:
. Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect).
(Vlad Temian)
. Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
INI_SCANNER_TYPED). (Nikita)
. Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
haystack). (Nikita)
To generate a diff of this commit:
cvs rdiff -u -r1.254 -r1.255 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.39 -r1.40 pkgsrc/lang/php72/distinfo
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/www/drupal8/Makefile@1.20.2.1
/
diff
pkgsrc/www/drupal8/PLIST@1.17.2.1 / diff
pkgsrc/www/drupal8/distinfo@1.19.2.1 / diff
pkgsrc/www/drupal8/PLIST@1.17.2.1 / diff
pkgsrc/www/drupal8/distinfo@1.19.2.1 / diff
Pullup ticket #5962 - requested by taca
www/drupal8: security update
Revisions pulled up:
- www/drupal8/Makefile 1.21
- www/drupal8/PLIST 1.18
- www/drupal8/distinfo 1.20
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 04:11:22 UTC 2019
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.6.15
Update drupal8 to 8.6.15.
* Fixed security issues:
- SA-CORE-2019-005
- SA-CORE-2019-006
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/drupal8/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/drupal8/PLIST
cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/drupal8/distinfo
www/drupal8: security update
Revisions pulled up:
- www/drupal8/Makefile 1.21
- www/drupal8/PLIST 1.18
- www/drupal8/distinfo 1.20
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 04:11:22 UTC 2019
Modified Files:
pkgsrc/www/drupal8: Makefile PLIST distinfo
Log Message:
www/drupal8: update to 8.6.15
Update drupal8 to 8.6.15.
* Fixed security issues:
- SA-CORE-2019-005
- SA-CORE-2019-006
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/drupal8/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/drupal8/PLIST
cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/drupal8/distinfo
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/www/drupal7/Makefile@1.57.2.1
/
diff
pkgsrc/www/drupal7/PLIST@1.21.2.1 / diff
pkgsrc/www/drupal7/distinfo@1.45.2.1 / diff
pkgsrc/www/drupal7/PLIST@1.21.2.1 / diff
pkgsrc/www/drupal7/distinfo@1.45.2.1 / diff
Pullup ticket #5961 - requested by taca
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.58
- www/drupal7/PLIST 1.22
- www/drupal7/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 04:07:37 UTC 2019
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.66
Update drupal7 to 7.66, security fix.
Drupal 7.66, 2019-04-17
-----------------------
- Fixed security issues:
- SA-CORE-2019-006
To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/drupal7/distinfo
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.58
- www/drupal7/PLIST 1.22
- www/drupal7/distinfo 1.46
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 04:07:37 UTC 2019
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.66
Update drupal7 to 7.66, security fix.
Drupal 7.66, 2019-04-17
-----------------------
- Fixed security issues:
- SA-CORE-2019-006
To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/drupal7/distinfo
pkgsrc-2019Q1 commitmail json YAML
pullups 5955, 5956, 5957, 5058, 5060, 5963
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/mail/fml4/Makefile@1.18.6.1
/
diff
pkgsrc/mail/fml4/distinfo@1.8.24.1 / diff
pkgsrc/mail/fml4/patches/patch-module_fml-devel_FML_Restriction_Base.pm@1.1.2.2 / diff
pkgsrc/mail/fml4/distinfo@1.8.24.1 / diff
pkgsrc/mail/fml4/patches/patch-module_fml-devel_FML_Restriction_Base.pm@1.1.2.2 / diff
Pullup ticket #5960 - requested by taca
mail/fml4: security update
Revisions pulled up:
- mail/fml4/Makefile 1.19
- mail/fml4/distinfo 1.9
- mail/fml4/patches/patch-module_fml-devel_FML_Restriction_Base.pm 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 03:38:59 UTC 2019
Modified Files:
pkgsrc/mail/fml4: Makefile distinfo
Added Files:
pkgsrc/mail/fml4/patches:
patch-module_fml-devel_FML_Restriction_Base.pm
Log Message:
mail/fml4: fix critical runtime problem
Fix critical runtime problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/fml4/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/fml4/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/mail/fml4/patches/patch-module_fml-devel_FML_Restriction_Base.pm
mail/fml4: security update
Revisions pulled up:
- mail/fml4/Makefile 1.19
- mail/fml4/distinfo 1.9
- mail/fml4/patches/patch-module_fml-devel_FML_Restriction_Base.pm 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 03:38:59 UTC 2019
Modified Files:
pkgsrc/mail/fml4: Makefile distinfo
Added Files:
pkgsrc/mail/fml4/patches:
patch-module_fml-devel_FML_Restriction_Base.pm
Log Message:
mail/fml4: fix critical runtime problem
Fix critical runtime problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/fml4/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/fml4/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/mail/fml4/patches/patch-module_fml-devel_FML_Restriction_Base.pm
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/net/bind911/MESSAGE@1.1.6.1
/
diff
pkgsrc/net/bind911/Makefile@1.7.2.1 / diff
pkgsrc/net/bind911/distinfo@1.6.2.1 / diff
pkgsrc/net/bind911/options.mk@1.2.4.1 / diff
pkgsrc/net/bind911/patches/patch-bin_named_server.c@1.1.2.2 / diff
pkgsrc/net/bind911/patches/patch-bin_pkcs11_pkcs11-keygen.c@1.1.2.2 / diff
pkgsrc/net/bind911/patches/patch-lib_dns_view.c@1.1.2.2 / diff
pkgsrc/net/bind911/patches/patch-lib_isc_unix_socket.c@1.2.4.1 / diff
pkgsrc/net/bind911/patches/patch-lib_lwres_getnameinfo.c@1.1.6.1 / diff
pkgsrc/net/bind911/Makefile@1.7.2.1 / diff
pkgsrc/net/bind911/distinfo@1.6.2.1 / diff
pkgsrc/net/bind911/options.mk@1.2.4.1 / diff
pkgsrc/net/bind911/patches/patch-bin_named_server.c@1.1.2.2 / diff
pkgsrc/net/bind911/patches/patch-bin_pkcs11_pkcs11-keygen.c@1.1.2.2 / diff
pkgsrc/net/bind911/patches/patch-lib_dns_view.c@1.1.2.2 / diff
pkgsrc/net/bind911/patches/patch-lib_isc_unix_socket.c@1.2.4.1 / diff
pkgsrc/net/bind911/patches/patch-lib_lwres_getnameinfo.c@1.1.6.1 / diff
Pullup ticket #5958 - requested by taca
net/bind911: security update
Revisions pulled up:
- net/bind911/MESSAGE 1.2
- net/bind911/Makefile 1.8
- net/bind911/distinfo 1.7
- net/bind911/options.mk 1.3
- net/bind911/patches/patch-bin_named_server.c 1.1
- net/bind911/patches/patch-bin_pkcs11_pkcs11-keygen.c 1.1
- net/bind911/patches/patch-lib_dns_view.c 1.1
- net/bind911/patches/patch-lib_isc_unix_socket.c 1.3
- net/bind911/patches/patch-lib_lwres_getnameinfo.c 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 02:51:38 UTC 2019
Modified Files:
pkgsrc/net/bind911: MESSAGE Makefile distinfo options.mk
pkgsrc/net/bind911/patches: patch-lib_isc_unix_socket.c
patch-lib_lwres_getnameinfo.c
Added Files:
pkgsrc/net/bind911/patches: patch-bin_named_server.c
patch-bin_pkcs11_pkcs11-keygen.c patch-lib_dns_view.c
Log Message:
net/bind911: update to 9.11.6pl1
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
Fix security problem CVE-2018-5743 and overhaul pkgsrc. Now no need
to change namedb is permission under NetBSD.
* Update note about required directories.
* Drop pkg-config from USE_TOOLS.
* Drop none existing configure arguments and PKG_OPTIONS:
- fetchlimit
- sit
--- 9.11.6-P1 released ---
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind911/MESSAGE
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind911/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind911/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind911/patches/patch-bin_named_server.c \
pkgsrc/net/bind911/patches/patch-bin_pkcs11_pkcs11-keygen.c \
pkgsrc/net/bind911/patches/patch-lib_dns_view.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/net/bind911/patches/patch-lib_isc_unix_socket.c
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/bind911/patches/patch-lib_lwres_getnameinfo.c
net/bind911: security update
Revisions pulled up:
- net/bind911/MESSAGE 1.2
- net/bind911/Makefile 1.8
- net/bind911/distinfo 1.7
- net/bind911/options.mk 1.3
- net/bind911/patches/patch-bin_named_server.c 1.1
- net/bind911/patches/patch-bin_pkcs11_pkcs11-keygen.c 1.1
- net/bind911/patches/patch-lib_dns_view.c 1.1
- net/bind911/patches/patch-lib_isc_unix_socket.c 1.3
- net/bind911/patches/patch-lib_lwres_getnameinfo.c 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 02:51:38 UTC 2019
Modified Files:
pkgsrc/net/bind911: MESSAGE Makefile distinfo options.mk
pkgsrc/net/bind911/patches: patch-lib_isc_unix_socket.c
patch-lib_lwres_getnameinfo.c
Added Files:
pkgsrc/net/bind911/patches: patch-bin_named_server.c
patch-bin_pkcs11_pkcs11-keygen.c patch-lib_dns_view.c
Log Message:
net/bind911: update to 9.11.6pl1
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
Fix security problem CVE-2018-5743 and overhaul pkgsrc. Now no need
to change namedb is permission under NetBSD.
* Update note about required directories.
* Drop pkg-config from USE_TOOLS.
* Drop none existing configure arguments and PKG_OPTIONS:
- fetchlimit
- sit
--- 9.11.6-P1 released ---
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind911/MESSAGE
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind911/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind911/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind911/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind911/patches/patch-bin_named_server.c \
pkgsrc/net/bind911/patches/patch-bin_pkcs11_pkcs11-keygen.c \
pkgsrc/net/bind911/patches/patch-lib_dns_view.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/net/bind911/patches/patch-lib_isc_unix_socket.c
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/bind911/patches/patch-lib_lwres_getnameinfo.c
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/net/bind912/DESCR@1.1.6.1
/
diff
pkgsrc/net/bind912/MESSAGE@1.1.6.1 / diff
pkgsrc/net/bind912/Makefile@1.9.2.1 / diff
pkgsrc/net/bind912/PLIST@1.2.2.1 / diff
pkgsrc/net/bind912/distinfo@1.6.2.1 / diff
pkgsrc/net/bind912/options.mk@1.3.2.1 / diff
pkgsrc/net/bind912/patches/patch-bin_named_server.c@1.2.2.2 / diff
pkgsrc/net/bind912/patches/patch-bin_pkcs11_pkcs11-keygen.c@1.1.2.2 / diff
pkgsrc/net/bind912/patches/patch-lib_dns_view.c@1.1.2.2 / diff
pkgsrc/net/bind912/patches/patch-lib_isc_unix_socket.c@1.2.4.1 / diff
pkgsrc/net/bind912/MESSAGE@1.1.6.1 / diff
pkgsrc/net/bind912/Makefile@1.9.2.1 / diff
pkgsrc/net/bind912/PLIST@1.2.2.1 / diff
pkgsrc/net/bind912/distinfo@1.6.2.1 / diff
pkgsrc/net/bind912/options.mk@1.3.2.1 / diff
pkgsrc/net/bind912/patches/patch-bin_named_server.c@1.2.2.2 / diff
pkgsrc/net/bind912/patches/patch-bin_pkcs11_pkcs11-keygen.c@1.1.2.2 / diff
pkgsrc/net/bind912/patches/patch-lib_dns_view.c@1.1.2.2 / diff
pkgsrc/net/bind912/patches/patch-lib_isc_unix_socket.c@1.2.4.1 / diff
Pullup ticket #5957 - requested by taca
net/bind912: security update
Revisions pulled up:
- net/bind912/DESCR 1.2
- net/bind912/MESSAGE 1.2
- net/bind912/Makefile 1.10-1.11
- net/bind912/PLIST 1.3
- net/bind912/distinfo 1.7-1.8
- net/bind912/options.mk 1.4
- net/bind912/patches/patch-bin_named_server.c 1.1-1.2
- net/bind912/patches/patch-bin_pkcs11_pkcs11-keygen.c 1.1
- net/bind912/patches/patch-lib_dns_view.c 1.1
- net/bind912/patches/patch-lib_isc_unix_socket.c 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 02:46:16 UTC 2019
Modified Files:
pkgsrc/net/bind912: DESCR MESSAGE Makefile PLIST distinfo options.mk
pkgsrc/net/bind912/patches: patch-lib_isc_unix_socket.c
Added Files:
pkgsrc/net/bind912/patches: patch-bin_named_server.c
patch-bin_pkcs11_pkcs11-keygen.c patch-lib_dns_view.c
Log Message:
net/bind912: update to 9.12.4pl1
Update bind912 to 9.12.4pl1 (BIND 9.12.4-P1).
Fix security problem CVE-2018-5743 and CVE-2019-6467 and overhaul pkgsrc.
Now no need to change namedb is permission under NetBSD.
pkgsrc changes:
* Simplify DESCR.
* Update note about required directories.
* Drop pkg-config from USE_TOOLS.
* Drop none existing configure arguments and PKG_OPTIONS:
- fetchlimit
- sit
* Sort PLIST.
Please refer CHANGES file in detail before 9.12.4 release:
--- 9.12.4-P1 released ---
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
5199. [security] In certain configurations, named could crash
if nxdomain-redirect was in use and a redirected
query resulted in an NXDOMAIN from the cache.
(CVE-2019-6467) [GL #880]
5167. [bug] nxdomain-redirect could sometimes lookup the wrong
redirect name. [GL #892]
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind912/DESCR pkgsrc/net/bind912/MESSAGE
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind912/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind912/PLIST
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind912/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind912/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind912/patches/patch-bin_named_server.c \
pkgsrc/net/bind912/patches/patch-bin_pkcs11_pkcs11-keygen.c \
pkgsrc/net/bind912/patches/patch-lib_dns_view.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/net/bind912/patches/patch-lib_isc_unix_socket.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 2 13:31:07 UTC 2019
Modified Files:
pkgsrc/net/bind912: Makefile distinfo
pkgsrc/net/bind912/patches: patch-bin_named_server.c
Log Message:
net/bind912: fix an error when reloading configuration
Fix an error when reloading configuration. There is on more check to
"directory" in option statement is writable.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind912/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind912/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind912/patches/patch-bin_named_server.c
net/bind912: security update
Revisions pulled up:
- net/bind912/DESCR 1.2
- net/bind912/MESSAGE 1.2
- net/bind912/Makefile 1.10-1.11
- net/bind912/PLIST 1.3
- net/bind912/distinfo 1.7-1.8
- net/bind912/options.mk 1.4
- net/bind912/patches/patch-bin_named_server.c 1.1-1.2
- net/bind912/patches/patch-bin_pkcs11_pkcs11-keygen.c 1.1
- net/bind912/patches/patch-lib_dns_view.c 1.1
- net/bind912/patches/patch-lib_isc_unix_socket.c 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 02:46:16 UTC 2019
Modified Files:
pkgsrc/net/bind912: DESCR MESSAGE Makefile PLIST distinfo options.mk
pkgsrc/net/bind912/patches: patch-lib_isc_unix_socket.c
Added Files:
pkgsrc/net/bind912/patches: patch-bin_named_server.c
patch-bin_pkcs11_pkcs11-keygen.c patch-lib_dns_view.c
Log Message:
net/bind912: update to 9.12.4pl1
Update bind912 to 9.12.4pl1 (BIND 9.12.4-P1).
Fix security problem CVE-2018-5743 and CVE-2019-6467 and overhaul pkgsrc.
Now no need to change namedb is permission under NetBSD.
pkgsrc changes:
* Simplify DESCR.
* Update note about required directories.
* Drop pkg-config from USE_TOOLS.
* Drop none existing configure arguments and PKG_OPTIONS:
- fetchlimit
- sit
* Sort PLIST.
Please refer CHANGES file in detail before 9.12.4 release:
--- 9.12.4-P1 released ---
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
5199. [security] In certain configurations, named could crash
if nxdomain-redirect was in use and a redirected
query resulted in an NXDOMAIN from the cache.
(CVE-2019-6467) [GL #880]
5167. [bug] nxdomain-redirect could sometimes lookup the wrong
redirect name. [GL #892]
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind912/DESCR pkgsrc/net/bind912/MESSAGE
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind912/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind912/PLIST
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind912/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind912/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind912/patches/patch-bin_named_server.c \
pkgsrc/net/bind912/patches/patch-bin_pkcs11_pkcs11-keygen.c \
pkgsrc/net/bind912/patches/patch-lib_dns_view.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/net/bind912/patches/patch-lib_isc_unix_socket.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 2 13:31:07 UTC 2019
Modified Files:
pkgsrc/net/bind912: Makefile distinfo
pkgsrc/net/bind912/patches: patch-bin_named_server.c
Log Message:
net/bind912: fix an error when reloading configuration
Fix an error when reloading configuration. There is on more check to
"directory" in option statement is writable.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind912/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/bind912/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind912/patches/patch-bin_named_server.c
pkgsrc-2019Q1 commitmail json YAML
pkgsrc/mail/dovecot2-pigeonhole/Makefile@1.46.2.1
/
diff
pkgsrc/mail/dovecot2-pigeonhole/distinfo@1.35.2.1 / diff
pkgsrc/mail/dovecot2-pigeonhole/distinfo@1.35.2.1 / diff
Pullup ticket #5963 - requested by taca
mail/dovecot2-pigeonhole: dependency update
Revisions pulled up:
- mail/dovecot2-pigeonhole/Makefile 1.47
- mail/dovecot2-pigeonhole/distinfo 1.36
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 15:22:22 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile distinfo
Log Message:
mail/dovecot2-pigeonhole: update to 0.5.6
Update dovecot2-pigeonhole to 0.5.6.
v0.5.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com>
+ sieve: Redirect loop prevention is sometimes ineffective. Improve
existing loop detection by also recognizing the
X-Sieve-Redirected-From header in incoming messages and dropping
redirect actions when it points to the sending account. This header
is already added by the redirect action, so this improvement only
adds an additional use of this header.
- sieve: Prevent execution of implicit keep upon temporary failure
occurring at runtime.
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/dovecot2-pigeonhole/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/mail/dovecot2-pigeonhole/distinfo
mail/dovecot2-pigeonhole: dependency update
Revisions pulled up:
- mail/dovecot2-pigeonhole/Makefile 1.47
- mail/dovecot2-pigeonhole/distinfo 1.36
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 30 15:22:22 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile distinfo
Log Message:
mail/dovecot2-pigeonhole: update to 0.5.6
Update dovecot2-pigeonhole to 0.5.6.
v0.5.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com>
+ sieve: Redirect loop prevention is sometimes ineffective. Improve
existing loop detection by also recognizing the
X-Sieve-Redirected-From header in incoming messages and dropping
redirect actions when it points to the sending account. This header
is already added by the redirect action, so this improvement only
adds an additional use of this header.
- sieve: Prevent execution of implicit keep upon temporary failure
occurring at runtime.
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/dovecot2-pigeonhole/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/mail/dovecot2-pigeonhole/distinfo