Note pullup ticket #6824

(bsiegert)

Pullup ticket #6824 - requested by morr
editors/vim-share: security fix

Revisions pulled up:
- editors/vim-gtk2/Makefile                                    1.112
- editors/vim-gtk3/Makefile                                    1.34
- editors/vim-share/Makefile.common                            1.168
- editors/vim-share/PLIST                                      1.66-1.67
- editors/vim-share/distinfo                                    1.204-1.206
- editors/vim-share/options.mk                                  1.11
- editors/vim-share/patches/patch-auto_configure                deleted
- editors/vim-share/patches/patch-configure                    deleted
- editors/vim-share/patches/patch-feature.h                    1.6
- editors/vim-share/patches/patch-link.sh                      deleted
- editors/vim-share/version.mk                                  1.143-1.145

---
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Thu Nov 16 09:54:10 UTC 2023

  Modified Files:
          pkgsrc/editors/vim-gtk2: Makefile
          pkgsrc/editors/vim-gtk3: Makefile
          pkgsrc/editors/vim-share: Makefile.common PLIST distinfo options.mk
              version.mk
          pkgsrc/editors/vim-share/patches: patch-feature.h
  Removed Files:
          pkgsrc/editors/vim-share/patches: patch-auto_configure patch-configure
              patch-link.sh

  Log Message:
  vim*: update to latest patchlevel

  About 200 bugfixes.

---
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Fri Nov 17 09:32:54 UTC 2023

  Modified Files:
          pkgsrc/editors/vim-share: distinfo version.mk

  Log Message:
  vim*: update to patchlevel 2112 for security fixes

---
  Module Name: pkgsrc
  Committed By: morr
  Date: Thu Nov 23 19:10:01 UTC 2023

  Modified Files:
  pkgsrc/editors/vim-share: PLIST distinfo version.mk

  Log Message:
  Update to patchlevel 2122 for security fixes.

(bsiegert)

Note pullup ticket #6825

(bsiegert)

Pullup ticket #6825 - requested by taca
net/samba4: security fix

Update to 4.18.9

(via patch)

(bsiegert)

Pullup ticket #6822 - requested by bsiegert
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump

Revisions pulled up:
- lang/go/version.mk                                            1.194
- lang/go120/PLIST                                              1.10
- lang/go120/distinfo                                          1.12
- lang/go121/PLIST                                              1.4
- lang/go121/distinfo                                          1.4
- audio/gospt/Makefile                      by patch
- audio/ymuse/Makefile                      by patch
- chat/coyim/Makefile                        by patch
- chat/gomuks/Makefile                      by patch
- chat/matterircd/Makefile                  by patch
- chat/senpai/Makefile                      by patch
- chat/ssh-chat/Makefile                    by patch
- databases/go-ldap/Makefile                by patch
- databases/influxdb/Makefile                by patch
- databases/mongo-tools/Makefile            by patch
- databases/mysqld_exporter/Makefile        by patch
- databases/postgres_exporter/Makefile      by patch
- databases/prometheus/Makefile              by patch
- databases/promscale/Makefile              by patch
- databases/sqlc/Makefile                    by patch
- databases/timescaledb-tune/Makefile        by patch
- devel/asmfmt/Makefile                      by patch
- devel/conftest/Makefile                    by patch
- devel/errcheck/Makefile                    by patch
- devel/fq/Makefile                          by patch
- devel/git-lfs/Makefile                    by patch
- devel/go-ed25519/Makefile                  by patch
- devel/go-gocode/Makefile                  by patch
- devel/go-golang-lru/Makefile              by patch
- devel/go-gopkgs/Makefile                  by patch
- devel/go-goptlib/Makefile                  by patch
- devel/go-goreturns/Makefile                by patch
- devel/go-gox/Makefile                      by patch
- devel/go-impl/Makefile                    by patch
- devel/go-logrus/Makefile                  by patch
- devel/go-nbreader/Makefile                by patch
- devel/go-pty/Makefile                      by patch
- devel/go-review/Makefile                  by patch
- devel/go-siphash/Makefile                  by patch
- devel/go-staticcheck/Makefile              by patch
- devel/go-swagger/Makefile                  by patch
- devel/go-sys/Makefile                      by patch
- devel/go-tools/Makefile                    by patch
- devel/go-wire/Makefile                    by patch
- devel/go-xerrors/Makefile                  by patch
- devel/golangci-lint/Makefile              by patch
- devel/golint/Makefile                      by patch
- devel/gomodifytags/Makefile                by patch
- devel/gopls/Makefile                      by patch
- devel/goredo/Makefile                      by patch
- devel/gotags/Makefile                      by patch
- devel/gotests/Makefile                    by patch
- devel/govulncheck/Makefile                by patch
- devel/lazygit/Makefile                    by patch
- devel/mob/Makefile                        by patch
- devel/nancy/Makefile                      by patch
- devel/opa/Makefile                        by patch
- devel/packr/Makefile                      by patch
- devel/reftools/Makefile                    by patch
- devel/regal/Makefile                      by patch
- devel/revive/Makefile                      by patch
- devel/shfmt/Makefile                      by patch
- devel/syft/Makefile                        by patch
- editors/micro/Makefile                    by patch
- filesystems/kubo/Makefile                  by patch
- graphics/gif2png/Makefile                  by patch
- lang/joker/Makefile                        by patch
- mail/opensmtpd-filter-rspamd/Makefile      by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile                  by patch
- misc/exercism/Makefile                    by patch
- net/amazon-ecs-cli/Makefile                by patch
- net/amfora/Makefile                        by patch
- net/bombadillo/Makefile                    by patch
- net/croc/Makefile                          by patch
- net/czds/Makefile                          by patch
- net/dnscontrol/Makefile                    by patch
- net/dnscrypt-proxy2/Makefile              by patch
- net/gh/Makefile                            by patch
- net/go-dnstap/Makefile                    by patch
- net/go-net/Makefile                        by patch
- net/go-websocket/Makefile                  by patch
- net/gunison/Makefile                      by patch
- net/gvproxy/Makefile                      by patch
- net/hub/Makefile                          by patch
- net/ipget/Makefile                        by patch
- net/kubectl/Makefile                      by patch
- net/libquic/Makefile                      by patch
- net/mangos/Makefile                        by patch
- net/nats-server/Makefile                  by patch
- net/obfs4proxy/Makefile                    by patch
- net/rclone/Makefile                        by patch
- net/stern/Makefile                        by patch
- net/syncthing/Makefile                    by patch
- net/terraform-provider-archive/Makefile    by patch
- net/terraform-provider-aws/Makefile        by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile      by patch
- net/terraform-provider-null/Makefile      by patch
- net/terraform-provider-random/Makefile    by patch
- net/terraform-provider-template/Makefile  by patch
- net/terraform-provider-vultr/Makefile      by patch
- net/terraform/Makefile                    by patch
- net/tut/Makefile                          by patch
- net/vultr-cli/Makefile                    by patch
- pkgtools/pkglint/Makefile                  by patch
- security/2fa/Makefile                      by patch
- security/age/Makefile                      by patch
- security/amass/Makefile                    by patch
- security/authelia/Makefile                by patch
- security/cfssl/Makefile                    by patch
- security/dnsx/Makefile                    by patch
- security/go-asn1-ber/Makefile              by patch
- security/go-crypto/Makefile                by patch
- security/go-getpass/Makefile              by patch
- security/go-mkcert/Makefile                by patch
- security/gopass/Makefile                  by patch
- security/httpx/Makefile                    by patch
- security/nuclei/Makefile                  by patch
- security/oauth2c/Makefile                  by patch
- security/osv-scanner/Makefile              by patch
- security/subfinder/Makefile                by patch
- security/tlsx/Makefile                    by patch
- security/trufflehog/Makefile              by patch
- security/vault/Makefile                    by patch
- shells/elvish/Makefile                    by patch
- shells/oh-my-posh/Makefile                by patch
- sysutils/beats/Makefile                    by patch
- sysutils/consul/Makefile                  by patch
- sysutils/direnv/Makefile                  by patch
- sysutils/fzf/Makefile                      by patch
- sysutils/goreman/Makefile                  by patch
- sysutils/lf/Makefile                      by patch
- sysutils/node_exporter/Makefile            by patch
- sysutils/packer/Makefile                  by patch
- sysutils/podman/Makefile                  by patch
- sysutils/restic/Makefile                  by patch
- sysutils/vultr/Makefile                    by patch
- textproc/glow/Makefile                    by patch
- textproc/go-kr-text/Makefile              by patch
- textproc/go-md2man/Makefile                by patch
- textproc/go-mmark/Makefile                by patch
- textproc/go-text/Makefile                  by patch
- textproc/miller/Makefile                  by patch
- textproc/sift/Makefile                    by patch
- www/apisprout/Makefile                    by patch
- www/caddy/Makefile                        by patch
- www/gitea/Makefile                        by patch
- www/go-ffuf/Makefile                      by patch
- www/go-minify/Makefile                    by patch
- www/gotosocial/Makefile                    by patch
- www/grafana/Makefile                      by patch
- www/hugo/Makefile                          by patch
- www/jira-cli/Makefile                      by patch
- www/mycorrhiza/Makefile                    by patch
- www/pup/Makefile                          by patch
- www/restish/Makefile                      by patch
- www/shoutrrr/Makefile                      by patch

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: bsiegert
  Date: Fri Nov 10 15:39:34 UTC 2023

  Modified Files:
  pkgsrc/lang/go: version.mk
  pkgsrc/lang/go120: PLIST distinfo
  pkgsrc/lang/go121: PLIST distinfo

  Log Message:
  Update go120 to 1.20.11 and go121 to 1.21.4 (security).

  These minor releases include 2 security fixes following the security policy:

  - path/filepath: recognize \??\ as a Root Local Device path prefix.

    On Windows, a path beginning with \??\ is a Root Local Device path equivalent
    to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
    arbitrary locations on the system. For example, the path \??\c:\x is
    equivalent to the more common path c:\x.

    The filepath package did not recognize paths with a \??\ prefix as special.

    Clean could convert a rooted path such as \a\..\??\b into
    the root local device path \??\b. It will now convert this
    path into .\??\b.

    IsAbs did not report paths beginning with \??\ as absolute.
    It now does so.

    VolumeName now reports the \??\ prefix as a volume name.

    Join(`\`, `??`, `b`) could convert a seemingly innocent
    sequence of path elements into the root local device path
    \??\b. It will now convert this to \.\??\b.

    This is CVE-2023-45283 and https://go.dev/issue/63713.

  - path/filepath: recognize device names with trailing spaces and superscripts

    The IsLocal function did not correctly detect reserved names in some cases:

    reserved names followed by spaces, such as "COM1 ".
    "COM" or "LPT" followed by a superscript 1, 2, or 3.
    IsLocal now correctly reports these names as non-local.

    This is CVE-2023-45284 and https://go.dev/issue/63713.

  To generate a diff of this commit:
  cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo

(spz)

Note pullup tickets #6820, #6821 and #6823

(bsiegert)

Pullup ticket #6823 - requested by bouyer
sysutils/xenkernel415: security fix
sysutils/xentools415: security fix

Revisions pulled up:
- sysutils/xenkernel415/Makefile                                1.12
- sysutils/xenkernel415/distinfo                                1.11
- sysutils/xenkernel415/patches/patch-XSA439                    1.1
- sysutils/xenkernel415/patches/patch-XSA442                    1.1
- sysutils/xenkernel415/patches/patch-XSA444                    1.1
- sysutils/xenkernel415/patches/patch-XSA445                    1.1
- sysutils/xenkernel415/patches/patch-XSA446                    1.1
- sysutils/xentools415/Makefile                                1.28
- sysutils/xentools415/PLIST                                    1.4
- sysutils/xentools415/distinfo                                1.14
- sysutils/xentools415/patches/patch-XSA440                    1.1
- sysutils/xentools415/patches/patch-XSA443                    1.1

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Wed Nov 15 15:59:36 UTC 2023

  Modified Files:
  pkgsrc/sysutils/xenkernel415: Makefile distinfo
  pkgsrc/sysutils/xentools415: Makefile PLIST distinfo
  Added Files:
  pkgsrc/sysutils/xenkernel415/patches: patch-XSA439 patch-XSA442
      patch-XSA444 patch-XSA445 patch-XSA446
  pkgsrc/sysutils/xentools415/patches: patch-XSA440 patch-XSA443

  Log Message:
  xen*415: apply upstream patches for Xen Security Advisory
  XSA-439, XSA-440, XSA-442, XSA-443, XSA-444, XSA-445, XSA-446
  bump PKGREVISIONs

(bsiegert)

Pullup ticket #6821 - requested by nia
devel/poco: build fix

Revisions pulled up:
- devel/poco/distinfo                                          1.18
- devel/poco/patches/patch-Crypto_src_RSACipherImpl.cpp        1.1

---
  Module Name: pkgsrc
  Committed By: nia
  Date: Thu Nov  9 19:16:20 UTC 2023

  Modified Files:
  pkgsrc/devel/poco: distinfo
  Added Files:
  pkgsrc/devel/poco/patches: patch-Crypto_src_RSACipherImpl.cpp

  Log Message:
  poco: OpenSSL 3.x fix

(bsiegert)

Pullup ticket #6820 - requested by abs
www/arcticfox: security and build fixes

Revisions pulled up:
- www/arcticfox/Makefile                                        1.37
- www/arcticfox/distinfo                                        1.11
- www/arcticfox/patches/patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h deleted

---
  Module Name:    pkgsrc
  Committed By:  abs
  Date:          Fri Nov  3 23:41:19 UTC 2023

  Modified Files:
          pkgsrc/www/arcticfox: Makefile distinfo
  Removed Files:
          pkgsrc/www/arcticfox/patches:
              patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h

  Log Message:
  Updated www/arcticfox to 43.0

  Lots of fixes, but some highlights

  - PowerPC is now working and usable again
  - many JavaScript enhancement and fixes
  - specific fixes for NetBSD imported
  - WebExtensions and wasm improvements
  - many security fixes
  - build system fixes, less messing around with compiler flags
    needed, with gcc (even recent version) "--enable-optimize" shall
    work
  - developer tools updates

(bsiegert)

#6816 #6818 #6819

(spz)

Pullup ticket #6819 - requested by gutteridge
audio/openal-soft: build fix

Revisions pulled up:
- audio/openal-soft/hacks.mk                                    1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Sun Oct 22 00:55:55 UTC 2023

  Added Files:
            pkgsrc/audio/openal-soft: hacks.mk

  Log Message:
  openal-soft: fix builds for aarch64 on NetBSD 9.x

  For aarch64, older NetBSD releases will end up pulling in GCC 10
  because of the C++20 requirement. We apply -mno-outline-atomics as one
  way of getting around linking issues that otherwise occur. (This was
  breaking 492 dependent builds.)

  To generate a diff of this commit:
  cvs rdiff -u -r0 -r1.1 pkgsrc/audio/openal-soft/hacks.mk

(spz)

Pullup ticket #6818 - requested by gutteridge
devel/libatomic; build fix

Revisions pulled up:
- devel/libatomic/hacks.mk                                      1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Tue Oct 17 02:01:43 UTC 2023

  Added Files:
            pkgsrc/devel/libatomic: hacks.mk

  Log Message:
  libatomic: fix aarch64 builds on NetBSD 9.x

  For aarch64, GCC expects a recent version of itself that accepts
  -mno-outline-atomics. Some packages pull in libatomic for aarch64,
  e.g., net/haproxy for __atomic_compare_exchange_16. (haproxy was
  compile tested after applying this fix.)

  To generate a diff of this commit:
  cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libatomic/hacks.mk

(spz)

Pullup ticket #6816 - requested by bsiegert
lang/go121: security update
lang/go: metadata update

Revisions pulled up:
- lang/go/version.mk                                            1.191
- lang/go121/PLIST                                              1.3
- lang/go121/distinfo                                          1.3

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: bsiegert
  Date: Sun Oct 15 09:26:35 UTC 2023

  Modified Files:
  pkgsrc/lang/go: version.mk
  pkgsrc/lang/go121: PLIST distinfo

  Log Message:
  go121: update to 1.21.3 (security)

  1.21.3

  net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

  1.21.2

  cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

  To generate a diff of this commit:
  cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo

(spz)

Note pullup tickets up to #6815

(bsiegert)

Pullup ticket #6815 - requested by gdt
mail/p5-Mail-DKIM: add missing dependency

Revisions pulled up:
- mail/p5-Mail-DKIM/Makefile                                    1.54

---
  Module Name: pkgsrc
  Committed By: gdt
  Date: Sun Oct 22 15:06:36 UTC 2023

  Modified Files:
  pkgsrc/mail/p5-Mail-DKIM: Makefile

  Log Message:
  p5-Mail-DKIM: Add missing dependency on CryptX

(bsiegert)

Pullup ticket #6814 - requested by abs
x11/lxqt-panel: NetBSD 10 bugfix

Revisions pulled up:
- x11/lxqt-panel/Makefile                                      1.40
- x11/lxqt-panel/options.mk                                    1.2

---
  Module Name:    pkgsrc
  Committed By:  bacon
  Date:          Wed Oct 18 23:03:49 UTC 2023

  Modified Files:
          pkgsrc/x11/lxqt-panel: Makefile options.mk

  Log Message:
  x11/lxqt-panel: Enable pulseaudio by default on NetBSD

  Prevents crashes on NetBSD 10-BETA

(bsiegert)

Pullup ticket #6813 - requested by prlw1
mail/exim: security fix

Revisions pulled up:
- mail/exim/Makefile                                            1.198
- mail/exim/distinfo                                            1.85

---
  Module Name:    pkgsrc
  Committed By:  prlw1
  Date:          Mon Oct 16 14:59:27 UTC 2023

  Modified Files:
          pkgsrc/mail/exim: Makefile distinfo

  Log Message:
  Update exim to 4.96.2

  Security fixes:

  JH/01 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
        CVE-2023-42219

  HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)

(bsiegert)

6811 6812

(spz)

Pullup ticket #6812 - requested by bsiegert
lang/go120: security update
lang/go: version info update
audio/gospt: RevBump
audio/ymuse: RevBump
chat/coyim: RevBump
chat/gomuks: RevBump
chat/matterircd: RevBump
chat/senpai: RevBump
chat/ssh-chat: RevBump
databases/go-ldap: RevBump
databases/influxdb: RevBump
databases/mongo-tools: RevBump
databases/mysqld_exporter: RevBump
databases/postgres_exporter: RevBump
databases/prometheus: RevBump
databases/promscale: RevBump
databases/sqlc: RevBump
databases/timescaledb-tune: RevBump
devel/asmfmt: RevBump
devel/conftest: RevBump
devel/errcheck: RevBump
devel/fq: RevBump
devel/git-lfs: RevBump
devel/go-ed25519: RevBump
devel/go-gocode: RevBump
devel/go-golang-lru: RevBump
devel/go-gopkgs: RevBump
devel/go-goptlib: RevBump
devel/go-goreturns: RevBump
devel/go-gox: RevBump
devel/go-impl: RevBump
devel/go-logrus: RevBump
devel/go-nbreader: RevBump
devel/go-pty: RevBump
devel/go-review: RevBump
devel/go-siphash: RevBump
devel/go-staticcheck: RevBump
devel/go-swagger: RevBump
devel/go-sys: RevBump
devel/go-tools: RevBump
devel/go-wire: RevBump
devel/go-xerrors: RevBump
devel/golangci-lint: RevBump
devel/golint: RevBump
devel/gomodifytags: RevBump
devel/gopls: RevBump
devel/goredo: RevBump
devel/gotags: RevBump
devel/gotests: RevBump
devel/govulncheck: RevBump
devel/lazygit: RevBump
devel/mob: RevBump
devel/nancy: RevBump
devel/opa: RevBump
devel/packr: RevBump
devel/reftools: RevBump
devel/regal: RevBump
devel/revive: RevBump
devel/shfmt: RevBump
devel/syft: RevBump
editors/micro: RevBump
filesystems/kubo: RevBump
graphics/gif2png: RevBump
lang/joker: RevBump
mail/opensmtpd-filter-rspamd: RevBump
mail/opensmtpd-filter-senderscore: RevBump
mail/postforward: RevBump
meta-pkgs/bulk-test-essential: RevBump
misc/exercism: RevBump
net/amazon-ecs-cli: RevBump
net/amfora: RevBump
net/bombadillo: RevBump
net/croc: RevBump
net/czds: RevBump
net/dnscontrol: RevBump
net/dnscrypt-proxy2: RevBump
net/gh: RevBump
net/go-dnstap: RevBump
net/go-net: RevBump
net/go-websocket: RevBump
net/gunison: RevBump
net/gvproxy: RevBump
net/hub: RevBump
net/ipget: RevBump
net/kubectl: RevBump
net/libquic: RevBump
net/mangos: RevBump
net/nats-server: RevBump
net/obfs4proxy: RevBump
net/rclone: RevBump
net/stern: RevBump
net/syncthing: RevBump
net/terraform-provider-archive: RevBump
net/terraform-provider-aws: RevBump
net/terraform-provider-kubernetes: RevBump
net/terraform-provider-local: RevBump
net/terraform-provider-null: RevBump
net/terraform-provider-random: RevBump
net/terraform-provider-template: RevBump
net/terraform-provider-vultr: RevBump
net/terraform: RevBump
net/tut: RevBump
net/vultr-cli: RevBump
pkgtools/pkglint: RevBump
security/2fa: RevBump
security/age: RevBump
security/amass: RevBump
security/authelia: RevBump
security/cfssl: RevBump
security/dnsx: RevBump
security/go-asn1-ber: RevBump
security/go-crypto: RevBump
security/go-getpass: RevBump
security/go-mkcert: RevBump
security/gopass: RevBump
security/httpx: RevBump
security/nuclei: RevBump
security/oauth2c: RevBump
security/osv-scanner: RevBump
security/subfinder: RevBump
security/tlsx: RevBump
security/trufflehog: RevBump
security/vault: RevBump
shells/elvish: RevBump
shells/oh-my-posh: RevBump
sysutils/beats: RevBump
sysutils/consul: RevBump
sysutils/direnv: RevBump
sysutils/fzf: RevBump
sysutils/goreman: RevBump
sysutils/lf: RevBump
sysutils/node_exporter: RevBump
sysutils/packer: RevBump
sysutils/podman: RevBump
sysutils/restic: RevBump
sysutils/vultr: RevBump
textproc/glow: RevBump
textproc/go-kr-text: RevBump
textproc/go-md2man: RevBump
textproc/go-mmark: RevBump
textproc/go-text: RevBump
textproc/miller: RevBump
textproc/sift: RevBump
www/apisprout: RevBump
www/caddy: RevBump
www/gitea: RevBump
www/go-ffuf: RevBump
www/go-minify: RevBump
www/gotosocial: RevBump
www/grafana: RevBump
www/hugo: RevBump
www/jira-cli: RevBump
www/mycorrhiza: RevBump
www/pup: RevBump
www/restish: RevBump
www/shoutrrr: RevBump

Revisions pulled up:
- lang/go/version.mk                                            1.190,1.192
- lang/go120/PLIST                                              1.9
- lang/go120/distinfo                                          1.10-1.11

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sat Oct  7 18:09:35 UTC 2023

  Modified Files:
          pkgsrc/lang/go: version.mk
          pkgsrc/lang/go120: PLIST distinfo

  Log Message:
  go120: update to 1.20.9 (security).

  cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

  View the release notes for more information:
  https://go.dev/doc/devel/release#go1.20.9

  To generate a diff of this commit:
  cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sun Oct 15 11:02:08 UTC 2023

  Modified Files:
          pkgsrc/lang/go: version.mk
          pkgsrc/lang/go120: distinfo

  Log Message:
  go120: update to 1.20.10 (security)

  net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

  To generate a diff of this commit:
  cvs rdiff -u -r1.191 -r1.192 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go120/distinfo

(spz)

Pullup ticket #6811 - requested by bsiegert
textproc/libcue: security patch

Revisions pulled up:
- textproc/libcue/Makefile                                      1.2
- textproc/libcue/distinfo                                      1.4
- textproc/libcue/patches/patch-cd.c                            1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Mon Oct  9 17:35:38 UTC 2023

  Modified Files:
          pkgsrc/textproc/libcue: Makefile distinfo
  Added Files:
          pkgsrc/textproc/libcue/patches: patch-cd.c

  Log Message:
  libcue: add fix for CVE-2023-43641

  Bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libcue/Makefile
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libcue/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libcue/patches/patch-cd.c

(spz)

#6810 too

(bsiegert)

Pullup ticket #6810 - requested by gutteridge
www/webkit-gtk: aarch64 build fix

Revisions pulled up:
- www/webkit-gtk/Makefile                                      1.249

---
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Thu Oct  5 05:57:20 UTC 2023

  Modified Files:
            pkgsrc/www/webkit-gtk: Makefile

  Log Message:
  webkit-gtk: fix inadvertent aarch64 lossage from r. 1.247

  A block that was a no-op was removed, but the inclusion of bsd.prefs.mk
  should still be applied because of a different block added in a later
  revision.

(bsiegert)

Note pullup ticket #6809 (curl)

(bsiegert)

Pullup ticket #6809 - requested by leot
www/curl: security fix

Revisions pulled up (via patch):
- www/curl/Makefile.common                                      1.8
- www/curl/PLIST                                                1.96
- www/curl/distinfo                                            1.199
- www/curl/patches/patch-configure                              1.18
- www/libcurl-gnutls/distinfo                                  1.6

---
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Wed Oct 11 07:16:03 UTC 2023

  Modified Files:
          pkgsrc/www/curl: Makefile.common PLIST distinfo
          pkgsrc/www/curl/patches: patch-configure
          pkgsrc/www/libcurl-gnutls: distinfo

  Log Message:
  curl libcurl-gnutls: updated to 8.4.0

  Fixed in 8.4.0 - October 11 2023

  Changes:

  curl: add support for the IPFS protocols via HTTP gateway
  curl_multi_get_handles: get easy handles from a multi handle
  mingw: delete support for legacy mingw.org toolchain

  Bugfixes:

  acinclude.m4: Document proper system truststore on FreeBSD
  appveyor: fix yamlint issues, indent
  appveyor: rewrite batch in PowerShell + CI improvements
  autotools: adjust `CURL_CA_PATH` value to CMake
  autotools: restore `HAVE_IOCTL_*` detections
  base64: also build for curl
  bufq: remove Curl_bufq_skip_and_shift (unused)
  build: delete checks for C89 standard headers
  build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
  cf-socket: simulate slow/blocked receives in debug
  cmake, configure: also link with CoreServices
  cmake: add check for suseconds_t
  cmake: add feature checks for `memrchr` and `getifaddrs`
  cmake: add missing checks
  cmake: delete old `HAVE_LDAP_URL_PARSE` logic
  cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
  cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
  cmake: detect `sys/wait.h` and `netinet/udp.h`
  cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
  cmake: disable unity mode with Windows Unicode + TrackMemory
  cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
  cmake: fix `HAVE_WRITABLE_ARGV` detection
  cmake: fix duplicate symbols when linking tests
  cmake: fix missing `zlib.h` when compiling `libcurltool`
  cmake: fix stderr initialization in unity builds
  cmake: fix the help text to the static build option in CMakeLists.txt
  cmake: fix unity builds for more build combinations
  cmake: fix unity symbol collisions in h2 builds
  cmake: fix unity with Windows Unicode + TrackMemory
  cmake: improve OpenLDAP builds
  cmake: lib `CURL_STATICLIB` fixes (Windows)
  cmake: move global headers to specific checks
  cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
  cmake: pre-cache `HAVE_POLL_FINE` on Windows
  cmake: tidy-up `NOT_NEED_LBER_H` detection
  cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
  configure: check for the capath by default
  configure: remove unused checks
  configure: replace adhoc domain with `localhost` in tests
  configure: sort AC_CHECK_FUNCS
  connect: expire the timeout when trying next
  connect: only start the happy eyeballs timer when needed
  cookie: do not store the expire or max-age strings
  cookie: remove unnecessary struct fields
  cookie: set ->running in cookie_init even if data is NULL
  create-dirs.d: clarify it also uses --output-dirs
  curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
  curl_easy_pause.3: mention h2/h3 buffering
  curl_easy_pause.3: mention it works within callbacks
  curl_easy_pause: set "in callback" true on exit if true
  CURLOPT_DEBUGFUNCTION.3: warn about internal handles
  docs/libcurl/opts/Makefile.inc: add missing manpage files
  docs: adapt SEE ALSO sections to new requirements
  docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
  docs: replace made up domains with example.com
  docs: update curl man page references
  docs: use CURLSSLBACKEND_NONE
  doh: inherit DEBUGFUNCTION/DATA
  escape: replace Curl_isunreserved with ISUNRESERVED
  FAQ: How do I upgrade curl.exe in Windows?
  GHA/linux: run singleuse to detect single-use global functions
  GHA: add workflow to compare configure vs cmake outputs
  h2-proxy: remove left-over mistake in drain_tunnel()
  h2: testcase and fix for pausing h2 streams
  h3: add support for ngtcp2 with AWS-LC builds
  http2: refused stream handling for retry
  http: fix CURL_DISABLE_BEARER_AUTH breakage
  http: h1/h2 proxy unification
  http: remove wrong comment for http_should_fail
  http: use per-request counter to check too large headers
  http_aws_sigv4: fix sorting with empty parts
  idn: fix WinIDN null ptr deref on bad host
  idn: if idn2_check_version returns NULL, return error
  inet_ntop: add typecast to silence Coverity
  lib: disambiguate Curl_client_write flag semantics
  lib: enable hmac for digest as well
  lib: failf/infof compiler warnings
  lib: let the max filesize option stop too big transfers too
  lib: move handling of `data->req.writer_stack` into Curl_client_write()
  lib: provide and use Curl_hexencode
  lib: remove TIME_WITH_SYS_TIME
  lib: use wrapper for curl_mime_data fseek callback
  libssh2: fix error message on failed pubkey-from-file
  libssh: cap SFTP packet size sent
  Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
  MANUAL.md: change domain to example.com
  misc: better random strings
  MQTT: improve receive of ACKs
  multi: do CURLM_CALL_MULTI_PERFORM at two more places
  multi: fix small timeouts
  multi: remove Curl_multi_dump
  multi: round the timeout up to prevent early wakeups
  multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
  openssl: improve ssl shutdown handling
  openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
  pytest: exclude test_03_goaway in CI runs due to timing dependency
  quic: set ciphers/curves the same way regular TLS does
  quiche: fix build error with --with-ca-fallback
  RELEASE-PROCEDURE.md: updated coming release dates
  runtests: display the test status if tests appear hung
  runtests: eliminate a warning on old perl versions
  socks: return error if hostname too long for remote resolve
  src/mkhelp: make generated code pass `checksrc`
  test1056: disable on Windows
  test1474: disable test on NetBSD, OpenBSD and Solaris 10
  test1592: greatly increase the maximum test timeout
  test1903: actually verify the cookies after the test
  test1906: set a lower timeout since it's hit on Windows
  test2600: remove special case handling for USE_ALARM_TIMEOUT
  test650: fix an end tag typo
  test661: return from test early in case of curl error
  test: add missing <feature>s
  tests: close the shell used to start sshd
  tests: fix a race condition in ftp server disconnect
  tests: fix compiler warnings
  tests: Fix zombie processes left behind by FTP tests.
  tests: improve SLOWDOWN test reliability by reducing sent data
  tests: increase lib571 timeout from 3s to 30s
  tests: log the test result code after each libtest
  tests: propagate errors in libtests
  tests: set --expect100-timeout to improve test reliability
  tests: show which curl tool `runtests.pl` is using
  tests: stop overriding the lock timeout
  tftpd: always use curl's own tftp.h
  tool: use our own stderr variable
  tool_cb_wrt: fix debug assertion
  tool_getparam: accept variable expansion on file names too
  tool_setopt: remove unused function tool_setopt_flags
  upload-file.d: describe the file name slash/backslash handling
  url: fall back to http/https proxy env-variable if ws/wss not set
  url: fix netrc info message
  warnless: remove unused functions
  wolfssh: do cleanup in Curl_ssh_cleanup
  wolfssl: allow capath with CURLOPT_CAINFO_BLOB
  wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
  wolfssl: ignore errors in CA path

(bsiegert)

Note pullup tickets up to #6808

(bsiegert)

Pullup ticket #6808 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                          1.170-1.171
- net/samba4/PLIST                                              1.52
- net/samba4/distinfo                                          1.97-1.98

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Sep 27 12:02:48 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: Makefile distinfo

  Log Message:
  net/samba4: update to 4.18.7

                    ==============================
                    Release Notes for Samba 4.18.7
                          September 27, 2023
                    ==============================

  This is the latest stable release of the Samba 4.18 release series.

  Changes since 4.18.6
  --------------------

  o  Jeremy Allison <jra@samba.org>
    * BUG 15419: Weird filename can cause assert to fail in
      openat_pathref_fsp_nosymlink().
    * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
      after failed IPC FSCTL_PIPE_TRANSCEIVE.
    * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
      pointer.

  o  Andrew Bartlett <abartlet@samba.org>
    * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
    * BUG 15407: Samba replication logs show (null) DN.

  o  Ralph Boehme <slow@samba.org>
    * BUG 15463: macOS mdfind returns only 50 results.

  o  Remi Collet <rcollet@redhat.com>
    * BUG 14808: smbc_getxattr() return value is incorrect.

  o  Volker Lendecke <vl@samba.org>
    * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
      previous cache entry value.

  o  Stefan Metzmacher <metze@samba.org>
    * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
      impacts sendmail, zabbix, potentially more.

  o  MikeLiu <mikeliu@qnap.com>
    * BUG 15453: File doesn't show when user doesn't have permission if
      aio_pthread is loaded.

  o  Martin Schwenke <mschwenke@ddn.com>
    * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
      1.9.1.

  o  Joseph Sutton <josephsutton@catalyst.net.nz>
    * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
      empty claims pac blobs (from Samba 4.19 or Windows).
    * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
      in use.

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Tue Oct 10 16:05:01 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: Makefile PLIST distinfo

  Log Message:
  net/samba4: update to 4.18.8

                    ==============================
                    Release Notes for Samba 4.18.8
                            October 10, 2023
                    ==============================

  This is a security release in order to address the following defects:

  o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
                    existing unix domain sockets on the file system.
                    https://www.samba.org/samba/security/CVE-2023-3961.html

  o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
                    OVERWRITE disposition when using the acl_xattr Samba VFS
                    module with the smb.conf setting
                    "acl_xattr:ignore system acls = yes"
                    https://www.samba.org/samba/security/CVE-2023-4091.html

  o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                    attributes, including secrets and passwords.  Additionally,
                    the access check fails open on error conditions.
                    https://www.samba.org/samba/security/CVE-2023-4154.html

  o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                    server block for a user-defined amount of time, denying
                    service.
                    https://www.samba.org/samba/security/CVE-2023-42669.html

  o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                    listeners, disrupting service on the AD DC.
                    https://www.samba.org/samba/security/CVE-2023-42670.html

(bsiegert)

Pullup ticket #6807 - requested by abs
emulators/compat90: NetBSD 10 compatibility fix

Revisions pulled up:
- emulators/compat90/Makefile                                  1.4
- emulators/compat90/PLIST.aarch64                              1.2
- emulators/compat90/PLIST.alpha                                1.2
- emulators/compat90/PLIST.arm                                  1.2
- emulators/compat90/PLIST.earmeb                              1.2
- emulators/compat90/PLIST.earmv6hf                            1.2
- emulators/compat90/PLIST.earmv7hf                            1.2
- emulators/compat90/PLIST.earmv7hfeb                          1.2
- emulators/compat90/PLIST.i386                                1.2
- emulators/compat90/PLIST.m68000                              1.2
- emulators/compat90/PLIST.m68k                                1.2
- emulators/compat90/PLIST.mips64eb                            1.2
- emulators/compat90/PLIST.mips64el                            1.2
- emulators/compat90/PLIST.mipseb                              1.2
- emulators/compat90/PLIST.mipsel                              1.2
- emulators/compat90/PLIST.powerpc                              1.2
- emulators/compat90/PLIST.sh3eb                                1.2
- emulators/compat90/PLIST.sh3el                                1.2
- emulators/compat90/PLIST.sparc                                1.2
- emulators/compat90/PLIST.sparc64                              1.2
- emulators/compat90/PLIST.vax                                  1.2
- emulators/compat90/PLIST.x86_64                              1.2
- emulators/compat90/distinfo                                  1.5
- emulators/compat90/emulator.mk                                1.2
- emulators/compat_netbsd/INSTALL.ELF                          1.4

---
  Module Name:    pkgsrc
  Committed By:  abs
  Date:          Tue Oct  3 14:53:52 UTC 2023

  Modified Files:
          pkgsrc/emulators/compat90: Makefile PLIST.aarch64 PLIST.alpha PLIST.arm
              PLIST.earmeb PLIST.earmv6hf PLIST.earmv7hf PLIST.earmv7hfeb
              PLIST.i386 PLIST.m68000 PLIST.m68k PLIST.mips64eb PLIST.mips64el
              PLIST.mipseb PLIST.mipsel PLIST.powerpc PLIST.sh3eb PLIST.sh3el
              PLIST.sparc PLIST.sparc64 PLIST.vax PLIST.x86_64 distinfo
              emulator.mk
          pkgsrc/emulators/compat_netbsd: INSTALL.ELF

  Log Message:
  Rebuild compat90 against netbsd-10_BETA

  Now netbsd-9 binaries should work against netbsd-10 again. Also switch from
  bz2 to xz distfiles (a significant space gain).

  Tested by installing and running lxqt desktop using netbsd-9 binaries on
  a netbsd-10 amd64 system

  Bump PKGREVISION

(bsiegert)

Pullup ticket #6806 - requested by prlw1
mail/exim: security fix

Revisions pulled up:
- mail/exim/Makefile                                            1.197
- mail/exim/distinfo                                            1.84

---
  Module Name:    pkgsrc
  Committed By:  prlw1
  Date:          Tue Oct  3 08:42:44 UTC 2023

  Modified Files:
          pkgsrc/mail/exim: Makefile distinfo

  Log Message:
  Update exim to 4.96.1

  Exim version 4.96.1
  -------------------

  This is a security release.

  JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
        could be triggered by externally-supplied input.  Found by Trend Micro.
        CVE-2023-42115

  JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
        be triggered by externally-controlled input.  Found by Trend Micro.
        CVE-2023-42116

  JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
        be triggered by externally-controlled input.  Found by Trend Micro.
        CVE-2023-42114

(bsiegert)

Pullup ticket #6805 - requested by gutteridge
finance/p5-Finance-Quote: build fix

Revisions pulled up:
- finance/p5-Finance-Quote/Makefile                            1.49-1.50

---
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Wed Sep 27 02:13:05 UTC 2023

  Modified Files:
          pkgsrc/finance/p5-Finance-Quote: Makefile

  Log Message:
  p5-Finance-Quote: as of 1.58, also requires p5-HTTP-CookieJar

---
  Module Name:    pkgsrc
  Committed By:  pgoyette
  Date:          Thu Sep 28 05:46:15 UTC 2023

  Modified Files:
          pkgsrc/finance/p5-Finance-Quote: Makefile

  Log Message:
  Add a couple more new dependencies.  Bump package revision.

(bsiegert)

Pullup ticket #6803 / #6804 - requested by he
lang/rust-bin: build fix

Revisions pulled up:
- lang/rust-bin/Makefile                                        1.54-1.55
- lang/rust-bin/distinfo                                        1.28

---
  Module Name: pkgsrc
  Committed By: he
  Date: Wed Sep 27 17:19:24 UTC 2023

  Modified Files:
  pkgsrc/lang/rust-bin: Makefile distinfo

  Log Message:
  rust-bin: update the i586 binaries, so the result works on netbsd-9...

  ...and probably newer as well.  Testing status on netbsd-8 is unknown
  at the moment.  Ref. pkgsrc-users@ discussion; the old binaries
  were built on netbsd-8 and require gcc7's shared libs from pkgsrc.
  This set is instead cross-built, and does not depend on an external
  LLVM or external gcc.

  Bump PKGREVISION, since this gets us new i586 binaries.

---
  Module Name: pkgsrc
  Committed By: he
  Date: Thu Sep 28 12:24:32 UTC 2023

  Modified Files:
  pkgsrc/lang/rust-bin: Makefile

  Log Message:
  rust-bin: use a revision-specific dist subdir.

  This so that the changed bits get re-fetched, and we don't try to
  re-use an already-fetched binary, and get a checksum mismatch.
  Follow-up on the "new i586 bits" change.

(bsiegert)

doc: Add CHANGES-pkgsrc-2023Q3

(gdt)