Now
pkgsrc-2023Q3 commitmail json YAML
Note pullup ticket #6824
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/editors/vim-share/Makefile.common@1.167.2.1
/
diff
pkgsrc/editors/vim-share/PLIST@1.65.2.1 / diff
pkgsrc/editors/vim-share/distinfo@1.203.2.1 / diff
pkgsrc/editors/vim-share/options.mk@1.10.4.1 / diff
pkgsrc/editors/vim-share/patches/patch-auto_configure deleted
pkgsrc/editors/vim-share/patches/patch-configure deleted
pkgsrc/editors/vim-share/patches/patch-feature.h@1.5.16.1 / diff
pkgsrc/editors/vim-share/patches/patch-link.sh deleted
pkgsrc/editors/vim-share/version.mk@1.142.2.1 / diff
pkgsrc/editors/vim-share/PLIST@1.65.2.1 / diff
pkgsrc/editors/vim-share/distinfo@1.203.2.1 / diff
pkgsrc/editors/vim-share/options.mk@1.10.4.1 / diff
pkgsrc/editors/vim-share/patches/patch-auto_configure deleted
pkgsrc/editors/vim-share/patches/patch-configure deleted
pkgsrc/editors/vim-share/patches/patch-feature.h@1.5.16.1 / diff
pkgsrc/editors/vim-share/patches/patch-link.sh deleted
pkgsrc/editors/vim-share/version.mk@1.142.2.1 / diff
Pullup ticket #6824 - requested by morr
editors/vim-share: security fix
Revisions pulled up:
- editors/vim-gtk2/Makefile 1.112
- editors/vim-gtk3/Makefile 1.34
- editors/vim-share/Makefile.common 1.168
- editors/vim-share/PLIST 1.66-1.67
- editors/vim-share/distinfo 1.204-1.206
- editors/vim-share/options.mk 1.11
- editors/vim-share/patches/patch-auto_configure deleted
- editors/vim-share/patches/patch-configure deleted
- editors/vim-share/patches/patch-feature.h 1.6
- editors/vim-share/patches/patch-link.sh deleted
- editors/vim-share/version.mk 1.143-1.145
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Nov 16 09:54:10 UTC 2023
Modified Files:
pkgsrc/editors/vim-gtk2: Makefile
pkgsrc/editors/vim-gtk3: Makefile
pkgsrc/editors/vim-share: Makefile.common PLIST distinfo options.mk
version.mk
pkgsrc/editors/vim-share/patches: patch-feature.h
Removed Files:
pkgsrc/editors/vim-share/patches: patch-auto_configure patch-configure
patch-link.sh
Log Message:
vim*: update to latest patchlevel
About 200 bugfixes.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 17 09:32:54 UTC 2023
Modified Files:
pkgsrc/editors/vim-share: distinfo version.mk
Log Message:
vim*: update to patchlevel 2112 for security fixes
---
Module Name: pkgsrc
Committed By: morr
Date: Thu Nov 23 19:10:01 UTC 2023
Modified Files:
pkgsrc/editors/vim-share: PLIST distinfo version.mk
Log Message:
Update to patchlevel 2122 for security fixes.
editors/vim-share: security fix
Revisions pulled up:
- editors/vim-gtk2/Makefile 1.112
- editors/vim-gtk3/Makefile 1.34
- editors/vim-share/Makefile.common 1.168
- editors/vim-share/PLIST 1.66-1.67
- editors/vim-share/distinfo 1.204-1.206
- editors/vim-share/options.mk 1.11
- editors/vim-share/patches/patch-auto_configure deleted
- editors/vim-share/patches/patch-configure deleted
- editors/vim-share/patches/patch-feature.h 1.6
- editors/vim-share/patches/patch-link.sh deleted
- editors/vim-share/version.mk 1.143-1.145
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Nov 16 09:54:10 UTC 2023
Modified Files:
pkgsrc/editors/vim-gtk2: Makefile
pkgsrc/editors/vim-gtk3: Makefile
pkgsrc/editors/vim-share: Makefile.common PLIST distinfo options.mk
version.mk
pkgsrc/editors/vim-share/patches: patch-feature.h
Removed Files:
pkgsrc/editors/vim-share/patches: patch-auto_configure patch-configure
patch-link.sh
Log Message:
vim*: update to latest patchlevel
About 200 bugfixes.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 17 09:32:54 UTC 2023
Modified Files:
pkgsrc/editors/vim-share: distinfo version.mk
Log Message:
vim*: update to patchlevel 2112 for security fixes
---
Module Name: pkgsrc
Committed By: morr
Date: Thu Nov 23 19:10:01 UTC 2023
Modified Files:
pkgsrc/editors/vim-share: PLIST distinfo version.mk
Log Message:
Update to patchlevel 2122 for security fixes.
pkgsrc-2023Q3 commitmail json YAML
Note pullup ticket #6825
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6825 - requested by taca
net/samba4: security fix
Update to 4.18.9
(via patch)
net/samba4: security fix
Update to 4.18.9
(via patch)
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/audio/gospt/Makefile@1.22.2.2
/
diff
pkgsrc/audio/ymuse/Makefile@1.9.2.2 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.2 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.2 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.2 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.2 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.2 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.2 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.2 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.2 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.2 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.2 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.2 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.2 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.2 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.2 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.2 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.2 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.2 / diff
pkgsrc/devel/fq/Makefile@1.12.2.2 / diff
:
(more 138 files)
pkgsrc/audio/ymuse/Makefile@1.9.2.2 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.2 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.2 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.2 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.2 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.2 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.2 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.2 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.2 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.2 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.2 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.2 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.2 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.2 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.2 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.2 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.2 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.2 / diff
pkgsrc/devel/fq/Makefile@1.12.2.2 / diff
:
(more 138 files)
Pullup ticket #6822 - requested by bsiegert
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump
Revisions pulled up:
- lang/go/version.mk 1.194
- lang/go120/PLIST 1.10
- lang/go120/distinfo 1.12
- lang/go121/PLIST 1.4
- lang/go121/distinfo 1.4
- audio/gospt/Makefile by patch
- audio/ymuse/Makefile by patch
- chat/coyim/Makefile by patch
- chat/gomuks/Makefile by patch
- chat/matterircd/Makefile by patch
- chat/senpai/Makefile by patch
- chat/ssh-chat/Makefile by patch
- databases/go-ldap/Makefile by patch
- databases/influxdb/Makefile by patch
- databases/mongo-tools/Makefile by patch
- databases/mysqld_exporter/Makefile by patch
- databases/postgres_exporter/Makefile by patch
- databases/prometheus/Makefile by patch
- databases/promscale/Makefile by patch
- databases/sqlc/Makefile by patch
- databases/timescaledb-tune/Makefile by patch
- devel/asmfmt/Makefile by patch
- devel/conftest/Makefile by patch
- devel/errcheck/Makefile by patch
- devel/fq/Makefile by patch
- devel/git-lfs/Makefile by patch
- devel/go-ed25519/Makefile by patch
- devel/go-gocode/Makefile by patch
- devel/go-golang-lru/Makefile by patch
- devel/go-gopkgs/Makefile by patch
- devel/go-goptlib/Makefile by patch
- devel/go-goreturns/Makefile by patch
- devel/go-gox/Makefile by patch
- devel/go-impl/Makefile by patch
- devel/go-logrus/Makefile by patch
- devel/go-nbreader/Makefile by patch
- devel/go-pty/Makefile by patch
- devel/go-review/Makefile by patch
- devel/go-siphash/Makefile by patch
- devel/go-staticcheck/Makefile by patch
- devel/go-swagger/Makefile by patch
- devel/go-sys/Makefile by patch
- devel/go-tools/Makefile by patch
- devel/go-wire/Makefile by patch
- devel/go-xerrors/Makefile by patch
- devel/golangci-lint/Makefile by patch
- devel/golint/Makefile by patch
- devel/gomodifytags/Makefile by patch
- devel/gopls/Makefile by patch
- devel/goredo/Makefile by patch
- devel/gotags/Makefile by patch
- devel/gotests/Makefile by patch
- devel/govulncheck/Makefile by patch
- devel/lazygit/Makefile by patch
- devel/mob/Makefile by patch
- devel/nancy/Makefile by patch
- devel/opa/Makefile by patch
- devel/packr/Makefile by patch
- devel/reftools/Makefile by patch
- devel/regal/Makefile by patch
- devel/revive/Makefile by patch
- devel/shfmt/Makefile by patch
- devel/syft/Makefile by patch
- editors/micro/Makefile by patch
- filesystems/kubo/Makefile by patch
- graphics/gif2png/Makefile by patch
- lang/joker/Makefile by patch
- mail/opensmtpd-filter-rspamd/Makefile by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile by patch
- misc/exercism/Makefile by patch
- net/amazon-ecs-cli/Makefile by patch
- net/amfora/Makefile by patch
- net/bombadillo/Makefile by patch
- net/croc/Makefile by patch
- net/czds/Makefile by patch
- net/dnscontrol/Makefile by patch
- net/dnscrypt-proxy2/Makefile by patch
- net/gh/Makefile by patch
- net/go-dnstap/Makefile by patch
- net/go-net/Makefile by patch
- net/go-websocket/Makefile by patch
- net/gunison/Makefile by patch
- net/gvproxy/Makefile by patch
- net/hub/Makefile by patch
- net/ipget/Makefile by patch
- net/kubectl/Makefile by patch
- net/libquic/Makefile by patch
- net/mangos/Makefile by patch
- net/nats-server/Makefile by patch
- net/obfs4proxy/Makefile by patch
- net/rclone/Makefile by patch
- net/stern/Makefile by patch
- net/syncthing/Makefile by patch
- net/terraform-provider-archive/Makefile by patch
- net/terraform-provider-aws/Makefile by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile by patch
- net/terraform-provider-null/Makefile by patch
- net/terraform-provider-random/Makefile by patch
- net/terraform-provider-template/Makefile by patch
- net/terraform-provider-vultr/Makefile by patch
- net/terraform/Makefile by patch
- net/tut/Makefile by patch
- net/vultr-cli/Makefile by patch
- pkgtools/pkglint/Makefile by patch
- security/2fa/Makefile by patch
- security/age/Makefile by patch
- security/amass/Makefile by patch
- security/authelia/Makefile by patch
- security/cfssl/Makefile by patch
- security/dnsx/Makefile by patch
- security/go-asn1-ber/Makefile by patch
- security/go-crypto/Makefile by patch
- security/go-getpass/Makefile by patch
- security/go-mkcert/Makefile by patch
- security/gopass/Makefile by patch
- security/httpx/Makefile by patch
- security/nuclei/Makefile by patch
- security/oauth2c/Makefile by patch
- security/osv-scanner/Makefile by patch
- security/subfinder/Makefile by patch
- security/tlsx/Makefile by patch
- security/trufflehog/Makefile by patch
- security/vault/Makefile by patch
- shells/elvish/Makefile by patch
- shells/oh-my-posh/Makefile by patch
- sysutils/beats/Makefile by patch
- sysutils/consul/Makefile by patch
- sysutils/direnv/Makefile by patch
- sysutils/fzf/Makefile by patch
- sysutils/goreman/Makefile by patch
- sysutils/lf/Makefile by patch
- sysutils/node_exporter/Makefile by patch
- sysutils/packer/Makefile by patch
- sysutils/podman/Makefile by patch
- sysutils/restic/Makefile by patch
- sysutils/vultr/Makefile by patch
- textproc/glow/Makefile by patch
- textproc/go-kr-text/Makefile by patch
- textproc/go-md2man/Makefile by patch
- textproc/go-mmark/Makefile by patch
- textproc/go-text/Makefile by patch
- textproc/miller/Makefile by patch
- textproc/sift/Makefile by patch
- www/apisprout/Makefile by patch
- www/caddy/Makefile by patch
- www/gitea/Makefile by patch
- www/go-ffuf/Makefile by patch
- www/go-minify/Makefile by patch
- www/gotosocial/Makefile by patch
- www/grafana/Makefile by patch
- www/hugo/Makefile by patch
- www/jira-cli/Makefile by patch
- www/mycorrhiza/Makefile by patch
- www/pup/Makefile by patch
- www/restish/Makefile by patch
- www/shoutrrr/Makefile by patch
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Nov 10 15:39:34 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
pkgsrc/lang/go121: PLIST distinfo
Log Message:
Update go120 to 1.20.11 and go121 to 1.21.4 (security).
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize \??\ as a Root Local Device path prefix.
On Windows, a path beginning with \??\ is a Root Local Device path equivalent
to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
arbitrary locations on the system. For example, the path \??\c:\x is
equivalent to the more common path c:\x.
The filepath package did not recognize paths with a \??\ prefix as special.
Clean could convert a rooted path such as \a\..\??\b into
the root local device path \??\b. It will now convert this
path into .\??\b.
IsAbs did not report paths beginning with \??\ as absolute.
It now does so.
VolumeName now reports the \??\ prefix as a volume name.
Join(`\`, `??`, `b`) could convert a seemingly innocent
sequence of path elements into the root local device path
\??\b. It will now convert this to \.\??\b.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The IsLocal function did not correctly detect reserved names in some cases:
reserved names followed by spaces, such as "COM1 ".
"COM" or "LPT" followed by a superscript 1, 2, or 3.
IsLocal now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump
Revisions pulled up:
- lang/go/version.mk 1.194
- lang/go120/PLIST 1.10
- lang/go120/distinfo 1.12
- lang/go121/PLIST 1.4
- lang/go121/distinfo 1.4
- audio/gospt/Makefile by patch
- audio/ymuse/Makefile by patch
- chat/coyim/Makefile by patch
- chat/gomuks/Makefile by patch
- chat/matterircd/Makefile by patch
- chat/senpai/Makefile by patch
- chat/ssh-chat/Makefile by patch
- databases/go-ldap/Makefile by patch
- databases/influxdb/Makefile by patch
- databases/mongo-tools/Makefile by patch
- databases/mysqld_exporter/Makefile by patch
- databases/postgres_exporter/Makefile by patch
- databases/prometheus/Makefile by patch
- databases/promscale/Makefile by patch
- databases/sqlc/Makefile by patch
- databases/timescaledb-tune/Makefile by patch
- devel/asmfmt/Makefile by patch
- devel/conftest/Makefile by patch
- devel/errcheck/Makefile by patch
- devel/fq/Makefile by patch
- devel/git-lfs/Makefile by patch
- devel/go-ed25519/Makefile by patch
- devel/go-gocode/Makefile by patch
- devel/go-golang-lru/Makefile by patch
- devel/go-gopkgs/Makefile by patch
- devel/go-goptlib/Makefile by patch
- devel/go-goreturns/Makefile by patch
- devel/go-gox/Makefile by patch
- devel/go-impl/Makefile by patch
- devel/go-logrus/Makefile by patch
- devel/go-nbreader/Makefile by patch
- devel/go-pty/Makefile by patch
- devel/go-review/Makefile by patch
- devel/go-siphash/Makefile by patch
- devel/go-staticcheck/Makefile by patch
- devel/go-swagger/Makefile by patch
- devel/go-sys/Makefile by patch
- devel/go-tools/Makefile by patch
- devel/go-wire/Makefile by patch
- devel/go-xerrors/Makefile by patch
- devel/golangci-lint/Makefile by patch
- devel/golint/Makefile by patch
- devel/gomodifytags/Makefile by patch
- devel/gopls/Makefile by patch
- devel/goredo/Makefile by patch
- devel/gotags/Makefile by patch
- devel/gotests/Makefile by patch
- devel/govulncheck/Makefile by patch
- devel/lazygit/Makefile by patch
- devel/mob/Makefile by patch
- devel/nancy/Makefile by patch
- devel/opa/Makefile by patch
- devel/packr/Makefile by patch
- devel/reftools/Makefile by patch
- devel/regal/Makefile by patch
- devel/revive/Makefile by patch
- devel/shfmt/Makefile by patch
- devel/syft/Makefile by patch
- editors/micro/Makefile by patch
- filesystems/kubo/Makefile by patch
- graphics/gif2png/Makefile by patch
- lang/joker/Makefile by patch
- mail/opensmtpd-filter-rspamd/Makefile by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile by patch
- misc/exercism/Makefile by patch
- net/amazon-ecs-cli/Makefile by patch
- net/amfora/Makefile by patch
- net/bombadillo/Makefile by patch
- net/croc/Makefile by patch
- net/czds/Makefile by patch
- net/dnscontrol/Makefile by patch
- net/dnscrypt-proxy2/Makefile by patch
- net/gh/Makefile by patch
- net/go-dnstap/Makefile by patch
- net/go-net/Makefile by patch
- net/go-websocket/Makefile by patch
- net/gunison/Makefile by patch
- net/gvproxy/Makefile by patch
- net/hub/Makefile by patch
- net/ipget/Makefile by patch
- net/kubectl/Makefile by patch
- net/libquic/Makefile by patch
- net/mangos/Makefile by patch
- net/nats-server/Makefile by patch
- net/obfs4proxy/Makefile by patch
- net/rclone/Makefile by patch
- net/stern/Makefile by patch
- net/syncthing/Makefile by patch
- net/terraform-provider-archive/Makefile by patch
- net/terraform-provider-aws/Makefile by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile by patch
- net/terraform-provider-null/Makefile by patch
- net/terraform-provider-random/Makefile by patch
- net/terraform-provider-template/Makefile by patch
- net/terraform-provider-vultr/Makefile by patch
- net/terraform/Makefile by patch
- net/tut/Makefile by patch
- net/vultr-cli/Makefile by patch
- pkgtools/pkglint/Makefile by patch
- security/2fa/Makefile by patch
- security/age/Makefile by patch
- security/amass/Makefile by patch
- security/authelia/Makefile by patch
- security/cfssl/Makefile by patch
- security/dnsx/Makefile by patch
- security/go-asn1-ber/Makefile by patch
- security/go-crypto/Makefile by patch
- security/go-getpass/Makefile by patch
- security/go-mkcert/Makefile by patch
- security/gopass/Makefile by patch
- security/httpx/Makefile by patch
- security/nuclei/Makefile by patch
- security/oauth2c/Makefile by patch
- security/osv-scanner/Makefile by patch
- security/subfinder/Makefile by patch
- security/tlsx/Makefile by patch
- security/trufflehog/Makefile by patch
- security/vault/Makefile by patch
- shells/elvish/Makefile by patch
- shells/oh-my-posh/Makefile by patch
- sysutils/beats/Makefile by patch
- sysutils/consul/Makefile by patch
- sysutils/direnv/Makefile by patch
- sysutils/fzf/Makefile by patch
- sysutils/goreman/Makefile by patch
- sysutils/lf/Makefile by patch
- sysutils/node_exporter/Makefile by patch
- sysutils/packer/Makefile by patch
- sysutils/podman/Makefile by patch
- sysutils/restic/Makefile by patch
- sysutils/vultr/Makefile by patch
- textproc/glow/Makefile by patch
- textproc/go-kr-text/Makefile by patch
- textproc/go-md2man/Makefile by patch
- textproc/go-mmark/Makefile by patch
- textproc/go-text/Makefile by patch
- textproc/miller/Makefile by patch
- textproc/sift/Makefile by patch
- www/apisprout/Makefile by patch
- www/caddy/Makefile by patch
- www/gitea/Makefile by patch
- www/go-ffuf/Makefile by patch
- www/go-minify/Makefile by patch
- www/gotosocial/Makefile by patch
- www/grafana/Makefile by patch
- www/hugo/Makefile by patch
- www/jira-cli/Makefile by patch
- www/mycorrhiza/Makefile by patch
- www/pup/Makefile by patch
- www/restish/Makefile by patch
- www/shoutrrr/Makefile by patch
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Nov 10 15:39:34 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
pkgsrc/lang/go121: PLIST distinfo
Log Message:
Update go120 to 1.20.11 and go121 to 1.21.4 (security).
These minor releases include 2 security fixes following the security policy:
- path/filepath: recognize \??\ as a Root Local Device path prefix.
On Windows, a path beginning with \??\ is a Root Local Device path equivalent
to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
arbitrary locations on the system. For example, the path \??\c:\x is
equivalent to the more common path c:\x.
The filepath package did not recognize paths with a \??\ prefix as special.
Clean could convert a rooted path such as \a\..\??\b into
the root local device path \??\b. It will now convert this
path into .\??\b.
IsAbs did not report paths beginning with \??\ as absolute.
It now does so.
VolumeName now reports the \??\ prefix as a volume name.
Join(`\`, `??`, `b`) could convert a seemingly innocent
sequence of path elements into the root local device path
\??\b. It will now convert this to \.\??\b.
This is CVE-2023-45283 and https://go.dev/issue/63713.
- path/filepath: recognize device names with trailing spaces and superscripts
The IsLocal function did not correctly detect reserved names in some cases:
reserved names followed by spaces, such as "COM1 ".
"COM" or "LPT" followed by a superscript 1, 2, or 3.
IsLocal now correctly reports these names as non-local.
This is CVE-2023-45284 and https://go.dev/issue/63713.
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
pkgsrc-2023Q3 commitmail json YAML
Note pullup tickets #6820, #6821 and #6823
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/sysutils/xenkernel415/Makefile@1.11.2.1
/
diff
pkgsrc/sysutils/xenkernel415/distinfo@1.10.2.1 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA439@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA442@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA444@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA445@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA446@1.1.2.2 / diff
pkgsrc/sysutils/xentools415/Makefile@1.26.2.1 / diff
pkgsrc/sysutils/xentools415/PLIST@1.3.14.1 / diff
pkgsrc/sysutils/xentools415/distinfo@1.13.2.1 / diff
pkgsrc/sysutils/xentools415/patches/patch-XSA440@1.1.2.2 / diff
pkgsrc/sysutils/xentools415/patches/patch-XSA443@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/distinfo@1.10.2.1 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA439@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA442@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA444@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA445@1.1.2.2 / diff
pkgsrc/sysutils/xenkernel415/patches/patch-XSA446@1.1.2.2 / diff
pkgsrc/sysutils/xentools415/Makefile@1.26.2.1 / diff
pkgsrc/sysutils/xentools415/PLIST@1.3.14.1 / diff
pkgsrc/sysutils/xentools415/distinfo@1.13.2.1 / diff
pkgsrc/sysutils/xentools415/patches/patch-XSA440@1.1.2.2 / diff
pkgsrc/sysutils/xentools415/patches/patch-XSA443@1.1.2.2 / diff
Pullup ticket #6823 - requested by bouyer
sysutils/xenkernel415: security fix
sysutils/xentools415: security fix
Revisions pulled up:
- sysutils/xenkernel415/Makefile 1.12
- sysutils/xenkernel415/distinfo 1.11
- sysutils/xenkernel415/patches/patch-XSA439 1.1
- sysutils/xenkernel415/patches/patch-XSA442 1.1
- sysutils/xenkernel415/patches/patch-XSA444 1.1
- sysutils/xenkernel415/patches/patch-XSA445 1.1
- sysutils/xenkernel415/patches/patch-XSA446 1.1
- sysutils/xentools415/Makefile 1.28
- sysutils/xentools415/PLIST 1.4
- sysutils/xentools415/distinfo 1.14
- sysutils/xentools415/patches/patch-XSA440 1.1
- sysutils/xentools415/patches/patch-XSA443 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Nov 15 15:59:36 UTC 2023
Modified Files:
pkgsrc/sysutils/xenkernel415: Makefile distinfo
pkgsrc/sysutils/xentools415: Makefile PLIST distinfo
Added Files:
pkgsrc/sysutils/xenkernel415/patches: patch-XSA439 patch-XSA442
patch-XSA444 patch-XSA445 patch-XSA446
pkgsrc/sysutils/xentools415/patches: patch-XSA440 patch-XSA443
Log Message:
xen*415: apply upstream patches for Xen Security Advisory
XSA-439, XSA-440, XSA-442, XSA-443, XSA-444, XSA-445, XSA-446
bump PKGREVISIONs
sysutils/xenkernel415: security fix
sysutils/xentools415: security fix
Revisions pulled up:
- sysutils/xenkernel415/Makefile 1.12
- sysutils/xenkernel415/distinfo 1.11
- sysutils/xenkernel415/patches/patch-XSA439 1.1
- sysutils/xenkernel415/patches/patch-XSA442 1.1
- sysutils/xenkernel415/patches/patch-XSA444 1.1
- sysutils/xenkernel415/patches/patch-XSA445 1.1
- sysutils/xenkernel415/patches/patch-XSA446 1.1
- sysutils/xentools415/Makefile 1.28
- sysutils/xentools415/PLIST 1.4
- sysutils/xentools415/distinfo 1.14
- sysutils/xentools415/patches/patch-XSA440 1.1
- sysutils/xentools415/patches/patch-XSA443 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Nov 15 15:59:36 UTC 2023
Modified Files:
pkgsrc/sysutils/xenkernel415: Makefile distinfo
pkgsrc/sysutils/xentools415: Makefile PLIST distinfo
Added Files:
pkgsrc/sysutils/xenkernel415/patches: patch-XSA439 patch-XSA442
patch-XSA444 patch-XSA445 patch-XSA446
pkgsrc/sysutils/xentools415/patches: patch-XSA440 patch-XSA443
Log Message:
xen*415: apply upstream patches for Xen Security Advisory
XSA-439, XSA-440, XSA-442, XSA-443, XSA-444, XSA-445, XSA-446
bump PKGREVISIONs
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/devel/poco/distinfo@1.17.16.1
/
diff
pkgsrc/devel/poco/patches/patch-Crypto_src_RSACipherImpl.cpp@1.1.2.2 / diff
pkgsrc/devel/poco/patches/patch-Crypto_src_RSACipherImpl.cpp@1.1.2.2 / diff
Pullup ticket #6821 - requested by nia
devel/poco: build fix
Revisions pulled up:
- devel/poco/distinfo 1.18
- devel/poco/patches/patch-Crypto_src_RSACipherImpl.cpp 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Nov 9 19:16:20 UTC 2023
Modified Files:
pkgsrc/devel/poco: distinfo
Added Files:
pkgsrc/devel/poco/patches: patch-Crypto_src_RSACipherImpl.cpp
Log Message:
poco: OpenSSL 3.x fix
devel/poco: build fix
Revisions pulled up:
- devel/poco/distinfo 1.18
- devel/poco/patches/patch-Crypto_src_RSACipherImpl.cpp 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Nov 9 19:16:20 UTC 2023
Modified Files:
pkgsrc/devel/poco: distinfo
Added Files:
pkgsrc/devel/poco/patches: patch-Crypto_src_RSACipherImpl.cpp
Log Message:
poco: OpenSSL 3.x fix
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/www/arcticfox/Makefile@1.33.2.1
/
diff
pkgsrc/www/arcticfox/distinfo@1.10.2.1 / diff
pkgsrc/www/arcticfox/patches/patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h deleted
pkgsrc/www/arcticfox/distinfo@1.10.2.1 / diff
pkgsrc/www/arcticfox/patches/patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h deleted
Pullup ticket #6820 - requested by abs
www/arcticfox: security and build fixes
Revisions pulled up:
- www/arcticfox/Makefile 1.37
- www/arcticfox/distinfo 1.11
- www/arcticfox/patches/patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h deleted
---
Module Name: pkgsrc
Committed By: abs
Date: Fri Nov 3 23:41:19 UTC 2023
Modified Files:
pkgsrc/www/arcticfox: Makefile distinfo
Removed Files:
pkgsrc/www/arcticfox/patches:
patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h
Log Message:
Updated www/arcticfox to 43.0
Lots of fixes, but some highlights
- PowerPC is now working and usable again
- many JavaScript enhancement and fixes
- specific fixes for NetBSD imported
- WebExtensions and wasm improvements
- many security fixes
- build system fixes, less messing around with compiler flags
needed, with gcc (even recent version) "--enable-optimize" shall
work
- developer tools updates
www/arcticfox: security and build fixes
Revisions pulled up:
- www/arcticfox/Makefile 1.37
- www/arcticfox/distinfo 1.11
- www/arcticfox/patches/patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h deleted
---
Module Name: pkgsrc
Committed By: abs
Date: Fri Nov 3 23:41:19 UTC 2023
Modified Files:
pkgsrc/www/arcticfox: Makefile distinfo
Removed Files:
pkgsrc/www/arcticfox/patches:
patch-gfx_skia_skia_src_gpu_GrAutoLocaleSetter.h
Log Message:
Updated www/arcticfox to 43.0
Lots of fixes, but some highlights
- PowerPC is now working and usable again
- many JavaScript enhancement and fixes
- specific fixes for NetBSD imported
- WebExtensions and wasm improvements
- many security fixes
- build system fixes, less messing around with compiler flags
needed, with gcc (even recent version) "--enable-optimize" shall
work
- developer tools updates
pkgsrc-2023Q3 commitmail json YAML
#6816 #6818 #6819
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6819 - requested by gutteridge
audio/openal-soft: build fix
Revisions pulled up:
- audio/openal-soft/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Sun Oct 22 00:55:55 UTC 2023
Added Files:
pkgsrc/audio/openal-soft: hacks.mk
Log Message:
openal-soft: fix builds for aarch64 on NetBSD 9.x
For aarch64, older NetBSD releases will end up pulling in GCC 10
because of the C++20 requirement. We apply -mno-outline-atomics as one
way of getting around linking issues that otherwise occur. (This was
breaking 492 dependent builds.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/audio/openal-soft/hacks.mk
audio/openal-soft: build fix
Revisions pulled up:
- audio/openal-soft/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Sun Oct 22 00:55:55 UTC 2023
Added Files:
pkgsrc/audio/openal-soft: hacks.mk
Log Message:
openal-soft: fix builds for aarch64 on NetBSD 9.x
For aarch64, older NetBSD releases will end up pulling in GCC 10
because of the C++20 requirement. We apply -mno-outline-atomics as one
way of getting around linking issues that otherwise occur. (This was
breaking 492 dependent builds.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/audio/openal-soft/hacks.mk
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6818 - requested by gutteridge
devel/libatomic; build fix
Revisions pulled up:
- devel/libatomic/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Oct 17 02:01:43 UTC 2023
Added Files:
pkgsrc/devel/libatomic: hacks.mk
Log Message:
libatomic: fix aarch64 builds on NetBSD 9.x
For aarch64, GCC expects a recent version of itself that accepts
-mno-outline-atomics. Some packages pull in libatomic for aarch64,
e.g., net/haproxy for __atomic_compare_exchange_16. (haproxy was
compile tested after applying this fix.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libatomic/hacks.mk
devel/libatomic; build fix
Revisions pulled up:
- devel/libatomic/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: gutteridge
Date: Tue Oct 17 02:01:43 UTC 2023
Added Files:
pkgsrc/devel/libatomic: hacks.mk
Log Message:
libatomic: fix aarch64 builds on NetBSD 9.x
For aarch64, GCC expects a recent version of itself that accepts
-mno-outline-atomics. Some packages pull in libatomic for aarch64,
e.g., net/haproxy for __atomic_compare_exchange_16. (haproxy was
compile tested after applying this fix.)
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libatomic/hacks.mk
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/lang/go/version.mk@1.189.2.2
/
diff
pkgsrc/lang/go121/PLIST@1.2.2.1 / diff
pkgsrc/lang/go121/distinfo@1.2.2.1 / diff
pkgsrc/lang/go121/PLIST@1.2.2.1 / diff
pkgsrc/lang/go121/distinfo@1.2.2.1 / diff
Pullup ticket #6816 - requested by bsiegert
lang/go121: security update
lang/go: metadata update
Revisions pulled up:
- lang/go/version.mk 1.191
- lang/go121/PLIST 1.3
- lang/go121/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 09:26:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go121: PLIST distinfo
Log Message:
go121: update to 1.21.3 (security)
1.21.3
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
1.21.2
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
lang/go121: security update
lang/go: metadata update
Revisions pulled up:
- lang/go/version.mk 1.191
- lang/go121/PLIST 1.3
- lang/go121/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 09:26:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go121: PLIST distinfo
Log Message:
go121: update to 1.21.3 (security)
1.21.3
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
1.21.2
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo
pkgsrc-2023Q3 commitmail json YAML
Note pullup tickets up to #6815
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6815 - requested by gdt
mail/p5-Mail-DKIM: add missing dependency
Revisions pulled up:
- mail/p5-Mail-DKIM/Makefile 1.54
---
Module Name: pkgsrc
Committed By: gdt
Date: Sun Oct 22 15:06:36 UTC 2023
Modified Files:
pkgsrc/mail/p5-Mail-DKIM: Makefile
Log Message:
p5-Mail-DKIM: Add missing dependency on CryptX
mail/p5-Mail-DKIM: add missing dependency
Revisions pulled up:
- mail/p5-Mail-DKIM/Makefile 1.54
---
Module Name: pkgsrc
Committed By: gdt
Date: Sun Oct 22 15:06:36 UTC 2023
Modified Files:
pkgsrc/mail/p5-Mail-DKIM: Makefile
Log Message:
p5-Mail-DKIM: Add missing dependency on CryptX
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6814 - requested by abs
x11/lxqt-panel: NetBSD 10 bugfix
Revisions pulled up:
- x11/lxqt-panel/Makefile 1.40
- x11/lxqt-panel/options.mk 1.2
---
Module Name: pkgsrc
Committed By: bacon
Date: Wed Oct 18 23:03:49 UTC 2023
Modified Files:
pkgsrc/x11/lxqt-panel: Makefile options.mk
Log Message:
x11/lxqt-panel: Enable pulseaudio by default on NetBSD
Prevents crashes on NetBSD 10-BETA
x11/lxqt-panel: NetBSD 10 bugfix
Revisions pulled up:
- x11/lxqt-panel/Makefile 1.40
- x11/lxqt-panel/options.mk 1.2
---
Module Name: pkgsrc
Committed By: bacon
Date: Wed Oct 18 23:03:49 UTC 2023
Modified Files:
pkgsrc/x11/lxqt-panel: Makefile options.mk
Log Message:
x11/lxqt-panel: Enable pulseaudio by default on NetBSD
Prevents crashes on NetBSD 10-BETA
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6813 - requested by prlw1
mail/exim: security fix
Revisions pulled up:
- mail/exim/Makefile 1.198
- mail/exim/distinfo 1.85
---
Module Name: pkgsrc
Committed By: prlw1
Date: Mon Oct 16 14:59:27 UTC 2023
Modified Files:
pkgsrc/mail/exim: Makefile distinfo
Log Message:
Update exim to 4.96.2
Security fixes:
JH/01 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
mail/exim: security fix
Revisions pulled up:
- mail/exim/Makefile 1.198
- mail/exim/distinfo 1.85
---
Module Name: pkgsrc
Committed By: prlw1
Date: Mon Oct 16 14:59:27 UTC 2023
Modified Files:
pkgsrc/mail/exim: Makefile distinfo
Log Message:
Update exim to 4.96.2
Security fixes:
JH/01 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031)
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/audio/gospt/Makefile@1.22.2.1
/
diff
pkgsrc/audio/ymuse/Makefile@1.9.2.1 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.1 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.1 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.1 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.1 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.1 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.1 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.1 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.1 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.1 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.1 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.1 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.1 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.1 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.1 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.1 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.1 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.1 / diff
pkgsrc/devel/fq/Makefile@1.12.2.1 / diff
:
(more 137 files)
pkgsrc/audio/ymuse/Makefile@1.9.2.1 / diff
pkgsrc/chat/coyim/Makefile@1.58.2.1 / diff
pkgsrc/chat/gomuks/Makefile@1.34.2.1 / diff
pkgsrc/chat/matterircd/Makefile@1.63.2.1 / diff
pkgsrc/chat/senpai/Makefile@1.16.2.1 / diff
pkgsrc/chat/ssh-chat/Makefile@1.6.2.1 / diff
pkgsrc/databases/go-ldap/Makefile@1.49.2.1 / diff
pkgsrc/databases/influxdb/Makefile@1.50.2.1 / diff
pkgsrc/databases/mongo-tools/Makefile@1.31.2.1 / diff
pkgsrc/databases/mysqld_exporter/Makefile@1.32.2.1 / diff
pkgsrc/databases/postgres_exporter/Makefile@1.49.2.1 / diff
pkgsrc/databases/prometheus/Makefile@1.85.2.1 / diff
pkgsrc/databases/promscale/Makefile@1.50.2.1 / diff
pkgsrc/databases/sqlc/Makefile@1.7.2.1 / diff
pkgsrc/databases/timescaledb-tune/Makefile@1.36.2.1 / diff
pkgsrc/devel/asmfmt/Makefile@1.33.2.1 / diff
pkgsrc/devel/conftest/Makefile@1.35.2.1 / diff
pkgsrc/devel/errcheck/Makefile@1.34.2.1 / diff
pkgsrc/devel/fq/Makefile@1.12.2.1 / diff
:
(more 137 files)
Pullup ticket #6812 - requested by bsiegert
lang/go120: security update
lang/go: version info update
audio/gospt: RevBump
audio/ymuse: RevBump
chat/coyim: RevBump
chat/gomuks: RevBump
chat/matterircd: RevBump
chat/senpai: RevBump
chat/ssh-chat: RevBump
databases/go-ldap: RevBump
databases/influxdb: RevBump
databases/mongo-tools: RevBump
databases/mysqld_exporter: RevBump
databases/postgres_exporter: RevBump
databases/prometheus: RevBump
databases/promscale: RevBump
databases/sqlc: RevBump
databases/timescaledb-tune: RevBump
devel/asmfmt: RevBump
devel/conftest: RevBump
devel/errcheck: RevBump
devel/fq: RevBump
devel/git-lfs: RevBump
devel/go-ed25519: RevBump
devel/go-gocode: RevBump
devel/go-golang-lru: RevBump
devel/go-gopkgs: RevBump
devel/go-goptlib: RevBump
devel/go-goreturns: RevBump
devel/go-gox: RevBump
devel/go-impl: RevBump
devel/go-logrus: RevBump
devel/go-nbreader: RevBump
devel/go-pty: RevBump
devel/go-review: RevBump
devel/go-siphash: RevBump
devel/go-staticcheck: RevBump
devel/go-swagger: RevBump
devel/go-sys: RevBump
devel/go-tools: RevBump
devel/go-wire: RevBump
devel/go-xerrors: RevBump
devel/golangci-lint: RevBump
devel/golint: RevBump
devel/gomodifytags: RevBump
devel/gopls: RevBump
devel/goredo: RevBump
devel/gotags: RevBump
devel/gotests: RevBump
devel/govulncheck: RevBump
devel/lazygit: RevBump
devel/mob: RevBump
devel/nancy: RevBump
devel/opa: RevBump
devel/packr: RevBump
devel/reftools: RevBump
devel/regal: RevBump
devel/revive: RevBump
devel/shfmt: RevBump
devel/syft: RevBump
editors/micro: RevBump
filesystems/kubo: RevBump
graphics/gif2png: RevBump
lang/joker: RevBump
mail/opensmtpd-filter-rspamd: RevBump
mail/opensmtpd-filter-senderscore: RevBump
mail/postforward: RevBump
meta-pkgs/bulk-test-essential: RevBump
misc/exercism: RevBump
net/amazon-ecs-cli: RevBump
net/amfora: RevBump
net/bombadillo: RevBump
net/croc: RevBump
net/czds: RevBump
net/dnscontrol: RevBump
net/dnscrypt-proxy2: RevBump
net/gh: RevBump
net/go-dnstap: RevBump
net/go-net: RevBump
net/go-websocket: RevBump
net/gunison: RevBump
net/gvproxy: RevBump
net/hub: RevBump
net/ipget: RevBump
net/kubectl: RevBump
net/libquic: RevBump
net/mangos: RevBump
net/nats-server: RevBump
net/obfs4proxy: RevBump
net/rclone: RevBump
net/stern: RevBump
net/syncthing: RevBump
net/terraform-provider-archive: RevBump
net/terraform-provider-aws: RevBump
net/terraform-provider-kubernetes: RevBump
net/terraform-provider-local: RevBump
net/terraform-provider-null: RevBump
net/terraform-provider-random: RevBump
net/terraform-provider-template: RevBump
net/terraform-provider-vultr: RevBump
net/terraform: RevBump
net/tut: RevBump
net/vultr-cli: RevBump
pkgtools/pkglint: RevBump
security/2fa: RevBump
security/age: RevBump
security/amass: RevBump
security/authelia: RevBump
security/cfssl: RevBump
security/dnsx: RevBump
security/go-asn1-ber: RevBump
security/go-crypto: RevBump
security/go-getpass: RevBump
security/go-mkcert: RevBump
security/gopass: RevBump
security/httpx: RevBump
security/nuclei: RevBump
security/oauth2c: RevBump
security/osv-scanner: RevBump
security/subfinder: RevBump
security/tlsx: RevBump
security/trufflehog: RevBump
security/vault: RevBump
shells/elvish: RevBump
shells/oh-my-posh: RevBump
sysutils/beats: RevBump
sysutils/consul: RevBump
sysutils/direnv: RevBump
sysutils/fzf: RevBump
sysutils/goreman: RevBump
sysutils/lf: RevBump
sysutils/node_exporter: RevBump
sysutils/packer: RevBump
sysutils/podman: RevBump
sysutils/restic: RevBump
sysutils/vultr: RevBump
textproc/glow: RevBump
textproc/go-kr-text: RevBump
textproc/go-md2man: RevBump
textproc/go-mmark: RevBump
textproc/go-text: RevBump
textproc/miller: RevBump
textproc/sift: RevBump
www/apisprout: RevBump
www/caddy: RevBump
www/gitea: RevBump
www/go-ffuf: RevBump
www/go-minify: RevBump
www/gotosocial: RevBump
www/grafana: RevBump
www/hugo: RevBump
www/jira-cli: RevBump
www/mycorrhiza: RevBump
www/pup: RevBump
www/restish: RevBump
www/shoutrrr: RevBump
Revisions pulled up:
- lang/go/version.mk 1.190,1.192
- lang/go120/PLIST 1.9
- lang/go120/distinfo 1.10-1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Oct 7 18:09:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
Log Message:
go120: update to 1.20.9 (security).
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.9
To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 11:02:08 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: distinfo
Log Message:
go120: update to 1.20.10 (security)
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go120/distinfo
lang/go120: security update
lang/go: version info update
audio/gospt: RevBump
audio/ymuse: RevBump
chat/coyim: RevBump
chat/gomuks: RevBump
chat/matterircd: RevBump
chat/senpai: RevBump
chat/ssh-chat: RevBump
databases/go-ldap: RevBump
databases/influxdb: RevBump
databases/mongo-tools: RevBump
databases/mysqld_exporter: RevBump
databases/postgres_exporter: RevBump
databases/prometheus: RevBump
databases/promscale: RevBump
databases/sqlc: RevBump
databases/timescaledb-tune: RevBump
devel/asmfmt: RevBump
devel/conftest: RevBump
devel/errcheck: RevBump
devel/fq: RevBump
devel/git-lfs: RevBump
devel/go-ed25519: RevBump
devel/go-gocode: RevBump
devel/go-golang-lru: RevBump
devel/go-gopkgs: RevBump
devel/go-goptlib: RevBump
devel/go-goreturns: RevBump
devel/go-gox: RevBump
devel/go-impl: RevBump
devel/go-logrus: RevBump
devel/go-nbreader: RevBump
devel/go-pty: RevBump
devel/go-review: RevBump
devel/go-siphash: RevBump
devel/go-staticcheck: RevBump
devel/go-swagger: RevBump
devel/go-sys: RevBump
devel/go-tools: RevBump
devel/go-wire: RevBump
devel/go-xerrors: RevBump
devel/golangci-lint: RevBump
devel/golint: RevBump
devel/gomodifytags: RevBump
devel/gopls: RevBump
devel/goredo: RevBump
devel/gotags: RevBump
devel/gotests: RevBump
devel/govulncheck: RevBump
devel/lazygit: RevBump
devel/mob: RevBump
devel/nancy: RevBump
devel/opa: RevBump
devel/packr: RevBump
devel/reftools: RevBump
devel/regal: RevBump
devel/revive: RevBump
devel/shfmt: RevBump
devel/syft: RevBump
editors/micro: RevBump
filesystems/kubo: RevBump
graphics/gif2png: RevBump
lang/joker: RevBump
mail/opensmtpd-filter-rspamd: RevBump
mail/opensmtpd-filter-senderscore: RevBump
mail/postforward: RevBump
meta-pkgs/bulk-test-essential: RevBump
misc/exercism: RevBump
net/amazon-ecs-cli: RevBump
net/amfora: RevBump
net/bombadillo: RevBump
net/croc: RevBump
net/czds: RevBump
net/dnscontrol: RevBump
net/dnscrypt-proxy2: RevBump
net/gh: RevBump
net/go-dnstap: RevBump
net/go-net: RevBump
net/go-websocket: RevBump
net/gunison: RevBump
net/gvproxy: RevBump
net/hub: RevBump
net/ipget: RevBump
net/kubectl: RevBump
net/libquic: RevBump
net/mangos: RevBump
net/nats-server: RevBump
net/obfs4proxy: RevBump
net/rclone: RevBump
net/stern: RevBump
net/syncthing: RevBump
net/terraform-provider-archive: RevBump
net/terraform-provider-aws: RevBump
net/terraform-provider-kubernetes: RevBump
net/terraform-provider-local: RevBump
net/terraform-provider-null: RevBump
net/terraform-provider-random: RevBump
net/terraform-provider-template: RevBump
net/terraform-provider-vultr: RevBump
net/terraform: RevBump
net/tut: RevBump
net/vultr-cli: RevBump
pkgtools/pkglint: RevBump
security/2fa: RevBump
security/age: RevBump
security/amass: RevBump
security/authelia: RevBump
security/cfssl: RevBump
security/dnsx: RevBump
security/go-asn1-ber: RevBump
security/go-crypto: RevBump
security/go-getpass: RevBump
security/go-mkcert: RevBump
security/gopass: RevBump
security/httpx: RevBump
security/nuclei: RevBump
security/oauth2c: RevBump
security/osv-scanner: RevBump
security/subfinder: RevBump
security/tlsx: RevBump
security/trufflehog: RevBump
security/vault: RevBump
shells/elvish: RevBump
shells/oh-my-posh: RevBump
sysutils/beats: RevBump
sysutils/consul: RevBump
sysutils/direnv: RevBump
sysutils/fzf: RevBump
sysutils/goreman: RevBump
sysutils/lf: RevBump
sysutils/node_exporter: RevBump
sysutils/packer: RevBump
sysutils/podman: RevBump
sysutils/restic: RevBump
sysutils/vultr: RevBump
textproc/glow: RevBump
textproc/go-kr-text: RevBump
textproc/go-md2man: RevBump
textproc/go-mmark: RevBump
textproc/go-text: RevBump
textproc/miller: RevBump
textproc/sift: RevBump
www/apisprout: RevBump
www/caddy: RevBump
www/gitea: RevBump
www/go-ffuf: RevBump
www/go-minify: RevBump
www/gotosocial: RevBump
www/grafana: RevBump
www/hugo: RevBump
www/jira-cli: RevBump
www/mycorrhiza: RevBump
www/pup: RevBump
www/restish: RevBump
www/shoutrrr: RevBump
Revisions pulled up:
- lang/go/version.mk 1.190,1.192
- lang/go120/PLIST 1.9
- lang/go120/distinfo 1.10-1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Oct 7 18:09:35 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: PLIST distinfo
Log Message:
go120: update to 1.20.9 (security).
cmd/go: line directives allows arbitrary execution during build
"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.
This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.9
To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sun Oct 15 11:02:08 UTC 2023
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go120: distinfo
Log Message:
go120: update to 1.20.10 (security)
net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
This is also tracked by CVE-2023-44487.
To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go120/distinfo
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/textproc/libcue/Makefile@1.1.24.1
/
diff
pkgsrc/textproc/libcue/distinfo@1.3.16.1 / diff
pkgsrc/textproc/libcue/patches/patch-cd.c@1.1.2.2 / diff
pkgsrc/textproc/libcue/distinfo@1.3.16.1 / diff
pkgsrc/textproc/libcue/patches/patch-cd.c@1.1.2.2 / diff
Pullup ticket #6811 - requested by bsiegert
textproc/libcue: security patch
Revisions pulled up:
- textproc/libcue/Makefile 1.2
- textproc/libcue/distinfo 1.4
- textproc/libcue/patches/patch-cd.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Oct 9 17:35:38 UTC 2023
Modified Files:
pkgsrc/textproc/libcue: Makefile distinfo
Added Files:
pkgsrc/textproc/libcue/patches: patch-cd.c
Log Message:
libcue: add fix for CVE-2023-43641
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libcue/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libcue/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libcue/patches/patch-cd.c
textproc/libcue: security patch
Revisions pulled up:
- textproc/libcue/Makefile 1.2
- textproc/libcue/distinfo 1.4
- textproc/libcue/patches/patch-cd.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Oct 9 17:35:38 UTC 2023
Modified Files:
pkgsrc/textproc/libcue: Makefile distinfo
Added Files:
pkgsrc/textproc/libcue/patches: patch-cd.c
Log Message:
libcue: add fix for CVE-2023-43641
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libcue/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libcue/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libcue/patches/patch-cd.c
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6810 - requested by gutteridge
www/webkit-gtk: aarch64 build fix
Revisions pulled up:
- www/webkit-gtk/Makefile 1.249
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Oct 5 05:57:20 UTC 2023
Modified Files:
pkgsrc/www/webkit-gtk: Makefile
Log Message:
webkit-gtk: fix inadvertent aarch64 lossage from r. 1.247
A block that was a no-op was removed, but the inclusion of bsd.prefs.mk
should still be applied because of a different block added in a later
revision.
www/webkit-gtk: aarch64 build fix
Revisions pulled up:
- www/webkit-gtk/Makefile 1.249
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Thu Oct 5 05:57:20 UTC 2023
Modified Files:
pkgsrc/www/webkit-gtk: Makefile
Log Message:
webkit-gtk: fix inadvertent aarch64 lossage from r. 1.247
A block that was a no-op was removed, but the inclusion of bsd.prefs.mk
should still be applied because of a different block added in a later
revision.
pkgsrc-2023Q3 commitmail json YAML
Note pullup ticket #6809 (curl)
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/www/curl/Makefile.common@1.6.2.1
/
diff
pkgsrc/www/curl/PLIST@1.95.2.1 / diff
pkgsrc/www/curl/distinfo@1.197.2.1 / diff
pkgsrc/www/curl/patches/patch-configure@1.16.12.1 / diff
pkgsrc/www/libcurl-gnutls/distinfo@1.5.2.1 / diff
pkgsrc/www/curl/PLIST@1.95.2.1 / diff
pkgsrc/www/curl/distinfo@1.197.2.1 / diff
pkgsrc/www/curl/patches/patch-configure@1.16.12.1 / diff
pkgsrc/www/libcurl-gnutls/distinfo@1.5.2.1 / diff
Pullup ticket #6809 - requested by leot
www/curl: security fix
Revisions pulled up (via patch):
- www/curl/Makefile.common 1.8
- www/curl/PLIST 1.96
- www/curl/distinfo 1.199
- www/curl/patches/patch-configure 1.18
- www/libcurl-gnutls/distinfo 1.6
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Oct 11 07:16:03 UTC 2023
Modified Files:
pkgsrc/www/curl: Makefile.common PLIST distinfo
pkgsrc/www/curl/patches: patch-configure
pkgsrc/www/libcurl-gnutls: distinfo
Log Message:
curl libcurl-gnutls: updated to 8.4.0
Fixed in 8.4.0 - October 11 2023
Changes:
curl: add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: get easy handles from a multi handle
mingw: delete support for legacy mingw.org toolchain
Bugfixes:
acinclude.m4: Document proper system truststore on FreeBSD
appveyor: fix yamlint issues, indent
appveyor: rewrite batch in PowerShell + CI improvements
autotools: adjust `CURL_CA_PATH` value to CMake
autotools: restore `HAVE_IOCTL_*` detections
base64: also build for curl
bufq: remove Curl_bufq_skip_and_shift (unused)
build: delete checks for C89 standard headers
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
cf-socket: simulate slow/blocked receives in debug
cmake, configure: also link with CoreServices
cmake: add check for suseconds_t
cmake: add feature checks for `memrchr` and `getifaddrs`
cmake: add missing checks
cmake: delete old `HAVE_LDAP_URL_PARSE` logic
cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
cmake: detect `sys/wait.h` and `netinet/udp.h`
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: disable unity mode with Windows Unicode + TrackMemory
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
cmake: fix `HAVE_WRITABLE_ARGV` detection
cmake: fix duplicate symbols when linking tests
cmake: fix missing `zlib.h` when compiling `libcurltool`
cmake: fix stderr initialization in unity builds
cmake: fix the help text to the static build option in CMakeLists.txt
cmake: fix unity builds for more build combinations
cmake: fix unity symbol collisions in h2 builds
cmake: fix unity with Windows Unicode + TrackMemory
cmake: improve OpenLDAP builds
cmake: lib `CURL_STATICLIB` fixes (Windows)
cmake: move global headers to specific checks
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
cmake: pre-cache `HAVE_POLL_FINE` on Windows
cmake: tidy-up `NOT_NEED_LBER_H` detection
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
configure: check for the capath by default
configure: remove unused checks
configure: replace adhoc domain with `localhost` in tests
configure: sort AC_CHECK_FUNCS
connect: expire the timeout when trying next
connect: only start the happy eyeballs timer when needed
cookie: do not store the expire or max-age strings
cookie: remove unnecessary struct fields
cookie: set ->running in cookie_init even if data is NULL
create-dirs.d: clarify it also uses --output-dirs
curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: mention h2/h3 buffering
curl_easy_pause.3: mention it works within callbacks
curl_easy_pause: set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
docs/libcurl/opts/Makefile.inc: add missing manpage files
docs: adapt SEE ALSO sections to new requirements
docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: replace made up domains with example.com
docs: update curl man page references
docs: use CURLSSLBACKEND_NONE
doh: inherit DEBUGFUNCTION/DATA
escape: replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: run singleuse to detect single-use global functions
GHA: add workflow to compare configure vs cmake outputs
h2-proxy: remove left-over mistake in drain_tunnel()
h2: testcase and fix for pausing h2 streams
h3: add support for ngtcp2 with AWS-LC builds
http2: refused stream handling for retry
http: fix CURL_DISABLE_BEARER_AUTH breakage
http: h1/h2 proxy unification
http: remove wrong comment for http_should_fail
http: use per-request counter to check too large headers
http_aws_sigv4: fix sorting with empty parts
idn: fix WinIDN null ptr deref on bad host
idn: if idn2_check_version returns NULL, return error
inet_ntop: add typecast to silence Coverity
lib: disambiguate Curl_client_write flag semantics
lib: enable hmac for digest as well
lib: failf/infof compiler warnings
lib: let the max filesize option stop too big transfers too
lib: move handling of `data->req.writer_stack` into Curl_client_write()
lib: provide and use Curl_hexencode
lib: remove TIME_WITH_SYS_TIME
lib: use wrapper for curl_mime_data fseek callback
libssh2: fix error message on failed pubkey-from-file
libssh: cap SFTP packet size sent
Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
MANUAL.md: change domain to example.com
misc: better random strings
MQTT: improve receive of ACKs
multi: do CURLM_CALL_MULTI_PERFORM at two more places
multi: fix small timeouts
multi: remove Curl_multi_dump
multi: round the timeout up to prevent early wakeups
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
openssl: improve ssl shutdown handling
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: exclude test_03_goaway in CI runs due to timing dependency
quic: set ciphers/curves the same way regular TLS does
quiche: fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: updated coming release dates
runtests: display the test status if tests appear hung
runtests: eliminate a warning on old perl versions
socks: return error if hostname too long for remote resolve
src/mkhelp: make generated code pass `checksrc`
test1056: disable on Windows
test1474: disable test on NetBSD, OpenBSD and Solaris 10
test1592: greatly increase the maximum test timeout
test1903: actually verify the cookies after the test
test1906: set a lower timeout since it's hit on Windows
test2600: remove special case handling for USE_ALARM_TIMEOUT
test650: fix an end tag typo
test661: return from test early in case of curl error
test: add missing <feature>s
tests: close the shell used to start sshd
tests: fix a race condition in ftp server disconnect
tests: fix compiler warnings
tests: Fix zombie processes left behind by FTP tests.
tests: improve SLOWDOWN test reliability by reducing sent data
tests: increase lib571 timeout from 3s to 30s
tests: log the test result code after each libtest
tests: propagate errors in libtests
tests: set --expect100-timeout to improve test reliability
tests: show which curl tool `runtests.pl` is using
tests: stop overriding the lock timeout
tftpd: always use curl's own tftp.h
tool: use our own stderr variable
tool_cb_wrt: fix debug assertion
tool_getparam: accept variable expansion on file names too
tool_setopt: remove unused function tool_setopt_flags
upload-file.d: describe the file name slash/backslash handling
url: fall back to http/https proxy env-variable if ws/wss not set
url: fix netrc info message
warnless: remove unused functions
wolfssh: do cleanup in Curl_ssh_cleanup
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
wolfssl: ignore errors in CA path
www/curl: security fix
Revisions pulled up (via patch):
- www/curl/Makefile.common 1.8
- www/curl/PLIST 1.96
- www/curl/distinfo 1.199
- www/curl/patches/patch-configure 1.18
- www/libcurl-gnutls/distinfo 1.6
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Oct 11 07:16:03 UTC 2023
Modified Files:
pkgsrc/www/curl: Makefile.common PLIST distinfo
pkgsrc/www/curl/patches: patch-configure
pkgsrc/www/libcurl-gnutls: distinfo
Log Message:
curl libcurl-gnutls: updated to 8.4.0
Fixed in 8.4.0 - October 11 2023
Changes:
curl: add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: get easy handles from a multi handle
mingw: delete support for legacy mingw.org toolchain
Bugfixes:
acinclude.m4: Document proper system truststore on FreeBSD
appveyor: fix yamlint issues, indent
appveyor: rewrite batch in PowerShell + CI improvements
autotools: adjust `CURL_CA_PATH` value to CMake
autotools: restore `HAVE_IOCTL_*` detections
base64: also build for curl
bufq: remove Curl_bufq_skip_and_shift (unused)
build: delete checks for C89 standard headers
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
cf-socket: simulate slow/blocked receives in debug
cmake, configure: also link with CoreServices
cmake: add check for suseconds_t
cmake: add feature checks for `memrchr` and `getifaddrs`
cmake: add missing checks
cmake: delete old `HAVE_LDAP_URL_PARSE` logic
cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
cmake: detect `sys/wait.h` and `netinet/udp.h`
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: disable unity mode with Windows Unicode + TrackMemory
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
cmake: fix `HAVE_WRITABLE_ARGV` detection
cmake: fix duplicate symbols when linking tests
cmake: fix missing `zlib.h` when compiling `libcurltool`
cmake: fix stderr initialization in unity builds
cmake: fix the help text to the static build option in CMakeLists.txt
cmake: fix unity builds for more build combinations
cmake: fix unity symbol collisions in h2 builds
cmake: fix unity with Windows Unicode + TrackMemory
cmake: improve OpenLDAP builds
cmake: lib `CURL_STATICLIB` fixes (Windows)
cmake: move global headers to specific checks
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
cmake: pre-cache `HAVE_POLL_FINE` on Windows
cmake: tidy-up `NOT_NEED_LBER_H` detection
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
configure: check for the capath by default
configure: remove unused checks
configure: replace adhoc domain with `localhost` in tests
configure: sort AC_CHECK_FUNCS
connect: expire the timeout when trying next
connect: only start the happy eyeballs timer when needed
cookie: do not store the expire or max-age strings
cookie: remove unnecessary struct fields
cookie: set ->running in cookie_init even if data is NULL
create-dirs.d: clarify it also uses --output-dirs
curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: mention h2/h3 buffering
curl_easy_pause.3: mention it works within callbacks
curl_easy_pause: set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
docs/libcurl/opts/Makefile.inc: add missing manpage files
docs: adapt SEE ALSO sections to new requirements
docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: replace made up domains with example.com
docs: update curl man page references
docs: use CURLSSLBACKEND_NONE
doh: inherit DEBUGFUNCTION/DATA
escape: replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: run singleuse to detect single-use global functions
GHA: add workflow to compare configure vs cmake outputs
h2-proxy: remove left-over mistake in drain_tunnel()
h2: testcase and fix for pausing h2 streams
h3: add support for ngtcp2 with AWS-LC builds
http2: refused stream handling for retry
http: fix CURL_DISABLE_BEARER_AUTH breakage
http: h1/h2 proxy unification
http: remove wrong comment for http_should_fail
http: use per-request counter to check too large headers
http_aws_sigv4: fix sorting with empty parts
idn: fix WinIDN null ptr deref on bad host
idn: if idn2_check_version returns NULL, return error
inet_ntop: add typecast to silence Coverity
lib: disambiguate Curl_client_write flag semantics
lib: enable hmac for digest as well
lib: failf/infof compiler warnings
lib: let the max filesize option stop too big transfers too
lib: move handling of `data->req.writer_stack` into Curl_client_write()
lib: provide and use Curl_hexencode
lib: remove TIME_WITH_SYS_TIME
lib: use wrapper for curl_mime_data fseek callback
libssh2: fix error message on failed pubkey-from-file
libssh: cap SFTP packet size sent
Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
MANUAL.md: change domain to example.com
misc: better random strings
MQTT: improve receive of ACKs
multi: do CURLM_CALL_MULTI_PERFORM at two more places
multi: fix small timeouts
multi: remove Curl_multi_dump
multi: round the timeout up to prevent early wakeups
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
openssl: improve ssl shutdown handling
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: exclude test_03_goaway in CI runs due to timing dependency
quic: set ciphers/curves the same way regular TLS does
quiche: fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: updated coming release dates
runtests: display the test status if tests appear hung
runtests: eliminate a warning on old perl versions
socks: return error if hostname too long for remote resolve
src/mkhelp: make generated code pass `checksrc`
test1056: disable on Windows
test1474: disable test on NetBSD, OpenBSD and Solaris 10
test1592: greatly increase the maximum test timeout
test1903: actually verify the cookies after the test
test1906: set a lower timeout since it's hit on Windows
test2600: remove special case handling for USE_ALARM_TIMEOUT
test650: fix an end tag typo
test661: return from test early in case of curl error
test: add missing <feature>s
tests: close the shell used to start sshd
tests: fix a race condition in ftp server disconnect
tests: fix compiler warnings
tests: Fix zombie processes left behind by FTP tests.
tests: improve SLOWDOWN test reliability by reducing sent data
tests: increase lib571 timeout from 3s to 30s
tests: log the test result code after each libtest
tests: propagate errors in libtests
tests: set --expect100-timeout to improve test reliability
tests: show which curl tool `runtests.pl` is using
tests: stop overriding the lock timeout
tftpd: always use curl's own tftp.h
tool: use our own stderr variable
tool_cb_wrt: fix debug assertion
tool_getparam: accept variable expansion on file names too
tool_setopt: remove unused function tool_setopt_flags
upload-file.d: describe the file name slash/backslash handling
url: fall back to http/https proxy env-variable if ws/wss not set
url: fix netrc info message
warnless: remove unused functions
wolfssh: do cleanup in Curl_ssh_cleanup
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
wolfssl: ignore errors in CA path
pkgsrc-2023Q3 commitmail json YAML
Note pullup tickets up to #6808
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/net/samba4/Makefile@1.169.2.1
/
diff
pkgsrc/net/samba4/PLIST@1.51.4.1 / diff
pkgsrc/net/samba4/distinfo@1.96.2.1 / diff
pkgsrc/net/samba4/PLIST@1.51.4.1 / diff
pkgsrc/net/samba4/distinfo@1.96.2.1 / diff
Pullup ticket #6808 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.170-1.171
- net/samba4/PLIST 1.52
- net/samba4/distinfo 1.97-1.98
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 27 12:02:48 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.18.7
==============================
Release Notes for Samba 4.18.7
September 27, 2023
==============================
This is the latest stable release of the Samba 4.18 release series.
Changes since 4.18.6
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15419: Weird filename can cause assert to fail in
openat_pathref_fsp_nosymlink().
* BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE.
* BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
* BUG 15407: Samba replication logs show (null) DN.
o Ralph Boehme <slow@samba.org>
* BUG 15463: macOS mdfind returns only 50 results.
o Remi Collet <rcollet@redhat.com>
* BUG 14808: smbc_getxattr() return value is incorrect.
o Volker Lendecke <vl@samba.org>
* BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value.
o Stefan Metzmacher <metze@samba.org>
* BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more.
o MikeLiu <mikeliu@qnap.com>
* BUG 15453: File doesn't show when user doesn't have permission if
aio_pthread is loaded.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
1.9.1.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
empty claims pac blobs (from Samba 4.19 or Windows).
* BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
in use.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Oct 10 16:05:01 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
net/samba4: update to 4.18.8
==============================
Release Notes for Samba 4.18.8
October 10, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.170-1.171
- net/samba4/PLIST 1.52
- net/samba4/distinfo 1.97-1.98
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 27 12:02:48 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.18.7
==============================
Release Notes for Samba 4.18.7
September 27, 2023
==============================
This is the latest stable release of the Samba 4.18 release series.
Changes since 4.18.6
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15419: Weird filename can cause assert to fail in
openat_pathref_fsp_nosymlink().
* BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE.
* BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
* BUG 15407: Samba replication logs show (null) DN.
o Ralph Boehme <slow@samba.org>
* BUG 15463: macOS mdfind returns only 50 results.
o Remi Collet <rcollet@redhat.com>
* BUG 14808: smbc_getxattr() return value is incorrect.
o Volker Lendecke <vl@samba.org>
* BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value.
o Stefan Metzmacher <metze@samba.org>
* BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more.
o MikeLiu <mikeliu@qnap.com>
* BUG 15453: File doesn't show when user doesn't have permission if
aio_pthread is loaded.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
1.9.1.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
empty claims pac blobs (from Samba 4.19 or Windows).
* BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
in use.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Oct 10 16:05:01 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
net/samba4: update to 4.18.8
==============================
Release Notes for Samba 4.18.8
October 10, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
pkgsrc-2023Q3 commitmail json YAML
pkgsrc/emulators/compat90/Makefile@1.3.14.1
/
diff
pkgsrc/emulators/compat90/PLIST.aarch64@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.alpha@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.arm@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmeb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmv6hf@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmv7hf@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmv7hfeb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.i386@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.m68k@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mips64eb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mips64el@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mipseb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mipsel@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.powerpc@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sh3eb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sh3el@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sparc@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sparc64@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.vax@1.1.16.1 / diff
:
(more 4 files)
pkgsrc/emulators/compat90/PLIST.aarch64@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.alpha@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.arm@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmeb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmv6hf@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmv7hf@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.earmv7hfeb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.i386@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.m68k@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mips64eb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mips64el@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mipseb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.mipsel@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.powerpc@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sh3eb@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sh3el@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sparc@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.sparc64@1.1.16.1 / diff
pkgsrc/emulators/compat90/PLIST.vax@1.1.16.1 / diff
:
(more 4 files)
Pullup ticket #6807 - requested by abs
emulators/compat90: NetBSD 10 compatibility fix
Revisions pulled up:
- emulators/compat90/Makefile 1.4
- emulators/compat90/PLIST.aarch64 1.2
- emulators/compat90/PLIST.alpha 1.2
- emulators/compat90/PLIST.arm 1.2
- emulators/compat90/PLIST.earmeb 1.2
- emulators/compat90/PLIST.earmv6hf 1.2
- emulators/compat90/PLIST.earmv7hf 1.2
- emulators/compat90/PLIST.earmv7hfeb 1.2
- emulators/compat90/PLIST.i386 1.2
- emulators/compat90/PLIST.m68000 1.2
- emulators/compat90/PLIST.m68k 1.2
- emulators/compat90/PLIST.mips64eb 1.2
- emulators/compat90/PLIST.mips64el 1.2
- emulators/compat90/PLIST.mipseb 1.2
- emulators/compat90/PLIST.mipsel 1.2
- emulators/compat90/PLIST.powerpc 1.2
- emulators/compat90/PLIST.sh3eb 1.2
- emulators/compat90/PLIST.sh3el 1.2
- emulators/compat90/PLIST.sparc 1.2
- emulators/compat90/PLIST.sparc64 1.2
- emulators/compat90/PLIST.vax 1.2
- emulators/compat90/PLIST.x86_64 1.2
- emulators/compat90/distinfo 1.5
- emulators/compat90/emulator.mk 1.2
- emulators/compat_netbsd/INSTALL.ELF 1.4
---
Module Name: pkgsrc
Committed By: abs
Date: Tue Oct 3 14:53:52 UTC 2023
Modified Files:
pkgsrc/emulators/compat90: Makefile PLIST.aarch64 PLIST.alpha PLIST.arm
PLIST.earmeb PLIST.earmv6hf PLIST.earmv7hf PLIST.earmv7hfeb
PLIST.i386 PLIST.m68000 PLIST.m68k PLIST.mips64eb PLIST.mips64el
PLIST.mipseb PLIST.mipsel PLIST.powerpc PLIST.sh3eb PLIST.sh3el
PLIST.sparc PLIST.sparc64 PLIST.vax PLIST.x86_64 distinfo
emulator.mk
pkgsrc/emulators/compat_netbsd: INSTALL.ELF
Log Message:
Rebuild compat90 against netbsd-10_BETA
Now netbsd-9 binaries should work against netbsd-10 again. Also switch from
bz2 to xz distfiles (a significant space gain).
Tested by installing and running lxqt desktop using netbsd-9 binaries on
a netbsd-10 amd64 system
Bump PKGREVISION
emulators/compat90: NetBSD 10 compatibility fix
Revisions pulled up:
- emulators/compat90/Makefile 1.4
- emulators/compat90/PLIST.aarch64 1.2
- emulators/compat90/PLIST.alpha 1.2
- emulators/compat90/PLIST.arm 1.2
- emulators/compat90/PLIST.earmeb 1.2
- emulators/compat90/PLIST.earmv6hf 1.2
- emulators/compat90/PLIST.earmv7hf 1.2
- emulators/compat90/PLIST.earmv7hfeb 1.2
- emulators/compat90/PLIST.i386 1.2
- emulators/compat90/PLIST.m68000 1.2
- emulators/compat90/PLIST.m68k 1.2
- emulators/compat90/PLIST.mips64eb 1.2
- emulators/compat90/PLIST.mips64el 1.2
- emulators/compat90/PLIST.mipseb 1.2
- emulators/compat90/PLIST.mipsel 1.2
- emulators/compat90/PLIST.powerpc 1.2
- emulators/compat90/PLIST.sh3eb 1.2
- emulators/compat90/PLIST.sh3el 1.2
- emulators/compat90/PLIST.sparc 1.2
- emulators/compat90/PLIST.sparc64 1.2
- emulators/compat90/PLIST.vax 1.2
- emulators/compat90/PLIST.x86_64 1.2
- emulators/compat90/distinfo 1.5
- emulators/compat90/emulator.mk 1.2
- emulators/compat_netbsd/INSTALL.ELF 1.4
---
Module Name: pkgsrc
Committed By: abs
Date: Tue Oct 3 14:53:52 UTC 2023
Modified Files:
pkgsrc/emulators/compat90: Makefile PLIST.aarch64 PLIST.alpha PLIST.arm
PLIST.earmeb PLIST.earmv6hf PLIST.earmv7hf PLIST.earmv7hfeb
PLIST.i386 PLIST.m68000 PLIST.m68k PLIST.mips64eb PLIST.mips64el
PLIST.mipseb PLIST.mipsel PLIST.powerpc PLIST.sh3eb PLIST.sh3el
PLIST.sparc PLIST.sparc64 PLIST.vax PLIST.x86_64 distinfo
emulator.mk
pkgsrc/emulators/compat_netbsd: INSTALL.ELF
Log Message:
Rebuild compat90 against netbsd-10_BETA
Now netbsd-9 binaries should work against netbsd-10 again. Also switch from
bz2 to xz distfiles (a significant space gain).
Tested by installing and running lxqt desktop using netbsd-9 binaries on
a netbsd-10 amd64 system
Bump PKGREVISION
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6806 - requested by prlw1
mail/exim: security fix
Revisions pulled up:
- mail/exim/Makefile 1.197
- mail/exim/distinfo 1.84
---
Module Name: pkgsrc
Committed By: prlw1
Date: Tue Oct 3 08:42:44 UTC 2023
Modified Files:
pkgsrc/mail/exim: Makefile distinfo
Log Message:
Update exim to 4.96.1
Exim version 4.96.1
-------------------
This is a security release.
JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
mail/exim: security fix
Revisions pulled up:
- mail/exim/Makefile 1.197
- mail/exim/distinfo 1.84
---
Module Name: pkgsrc
Committed By: prlw1
Date: Tue Oct 3 08:42:44 UTC 2023
Modified Files:
pkgsrc/mail/exim: Makefile distinfo
Log Message:
Update exim to 4.96.1
Exim version 4.96.1
-------------------
This is a security release.
JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6805 - requested by gutteridge
finance/p5-Finance-Quote: build fix
Revisions pulled up:
- finance/p5-Finance-Quote/Makefile 1.49-1.50
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Wed Sep 27 02:13:05 UTC 2023
Modified Files:
pkgsrc/finance/p5-Finance-Quote: Makefile
Log Message:
p5-Finance-Quote: as of 1.58, also requires p5-HTTP-CookieJar
---
Module Name: pkgsrc
Committed By: pgoyette
Date: Thu Sep 28 05:46:15 UTC 2023
Modified Files:
pkgsrc/finance/p5-Finance-Quote: Makefile
Log Message:
Add a couple more new dependencies. Bump package revision.
finance/p5-Finance-Quote: build fix
Revisions pulled up:
- finance/p5-Finance-Quote/Makefile 1.49-1.50
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Wed Sep 27 02:13:05 UTC 2023
Modified Files:
pkgsrc/finance/p5-Finance-Quote: Makefile
Log Message:
p5-Finance-Quote: as of 1.58, also requires p5-HTTP-CookieJar
---
Module Name: pkgsrc
Committed By: pgoyette
Date: Thu Sep 28 05:46:15 UTC 2023
Modified Files:
pkgsrc/finance/p5-Finance-Quote: Makefile
Log Message:
Add a couple more new dependencies. Bump package revision.
pkgsrc-2023Q3 commitmail json YAML
Pullup ticket #6803 / #6804 - requested by he
lang/rust-bin: build fix
Revisions pulled up:
- lang/rust-bin/Makefile 1.54-1.55
- lang/rust-bin/distinfo 1.28
---
Module Name: pkgsrc
Committed By: he
Date: Wed Sep 27 17:19:24 UTC 2023
Modified Files:
pkgsrc/lang/rust-bin: Makefile distinfo
Log Message:
rust-bin: update the i586 binaries, so the result works on netbsd-9...
...and probably newer as well. Testing status on netbsd-8 is unknown
at the moment. Ref. pkgsrc-users@ discussion; the old binaries
were built on netbsd-8 and require gcc7's shared libs from pkgsrc.
This set is instead cross-built, and does not depend on an external
LLVM or external gcc.
Bump PKGREVISION, since this gets us new i586 binaries.
---
Module Name: pkgsrc
Committed By: he
Date: Thu Sep 28 12:24:32 UTC 2023
Modified Files:
pkgsrc/lang/rust-bin: Makefile
Log Message:
rust-bin: use a revision-specific dist subdir.
This so that the changed bits get re-fetched, and we don't try to
re-use an already-fetched binary, and get a checksum mismatch.
Follow-up on the "new i586 bits" change.
lang/rust-bin: build fix
Revisions pulled up:
- lang/rust-bin/Makefile 1.54-1.55
- lang/rust-bin/distinfo 1.28
---
Module Name: pkgsrc
Committed By: he
Date: Wed Sep 27 17:19:24 UTC 2023
Modified Files:
pkgsrc/lang/rust-bin: Makefile distinfo
Log Message:
rust-bin: update the i586 binaries, so the result works on netbsd-9...
...and probably newer as well. Testing status on netbsd-8 is unknown
at the moment. Ref. pkgsrc-users@ discussion; the old binaries
were built on netbsd-8 and require gcc7's shared libs from pkgsrc.
This set is instead cross-built, and does not depend on an external
LLVM or external gcc.
Bump PKGREVISION, since this gets us new i586 binaries.
---
Module Name: pkgsrc
Committed By: he
Date: Thu Sep 28 12:24:32 UTC 2023
Modified Files:
pkgsrc/lang/rust-bin: Makefile
Log Message:
rust-bin: use a revision-specific dist subdir.
This so that the changed bits get re-fetched, and we don't try to
re-use an already-fetched binary, and get a checksum mismatch.
Follow-up on the "new i586 bits" change.
pkgsrc-2023Q3 commitmail json YAML
doc: Add CHANGES-pkgsrc-2023Q3