- Fix CVE-2021-33035 - Buffer overflow from a crafted DBF file
The CVE-2021-40439 - Billion Laughs issue for the FreeBSD port was
fixed some time ago when the textproc/expat2 port was updated. Unlike
other distributions, the FreeBSD port uses the system expat2 instead
of bundling an old version.
Update dependencies, mostly due to math/coinmp refactoring.
MFH: 2021Q4
Security: 04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6
- Fix CVE-2021-33035 - Buffer overflow from a crafted DBF file
Release Notes:
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.11+Release+Notes
The CVE-2021-40439 - Billion Laughs issue for the FreeBSD port was
fixed some time ago when the textproc/expat2 port was updated. Unlike
other distributions, the FreeBSD port uses the system expat2 instead
of bundling an old version.
Update MASTER_SITES, the source is not mirrored on the usual Apache
mirror sites. Prefer the Apache CDN.
Update dependencies, mostly due to math/coinmp refactoring.
Remove some bundled python shared libraries that look less than useful
and link to other dependencies.
MFH: 2021Q4
Security: 04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6
Differential Revision: https://reviews.freebsd.org/D32400
* Update pkg-descr while I'm here.
Changelog:
Enhancements:
* Default to current user when creating journal entries via REST API
* Include type, ID, and slug on object view
* Enable filtering cables by termination type & ID in REST API
* Include count of assigned virtual machines under platform view
Bug Fixes:
* Fix missing actions column on user-configured tables
* Fix exception when viewing a large number of child IPs within a prefix
* Fix site/provider network validation for circuit termination
API serializer
* Pre-populate location data when adding a device to a rack
* Fix filtering connections by site ID
https://github.com/netbox-community/netbox/releases/tag/v3.0.6
* Version 2.4 was skipped because this is the first release that
supports 2.5D games (almost 3D), thanks to the merge with ResidualVM.
* Fold the A52, MP3, PNG and VORBIS options because their dependencies
are now required to provide the full set of stable engines.
* Remove now obsolete patch from 05a45a5e50.
Changelog:
https://downloads.scummvm.org/frs/scummvm/2.5.0/ReleaseNotes.html
MFH: No (feature release)
weggli is a fast and robust semantic search tool for C and C++
codebases. It is designed to help security researchers identify
interesting functionality in large codebases.
weggli performs pattern matching on Abstract Syntax Trees based on user
provided queries. Its query language resembles C and C++ code, making it
easy to turn interesting code patterns into queries.
weggli is inspired by great tools like Semgrep, Coccinelle, joern and
CodeQL, but makes some different design decisions:
- C++ support: weggli has first class support for modern C++ constructs,
such as lambda expressions, range-based for loops and constexprs.
- Minimal setup: weggli should work out-of-the box against most software
you will encounter. weggli does not require the ability to build the
software and can work with incomplete sources or missing dependencies.
- Interactive: weggli is designed for interactive usage and fast query
performance. Most of the time, a weggli query will be faster than a
grep search. The goal is to enable an interactive workflow where quick
switching between code review and query creation/improvement is
possible.
- Greedy: weggli's pattern matching is designed to find as many (useful)
matches as possible for a specific query. While this increases the
risk of false positives it simplifies query creation. For example, the
query $x = 10; will match both assignment expressions (foo = 10;) and
declarations (int bar = 10;).
WWW: https://github.com/googleprojectzero/weggli
