- Log rotation is handled more gracefully now under favourable
conditions (logfile is moved so inode is kept, and it does not get
compressed immediately).
- An option IgnoreModified has been added to cover transient files that
not only get added/deleted but also modified during their lifetime.
- An option KernelCheckProc has been added to suppress the kernel /proc test.
- Large groups are handled better now.
- Reconnecting to a temporarily unavailable Oracle database has been fixed.
Feature safe: yes
QtKeychain is a Qt API to store passwords and other secret data securely.How
the data is stored depends on the platform.
For Linux/Unix, KWallet (via D-Bus) is used. Support for the GNOME Keyring
via freedesktop.org's Secret Storage D-Bus specification is planned
but not yet implemented.
WWW: https://github.com/frankosterfeld/qtkeychain
PR: 177634
Submitted by: 6yearold@gmail.com
Feature safe: yes
Major changes in 1.11.2 (2013-04-12)
====================================
This is a bugfix release.
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump that
failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
Feature safe: yes
* /var/empty has been in hier(7) since 4.x
* User sshd has been in base since 4.x
* Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
* Removal of 'host-key check-config' in install phase
* Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
PR: ports/174570 [1]
Submitted by: oleg <proler@gmail.com> [1]
Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe: yes
- Convert to new options framework
sieve-connect was not actually verifying TLS certificate identities matched
the expected hostname. Changes with new version:
Fix TLS verification; find server by own hostname & SRV.
* TLS hostname verification was not actually happening.
* IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
* By default, if no server specified, before falling back to localhost try to
use the current hostname and SRV records in DNS to figure out if Sieve is
available. Checks for sieve, imaps & imap protocol SRV records and honours
target==. to mean "no".
* This works better with the Mozilla::PublicSuffix module installed.
* Added ability to blacklist authentication mechanisms
More info:
http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html
PR: ports/177859
Submitted by: "Alexey V. Degtyarev" <alexey@renatasystems.org> (maintainer)
Approved by: portmgr (implicit)
Security: a2ff483f-a5c6-11e2-9601-000d601460a4
- Replace links to changelog and commit with a link to the official
announcement (which also links to the commit)
- Replace the description with a sentence lifted from the
announcement.
Approved by: portmgr (tabthorpe)
- Subversion 1.6.21 security update [2]
This release addesses the following issues security issues:
[1][2] CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
[1][2] CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs
[1][2] CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs
[1][2] CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs
[1] CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request
More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
http://subversion.apache.org/security/
PR: 177646
Submitted by: ohauer
Approved by: portmgr (tabthorpe, erwin), lev
Security: b6beb137-9dc0-11e2-882f-20cf30e32f6d
17.0.5
- update firefox to 20.0
- update seamonkey and linux-seamonkey to 2.17
- update nspr to 4.9.6
- remove mail/thunderbird-esr, Mozilla stopped providing 2 versions of
thunderbird
- prune support for old FreeBSD versions; users of 8.2, 7.4 or earlier
are advised to upgrade - http://www.freebsd.org/security/
- add vuln.xml entry
Security: 94976433-9c74-11e2-a9fc-d43d7e0c7c02
Approved by: portmgr (miwi)
In collaboration with: Jan Beich <jbeich@tormail.org>
"This release adds supports for PolarSSL 1.2. It also adds a fix to
prevent potential side-channel attacks by switching to a constant-time
memcmp when comparing HMACs in the openvpn_decrypt function. In
addition, it contains several bugfixes and documentation updates, as
well as some minor enhancements."
Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>
The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).
PR: ports/177517
Reviewed by: miwi
Approved by: portmgr (miwi)
Security: 92f30415-9935-11e2-ad4c-080027ef73ec
editors/emacs:
- Update to 24.3
- Update CANNA patchset[1]
- Unbreak ARM support by using the patch from emacs-devel port
- Add missing INSTALLS_ICONS[2]
- Remove a patch which is already integrated upstream
- Fix Makefile header
editors/emacs-devel:
- Update to bzr revision 112178
- Fix Makefile header
- Add missing INSTALLS_ICONS[2]
editors/emacs23:
- Remove ABI versions from LIB_DEPENDS
- Fix Makefile header
- Add missing INSTALLS_ICONS[2]
Mk/bsd.emacs.mk:
- Update major version for editors/emacs port
*:
- Bump PORTREVISION to chase Emacs updates
PR: ports/177428[2]
Submitted by: Yuji TAKANO[1] (via private email), bdrewery[2]
