- Changes for xlog version 2.0.17 - 2019-jan-14
* Suppress GCC warning "stringop-truncation" in editest.c
which occurs with GCC >= 8.1.
* Updated cty.dat 20190114
- Changes for xlog version 2.0.16 - 2019-jan-13
* added JS8 support and updated to ADIF 3.0.9
* Updated cty.dat 20181210
Upstream changes:
mikutter 3.8.6
* backport yield_self for Ruby 2.4 and prior
* possible crash on too fast reply as @seibe
* extract pixiv images from OGP
* thanks Shibafu Midorino
3.3.99 09feb19 Added visible single bit glitches as a yellow dot (if enabled
with --rcvar 'vcd_preserve_glitches on').
Fixed print routine broken by bsearch_trunc() optimization in
version 3.3.96.
Bug fixes
Bug 109107 - gallium/st/va: change va max_profiles when using Radeon VCN Hardware
Bug 109401 - [DXVK] Project Cars rendering problems
Bug 109543 - After upgrade mesa to 19.0.0~rc1 all vulkan based application stop working ["vulkan-cube" received SIGSEGV in radv_pipeline_init_blend_state at ../src/amd/vulkan/radv_pipeline.c:699]
Bug 109603 - nir_instr_as_deref: Assertion `parent && parent->type == nir_instr_type_deref' failed.
Changes
gallium-xlib: query MIT-SHM before using it.
radv: Only look at pImmutableSamples if the descriptor has a sampler.
amd/common: Use correct writemask for shared memory stores.
get-pick-list: Add --pretty=medium to the arguments for Cc patches
meson: Add dependency on genxml to anvil
docs: add sha256 checksums for 18.3.3
cherry-ignore: nv50,nvc0: add explicit settings for recent caps
cherry-ignore: add more 19.0 only nominations from Ilia
cherry-ignore: radv: fix using LOAD_CONTEXT_REG with old GFX ME firmwares on GFX8
Update version to 18.3.4
vc4: Fix copy-and-paste fail in backport of NEON asm fixes.
xvmc: fix string comparison
xvmc: fix string comparison
vc4: Fix leak in HW queries error path
v3d: Fix leak in resource setup error path
intel/compiler: do not copy-propagate strided regions to ddx/ddy arguments
nvc0: we have 16k-sized framebuffers, fix default scissors
intel/fs: Handle IMAGE_SIZE in size_read() and is_send_from_grf()
intel/fs: Do the grf127 hack on SIMD8 instructions in SIMD16 mode
nir/deref: Rematerialize parents in rematerialize_derefs_in_use_blocks
anv/cmd_buffer: check for NULL framebuffer
st/mesa: Limit GL_MAX_[NATIVE_]PROGRAM_PARAMETERS_ARB to 2048
freedreno/a6xx: Emit blitter dst with OUT_RELOCW
st/va: fix the incorrect max profiles report
st/va/vp9: set max reference as default of VP9 reference number
meson: drop the xcb-xrandr version requirement
gallium/u_threaded: fix EXPLICIT_FLUSH for flush offsets > 0
radeonsi: fix EXPLICIT_FLUSH for flush offsets > 0
winsys/amdgpu: don't drop manually added fence dependencies
egl/wayland: Allow client->server format conversion for PRIME offload. (v2)
egl/wayland-drm: Only announce formats via wl_drm which the driver supports.
radeonsi: Fix guardband computation for large render targets
freedreno: stop frob'ing pipe_resource::nr_samples
intel: Add more PCI Device IDs for Coffee Lake and Ice Lake.
radv: fix compiler issues with GCC 9
radv: always export gl_SampleMask when the fragment shader uses it
Upstream changes:
0.06 2019-01-02
- Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
contributing fixes.
- Fix pathological backtracking for unkown regex
- Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
- Fix pathological backtracking in cfws, quoted strings
Upstream changes:
2.66 2019-02-11
- Full release of 2.65_001, with one additional definedness check (pajlpajl++)
2.65_001 2019-02-11
- fix file_version method (it was calling the wrong key) (GH #23)
- avoid repeated loading of files when getting headers
and incorrect undef returns (GH #22)
- both reported by pajlpajl
Changes since b135:
Beta #137 - 14.02.2019
- Mouse scaling was 100% broken on Macs with retina displays (high-DPI).
Sorry! This is fixed now.
Beta #136 - 14.02.2019
- French keyboard layout users can now enter numbers in the pattern data
with the left SHIFT key (like normal for the FR layout).
- You can now toggle extended pattern editor mode with the print screen key
(like in real FT2. You can also use CTRL+Z as always).
Changes in Apache Libcloud 2.4.0
- Refuse installation with Python 2.6 and Python 3.3 (support was
already dropped in Libcloud 2.3.0)
- Support Python 3.7
- Cleanup various Python files
- Allow running tests with http_proxy set
Common
- [OpenStack] Document openstack_connection_kwargs method
- [OpenStack] Handle missing user email in OpenStackIdentityUser
Compute
- [ARM] Support OS disk size definition on node creation
- [Digital Ocean] Support floating IPs
- [Digital Ocean] Support attach/detach for floating IPs
- [Digital Ocean] Add ex_get_node_details
- [Digital Ocean] Add tags extra attribute to create_node
- [Dimension Data] Fix IndexError in list_images
- [EC2] Add AWS eu-west-3 (Paris) region
- [EC2] Add description to ex_authorize_security_group_ingress
- [EC2] Added script to automatically get EC2 instance sizes
- [EC2] Update instance sizes
- [EC2] Accept tags when create a snapshot
- [GCE] Expand Firewall options coverage
- [GCE] Expand network and subnetwork options coverage
- [GCE] Extend ex_create_address to allow internal ip creation
- [GCE] Allow shared VPC in managed instance group creation
- [GCE] Support disk_size parameter for boot disk when creating instance
- [GCE] Update public image projects list
- [GCE] Fix _find_zone_or_region for >500 instances
- [GCE] Allow routing_mode=None in ex_create_network
- [OpenStack] Implement Glance Image API v2
- [OpenStack] Fix spelling in ex_files description
- [OpenStack v2] Allow listing image members
- [OpenStack v2] Allow creating and accepting image members
- [OpenStack v2] Fix image members methods
- [OpenStack] Fix API doc for delete_floating_ip
- [OpenStack] Implement port attaching/detaching
- [OpenStack] Add methods for getting and creating ports
- [OpenStack] Add get_user method
- [OpenStack] Add ex_list_subnets to OpenStack_2_NodeDriver
- [OpenStack] The OpenStack_2_NodeDriver uses two connections
- [OpenStack] The OpenStack_2_NodeDriver /v2.0/networks instead of /os-networks
- [Scaleway] New Scaleway driver
- [Scaleway] Update Scaleway default API host
DNS
- [Google Cloud DNS] Document driver instantiation
Storage
- Update docstring for storage provider class
- [Azure Blob Storage] Allow filtering lists by prefix
- [Azure Blob Storage] Update driver documentation
- [Azure Blob Storage] Fix upload/download streams
- [Azure Blob Storage] Fix PageBlob headers
- [S3] Guess s3 upload content type
- [S3] Add Amazon S3 (cn-northwest-1) Storage Driver
Other
- Fixed spelling in 2.0 changes documentation
Changes in Apache Libcloud 2.3.0
- Drop support for Python 2.6 and Python 3.3
They're no longer supported, and the Python ecosystem is starting to
drop support: two of our test dependencies no longer support them.
- Made pytest-runner optional
Common
- Improve warning when CA_CERTS_PATH is incorrectly passed as a list
- Cleaned up and corrected third-party drivers documentation
- Modernized a few Python examples
- [OpenStack] Authentify with updated Identity API
Compute
- Fix "wait_until_running() method so it also works correctly and doesn't
append "None" to the addresses list if node has no IP address.
- [ARM] Fix checking for "location is None" in several functions
- [ARM] Fix error when using SSH key auth with Python 3
- [ARM] Fix API call on powerOff, understand PAUSED state
- [ARM] Delete VHDs more reliably in destroy_node(), raise exception on unhandled errors
- [ARM] Fix api version used to list and delete NICs
- [ARM] Allow faster list_nodes() with ex_fetch_power_state=False
- [ARM] Fix delete_old_vhd
- [ARM] Limit number of retries in destroy_node
- [ARM] Fix Retry-After header handling
- [CloudStack] Handle NICs without addresses
- [CloudStack] Add change size and restore
- [Digital Ocean] Add ex_enable_ipv6 in DigitalOcean_v2 driver
- [Digital Ocean] Add support for tags in list_nodes()
- [Digital Ocean] Add rebuild and resize commands
- [EC2] Add new x1.16xlarge and x1e.32xlarge instance type.
- [EC2] Add AWS EC2 c5 series
- [EC2] Add AWS EC2 M5 sizes
- [EC2] Update pricing information for EC2 instances.
- [EC2] Allow cn-north-1 even without pricing information
- [EC2] Fix EBS volume encryption
- [ECS Aliyun] Support modify_security_group_attributes
- [GCE] Allow adding labels to images
- [GCE] Allow adding license strings to images
- [GCE] Support GCE node labels.
- [GCE] Fix GCEList pagination.
- [GCE] Allow setting service account in instance templates
- [GCE] Add support for private IP addresses in GCE instance creation
- [GCE] Allow for use of shared network (VPC) and subnetwork
- [GCE] Add support for accelerators
- [ProfitBricks] Update driver and add support for the new API v4.
- [ProfitBricks] Fix list_snapshots() method
- [UpCloud] New driver for UpCloud
- [UpCloud] Use disk size and storage tier also when creating node from template
- [UpCloud] Allow to define hostname and username
- [UpCloud] Add pricing information to list_sizes
Storage
- Added Digital Ocean Spaces driver
- [Digital Ocean Spaces] Add support for AMS3 region
- [Digital Ocean Spaces] Add support for SGP1 region
- Fix a bug / regression which resulted in increased memory consumption when
using download_object method. This method would store whole object
content in memory even though there was no need for that.
This regression was introduced in 2.0.0 when we moved to using requests
library.
- Fix a regression with hash computation performance and memory usage on object
upload inadvertently introduced in 2.0.0 and make it more efficient.
Changes in version 0.3.5.8:
Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
releases.
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking, backport from 0.4.0.2-alpha):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
continue. Previously, we had rejected these handshakes, breaking
certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
o Minor features (compilation, backport from 0.4.0.2-alpha):
- Compile correctly when OpenSSL is built with engine support
disabled, or with deprecated APIs disabled. Closes ticket 29026.
Patches from "Mangix".
o Minor features (geoip):
- Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
Country database. Closes ticket 29478.
o Minor features (testing, backport from 0.4.0.2-alpha):
- Treat all unexpected ERR and BUG messages as test failures. Closes
ticket 28668.
o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
- Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
connection waiting for a descriptor that we actually have in the
cache. It turns out that this can actually happen, though it is
rare. Now, tor will recover and retry the descriptor. Fixes bug
28669; bugfix on 0.3.2.4-alpha.
o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
- Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
IPv6 socket was bound using an address family of AF_INET instead
of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
Kris Katterjohn.
o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
- Update Cargo.lock file to match the version made by the latest
version of Rust, so that "make distcheck" will pass again. Fixes
bug 29244; bugfix on 0.3.3.4-alpha.
o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
- Select guards even if the consensus has expired, as long as the
consensus is still reasonably live. Fixes bug 24661; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
- Compile correctly on OpenBSD; previously, we were missing some
headers required in order to detect it properly. Fixes bug 28938;
bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
- Describe the contents of the v3 onion service client authorization
files correctly: They hold public keys, not private keys. Fixes
bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
- Rework rep_hist_log_link_protocol_counts() to iterate through all
link protocol versions when logging incoming/outgoing connection
counts. Tor no longer skips version 5, and we won't have to
remember to update this function when new link protocol version is
developed. Fixes bug 28920; bugfix on 0.2.6.10.
o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
- Log more information at "warning" level when unable to read a
private key; log more information at "info" level when unable to
read a public key. We had warnings here before, but they were lost
during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
- The amount of total available physical memory is now determined
using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
when it is defined and a 64-bit variant is not available. Fixes
bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
- Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
than one private key for a hidden service. Fixes bug 29040; bugfix
on 0.3.5.1-alpha.
- In hs_cache_store_as_client() log an HSDesc we failed to parse at
"debug" level. Tor used to log it as a warning, which caused very
long log lines to appear for some users. Fixes bug 29135; bugfix
on 0.3.2.1-alpha.
- Stop logging "Tried to establish rendezvous on non-OR circuit..."
as a warning. Instead, log it as a protocol warning, because there
is nothing that relay operators can do to fix it. Fixes bug 29029;
bugfix on 0.2.5.7-rc.
o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
- Mark outdated dirservers when Tor only has a reasonably live
consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
- Detect and suppress "bug" warnings from the util/time test on
Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
- Do not log an error-level message if we fail to find an IPv6
network interface from the unit tests. Fixes bug 29160; bugfix
on 0.2.7.3-rc.
o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
- Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
Some users took this phrasing to mean that the mentioned guard was
under their control or responsibility, which it is not. Fixes bug
28895; bugfix on Tor 0.3.0.1-alpha.
libreoffice, the sole package that presently depends on orcus, requires a
minimum version of 0.14 now. (And, for that matter, the orcus change log
indicates that there have been incompatible API changes.) Bump
accordingly here. (If an older version of orcus was present, the
current version of libreoffice would simply have failed to build.)
Update bind912 to 9.12.3pl4 (BIND 9.12.3-P4).
--- 9.12.3-P4 released ---
--- 9.12.3-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.12.3-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
Update bind911 to 9.11.5pl4 (BIND 9.11.5-P4).
--- 9.11.5-P4 released ---
--- 9.11.5-P3 released (withdrawn) ---
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
--- 9.11.5-P2 released (withdrawn) ---
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
Note explicit dependency on libwebp >= 1.0.1. (libwebp itself doesn't
merit a general bump in its buildlink3.mk file, since according to its
change log, there are no incompatibilities added.) No PKGREVISION bump,
since either this previously built with the newer version of libwebp in
the current pkgsrc tree, or it failed to meet the dependency.
Changes since 5.6.12:
* Many of the -C and -W command line options have been removed since
they are not used in practice. The -Wall and -Call options continue
to work though; these are the only options mentioned in the pkgsrc
guide.
* When a PLIST file contains redundant libtool libraries (.la and the
corresponding .so), there is only a single warning per file.
* Warnings about the package COMMENT are now strictly ordered from left
to right.
* The hashes for all distfiles must now contain the SHA512 hash. This
hash has been added to many distfiles in 2015. It's time now to
enforce it on all other distfiles as well.
* Makefile fragments that are included inside an .elif exists(...)
are not reported as missing.
* The check for redundant variables and accidentally overwritten
variables has been improved. Now the warning occurs at the later
definition. This especially applies to cases where a file is included
and after that, some of its variables are overridden. Variables in
unrelated files are no longer marked as redundant.
* When a package contains multiple definitions of a single variable
(typical for Makefile.common), the later definition overrides the
earlier definition. That way, the location of DISTINFO_FILE and
PATCHDIR is resolved correctly.
Subject: [PATCH] Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq
and CompareStrictEq nodes. https://bugs.webkit.org/show_bug.cgi?id=194800
<rdar://problem/48183773>
Reviewed by Yusuke Suzuki.
Fix doesGC() for the following nodes:
CompareEq:
CompareLess:
CompareLessEq:
CompareGreater:
CompareGreaterEq:
CompareStrictEq:
Only return false (i.e. does not GC) for child node use kinds that have
been vetted to not do anything that can GC. For all other use kinds
(including StringUse and BigIntUse), we return true (i.e. does GC).
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
This was published alongside with exploit code claiming it is remote
code execution, but I don't understand what the exploit is doing.
bump PKGREVISION
OpenVPN 2.4.7
- Fix subnet topology on NetBSD (2.4).
- add support for %lu in argv_printf and prevent ASSERT
- buffer_list: add functions documentation
- ifconfig-ipv6(-push): allow using hostnames
- Properly free tuntap struct on android when emulating persist-tun
- Add OpenSSL compat definition for RSA_meth_set_sign
- Add support for tls-ciphersuites for TLS 1.3
- Add better support for showing TLS 1.3 ciphersuites in --show-tls
- Use right function to set TLS1.3 restrictions in show-tls
- Add message explaining early TLS client hello failure
- Fallback to password authentication when auth-token fails
- systemd: extend CapabilityBoundingSet for auth_pam
- plugin: Export base64 encode and decode functions
- Add %d, %u and %lu tests to test_argv unit tests.
- Fix combination of --dev tap and --topology subnet across multiple platforms.
- Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
- preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
- Minor reliability layer documentation fixes
- Resolves small IV_GUI_VER typo in the documentation.
- Clarify and expand management interface documentation
- Refactor NCP-negotiable options handling
- init.c: refine functions names and description
- interactive.c: fix usage of potentially uninitialized variable
- options.c: fix broken unary minus usage
- Remove extra token after #endif
- Fix error message when using RHEL init script
- man: correct a --redirection-gateway option flag
- Replace M_DEBUG with D_LOW as the former is too verbose
- Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
- Bump version of openvpn plugin argument structs to 5
- Move get system directory to a separate function
- Enable dhcp on tap adapter using interactive service
- Pass the hash without the DigestInfo header to NCryptSignHash()
- White-list pull-filter and script-security in interactive service
- Add Interactive Service developer documentation
- Detect TAP interfaces with root-enumerated hardware ID
- man: add security considerations to --compress section
- mbedtls: print warning if random personalisation fails
- Fix memory leak after sighup
- travis: add OpenSSL 1.1 Windows build
- Fix --disable-crypto build
- Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
- buffer_list_aggregate_separator(): simplify code
