Redis 5.0.8:
Upgrade urgency HIGH: This release fixes security issues.
This is a list of fixes in this release:
Fix Pi building needing -latomic, backport
fix impl of aof-child whitelist SIGUSR1 feature.
fix ThreadSafeContext lock/unlock function names
XREADGROUP should propagate XCALIM/SETID in MULTI/EXEC
Fix client flags to be int64 in module.c
Fix small bugs related to replica and monitor ambiguity
Fix lua related memory leak.
Free allocated sds in pfdebugCommand() to avoid memory leak.
Jump to right label on AOF parsing error.
Free fakeclient argv on AOF error.
Fix potential memory leak of rioWriteBulkStreamID().
Fix potential memory leak of clusterLoadConfig().
Fix bug on KEYS command where pattern starts with * followed by \x00 (null char).
Blocking XREAD[GROUP] should always reply with valid data (or timeout)
XCLAIM: Create the consumer only on successful claims.
Stream: Handle streamID-related edge cases
Fix ip and missing mode in RM_GetClusterNodeInfo().
Inline protocol: handle empty strings well.
Mark extern definition of SDS_NOINIT in sds.h
[FIX] revisit CVE-2015-8080 vulnerability
avoid sentinel changes promoted_slave to be its own replica.
When all files are skipped, the tool dependency is not added as well.
This allows packages to skip the check without defining the user-settable
variable CHECK_PERMS.
No arpack release has been published by Rice University for many years, and
arpack-ng aims to provide a common repository of community fixes with a
testsuite.
Since the portability checks are concerned about bashisms, it doesn't make
sense to apply them to programs that will later be run in bash anyway.
Suggested by gdt via private mail.
This package has a script which is written for bash and has a bashism.
While that's a bug, the package has REPLACE_BASH for it and further
doesn't include the file in the PLIST. So there's no benefit to
pkgsrc fixing this, other than the quest to rid the world of bashisms.
Simply skip checks on this file.
It was added so that we have a non-zero change of getting binary packages
in the bulk build. I have a sneaking suspicion that most interactive users
of pkgsrc comment this line out.
Waiting a whole day for rust to build is not acceptable.
bsdtar is used as the default extractor for distfiles. It is installed
very early in the pkgsrc lifecycle, directly after bootstrapping. At that
point, neither of checkperms nor check-portability may be installed yet.
While here,
- Remove OSS support now that cubeb_sun has been stable for a long while
- Appease pkglint
Security fixes in this release:
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable
#CVE-2020-6814: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
These files typically come with a corresponding Makefile.in file, and the
same portability issue is in the .in file as well. For building the
package it is only necessary to patch the .in file. Patching the .am file
as well would mean additional work for the pkgsrc package maintainer.
Nevertheless, such fixes should be reported upstream. The upstream
maintainer is more interested in a patch for Makefile.am, since the .in
file is only generated.
Suggested by wiz via private mail.
Before, file names that start or end with spaces were trimmed by read(1),
as specified by POSIX 2004 and POSIX 2018.
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/read.html
This edge case bug had been present since the very beginning of this
code, in November 2006.
Filenames containing backslashes or newlines are still not supported, and
probably never will be intentionally supported.
Debian's w3m 0.5.3+git20190105
* bug fixes
- do not use deprecated features with OpenSSL 1.1
- fix dependency for Imlib2
- fix that the mark_all_pages option works
- respect the simple_preserve_space option for table cells
- fix error handling for ~/.w3m/request.log and localcgi_post()
* new feature
- w3mman supports specifying a section number during a keyword search
