xfdashboard provides a GNOME shell dashboard like interface for use with Xfce
desktop. It can be configured to run to any keyboard shortcut and when executed
provides an overview of applications currently open enabling the user to switch
between different applications. The search feature works like Xfce's app finder
which makes it convenient to search for and start applications.
Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
Git is easy to learn and has a tiny footprint with lightning fast
performance. It outclasses SCM tools like Subversion, CVS, Perforce,
and ClearCase with features like cheap local branching, convenient
staging areas, and multiple workflows.
This package contains only some of the git contrib programs.
Not using git, pkgsrc should punt like other distros to get the date from
the Changelog as set in configure. Use awk to avoid all the other business,
not to mention difficulties with configures use of 'echo -n' on SunOS.
uhttpmock is a project for mocking web service APIs which use HTTP
or HTTPS. It provides a library, libuhttpmock, which implements
recording and playback of HTTP request-response traces.
changes in sbcl-1.2.13 relative to sbcl-1.2.12:
* incompatible change: on success, TRY-SEMAPHORE and WAIT-ON-SEMAPHORE
return the new count
* enhancement: WAIT-ON-SEMAPHORE accepts a decrement parameter
* enhancement: JOIN-THREAD allows distinguishing timeout vs. abort in all
situations
* enhancement: On Windows DBG_PRINTEXCEPTION_C is handled and its message is
printed. (lp#1437947)
* bug-fix: TRUENAME works properly on broken symlinks presented as
directories. (lp#1458164)
* bug fix: Inlined DPB and DEPOSIT-FIELD don't interfere with left-to-right
order of argument evaluation. (lp#1458190)
* bug fix: (SETF (LDB (BYTE 1 2 JUNK) X) 0) is rightly rejected.
* bug fix: DEFSETF lambda lists should not permit argument destructuring.
* bug fix: calls to (SETF SLOT-VALUE) on a missing slot would in certain
situations incorrectly return the result of a SLOT-MISSING method
instead of always returning the new value. (lp#1460381)
* bug fix: a DEFMACRO occurring not at toplevel and capturing parts of
its lexical environment (thus being a closure) caused expressions
involving the macro name to cause corruption in the pretty-printer
due to faulty introspection of the lambda list of a closure.
* bug fix: out of line MAP/MAP-INTO check that the results produced by the
function are of the matching sequence type. (lp#1459581)
* bug fix: pretty-printing of '(LET `((,X ,Y)) :B) is handled correctly.
pkgsrc change:
* tcp_wrappers support was removed from release 6.7, but add it refering
FreeBSD's ports.
* hpn-patch is also based on FreeBSD's ports.
Security
--------
* ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
connections made after ForwardX11Timeout expired could be permitted
and no longer subject to XSECURITY restrictions because of an
ineffective timeout check in ssh(1) coupled with "fail open"
behaviour in the X11 server when clients attempted connections with
expired credentials. This problem was reported by Jann Horn.
* ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
password guessing by implementing an increasing failure delay,
storing a salted hash of the password rather than the password
itself and using a timing-safe comparison function for verifying
unlock attempts. This problem was reported by Ryan Castellucci.
For more information, please refer release announce.
http://www.openssh.com/txt/release-6.9http://www.openssh.com/txt/release-6.8http://www.openssh.com/txt/release-6.7
Changelog:
What's New
New GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540)
New Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183)
New Filter sent messages (bug 11039)
New Filter messages when archived (bug 479823)
New Enable search in multiple/all address books (bug 170270)
New Add support for Yahoo Messenger in Chat (bug 955574)
New Support Internationalized domain name URLs for RSS feeds (Bug 1018589)
New Show expanded columns in folder pane (bug 464973)
New Allow file-per-message (maildir) local message storage (bug 845952)
New Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782)
New Add reading position marker line to conversations (bug 760762)
New The editor for twitter should show inputtable character count (bug 736002)
Changed Thunderbird will no longer use SHA-1 to sign messages (bug 1018259)
Changed Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.)
Changed Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216)
Changed Make OpenSearch queries open in the user's default browser (bug 1120777)
Changed Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666)
Fixed Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418)
Fixed Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517)
Fixed Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035)
Fixed Web site from RSS feed was not rendered correctly (bug 662907)
Fixed Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"@bar.com] (bug 286760)
Fixed Force display of Sender header if S/MIME sender is the signer (bug 332639)
Fixed Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561)
Fixed Status bar not accessible (bug 934875)
Fixed Wrong folder may be deleted when requesting junk delete (bug 1018960)
Fixed Severe UI stutter or freezes getting new mail for very large folders (bug 870556)
Fixed Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472)
Fixed Various improvements when using IRC on moznet (bug 1083768 and others)
Fixed Significantly improve XMPP support (bug 1085022 and others)
Fixed Fixes for connecting to non-standard IRC networks (bug 870556 and others)
Fixed Automatically reclaim IRC nicks during a reconnect (bug 1087566)
Fixed Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984)
Fixed Inline spell checker loses red underlines after a backspace is used (bug 1100966)
Known Issues
unresolved Automatic addon compatibility update checks were not completed, so existing addon compatibilities may not be accurate.
unresolved Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
unresolved Importing data from Outlook or Eudora crashes (bug 917961)
Security:
Fixed in Thunderbird 38.0.1
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package tracks 38 ESR.
* Version 1.31 (released 2015-07-08) [bet
** libidn: stringprep_utf8_to_ucs4 now rejects invalid UTF-8. CVE-2015-2059
This function has always been documented to not validate that the
input UTF-8 string is actually valid UTF-8. Like the rest of the API,
when you call a function that works on UTF-8 data, you have to pass it
valid UTF-8 data. Application writers appear to have difficulties
using interfaces designed like that, as bugs triggered by invalid
UTF-8 has been identified in a number of projects (jabberd2, gnutls,
wget, and curl). While we could introduce a new API to perform UTF-8
validation, so that applications can easily implement the proper
checks, this appear error prone because there is a risk that the check
will be forgotten. Instead, we took the more radical approach of
modifying the documentation and the implementation of the API. The
intention is that all functions that accepts UTF-8 data should
validate it before use. This will solve the problem for applications,
without needing to change them. This change has the unfortunate
side-effect that Surrogate codes (see section 5.5 of RFC 3454) no
longer trigger the STRINGPREP_CONTAINS_PROHIBITED error code but
instead will trigger the newly introduced STRINGPREP_ICONV_ERROR error
code, as the gnulib/libunistring-based code that we use to test
UTF-8-compliance rejects Surrogate codes. We hope that this is an
acceptable cost to live with in order to improve application security.
We welcome feedback on this solution, and we are marking this release
as beta rather than stable to signal that we may reconsider this
approach if people disagree. Reported by several people including
Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos.
** libidn: Added STRINGPREP_ICONV_ERROR error code.
** libidn: Workaround valgrind/gcc/glibc issue.
Valgrind reported a 'Invalid read of size 4' that was caused by
optimized strlen implementation. Reported and patch by Alessandro
Ghedini <alessandro@ghedini.me>.
** build: Use LOG_COMPILER instead of TESTS_ENVIRONMENT to fix valgrind use.
Errors caught by valgrind did not always trigger 'make check' failures
before.
** i18n: Updated Danish translation.
Thanks to Joe Hansen.
** API and ABI is backwards compatible with the previous version.
