Problems found locating distfiles:
Package modular-xorg-server: missing distfile xorg-server-1.17.4.tar.bz2
Package py-qt4: missing distfile PyQt-mac-gpl-4.11.1.tar.gz
Package xservers: missing distfile xservers-3.3.6.5.tar.bz2
Package xview-clients: missing distfile xview3.2p1-X11R6.tar.gz
Package xview-lib: missing distfile xview3.2p1-X11R6.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
I am happy to announce release of Qt 4.8.7 today bringing over 150
improvements and bug fixes. Qt 4.8.7 provides important security
updates, better support for Mac OS X 10.10 and many requested error
corrections. As a patch release, it does not add new functionality
and maintains full compatibility with previous Qt 4.8.x releases.
Highlights of Qt 4.8.7 are:
Security fix for DoS vulnerability in the BMP image handler
(CVE-2015-0295) as well as security fixes for vulnerabilities
in image handling of BMP (CVE-2015-1858), ICO (CVE-2015-1859)
and GIF (CVE-2015-1860)
Update 3rd party libpng to version 1.6.17 to address known
vulnerabilities in previous version
Update 3rd party libtiff to version 4.0.3 to address known
vulnerabilities in previous version
Better support for running Qt 4.8 applications on Mac OS X
10.10 Yosemite
Many customer requested bug fixes
PKGREVISION.
https://codereview.qt-project.org/#/c/107108/4
Fix a division by zero when processing malformed BMP files.
This fixes a division by 0 when processing a maliciously crafted BMP
file. No impact beyond DoS.
Qt 4.8.6 provides overall over 200 improvements and bug fixes, for
example:
Security Fix for XML Entity Expansion Denial of Service (the
"Billion Laughs" attack)
Better support for Mac OS X 10.9 Mavericks
Many customer requested bug fixes, for example QTBUG-15116,
QTBUG-21371, QTBUG-8990, QTBUG-28601, QTBUG-20946, QTBUG-30276,
QTBUG-29572 and QTBUG-13237 (just to name a few)
MinGW binary packages are now built with MinGW-w64 based
toolchain with gcc 4.8.2
Basque translation added and many other translations improved
35 fixes to Qt Core module
65 fixes to Qt Gui module
21 Mac OS X specific fixes
15 Windows specific fixes
8 Linux/X11 specific fixes
Webkit upgrade to 2.2.4 (minor improvements)
Change all shmget calls to user-only memory (security)
Several important fixes for the VxWorks port in the Qt Enterprise version
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
this solves a problem with KDE's plasma-desktop crashing whenever a
system tray is added to the panel. Change has already been merged into the
upstream version, see https://codereview.qt-project.org/#change,46616
