Update clamav to 0.102.1.
## 0.102.1
ClamAV 0.102.1 is a security patch release to address the following issues.
- Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
- [CVE-2019-15961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961)
A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation.
- Build system fixes to build clamav-milter, to correctly link with libxml2 when
detected, and to correctly detect fanotify for on-access scanning feature
support.
- Signature load time is significantly reduced by changing to a more efficient
algorithm for loading signature patterns and allocating the AC trie.
Patch courtesy of Alberto Wu.
- Introduced a new configure option to statically link libjson-c with libclamav.
Static linking with libjson is highly recommended to prevent crashes in
applications that use libclamav alongside another JSON parsing library.
- Null-dereference fix in email parser when using the `--gen-json` metadata
option.
- Fixes for Authenticode parsing and certificate signature (.crb database) bugs.
Special thanks to the following for code contributions and bug reports:
- Alberto Wu
- Joran Dirk Greef
- Reio Remma
4.9.2 (2019-11-21)
- issue #14184 Change the cookie name from phpMyAdmin to phpMyAdmin_https for HTTPS, fixes many "Failed to set session cookie" errors
- issue #15304 Fix ssl_use php error
- issue #14804 Fix undefined index: ssl_* variables
- issue #14245 Fix mysql 8.0.3 and above fails on advisor
- issue #15499 Fix unparenthesized php deprecation
- issue #15482 Fix URL encoding plus sign (+) in the table or DB name when configuring foreign keys
- issue #14898 Fixed bottom table in list in left panel blocked by horizontal scroll bar
- issue #15161 Fix text area overflows its parent element on "Query" page
- issue #15511 Fixed exporting users after a delete will delete all selected users on "Users" page
- issue #14598 Fixed checking referencial integrity on "Operations" page
- issue #14433 Fix "You do not have privileges to manipulate with the users!" on root superadmin
- issue #15391 Fix GIS polygon of a geometry field is not drawn on "GIS visualization"
- issue #15311 Fix adjust privileges on copy database fails with MariaDB
- issue #15477 Fix display referential integrity check for InnoDB
- issue #15236 Support phpunit 8 in our test suite to help packaging phpMyAdmin on Debian
- issue #15522 Fix missing image error fills logs, removed ic_b_info icon from icon list
- issue #15537 Fixed some issues with the sort by key selectors
- issue #15546 Fix operators precedence in DatabaseInterface class
- issue #14906 Test test suite on 32-bit systems
- issue Fix Long2IP transformation issue with PHP 7.1
- issue #14951 Fix moving columns with DEFAULT NULL doesn't work on MariaDB 10.2+
- issue #14951 Fix moving columns with INT AND DEFAULT CURRENT_TIMESTAMP doesn't work on MariaDB
- issue #12241 Fixed table alias is removed when exporting a query
- issue #15316 Fixed cross join clause is removed on export
- issue #14809 Fix error "is_uploaded_file() expects parameter 1 to be string" when inserting blobs from files
- issue #15127 Fix white square when refreshing designer or browsing other pages
- issue #13912 Detect when phpMyAdmin storage tables are not accessible, help users browse corrupt DBs
- issue #15465 Display profiling when query outputs no rows
- issue Fix setting and removing display field on Designer
- issue Added a warning when trying to set a display field on Designer and configuration storage is not setup
- issue #15327 Fix shift-click in Export misses a checkbox
- issue [security] Fix improperly sanitized data when showing the Git branch (thanks to Ali Hubail for this report)
- issue [security] Fix security weaknesses in Designer feature,including a flaw where an attacker could trigger an SQL injection attack (PMASA-2019-5)
With these values, a Rust package downloads its own distfile from
crates.io by default, and shares dependancy crate distfiles with other
Rust packages to avoid multiple downloads.
Changes since 19.3.12:
The command line option -Wspace has been removed. Warnings and notes
about whitespace are now generated by default and cannot be switched
off. This is to ensure a consistent visual appearance of the package
Makefiles.
Shell programs that are indented unnecessarily deep generate a note by
default now. Before, the option -Wall was necessary to get these notes.
The check for unintended comments in multi-line shell programs is now
enabled again. It had been disabled some time ago as byproduct of a bug
fix in the shell parser.
The check for unique buildlink3 package identifiers now also works if
pkglint is run from a package directory instead of the pkgsrc root
directory.
- Fixed typos in base.pod and recipes.pod
- Remove re-prompting for port when an invalid service name was
supplied. Just error and exit instead
- Cleaning up error messages that contained extra newlines
- Remove interactive prompts for helo and from when hostname
cannot be determined internally. Just error instead.
- Rearrange internal option definition structure in preparation
for major rework
- Rework how the --show-time-lapse option is tracked internally
and displayed in --dump output
- --protocol's argument was incorrectly marked as optional
- Updating copyright year to 2019
- --use-old-data-tokens was not completely removed, clean up
- --tls-optional-strict was incorrectly marked internally as
optionally accepting an argument
- Fix handling of --option=arg option format which prevented it
from being used with --header and --attach* options
- --attach option processing was calling die() instead of
ptrans/exit on error
- If the arg to --data looks like a file but is not openable,
error and exit instead of using it the file name as the raw
data value
- Add %NEWLINE% as a new --data token
- Small code tidy around %DATE% token replacement
- Enforce key=value format for arguments to --auth-extra and
--auth-map
- Clarify how XCLIENT arguments are grouped in --xclient doc
- Typo in documentation for --ehlo, reported by Konstantin Stephan
- Adding data and dot as valid --drop-after-send and --drop-after
arguments
- Add documentation for missing --quit-after synonym STARTTLS
- Update copyright year to 2019
- --copy-routing should error when no argument given.
- Add validation to --proxy-family (when proxy-version=1) and
--proxy-version options.
- Turn off option bundling. No practical use and it could cause
real confusion (with bundling turned on, -foobar was "-f oobar"
instead of an unknown option.
- Turn on case-sensitivity for configuration options. Needed to
make -S distinct from -s, as documented.
- Add a flag for --dump-mail in the OUTPUT section of --dump
- --version and --help should work even if they aren't the very
first option.
- When processing config file options with no leading '-' and any
environment variable config, prefix the option with '--' for
processing, not '-'. Bandaid for very minor difference between
'-' and '--' option processing which I hope to fix soon.
- Adding an ENVIRONMENT VARIABLES section to the doc.
- Tidying and clarifying the OPTION PROCESSING section of the docs.
- Fix bug causing in "no-" option processing to work unreliably.
- Document the unreliability of using environment variables to unset
other environment variable options with the "no-" prefix.
- Document the general rule that when processing duplicate options,
the last option specified wins, both inter- and intra-method.
- Since there is no inherent order to options provided in environment
variables, sort them before processing to define an order.
- Config file fixes around searching default $SWAKS_HOME, $HOME,
and $LOGDIR locations:
- Searching default locations for the first existing
PATH/.swaksrc did not actually work as documented.
- If none of the default search environment variables was set,
Swaks would not process the "portable" defaults optionally
stored in the actual swaks script.
- Implement --body-attach option to allow more granularity in
setting body information (different mime types, alternatives, etc).
- Fix --attach* option processing to remove possibly ambiguity
- Fix issue with malformed headers. Don't fall over if header
doesn't contain a colon or looks like an illegal continuation.
- Doc fix for default body - %SWAKS_VERSION% missing trailing char.
- --add-header documentation was still referencing a single-char,
no longer valid, replacement token. Replace with the correct token.
2018-11-30 (0.8.9) Robin Gareus <robin@gareus.org>
* prefer -pthread over -lpthread, fixes#18
* mainly a build-system, binary only update
2018-06-06 (0.8.8) Robin Gareus <robin@gareus.org>
* use PortMidi default device (allow using portmidisetup)
* fix loading fonts with non ASCII paths on Windows
* allow verbose/debug logging on windows
2018-01-30 (0.8.3) Robin Gareus <robin@gareus.org>
* NO-OP, build-system update only
2017-01-11 (0.8.2) Robin Gareus <robin@gareus.org>
* explicitly set "C" locale: consistent numeric data format
* allow empty docroot for passing drive-letters on windows
Notable changes in pkgsrc:
- Put a lot of effort into autoconfiguring JACK support for NetBSD.
(Install latest JACK).
Release notes for 5.0:
https://www.ardour.org/news/5.0.html
2.2.8:
* CVE-2019-19118: Privilege escalation in the Django admin.
* Fixed a data loss possibility in the admin changelist view when a custom formset’s prefix contains regular expression special characters, e.g. ‘$’.
* Fixed a regression in Django 2.2.1 that caused a crash when migrating permissions for proxy models with a multiple database setup if the default entry was empty.
* Fixed a data loss possibility in the select_for_update(). When using 'self' in the of argument with multi-table inheritance, a parent model was locked instead of the queryset’s model
IPython 7.10.1 fix a couple of incompatibilities with Prompt toolkit 3 (please
update Prompt toolkit to 3.0.2 at least), and fixes some interaction with
headless IPython.
word2vec is an implementation of the Continuous Bag-of-Words (CBOW)
and the Skip-gram model (SG), as well as several demo scripts. Given
a text corpus, the word2vec tool learns a vector for every word in the
vocabulary using the Continuous Bag-of-Words or the Skip-Gram neural
network architectures.
v4.12.3:
- This is planned to be the last ever release of PyQt4.
- Bug fixes.
v4.12.2:
- A private copy of the sip module called PyQt4.sip is required.
- SIP v4.19.12 is now required. SIP v5 is not supported.
Pkgsrc:
- Correct distinfo for x11 and mac.
