kb is a text-oriented minimalist command line knowledge base manager.
kb can be considered a quick note collection and access tool oriented
toward software developers, penetration testers, hackers, students
or whoever has to collect and organize notes in a clean way. Although
kb is mainly targeted on text-based note collection, it supports
non-text files as well (e.g., images, pdf, videos and others).
The project was born from the frustration of trying to find a good
way to quickly access my notes, procedures, cheatsheets and lists
(e.g., payloads) but at the same time, keeping them organized. This
is particularly useful for any kind of student. I use it in the
context of penetration testing to organize pentesting procedures,
cheatsheets, payloads, guides and notes.
Packaged by Giuseppe Nebbione and shared via PR pkg/56193.
The defaults are basically based on what FreeBSD/OpenBSD are doing.
MariaDB includes several third-party storage engines (e.g. RocksDB)
which are developed out-of-tree and don't generally have the same
(e.g. portability) guarantees. Keep these disabled by default for now.
bump PKGREVISION.
DB Browser for SQLite 3.12.2
Fix saving the list of extensions in the Preferences dialog
Corrected a typo in the French translation
Updated the included SQLite and SQLCipher libraries to their latest release (SQLite 3.35.5, SQLCipher 4.4.3)
Updated the "public" certificate, used for communicating with DBHub.io anonymously
MariaDB Server is one of the most popular open source relational databases.
It's made by the original developers of MySQL.
MariaDB turns data into structured information in a wide array of applications,
ranging from banking to websites. It is an enhanced, drop-in replacement
for MySQL. MariaDB is used because it is fast, scalable and robust, with a
rich ecosystem of storage engines, plugins and many other tools make it very
versatile for a wide variety of use cases.
MariaDB is developed as open source software and as a relational database
it provides an SQL interface for accessing data. The latest versions of
MariaDB also include GIS and JSON features.
2.1.5 (2021-05-20)
* Fix compilation errors for Amazon Linux 1. Fixes#495.
* Fix segfault for login timeouts
2.1.4 (2021-05-10)
* Improve handling of network related timeouts
* Fix error reporting when preceded by info message
upstream changes:
-----------------
Version 1.0.18
o Update copyright year to 2021
o add_mysql_conn always returns success, except if crashes
o Database is always 'none', as noticed by Dialyzer
o Data is always binary, as noticed by Dialyzer
Version 1.0.17
o Update travis config
Version 1.0.15
o Fix warnings
Version 1.0.14
o Add abilty to use ssl connections
Version 1.0.13
o Update copyright year
Version 1.0.12
o Properly handle decoding of number of returned fields when there is more than 128 of them.
Version 1.0.11
o Handle close even in do_recv, this fixes potential connection being stuck after timeout
Version 1.0.10
o Make socket close always lead to terminating p1_mysql_conn
Version 1.0.9
o Add contribution guide
o Don't log errors on shutdown
Version 1.0.8
o Add support for mysql8 and cache_sha2_password authentication
Version 1.0.7
o Fix connection timeout handling
upstream changes:
-----------------
Version 1.1.11
o Update copyright year to 2021
o recv_byte returns {ok, _} or throws an error, but never returns {error, _}
Version 1.1.10
o Fix Coveralls command call
o Fix Travis setup using Rebar3
Version 1.1.9
o Update copyright to 2020
Version 1.1.8
o Update for hex.pm release
Version 1.1.7
o Add contribution guide
upstream changes:
-----------------
Release 1.1.12
o Add Github Action to release to hex.pm when tagging
o Fix wrong gen_server spec detected by Dialyzer
Release 1.1.11
o Use headers from amalagamation on darwin instead of system one
v0.23.0
Fixes
Avoid TypeError in Transaction.__repr__
Feed memoryview to writelines()
Add sslmode=allow support and fix =prefer retry
Loosen message test in test_invalid_input
Support readonly and deferrable for non-serializable transactions
Fix asyncpg with Py_DEBUG mode
Fix docs/Makefile and docs/_static/theme_overrides.css missing from PyPI package
PostgreSQL 13.3, 12.7, 11.12, 10.17, and 9.6.22 Released!
Posted on 2021-05-13 by PostgreSQL Global Development Group
PostgreSQL Project Security
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.3, 12.7, 11.12, 10.17, and 9.6.22. This release closes three security vulnerabilities and fixes over 45 bugs reported over the last three months.
For the full list of changes, please review the release notes.
Security Issues
CVE-2021-32027: Buffer overrun from integer overflow in array subscripting calculations
Versions Affected: 9.6 - 13. The security team typically does not test unsupported versions, but this problem is quite old.
While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory.
The PostgreSQL project thanks Tom Lane for reporting this problem.
CVE-2021-32028: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE
Versions Affected: 9.6 - 13. The security team typically does not test unsupported versions. The feature first appeared in 9.5.
Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will.
The PostgreSQL project thanks Andres Freund for reporting this problem.
CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING
Versions Affected: 11 - 13
Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.
The PostgreSQL project thanks Tom Lane for reporting this problem.
Bug Fixes and Improvements
This update fixes over 45 bugs that were reported in the last several months. Some of these issues only affect version 13, but could also apply to other supported versions.
Some of these fixes include:
Fix potential incorrect computation of UPDATE ... RETURNING outputs for joined, cross-partition updates.
Fix ALTER TABLE ... ALTER CONSTRAINT when used on foreign-key constraints on partitioned tables. The command would fail to adjust the DEFERRABLE and/or INITIALLY DEFERRED properties of the constraints and triggers of leaf partitions, leading to unexpected behavior. After updating to this version, you can execute the ALTER TABLE ... ALTER CONSTRAINT command to fix any misbehaving partitioned tables.
Ensure that when a child table is attached with ALTER TABLE ... INHERIT that generated columns in the parent are generated in the same way in the child.
Forbid marking an identity column as NULL.
Allow ALTER ROLE ... SET/ALTER DATABASE ... SET to set the role, session_authorization, and temp_buffers parameters.
Ensure that REINDEX CONCURRENTLY preserves any statistics target set for the index.
Fix an issue where, in some cases, saving records within AFTER triggers could cause crashes.
Fix how to_char() handles Roman-numeral month format codes with negative intervals.
Fix use of uninitialized value while parsing an \{m,n\} quantifier in a BRE-mode regular expression.
Fix "could not find pathkey item to sort" planner errors that occur in some situations when the sort key involves an aggregate or window function.
Fix issue with BRIN index bitmap scans that could lead to "could not open file" errors.
Fix potentially wrong answers from GIN tsvector index searches when there are many matching records.
Fixes for COMMIT AND CHAIN functionality on both the server and psql.
Avoid incorrect timeline change while recovering uncommitted two-phase transactions from WAL, which could lead to consistency issues and the inability to restart the server.
Ensure thatwal_sync_method is set to fdatasync by default on newer FreeBSD releases.
Disable the vacuum_cleanup_index_scale_factor parameter and storage option.
Fix several memory leaks in the server, including one with SSL/TLS parameter initialization.
Restore the previous behavior of \connect service=XYZ to psql, i.e. disallow environmental variables (e.g. PGPORT) from overriding entries in the service file.
Fix how pg_dump handles generated columns in partitioned tables.
Add additional checks to pg_upgrade for user tables containing non-upgradable data types.
On Windows, initdb now prints instructions about how to start the server with pg_ctl using backslash separators.
Fix pg_waldump to count XACT records correctly when generating per-record statistics.
package is experimental right now - it was confirmed working on NetBSD
and compile on macOS only for now
8.0 brings many improvements over 5.7, following is shortened list, more details
are available on https://dev.mysql.com/doc/refman/8.0/en/mysql-nutshell.html
- transactional data dictionary
- atomic DDL
- integrated upgrade procedure
- security and account management improvements
- resource groups and threads (thread affinity needs some work for NetBSD)
- table encryption management
- loads of innodb enhancements
- default character set utf8mb4
- JSON enhancements
- CTE, Window functions
- lateral derived tables
- reworked regular experssion support
- internal temporary tables
- HASH JOIN optimization
- EXPLAIN ANALYZE
- time zone support for TIMESTAMP and DATETIME
- optimizer hints for FORCE INDEX, IGNORE INDEX
- XML enhancements
- single preparation of statements
- single RIGHT JOIN as LEFT JOIN handling
- derived condition pushdown optimization
Number of features were also deprecated, check the release notes for that
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
Real changes are in www/ruby-actionpack60 only.
## Rails 6.0.3.7 (May 05, 2021) ##
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
Support for Alpha was removed in 2014. This removed the spinlock and
memory barrier implementations, meaning Postgresql on Alpha no longer
compiles cleanly with the default options. According to the commit
message the code was "unlikely to currently work correctly".
Enthusiasts may wish to re-add Alpha support, but it should likely
only be done with proper testing to avoid data loss in the case someone
uses it.
