Upstream changes:
mikutter 3.6.3
* "reply" of mikutter commands doesn't appear in non Twitter Worlds
* crashed on registrating already registered World again
* fix use of deperecated methods of Pango (thanks: akkiesoft)
This switch is meant to be used by packages requiring an implementation of the
former libusb (as in devel/libusb). The original implementation can be
chosen by setting LIBUSB_TYPE to "native".
The alternative implementation libusb-compat (as in devel/libusb-compat) wraps
libusb1 (in devel/libusb1). This implementation can be chosen by setting
LIBUSB_TYPE to "compat". On NetBSD, it has the advantage of not requiring root
privileges to locate and use USB devices without a kernel driver.
This second part switches packages using libusb to this framework. It does not
change compilation options or dependencies at this point.
Compile-tested on most packages affected and available on NetBSD/amd64.
This switch is meant to be used by packages requiring an implementation of the
former libusb (as in devel/libusb). The original implementation can be
chosen by setting LIBUSB_TYPE to "native".
The alternative implementation libusb-compat (as in devel/libusb-compat) wraps
libusb1 (in devel/libusb1). This implementation can be chosen by setting
LIBUSB_TYPE to "compat". On NetBSD, it has the advantage of not requiring root
privileges to locate and use USB devices without a kernel driver.
This first part only imports the switch framework itself.
* Fix segfault on netbsd-7
Changelog:
Fix
Avoid a signature validation issue during update on macOS
Blocklisted graphics drivers related to off main thread painting crashes
Tab crash during printing
Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook
(OWA) webmail
Changelog:
This patch release includes several important fixes to the link mode
and driver logic. In addition, it adds mdso support to midipix targets,
as well as updates slibtool's own build system.
- link mode: re-implemented slbt_exec_link_finalize_argument_vector().
- link mode: import library generation: added mdso support.
- link mode: use -fpic objects with -disable-static.
- driver: added --mdso and --implib support.
- driver: added initial -dlpreopen support.
- driver: support -thread-safe more elegantly.
- driver: properly handle -thread-safe (no-op, compatibility).
In the do-install target, deal with the spaces in the directory
name "Visual Studio Projects" instead of printing the message
"install: Visual: stat: No such file or directory" and failing to
install one of the .txt files.
The 'timeDate' class fulfils the conventions of the ISO 8601 standard
as well as of the ANSI C and POSIX standards. Beyond these standards
it provides the "Financial Center" concept which allows to handle data
records collected in different time zones and mix them up to have
always the proper time stamps with respect to your personal financial
center, or alternatively to the GMT reference time. It can thus also
handle time stamps from historical data records from the same time
zone, even if the financial centers changed day light saving times at
different calendar dates.
v2.3.5
======
- Try and force glibc to cache zoneinfo files in an attempt to work around
glibc parsing vulnerability. Thanks to Kingcope.
- Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
<martin@meltin.net>.
- Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>.
- Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
steve willing <eiji-gravion@hotmail.com>.
- Handle connect() failures properly. Thanks to Takayuki Nagata
<tnagata@redhat.com>.
- Add stronger checks for the configuration error of running with a writeable
root directory inside a chroot(). This may bite people who carelessly turned
on chroot_local_user but such is life.
v3.0.0
======
- Update vsf_findlibs.sh to work on Ubuntu 11.10+
- Make listen mode the default.
- Add -Werror to build flags.
- Fix missing "const" in ssl.c
- Add seccompsandbox.c to support a seccomp filter sandbox; works against Ubuntu
12.04 ABI.
- Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
seccompsandbox.c
- Rename deprecated "sandbox" to "ptrace_sandbox".
- Add a few more state checks to the privileged helper processes.
- Add tunable "seccomp_sandbox", default on.
- Use hardened build flags. Distros of course override these and provide their
own build flags but no harm in showing how it could be done.
- Retry creating a PASV socket upon port reuse race between bind() and listen(),
patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
- Don't die() if recv() indicates a closed remote connection. Problem report
on a Windows client from Herbert van den Bergh,
<herbert.van.den.bergh@oracle.com>.
- Add new config setting "allow_writeable_chroot" to help people in a bit of
a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
- Remove a couple of fixed things from BUGS.
- strlen() trunction fix -- no particular impact.
- Apply some tidyups from mmoufid@yorku.ca.
(vsftpd-3.0.0-pre1)
- Fix delete_failed_uploads if there is a timeout. Report from Alejandro
Hernández Hdez <aalejandrohdez@gmail.com>.
- Fix other data channel bugs such as failure to log failure upon timeout.
- Use exit codes a bit more consistently.
- Fix bad interaction between SSL and trans_chunk_size.
- Redo data timeout to fire properly for SSL sessions.
- Redo idle timeout to fire properly for SSL sessions.
- Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
- Use 10 minutes as a max linger time just in case an alarm gets lost.
(vsftpd-3.0.0-pre2)
- Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
- Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
Unfortunately the default vsftpd SSL confiuration still doesn't fully work
with FileZilla, because FileZilla has a data connection security problem:
no client certificate presentation and no session reuse. At least the error
message is now very clear.
- Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
a data transfer is in progress.
- Fix delete_failed_uploads for anonymous sessions.
- Don't listen for urgent data if the control connection is SSL, due to possible
protocol synchronization issues.
v3.0.1
======
- Fix some seccomp related build errors on certain CentOS and Debian versions.
- Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
opens and maps /proc/meminfo but only for larger item counts?
- Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
- Fix various NULL crashes with nonsensical config settings. Noted by Tianyin Xu
<tixu@cs.ucsd.edu>.
- Force cast to unsigned char in is* char functions.
- Fix harmless integer issues in strlist.c.
- Started on a (possibly ill-advised?) crusade to compile cleanly with
Wconversion. Decided to suspend the effort half-way through.
v3.0.2
======
- One more seccomp policy fix: mremap (denied).
- Support STOU with no filename, uses a STOU. prefix.
v3.0.3
======
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
(vsftpd-3.0.3pre2)
0.7.0:
Features added during Google Summer of Code 2017:
* Harvesting language data from Unicode CLDR database (https://github.com/unicode-cldr/cldr-json), which includes over 200 locales
See full currently supported locale list in README.
* Extracting dates from longer strings of text
Special thanks for their awesome contributions!
New features:
* Added (independently from CLDR) Georgian and Swedish
Improvements:
* Improved support of Chinese, Thai, French, Russian
* Removed ruamel.yaml from dependencies. This should reduce the number of installation issues and improve performance as the result of moving away from YAML as basic data storage format.
Note that YAML is still used as format for support language files.
* Improved performance through using pre-compiling frequent regexes and lazy loading of data
* Extended tests
* Updated nose_parameterized to its current package, parameterized
Parameterized testing in Python sucks. 'parameterized' fixes that. For
everything. Parameterized testing for nose, parameterized testing for py.test,
parameterized testing for unittest.
0.28.0:
- Mainly port to Python 3 (supporting 2.6, 2.7, 3.3, 3.4, 3.5, 3.6)
- Some lame efforts to make setup.py build --openssl work better (needs
more real testing on Mac OS X)
- Fix licence: it is MIT, not BSD
- Fix and add tests for SWIG/_aes.i module
- Improve somehow situation on Mac OS X (some testing, improve setup.py,
testsuite should fully pass)
- Bundle-in unittest2 for Python 2.6 (dealing with the need for
specific version of unittest2 package was too complicated)
- Remove all PGP modules
Version 5.1.1:
Correct code used to identify the directory in which the library and its zip file are located.
Ensure that the pythoncom and pywintypes DLLs are found in the lib directory, not in the base directory.
Copy dependent files to the same directory as the file it depends on, not the root directory; also add a sample for PyQt5 to demonstrate its correct use.
Version 5.1:
Use fixed library location on all platforms; should correct the error “no module named __startup__”.
Correct sqlite3 hook for use in Python 2.7.
Correct usage of scipy.lib.
Correct handling of __path__ attribute in module.
Fix gevent bug 42.
Droppped support for Python 3.4.
the patch predates php56, doesn't seem to be necessary when building
with apache22, and we want to reduce diffs against upstream; maybe
that part was needed with distant past with apache 1.3 or whatnot,
but that is not in pkgsrc any more
Changes in FS-UAE Arcade 2.8.1:
Added stretch / keep aspect toggle button to top right menu.
Added V-Sync toggle button to top right menu.
Ability to see and change variant before starting the game.
Make menu rendering conformant to FS-UAE style.
More transition animations.
New cover rendering for non-portrait covers.
Use --platform= to start with a given platform filter, e.g. --platform=cd32.
Variant sort order fixed to be same as in FS-UAE Launcher.
Fixed arrow keys for FS-UAE Arcade on MacOS.
Reversed position of platform and publisher names.
Changes in FS-UAE Arcade 2.8.2:
Allow mouse to be used to activate the close button.
Show mouse cursor briefly when moving the mouse.
Changes in FS-UAE Launcher 2.8.1:
Fixed problem where rating could be reset for first loaded game/variant.
New experimental option: relative_temp_feature.
Changes in FS-UAE Launcher 2.8.2:
New option whdload_boot_dir must be used to enable an old feature, previously it was enabled by the presence of Hard Drives/WHDLoad.
Changes in FS-UAE Launcher 2.8.3:
Show error message when version started is too old (cannot read databases).
Fixed save state dir when starting with UUID parameter.
CDTV games (from database) did not set CDTV model.
Imported updated translations from crowdin.com.
Changes in FS-UAE 2.8.1:
Alt+F4 and Cmd+Q will no longer quit FS-UAE (in full keyboard emulation mode).
Use raw input on Windows again (allows grabbing of Windows keys, etc).
New option raw_input = 0 will disable use of raw input for keyboard.
Fixed loading shaders from fs-uae.dat.
Updated Xbox 360 configs for Linux.
Changes in FS-UAE Launcher 2.8.2:
New option whdload_boot_dir must be used to enable an old feature, previously it was enabled by the presence of Hard Drives/WHDLoad.
Changes in FS-UAE 2.8.3:
Fix decoding on non-ascii %-escaped file names on directory HDs.
Fixed caps lock.
Imported updated translations from crowdin.com.
This release fixes two security issues. This release also fixes issues with VACUUM, GIN indexes, and hash indexes that could lead to data corruption, as well as fixes for using parallel queries and logical replication.
Security Issues
* CVE-2018-1052: Fix the processing of partition keys containing multiple expressions
* CVE-2018-1053: Ensure that all temporary files made with "pg_upgrade" are non-world-readable
Bug Fixes and Improvements
* Fix crash and potential disclosure of backend memory when processing partition keys containing multiple expressions
* Fix potential disclosure of temporary files containing database passwords created by pg_upgrade by not allowing these files to be world-accessible
* Fix cases where VACUUM would not remove dead rows if they were updated while "key-share" locked, leading to potential data corruption
* Fix for GIN indexes to prevent bloat by ensuring the pending-insertions list is cleaned up by VACUUM
* Fix potential index corruption with hash indexes due to failure to mark metapages as dirty
* Fix several potential crash scenarios for parallel queries, including when a bitmap heap scan cannot allocate memory
* Fix several potential hang-ups in parallel queries, including when a parallel worker fails to start
* Fix collection of EXPLAIN statistics from parallel workers
* Prevent fake deadlock failures when multiple sessions are running CREATE INDEX CONCURRENTLY
* Fix for trigger behavior when using logical replication
* Several fixes for "walsender" functionality to improve stability as well as visibility into the replication process
* Fix logical decoding to correctly clean up disk files for crashed transactions
* Several fixes for identity columns, including disallowing identity columns on tables derived from composite types and partitions
* Fix handling of list partitioning constraints for partition keys of boolean and array types
* Fix incorrectly generated plans for UPDATE and DELETE queries when a table has a mix of inherited regular and foreign child tables
* Fix incorrect query results from cases involving GROUPING SETS when used with flattened subqueries
* Fix UNION/INTERSECT/EXCEPT over zero columns, e.g. "SELECT UNION SELECT;"
* Several fixes for subqueries within a LATERAL subquery
* Several improvements for query planning estimation
* Allow a client that supports SCRAM channel binding, such as a future version of PostgreSQL or libpq, to connect to a PostgreSQL 10 server
* Fix sample INSTR() functions used to help transition from Oracle(r) PL/SQL to PostgreSQL PL/pgSQL to correctly match Oracle functional behavior
* Fix pg_dump to make permissions (ACL), security label, and comment entries reliably identifiable in archive outputs
* Modify behavior for contrib/cube's "cube ~> int" operator to make it compatible with KNN search. This is a backwards incompatible change and any expression indexes or materialized views using this operator will need to be reindexed and refreshed, respectively.
* Several fixes in contrib/postgres_fdw to prevent query planner errors
* Added modern examples of auto-start scripts for PostgreSQL on macOS in the contrib/start-scripts/macos directory
* Several fixes for Windows, including postmaster startup and compatibility with libperl
* Spinlock fixes and support for Motorola 68K and 88K architectures
Version 4.1:
Protection agains buffer overflow and negative indexes in __getitem__ and __setitem__ for objc.varlist instances.
Fix incorrect metadata for +[NSEvent addLocalMonitorForEventsMatchingMask:handler:]
Fix incorrect and misleading error message in the exception that is raised when return a value from a block that should not return a value.
Issue 223: Fix hard crash when executing help(Cocoa)
Fetching the help for PyObjC framework wrappers isn’t very useful due to the sheer size of the output (4.5 million lines of output for help(Cocoa) at the moment), but shouldn’t cause a hard crash of the interpreter.
Issue 218: Explictly cause an ImportError when reloading `objc._objc`
Reloading the PyObjC core extension now raises an ImportError because this cannot work and used to raise a rather vague error.
Updated metadata for Xcode 9.2
Added missing `MAC_OS_X_VERSION_*` constants
Fix memory error in struct wrappers which resulted in a use-after-free error in the initializer for structs.
Add bindings for frameworks Security, SecurityFoundation and and SecurityInterface.
The bindings for the Security framework don’t expose a number of older APIs that were deprecated in macOS 10.7.
Add bindings to libdispatch.
These bindings require macOS 10.8 or later, libdispatch was available earlier but macOS 10.8 changed the API in such a way that wrapping became a lot easier.
By using the clang or gcc plugin mechanism, it was possible for an attacker to
trick the “go get” command into executing arbitrary code. The go command now
restricts the set of allowed host compiler and linker arguments in cgo source
files to a list of allowed flags, in particular disallowing -fplugin= and
-plugin=.
The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the Go
issue for details.
Thanks to Christopher Brown of Mattermost for reporting this problem.
