CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: s...@cvs.openbsd.org2021/06/22 14:40:50 Modified files: devel/got : Makefile distinfo devel/got/pkg : PLIST-main Log message: Update to got 0.53 - do not update symlinks which are already up-to-date - add a gotadmin utility with info, pack, indexpack, and listpack commands - fix 3-way merge of files which lack a final \n - make double-quotes appear in rendered got.1 man page as intended (Nam Nguyen) - gotweb: render error page instead of returning error 500 (tracey) - avoid an error in tog(1) while the terminal window is being resized - plug a memory leak in got_ref_list_free() - catch invalid reference names passed to 'got ref -l' - fix a memory leak in dial_git() (naddy) - fix unrelated changes being merged by got cherrypick/backout/rebase/histedit - go back to Patience diff for merging during cherrypick/backout/histedit/rebase - fix file descriptor leak in got_repo_close() (tracey) - fix hang in commit regress test if $VISUAL is set in the environment (tracey) - use socketpair(2) instead of pipe(2) for better portability to Linux - make it possible to profile gotweb and document how profiling works - fix memory and fd leaks in got_pack_stop_privsep_child() (tracey) - fix bogus 'permission denied' error when a file at work tree root is removed - port packfile creation code over from git9 - new -I option for 'got status' to show files which match an ignore pattern
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: t...@cvs.openbsd.org2021/06/22 08:01:21 Modified files: net/freeradius : Makefile net/freeradius/patches: patch-src_modules_rlm_eap_libeap_mppe_keys_c Added files: net/freeradius/patches: patch-src_modules_rlm_eap_libeap_eap_tls_c Log message: net/freeradius: prepare for opaque SSL in libssl
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: t...@cvs.openbsd.org2021/06/22 07:56:38 Modified files: x11/gnome/vfs2 : Makefile Added files: x11/gnome/vfs2/patches: patch-libgnomevfs_gnome-vfs-ssl_c Log message: gnome/vfs2: prepare for opaque SSL in libssl ok ajacoutot
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: ki...@cvs.openbsd.org 2021/06/22 06:11:53 Modified files: games/wesnoth : Makefile distinfo games/wesnoth/pkg: PLIST Log message: Update to wesnoth-1.14.17
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:33:45 Modified files: www/qutebrowser: Makefile Log message: enable qutebrowser py-adblock dependency on i386 now that maturin is running correctly there
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:31:54 Modified files: mail/dovecot-fts-xapian: Makefile Log message: bump -current REVISION so the PKGNAME is not a lower version the one in -stable
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:31:04 Modified files: mail/dovecot-fts-xapian: Tag: OPENBSD_6_9 Makefile Log message: bump dovecot-fts-xapian revision because the -stable ports build process can't cope with just changed PKGSPEC
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:30:29 Modified files: mail/dovecot-pigeonhole: Tag: OPENBSD_6_9 Makefile distinfo Log message: update to Dovecot-pigeonhole 0.5.15, from Brad (maintainer) CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:30:24 Modified files: mail/dovecot-pigeonhole: Makefile distinfo Log message: update to Dovecot-pigeonhole 0.5.15, from Brad (maintainer) CVE-2020-28200: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time usage is summed in the Sieve script binary and execution is blocked when the sum exceeds the limit within that time. The block is lifted when the script is updated after the resource usage times out.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:29:28 Modified files: mail/dovecot : Tag: OPENBSD_6_9 Makefile distinfo mail/dovecot/patches: Tag: OPENBSD_6_9 patch-doc_example-config_Makefile_in patch-doc_example-config_conf_d_Makefile_in patch-src_master_master-settings_c mail/dovecot/pkg: Tag: OPENBSD_6_9 PLIST-server Log message: update to Dovecot 2.3.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client.
CVS: cvs.openbsd.org: ports
CVSROOT:/cvs Module name:ports Changes by: st...@cvs.openbsd.org 2021/06/22 05:29:26 Modified files: mail/dovecot : Makefile distinfo mail/dovecot/patches: patch-doc_example-config_Makefile_in patch-doc_example-config_conf_d_Makefile_in patch-src_master_master-settings_c mail/dovecot/pkg: PLIST-server Log message: update to Dovecot 2.3.15 CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client.
