eventlib is an asynchronous event tracking app for Django. This library was
built upon the following values:
- It must be deadly simple to log an event
- It must be possible to track each event in different ways
- Each different "event handler" must be completely separate and fail gracefully
- The event system must be asynchronous, so let's use celery
- The library must be extensible
- 100% of test coverage is enough
WWW: https://pypi.python.org/pypi/eventlib
* Add middleware_stack plugin for removing middleware and inserting
middleware before the end of the stack (jeremyevans)
* Make head plugin handle closing existing response bodies if the body
responds to close (Eric Wong)
The machinery in bsd.qt.mk's qt-post-install target does not seem to account
for the case of a module no longer defining QT_DEFINES: the lines in
qconfig-modules.h including said module's qconfig-<module>.h will remain.
We did that to qt5-multimedia in r458338, and it results in build errors if
qt5-multimedia had been previously installed. Set QT_DEFINES again to a dummy
value until we figure out a proper solution.
PR: 225100
If SASL is detected at build time it assumes you want SASL and also
errors due to assuming we're Linux. This was already patched in our tree
for MySQL.
Also enable SASL support by default for the databases/percona57-client.
This is expected to be the default by upstream now.
Special thanks to mmokhi for figuring this out for us.
PR: 220865
MFH: 2018Q1
Shibboleth SP software vulnerable to forged user attribute data
====================================================================
The Service Provider software relies on a generic XML parser to process
SAML responses and there are limitations in older versions of the parser
that make it impossible to fully disable Document Type Definition (DTD)
processing.
Through addition/manipulation of a DTD, it's possible to make changes
to an XML document that do not break a digital signature but are
mishandled by the SP and its libraries. These manipulations can alter
the user data passed through to applications behind the SP and result
in impersonation attacks and exposure of protected information.
While the use of XML Encryption can serve as a mitigation for this bug,
it may still be possible to construct attacks in such cases, and the SP
does not provide a means to enforce its use.
An updated version of XMLTooling-C (V1.6.3) is available that works
around this specific bug.
While newer versions of the parser are configured by the SP into
disallowing the use of a DTD via an environment variable, this feature
is not present in the parser used on some supported platforms (notably
Red Hat and CentOS 7), so an additional fix is being provided now that
an actual DTD exploit has been identified.
Security: CVE-2018-0486
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.
This package contains the run-time libraries for any application that
wishes to be a SPICE server
WWW: http://spice-space.org/
PR: 225088
Submitted by: olevole@olevole.ru
- Introduce security_status_baseaudit_period variable to
files/405.pkg-base-audit.in in order to make it possible to specify
when this script is executed (i.e. daily, weekly or monthly).
PR: 224239
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>, Miroslav Lachman <000.fbsd@quip.cz> (maintainer)
