Fix build of x11-wm/enlightenment with -fno-common, which is the default
with llvm 11. Patch adapted from upstream.
MFH: 2020Q3 (implicit, -fno-common fixes, ok by joenum)
Use newer GCC, base GCC can't build it:
src/tss2-sys/api/Tss2_Sys_AC_GetCapability.c:49: error: '_TSS2_SYS_CONTEXT_BLOB' has no member named 'decryptAllowed'
src/tss2-sys/api/Tss2_Sys_AC_GetCapability.c:50: error: '_TSS2_SYS_CONTEXT_BLOB' has no member named 'encryptAllowed'
src/tss2-sys/api/Tss2_Sys_AC_GetCapability.c:51: error: '_TSS2_SYS_CONTEXT_BLOB' has no member named 'authAllowed'
MFH: 2020Q3 (fix build blanket)
while here, switch distfile back to xz format and update
the > 2^31 "long long" fix so it patches the right place of the NEWS file.
- adds Romanian translation
- minor manual page fix to add "MD5" hash to sslfingerprint documentation
PR: 248954
Approved by: Corey Halpin (maintainer)
Add a partial patch from upstream to fix the build of
emulators/mupen64plus-core with -fno-common, which is the default with llvm
11.
While here, point WWW: in pkg-descr to the current home of mupen64-plus.
MFH: 2020Q3 (implicit, -fno-common fixes, ok by joenum)
This also adds a fix to the optional TUNNELBLICK extra-patch that removes
context now gone from the upstream code.
Here are the changes in the W35 snapshot:
136c5f01 Fix compilation with older mbed TLS versions (mbedtls_tls_prf_types undefined)
5e19cc2c Workaround FreeBSD 12+ race condition on tun/tap open with IPv6.
10abd656 Refactor key_state_export_keying_material functions
62560e2a Fixes a bug in management_callback_send_cc_message, should be strlen instead of sizeof
2ab0a924 Fix client's poor man NCP fallback
ed47c097 tun.c: enable using wintun driver under SYSTEM
2da29362 Improve the documentation for --dhcp-option
bf911882 Changes.rst: fix mistyped option names
e33f4475 doc: fix typos in cipher-negotiation.rst
7e65483d Fix stack overflow in OpenSolaris NEXTADDR()
f7432a97 Change version.m4 to 2.6_git
c1c43d46 Improve sections about older OpenVPN clients in cipher-negotiation.rst
26b658ea Changes.rst updates in preparation to 2.5_beta1
079fca54 Add depreciation notice for --ncp-disable to protocol-options.rst
16249959 Cleanup tls_pre_decrypt_lite and tls_pre_encrypt
a6a15f70 Refactor/Reformat tls_pre_decrypt
Poudriere test builds succeed on:
11.3 i386, amd64
12.1 i386, amd64, arm64
mips64 currently left in the dust because a build req. for py-docutils
winds up requiring gcc9, which isn't available for MIPS64.
PR: 248969
Submitted by: Eric F. Crist (maintainer)
- Default the OSVERSION check to false
- Fix some errors related to getpwname_r/getgrnam_r
- Add RISC-V ABI aliases
- Add '%X' to pkg-query, this print the internal package checksum
Approved by: bapt
KDE Project Security Advisory
=============================
Title: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.
Risk Rating: Important
CVE: CVE-2020-24654
Versions: ark <= 20.08.0
Author: Elvis Angelaccio <elvis.angelaccio@kde.org>
Date: 27 August 2020
Overview
========
A maliciously crafted TAR archive containing symlink entries
would install files anywhere in the user's home directory upon extraction.
Proof of concept
================
For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/dirsymlink.tar
Impact
======
Users can unwillingly install files like a modified .bashrc, or a malicious
script placed in ~/.config/autostart.
Workaround
==========
Before extracting a downloaded archive using the Ark GUI, users should inspect it
to make sure it doesn't contain symlink entries pointing outside the extraction folder.
The 'Extract' context menu from the Dolphin file manager shouldn't be used.
Solution
========
Ark 20.08.1 skips maliciously crafted symlinks when extracting TAR archives.
Alternatively, 8bf8c5ef07 can be applied to previous
releases.
Credits
=======
Thanks to Fabian Vogt for reporting this issue and for fixing it.
MFH: 2020Q3
Security: CVE-2020-24654
