curl fails to build when OpenSSL is built without DES support, with many
"use of undeclared identifier" errors. For example:
curl_ntlm_core.c:392:3: error: use of undeclared identifier 'DES_key_schedule'
DES_key_schedule ks;
^
An issue was reported back in 2015 [1], requesting support for ./configure
detecting OPENSSL_NO_DES, but the issue was ultimately closed:
"We just don't support very custom OpenSSL builds. I could be talked into
accepting patches that introduce support for this however".
Accordingly and leui of an upstream configure patch, this change adds an
NTLM option, enabled by default, and when disabled, defines
CURL_DISABLE_NTLM, which prevents #define'ing USE_NTLM in
WRKSRC/lib/curl_setup.h, resulting in a successful build.
This allows users the opportunity to easily disable the DES requiring
functionality in curl, if they happen to run custom or stripped down
OpenSSL builds.
Note: This issue may impact builds with other SSL libraries that allow
disabling DES, but I did not investigate this question.
[1] https://sourceforge.net/p/curl/bugs/1439/
[2] Would require a version update, which granted, is mostly bugfixes
Reviewed by: sunpoet (maintainer)
Approved by: sunpoet (maintainer)
MFH: No [2]
Differential Revision: D22498
mpv-mpris is a plugin for mpv which allows control of the player using standard
media keys.
This plugin implements the MPRIS D-Bus interface and can be controlled using
tools such as playerctl or through many Linux DEs, such as Gnome and KDE.
WWW: https://github.com/hoyon/mpv-mpris
- This makes KDE Plasma desktop's panels media control available for mpv, and
also exposes mpv to kdeconnect-kde.
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to run system
commands without any output or errors.
2019-12-11: Apache SpamAssassin 3.4.3 has been released! Apache
SpamAssassin 3.4.3 contains numerous tweaks and bug fixes as we prepare
to move to version 4.0.0 with better, native UTF-8 handling. There are a
number of functional patches, improvements as well as security reasons to
upgrade to 3.4.3. In this release, there is also one new plugin and there
are bug fixes for two CVEs:
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to run system
commands without any output or errors.
PR: 242618
Submitted by: cy
Reported by: cy
Approved by: zeising (maintainer)
MFH: 2019Q4
Security: CVE-2019-12420, CVE-2018-11805
ChangeLog: https://github.com/TheLocehiliosan/yadm/releases/tag/2.2.0
Accumulated changes since 2.0.1:
* Use relative symlinks for alternates
* Support double-star globs in .config/yadm/encrypt
* Improve bash completion
* Update docs about using magit
* Note exception for WSL
* Resolve hostname using `uname -n`
* Use /etc/os-release if lsb_release is missing
* Issue warning for any invalid alternates found
* Add support for gawk
PR: 242469
Submitted by: vendion@gmail.com
Reviewed by: alex@xanderio.de (maintainer)
From ChangeLog:
* usr/lib/byobu/logo:
- add Raspbian colors / logo
* usr/lib/byobu/include/select-session.py:
- Force UTF-8 when attaching in `select-session.py`
* debian/rules:
- ignore new pep8 rules around hard tabs and whitespaces, related
to bug 1843729
* AUTHORS, CONTRIBUTING, NEWS, README, README.md:
- Flatten these files into a single README.md
- Minor updates in the process
PR: 242544
Submitted by: jcoffman@xsecure.io (maintainer)
ChangeLog: https://github.com/wxMaxima-developers/wxmaxima/releases
Accumulated changes since 19.11.11:
* wxMaxima now uses C++11 that makes the code more readable and helps finding
bugs
* If found wxMaxima now asks cppcheck to find bugs
* Increased the speed of the program again
* Opening the config dialogue since 19.11.0 unchecked "offer known answers"
* For Cmake>=3.10.0 the build system now asks cppcheck to find bugs.
* Changing the worksheet style was partially broken.
* A big number of additional bug fixes in various places
* A config option that forces displaying all multiplication signs.
* Made the tooltips more visible
* Added a warning tooltip about missing multiplication signs
* Sped up drawing of new cells correcting the size calculations
* If lookalike chars are used in a way that can cause hard-to-find errors now a
warning tooltip is generated
* A few additional bug fixes that (besides others) resolve a potential crash
* An option to turn all multiplication dots on
PR: 242538
Submitted by: phascolarctos@protonmail.ch (maintainer)
* CVE-2019-19722: Mails with group addresses in From or To fields caused
crash in push notification drivers.
- additional fix for blank headers
PORTREVISION bump for mail/dovecot-pigeonhole, mail/dovecot-fts-xapian
*NOT* requesting MFH as 2.3.9 is not in 2019Q4.
Security: b7dc4dde-2e48-43f9-967a-c68461537cf2
Security: CVS-2019-19722
If systems are updated without running `make delete-old`, makeinfo
may still be lingering around in /usr/bin. This causes eventual
errors as it can't handle brand new emerging technology from 10
years ago (like CSS).
Instead of permitting makeinfo from base (which was removed in
11.0-RELEASE), depend specifically on makeinfo from print/texinfo.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D22795
This is necessary to deal with the reduction of the ncurses library from
2 implementation on one single implementation which would be only the widechar.
Reviewed by: mat
Differential Revision: https://reviews.freebsd.org/D22794
- Update to 2.2.2, this version also builds fine on aarch64
- Add GH_ACCOUNT, it appears that upstream moved the repo to a dedicated account
Changes: https://github.com/projectdiscovery/subfinder/releases
PR: 242604
Approved by: yuri (maintainer)
