Tuesday, 28 July 2020. Today KDE releases a bugfix update to KDE Plasma 5,
versioned 5.19.4. Plasma 5.19 was released in June 2020 with many feature
refinements and new modules to complete the desktop experience.
This release adds three week's worth of new translations and fixes from KDE's
contributors. The bugfixes are typically small but important and include:
* Plasma Networkmanager: Make hotspot configuration dialog bigger.
* Only open KCM in systemsettings if it can be displayed. Fixes bug #423612
* Plasma Vault: Reset password field when the user clicks Ok. Fixes bug #424063
Full changelog:
https://kde.org/announcements/plasma-5.19.3-5.19.4-changelog
===> Checking for items in pkg-plist which are not in STAGEDIR
Error: Missing: share/glib-2.0/schemas/com.github.johnfactotum.Foliate.gschema.xml
GLIB_SCHEMAS are auto-added to the plist. No need to list them
twice.
- Add support of compressed file by zstd(1)
The maintainer has applied the patch from the submitter to upstream. And then
update this port to the upstream snapshot.
PR: 248267
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> (initial revision)
Reviewed by: meta (myself)
Approved by: IWAMOTO Kouichi <sue@iwmt.org> (maintainer, upstream developer)
With this release, there are a number of CVE's that have been addressed. We would like to take this moment to thank those who have contributed to Cacti with special mention to: Mayfly277 ddb4github yingbaiibm DavidLiedke kim-fitness bmfmancini riversdev0 The Cacti Group are made up of volunteers where all help and contributions are appreciated. Thanks to GitHub's recent Sponsors program, you can now also contribute financially to the project by using the "Sponsors" button on the GitHub Cacti repository or when viisting https://github.com/sponsors/Cacti We hope that you enjoy this release and that in the current unsettling climate, you are all safe and well.
Changelog: https://www.cacti.net/release_notes.php?version=1.2.13
PR: 248139
Reported by: Michael Muenz <m.muenz@gmail.com> (maintainer)
MFH: 2020Q3
Relnotes: cd2dc126-cfe4-11ea-9172-4c72b94353b5
Sponsored by: Netzkommune GmbH
These are relying on the wddx module of PHP, which was removed in 7.4.
Therefore the following ports are marked as IGNORE_WITH_PHP= 74
* www/glpi
* www/zend-framework
* www/zend-framework1
PR: 248074
Sponsored by: Bounce Experts
Major changes and bugfixes:
3.1.3 -> 3.2.0
* Avoid potential out-of-bounds read in daemon mode
* Fix defaul list list of skip-compress files for non-daemon transfers
* Fix xattr filter rules losing an 'x' attribute in a non-local transfer
* zlib fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840
* Fixed a crash in the --iconv code
* Checksum enhancements, including the addition of xxhash
* The checksum preference order of the negotiation can be customized or forced
* Compression enhancements, including the addition of zstd and lz4 compression algorithms
* Added openssl & preliminary gnutls support to the rsync-ssl script
* Added the proxy protocol daemon parameter that allows your rsyncd to know the real remote
IP when it is setup behind a proxy
3.2.0 -> 3.2.1
* Fix potential issue with MD5 assembly-language code
* option --backup-dir=STR now implies --backup
3.2.1 -> 3.2.2
* Avoid a crash when a daemon module enables transfer logging without setting a log format value
Full release message: https://download.samba.org/pub/rsync/NEWS#3.2.2
Security: CVE-2016-9843 CVE-2016-9842 CVE-2016-9841 CVE-2016-9840
MFH after: 2 weeks
MFH: 2020Q3
This update primarily fixes CVE-2020-15103. See the full changelog for
other bugfixes that were included:
https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0
PR: 248198
Submitted by: VVD <vvd unislabs com>
MFH: 2020Q3
Security: a955cdb7-d089-11ea-8c6f-080027eedc6a
https://github.com/zeek/zeek/releases/tag/v3.0.8
- Fix potential DNS analyzer stack overflow
- Fix potential NetbiosSSN analyzer stack overflow
Other fixes:
- Fix DHCP Client ID Option misformat for Hardware Type 0
- Fix/allow copying/cloning of opaque of Broker::Store
- Fix ConnPolling memory over-use
- Fix compress_path not normalizing some paths correctly
- Fix integer conversion error for Tag subtypes/enums
- Fix bro_prng() results not staying within modulus
- Prevent providing a 0 seed to bro_prng() since the LCG parameters
don't allow that
Reported by: Jon Siwek
MFH: 2020Q3
Security: e333084c-9588-4eee-8bdc-323e02cb4fe0
