libheif: restore bl3 hook to divert to the c++11 version
(but only for gcc versions that support c++11 but not c++17)
XXX: If we're going to do this sort of thing there should be
XXX: infrastructure. If we start spraying logic like this all over
XXX: everywhere we'll eventually regret it.
firefox115: update to 115.22.0
Security Vulnerabilities fixed in Firefox ESR 115.22
Announced
April 1, 2025
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 115.22
#CVE-2025-3028: Use-after-free triggered by XSLTProcessor
Reporter
Ivan Fratric of Google Project Zero
Impact
[8 lines not shown]
security/chkrootkit: Drop MESSAGE as ancient
It is no longer useful to give a list of tested platforms from the era
of NetBSD 1.6, and that list from 2006 is surely inaccurate with
respect to a more recent release.
mlterm: update to 3.9.4.
pkgsrc changes:
- remove patches already integrated into the upstream source tree
- remove hack for PR pkg/56936 fixed by upstream issue #113
https://github.com/arakiken/mlterm/issues/113
- add options libssh2 (disabled by default)
- misc pkglint
Upstream changes (from doc/en/ReleaseNote):
ver 3.9.4
* Support Shift+Control+v and Shift+Control+c to copy&paste via clipboard by default.
Drop -P/--clip/use_clipboard option.
Add --chsel/change_selection_immediately option in anything except xlib and wayland.
* Add COPY_CLIPBOARD shortcut key.
* Pressing '?' in copy mode searches for a string backward.
(https://github.com/arakiken/mlterm/issues/72)
* Support wp-primary-selection protocol in wayland.
[50 lines not shown]
xz: updated to 5.8.1
5.8.1 (2025-04-03)
IMPORTANT: This includes a security fix for CVE-2025-31115 which
affects XZ Utils from 5.3.3alpha to 5.8.0. No new 5.4.x or 5.6.x
releases will be made, but the fix is in the v5.4 and v5.6 branches
in the xz Git repository. A standalone patch for all affected
versions is available as well.
* Multithreaded .xz decoder (lzma_stream_decoder_mt()):
- Fix a bug that could at least result in a crash with
invalid input. (CVE-2025-31115)
- Fix a performance bug: Only one thread was used if the whole
input file was provided at once to lzma_code(), the output
buffer was big enough, timeout was disabled, and LZMA_FINISH
was used. There are no bug reports about this, thus it's
[11 lines not shown]