pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/devel/fossil
Module Name: pkgsrc
Committed By: ryoon
Date: Sun Oct 26 12:00:32 UTC 2025
Modified Files:
pkgsrc/devel/fossil: Makefile distinfo
Log Message:
devel/fossil: Update to 2.27
Changelog:
Changes for version 2.27 (2025-09-30)
1. Close a potential Denial-of-Service attack against any public-facing Fossil
server involving exponential behavior in Fossil's regexp implementation.
2. Fix a SQL injection on the /file page. Thanks to additional defenses built
into Fossil, as well as good luck, this injection is not exploitable for
either data exfiltration or privilege escalation. The only possible result
of invoking the injection is a harmless SQL syntax error.
3. Strengthen robot defenses to help prevent public-facing servers from being
overwhelmed by the latest generation of AI spiders.
a. New javascript captcha used to restrict access by user "nobody" to
pages listed in the robot-restrict setting.
b. The robot-exception setting is available to allow access to pages that
match a regular expression. Use this, for example, to allow curl
scripts and similar to download release tarballs.
c. Require at least an anonymous login to access the /blame page and
similar.
4. Timeline enhancements:
a. The chng= query parameter on the timeline page so that it works with
other query parameters like p=, d=, from=, and to=.
b. Always include nodes identify by sel1= and sel2= in the /timeline
display.
c. Improved title when p= and d= are different.
5. Enable the --editor option on the fossil amend command.
6. When walking the filesystem looking for Fossil repositories, avoid
descending into directories named "/proc".
7. Reduce memory requirements for sending authenticated sync protocol
messages.
8. Show numstat-style change statistics in the /info and /ckout pages.
9. Add the stash rename subcommand.
10. Add the "-h" option to the "ls" command to display file hashes for a
specific check-in when in verbose mode.
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/devel/fossil/Makefile
cvs rdiff -u -r1.56 -r1.57 pkgsrc/devel/fossil/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/fossil/Makefile
diff -u pkgsrc/devel/fossil/Makefile:1.94 pkgsrc/devel/fossil/Makefile:1.95
--- pkgsrc/devel/fossil/Makefile:1.94 Sun Jun 22 20:06:48 2025
+++ pkgsrc/devel/fossil/Makefile Sun Oct 26 12:00:32 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.94 2025/06/22 20:06:48 js Exp $
+# $NetBSD: Makefile,v 1.95 2025/10/26 12:00:32 ryoon Exp $
-DISTNAME= fossil-src-2.26
+DISTNAME= fossil-src-2.27
PKGNAME= ${DISTNAME:S/-src//}
CATEGORIES= devel scm
MASTER_SITES= https://fossil-scm.org/home/tarball/version-${PKGVERSION_NOREV}/
Index: pkgsrc/devel/fossil/distinfo
diff -u pkgsrc/devel/fossil/distinfo:1.56 pkgsrc/devel/fossil/distinfo:1.57
--- pkgsrc/devel/fossil/distinfo:1.56 Fri May 30 11:36:06 2025
+++ pkgsrc/devel/fossil/distinfo Sun Oct 26 12:00:32 2025
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.56 2025/05/30 11:36:06 js Exp $
+$NetBSD: distinfo,v 1.57 2025/10/26 12:00:32 ryoon Exp $
-BLAKE2s (fossil-src-2.26.tar.gz) = 2b62dca6f0301a99189742f29fd6186992b6666c59f6dbfeb23886c637f559b7
-SHA512 (fossil-src-2.26.tar.gz) = 356a3b51adde40aedb094743eb978b78961c4216152000ecd800e22b69f1e3a11330259b627628fb6e9a594b1969f0351a73af717b500b4f12d109108fa82b61
-Size (fossil-src-2.26.tar.gz) = 7149081 bytes
+BLAKE2s (fossil-src-2.27.tar.gz) = ddd1a12da2999d61bbaa5d503ee302b544311c7f5541b57937c087cff5866393
+SHA512 (fossil-src-2.27.tar.gz) = 39a43d769212f5ecb891eef215054ed418f1e9da81abfd79d7e307b000adec8054675ca7b9a640fd78c327f50cd4e21285954ddc3b3c85967d9b511235bc8092
+Size (fossil-src-2.27.tar.gz) = 7181357 bytes
SHA1 (patch-autosetup_autosetup-find-tclsh) = 50d94456d81aa99c99696b0fb2e1bf1789b933ff
Home |
Main Index |
Thread Index |
Old Index