- do not update symlinks which are already up-to-date
- add a gotadmin utility with info, pack, indexpack, and listpack commands
- fix 3-way merge of files which lack a final \n
- make double-quotes appear in rendered got.1 man page as intended (Nam Nguyen)
- gotweb: render error page instead of returning error 500 (tracey)
- avoid an error in tog(1) while the terminal window is being resized
- plug a memory leak in got_ref_list_free()
- catch invalid reference names passed to 'got ref -l'
- fix a memory leak in dial_git() (naddy)
- fix unrelated changes being merged by got cherrypick/backout/rebase/histedit
- go back to Patience diff for merging during cherrypick/backout/histedit/rebase
- fix file descriptor leak in got_repo_close() (tracey)
- fix hang in commit regress test if $VISUAL is set in the environment (tracey)
- use socketpair(2) instead of pipe(2) for better portability to Linux
- make it possible to profile gotweb and document how profiling works
- fix memory and fd leaks in got_pack_stop_privsep_child() (tracey)
- fix bogus 'permission denied' error when a file at work tree root is removed
- port packfile creation code over from git9
- new -I option for 'got status' to show files which match an ignore pattern
CVE-2020-28200: Sieve interpreter is not protected against abusive
scripts that claim excessive resource usage. Fixed by limiting the
user CPU time per single script execution and cumulatively over
several script runs within a configurable timeout period. Sufficiently
large CPU time usage is summed in the Sieve script binary and execution
is blocked when the sum exceeds the limit within that time. The block
is lifted when the script is updated after the resource usage times out.
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.
Fails at runtime with the following error:
NameError: name 'SET_VERSION_TUPLE' is not defined
because the installed .pyc is based on sources intended to be patched at
install time.
Removing canto removes one of the blockers for updates of feedparser and
chardet to python3-only versions. Upstream has moved its efforts to
another project, canto-next, with python3 support and separate
daemon/client projects.
ok danj@ sthen@
'httpclient' provides similiar functionality to libwww-perl (LWP) for
Ruby. 'httpclient' was formerly known as 'http-access2'.
valuable feedback Stefan Hagen and kmos@
OK kmos@
SDL contains AltiVec instructions, whose support is not properly detected
at runtime. Disable AltiVec on powerpc to fix SIGILLs on macppc G3s, while
keeping it for powerpc64.
« Later, one might try to enable altivec again by moving the altivec
blitter to a separate file, and compiling only that file with
-maltivec (as xenocara/lib/pixman does now). » - gkoehler@
Reported by @will@empty.cafe.
OK gkoehler@, no news from thfr@ (maintainer)
