[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2014Q4 2015-04-01T20:02:52Z 2015-04-01T20:02:52Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T20:02:52Z urn:sha1:969bc2926a16a753e1d250884b263da6bd6bfd3b 2015-04-01T20:01:59Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T20:01:59Z urn:sha1:db9cfdc39ce360ede3889a2d37ddf016d6663721 devel/exctags: security patch Revisions pulled up: - devel/exctags/Makefile 1.27 - devel/exctags/distinfo 1.13 - devel/exctags/patches/patch-CVE-2014-7204 1.1 --- Module Name: pkgsrc Committed By: bsiegert Date: Sun Mar 29 09:19:06 UTC 2015 Modified Files: pkgsrc/devel/exctags: Makefile distinfo Added Files: pkgsrc/devel/exctags/patches: patch-CVE-2014-7204 Log Message: SECURITY: Fix CVE-2014-7204 (DoS in JavaScript parser) in exuberant-ctags. 2015-04-01T19:32:15Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T19:32:15Z urn:sha1:403b8f811fb60635985827a9c20a8508ef655daf 2015-04-01T19:30:43Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T19:30:43Z urn:sha1:18b091c2faf029f9977de78455547ba66fb5b500 sysutils/file: security update Revisions pulled up: - sysutils/file/Makefile 1.34 - sysutils/file/distinfo 1.21 - sysutils/file/patches/patch-config.h.in deleted - sysutils/file/patches/patch-configure deleted - sysutils/file/patches/patch-configure.ac deleted - sysutils/file/patches/patch-src_file.c deleted - sysutils/file/patches/patch-src_file.h deleted - sysutils/file/patches/patch-src_getline.c deleted --- Module Name: pkgsrc Committed By: bsiegert Date: Sun Mar 22 09:48:52 UTC 2015 Modified Files: pkgsrc/sysutils/file: Makefile distinfo Removed Files: pkgsrc/sysutils/file/patches: patch-config.h.in patch-configure patch-configure.ac patch-src_file.c patch-src_file.h patch-src_getline.c Log Message: SECURITY: Update file to 5.22. Bugs fixed: * restructure elf note printing to avoid repeated messages * add note limit, suggested by Alexander Cherepanov * Bail out on partial pread()'s (Alexander Cherepanov) * Fix incorrect bounds check in file_printable (Alexander Cherepanov) * PR/405: ignore SIGPIPE from uncompress programs * change printable -> file_printable and use it in more places for safety * Fix for CVE-2014-9620. 2015-04-01T18:14:52Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T18:14:52Z urn:sha1:c3605242927eed1fcd9a76975e77259062ca67e4 2015-04-01T18:11:56Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T18:11:56Z urn:sha1:e6a0d1b9efcf7d7dece4647b19eec8df1249e204 net/ntp4: security update Revisions pulled up: - net/ntp4/Makefile 1.84 - net/ntp4/PLIST 1.17 - net/ntp4/distinfo 1.20 - net/ntp4/patches/patch-ntpd_ntp__io.c deleted --- Module Name: pkgsrc Committed By: bsiegert Date: Sat Mar 21 20:49:28 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Removed Files: pkgsrc/net/ntp4/patches: patch-ntpd_ntp__io.c Log Message: SECURITY: Update ntpd to 4.2.8p1. * [Sec 2671] vallen in extension fields are not validated. * [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs. 2015-04-01T16:43:53Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T16:43:53Z urn:sha1:7b61c3e0933e198e68fc40bda0b8d0c796821dbf 2015-04-01T16:41:36Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T16:41:36Z urn:sha1:192724aec6aa1f0f01afa189a290044c0eb1d85e net/lftp: security patch Revisions pulled up: - net/lftp/Makefile 1.109 - net/lftp/distinfo 1.62 - net/lftp/patches/patch-src_SSH__Access.cc 1.1 --- Module Name: pkgsrc Committed By: bsiegert Date: Sat Mar 21 20:04:39 UTC 2015 Modified Files: pkgsrc/net/lftp: Makefile distinfo Added Files: pkgsrc/net/lftp/patches: patch-src_SSH__Access.cc Log Message: SECURITY: add a patch to prevent saving of unknown host keys without user intervention. Bump PKGREVISION. 2015-04-01T15:35:44Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T15:35:44Z urn:sha1:64c9ed623ce4ab2f700aa7f024ccd24664ff7b25 2015-04-01T15:32:04Z hiramatsu hiramatsu@pkgsrc.org 2015-04-01T15:32:04Z urn:sha1:335ee491d7ba8d4d3f8ed15e60669455a5e2fa8e audio/vorbis-tools: security patch Revisions pulled up: - audio/vorbis-tools/Makefile 1.61 - audio/vorbis-tools/distinfo 1.24 - audio/vorbis-tools/patches/patch-ac 1.10 --- Module Name: pkgsrc Committed By: bsiegert Date: Sat Mar 21 19:06:54 UTC 2015 Modified Files: pkgsrc/audio/vorbis-tools: Makefile distinfo pkgsrc/audio/vorbis-tools/patches: patch-ac Log Message: SECURITY: Fix CVE-2014-9640. https://trac.xiph.org/changeset/19117 oggenc: fix crash on raw file close, reported by Hanno in issue #2009. pointer to a non-static struct was escaping its scope.