[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2011Q2 2011-09-14T18:04:18Z 2011-09-14T18:04:18Z tron tron 2011-09-14T18:04:18Z urn:sha1:1b36c5e0748d5b9263bedbb4eec87bf22670f500 2011-09-14T18:03:18Z tron tron 2011-09-14T18:03:18Z urn:sha1:3906b3624a8207e8044bad0d77f985eab3d178fa www/apache22: security update Revisions pulled up: - www/apache22/Makefile 1.68-1.70 - www/apache22/distinfo 1.40-1.42 - www/apache22/patches/patch-CVE-2011-3192 deleted - www/apache22/patches/patch-lock.c 1.1 - www/apache22/patches/patch-repos.c 1.1 --- Module Name: pkgsrc Committed By: tron Date: Wed Aug 31 12:52:45 UTC 2011 Modified Files: pkgsrc/www/apache22: Makefile distinfo Removed Files: pkgsrc/www/apache22/patches: patch-CVE-2011-3192 Log Message: Update "apache22" package to version 2.2.20. Changes since version 2.2.19: - mod_authnz_ldap: If the LDAP server returns constraint violation, don't treat this as an error but as "auth denied". [Stefan Fritsch] - mod_filter: Fix FilterProvider conditions of type "resp=" (response headers) for CGI. [Joe Orton, Rainer Jung] - mod_reqtimeout: Fix a timed out connection going into the keep-alive state after a timeout when discarding a request body. Bug 51103. [Stefan Fritsch] - core: Do the hook sorting earlier so that the hooks are properly sorted for the pre_config hook and during parsing the config. [Stefan Fritsch] --- Module Name: pkgsrc Committed By: sborrill Date: Mon Sep 12 17:18:46 UTC 2011 Modified Files: pkgsrc/www/apache22: Makefile distinfo Added Files: pkgsrc/www/apache22/patches: patch-lock.c patch-repos.c Log Message: Atomically create files when using DAV to stop files being deleted on error From: https://issues.apache.org/bugzilla/show_bug.cgi?id=39815 Bump PKGREVISION. OK tron@ --- Module Name: pkgsrc Committed By: taca Date: Wed Sep 14 07:10:21 UTC 2011 Modified Files: pkgsrc/www/apache22: Makefile distinfo Log Message: Update apahce22 package to 2.2.21. Quote from release announce: The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.21 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix release: * SECURITY: CVE-2011-3348 (cve.mitre.org) mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service. * SECURITY: CVE-2011-3192 (cve.mitre.org) core: Further fixes to the handling of byte-range requests to use less memory, to avoid denial of service. This patch includes fixes to the patch introduced in release 2.2.20 for protocol compliance, as well as the MaxRanges directive. Note the further advisories on the state of CVE-2011-3192 will no longer be broadcast, but will be kept up to date at; http://httpd.apache.org/security/CVE-2011-3192.txt We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. 2011-09-14T17:55:55Z tron tron 2011-09-14T17:55:55Z urn:sha1:6abea35e8aa1325cc250e66ebe9698bf8f9a6881 www/typo3: security update Revisions pulled up: - www/typo3/Makefile 1.34 - www/typo3/distinfo 1.26 --- Module Name: pkgsrc Committed By: taca Date: Wed Sep 14 11:49:46 UTC 2011 Modified Files: pkgsrc/www/typo3: Makefile distinfo Log Message: Update typo3 package to 4.5.6. Due to several security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.3.14, 4.4.11 and 4.5.6. Find more details in the security bulletins: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-002/ http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-003/ Release Notes: http://wiki.typo3.org/wiki/TYPO3_4.5.6 2011-09-14T17:42:57Z tron tron 2011-09-14T17:42:57Z urn:sha1:3382d059bdd64d649b0bfda6ab1002492eeeb114 filesystems/tahoe-lafs: security update Revisions pulled up: - filesystems/tahoe-lafs/Makefile 1.8 - filesystems/tahoe-lafs/distinfo 1.5 --- Module Name: pkgsrc Committed By: gdt Date: Wed Sep 14 11:36:17 UTC 2011 Modified Files: pkgsrc/filesystems/tahoe-lafs: Makefile distinfo Log Message: * Release 1.8.3 (2011-09-13) ** Security-related Bugfix - Fix flaw that would allow a person who knows a storage index of a file to delete shares of that file (#1528). - Remove corner cases in mutable file bounds management which could expose extra lease info or old share data (from prior versions of the mutable file) if someone with write authority to that mutable file exercised these corner cases in a way that no actual Tahoe-LAFS client does. (Probably not exploitable.) (#1528). 2011-09-13T20:01:58Z spz spz 2011-09-13T20:01:58Z urn:sha1:0cafa80c1f65a1e4b8141913613bb1c115dad55e 2011-09-13T20:00:52Z spz spz 2011-09-13T20:00:52Z urn:sha1:13cf7c2f9aad7c4888b0b344db90f17e3a8bde58 net/wireshark: security update Revisions pulled up: - net/wireshark/Makefile by patch - net/wireshark/distinfo by patch ------------------------------------------------------------------- Update "wireshark" package to version 1.4.9. Changes since 1.4.8: - Bug Fixes The following vulnerabilities have been fixed. o wnpa-sec-2011-13 A malformed IKE packet could consume excessive resources. Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. CVE-2011-3266 o wnpa-sec-2011-14 A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135) Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. o wnpa-sec-2011-15 Wireshark could run arbitrary Lua scripts. (Bug 6136) Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1. The following bugs have been fixed: o Unable to configure zero length SNMP Engine ID. (Bug 5731) o H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call. (Bug 5848) o Malformed Packet in decode for BGP-AD update. (Bug 6122) o BGP : AS_PATH attribute was decode wrong. (Bug 6188) o Fixes for SCPS TCP option. (Bug 6194) o Offset calculated incorrectly for sFlow extended data. (Bug 6219) o [Enter] key behavior varies when manually typing display filters. (Bug 6228) o Contents of pcapng EnhancedPacketBlocks with comments aren't displayed. (Bug 6229) o Misdecoding 3G Neighbour Cell Information Element in SI2quater message due to a coding typo. (Bug 6237) o Mis-spelled word "unknown" in assorted files. (Bug 6244) o btl2cap extended window shows wrong bit. (Bug 6257) o NDMP dissector incorrectly represents "ndmp.bytes_left_to_read" as signed. (Bug 6262) o ERF records with extension headers not written out correctly to pcap or pcap-ng files. (Bug 6265) o RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276) o Copying from RTP stream analysis copies 1st line many times. (Bug 6279) o File types with no snaplen written out with a zero snaplen in pcap-ng files. (Bug 6289) o MEGACO context tracking fix - context id reuse. (Bug 6311) - Updated Protocol Support BGP, Bluetooth L2CAP, GSM A RR, H.225, IKE, MEGACO, NDMP, RTPS2, SCPS, sFlow, SNMP - New and Updated Capture File Support CommView, pcap-ng. --------------------------------------------------------------------- 2011-09-10T23:34:16Z tron tron 2011-09-10T23:34:16Z urn:sha1:aeef4b33c807446ca055a694c5a1d99f8b000a01 sysutils/xenkernel3: security patch sysutils/xenkernel33: security patch Revisions pulled up: - sysutils/xenkernel3/Makefile 1.21 - sysutils/xenkernel3/distinfo 1.15 - sysutils/xenkernel3/patches/patch-SA45835 1.1 - sysutils/xenkernel33/Makefile 1.15 - sysutils/xenkernel33/distinfo 1.14 - sysutils/xenkernel33/patches/patch-SA45835 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Sat Sep 10 18:35:51 UTC 2011 Modified Files: pkgsrc/sysutils/xenkernel3: Makefile distinfo pkgsrc/sysutils/xenkernel33: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel3/patches: patch-SA45835 pkgsrc/sysutils/xenkernel33/patches: patch-SA45835 Log Message: Apply patch from http://www.openwall.com/lists/oss-security/2011/09/02/2, fixing SA45835. Bump pkgrevision 2011-09-10T23:32:28Z tron tron 2011-09-10T23:32:28Z urn:sha1:8d08f3f070c90b4c03e0278ce799c816e2d5ec76 2011-09-10T10:10:48Z tron tron 2011-09-10T10:10:48Z urn:sha1:1337f1669782980d3cbe7e63a76a19bf8df68824 2011-09-10T10:07:02Z tron tron 2011-09-10T10:07:02Z urn:sha1:ac4631a905965a93625f625327dc9bede2001e34 devel/roundup: security update Revisions pulled up: - devel/roundup/MESSAGE 1.3 - devel/roundup/Makefile 1.40 - devel/roundup/PLIST 1.16 - devel/roundup/distinfo 1.25 - devel/roundup/patches/patch-setup-py 1.1 --- Module Name: pkgsrc Committed By: dholland Date: Sun Jul 17 02:24:13 UTC 2011 Modified Files: pkgsrc/devel/roundup: MESSAGE Makefile PLIST distinfo Added Files: pkgsrc/devel/roundup/patches: patch-setup-py Log Message: Update roundup to 1.4.19. Set LICENSE. Three years of development, way too much to include here. If anyone's curious the list is in CHANGES.txt in the distfile.