[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2015Q2 2015-10-04T09:09:18Z 2015-10-04T09:09:18Z he he 2015-10-04T09:09:18Z urn:sha1:7640b603c4dfc15a789d9bae0103c58b66df4a10 2015-09-09T20:39:17Z tron tron 2015-09-09T20:39:17Z urn:sha1:7f0e6c753933d5f6e5c9ab19330389380ce7f073 2015-09-09T20:38:53Z tron tron 2015-09-09T20:38:53Z urn:sha1:d3d99f6b69db7e99393e71a5669c3101c0de25b1 www/apache22: security update Revisions pulled up: - www/apache22/Makefile 1.105 - www/apache22/distinfo 1.62 - www/apache22/patches/patch-modules_ssl_ssl__engine__dh.c deleted --- Module Name: pkgsrc Committed By: adam Date: Mon Jul 20 18:28:59 UTC 2015 Modified Files: pkgsrc/www/apache22: Makefile distinfo Removed Files: pkgsrc/www/apache22/patches: patch-modules_ssl_ssl__engine__dh.c Log Message: Changes with Apache 2.2.31 *) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers. Changes with Apache 2.2.30 (not released) *) SECURITY: CVE-2015-3183 (cve.mitre.org) core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. *) http: Fix LimitRequestBody checks when there is no more bytes to read. *) core: Allow spaces after chunk-size for compatibility with implementations using a pre-filled buffer. *) mod_ssl: bring SNI behavior into better conformance with RFC 6066: no longer send warning-level unrecognized_name(112) alerts. *) http: Make ap_die() robust against any HTTP error code and not modify response status (finally logged) when nothing is to be done. *) core, modules: Avoid error response/document handling by the core if some handler or input filter already did it while reading the request (causing a double response body). *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions 5+ instead of just for FreeBSD 5. *) mod_proxy: use the original (non absolute) form of the request-line's URI for requests embedded in CONNECT payloads used to connect SSL backends via a ProxyRemote forward-proxy. *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for internationalization. *) mod_log_config: Implement logging for sub second timestamps and request end time. *) mod_log_config: Ensure that time data is consistent if multiple duration patterns are used in combination, e.g. %D and %{ms}T. *) mod_log_config: Add "%{UNIT}T" format to output request duration in seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us"). *) In alignment with RFC 7525, the default recommended SSLCipherSuite and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the default recommended SSLProtocol and SSLProxyProtocol directives now exclude SSLv3. Existing configurations must be adjusted by the administrator. *) core: Avoid potential use of uninitialized (NULL) request data in request line error path. *) mod_proxy_http: Use the "Connection: close" header for requests to backends not recycling connections (disablereuse), including the default reverse and forward proxies. *) mod_proxy: Add ap_connection_reusable() for checking if a connection is reusable as of this point in processing. *) mod_proxy: Reuse proxy/balancer workers' parameters and scores across graceful restarts, even if new workers are added, old ones removed, or the order changes. *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by allowing custom parameters to be configured via SSLCertificateFile, and by adding standardized DH parameters for 1024/2048/3072/4096 bits. Unless custom parameters are configured, the standardized parameters are applied based on the certificate's RSA/DSA key size. *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA keys, and unconditionally disable aNULL, eNULL and EXP ciphers (not overridable via SSLCipherSuite). *) mod_ssl: Add support for configuring persistent TLS session ticket encryption/decryption keys (useful for clustered environments). *) SSLProtocol and SSLCipherSuite recommendations in the example/default conf/extra/httpd-ssl.conf file are now global in scope, affecting all VirtualHosts (matching 2.4 default configuration). *) mod_authn_dbd: Fix lifetime of DB lookup entries independently of the selected DB engine. *) Turn static function get_server_name_for_url() into public ap_get_server_name_for_url() and use it where appropriate. This fixes mod_rewrite generating invalid URLs for redirects to IPv6 literal addresses. *) dav_validate_request: avoid validating locks and ETags when there are no If headers providing them on a resource we aren't modifying. *) mod_ssl: New directive SSLSessionTickets (On|Off). The directive controls the use of TLS session tickets (RFC 5077), default value is "On" (unchanged behavior). Session ticket creation uses a random key created during web server startup and recreated during restarts. No other key recreation mechanism is available currently. Therefore using session tickets without restarting the web server with an appropriate frequency (e.g. daily) compromises perfect forward secrecy. *) mod_deflate: Define APR_INT32_MAX when it is missing so to be able to compile against APR-1.2.x (minimum required version). *) mod_reqtimeout: Don't let pipelining checks interfere with the timeouts computed for subsequent requests. 2015-09-09T20:28:44Z tron tron 2015-09-09T20:28:44Z urn:sha1:6b0d901c23abf1cb1d0cb8c0d6d76380a0abce2d www/curl: security update Revisions pulled up: - www/curl/Makefile 1.153-1.154 - www/curl/PLIST 1.52-1.53 - www/curl/distinfo 1.108-1.109 - www/curl/patches/patch-aa 1.33-1.34 - www/curl/patches/patch-curl-config.in 1.7 - www/curl/patches/patch-lib_hostcheck.c 1.4 - www/curl/patches/patch-lib_http2.c deleted --- Module Name: pkgsrc Committed By: spz Date: Sat Aug 8 02:44:16 UTC 2015 Modified Files: pkgsrc/www/curl: Makefile PLIST distinfo pkgsrc/www/curl/patches: patch-aa patch-curl-config.in patch-lib_hostcheck.c Added Files: pkgsrc/www/curl/patches: patch-lib_multi.c patch-lib_transfer.c Removed Files: pkgsrc/www/curl/patches: patch-lib_http2.c Log Message: reanimate curl-7.43.0 and add the upstream fix for http://curl.haxx.se/mail/lib-2015-06/0122.html found in https://github.com/bagder/curl/commit/903b6e05565bf826b4194447864288642214b094 --- Module Name: pkgsrc Committed By: wiz Date: Mon Aug 17 15:43:27 UTC 2015 Modified Files: pkgsrc/www/curl: Makefile PLIST distinfo pkgsrc/www/curl/patches: patch-aa Removed Files: pkgsrc/www/curl/patches: patch-lib_multi.c patch-lib_transfer.c Log Message: Update to 7.44.0: Curl and libcurl 7.44.0 Public curl releases: 148 Command line options: 176 curl_easy_setopt() options: 219 Public functions in libcurl: 58 Contributors: 1291 This release includes the following changes: o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6] o examples: added http2-serverpush.c [7] o http2: added curl_pushheader_byname() and curl_pushheader_bynum() o docs: added CODE_OF_CONDUCT.md [8] o curl: Add --ssl-no-revoke to disable certificate revocation checks [5] o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9] o makefile: Added support for VC14 o build: Added Visual Studio 2015 (VC14) project files o build: Added wolfSSL configurations to VC10+ project files [18] This release includes the following bugfixes: o FTP: fix HTTP CONNECT logic regression [1] o openssl: Fix build with openssl < ~ 0.9.8f o openssl: fix build with BoringSSL o curl_easy_setopt.3: option order doesn't matter o openssl: fix use of uninitialized buffer [2] o RTSP: removed dead code o Makefile.m32: add support for CURL_LDFLAG_EXTRAS o curl: always provide negotiate/kerberos options o cookie: Fix bug in export if any-domain cookie is present o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT o INSTALL: Advise use of non-native SSL for Windows <= XP o tool_help: fix --tlsv1 help text to use >= for TLSv1 o HTTP: POSTFIELDSIZE set after added to multi handle [3] o SSL-PROBLEMS: mention WinSSL problems in WinXP o setup-vms.h: Symbol case fixups o SSL: Pinned public key hash support o libtest: call PR_Cleanup() on exit if NSPR is used o ntlm_wb: Fix theoretical memory leak o runtests: Allow for spaces in curl custom path o http2: add stream != NULL checks for reliability o schannel: Replace deprecated GetVersion with VerifyVersionInfo o http2: verify success of strchr() in http2_send() o configure: add --disable-rt option o openssl: work around MSVC warning o HTTP: ignore "Content-Encoding: compress" o configure: check if OpenSSL linking wants -ldl o build-openssl.bat: Show syntax if required args are missing o test1902: attempt to make the test more reliable o libcurl-thread.3: Consolidate thread safety info o maketgz: Fixed some VC makefiles missing from the release tarball o libcurl-multi.3: mention curl_multi_wait [10] o ABI doc: use secure URL o http: move HTTP/2 cleanup code off http_disconnect() [11] o libcurl-thread.3: Warn memory functions must be thread safe [12] o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13] o docs: formpost needs the full size at start of upload [14] o curl_gssapi: remove 'const' to fix compiler warnings o SSH: three state machine fixups [15] o libcurl.3: fix a single typo [16] o generate.bat: Only clean prerequisite files when in ALL mode o curl_slist_append.3: add error checking to the example o buildconf.bat: Added support for file clean-up via -clean o generate.bat: Use buildconf.bat for prerequisite file clean-up o NTLM: handle auth for only a single request [17] o curl_multi_remove_handle.3: fix formatting [19] o checksrc.bat: Fixed error when [directory] isn't a curl source directory o checksrc.bat: Fixed error when missing *.c and *.h files o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20] o test46: update cookie expire time o SFTP: fix range request off-by-one in size check [21] o CMake: fix GSSAPI builds [22] o build: refer to fixed libidn versions [4] o http2: discard frames with no SessionHandle [23] o curl_easy_recv.3: fix formatting o libcurl-tutorial.3: fix formatting [24] o curl_formget.3: correct return code [25] 2015-09-03T20:12:35Z tron tron 2015-09-03T20:12:35Z urn:sha1:3883b6d6305532dd69bb9634d9a4527402c453fe 2015-09-03T20:11:22Z tron tron 2015-09-03T20:11:22Z urn:sha1:2729f218bee3d6cb5c52d263e510e42f57fec9fa net/bind910: security update Revisions pulled up: - net/bind910/Makefile 1.11-1.12 - net/bind910/distinfo 1.9-1.10 - net/bind910/patches/patch-lib_dns_hmac_link.c deleted - net/bind910/patches/patch-lib_dns_include_dst_dst.h deleted - net/bind910/patches/patch-lib_dns_ncache.c deleted - net/bind910/patches/patch-lib_dns_openssldh_link.c deleted - net/bind910/patches/patch-lib_dns_openssldsa_link.c deleted - net/bind910/patches/patch-lib_dns_opensslecdsa_link.c deleted - net/bind910/patches/patch-lib_dns_opensslrsa_link.c deleted - net/bind910/patches/patch-lib_dns_pkcs11dh_link.c deleted - net/bind910/patches/patch-lib_dns_pkcs11dsa_link.c deleted - net/bind910/patches/patch-lib_dns_pkcs11rsa_link.c deleted - net/bind910/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c deleted - net/bind910/patches/patch-lib_dns_resolver.c deleted --- Module Name: pkgsrc Committed By: sevan Date: Wed Sep 2 19:46:44 UTC 2015 Modified Files: pkgsrc/net/bind910: Makefile distinfo Added Files: pkgsrc/net/bind910/patches: patch-lib_dns_hmac_link.c patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslrsa_link.c patch-lib_dns_pkcs11dh_link.c patch-lib_dns_pkcs11dsa_link.c patch-lib_dns_pkcs11rsa_link.c patch-lib_dns_rdata_generic_openpgpkey_61.c patch-lib_dns_resolver.c Log Message: Patch CVE-2015-5722 & CVE-2015-5986 Bump rev CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c https://kb.isc.org/article/AA-01287/0 CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c https://kb.isc.org/article/AA-01291/0 Reviewed by wiz@ --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 3 00:33:32 UTC 2015 Modified Files: pkgsrc/net/bind910: Makefile distinfo Removed Files: pkgsrc/net/bind910/patches: patch-lib_dns_hmac_link.c patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslrsa_link.c patch-lib_dns_pkcs11dh_link.c patch-lib_dns_pkcs11dsa_link.c patch-lib_dns_pkcs11rsa_link.c patch-lib_dns_rdata_generic_openpgpkey_61.c patch-lib_dns_resolver.c Log Message: Update bind910 to 9.10.2pl4 (BIND 9.10.2-P4). (Already fixed by bind-9.10.2pl3nb1.) --- 9.10.2-P4 released --- 4170. [security] An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. (CVE-2015-5986) [RT #40286] 4168. [security] A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. (CVE-2015-5722) [RT #40212] 2015-09-03T20:03:06Z tron tron 2015-09-03T20:03:06Z urn:sha1:b00358682bcd1962dfc7b2f34c50822f9e596fdf net/bind99: security update Revisions pulled up: - net/bind99/Makefile 1.47-1.48 - net/bind99/distinfo 1.31-1.32 - net/bind99/patches/patch-lib_dns_hmac_link.c deleted - net/bind99/patches/patch-lib_dns_include_dst_dst.h deleted - net/bind99/patches/patch-lib_dns_ncache.c deleted - net/bind99/patches/patch-lib_dns_openssldh_link.c deleted - net/bind99/patches/patch-lib_dns_openssldsa_link.c deleted - net/bind99/patches/patch-lib_dns_opensslecdsa_link.c deleted - net/bind99/patches/patch-lib_dns_opensslsslrsa_link.c deleted - net/bind99/patches/patch-lib_dns_rdata_generic_openpgpkey_61.c deleted - net/bind99/patches/patch-lib_dns_resolver.c deleted --- Module Name: pkgsrc Committed By: sevan Date: Wed Sep 2 19:44:28 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Added Files: pkgsrc/net/bind99/patches: patch-lib_dns_hmac_link.c patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslsslrsa_link.c patch-lib_dns_rdata_generic_openpgpkey_61.c patch-lib_dns_resolver.c Log Message: Patch CVE-2015-5722 & CVE-2015-5986 Bump rev CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c https://kb.isc.org/article/AA-01287/0 CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c https://kb.isc.org/article/AA-01291/0 Reviewed by wiz@ --- Module Name: pkgsrc Committed By: taca Date: Thu Sep 3 00:35:03 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Removed Files: pkgsrc/net/bind99/patches: patch-lib_dns_hmac_link.c patch-lib_dns_include_dst_dst.h patch-lib_dns_ncache.c patch-lib_dns_openssldh_link.c patch-lib_dns_openssldsa_link.c patch-lib_dns_opensslecdsa_link.c patch-lib_dns_opensslsslrsa_link.c patch-lib_dns_rdata_generic_openpgpkey_61.c patch-lib_dns_resolver.c Log Message: Update bind99 to 9.9.7pl3 (BIND 9.9.7-P3). (These security fixes are already done by bind-9.9.7pl2nb1.) --- 9.9.7-P3 released --- 4170. [security] An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. (CVE-2015-5986) [RT #40286] 4168. [security] A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. (CVE-2015-5722) [RT #40212] 2015-09-03T19:36:34Z tron tron 2015-09-03T19:36:34Z urn:sha1:c90e4ac7cb43f34d1aedd68f93cb5fa8271363eb sysutils/testdisk: security update Revisions pulled up: - sysutils/testdisk/Makefile 1.11 via patch - sysutils/testdisk/PLIST 1.3 - sysutils/testdisk/distinfo 1.3 --- Module Name: pkgsrc Committed By: leot Date: Mon Aug 24 19:54:14 UTC 2015 Modified Files: pkgsrc/sysutils/testdisk: Makefile PLIST distinfo Log Message: Update sysutils/testdisk to testdisk-7.0. Changes: == 7.0 == === General Improvements === Various fix including security fix, thanks to * Coverity scan (Static Analysis of source code) * afl-fuzz (security-oriented fuzzer). * Denis Andzakovic from Security Assessment for reporting an exploitable Stack Buffer Overflow === TestDisk === ==== Improvements ==== * exFAT: better support * ext4: handle 64 bit blocks or 64 KiB blocksize. Fix detection and file listing ==== Bug fixes ==== * Avoid erroneous error when writing 512 bytes on hard disk using 4k sector * FAT, NTFS: avoid NULL pointer dereference if localtime() returns NULL. Thanks to Graham Sutherland for reporting this bug. === PhotoRec & QPhotoRec === QPhotoRec is a Graphical User Interface (Qt based GUI) version of PhotoRec. More user friendly, it recognizes the same file formats. PhotoRec remains recommended for advanced users, it can stop a recovery and resume it later, it recovers more fragmented files when brute-force technology is enabled and expert mode is available. ==== Improvements ==== * Reduced false positives for more than 80 file formats. * .gif: fix filesize detection * .flv: add Flash filesize detection * .mpg: detect filesize for MPEG * .ra: detect filesize for RealAudio3 * Improved algorithm to deal with data fragmentation resulting in a general speed increased * Speedup brute-force mode. Brute-force mode can recover more fragmented files, but it's still slow and not 100% reliable. You can enable it in PhotoRec Options menu. New file formats recovered by PhotoRec: * .3dm: Rhino / openNURBS * .ari: ARRI Raw Video * .camrec: Camtasia Studio * .dad: Micae DVR * .dcm: Digital Imaging and Communications in Medicine (DICOM) * .fp12: File Maker Pro 12 * .kra: Krita * .mlv: Magic Lantern Video * .notebook: SMART notebook * .ora: Mypaint * .red: RED2 video format * .rlv: Revelation password * .vbm: Veeam Backup Metadata * .woff: Web Open Font Format 2015-09-03T19:30:17Z tron tron 2015-09-03T19:30:17Z urn:sha1:484d75546050b5c47213e7528550ab681212e3f6 security/openssh: build fix patch Revisions pulled up: - security/openssh/distinfo 1.97 - security/openssh/options.mk 1.31 --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 22 05:17:22 UTC 2015 Modified Files: pkgsrc/security/openssh: distinfo options.mk Log Message: Revive hpn-patch patch although not yet tested well. 2015-09-03T19:23:43Z tron tron 2015-09-03T19:23:43Z urn:sha1:657c8ec53eb85875fbce566bf8e91c45b86e5c30 www/drupal7: security update Revisions pulled up: - www/drupal7/Makefile 1.33 - www/drupal7/distinfo 1.26 --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 20 15:34:11 UTC 2015 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: Update drupal7 package to 7.39 (Drupal 7.39). Drupal 7.39, 2015-08-19 ----------------------- - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003.