[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2 2008-09-02T11:58:48Z 2008-09-02T11:58:48Z tron tron 2008-09-02T11:58:48Z urn:sha1:82e83a6c32f4bf4922cf3a8e025718fb1f6d4a1f bitlbee: security update chat/bitlbee/Makefile 1.42-1.43 chat/bitlbee/distinfo 1.21-1.22 chat/bitlbee/patches/patch-aa delete chat/bitlbee/patches/patch-ab delete chat/bitlbee/patches/patch-ac delete chat/bitlbee/patches/patch-ad delete chat/bitlbee/patches/patch-ae delete --- Module Name: pkgsrc Committed By: tonio Date: Wed Jul 23 21:11:40 UTC 2008 Modified Files: pkgsrc/chat/bitlbee: Makefile distinfo Removed Files: pkgsrc/chat/bitlbee/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Log Message: Update chat/bitlbee to 1.2.1 Version 1.2.1 (released 2008-06-24) hilights: * Mostly a lot of fixes for bugs found after the 1.2 release. * Daemon mode is now officially declared stable. - Fixed proxy support. - Fixed stalling issues while connecting to Jabber when using the OpenSSL module. - Fixed problem with GLib and ForkDaemon where processes didn't die when the client disconnects. - Fixed handling of "set charset none". (Which pretty much breaks the account completely in 1.2.) - You can now automatically identify yourself to BitlBee by setting a server password in your IRC client. - Compatible with all crazy kinds of line endings that clients can send. - Changed root nicknames are now saved. - Added ClientInterface setting to bind() outgoing connections to a specific network interface. - Support for receiving Jabber chatroom invitations. - Relaxed port restriction of the Jabber module: added ports 80 and 443. - Preserving case in Jabber resources of buddies, since these should officially be treated as case sensitive. - Fully stripping spaces from AIM screennames, this didn't happen completely which severly breaks the IRC protocol. - Removed all the yellow tape around daemon mode, it's pretty mature by now: testing.bitlbee.org serves all (~30) SSL users from one daemon mode process without any serious stability issues. - Fixed GLib <2.6 compatibility issue. - Misc. memory leak/crash fixes. --- Module Name: pkgsrc Committed By: tonio Date: Fri Aug 29 13:29:24 UTC 2008 Modified Files: pkgsrc/chat/bitlbee: Makefile distinfo Log Message: Update chat/bitlbee to 1.2.2 Fixes security issue http://secunia.com/advisories/31633/ Changelog: Version 1.2.2 (released 2008-08-26) hilights: * Fixed a security issue where it was possible to recreate/hijack already existing accounts. * Various stability improvements and minor feature enhancements. 2008-08-14T08:31:46Z rtr rtr 2008-08-14T08:31:46Z urn:sha1:ac8955562cf1a3adcf77c6b18f6f6c125e2bc453 jabberd: force preference on openssl (fixes pr) revisions pulled up: pkgsrc/chat/jabberd/Makefile 1.31 pkgsrc/chat/jabberd/distinfo 1.7 pkgsrc/chat/jabberd/patches/patch-aa 1.5 Module Name: pkgsrc Committed By: obache Date: Sun Aug 3 05:17:40 UTC 2008 Modified Files: pkgsrc/chat/jabberd: Makefile distinfo pkgsrc/chat/jabberd/patches: patch-aa Log Message: Force to pick up prefer OpenSSL. Fixes PR 39198. 2008-07-13T16:07:13Z dholland dholland 2008-07-13T16:07:13Z urn:sha1:88a314fdd6b42c1950630e796bb22475aed4613c from Zafer Aydogan in followup to PR pkg/35117. 2008-07-13T12:04:11Z tonnerre tonnerre 2008-07-13T12:04:11Z urn:sha1:8eac7996bd76337ee4ee2fe22ae64763d7665b48 various character set problems. The security issues fixed: * NICK_CHANGE buffer overflow: CVE-2007-3728. * pkcs_decode buffer overflow: CORE-2007-1212. Changes since version 1.0.4.1: - Fixed NEW_CLIENT packet handling crash. - Fixed partial encryption in CTR mode in AES. - Fixed printable fingerprint buffer overflow. - Fixed UNIX signal delivery il SILC scheduler. - Reprocess JOIN command synchronously after resolving channel user list. - In JOIN command reply check if the channel key is already saved. - Remove all channel keys and hmacs after giving LEAVE command. - Added missing channel unreferencing in CMODE, CUMODE, TOPIC, INVITE, BAN and KICK command replies. - Fixed connection authentication with public keys to use correct public key as responder. - Zero tail of CTR mode IV in IV Included mode. - Fixed CTR mode rekey. - Rewrote the IV Included CTR mode encryption/decryption in packet engine. - Fixed non-IPv6 compilation error. - Fixed channel private key deleting when deleting the channel. - Fixed TIMEOUT handling in user info resolving during JOINing, fixes crash. - Fixed mandatory UN and HN SILC public key identifier checking. - Fixed alignment issues with 64-bit CPUs. - Added "There are now xx nick's" to "are xx nicks". - Fixed USERS command user mode handling (integer overflow). - Fixed big-endian issues from aes implementation. - Fixed lib/silcutil/silcatomic.h compilation on IA64. - Fixed public key identifier parsing to check lengths correctly. - In silc_client_free check that scheduler is allocated before trying to free it. - Fixed buffer overflow in NICK_CHANGE notify. The destination buffer for old nicknames was too small. - Added support for rekey with PFS when using CTR mode encryption. - Added silc_idcache_move that can be used to move entries between caches. - Added better checks for invalid argument and notify payloads. - Fixed SILC_PACKET_FLAG_LONG_PAD bitmask value. - Set the destination ID to packet stream as SKE responder if ID was present in key exchange packet. - Compile sources with _GNU_SOURCE on Linux systems. - Fixed Unix signal task dispatching to not lock the signals when dispatching the callback to avoid deadlocks. - Added SILC_VERSION macro for checking package versions at compile time. - Use SILC_VERIFY to assert that silc_rwlock_wrlock can be called only once per thread on Unix. - Fixed USERS command reply write-lock unlocking. - Fixed silc_create_key_pair to check for valid identifier. - Rewrite signed public message handling, adopting the new hilight interface. - Fix off by one error when loading modules. - Don't delete hilight entry (because it's just a pointer, not a copy). - Added __SILC_TOOLKIT_x_x_x macro to all Toolkit distribution which can be used to check for Toolkit version in third-party software. - Added support for channel@server channel name strings to client library (SILC protocol version 1.3 change). - Added full_nicknames and full_channel_names settings to SilcClientParams that can be used to specify whether client library returns full nickname and channel name strings. Full strings are nick@server and channel@server. - Fixed unix connecting failure to return error code correctly. - Fixed SKE timeout double free crash. - Fixed MIME multipart decoding buffer overflow. - Fixed connection auth protocol timeout crash. - Fixed FSM machine finishing to check for existing threads at the final free callback to allow time for the threads to finish. - Fixed silc_client_get_clients_local to check the nick's server also if nick@server nickname string is given to the function. - And many more, oh well. For the user this means: better charset support, less crashes, nick names now potentially user#23, server specific channels and more sanity. Talked over a while ago with wiz with no objections. 2008-07-11T07:39:20Z tnn tnn 2008-07-11T07:39:20Z urn:sha1:79e2caff143e86b8dd066379ca1c21774e40edc1 i) CVE-2008-2927 fix ii) the previous version was being rejected from the ICQ network. version 2.4.3 (07/01/2008): libpurple: * Yahoo! Japan now uses UTF-8, matching the behavior of official clients and restoring compatibility with the web messenger (Yusuke Odate) * Setting your buddy icon once again works for Yahoo! accounts. * Fixes in the Yahoo! protocol to prevent a double free, crashes on aliases, and alias functionality * Fix crashes in the bonjour protocol * Always use UTF-8 for Yahoo! (#5973) * Fix a crash when the given jabber id is invalid. * Make the IRC "unknown message" debugging messages UTF-8 safe. * Fix connecting to ICQ * Fix a memleak when handling jabber xforms. Pidgin: * Include the send button plugin in the win32 build * Various memory leak fixes 2008-07-06T05:16:50Z tonnerre tonnerre 2008-07-06T05:16:50Z urn:sha1:b62cf7cb516dd21378b978e1e2880fb799a3b20e - CVE-2007-5839: e_hostname uses mktempnam in an unsafe manner. - CVE-2007-4584: p_mode classic buffer overflow using a static string. 2008-07-03T18:01:13Z smb smb 2008-07-03T18:01:13Z urn:sha1:4b436e9b1116f4c65b3c815c4393cded3920dbea Version 1.27 * Cleaned up the buddy "Get Info" screen a bit * Fixed up a couple of compiler warnings * You are now hidden on your own contact list by default Version 1.26 * A few minor security fixes * Incomming messages with HTML-like text are displayed properly * Usernames and passwords with funny characters (like +) in them should work Version 1.25 * Plugin will automatically reconnect if the messages stop downloading * Logging you out of the plugin wont log you out of Facebook * Buddies will appear online when typing and sending messages to you * No DNS lookups for proxies Version 1.24 * Some fixes to the friends search * Messages can be auto-resent if they don't get through (buddy offline etc) Version 1.23 * You can now search for friends from the account menu (Account->Facebook->Search for friends...) Version 1.22 * Fixed receiving multiple notifications * Local alias in Pidgin will be set if you havn't set it Version 1.21 * Notifications (Inbox/Friends) appear as new emails in Pidgin 2008-07-02T14:24:45Z smb smb 2008-07-02T14:24:45Z urn:sha1:e61afa24fe7a1b1831b189ff97ab27d529a41751 2008-06-30T22:23:34Z bjs bjs 2008-06-30T22:23:34Z urn:sha1:d4c880f133d831cc6b2608b4598138402ef7a5af of mk/curses.b3.mk after devel/ncurses/b3.mk. - Define DATADIR correctly so that it knows where to look for help files. - Remove quotes around DOCS_PATH in snprintf() call so that smirk can actually open the help files. - Bump PKGREVISION. 2008-06-24T13:37:29Z smb smb 2008-06-24T13:37:29Z urn:sha1:bed77af6443739016c3bb4abe0c0d0b0bb429712