[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2 2008-09-03T12:12:11Z 2008-09-03T12:12:11Z tron tron 2008-09-03T12:12:11Z urn:sha1:6bd2b53bfc42e445ddb5a05e71947a7b277d6ebe rt3: security update Update the "rt3" package to version 3.6.7 to fix Denial of Service vulnerability. Files patched: - devel/rt3/Makefile - devel/rt3/PLIST - devel/rt3/distinfo - devel/rt3/patches/patch-ac 2008-08-18T23:27:06Z rtr rtr 2008-08-18T23:27:06Z urn:sha1:4f1e4831812cc57e8fd39a36459298cf4574f410 bugzilla3: update package for security issues revisions pulled up: pkgsrc/devel/bugzilla3/Makefile 1.8 pkgsrc/devel/bugzilla3/PLIST 1.3 pkgsrc/devel/bugzilla3/distinfo 1.4 Module Name: pkgsrc Committed By: adrianp Date: Sun Aug 17 09:24:38 UTC 2008 Modified Files: pkgsrc/devel/bugzilla3: Makefile PLIST distinfo Log Message: Update to 3.0.5 * If you don't have permission to set a flag, it will now appear unchangeable in the UI. (Bug 433851) * If you were running mod_perl, Bugzilla was not correctly closing its connections to the database since 3.0.3, and so sometimes the DB would run out of connections. (Bug 441592) * The installation script is now clear about exactly which Email:: modules are required in Perl, thus avoiding the problem where emails show up with a body like SCALAR(0xBF126795). (Bug 441541) * email_in.pl is no longer case-sensitive for values of @product. (Bug 365697) Also addresses a new security issue: http://www.bugzilla.org/security/2.22.4/ 2008-08-18T23:14:57Z rtr rtr 2008-08-18T23:14:57Z urn:sha1:b7d079397860dfea4a629dfa1ce5c1d41a7cfc6c bugzilla: update for security issue revisions pulled up: pkgsrc/devel/bugzilla/Makefile 1.32 pkgsrc/devel/bugzilla/distinfo 1.16 Module Name: pkgsrc Committed By: adrianp Date: Sun Aug 17 09:21:47 UTC 2008 Modified Files: pkgsrc/devel/bugzilla: Makefile distinfo Log Message: Update to 2.22.5 Addresses a new security issue: http://www.bugzilla.org/security/2.22.4/ 2008-08-12T11:22:11Z rtr rtr 2008-08-12T11:22:11Z urn:sha1:4f14e7f145cd2ec66b1ebf135affb9831ab70995 ruby-curses, ruby, ruby18-base, ruby-tk: security fix revisions pulled up pkgsrc/lang/ruby/rubyversion.mk 1.44 pkgsrc/lang/ruby18-base/distinfo 1.17 pkgsrc/devel/ruby-curses/distinfo 1.33 pkgsrc/x11/ruby-tk/distinfo 1.20 Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:58:33 UTC 2008 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby18-base: distinfo Log Message: Update ruby18-base to 1.8.7.72 (Ruby 1.8.7-p72). These packages are implicitly updated with distfile update only. databases/ruby-gdbm devel/ruby-readline lang/ruby lang/ruby18 Here's quote from release announce: Sorry for a fuss, but it turned out that taintness check of dl in last releases I made was incomplete. Here are fixes for that. And relevant changes: Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org> * ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr. * ext/dl/dl.c (rb_ary_to_ptr): ditto. * ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as well. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:59:40 UTC 2008 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses package to 1.8.7.72. It is distfile change only. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: taca Date: Mon Aug 11 06:59:55 UTC 2008 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-curses package to 1.8.7.72. It is distfile change only. 2008-08-12T10:00:23Z tron tron 2008-08-12T10:00:23Z urn:sha1:9bcc2c5f3fae6020fc3fccdbc993fb91922f5c01 Security update for scmgit-base Revisions pulled up: - devel/scmgit-base/Makefile 1.8 - devel/scmgit-base/distinfo 1.10 - devel/scmgit-base/patches/patch-ak 1.1 - devel/scmgit/Makefile.common 1.12 - devel/scmgit/Makefile.version 1.3 --- Module Name: pkgsrc Committed By: bjs Date: Thu Jul 24 23:22:54 UTC 2008 Modified Files: pkgsrc/devel/scmgit: Makefile.common Makefile.version pkgsrc/devel/scmgit-base: Makefile distinfo Added Files: pkgsrc/devel/scmgit-base/patches: patch-ak Log Message: Update to version 1.5.6.4. The base package now depends on devel/p5-Error; this ensures that git never has to install its own copy, thereby avoiding future conflicts with devel/p5-Error. Plus, the pkgsrc version is newer. While here, set PKG_SYSCONFSUBDIR=git and explicitly specify sysconfdir in CONFIGURE_ARGS. Remove trailing slash from GITCOREDIR. Long list of changes since 1.5.6: Fixes since v1.5.6.3 -------------------- * Various commands could overflow its internal buffer on a platform with small PATH_MAX value in a repository that has contents with long pathnames. * There wasn't a way to make --pretty=format:%<> specifiers to honor .mailmap name rewriting for authors and committers. Now you can with %aN and %cN. * Bash completion wasted too many cycles; this has been optimized to be usable again. * Bash completion lost ref part when completing something like "git show pu:Makefile". * "git-cvsserver" did not clean up its temporary working area after annotate request. * "git-daemon" called syslog() from its signal handler, which was a no-no. * "git-fetch" into an empty repository used to remind that the fetch will be huge by saying "no common commits", but this was an unnecessary noise; it is already known by the user anyway. * "git-http-fetch" would have segfaulted when pack idx file retrieved from the other side was corrupt. * "git-index-pack" used too much memory when dealing with a deep delta chain. * "git-mailinfo" (hence "git-am") did not correctly handle in-body [PATCH] line to override the commit title taken from the mail Subject header. * "git-rebase -i -p" lost parents that are not involved in the history being rewritten. * "git-rm" lost track of where the index file was when GIT_DIR was specified as a relative path. * "git-rev-list --quiet" was not quiet as advertised. Contains other various documentation fixes. Fixes since v1.5.6.2 -------------------- * Setting core.sharerepository to traditional "true" value was supposed to make the repository group writable but should not affect permission for others. However, since 1.5.6, it was broken to drop permission for others when umask is 022, making the repository unreadable by others. * Setting GIT_TRACE will report spawning of external process via run_command(). * Using an object with very deep delta chain pinned memory needed for extracting intermediate base objects unnecessarily long, leading to excess memory usage. * Bash completion script did not notice '--' marker on the command line and tried the relatively slow "ref completion" even when completing arguments after one. * Registering a non-empty blob racily and then truncating the working tree file for it confused "racy-git avoidance" logic into thinking that the path is now unchanged. * The section that describes attributes related to git-archive were placed in a wrong place in the gitattributes(5) manual page. * "git am" was not helpful to the users when it detected that the committer information is not set up properly yet. * "git clone" had a leftover debugging fprintf(). * "git clone -q" was not quiet enough as it used to and gave object count and progress reports. * "git clone" marked downloaded packfile with .keep; this could be a good thing if the remote side is well packed but otherwise not, especially for a project that is not really big. * "git daemon" used to call syslog() from a signal handler, which could raise signals of its own but generally is not reentrant. This was fixed by restructuring the code to report syslog() after the handler returns. * When "git push" tries to remove a remote ref, and corresponding tracking ref is missing, we used to report error (i.e. failure to remove something that does not exist). * "git mailinfo" (hence "git am") did not handle commit log messages in a MIME multipart mail correctly. Futureproof ----------- * "git-shell" accepts requests without a dash between "git" and subcommand name (e.g. "git upload-pack") which the newer client will start to make sometime in the future. Fixes since v1.5.6.1 -------------------- * "git clone" from a remote that is named with url.insteadOf setting in $HOME/.gitconfig did not work well. * "git describe --long --tags" segfaulted when the described revision was tagged with a lightweight tag. * "git diff --check" did not report the result via its exit status reliably. * When remote side used to have branch 'foo' and git-fetch finds that now it has branch 'foo/bar', it refuses to lose the existing remote tracking branch and its reflog. The error message has been improved to suggest pruning the remote if the user wants to proceed and get the latest set of branches from the remote, including such 'foo/bar'. * "git reset file" should mean the same thing as "git reset HEAD file", but we required disambiguating -- even when "file" is not ambiguous. * "git show" segfaulted when an annotated tag that points at another annotated tag was given to it. * Optimization for a large import via "git-svn" introduced in v1.5.6 had a serious memory and temporary file leak, which made it unusable for moderately large import. * "git-svn" mangled remote nickname used in the configuration file unnecessarily. Fixes since v1.5.6 ------------------ * Last minute change broke loose object creation on AIX. * (performance fix) We used to make $GIT_DIR absolute path early in the programs but keeping it relative to the current directory internally gives 1-3 per-cent performance boost. * bash completion knows the new --graph option to git-log family. * git-diff -c/--cc showed unnecessary "deletion" lines at the context boundary. * git-for-each-ref ignored %(object) and %(type) requests for tag objects. * git-merge usage had a typo. * Rebuilding of git-svn metainfo database did not take rewriteRoot option into account. * Running "git-rebase --continue/--skip/--abort" before starting a rebase gave nonsense error messages. 2008-08-11T12:32:52Z rtr rtr 2008-08-11T12:32:52Z urn:sha1:4a5a17315c4c11ff08561ed62f92ed3a2577163f p5-Error: required for ticket #2472 revisions pulled up: pkgsrc/devel/p5-Error/Makefile 1.17 pkgsrc/devel/p5-Error/distinfo 1.8 Module Name: pkgsrc Committed By: rhaen Date: Tue Jul 22 08:05:15 UTC 2008 Modified Files: pkgsrc/devel/p5-Error: Makefile distinfo Log Message: updated to 0.17015 ChangeLog: Jul 19 2008 <shlomif@iglu.org.il> (Shlomi Fish) Error.pm #0.17015 - Added the "SEE ALSO" section to the Error.pm POD mentioning Exception::Class and Error::Exception. 2008-08-08T14:37:50Z ghen ghen 2008-08-08T14:37:50Z urn:sha1:35821c18e266453077fed8ba802c7f11d26f8446 security update for ruby - pkgsrc/devel/ruby-curses/distinfo 1.16 - pkgsrc/lang/ruby/rubyversion.mk 1.43 - pkgsrc/lang/ruby18-base/Makefile 1.46 - pkgsrc/lang/ruby18-base/distinfo 1.32 - pkgsrc/lang/ruby18-base/patches/patch-ad removed - pkgsrc/x11/ruby-tk/distinfo 1.19 Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:38:59 UTC 2008 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Start update of Ruby 1.8.7 patchlevel 71. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:42:44 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-ad Log Message: Update ruby18-base to 1.8.7.71. pkgsrc change: Apply fix for sunpro compilre, provided by PR pkg/37771 from Naoto Morishima. This release includes fix for multiple vulnerabilities. http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ * Several vulnerabilities in safe level * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb Full changes are too many, please refer ChangeLog file. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:43:51 UTC 2008 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update ruby-curses package to 1.8.7.71. This is version update only, no functional change in this ruby extention. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 8 12:44:51 UTC 2008 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update ruby-tk package to 1.8.7.71. This is version update only, no functional change in this ruby extention. 2008-07-25T09:29:04Z rtr rtr 2008-07-25T09:29:04Z urn:sha1:e00e8b00c1b31e14e223d40ef883558b0831e6fb byacc: patch to fix DoS vulnerability revisions pulled up: pkgsrc/devel/byacc/Makefile 1.9 pkgsrc/devel/byacc/distinfo 1.4 pkgsrc/devel/byacc/patches/patch-aa 1.3 Module Name: pkgsrc Committed By: tonnerre Date: Thu Jul 24 17:13:00 UTC 2008 Modified Files: pkgsrc/devel/byacc: Makefile distinfo Added Files: pkgsrc/devel/byacc/patches: patch-aa Log Message: Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196). 2008-07-22T08:04:31Z rtr rtr 2008-07-22T08:04:31Z urn:sha1:0d51282ded5c023632cc54436e0041d4e8da1033 mercurial: fix for path check on patch import revisions pulled up: pkgsrc/devel/mercurial/Makefile 1.19 pkgsrc/devel/mercurial/distinfo 1.13 pkgsrc/devel/mercurial/patches/patch-ab 1.1 Module Name: pkgsrc Committed By: drochner Date: Sat Jul 19 13:36:51 UTC 2008 Modified Files: pkgsrc/devel/mercurial: Makefile distinfo Added Files: pkgsrc/devel/mercurial/patches: patch-ab Log Message: add patch from upstream CVS to fix path checking on git style patch import (CVE-2008-2942), bump PKGREVISION 2008-07-13T15:23:10Z rhaen rhaen 2008-07-13T15:23:10Z urn:sha1:cc90ac8895c6d5ad74e74d46aea238a6a0fef606 DESCR of the package: Log::Log4perl lets you remote-control and fine-tune the logging behaviour of your system from the outside. It implements the widely popular (Java-based) Log4j logging package in pure Perl.