[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q1 2008-06-08T12:00:23Z 2008-06-08T12:00:23Z tron tron 2008-06-08T12:00:23Z urn:sha1:cd6b18661b899d7b68f2606edb162301289a5bb1 Security patches for mit-krb5 Revisions pulled up: - security/mit-krb5/Makefile 1.43 - security/mit-krb5/distinfo 1.20 - security/mit-krb5/patches/patch-at 1.2 - security/mit-krb5/patches/patch-bh 1.1 - security/mit-krb5/patches/patch-bi 1.1 - security/mit-krb5/patches/patch-bj 1.1 - security/mit-krb5/patches/patch-bk 1.1 - security/mit-krb5/patches/patch-bl 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 23:58:11 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo pkgsrc/security/mit-krb5/patches: patch-at Added Files: pkgsrc/security/mit-krb5/patches: patch-bh patch-bi patch-bj patch-bk patch-bl Log Message: Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and MITKRB5-SA-2008-002. Bump PKGREVISION now finally. 2008-06-08T11:47:13Z tron tron 2008-06-08T11:47:13Z urn:sha1:29826010a65cc7376cb27f58eefed5a04d9ca260 Security patches for mit-krb5 Revisions pulled up: - security/mit-krb5/Makefile 1.42 - security/mit-krb5/distinfo 1.17-1.19 - security/mit-krb5/patches/patch-ai 1.3-1.4 - security/mit-krb5/patches/patch-au 1.1-1.2 - security/mit-krb5/patches/patch-av 1.1-1.2 - security/mit-krb5/patches/patch-aw 1.1-1.2 - security/mit-krb5/patches/patch-ax 1.1-1.2 - security/mit-krb5/patches/patch-ay 1.1-1.2 - security/mit-krb5/patches/patch-az 1.1-1.2 - security/mit-krb5/patches/patch-ba 1.1-1.3 - security/mit-krb5/patches/patch-bb 1.1-1.2 - security/mit-krb5/patches/patch-bc 1.1-1.2 - security/mit-krb5/patches/patch-bd 1.1-1.2 - security/mit-krb5/patches/patch-be 1.1-1.2 - security/mit-krb5/patches/patch-bf 1.1 - security/mit-krb5/patches/patch-bg 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 18:36:07 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Add security patches for 3 Kerberos vulnerabilities: - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 20:22:18 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd patch-be Log Message: Remove parts of a different security patch which slipped in but are not supported yet. Don't bump revision as the package didn't build before. --- Module Name: pkgsrc Committed By: tonnerre Date: Sat Jun 7 22:26:10 UTC 2008 Modified Files: pkgsrc/security/mit-krb5: distinfo pkgsrc/security/mit-krb5/patches: patch-ba Added Files: pkgsrc/security/mit-krb5/patches: patch-bf patch-bg Log Message: Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION will be bumped again once some other patches are in. 2008-06-05T12:25:24Z rtr rtr 2008-06-05T12:25:24Z urn:sha1:5be04b5c3e0d93911c17fc90481417fe7a679e6b 2008-06-05T12:23:59Z rtr rtr 2008-06-05T12:23:59Z urn:sha1:de4213cbb092f1589935eeb85a522a648dd389b2 openssl: DoS and double free fixes revisions pulled up: - pkgsrc/security/openssl/Makefile 1.132 - pkgsrc/security/openssl/distinfo 1.60 - pkgsrc/security/openssl/patches/patch-ab 1.12 - pkgsrc/security/openssl/patches/patch-ah 1.8 Module Name: pkgsrc Committed By: tonnerre Date: Tue Jun 3 21:39:40 UTC 2008 Modified Files: pkgsrc/security/openssl: Makefile distinfo Added Files: pkgsrc/security/openssl/patches: patch-ab patch-ah Log Message: Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g: - Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a silent crash. - Fix double free in TLS server name extensions which could lead to a remote crash. Patches from upstream. 2008-05-27T13:29:03Z rtr rtr 2008-05-27T13:29:03Z urn:sha1:b66c16d485002ba6e9a2bdd3957ba661adddc4a1 stunnel: update package due to security issue revisions pulled up: - pkgsrc/security/stunnel/MESSAGE 1.1 - pkgsrc/security/stunnel/Makefile 1.62 - pkgsrc/security/stunnel/PLIST 1.10 - pkgsrc/security/stunnel/distinfo 1.24 - pkgsrc/security/stunnel/files/stunnel.sh 1.2 - pkgsrc/security/stunnel/patches/patch-aa 1.20 - pkgsrc/security/stunnel/patches/patch-ac r0 Module Name: pkgsrc Committed By: tnn Date: Tue May 27 11:51:32 UTC 2008 Modified Files: pkgsrc/security/stunnel: Makefile PLIST distinfo pkgsrc/security/stunnel/files: stunnel.sh pkgsrc/security/stunnel/patches: patch-aa Added Files: pkgsrc/security/stunnel: MESSAGE Removed Files: pkgsrc/security/stunnel/patches: patch-ac Log Message: Update to stunnel-4.24. 4.24: fix security problem (properly reject revoked certs) 4.23: WinNT bugfix 4.22: - A new global option to control logging to syslog. Simultaneous logging to a file and the syslog is now possible. - A new service level option to control stack size. - Restored chroot() to be executed after decoding numerical userid and groupid values in drop_privileges(). - A few bugs fixed the in the new libwrap support code. - TLSv1 method used by default in FIPS mode instead of SSLv3 client and SSLv23 server methods. 4.21: - Initial FIPS 140-2 support (see INSTALL.FIPS for details). - Experimental fast support for non-MT-safe libwrap is provided with pre-spawned processes. - Stunnel binary moved from /usr/local/sbin to /usr/local/bin in order to meet FHS and LSB requirements. - Added code to disallow compiling stunnel with pthreads when OpenSSL is compiled without threads support. - Minor manual update. - TODO file updated. - Dynamic locking callbacks added (needed by some engines to work). - AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments. - On some systems libwrap requires yp_get_default_domain from libnsl, additional checking for libnsl was added to the ./configure script. - Sending a list of trusted CAs for the client to choose the right certificate restored. - Some compatibility issues with NTLM authentication fixed. 2008-05-23T11:39:51Z rtr rtr 2008-05-23T11:39:51Z urn:sha1:dac407568e117bb973c2144d9afa10705ade685c gnutls: update for security fixes revisions pulled up: - pkgsrc/security/gnutls/Makefile 1.69 - pkgsrc/security/gnutls/distinfo 1.44 Module Name: pkgsrc Committed By: tnn Date: Thu May 22 13:18:52 UTC 2008 Modified Files: pkgsrc/security/gnutls: Makefile distinfo Log Message: Update to gnutls-2.2.5. * Version 2.2.5 (released 2008-05-19) Fix flaw in fix for GNUTLS-SA-2008-1-3. * Version 2.2.4 (released 2008-05-19) Fix three security vulnerabilities. [GNUTLS-SA-2008-1] [GNUTLS-SA-2008-1-1] libgnutls: Fix crash when sending invalid server name. [GNUTLS-SA-2008-1-2] libgnutls: Fix crash when sending repeated client hellos. [GNUTLS-SA-2008-1-3] libgnutls: Fix crash in cipher padding decoding for invalid record lengths. * Version 2.2.3 (released 2008-05-06) Increase default handshake packet size limit to 48kb. Fix compilation error related to __FUNCTION__ on some systems. Documented the --priority option to gnutls-cli and gnutls-serv. Fix fopen file descriptor leak in PSK server code. Build Guile code with -fgnu89-inline only when supported. Make Camellia encryption work. 2008-04-12T08:56:09Z rtr rtr 2008-04-12T08:56:09Z urn:sha1:79a700a2a1ce32f0b755b74c12e2231d036df5e2 fix build when hpn-patch enabled Revisions pulled up: - pkgsrc/security/openssh/distinfo 1.68 - pkgsrc/security/openssh/patches/patch-ao 1.11 Module Name: pkgsrc Committed By: taca Date: Tue Apr 8 06:36:47 UTC 2008 Modified Files: pkgsrc/security/openssh: distinfo pkgsrc/security/openssh/patches: patch-ao Log Message: Fix build problem with hpn-patch option enabled. 2008-04-03T07:59:08Z tonnerre tonnerre 2008-04-03T07:59:08Z urn:sha1:973842f843b550f10eba492a5e89278e94ee5e07 - X11 forwarding information disclosure (CVE-2008-1483) - ForceCommand bypass vulnerability 2008-04-02T15:06:07Z jlam jlam 2008-04-02T15:06:07Z urn:sha1:97c8a8560dfe752b6aeffd85c14be07c0459f5b7 and ${REAL_ROOT_GROUP} instead. The pkginstall framework checks for the name of the user and group, not the uid and gid, when comparing permissions. This fixes the following spurious warning from appearing: The following files are used by sudo-1.6.9p15 and have the wrong ownership and/or permissions: /usr/pkg/etc/sudoers (m=0440, o=0, g=0) 2008-03-29T14:16:58Z taca taca 2008-03-29T14:16:58Z urn:sha1:23751ee0e0119a32bc8a77161b8d49c0975cbcd4 653) Fixed installation of sudo_noexec.so on AIX. 654) Updated libtool to version 1.5.26. 655) Fixed printing of default SELinux role and type in -V mode. 656) The HOME environment variable is once again preserved by default, as per the documentation.