Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security fix for gaim
Patch provided by submitter.
version 1.1.4 (2/24/2005):
* Fixed a bug where Yahoo! would lose messages (and any other packet
really)
* Correctly show the time when incoming Gadu-Gadu messages were sent
(Carl-Daniel Hailfinger)
* Fixed crashes with glib 2.6
* Fixed MSN crash when conversations time out after the conversation
window was closed
* Fixed an html parsing bug, CAN-2005-0208
version 1.1.3 (2/17/2005):
* CHAP authentication support for SOCKS5 proxies (Malcolm Smith)
* ICQ offline messages are sent using your specified character
set instead of Unicode (Magnus Hult)
* MSN HTTP method works with proxies using authentication (Bastien
Durel)
* Really fix the bug where buddies show as logged in for 49 thousand
days
* Buddy pounces containing '&' are saved correctly
* Improved MSN error handling when the servers are unavailable
* More MSN bug fixes
* Fix some leaks
* Fix "Find" in the log viewer so that it finds in all logs
* Smileys not appearing at the end of lines has been fixed
* Closing conversation windows no longer cancels active file transfers
on MSN (Felipe Contreras)
version 1.1.2 (1/20/2005):
* MSN 'HTTP Method' fixed (Felipe Contreras)
* Better handling of MSN's Individuals group and buddy status updates
(Felipe Contreras)
* Fix a crash inviting MSN user to a chat when they're already there
* AIM SecurID login support
* Fix configuration of Jabber chat rooms on some servers
* More MSN bug fixes (Felipe Contreras)
* Fix queue messages to Docklet when not globally away (Robert McQueen)
* Fix some leaks
* The Autopackage now builds both the mozilla-nss and the gnutls
ssl plugins, and requires at least one of those libraries.
version 1.1.1 (12/28/2004):
* Allow SILC authentication via public key if your key is password
protected (Michele Baldessari)
* More MSN bug fixes (Felipe Contreras)
* Drag-and-drop to conversation window file transfers work again
* Disable the delete button on pounces that aren't saved yet anyway
(Kevin Stange)
|
|
|
|
security fix for ethereal
Revisions pulled up:
- pkgsrc/net/ethereal/Makefile 1.104,1.105
- pkgsrc/net/ethereal/PLIST 1.20
- pkgsrc/net/ethereal/distinfo 1.36
- pkgsrc/net/ethereal/patches/patch-aa removed
- pkgsrc/net/ethereal/patches/patch-ab removed
Module Name: pkgsrc
Committed By: salo
Date: Mon Mar 14 15:09:28 UTC 2005
Modified Files:
pkgsrc/net/ethereal: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/ethereal/patches: patch-aa patch-ab
Log Message:
Update to version 0.10.10
This release fixes three security and stability-related issues:
- Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
(CAN-2005-0704)
- The GPRS-LLC dissector could crash if the "ignore cipher bit" option was
enabled. (CAN-2005-0705)
- Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This
flaw was later reported by Leon Juranic. (CAN-2005-0699)
- Leon Juranic discovered a buffer overflow in the IAPP dissector.
- A bug in the JXTA dissector could make Ethereal crash.
- A bug in the sFlow dissector could make Ethereal crash.
Everyone is encouraged to upgrade.
New and updated features:
=========================
- Tree view item context menus now let you browse to the display filter
reference and wiki pages for a particular protocol.
- Online help has been expanded.
- VoIP call analysis (including nifty connection diagrams) has been added.
- GSS-API decryption has been greatly enhanced.
New protocol support:
=====================
AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol, Retix
Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
Updated protocol support:
=========================
3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2, DAAP,
DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella, GPRS, GSM A,
GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ, IEEE 802.11, IEEE 802.3
Slow Protocols, IP, iSCSI, ISUP, Juniper, JXTA, Kerberos, L2TP, LDAP, MIP,
MPLS, NDMP, NSIP, NTP, OSPF, OXID, PostgreSQL, RADIUS, RDT, Redback, RMCP,
RTP, RTSP, SCSI, SCTP, SDP, SPNEGO, SSL, STUN, TCAP, TCP, TZSP
New and updated capture file support:
=====================================
DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Mar 14 15:34:57 UTC 2005
Modified Files:
pkgsrc/net/ethereal: Makefile
Log Message:
Remove unnecessary "post-patch" target".
|
|
|
|
|
|
security fix for lesstif
Revisions pulled up:
- pkgsrc/x11/lesstif/Makefile 1.77,1.78
- pkgsrc/x11/lesstif/buildlink3.mk 1.4
- pkgsrc/x11/lesstif/distinfo 1.11,1.13
- pkgsrc/x11/lesstif/PLIST 1.9
- pkgsrc/x11/lesstif/patches/patch-ab 1.16
- pkgsrc/x11/lesstif/patches/patch-ac 1.17
Module Name: pkgsrc
Committed By: adam
Date: Wed Jan 5 11:16:38 UTC 2005
Modified Files:
pkgsrc/x11/lesstif: Makefile distinfo
Log Message:
Changes 0.94.0:
* XPM security fixes
* memory leak fixes
* other fixes
----
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 10 16:07:16 UTC 2005
Modified Files:
pkgsrc/x11/lesstif: PLIST
Log Message:
Sort.
----
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 10 16:07:27 UTC 2005
Modified Files:
pkgsrc/x11/lesstif: Makefile distinfo
Added Files:
pkgsrc/x11/lesstif/patches: patch-ab patch-ac
Log Message:
Add patch to fix CAN-2005-0605. Bump PKGREVISION.
----
Module Name: pkgsrc
Committed By: salo
Date: Fri Mar 11 00:34:19 UTC 2005
Modified Files:
pkgsrc/x11/lesstif: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED for security update. (hi wiz!)
|
|
|
|
security fix for openmotif
Revisions pulled up:
- pkgsrc/x11/openmotif/Makefile 1.32
- pkgsrc/x11/openmotif/distinfo 1.16
- pkgsrc/x11/openmotif/patches/patch-bi 1.2
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 10 16:00:32 UTC 2005
Modified Files:
pkgsrc/x11/openmotif: Makefile distinfo
pkgsrc/x11/openmotif/patches: patch-bi
Log Message:
Add patch to fix CAN-2005-0605. Bump PKGREVISION.
|
|
|
|
security fix for xpm
Revisions pulled up:
- pkgsrc/graphics/xpm/Makefile 1.39
- pkgsrc/graphics/xpm/distinfo 1.12
- pkgsrc/graphics/xpm/patches/patch-ak 1.2
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 10 15:23:10 UTC 2005
Modified Files:
pkgsrc/graphics/xpm: Makefile distinfo
pkgsrc/graphics/xpm/patches: patch-ak
Log Message:
Add patch to fix CAN-2005-0605. Bump PKGREVISION.
|
|
|
|
security fix for libexif
Revisions pulled up:
- pkgsrc/graphics/libexif/Makefile 1.22
- pkgsrc/graphics/libexif/buildlink3.mk 1.6
- pkgsrc/graphics/libexif/distinfo 1.12
- pkgsrc/graphics/libexif/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: adam
Date: Thu Mar 10 19:22:22 UTC 2005
Modified Files:
pkgsrc/graphics/libexif: distinfo
Added Files:
pkgsrc/graphics/libexif/patches: patch-ab
Log Message:
Added a patch to fix buffer overflow:
* SECURITY UPDATE: Fix buffer overflow.
* libexif/exif-data.c: Add buffer size checks in several places before
trying to access it.
* Thanks to Sylvain Defresne for spotting this and the patch.
* References:
https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152
Thanks to wiz@ for heads-up. :)
----
Module Name: pkgsrc
Committed By: salo
Date: Thu Mar 10 22:21:56 UTC 2005
Modified Files:
pkgsrc/graphics/libexif: Makefile buildlink3.mk
Log Message:
Bump PKGREVISION and BUILDLINK_RECOMMENDED for the security fix. (hi adam!)
|
|
|
|
security fix for imap-uw
Revisions pulled up:
- pkgsrc/mail/imap-uw/Makefile 1.88-1.90
- pkgsrc/mail/imap-uw/PLIST 1.9
- pkgsrc/mail/imap-uw/distinfo 1.19
- pkgsrc/mail/imap-uw-utils/DESCR 1.2
- pkgsrc/mail/imap-uw-utils/Makefile 1.20
- pkgsrc/mail/imap-uw-utils/PLIST 1.2
- pkgsrc/mail/imap-uw-utils/distinfo 1.5
Module Name: pkgsrc
Committed By: abs
Date: Mon Jan 24 09:03:48 UTC 2005
Modified Files:
pkgsrc/mail/imap-uw: Makefile distinfo
Log Message:
Update imap-uw to 2004c1
imap-2004c:
fixes to quoted-printable encoding and CRAM-MD5 authentication.
NNTP proxy in imapd now supports the LIST and LSUB commands.
imap-2004b:
There are new ports for Solaris with Blastwave Community Open
Source Software (gcs) and Mandrake Linux (lmd).
SET_SNARFINTERVAL now controls how frequently local drivers
will move new mail from the mail spool as well as from a
maildrop. Maildrops are still tied to a minimum interval of
1 minute, but there is now no minimum for the spool file.
Character set conversions now map non-breaking space to space
if the destination character set doesn't have nbsp. JIS Roman
yen sign is now mapped to Unicode yen sign.
---
Module Name: pkgsrc
Committed By: abs
Date: Mon Jan 31 11:38:22 UTC 2005
Modified Files:
pkgsrc/mail/imap-uw: Makefile
Log Message:
fix my previous attempt to clarify a comment at the start
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Mar 5 22:01:47 UTC 2005
Modified Files:
pkgsrc/mail/imap-uw: Makefile PLIST
Log Message:
- Fix builds on NetBSD 1.6 due to Kerberos/OpenSSL 0.9.7 issues
- Included some utilities in the install that were once a part of the
imap-uw-utils package but are now a part of this package
- ok'ed kim@
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Mar 6 14:37:16 UTC 2005
Modified Files:
pkgsrc/mail/imap-uw-utils: DESCR Makefile PLIST distinfo
Log Message:
- Update to 20050108 to avoid conflicts with imap-uw package
- Issue spotted by diro (at) nixsys.bz in PR #28966
This distribution now contains two unsupported programs, icat and ifrom,
which may be of use to some sites.
The old chkmail, imapcopy, imapxfer, mbxcopy, mbxcreat, and mbxcvt
programs have been replaced with the mailutil program, which is
included in the mail/imap-uw package.
The dmail, mlock, and tmail programs are also bundled in the mail/imap-uw
package.
|
|
|
|
security fix for ethereal
Revisions pulled up:
- pkgsrc/net/ethereal/Makefile 1.103
- pkgsrc/net/ethereal/distinfo 1.33, 1.35
- pkgsrc/net/ethereal/patches/patch-aa 1.11
- pkgsrc/net/ethereal/patches/patch-ab 1.3
Module Name: pkgsrc
Committed By: salo
Date: Mon Jan 31 22:53:54 UTC 2005
Modified Files:
pkgsrc/net/ethereal: distinfo
Added Files:
pkgsrc/net/ethereal/patches: patch-aa
Log Message:
Remove attributes in prototype for unnamed pointers.
ethereal svn version is laready fixed.
From PR pkg/29065 by Greg A. Woods.
---
Module Name: pkgsrc
Committed By: tron
Date: Thu Mar 10 10:05:33 UTC 2005
Modified Files:
pkgsrc/net/ethereal: Makefile distinfo
Added Files:
pkgsrc/net/ethereal/patches: patch-ab
Log Message:
Fix security vulernability in dissector for CDMA2000 A11 packets.
Bump package revision.
|
|
|
|
security fix for firefox
Patch supplied by submitter, equals to:
Module Name: pkgsrc
Committed By: taya
Date: Sun Feb 27 13:20:43 UTC 2005
Log Message:
Update firefox to 1.0.1.
Changes from release notes:
* Improved stability
* International Domain Names are now displayed as punycode.
(To show International Domain Names in Unicode, set the
"network.IDN_show_punycode" preference to false.)
* Several security fixes.
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
|
|
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.139
- pkgsrc/www/squid/distinfo 1.86
Module Name: pkgsrc
Committed By: taca
Date: Sun Mar 6 13:30:49 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid to 2.5.9nb1.
* 2005-03-04 22:48 (Cosmetic Security)
Unexpected access control results on configuration errors
* 2005-03-04 11:55 (Minor)
Links in FTP listings without / fails due to missing BASE HREF
* 2005-03-04 11:55 (Minor)
Fails to parse the EPLF FTP directory format
* 2005-03-03 02:26 (Minor Security)
Race condition related to Set-Cookie header
|
|
|
|
security fix for mailman
Revisions pulled up:
- pkgsrc/mail/mailman/Makefile 1.21
- pkgsrc/mail/mailman/PLIST 1.6
- pkgsrc/mail/mailman/distinfo 1.7
- pkgsrc/mail/mailman/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: kim
Date: Wed Mar 2 21:09:56 UTC 2005
Modified Files:
pkgsrc/mail/mailman: Makefile PLIST distinfo
pkgsrc/mail/mailman/patches: patch-ac
Log Message:
Upgrade to 2.1.5 due to security issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143
|
|
Please pay more attention to where are you committing stuff.
|
|
to lack of one :). Will need to be revisited.
|
|
|
|
security fix for cups
Revisions pulled up:
- pkgsrc/print/cups/Makefile 1.90
- pkgsrc/print/cups/distinfo 1.31
- pkgsrc/print/cups/patches/patch-au 1.4
- pkgsrc/print/cups/patches/patch-av 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed Mar 2 18:33:02 UTC 2005
Modified Files:
pkgsrc/print/cups: Makefile distinfo
pkgsrc/print/cups/patches: patch-au
Added Files:
pkgsrc/print/cups/patches: patch-av
Log Message:
Fix CAN-2005-0206:
An overflow check introduced earlier (for CAN-2004-0888) was never
triggered on 64-bit systems because 64-bit arithmetics was used there.
Sprinkle some casts to int su that the overflow can happen.
This fix is similar to the redhat one. The fix for similar code
in print/teTeX-bin looks much cleaner, but since cups already contains
the wrong redhad fix, I've chosen to stay close to the original.
bump PKGREVISION
|
|
|
|
security fix for gftp
Revisions pulled up:
- pkgsrc/net/gftp/DESCR 1.3
- pkgsrc/net/gftp/Makefile.common 1.8
- pkgsrc/net/gftp/PLIST 1.9
- pkgsrc/net/gftp/distinfo 1.8-1.9
- pkgsrc/net/gftp/patches/patch-aa 1.3
- pkgsrc/net/gftp/patches/patch-ab 1.5
- pkgsrc/net/gftp/patches/patch-ac 1.1
- pkgsrc/net/gftp/patches/patch-ad 1.1
- pkgsrc/net/gftp-gtk1/DESCR 1.2
- pkgsrc/net/gftp-gtk1/Makefile 1.7
Module Name: pkgsrc
Committed By: tron
Date: Wed Mar 2 14:36:53 UTC 2005
Modified Files:
pkgsrc/net/gftp: DESCR Makefile.common PLIST distinfo
pkgsrc/net/gftp-gtk1: DESCR
Added Files:
pkgsrc/net/gftp/patches: patch-aa patch-ab
Log Message:
Update "gftp" and "gftp-gtk1" package to version 2.0.18. Changes since
version 2.0.17:
- Added support for the FSP protocol (http://fsp.sourceforge.net/)
- SSH2: Fixed segfault that could occur when renaming a file (bug
introduced in 2.0.18rc1)
- SSH2: Fixes for parsing the directory listing from the commercial SSH
server
- FTP: added pasv_behind_router option. If this is enabled, then the IP
address that is in the PASV response will be ignored. Instead the IP
address of the remote host will be used
- FTP: removed the quote filename functionality in the SITE CHMOD and
SITE UTIME commands
- Chmod: Fixes for setting the group execute bit (bug introduced in
2.0.18rc1)
- Fixes so that the text port will prompt you for your password when
a URL is entered on the command line
- In the text port, convert the string from UTF8 to the users' current
locale before it is displayed
- Fixes for when the host system does not have getaddrinfo() (bug
introduced in 2.0.18rc1)
- Rewrote and improved the URL parser so that the :, @ characters are
allowed in directories and passwords
- Security Fix: Ignore the file paths that are returned by the remote
server
- FreeBSD and HP/UX fixes
- GNOME HIG fixes
- Many other small changes and improvements. See the ChangeLog file
in the distribution for a detailed list of changes.
- Updated language translations (cs de en_CA en_GB es hu nl zh_CN)
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Mar 2 20:43:21 UTC 2005
Modified Files:
pkgsrc/net/gftp: distinfo
pkgsrc/net/gftp-gtk1: Makefile
Added Files:
pkgsrc/net/gftp/patches: patch-ac patch-ad
Log Message:
Fix build problems in "gftp-gtk1" package caused by update to
version 2.0.18.
|
|
|
|
distfile update for unzip
Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile 1.53
- pkgsrc/archivers/unzip/distinfo 1.13
Module Name: pkgsrc
Committed By: salo
Date: Tue Mar 1 07:45:28 UTC 2005
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
Log Message:
Distfile changed after one day.. grrrrrrr.
Relevant change,
+5.52 (28 Feb 05):
+ - win32/win32.c - defer_dir_attribs(): fixed critical "mem-access to
+ nirwana" bug when processing directory entries without any local
+ extra field; added some explaining comments
|
|
|
|
security fix for wu-ftpd
Revisions pulled up:
- pkgsrc/net/wu-ftpd/Makefile 1.26
- pkgsrc/net/wu-ftpd/distinfo 1.13
- pkgsrc/net/wu-ftpd/patches/patch-ak 1.4
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 1 16:06:37 UTC 2005
Modified Files:
pkgsrc/net/wu-ftpd: Makefile distinfo
Added Files:
pkgsrc/net/wu-ftpd/patches: patch-ak
Log Message:
Apply patch from Rainer Schoepf in
http://marc.theaimsgroup.com/?l=bugtraq&m=110960890901497&w=2
to fix
http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
Bump PKGREVISION.
|
|
|
|
security fix for unace
Revisions pulled up:
- pkgsrc/archivers/unace/Makefile 1.14
- pkgsrc/archivers/unace/distinfo 1.6
- pkgsrc/archivers/unace/patches/patch-ad 1.2
- pkgsrc/archivers/unace/patches/patch-ae 1.1
- pkgsrc/archivers/unace/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 1 14:53:41 UTC 2005
Modified Files:
pkgsrc/archivers/unace: Makefile distinfo
pkgsrc/archivers/unace/patches: patch-ad
Added Files:
pkgsrc/archivers/unace/patches: patch-ae patch-af
Log Message:
Apply fix for CAN-2005-0160 and CAN-2005-0161.
Bump PKGREVISION.
|
|
|
|
update squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.137-1.138
- pkgsrc/www/squid/distinfo 1.84-1.85
Module Name: pkgsrc
Committed By: taca
Date: Mon Feb 28 16:59:08 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid to 2.5.8nb3, adding recent five official patches.
* 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
and other server errors
* 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
* 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow
for sane display of national characters etc
* 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k
reconfigure"
* 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
configure
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 1 11:16:58 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to 2.5.9 (2.5.STABLE9).
There is no runtime change from 2.5.8nb3.
- Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
ACl support: The effective host type is i386-pc-solaris2.9.
- Documentation update for squid 2.5.STALBE9.
|
|
|
|
security fix for unzip
Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile 1.52
- pkgsrc/archivers/unzip/distinfo 1.12
Module Name: pkgsrc
Committed By: salo
Date: Mon Feb 28 16:50:24 UTC 2005
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
Log Message:
Update to version 5.52
Changes:
The 5.52 maintenance release fixes a few minor problems found in the 5.51
release, closes some more security holes, adds a new AtheOS port, and
contains a Win32 extra-field code cleanup that was not finished earlier.
The most important changes are:
- (re)enabled unshrinking support by default, the LZW patents have expired
- fixed an extraction size bug for encrypted stored entries (12 excess bytes
were written with 5.51)
- fixed false "uncompressed size mismatch" messages when extracting encrypted
archive entries
- do not restore SUID/SGID/Tacky attribute bits on Unix (BeOS, AtheOS) unless
explicitely requested by new "-K" command line qualifier
- optional support for "-W" qualifier to modify the pattern matching syntax
(with -W: "*" stops at directory delimiter, "**" matches unlimited)
- prevent buffer overflow caused by bogus extra-long Zipfile specification
- performance enhancements for VMS port
- fixed windll interface handling of its extraction mode qualifiers nfflag,
ExtractOnlyNewer, noflag, PromptToOverwrite; added detailed explanation of
their meanings and interactions to the windll documentation
|
|
|
|
security fix for xine-lib
Apply a manual patch that fixes the vulnerabilities noted in
http://www.xinehq.de/index.php/security/XSA-2004-6
|
|
|
|
security fix for curl
Apply a manual patch that fixes a buffer overflow in the NTLM
authentication code. See http://www.securityfocus.com/archive/1/391042
for more information.
|
|
|
|
security fix for phpmyadmin
Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.26-1.29
- pkgsrc/databases/phpmyadmin/PLIST 1.9
- pkgsrc/databases/phpmyadmin/distinfo 1.10-1.11
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Feb 24 17:26:03 UTC 2005
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
- Update from 2.6.1-rc1 to 2.6.1-pl1
- Addresses known security issues as well as numerious other changes
- ok'ed tron@
[ Changelog skipped]
---
Module Name: pkgsrc
Committed By: tron
Date: Thu Feb 24 17:50:43 UTC 2005
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile
Log Message:
Add dependence on "php-mbstring" package because phpMyAdmin complains
about the lack of multibyte support otherwise.
---
Module Name: pkgsrc
Committed By: tron
Date: Thu Feb 24 20:52:09 UTC 2005
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" to 2.6.1pl2. It fixes a serious regression in 2.6.1pl1
which e.g. completely broke editing entries in a table.
|
|
|
|
security fix for cyrus-imapd22
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Feb 25 10:21:15 UTC 2005
Modified Files:
pkgsrc/mail/cyrus-imapd22: Makefile distinfo
Log Message:
- Update cyrus-imapd22 from 2.2.10 to 2.2.12
- ok'ed recht@
- Addresses a few recent security issues:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33733
Changes to the Cyrus IMAP Server since 2.2.10
* Fix possible single byte overflow in mailbox handling code.
* Fix possible single byte overflows in the imapd annotate extension.
* Fix stack buffer overflows in fetchnews (exploitable by peer news
server), backend (exploitable by admin), and in imapd (exploitable
by users though only on platforms where a filename may be larger
than a mailbox name).
|
|
|
|
security fix for xview-lib
Revisions pulled up:
- pkgsrc/x11/xview-lib/Makefile 1.25
- pkgsrc/x11/xview-lib/distinfo 1.8
- pkgsrc/x11/xview-lib/patches/patch-fa 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Thu Feb 10 11:03:53 UTC 2005
Modified Files:
pkgsrc/x11/xview-lib: Makefile distinfo
Added Files:
pkgsrc/x11/xview-lib/patches: patch-fa
Log Message:
the daily security patch:
sprintf->snprintf to fix security problem (CAN-2005-0076)
(patch from Debian)
bump PKGREVISION
|
|
security fix for emacs
Revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.76
- pkgsrc/editors/emacs/distinfo 1.17
- pkgsrc/editors/emacs/patches/patch-al 1.5
- pkgsrc/editors/emacs-nox11/Makefile 1.11
- pkgsrc/editors/emacs20/Makefile 1.15
- pkgsrc/editors/emacs20/distinfo 1.6
- pkgsrc/editors/emacs20/patches/patch-ca 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 9 16:09:43 UTC 2005
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
pkgsrc/editors/emacs-nox11: Makefile
pkgsrc/editors/emacs20: Makefile distinfo
Added Files:
pkgsrc/editors/emacs/patches: patch-al
pkgsrc/editors/emacs20/patches: patch-ca
Log Message:
fix format string vulnerability (CAN-2005-0100), bump PKGREVISION
|