summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2005-06-02Pullup ticket 528 - requested by Thomas Klausnersalo2-3/+108
PLIST fix for lablgtk2 Revisions pulled up: - pkgsrc/x11/lablgtk2/Makefile 1.5 - pkgsrc/x11/lablgtk2/PLIST 1.2 Module Name: pkgsrc Committed By: drochner Date: Tue May 31 15:56:18 UTC 2005 Modified Files: pkgsrc/x11/lablgtk2: PLIST Log Message: sync with reality --- Module Name: pkgsrc Committed By: wiz Date: Wed Jun 1 21:00:26 UTC 2005 Modified Files: pkgsrc/x11/lablgtk2: Makefile Log Message: Bump PKGREVISION after PLIST fix (hi drochner!) Noted by salo@.
2005-05-31#512salo1-1/+3
2005-05-31Pullup ticket 512 - requested by Manuel Bouyersalo5-14/+37
bugfix updates for xentools20 Revisions pulled up: - pkgsrc/sysutils/xentools20/Makefile 1.6, 1.8, 1.10 - pkgsrc/sysutils/xentools20/files/xend.sh 1.2 - pkgsrc/sysutils/xentools20/distinfo 1.4-1.5 - pkgsrc/sysutils/xentools20/patches/patch-af 1.2 - pkgsrc/sysutils/xentools20/patches/patch-as 1.1 Module Name: pkgsrc Committed By: bouyer Date: Fri Apr 1 19:06:12 UTC 2005 Modified Files: pkgsrc/sysutils/xentools20: Makefile pkgsrc/sysutils/xentools20/files: xend.sh Log Message: xend.sh fixes: - set command_interpreter, so that rc.subr(8) can find the process(es). - /usr/pkg/sbin/xend {stop,restart} don't to what we expect, to let rc.subr do it instead. Bump PKGREVISION. Should fix pkg/29847. --- Module Name: pkgsrc Committed By: wiz Date: Sat Apr 16 13:35:29 UTC 2005 Modified Files: pkgsrc/sysutils/xentools20: Makefile Log Message: Fix dependency pattern to include [0-9]. --- Module Name: pkgsrc Committed By: xtraeme Date: Mon May 23 18:05:16 UTC 2005 Modified Files: pkgsrc/sysutils/xentools20: distinfo pkgsrc/sysutils/xentools20/patches: patch-af Log Message: Fix build on NetBSD/-current by including <sys/select.h>. --- Module Name: pkgsrc Committed By: bouyer Date: Mon May 23 22:02:04 UTC 2005 Modified Files: pkgsrc/sysutils/xentools20: Makefile distinfo Added Files: pkgsrc/sysutils/xentools20/patches: patch-as Log Message: Don't mmap /kern/xen/privcmd (this doesn't work any more on current), use MAP_ANON instead. Bump pkgrevision.
2005-05-30526snj1-1/+3
2005-05-30Pullup ticket 526 - requested by Lubomir Sedlaciksnj2-9/+10
security update for cyrus-imapd21 Revisions pulled up: - pkgsrc/mail/cyrus-imapd21/Makefile 1.29 - pkgsrc/mail/cyrus-imapd21/distinfo 1.10, 1.11 Module Name: pkgsrc Committed By: wiz Date: Wed May 25 12:44:19 UTC 2005 Modified Files: pkgsrc/mail/cyrus-imapd21: distinfo Log Message: Add RMD160 checksum. ---- Module Name: pkgsrc Committed By: adrianp Date: Sat May 28 17:41:54 UTC 2005 Modified Files: pkgsrc/mail/cyrus-imapd21: Makefile distinfo Log Message: - Update cyrus-imapd21 to 2.1.18: - From the changelog: > Changes to the Cyrus IMAP Server since 2.1.17 > Fix single byte overflow in imapd annotate extension. > > Changes to the Cyrus IMAP Server since 2.1.16 > Fix several security issues in imapd and in mysasl_canon_user. > > Changes to the Cyrus IMAP Server since 2.1.15 > Clean up a timeout bug in fud proxy code. > Fix a number of bugs with the murder and altnamespace handling. > Detect fork() failures when launching sendmail in lmtpd > Enable telemetry logging in lmtpd/lmtpproxyd > Allow APOP to be disabled via an imap option > Fix reconstruct to handle missing cyrus.header files > Add the quotawarnkb option > Update MUPDATE to look for IANA assigned port numbers.
2005-05-28#521salo1-1/+3
2005-05-28Pullup ticket 521 - requested by Adrian Portellisalo6-2/+81
security fix for tcpdump Revisions pulled up: - pkgsrc/net/tcpdump/Makefile 1.15 - pkgsrc/net/tcpdump/distinfo 1.8 - pkgsrc/net/tcpdump/patches/patch-ac 1.1 - pkgsrc/net/tcpdump/patches/patch-ad 1.1 - pkgsrc/net/tcpdump/patches/patch-ae 1.1 - pkgsrc/net/tcpdump/patches/patch-af 1.1 Module Name: pkgsrc Committed By: adrianp Date: Sat May 28 14:15:23 UTC 2005 Modified Files: pkgsrc/net/tcpdump: Makefile distinfo Added Files: pkgsrc/net/tcpdump/patches: patch-ac patch-ad patch-ae patch-af Log Message: - Update to nb1 for security issues - Patches from tcpdump.org CVS tree
2005-05-28520snj1-1/+3
2005-05-28Pullup ticket 520 - requested by Lubomir Sedlaciksnj8-11/+142
security update for gxine Revisions pulled up: - pkgsrc/multimedia/gxine/Makefile 1.9, 1.10 - pkgsrc/multimedia/gxine/distinfo 1.4, 1.5, 1.6 - pkgsrc/multimedia/gxine/patches/patch-ac 1.3 - pkgsrc/multimedia/gxine/patches/patch-ad 1.3, 1.4 - pkgsrc/multimedia/gxine/patches/patch-ag 1.1 - pkgsrc/multimedia/gxine/patches/patch-ah 1.1 - pkgsrc/multimedia/gxine/patches/patch-ai 1.1, 1.2 - pkgsrc/multimedia/gxine/patches/patch-aj 1.1 Module Name: pkgsrc Committed By: rillig Date: Wed Apr 13 16:39:32 UTC 2005 Modified Files: pkgsrc/multimedia/gxine: Makefile distinfo Added Files: pkgsrc/multimedia/gxine/patches: patch-ag patch-ah patch-ai patch-aj patch-ak Log Message: Added some patches for ISO C90 compliance, for NetBSD-1.6.2, and for gcc-2.95. Approved by jlam. ---- Module Name: pkgsrc Committed By: reed Date: Sun May 8 06:33:35 UTC 2005 Modified Files: pkgsrc/multimedia/gxine: distinfo pkgsrc/multimedia/gxine/patches: patch-ac Added Files: pkgsrc/multimedia/gxine/patches: patch-ad Log Message: Make this build under FreeBSD. PKGREVISION not bumped since these changes only matter for FreeBSD build which failed in the first place. Note that xine-lib is needed, but the xine-lib fixes for FreeBSD have not been committed yet. (If you are curious, I am using gxine on FreeBSD all installed via pkgsrc to watch a MS Windows Media 7 ASF video and listen to MS Windows Media Audio 2 without any win32-codecs installed.) ---- Module Name: pkgsrc Committed By: salo Date: Fri May 27 12:09:27 UTC 2005 Modified Files: pkgsrc/multimedia/gxine: Makefile distinfo pkgsrc/multimedia/gxine/patches: patch-ad patch-ai Removed Files: pkgsrc/multimedia/gxine/patches: patch-ak Log Message: Update to version 0.4.5 Changes: 0.4.5: ====== - SECURITY FIX (pst.advisory 2005-21) Remotely-exploitable missing-format-string vulnerability in some message dialogue boxes. - Fixed some brokenness in the visualisations menu; hide/show the video widget as needed when selecting an item from that menu. - Better handling of uninstantiatable post-plugins (when configuring). - Caught and replaced another asprintf. [Bug 1204625] - Compile fix (Solaris): need $(X_EXTRA_LIBS). - Correct the documentation of the '-e' option in gxine.1. - Don't set a title for the full-screen toolbar. - Set up X threads earlier (it was being done too late). (based on a patch from Antti P Miettinen <ananaza@iki.fi>.) 0.4.4: ====== - Added support for VDR's AUDIO key. - Made the browser plugin optional. - Stop playback on playlist clear. - Fixed a bug in multi-file drag+drop. 0.4.3: ====== - Fix a bug in JS vdr(). It should check the active MRL rather than the currently-selected playlist entry. - Fix a post-plugin parameter handling error. - Provide a few more default bindings with keys. - Fix a compile failure when using xine-lib 1.0 headers. Whoops :-( - Added doc/Keybindings-HOWTO (from Craig Sanders). 0.4.2: ====== - Use external JS lib by default (if available). If you're using amd64, you want this, I'm told. - This version should be buildable and useable with GTK+2.2. It may also use, but not rely on, a few features from GTK+2.6. - Configure switches for GTK+ versions compatibility and whether to use the desktop integration wizard. (Mainly for packagers.) - Mark 'repeat' and 'random' buttons (playlist) as having accelerator keys. - Improve prefs window numeric entry editing. - "tvtime" deinterlace plugin support. - Video and audio post-plugin chain support. The deinterlace plugin is prepended to the video chain if enabled. The visualisation plugin is prepended to the audio chain if active. - Hide tab & border for single-page notebooks in the prefs window. - Make columns in playlist etc. resizable. - Fixed a few crash/warning bugs (mediamarks/playlist item edit) left over from 0.4.1. - Respond to volume changes made externally. - Fix crash on virtual desktop change. The full-screen window is now sticky and on all desktops. (If you have a better way of fixing this which *doesn't* require this, let me know.) - Fix overlay bug with window managers, such as IceWM, which have their own toolbars. - Text preferences which are uncommitted may be undone by Ctrl '-' or Undo. - Make the visualisation setting a preference. - Fix a few problems in playlist expansion via xine-lib. - Add JS event(NAME) function and make event() and vdr() output help text if called without parameters. - Add keybinding entries for 'next angle' and 'previous angle'. - Save the A/V offset setting. - Build fix: apparently, Spidermonkey isn't always libsmjs.so. - Stop GTK's complaints when the locale doesn't use UTF-8. (This is done by telling gettext that we want translated text in UTF-8. Some is intended for the console; this isn't special-cased.) - Add a few extra icons to the menus. - Add config options for default window size and magnification of low-res video streams. - Improve live-stream detection; recognise streams of unknown length. - Improve the current stream title display. - Rely on xine-lib's XML parser and quote some characters when saving the playlist, media marks and key bindings. - Change the way in which the control button images are implemented. (There are problems with some GTK+ theme engines otherwise.) - Try to update the current playlist item's title from the stream automatically unless the title has been edited. - Deleting a playlist item will, if it is being played, cause the next item to be played (or the player to enter idle mode). - Use ellipsis in long entries in the playlist & mediamarks windows. (Requires GTK+2.6.) - Allow drag&drop for reordering playlist items. - Prevent multiple install wizard instantiations. - Add menu tooltips for plugins with short descriptions in the plugin chain configuration windows. - Make playlist repeat & random settings persistent. (Guenter)
2005-05-27#513salo1-1/+3
2005-05-27Pullup ticket 513 - requested by Matthias Schelersalo4-5/+186
security fix for net-snmp Revisions pulled up: - pkgsrc/net/net-snmp/Makefile patched by hand - pkgsrc/net/net-snmp/buildlink3.mk patched by hand - pkgsrc/net/net-snmp/distinfo patched by hand - pkgsrc/net/net-snmp/patches/patch-ab 1.5 Module Name: pkgsrc Committed By: tron Date: Wed May 25 13:49:10 UTC 2005 Modified Files: pkgsrc/net/net-snmp: Makefile distinfo Added Files: pkgsrc/net/net-snmp/patches: patch-ab Log Message: Replace "fixproc" script with version from "net-snmp" CVS respository. This fixes the security problem documented in SA15471. Bump package revision because of this change.
2005-05-27#519salo1-1/+3
2005-05-27Pullup ticket 519 - requested by Adrian Portellisalo2-7/+7
security update for mhonarc Revisions pulled up: - pkgsrc/mail/mhonarc/Makefile 1.20 - pkgsrc/mail/mhonarc/distinfo 1.13 Module Name: pkgsrc Committed By: adrianp Date: Fri May 27 11:41:03 UTC 2005 Modified Files: pkgsrc/mail/mhonarc: Makefile distinfo Log Message: - Update mhonarc for recent security issue (XSS) - From the changelog: > 9050 Regex abort error in mhmimetypes.pl under Win32 > 11187 incorrectly parsing UTF-8 encoded messages > 11207 usenameext option to m2h_external::filter has no effect > 11760 spammode false positives on some HTML mail > 11762 rel=nofollow attribute support in message body hyperlinks > 11977 TSLICETOPBEGCUR ignored > 12512 Consecutive spaces not displayed in some cases > 12802 SubjectStripCode not working on message file > 12930 Cross site scripting bug in m2h_text_html::filter
2005-05-27#517salo1-1/+3
2005-05-27Pulup ticket 517 - requested by Adrian Portellisalo10-97/+57
security update for openslp Revisions pulled up: - pkgsrc/net/openslp/Makefile 1.26 - pkgsrc/net/openslp/buildlink3.mk 1.8 - pkgsrc/net/openslp/distinfo 1.12 - pkgsrc/net/openslp/patches/patch-ac 1.2 - pkgsrc/net/openslp/patches/patch-ae 1.2 - pkgsrc/net/openslp/patches/patch-ah 1.2 - pkgsrc/net/openslp/patches/patch-ad removed - pkgsrc/net/openslp/patches/patch-af removed - pkgsrc/net/openslp/patches/patch-ag removed - pkgsrc/net/openslp/patches/patch-ai 1.1 Module Name: pkgsrc Committed By: adrianp Date: Thu May 26 20:14:21 UTC 2005 Modified Files: pkgsrc/net/openslp: Makefile buildlink3.mk distinfo pkgsrc/net/openslp/patches: patch-ac patch-ae patch-ah Added Files: pkgsrc/net/openslp/patches: patch-ai Removed Files: pkgsrc/net/openslp/patches: patch-ad patch-af patch-ag Log Message: - Update to 1.2.1 - ok'ed jlam@ - This incorporates security fixes from SuSE to address the issues they found From the ChangeLog: > 02/04/2005 jcalcote@novell.com > Incorporated various bug fixes from SuSE and others. > Updated Autotools files for version 1.5+
2005-05-27515 and 516snj1-1/+5
2005-05-27Pullup ticket 516 - requested by Lubomir Sedlaciksnj5-26/+27
security update for bzip2 Revisions pulled up: - pkgsrc/archivers/bzip2/PLIST 1.3 - pkgsrc/archivers/bzip2/Makefile 1.39 - pkgsrc/archivers/bzip2/buildlink3.mk 1.17 - pkgsrc/archivers/bzip2/distinfo 1.12 - pkgsrc/archivers/bzip2/patches/patch-aa 1.11 Module Name: pkgsrc Committed By: rillig Date: Mon May 23 06:49:29 UTC 2005 Modified Files: pkgsrc/archivers/bzip2: PLIST Log Message: Sorted PLIST entries to make pkglint happy. ---- Module Name: pkgsrc Committed By: salo Date: Thu May 26 15:03:11 UTC 2005 Modified Files: pkgsrc/archivers/bzip2: Makefile buildlink3.mk distinfo pkgsrc/archivers/bzip2/patches: patch-aa Log Message: Security update to version 1.0.3 - Further robustification against corrupted compressed data. There are currently no known bitstreams which can cause the decompressor to crash, loop or access memory which does not belong to it. If you are using bzip2 or the library to decompress bitstreams from untrusted sources, an upgrade to 1.0.3 is recommended. http://scary.beasts.org/security/CESA-2005-002.txt - The documentation has been converted to XML, from which html and pdf can be derived. - Various minor bugs in the documentation have been fixed. - Fixes for various compilation warnings with newer versions of gcc, and on 64-bit platforms. - The BZ_NO_STDIO cpp symbol was not properly observed in 1.0.2. This has been fixed.
2005-05-27Pullup ticket 515 - requested by Lubomir Sedlaciksnj5-159/+163
security update for ImageMagick Revisions pulled up: - pkgsrc/graphics/ImageMagick/Makefile.common 1.40 - pkgsrc/graphics/ImageMagick/PLIST 1.37 - pkgsrc/graphics/ImageMagick/distinfo 1.49 - pkgsrc/graphics/ImageMagick/patches/patch-aa 1.30 - pkgsrc/graphics/ImageMagick/buildlink3.mk 1.9 Module Name: pkgsrc Committed By: adam Date: Wed May 25 10:32:33 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo pkgsrc/graphics/ImageMagick/patches: patch-aa Log Message: Changes 6.2.3.0: * Bug fixes ---- Module Name: pkgsrc Committed By: salo Date: Thu May 26 13:37:32 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED after latest update with security fixes. (hi adam!)
2005-05-23#499salo1-1/+3
2005-05-23Pullup ticket 499 - requested by Thomas Klausnersalo1-57/+56
various changes in bulk/upload script Module Name: pkgsrc Committed By: hubertf Date: Wed Mar 30 22:26:37 UTC 2005 Modified Files: pkgsrc/mk/bulk: upload Log Message: Before calculating checksums, print a line that says what's happening. With a slow NFS server (as mine), this can take a lot of time. --- Module Name: pkgsrc Committed By: hubertf Date: Wed Mar 30 22:36:18 UTC 2005 Modified Files: pkgsrc/mk/bulk: upload Log Message: If SIGN_AS is not set, remind the user to please sign the checksum files manually. Suggested and OK'd by jschauma@ --- Module Name: pkgsrc Committed By: jschauma Date: Sun Apr 10 21:44:04 UTC 2005 Modified Files: pkgsrc/mk/bulk: upload Log Message: uncomment the checksums for IRIX (the commented version was committed by mistake) --- Module Name: pkgsrc Committed By: jschauma Date: Sat Apr 30 21:35:06 UTC 2005 Modified Files: pkgsrc/mk/bulk: upload Log Message: s/upto date/up-to-date/ --- Module Name: pkgsrc Committed By: wiz Date: Sun May 8 13:29:09 UTC 2005 Modified Files: pkgsrc/mk/bulk: upload Log Message: Changes to the upload script: vulnerable packages are uploaded directly into the vulnerable subdir. While here: quote variables better handling of the temporary directory remove some backwards compatibility code that's been here long enough opsys-specific package handling was doing the same as non-opsys specific, so fold them together. Written together with dillo.
2005-05-19#510salo1-1/+3
2005-05-19Pullup ticket 510 - requested by Adrian Portellisalo3-3/+94
security fix for freeradius Revisions pulled up: - pkgsrc/net/freeradius/Makefile 1.28 - pkgsrc/net/freeradius/distinfo 1.14 - pkgsrc/net/freeradius/patches/patch-ak 1.3 Module Name: pkgsrc Committed By: adrianp Date: Wed May 18 21:58:45 UTC 2005 Modified Files: pkgsrc/net/freeradius: Makefile distinfo Added Files: pkgsrc/net/freeradius/patches: patch-ak Log Message: - Add fix for recent security issue
2005-05-18#509salo1-1/+3
2005-05-18Pullup ticket 509 - requested by Adrian Portellisalo5-35/+40
security update for bugzilla Revisions pulled up: - pkgsrc/devel/bugzilla/DESCR 1.2 - pkgsrc/devel/bugzilla/MESSAGE 1.2 - pkgsrc/devel/bugzilla/Makefile 1.6 - pkgsrc/devel/bugzilla/PLIST 1.3 - pkgsrc/devel/bugzilla/distinfo 1.5 Module Name: pkgsrc Committed By: adrianp Date: Sun May 15 17:04:32 UTC 2005 Modified Files: pkgsrc/devel/bugzilla: DESCR MESSAGE Makefile PLIST distinfo Log Message: - Update to 2.18.1 - Two "Information Disclosure" security bugs fixed - From the ChangeLog: > + You can now enter a negative time for "Hours Worked" > in the time-tracking area. (Bug 271276) > > + The BugMail.pm customization required for Windows (as > described in the Bugzilla Guide) now actually works. (Bug 280911) > > + Users who were using Bugzilla 2.8 can now successfully upgrade > to 2.18.1 (they couldn't upgrade to 2.18). (Bug 283403) > > + Dependency mails are now properly sent during a mass-change of bugs. > (Bug 178157)
2005-05-18508snj1-1/+3
2005-05-18Pullup ticket 508 - requested by Lubomir Sedlaciksnj47-5707/+1
remove mozilla-stable Module Name: pkgsrc Committed By: wiz Date: Mon Apr 18 22:40:36 UTC 2005 Modified Files: pkgsrc/www: Makefile Removed Files: pkgsrc/www/mozilla-stable: DESCR Makefile PLIST buildlink3.mk distinfo pkgsrc/www/mozilla-stable/files: moz-install mozilla-ELF.in mozilla-Mach-O.in mozilla-a.out.in xptcinvoke_asm_sparc64_netbsd.s xptcinvoke_sparc64_netbsd.cpp xptcstubs_asm_sparc64_netbsd.s xptcstubs_sparc64_netbsd.cpp pkgsrc/www/mozilla-stable/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-an patch-ao patch-aw patch-ax patch-ba patch-bb patch-bm patch-bo patch-bq patch-br patch-bs patch-bt patch-bu patch-bv patch-bw patch-bx patch-by patch-bz patch-ca patch-cb patch-cc Log Message: Remove mozilla-stable; not much difference to the mozilla package itself. Okayed by the maintainer, taya@.
2005-05-17#505salo1-1/+3
2005-05-17Pullup ticket 505 - requested by Shin'ichiro TAYAsalo6-24/+31
security update for mozilla Revisions pulled up: - pkgsrc/www/mozilla/Makefile 1.145 - pkgsrc/www/mozilla/Makefile.common 1.50-1.51, 1.53-1.54 - pkgsrc/www/mozilla/buildlink3.mk 1.11 - pkgsrc/www/mozilla/distinfo 1.76 - pkgsrc/www/mozilla-gtk2/Makefile 1.22 - pkgsrc/www/mozilla-gtk2/buildlink3.mk 1.9 Module Name: pkgsrc Committed By: abs Date: Sat Apr 2 09:46:41 UTC 2005 Modified Files: pkgsrc/www/mozilla: Makefile.common Log Message: cut trailing whitespace --- Module Name: pkgsrc Committed By: abs Date: Sat Apr 2 14:38:15 UTC 2005 Modified Files: pkgsrc/www/firefox: Makefile pkgsrc/www/mozilla: Makefile.common pkgsrc/www/mozilla-gtk2: Makefile Log Message: MOZILLA_USE_GTK2 needs --disable-gnomevfs, so make this so in mozilla/Makefile.common, rather than adding it into each Makefile (also fixes thunderbird-gtk2). --- Module Name: pkgsrc Committed By: taya Date: Sun Apr 24 14:05:06 UTC 2005 Modified Files: pkgsrc/www/mozilla: Makefile.common Log Message: set CONFIG_GUESS_OVERRIDE, CONFIG_SUB_OVERRIDE, and CONFIG_STATUS_OVERRIDE explicitly, because it fails to detect them with default setting. suggested by Todd Willey. --- Module Name: pkgsrc Committed By: taya Date: Sun May 15 02:58:05 UTC 2005 Modified Files: pkgsrc/www/mozilla: Makefile Makefile.common buildlink3.mk distinfo pkgsrc/www/mozilla-gtk2: Makefile buildlink3.mk Log Message: Update mozilla & mozilla-gtk2 to 1.7.8 This is a security fix release. Fixed vulnerabilities are follows: MFSA 2005-44 Privilege escalation via non-DOM property overrides MFSA 2005-43 "Wrapped" javascript: urls bypass security checks MFSA 2005-42 Code execution via javascript: IconURL
2005-05-16#507salo1-1/+3
2005-05-16Pullup ticket 507 - requested by Klaus Heinzsalo1-2/+3
portability fix for cdbkup Revisions pulled up: - pkgsrc/sysutils/cdbkup/Makefile 1.4 Module Name: pkgsrc Committed By: kristerw Date: Fri Mar 25 23:11:19 UTC 2005 Modified Files: pkgsrc/sysutils/cdbkup: Makefile Log Message: Rewrite the version test in a way the NetBSD 1.6 make understands.
2005-05-16#504salo1-1/+3
2005-05-16Pullup ticket 504 - requested by Shin'ichiro TAYAsalo7-96/+38
security update for firefox Revisions pulled up: - pkgsrc/www/firefox/Makefile 1.15 - pkgsrc/www/firefox/Makefile-firefox.common 1.14, 1.16-1.18 - pkgsrc/www/firefox/PLIST 1.13-1.15 - pkgsrc/www/firefox/buildlink3.mk 1.5 - pkgsrc/www/firefox/distinfo 1.29 - pkgsrc/www/firefox-gtk1/PLIST 1.3-1.4 - pkgsrc/www/firefox-gtk1/buildlink3.mk 1.4 Module Name: pkgsrc Committed By: taya Date: Wed Apr 13 13:34:26 UTC 2005 Modified Files: pkgsrc/www/firefox: Makefile-firefox.common PLIST pkgsrc/www/firefox-gtk1: PLIST Log Message: change extensions list as same as Linux official build. bump PKGREVISION. fix PR pkg/29595 --- Module Name: pkgsrc Committed By: wiz Date: Fri Apr 15 12:42:27 UTC 2005 Modified Files: pkgsrc/www/firefox: PLIST Log Message: Add two @exec ${MKDIR} lines for empty directories which have @dirrm lines, to fix binary packages. --- Module Name: pkgsrc Committed By: wiz Date: Fri Apr 15 12:44:30 UTC 2005 Modified Files: pkgsrc/www/firefox-gtk1: PLIST Log Message: Add an @exec ${MKDIR} line for an empty directory which has a @dirrm line, to fix binary packages. --- Module Name: pkgsrc Committed By: taya Date: Sun Apr 24 14:00:12 UTC 2005 Modified Files: pkgsrc/www/firefox: Makefile-firefox.common Log Message: concatinate extensions with separator ',' and set to MOZILLA_EXTENSIONS, instead of using ':ts' modifier. becase make of NetBSD-1.6.x doesn't have it. suggested by Jeremy C. Reed. --- Module Name: pkgsrc Committed By: reed Date: Mon Apr 25 19:26:10 UTC 2005 Modified Files: pkgsrc/www/firefox: Makefile-firefox.common Log Message: Make sure build is without gssapi support. (Okayed by maintainer, taya ... well really he said "I don't object your idea.") This fixes a build bug when heimdal is detected but not buildlinked. It is a known mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=245467 I didn't put this in the mozilla/Makefile.common, because didn't test that yet. This issue probably only happens when using /usr as the LOCALBASE, which is not really supported and maybe I am the only one to hit this with pkgsrc. Maybe later someone can consider adding a build option for GSSAPI, but I don't know anything about it in regards to a web browser myself. --- Module Name: pkgsrc Committed By: taya Date: Sat May 14 15:27:10 UTC 2005 Modified Files: pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST buildlink3.mk distinfo pkgsrc/www/firefox-gtk1: buildlink3.mk Log Message: Update firefox & firefox-gtk1 to 1.0.4. This is a security fix release. Fixed vulnerabilities are follows: MFSA 2005-44 Privilege escalation via non-DOM property overrides MFSA 2005-43 "Wrapped" javascript: urls bypass security checks MFSA 2005-42 Code execution via javascript: IconURL
2005-05-16#497salo1-1/+3
2005-05-16Pullup ticket 497 - requested by Matthias Schelersalo2-6/+6
security update for firefox-gtk2-bin Updated by a patch. Module Name: pkgsrc Committed By: tron Date: Thu May 12 15:06:58 UTC 2005 Modified Files: pkgsrc/www/firefox-bin: Makefile distinfo Log Message: Update "firefox-bin" package to version 1.0.4. The following security issuses were fixed in this release: MFSA 2005-44 Privilege escalation via non-DOM property overrides MFSA 2005-43 "Wrapped" javascript: urls bypass security checks MFSA 2005-42 Code execution via javascript: IconURL
2005-05-15#503salo1-1/+3
2005-05-15Pullup ticket 503 - requested by Adrian Portellisalo2-6/+6
security update for horde Revisions pulled up: - pkgsrc/www/horde/Makefile 1.34 - pkgsrc/www/horde/distinfo 1.12 Module Name: pkgsrc Committed By: adrianp Date: Sat May 14 13:33:15 UTC 2005 Modified Files: pkgsrc/www/horde: Makefile distinfo Log Message: - Update horde to 2.2.8 Changes in this release: * Fixed two XSS vulnerabilities. * Updated German and Traditional Chinese translations.
2005-05-14Tickets 500-502.snj1-1/+7
2005-05-14Pullup ticket 502 - requested by Lubomir Sedlaciksnj3-17/+17
security fix for leafnode Revisions pulled up: - pkgsrc/news/leafnode/Makefile 1.24 - pkgsrc/news/leafnode/distinfo 1.14 - pkgsrc/news/leafnode/patches/patch-aa 1.6 Module Name: pkgsrc Committed By: kim Date: Fri May 13 15:08:04 UTC 2005 Modified Files: pkgsrc/news/leafnode: Makefile distinfo pkgsrc/news/leafnode/patches: patch-aa Log Message: Upgrade to 1.11.2: * Fix segfault when timeout or connection reset encountered while article header is read. * fetchnews will no longer re-fetch the active file for a server if it has been completely received even if fetching articles from this server encounters a problem. Long-standing bug. Debian bug #70052. * fetchnews will now properly mark the active for complete re-fetch if it says so. Previously, it forgot the mark in some circumstances. A problem fetching the active file or descriptions for a newly added server will now mark the active for re-fetch even if articles have successfully been retrieved from the same server. * Fix use-after-free segfault when server dies while body is being received. * Support quoted strings on the right hand side of configuration lines. * Support IPv6 in fetchnews as well. * In LIST ACTIVE/GROUP, keep group interesting in spite of being pseudo (which includes empty) as long as it is interesting. Avoids unsubscription of low-traffic groups that fall empty.
2005-05-14Pullup ticket 501 - requested by Lubomir Sedlaciksnj11-30/+130
security fix for maradns Revisions pulled up: - pkgsrc/net/maradns/DESCR 1.2 - pkgsrc/net/maradns/Makefile 1.14 - pkgsrc/net/maradns/PLIST 1.4 - pkgsrc/net/maradns/distinfo 1.6 - pkgsrc/net/maradns/patches/patch-aa 1.3 - pkgsrc/net/maradns/patches/patch-ae 1.1 - pkgsrc/net/maradns/patches/patch-af 1.1 - pkgsrc/net/maradns/patches/patch-ag 1.1 - pkgsrc/net/maradns/patches/patch-ah 1.1 - pkgsrc/net/maradns/patches/patch-ai 1.1 - pkgsrc/net/maradns/patches/patch-aj 1.1 Module Name: pkgsrc Committed By: salo Date: Fri May 13 13:25:55 UTC 2005 Modified Files: pkgsrc/net/maradns: DESCR Makefile PLIST distinfo pkgsrc/net/maradns/patches: patch-aa Added Files: pkgsrc/net/maradns/patches: patch-ae patch-af patch-ag patch-ah patch-ai patch-aj Log Message: Update to version 1.0.28 Too many changes to list, see CHANGELOG within the source tarball. This update was prompted by an issue with random number generator, see the following url for details: http://www.maradns.org/download/patches/maradns-1.0.26-rekey_rng
2005-05-14Pullup ticket 500 - requested by Lubomir Sedlaciksnj7-65/+110
security fix for libexif Revisions pulled up: - pkgsrc/graphics/libexif/Makefile 1.24, 1.25 - pkgsrc/graphics/libexif/PLIST 1.12 - pkgsrc/graphics/libexif/distinfo 1.13, 1.14, 1.15 - pkgsrc/graphics/libexif/buildlink3.mk 1.7 - pkgsrc/graphics/libexif/patches/patch-aa 1.3 - pkgsrc/graphics/libexif/patches/patch-ab 1.3 - pkgsrc/graphics/libexif/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: adam Date: Wed Apr 20 12:40:41 UTC 2005 Modified Files: pkgsrc/graphics/libexif: Makefile PLIST distinfo Removed Files: pkgsrc/graphics/libexif/patches: patch-aa patch-ab Log Message: Changes 0.6.12: * Final fix of Ubuntu Security Notice USN-91-1 (CAN-2005-0664) https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152 * Updated build system with cross compile capabilities * Small fixes: Fix tag order, use even offsets, improve Nikon&Olympus mnote tags. ---- Module Name: pkgsrc Committed By: minskim Date: Mon May 9 13:21:16 UTC 2005 Modified Files: pkgsrc/graphics/libexif: distinfo Added Files: pkgsrc/graphics/libexif/patches: patch-aa patch-ab Log Message: Declare a static function in .c, not in .h. ---- Module Name: pkgsrc Committed By: salo Date: Fri May 13 11:58:00 UTC 2005 Modified Files: pkgsrc/graphics/libexif: Makefile buildlink3.mk distinfo Added Files: pkgsrc/graphics/libexif/patches: patch-ac Log Message: Security fix: "Matthias Clasen has reported a vulnerability in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion in the "exif_data_load_data_content()" function and can be exploited to cause a stack overflow when parsing a specially crafted image. Successful exploitation may crash an application linked against the vulnerable library." Bump PKGREVISION. Patch from: http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
2005-05-13#498salo1-1/+3
2005-05-13Pullup ticket 498 - requested by Takahiro Kambesalo2-4/+43
security fix for squid Revisions pulled up: - pkgsrc/www/squid/Makefile 1.150 - pkgsrc/www/squid/distinfo 1.97 Module Name: pkgsrc Committed By: taca Date: Thu May 12 16:09:48 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo Log Message: Update squid package to 2.5.9nb11. Apply 9 official fixes including security improvement in DNS lookup. I still disable transparent_port.patch because it needs a missing header file of IP Filter. NetBSD current and 3.0_BETA already fixed this problem but still netbsd-2/2-0 branches. I will apply it after netbsd-2/2-0 branches fix this problem. (And this fix needs to update squid package to 2.5.STABLE10 which is RC3 now.) * 2005-05-10 23:11 (Cosmetic) Extended documentation of the always_direct directive * 2005-05-10 22:33 (Medium) assertion failed: store_client.c:343: "storeSwapOutObjectBytesOnDisk(mem) > sc->copy_offset" * 2005-05-11 19:19 (Security issue) DNS lookups unreliable on untrusted networks * 2005-05-09 01:51 (Minor) Allow dstdomain and dstdom_regex to match IP based hosts * 2005-05-08 14:01 (Cosmetic) Minor arp ACL improvements * 2005-05-04 18:09 (Minor) SNMP Agent updates to support SNMP Version 2 and bulk requests * 2005-05-01 10:58 (Cosmetic) Cosmetic change to DISKD statistics * 2005-04-30 12:58 (Medium) Poor hot object cache hit ratio and sporadic assertion failed: store_swapin.c: e->mem_status == NOT_IN_MEMORY * 2005-04-25 16:36 (Cosmetic) Minor aufs improvements
2005-05-13#444salo1-1/+3
2005-05-13Pullup ticket 444 - requested by Johnny C. Lamsalo17-167/+280
security update for mit-krb5 Revisions pulled up: - pkgsrc/security/mit-krb5/Makefile 1.17-1.18, 1.20 - pkgsrc/security/mit-krb5/PLIST 1.6-1.8 - pkgsrc/security/mit-krb5/buildlink3.mk 1.4 - pkgsrc/security/mit-krb5/distinfo 1.9-1.10 - pkgsrc/security/mit-krb5/files/kadmind.sh 1.2 - pkgsrc/security/mit-krb5/files/kdc.sh 1.2 - pkgsrc/security/mit-krb5/patches/patch-aa 1.2 - pkgsrc/security/mit-krb5/patches/patch-ab 1.2 - pkgsrc/security/mit-krb5/patches/patch-ac 1.2 - pkgsrc/security/mit-krb5/patches/patch-ad 1.2 - pkgsrc/security/mit-krb5/patches/patch-ae 1.2 - pkgsrc/security/mit-krb5/patches/patch-af 1.3 - pkgsrc/security/mit-krb5/patches/patch-ag 1.3 - pkgsrc/security/mit-krb5/patches/patch-ai removed - pkgsrc/security/mit-krb5/patches/patch-aj 1.2 - pkgsrc/security/mit-krb5/patches/patch-ak 1.1 - pkgsrc/security/mit-krb5/patches/patch-al 1.1 Module Name: pkgsrc Committed By: jlam Date: Sun Apr 10 07:15:25 UTC 2005 Modified Files: pkgsrc/security/mit-krb5: Makefile PLIST distinfo pkgsrc/security/mit-krb5/files: kadmind.sh kdc.sh pkgsrc/security/mit-krb5/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-aj Added Files: pkgsrc/security/mit-krb5/patches: patch-ak Removed Files: pkgsrc/security/mit-krb5/patches: patch-ai Log Message: Updated security/mit-krb5 to krb5-1.4. Changes from version 1.3.6 include: * Merged Athena telnetd changes for creating a new option for requiring encryption. * Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. * The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed. * Thread safety for krb5 libraries. * Yarrow code now uses AES. * Merged Athena changes to allow ftpd to require encrypted passwords. * Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4. * Fix heap buffer overflow in password history mechanism. [MITKRB5-SA-2004-004] --- Module Name: pkgsrc Committed By: jlam Date: Sun Apr 10 07:45:31 UTC 2005 Modified Files: pkgsrc/security/mit-krb5: PLIST Log Message: Remove the examples directory on deinstallation. --- Module Name: pkgsrc Committed By: jlam Date: Sun Apr 10 07:46:51 UTC 2005 Modified Files: pkgsrc/security/mit-krb5: Makefile distinfo Added Files: pkgsrc/security/mit-krb5/patches: patch-al Log Message: Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating to buffer overflows in the telnet client. Bump PKGREVISION to 1. --- Module Name: pkgsrc Committed By: jlam Date: Mon Apr 11 22:44:54 UTC 2005 Modified Files: pkgsrc/security/mit-krb5: PLIST Log Message: The FTP daemon is always named "kftpd" regardless of whether prefix-cmds is a PKG_OPTION. --- Module Name: pkgsrc Committed By: jlam Date: Thu Apr 14 23:07:55 UTC 2005 Modified Files: pkgsrc/security/mit-krb5: Makefile Log Message: Remove unused section... MIT krb5 apparently now detects NetBSD's utmpx implementation correctly on NetBSD>=2.0. --- Module Name: pkgsrc Committed By: salo Date: Sat Apr 16 14:32:53 UTC 2005 Modified Files: pkgsrc/security/mit-krb5: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED for latest security fix. (hi jlam!)
2005-05-12488, 491-495snj1-1/+13
2005-05-12Pullup ticket 493 - requested by Lubomir Sedlaciksnj1-3/+1
remove dead mirrors from bsd.sites.mk Revisions pulled up: - pkgsrc/mk/bsd.sites.mk 1.36, 1.37 Module Name: pkgsrc Committed By: tv Date: Wed May 11 15:51:10 UTC 2005 Modified Files: pkgsrc/mk: bsd.sites.mk Log Message: Remove belnet.dl.sourceforge.net; it may as well be completely dead. ---- Module Name: pkgsrc Committed By: tv Date: Wed May 11 15:52:14 UTC 2005 Modified Files: pkgsrc/mk: bsd.sites.mk Log Message: Ditto citkit.dl.sourceforge.net.
2005-05-12Pullup ticket 495 - requested by Lubomir Sedlaciksnj13-181/+205
security fix for tiff Revisions pulled up: - pkgsrc/graphics/tiff/Makefile 1.67, 1.69 - pkgsrc/graphics/tiff/PLIST 1.7 - pkgsrc/graphics/tiff/distinfo 1.26, 1.27, 1.28, 1.29 - pkgsrc/graphics/tiff/options.mk 1.1 - pkgsrc/graphics/tiff/buildlink3.mk 1.12 - pkgsrc/graphics/tiff/patches/patch-aa 1.16 - pkgsrc/graphics/tiff/patches/patch-ab 1.16 - pkgsrc/graphics/tiff/patches/patch-ac 1.16 - pkgsrc/graphics/tiff/patches/patch-ad 1.14 - pkgsrc/graphics/tiff/patches/patch-ae removed - pkgsrc/graphics/tiff/patches/patch-af removed - pkgsrc/graphics/tiff/patches/patch-ah removed - pkgsrc/graphics/tiff/patches/patch-ag removed Module Name: pkgsrc Committed By: wiz Date: Wed Mar 23 01:17:45 UTC 2005 Modified Files: pkgsrc/graphics/tiff: Makefile PLIST distinfo pkgsrc/graphics/tiff/patches: patch-aa Added Files: pkgsrc/graphics/tiff: options.mk Removed Files: pkgsrc/graphics/tiff/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Update to 3.7.2. Package changes: Put options in options.mk, and retire support for USE_GIF; turn on the lzw option by default (since USE_GIF was on by default). C++ library's name changed, to be in sync with tiff distribution's name for it (libtiffcxx -> libtiffxx). Changes in 3.7.2: Maintainance [sic] release. Many bugfixes in the build environment and compatibility improvements. ---- Module Name: pkgsrc Committed By: recht Date: Thu Mar 24 17:46:29 UTC 2005 Modified Files: pkgsrc/graphics/tiff: distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-ab Log Message: Pull in libtiff/Makefile.in rev. 1.54 and 1.55 without the rpath changes from libtiff CVS to fix the build on Darwin. ---- Modified Files: pkgsrc/graphics/tiff: distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-ac Log Message: Fix for NetBSD LP64 arches by checking if _LP64 is defined. These arches don't define __LP64__. This is basically same as patch-ab rev. 1.13, which was probably removed by mistake. ---- Module Name: pkgsrc Committed By: salo Date: Thu May 12 12:53:21 UTC 2005 Modified Files: pkgsrc/graphics/tiff: Makefile buildlink3.mk distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-ad Log Message: Security fix: "A vulnerability in libTIFF was found, it can be potentially exploited by malicious people to compromise a vulnerable system." http://secunia.com/advisories/15320/ http://bugzilla.remotesensing.org/show_bug.cgi?id=3D843 Bump PKGREVISION, patch from libtiff cvs repository.
2005-05-12Pullup ticket 494 - requested by Lubomir Sedlaciksnj4-9/+11
security fix for gaim Revisions pulled up: - pkgsrc/chat/gaim/Makefile 1.85 - pkgsrc/chat/gaim/PLIST 1.39 - pkgsrc/chat/gaim/buildlink3.mk 1.5 - pkgsrc/chat/gaim/distinfo 1.64 Module Name: pkgsrc Committed By: salo Date: Thu May 12 10:32:18 UTC 2005 Modified Files: pkgsrc/chat/gaim: Makefile PLIST buildlink3.mk distinfo Log Message: Update to version 1.3.0 Changes: - Fixes for two remotely exploitable crash bugs. See http://gaim.sourceforge.net/security/ for more information. - Removed parts of the font selection dialog that were not respected - Fix being invited to a multi user chat on MSN - Multiple SILC accounts should work now (Pekka Riikonen) - Fix times on jabber chat backlogs - Fix gevolution plugin to compile with e-d-s 1.0 or 1.2 - Fix gevolution plugin to remember buddy name when someone added you and you then add them - Formatting in jabber chats works - Fix to prevent MSN disconnecting if you change status while - connecting - Change to correctly handle adding jabber buddies on ejabberd servers Mostly from MAINTAINER via PR pkg/30204
2005-05-12Pullup ticket 492 - requested by Lubomir Sedlaciksnj3-3/+17
security fix for lsh Revisions pulled up: - pkgsrc/security/lsh/Makefile 1.8 - pkgsrc/security/lsh/distinfo 1.4 - pkgsrc/security/lsh/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: drochner Date: Sat Apr 30 12:23:42 UTC 2005 Modified Files: pkgsrc/security/lsh: Makefile PLIST distinfo Added Files: pkgsrc/security/lsh/patches: patch-ac pkgsrc/security/lsh2: DESCR Makefile PLIST distinfo pkgsrc/security/lsh2/patches: patch-aa patch-ab Log Message: Move the freshly update lsh-2.0.1 into a separate pkg and leave security/lsh at 1.4.3. lsh-2.0.1 has interoperability problems with openssh servers (always gets "Invalid server signature" errors). lsh-1.4.3 is not affected by CAN-2003-0826. Add a patch to address CAN-2005-0814 and bump PKGREVISION.
2005-05-12Pullup ticket 491 - requested by Lubomir Sedlaciksnj5-65/+56
security update for ImageMagick Revisions pulled up: - pkgsrc/graphics/ImageMagick/Makefile.common 1.35, 1.36, 1.37, 1.38, 1.39 - pkgsrc/graphics/ImageMagick/PLIST 1.32, 1.33, 1.34, 1.35, 1.36 - pkgsrc/graphics/ImageMagick/distinfo 1.44, 1.45, 1.46, 1.47, 1.48 - pkgsrc/graphics/ImageMagick/patches/patch-aa 1.29 - pkgsrc/graphics/ImageMagick/buildlink3.mk 1.8 Module Name: pkgsrc Committed By: adam Date: Tue Mar 22 15:10:39 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo Log Message: Changes 6.2.0-8: * Bug fixes ---- Module Name: pkgsrc Committed By: adam Date: Tue Mar 29 14:31:52 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo pkgsrc/graphics/ImageMagick/patches: patch-aa Log Message: Changes 6.2.1-0: * Bug fixes, clean ups, and improvements ---- Module Name: pkgsrc Committed By: adam Date: Wed Apr 13 08:10:18 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo Log Message: Changes 6.2.1-3: * Bug fixes ---- Module Name: pkgsrc Committed By: adam Date: Tue Apr 19 15:43:13 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo Log Message: Changes 6.2.1.6: * Bug fixes? ---- Module Name: pkgsrc Committed By: adam Date: Tue Apr 26 08:08:01 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo Log Message: Changes 6.2.2.0: * Bug-fixes ---- Module Name: pkgsrc Committed By: salo Date: Wed May 11 13:22:15 UTC 2005 Modified Files: pkgsrc/graphics/ImageMagick: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED after latest update with security fixes.