Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security update for ImageMagick, p5-PerlMagick
- pkgsrc/graphics/ImageMagick/Makefile.common 1.76
- pkgsrc/graphics/ImageMagick/PLIST 1.57
- pkgsrc/graphics/ImageMagick/distinfo 1.91
- pkgsrc/graphics/ImageMagick/patches/patch-aa removed
Module Name: pkgsrc
Committed By: tron
Date: Mon Sep 24 08:03:25 UTC 2007
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo
Removed Files:
pkgsrc/graphics/ImageMagick/patches: patch-aa
Log Message:
Update ImageMagick and p5-PerlMagick packages to version 6.3.5.10.
The new version provides a lot of bug fixes and small enhancements and
fixes four security vulnerabilites found by iDefense (CVE-4985, CVE-4986,
CVE-4987 and CVE-4988). Approved by wiz@.
|
|
|
|
security fix for fetchmail
- pkgsrc/mail/fetchmail/Makefile 1.163
- pkgsrc/mail/fetchmail/distinfo 1.38
- pkgsrc/mail/fetchmail/patches/patch-aa 1.6
Module Name: pkgsrc
Committed By: tron
Date: Sun Sep 23 12:48:46 UTC 2007
Modified Files:
pkgsrc/mail/fetchmail: Makefile distinfo
Added Files:
pkgsrc/mail/fetchmail/patches: patch-aa
Log Message:
Add fix for security vulnerability reported in CVE-2007-4565.
Bump package revision.
|
|
|
|
security fix for kdebase3
- pkgsrc/x11/kdebase3/Makefile 1.133
- pkgsrc/x11/kdebase3/distinfo 1.99
Module Name: pkgsrc
Committed By: markd
Date: Fri Sep 21 20:48:13 UTC 2007
Modified Files:
pkgsrc/x11/kdebase3: Makefile distinfo
Log Message:
Updated version of konqueror address bar spoofing fix
http://www.kde.org/info/security/advisory-20070914-1.txt
also fix for KDM passwordless login vulnerability
http://www.kde.org/info/security/advisory-20070919-1.txt
|
|
security fix for kdelibs3
- pkgsrc/x11/kdelibs3/Makefile 1.128
- pkgsrc/x11/kdelibs3/distinfo 1.88
Module Name: pkgsrc
Committed By: markd
Date: Fri Sep 21 20:45:53 UTC 2007
Modified Files:
pkgsrc/x11/kdelibs3: Makefile distinfo
Log Message:
Updated version of Konqueror address bar spoofing fix
http://www.kde.org/info/security/advisory-20070914-1.txt
|
|
security update for seamonkey (second part)
- pkgsrc/www/seamonkey/Makefile-seamonkey.common 1.12
- pkgsrc/www/seamonkey/distinfo 1.24
- pkgsrc/www/seamonkey-bin/Makefile 1.16
- pkgsrc/www/seamonkey-bin/distinfo 1.13
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 10 09:23:23 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile-seamonkey.common distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to Seamonkey 1.1.4.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.4/
|
|
|
|
security fix for qt3-libs
- pkgsrc/x11/qt3-libs/Makefile 1.67 via patch
- pkgsrc/x11/qt3-libs/distinfo 1.46
- pkgsrc/x11/qt3-libs/patches/patch-aq 1.2
Module Name: pkgsrc
Committed By: tron
Date: Sat Sep 15 12:04:02 UTC 2007
Modified Files:
pkgsrc/x11/qt3-libs: Makefile distinfo
pkgsrc/x11/qt3-libs/patches: patch-aq
Log Message:
Fix security vulnerability reported in CVE-2007-4137.
Bump package revision.
|
|
|
|
security update for apache22
- pkgsrc/www/apache22/Makefile 1.18, 1.20
- pkgsrc/www/apache22/Makefile.common 1.6
- pkgsrc/www/apache22/PLIST 1.2, 1.3
- pkgsrc/www/apache22/distinfo 1.7
- pkgsrc/www/apache22/patches/patch-aa 1.2
- pkgsrc/www/apache22/patches/patch-ab removed
- pkgsrc/www/apache22/patches/patch-an removed
- pkgsrc/www/apache22/patches/patch-ao removed
- pkgsrc/www/apache22/patches/patch-ap removed
- pkgsrc/www/apache22/patches/patch-ar removed
- pkgsrc/www/apache22/patches/patch-at removed
Module Name: pkgsrc
Committed By: tron
Date: Sat Sep 8 11:02:11 UTC 2007
Modified Files:
pkgsrc/www/apache22: Makefile Makefile.common PLIST distinfo
pkgsrc/www/apache22/patches: patch-aa
Removed Files:
pkgsrc/www/apache22/patches: patch-ab patch-an patch-ao patch-ap
patch-ar patch-at
Log Message:
Update "apache22" package to version 2.2.6.
This update is a bug and security fix release. The following security
problem hasn't been fixed in "pkgsrc" before:
- CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when
parsing date-related headers.
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Sep 9 08:12:58 UTC 2007
Modified Files:
pkgsrc/www/apache22: Makefile
Log Message:
Only fix the suexec permissions if the file exists.
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Sep 10 20:36:41 UTC 2007
Modified Files:
pkgsrc/www/apache22: PLIST
Log Message:
Remove duplicate entry for "share/httpd/icons/README.html".
Pointed out by Geert Hendrickx in private e-mail.
|
|
|
|
security update for lighttpd
- pkgsrc/www/lighttpd/DESCR 1.2
- pkgsrc/www/lighttpd/Makefile 1.16
- pkgsrc/www/lighttpd/PLIST 1.7
- pkgsrc/www/lighttpd/distinfo 1.11
- pkgsrc/www/lighttpd/patches/patch-aa 1.7
- pkgsrc/www/lighttpd/patches/patch-ab 1.4
- pkgsrc/www/lighttpd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: jlam
Date: Mon Sep 10 13:59:51 UTC 2007
Modified Files:
pkgsrc/www/lighttpd: DESCR Makefile PLIST distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ab patch-ac
Log Message:
Update www/lighttpd to 1.4.18. Changes from 1.4.16 include:
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
--> fixed FastCGI header overrun in mod_fastcgi
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* added dir-listing.set-footer in mod_dirlisting (#1277)
* added sending UID and PID for SIGTERM and SIGINT to the logs
* fixed compression of files < 128 bytes by disabling compression (#1241)
* fixed mysql server reconnects (#518)
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
* fixed crash on mixed EOL sequences in mod_cgi
* fixed key compare (#1287)
* fixed invalid char in header values (#1286)
* fixed invalid "304 Not Modified" on broken timestamps
--> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
--> fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals (#41)
--> fixed possible overflow in unix-socket path checks on BSD (#713)
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
* fixed handling of duplicate If-Modified-Since to return 304
* fixed extracting status code from NPH scripts (#1125)
* removed config-check if passwd files exist (#1188)
* fixed crash when etags are disabled but the client sends one (#1322)
* fixed crash when freeing the config in mod_alias
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
* fixed entering 404-handler from dynamic content (#948)
* added more debug infos for FAM based stat-cache
The highlighted changes are security vulnerabilities that are fixed in
this release.
|
|
|
|
security update for apache2
- pkgsrc/devel/apr0/Makefile 1.3
- pkgsrc/devel/apr0/distinfo 1.2
- pkgsrc/www/apache2/Makefile 1.118
- pkgsrc/www/apache2/Makefile.commom 1.22
- pkgsrc/www/apache2/PLIST 1.35
- pkgsrc/www/apache2/distinfo 1.51
- pkgsrc/www/apache2/patches/patch-ap removed
- pkgsrc/www/apache2/patches/patch-aq removed
Module Name: pkgsrc
Committed By: tron
Date: Fri Sep 7 23:11:41 UTC 2007
Modified Files:
pkgsrc/devel/apr0: Makefile distinfo
pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
Log Message:
Update "apr" package to version 0.9.16.2.0.61 and "apache2" package
to version 2.0.61.
This update is a bug and security fix release. The following security
problem hasn't been fixed in "pkgsrc" before:
- CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when
parsing date-related headers.
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Sep 7 23:28:23 UTC 2007
Removed Files:
pkgsrc/www/apache2/patches: patch-ap patch-aq
Log Message:
Remove obsolete patch files.
|
|
|
|
security fix for konqueror
- pkgsrc/x11/kdebase3/Makefile 1.131
- pkgsrc/x11/kdebase3/distinfo 1.98
- pkgsrc/x11/kdelibs3/Makefile 1.126
- pkgsrc/x11/kdelibs3/distinfo 1.87
Module Name: pkgsrc
Committed By: markd
Date: Sun Sep 2 04:34:00 UTC 2007
Modified Files:
pkgsrc/x11/kdebase3: Makefile distinfo
pkgsrc/x11/kdelibs3: Makefile distinfo
Log Message:
The Konqueror address bar is vulnerable to spoofing attacks
that are based on embedding white spaces in the url. In addition
the address bar could be tricked to show an URL which it is
intending to visit for a short amount of time instead of the
current URL.
http://www.kde.org/info/security/advisory-20070816-1.txt
Bump PKGREVISION for kdelibs3 and kdebase3
|
|
|
|
security update for thunderbird15
Revisions pulled up:
- pkgsrc/mail/thunderbird15/Makefile-thunderbird.common 1.3
- pkgsrc/mail/thunderbird15/distinfo 1.3
- pkgsrc/mail/thunderbird15/PLIST 1.2
- pkgsrc/mail/thunderbird15-gtk1/PLIST 1.2
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 24 14:53:32 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird15: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird15-gtk1: PLIST
Log Message:
Update thunderbird15 and thunderbird15-gtk1 to 1.5.0.13.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
For more info, see
http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.13.html
|
|
|
|
security update for seamonkey
Revisions pulled up:
- pkgsrc/www/seamonkey/Makefile-seamonkey.common 1.11, 1.12
- pkgsrc/www/seamonkey/PLIST 1.13
- pkgsrc/www/seamonkey/distinfo 1.23, 1.24
- pkgsrc/www/seamonkey-gtk1/PLIST 1.8
- pkgsrc/www/seamonkey/patches/patch-cn 1.4
- pkgsrc/www/seamonkey-bin/Makefile 1.14, 1.16
- pkgsrc/www/seamonkey-bin/distinfo 1.12, 1.13
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 08:50:17 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile-seamonkey.common PLIST distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
pkgsrc/www/seamonkey-gtk1: PLIST
pkgsrc/www/seamonkey/patches: patch-cn
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to Seamonkey 1.1.3.
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an
element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.3/
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 10 09:23:23 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile-seamonkey.common distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to Seamonkey 1.1.4.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.4/
|
|
security fix for xfce4-terminal
- pkgsrc/x11/xfce4-terminal/Makefile 1.2
- pkgsrc/x11/xfce4-terminal/buildlink3.mk 1.2
- pkgsrc/x11/xfce4-terminal/distinfo 1.2
- pkgsrc/x11/xfce4-terminal/patches/patch-aa 1.1
Modified Files:
pkgsrc/x11/xfce4-terminal: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/x11/xfce4-terminal/patches: patch-aa
Log Message:
Updated x11/xfce4-terminal to 0.2.6nb1
Fixed "URL handling allows remote shell command execution" bug:
http://bugzilla.xfce.org/show_bug.cgi?id=3383
|
|
|
|
security fix for rsync
- pkgsrc/net/rsync/Makefile 1.68
- pkgsrc/net/rsync/distinfo 1.26
- pkgsrc/net/rsync/patches/patch-aa 1.11
Module Name: pkgsrc
Committed By: tron
Date: Thu Aug 23 13:47:51 UTC 2007
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Added Files:
pkgsrc/net/rsync/patches: patch-aa
Log Message:
Add SuSE's patch to fix the vulnerability reported in CVE-2007-4091.
Bump package revision.
|
|
security update for tcpdump
- pkgsrc/net/tcpdump/Makefile 1.25
- pkgsrc/net/tcpdump/distinfo 1.15
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 2 15:16:52 UTC 2007
Modified Files:
pkgsrc/net/tcpdump: Makefile distinfo
Log Message:
Update tcpdump to 3.9.7.
(I think that "Summary for 0.9.7 libpcap" below should be read
"Summary for 3.9.7 tcpdump".)
Wed. July 23, 2007. mcr@xelerance.com. Summary for 0.9.7 libpcap release
NFS: Print unsigned values as such.
RX: parse safely.
BGP: fixes for IPv6-less builds.
801.1ag: use standard codepoint.
use /dev/bpf on systems with such a device.
802.11: print QoS data, avoid dissect of no-data frame, ignore padding.
smb: make sure that we haven't gone past the end of the captured data.
smb: squelch an uninitialized complaint from coverity.
NFS: from NetBSD; don't interpret the reply as a possible NFS reply
if it got MSG_DENIED.
BGP: don't print TLV values that didn't fit, from www.digit-labs.org.
revised INSTALL.txt about libpcap dependancy.
Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release
Update man page to reflect changes to libpcap
Changes to both TCP and IP Printer Output
Fix a potential buffer overflow in the 802.11 printer
Print basic info about a few more Cisco LAN protocols.
mDNS cleanup
ICMP MPLS rework of the extension code
bugfix: use the correct codepoint for the OSPF simple text auth token
entry, and use safeputs to print the password.
Add support in pflog for additional values
Add support for OIF RSVP Extensions UNI 1.0 Rev. 2 and additional RSVP objects
Add support for the Message-id NACK c-type.
Add support for 802.3ah loopback ctrl msg
Add support for Multiple-STP as per 802.1s
Add support for rapid-SPT as per 802.1w
Add support for CFM Link-trace msg, Link-trace-Reply msg,
Sender-ID tlv, private tlv, port, interface status
Add support for unidirectional link detection as per
http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt
Add support for the olsr protocol as per RFC 3626 plus the LQ
extensions from olsr.org
Add support for variable-length checksum in DCCP, as per section 9 of
RFC 4340.
Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
Add support for Multiple-STP as per 802.1s
Add support for the cisco propriatry 'dynamic trunking protocol'
Add support for the cisco proprietary VTP protocol
Update dhcp6 options table as per IETF standardization activities
|
|
|
|
security fix for koffice
- pkgsrc/misc/koffice/Makefile 1.95
- pkgsrc/misc/koffice/distinfo 1.42
Module Name: pkgsrc
Committed By: markd
Date: Sun Aug 12 21:07:59 UTC 2007
Modified Files:
pkgsrc/misc/koffice: Makefile distinfo
Log Message:
Latest xpdf vulnerability
http://www.kde.org/info/security/advisory-20070730-1.txt
Bump PKGREVISION.
|
|
security fix for kdegraphics
- pkgsrc/graphics/kdegraphics3/Makefile 1.72
- pkgsrc/graphics/kdegraphics3/distinfo 1.46
Module Name: pkgsrc
Committed By: markd
Date: Sun Aug 12 21:06:49 UTC 2007
Modified Files:
pkgsrc/graphics/kdegraphics3: Makefile distinfo
Log Message:
Latest xpdf vulnerability
http://www.kde.org/info/security/advisory-20070730-1.txt
Bump PKGREVISION.
|
|
security update for libpcap
- pkgsrc/net/libpcap/Makefile 1.37
- pkgsrc/net/libpcap/distinfo 1.18
- pkgsrc/net/libpcap/patches/patch-ab removed
- pkgsrc/net/libpcap/patches/patch-ad removed
- pkgsrc/net/libpcap/patches/patch-ae removed
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 2 15:15:21 UTC 2007
Modified Files:
pkgsrc/net/libpcap: Makefile distinfo
Removed Files:
pkgsrc/net/libpcap/patches: patch-ab patch-ad patch-ae
Log Message:
Update libpcap to 0.9.7.
libpcap
Wed. July 23, 2007. mcr@xelerance.com. Summary for 0.9.7 libpcap release
FIXED version file to be 0.9.7 instead of 0.9.5.
added flags/configuration for cloning bpf device.
added DLT_MTP2_WITH_PHDR support (PPI)
"fix" the "memory leak" in icode_to_fcode() -- documentation bug
Various link-layer types, with a pseudo-header, for SITA http://www.sita.aero/
introduces support for the DAG ERF type TYPE_COLOR_MC_HDLC_POS.
Basic BPF filtering support for DLT_MTP2_WITH_PHDR is also added.
check for IPv4 and IPv6, even for DLT_RAW
add support for DLT_JUNIPER_ISM
Pick up changes from NetBSD: many from tron, christos, drochner
Allocate DLT_ for 802.15.4 without any header munging, for Mikko Saarnivala.
Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header
Wed. April 25, 2007. ken@xelerance.com. Summary for 0.9.6 libpcap release
Put the public libpcap headers into a pcap subdirectory in both the
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for
backwards compatibility.
Add Bluetooth support
Add USB capturing support on Linux
Add support for the binary USB sniffing interface in Linux
Add support for new FreeBSD BIOCSDIRECTION ioctl
Add additional filter operations for 802.11 frame types
Add support for filtering on MTP2 frame types
Propagate some changes from the main branch, so the x.9 branch has
all the DLT_ and LINKTYPE_ values that the main branch does
Reserved a DLT_ and SAVEFILE_ value for PPI (Per Packet Info)
encapsulated packets
Add LINKTYPE_ for IEEE 802.15.4, with address fields padded as done
by Linux drivers
Add LINKTYPE_ value corresponding to DLT_IEEE802_16_MAC_CPS.
Add DLT for IEEE 802.16 (WiMAX) MAC Common Part Sublayer
Add DLT for Bluetooth HCI UART transport layer
When building a shared library, build with "-fPIC" on Linux to support x86_64
Link with "$(CC) -shared" rather than "ld -shared" when building a
".so" shared library
Add support for autoconf 2.60
Fixes to discard unread packets when changing filters
Changes to handle name changes in the DAG library resulting from
switching to libtool.
Add support for new DAG ERF types.
Add an explicit "-ldag" when building the shared library, so the DAG
library dependency is explicit.
Mac OSX fixes for dealing with "wlt" devices
Fixes in add_or_find_if() & pcap_findalldevs() to optimize generating
device lists
Fixed a bug in pcap_open_live(). The return value of PacketSetHwFilter
was not checked.
|
|
|
|
security update for thunderbird
Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.27, 1.28
- pkgsrc/mail/thunderbird/PLIST 1.23
- pkgsrc/mail/thunderbird/distinfo 1.40, 1.41
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.13
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 12:29:37 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
Log Message:
Update thunderbrd and thunderbird-gtk1 to 2.0.0.5.
Security fixes in this version:
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.5/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Thu Aug 2 08:48:30 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo
Log Message:
Update thunderbrd and thunderbird-gtk1 to 2.0.0.6.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.6/releasenotes/
|
|
|
|
|
|
|
|
security fix for php
- pkgsrc/lang/php5/Makefile 1.56
- pkgsrc/lang/php5/distinfo 1.45
- pkgsrc/lang/php5/patches/patch-ad 1.1
- pkgsrc/lang/php5/patches/patch-ae 1.1
- pkgsrc/www/ap-php/Makefile 1.15
- pkgsrc/www/php4/Makefile 1.79
- pkgsrc/www/php4/distinfo 1.66
- pkgsrc/www/php4/patches/patch-aw 1.3
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 1 01:40:55 UTC 2007
Modified Files:
pkgsrc/www/php4: Makefile distinfo
Added Files:
pkgsrc/www/php4/patches: patch-aw
Log Message:
Add patches to fix CVE-2007-3806 referring CVS repository.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 1 01:40:08 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-ad patch-ae
Log Message:
- Add patches to fix CVE-2007-3806 referring CVS repository.
- Fix compile problem on NetBSD with mremap(2).
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 2 15:10:04 UTC 2007
Modified Files:
pkgsrc/www/ap-php: Makefile
Log Message:
Update of www/php5 package affects ap-php, too.
So, bump PKGREVISION.
(I just forgot to commit.)
|
|
security update for bind9
- pkgsrc/net/bind9/Makefile 1.91, 1.92
- pkgsrc/net/bind9/distinfo 1.33
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jul 28 11:41:57 UTC 2007
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
Log Message:
Update to 9.4.1-P1
2206. [security]
"allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
2203. [security]
Query id generation was cryptographically weak.
2202. [security]
The default acls for allow-query-cache and
allow-recursion were not being applied.
2193. [port]
win32: BINDInstall.exe is now linked statically.
2192. [port]
win32: use vcredist_x86.exe to install Visual
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Aug 1 21:09:57 UTC 2007
Modified Files:
pkgsrc/net/bind9: Makefile
Log Message:
Fix for bind package name pointed out by John Klos on tech-pkg@
|
|
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.46, 1.47
- pkgsrc/www/firefox/PLIST 1.28
- pkgsrc/www/firefox/distinfo 1.67, 1.68
- pkgsrc/www/firefox/patches/patch-cn 1.5
- pkgsrc/www/firefox-gtk1/PLIST 1.15
- pkgsrc/www/firefox-bin/Makefile 1.30, 1.32
- pkgsrc/www/firefox-bin/distinfo 1.27, 1.29
- pkgsrc/www/firefox15-bin/DESCR 1.3
- pkgsrc/www/firefox15-gtk1/DESCR 1.3
- pkgsrc/www/firefox15/DESCR 1.3
Module Name: pkgsrc
Committed By: xtraeme
Date: Thu Jul 19 18:20:59 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update to 2.0.0.5:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from
Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an
element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
---
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 08:43:51 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk1: PLIST
pkgsrc/www/firefox/patches: patch-cn
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.5.
Security fixes in this version:
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet
Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an
element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue Jul 31 10:06:48 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.6.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 08:47:36 UTC 2007
Modified Files:
pkgsrc/www/firefox15: DESCR
pkgsrc/www/firefox15-bin: DESCR
pkgsrc/www/firefox15-gtk1: DESCR
Log Message:
Firefox 1.5.0.x has been EOL'd.
|
|
|
|
security fix for qt3-libs
- pkgsrc/x11/qt3-libs/Makefile 1.64
- pkgsrc/x11/qt3-libs/distinfo 1.45
- pkgsrc/x11/qt3-libs/patches/patch-ca 1.1
- pkgsrc/x11/qt3-libs/patches/patch-cb 1.1
- pkgsrc/x11/qt3-libs/patches/patch-cc 1.1
- pkgsrc/x11/qt3-libs/patches/patch-cd 1.1
- pkgsrc/x11/qt3-libs/patches/patch-ce 1.1
- pkgsrc/x11/qt3-libs/patches/patch-cf 1.1
- pkgsrc/x11/qt3-libs/patches/patch-cg 1.1
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 1 20:51:26 UTC 2007
Modified Files:
pkgsrc/x11/qt3-libs: Makefile distinfo
Added Files:
pkgsrc/x11/qt3-libs/patches: patch-ca patch-cb patch-cc patch-cd
patch-ce patch-cf patch-cg
Log Message:
Add patches provided by Trolltech to fix CVE-2007-3388.
Bump package revision.
|
|
security fix for gdb
- pkgsrc/devel/gdb/Makefile 1.34
- pkgsrc/devel/gdb/distinfo 1.9-1.10
- pkgsrc/devel/gdb/patches/patch-am 1.2
- pkgsrc/devel/gdb/patches/patch-ap 1.1
- pkgsrc/devel/gdb/patches/patch-aq 1.1
Module Name: pkgsrc
Committed By: lkundrak
Date: Tue Jul 3 12:41:19 UTC 2007
Modified Files:
pkgsrc/devel/gdb: Makefile distinfo
Added Files:
pkgsrc/devel/gdb/patches: patch-ap patch-aq
Log Message:
Fixes for CVE-2005-1704 and CVE-2005-1705. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: lkundrak
Date: Wed Jul 11 13:12:02 UTC 2007
Modified Files:
pkgsrc/devel/gdb: distinfo
pkgsrc/devel/gdb/patches: patch-am
Log Message:
Attempt to fix build on >1.6
|
|
|
|
security fix for gimp
- pkgsrc/graphics/gimp/Makefile 1.157
- pkgsrc/graphics/gimp/distinfo 1.35
- pkgsrc/graphics/gimp/patches/patch-ae 1.7
- pkgsrc/graphics/gimp24/Makefile 1.45
- pkgsrc/graphics/gimp24/distinfo 1.18
- pkgsrc/graphics/gimp24/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: lkundrak
Date: Wed Jul 4 13:34:36 UTC 2007
Modified Files:
pkgsrc/graphics/gimp: Makefile distinfo
Added Files:
pkgsrc/graphics/gimp/patches: patch-ae
Log Message:
Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: lkundrak
Date: Wed Jul 4 15:19:52 UTC 2007
Modified Files:
pkgsrc/graphics/gimp24: Makefile distinfo
Added Files:
pkgsrc/graphics/gimp24/patches: patch-af
Log Message:
Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
|
|
|
|
security update for mysql5
- pkgsrc/databases/mysql5-client/Makefile.common 1.25
- pkgsrc/databases/mysql5-client/PLIST 1.7
- pkgsrc/databases/mysql5-client/distinfo 1.19
- pkgsrc/databases/mysql5-client/patches/patch-ac removed
- pkgsrc/databases/mysql5-client/patches/patch-ad 1.6
- pkgsrc/databases/mysql5-client/patches/patch-ae 1.9
- pkgsrc/databases/mysql5-client/patches/patch-bg removed
- pkgsrc/databases/mysql5-server/PLIST 1.11
- pkgsrc/databases/mysql5-server/distinfo 1.16
- pkgsrc/databases/mysql5-server/patches/patch-aa 1.5
- pkgsrc/databases/mysql5-server/patches/patch-ac removed
- pkgsrc/databases/mysql5-server/patches/patch-ah 1.6
- pkgsrc/databases/mysql5-server/patches/patch-ao removed
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 15 19:22:07 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile.common PLIST distinfo
pkgsrc/databases/mysql5-client/patches: patch-ad patch-ae
pkgsrc/databases/mysql5-server: PLIST distinfo
pkgsrc/databases/mysql5-server/patches: patch-aa patch-ah
Removed Files:
pkgsrc/databases/mysql5-client/patches: patch-ac patch-bg
pkgsrc/databases/mysql5-server/patches: patch-ac patch-ao
Log Message:
Update "mysql5-client" and "mysql5-server" packages to version 5.0.45.
Change since version 5.0.41:
- Functionality added or changed:
- A new status variable, Com_call_procedure, indicates the number of calls
to stored procedures. (Bug#27994)
- NDB Cluster: The server source tree now includes scripts to simplify
building MySQL with SCI support. For more information about SCI
interconnects and these build scripts, see Section 15.9.1,
Configuring MySQL Cluster to use SCI Sockets. (Bug#25470)
- Prior to this release, when DATE values were compared with DATETIME values
the time portion of the DATETIME value was ignored. Now a DATE value is
coerced to the DATETIME type by adding the time portion as 00:00:00. To
mimic the old behavior use the CAST() function in the following way:
SELECT date_field = CAST(NOW() as DATE);. (Bug#28929)
- A large number of bugs including these security problems have been fixed:
- A malformed password packet in the
connection protocol could cause the server to crash. Thanks for Dormando
for reporting this bug and providing details and a proof of concept.
(Bug#28984)
- CREATE TABLE LIKE did not require any privileges on the source table. Now
it requires the SELECT privilege. (Bug#25578)
- In addition, CREATE TABLE LIKE was not isolated from alteration by other
connections, which resulted in various errors and incorrect binary log
order when trying to execute concurrently a CREATE TABLE LIKE statement
and either DDL statements on the source table or DML or DDL statements on
the target table. (Bug#23667)
|
|
|
|
latest update for clamav
- pkgsrc/mail/clamav/Makefile 1.77-1.79
- pkgsrc/mail/clamav/buildlink3.mk 1.14
- pkgsrc/mail/clamav/distinfo 1.45-1.47
- pkgsrc/mail/clamav/options.mk 1.3
- pkgsrc/mail/clamav/patches/patch-aa 1.16
- pkgsrc/mail/clamav/patches/patch-ah 1.10
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Jul 11 17:44:22 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo options.mk
Log Message:
Update to 0.91:
ClamAV 0.91 is the first release to enable the anti-phishing technology
in default builds. This technology combines heuristics with special
signatures and provides effective protection against phishing threats.
Other important changes and add-ons in this version include:
- unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
archives
- unpacker for ASPack 2.12
- new implementation of the Aho-Corasick pattern matcher providing
better detection for wildcard enabled signatures
- support for nibble matching and floating offsets
- improved handling of .mdb files (fixes long startup times)
- extraction of PE files embedded into other executables
- better handling of PE & UPX
- removed dependency on libcurl (improves stability)
- libclamav.dll available under Windows
- IPv6 support in clamav-milter
- many other improvements and bugfixes
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Jul 17 06:54:31 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile buildlink3.mk distinfo
pkgsrc/mail/clamav/patches: patch-ah
Log Message:
Updated mail/clamav to 0.91.1
- libclamav/others.c: bump f-level
- libclamav/unrar/unrarvm.c: fix another occurrence of bb#555, thanks to
Ludwig Nussel <ludwig.nussel*suse.de>
- sigtool/sigtool.c: increase MAX_DEL_LOOKAHEAD, requested by Sven
- libclamav/scanner.c: don't search for embedded PEs in zip files larger
than 1 MB (bb#573)
- clamav-milter: Fix memory leak when load balancing
- clamav-milter: Chroot handling no longer marked as experimental
- libclamav/nsis: fix macro collision on AIX - bb#570
- libclamav/phishcheck.c: fix (null) FOUND
- libclamav: rename x86 macroes due to collisions on HPUX
- libclamav: Fix warnings on HP-UX
---
Module Name: pkgsrc
Committed By: martti
Date: Wed Jul 18 06:57:59 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Added Files:
pkgsrc/mail/clamav/patches: patch-aa
Log Message:
Updated mail/clamav to 0.91.1nb1
Fix for https://wwws.clamav.net/bugzilla/show_bug.cgi?id=580
|
|
security update for lighttpd
- pkgsrc/www/lighttpd/Makefile 1.15
- pkgsrc/www/lighttpd/distinfo 1.10
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jul 25 10:26:05 UTC 2007
Modified Files:
pkgsrc/www/lighttpd: Makefile distinfo
Log Message:
Update to lighttpd 1.4.16. This fixes a number of security issues:
- various possible NULL pointer references
- two cases were uninitialised memory is used or memory could be
corrupted. This might be exploitable to execute arbitrary code.
- possible mod_access by-pass by appending /
- a local DOS by broken FastCGI handlers
|
|
security fix for libarchive
- pkgsrc/archivers/libarchive/Makefile 1.17
- pkgsrc/archivers/libarchive/distinfo 1.14
- pkgsrc/archivers/libarchive/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: lkundrak
Date: Fri Jul 13 09:26:32 UTC 2007
Modified Files:
pkgsrc/archivers/libarchive: Makefile distinfo
Added Files:
pkgsrc/archivers/libarchive/patches: patch-ad
Log Message:
Fix for FreeBSD-SA-07:05.libarchive CVE-2007-3641, CVE-2007-3644 and
CVE-2007-3645. PKGREVISION bump.
|