Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for py-django
- pkgsrc/www/py-django/Makefile 1.9
- pkgsrc/www/py-django/distinfo 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Thu Nov 1 21:24:02 UTC 2007
Modified Files:
pkgsrc/www/py-django: Makefile distinfo
Log Message:
Update to Django 0.96.1: Fix a DOS in the i18n layer.
|
|
|
|
security update for wireshark
- pkgsrc/net/wireshark/Makefile 1.13
- pkgsrc/net/wireshark/PLIST 1.7
- pkgsrc/net/wireshark/distinfo 1.9
Module Name: pkgsrc
Committed By: tron
Date: Sat Dec 15 13:53:27 UTC 2007
Modified Files:
pkgsrc/net/wireshark: Makefile PLIST distinfo
Log Message:
Update "wireshark" package to version 0.99.7pre2. Changes since
version 0.99.6:
- Fixes for the security problems reported in "wnpa-sec-2007-03"
- Most of the capture code has been moved out of the GUI, which means
that Wireshark no longer needs to be run as root.
- Many display filter names have been cleaned up. If your favorite
display filter just went missing, please consult the display filter
reference to find out where it ended up.
- You can now filter directly on SNMP OIDs.
- IO graphs have more display options, and you can now export graphs.
- You can now follow UDP streams in addition to TCP and SSL streams.
- You can now disable coloring rules without deleting them.
- Main window toolbar buttons are now available even when the window is
small.
- Optimizations have been applied in some places to make Wireshark start up
and run faster.
- New Protocol Support
ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT,
ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah,
IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN,
WiMAX ASN Control Plane, X.224
- Updated Protocol Support
3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP,
Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT,
CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC
ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI,
DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS,
DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE,
FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP,
IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS,
ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP,
MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2,
MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER,
PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP,
Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP,
RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB,
SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP,
text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX,
WLCCP, X.411, X.420, X.509 SAT, XML
- New and Updated Capture File Support
Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks,
Windows Sniffer (NetXRay)
|
|
security update for openoffice2-bin
- pkgsrc/misc/openoffice2-bin/Makefile 1.34
- pkgsrc/misc/openoffice2-bin/distinfo 1.13
Module Name: pkgsrc
Committed By: tron
Date: Sat Dec 15 13:32:17 UTC 2007
Modified Files:
pkgsrc/misc/openoffice2-bin: Makefile distinfo
Log Message:
Update "openoffice2-bin" package to version 2.3.1.
This update provides a fix for the security vulnerability reported in
CVE-2007-4575 and a lot of other bug-fixes.
The complete release notes are available here:
http://development.openoffice.org/releases/2.3.1.html
|
|
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97
- pkgsrc/mail/squirrelmail/PLIST 1.25
- pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46
- pkgsrc/mail/squirrelmail/options.mk 1.7
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 14 20:44:35 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Updated mail/squirrelmail to 1.4.13
(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Dec 15 13:58:12 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
Bump PKG_REVISION.
|
|
security update for mysql5
- pkgsrc/databases/mysql5-client/Makefile 1.11, 1.12, 1.14
- pkgsrc/databases/mysql5-client/Makefile.common 1.26, 1.28
- pkgsrc/databases/mysql5-client/PLIST 1.8, 1.9
- pkgsrc/databases/mysql5-client/distinfo 1.20, 1.21
- pkgsrc/databases/mysql5-client/patches/patch-ad 1.7
- pkgsrc/databases/mysql5-server/Makefile 1.20
- pkgsrc/databases/mysql5-server/PLIST 1.12
- pkgsrc/databases/mysql5-server/distinfo 1.17
- pkgsrc/databases/mysql5-server/patches/patch-ab 1.5
- pkgsrc/databases/mysql5-server/patches/patch-ak 1.4
- pkgsrc/databases/mysql5-server/patches/patch-an 1.4
Module Name: pkgsrc
Committed By: rillig
Date: Fri Oct 12 14:32:46 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo
pkgsrc/databases/mysql5-client/patches: patch-ad
Log Message:
The mysql.info file is not rebuilt anymore, so it is safe to install the
documentation.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Oct 14 17:43:33 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile PLIST
Log Message:
The file manual.chm is installed additionally, since it is much more
comfortable to browse than the GNU info file.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Dec 14 13:36:54 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile Makefile.common distinfo
pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
pkgsrc/databases/mysql5-server/patches: patch-ab patch-ak patch-an
Log Message:
Update "mysql5-client" and "mysql5-server" packages to version 5.0.51.
This version fixes a lot of bugs including the security vulnerability
reported in CVE-2007-5969.
A complete list of the changes can be found here:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
|
|
|
|
security update for ruby-actionpack
- pkgsrc/databases/ruby-activerecord/Makefile 1.10
- pkgsrc/databases/ruby-activerecord/distinfo 1.10
- pkgsrc/devel/ruby-activesupport/Makefile 1.12
- pkgsrc/devel/ruby-activesupport/distinfo 1.10
- pkgsrc/mail/ruby-actionmailer/Makefile 1.9
- pkgsrc/mail/ruby-actionmailer/distinfo 1.10
- pkgsrc/www/rails/Makefile 1.6
- pkgsrc/www/rails/PLIST 1.3
- pkgsrc/www/rails/distinfo 1.5
- pkgsrc/www/rails/patches/patch-ab 1.4
- pkgsrc/www/ruby-actionpack/Makefile 1.9, 1.10
- pkgsrc/www/ruby-actionpack/PLIST 1.10
- pkgsrc/www/ruby-actionpack/distinfo 1.10, 1.11
- pkgsrc/www/ruby-actionwebservice/Makefile 1.8
- pkgsrc/www/ruby-actionwebservice/distinfo 1.9
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 02:56:02 UTC 2007
Modified Files:
pkgsrc/devel/ruby-activesupport: Makefile distinfo
Log Message:
Update ruby-activesupport to 1.4.4.
Changes:
* Backport: allow array and hash query parameters. Array route
parameters are converted/to/a/path as before.
* Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read
files or stdin.
* Document Object#blank?.
* Update Dependencies to ignore constants inherited from ancestors.
* Improved multibyte performance by relying less on exception raising
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:17:32 UTC 2007
Modified Files:
pkgsrc/www/ruby-actionpack: Makefile PLIST distinfo
Log Message:
Update ruby-actionpack to 1.13.5.
Changes:
* Backport: allow array and hash query parameters. Array route
parameters are converted/to/a/path as before. #6765, #7047, #7462 [bgipsy,
Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou]
* Fix in place editor's setter action with non-string fields. #7418
[Andreas]
* Only accept session ids from cookies, prevents session fixation
attacks.
* Change the resource seperator from ; to / change the generated
routes to use the new-style named routes. e.g. new_group_user_path(@group)
instead of group_new_user_path(@group). [pixeltrix]
* Integration tests: introduce methods for other HTTP methods. #6353
[caboose]
* Improve performance of action caching. Closes #8231 [skaes]
* Fix errors with around_filters which do not yield, restore 1.1
behaviour with after filters. Closes #8891 [skaes]
* Allow you to delete cookies with options. Closes #3685
* Deprecate pagination. Install the classic_pagination plugin for
forward compatibility, or move to the superior will_paginate plugin. #8157
* Fix filtered parameter logging with nil parameter values. #8422
[choonkeat]
* Integration tests: alias xhr to xml_http_request and add a
request_method argument instead of always using POST. #7124
* Document caches_action. #5419 [Jarkko Laine]
* observe_form always sends the serialized form. #5271
* Update UrlWriter to accept :anchor parameter. Closes #6771.
[octopod]
* Replace the current block/continuation filter chain handling by an
implementation based on a simple loop. Closes #8226 [Stefan Kaes]
* Return the string representation from an Xml Builder when
rendering a partial. #5044 [tpope]
* Cleaned up, corrected, and mildly expanded ActionPack
documentation. Closes #7190 [jeremymcanally]
* Small collection of ActionController documentation cleanups.
Closes #7319
* Performance: patch cgi/session/pstore to require digest/md5 once
rather than per #initialize. #7583 [Stefan Kaes]
* Deprecation: verification with :redirect_to => :named_route
shouldn't be deprecated. #7525 [Justin French]
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:05:39 UTC 2007
Modified Files:
pkgsrc/databases/ruby-activerecord: Makefile distinfo
Log Message:
Update ruby-activerecord to 1.15.5.
Changes:
* Depend on Action Pack 1.4.4
* Fix #count on a has_many :through association so that it
recognizes the :uniq option. Closes #8801 [lifofifo]
* Don't clobber includes passed to has_many.count [danger]
* Make sure has_many uses :include when counting [danger]
* Save associated records only if the association is already
loaded. #8713
* Changing the :default Date format doesn't break date quoting. #6312
* Allow nil serialized attributes with a set class constraint. #7293
* belongs_to assignment creates a new proxy rather than modifying
its target in-place. #8412 [mmangino@elevatedrails.com]
* Fix column type detection while loading fixtures. Closes #7987
[roderickvd]
* Document deep eager includes. #6267 [Josh Susser, Dan Manges]
* Oracle: extract column length for CHAR also. #7866 [ymendel]
* Small additions and fixes for ActiveRecord documentation. Closes
#7342
* SQLite: binary escaping works with $KCODE='u'. #7862 [tsuka]
* Improved cloning performance by relying less on exception raising
#8159
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:26:23 UTC 2007
Modified Files:
pkgsrc/mail/ruby-actionmailer: Makefile distinfo
Log Message:
Update ruby-actionmailer to 1.3.5.
Changes:
* Depend on Action Pack 1.13.5
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:31:02 UTC 2007
Modified Files:
pkgsrc/www/ruby-actionwebservice: Makefile distinfo
Log Message:
Update ruby-actionwebservice to 1.2.5.
Changes:
* Depend on Action Pack 1.13.5
* Depend on Active Record 1.15.5
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 04:03:43 UTC 2007
Modified Files:
pkgsrc/www/rails: Makefile PLIST distinfo
pkgsrc/www/rails/patches: patch-ab
Log Message:
Update rails to 1.2.5.
Changes:
* Correct RAILS_GEM_VERSION regexp. Use =version gem requirement
instead of ~>version so you don't get surprised by a beta gem in
production. This change means upgrading to 1.2.5 will require a boot.rb
upgrade.
* Move custom inflections example so available before route
generation.
* Add a new rake task to aid debugging of named routes.
* use Gem.find_name instead of search when freezing gems. Prevent
false positives for other gems with rails in the name. Closes #8729
[wselman]
* Fix syntax error in dispatcher than wrecked failsafe responses.
* Add Active Resource to rails:freeze:edge and drop Action Web
Service.
* Give generate scaffold a more descriptive database message.
Closes #7316
* Canonicalize RAILS_ROOT by using File.expand_path on Windows,
which doesn't have to worry about symlinks, and Pathname#realpath
elsewhere, which respects symlinks in relative paths but is incompatible
with Windows. #6755 [Jeremy Kemper, trevor]
---
Module Name: pkgsrc
Committed By: minskim
Date: Mon Dec 10 05:47:03 UTC 2007
Modified Files:
pkgsrc/www/ruby-actionpack: Makefile distinfo
Log Message:
Update ruby-actionpack to 1.13.6.
Changes:
* Correct Broken Fix for session_fixation attacks
* Ensure that cookies handle array values correctly. Closes #9937
[queso]
|
|
|
|
bugfix update for squirrelmail (squirrelmail-japanese option)
- pkgsrc/mail/squirrelmail/distinfo 1.44
- pkgsrc/mail/squirrelmail/options.mk 1.6
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 5 11:25:57 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: distinfo options.mk
Log Message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
|
|
security update for squid
- pkgsrc/www/squid/Makefile 1.197-1.199
- pkgsrc/www/squid/distinfo 1.135
- pkgsrc/www/squid/patches/patch-av removed
Module Name: pkgsrc
Committed By: wiz
Date: Mon Nov 12 00:15:00 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove ftp.leo.org from MASTER_SITES, doesn't resolve.
From Zafer Aydogan in PR 37341.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Dec 2 11:46:11 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove Ex-MASTER_SITE. From Zafer Aydogan.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 2 14:47:08 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Removed Files:
pkgsrc/www/squid/patches: patch-av
Log Message:
Update squid package to 2.6.17 (2.6.STABLE17).
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.25
- pkgsrc/www/drupal/distinfo 1.18
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Dec 5 23:16:19 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
This release fixes a security vulnerability. Sites are urged to upgrade
immediately. For more details, please see the security announcement:
* SA-2007-031 - Drupal core - SQL Injection possible when certain
contributed modules are enabled
In addition to this security vulnerability, the following bugs have been
fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not
accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order
comments by cid (ie. original submission order) instead of timestamp
(ie. last editing time order) to avoid comments jumping around when
being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap()
not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft
carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in
install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited
accounts so they are exempt from the spam protection we have for
accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no
taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
|
|
|
|
security update for php5
- pkgsrc/lang/php5/Makefile 1.62
- pkgsrc/lang/php5/Makefile.common 1.28
- pkgsrc/lang/php5/distinfo 1.50
- pkgsrc/lang/php5/patches/patch-ao removed
- pkgsrc/lang/php5/patches/patch-ar removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Nov 23 13:20:01 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ao patch-ar
Log Message:
Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions.
Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported by
SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to
non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using
ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(),
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale
rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
|
|
|
|
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.95
- pkgsrc/mail/squirrelmail/PLIST 1.24
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.17
- pkgsrc/mail/squirrelmail/distinfo 1.43
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.14
Module Name: pkgsrc
Committed By: martti
Date: Wed Dec 5 07:11:29 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
|
|
|
|
security update for ircservices
- pkgsrc/chat/ircservices/Makefile 1.31
- pkgsrc/chat/ircservices/distinfo 1.13
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Nov 24 00:47:37 UTC 2007
Modified Files:
pkgsrc/chat/ircservices: Makefile distinfo
Log Message:
Update to 5.0.63
2007/06/10 .62 Backported 5.1 fix for a bug allowing guest nicknames to be
linked.
This release fixes two security-related bugs discovered in version 5.1 which
are also present in 5.0.
|
|
security fix for cups
- pkgsrc/print/cups/Makefile 1.127-1.128
- pkgsrc/print/cups/distifno 1.53
- pkgsrc/print/cups/patches/patch-au 1.9
Module Name: pkgsrc
Committed By: dsainty
Date: Mon Oct 22 11:56:46 UTC 2007
Modified Files:
pkgsrc/print/cups: Makefile
Log Message:
Fix the output of "cups-config --ldflags" to output "-Wl,-R/usr/pkg" like
other config scripts do.
Bump PKGREVISION since client software may not correctly build or run
without this fix.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Nov 5 20:16:19 UTC 2007
Modified Files:
pkgsrc/print/cups: Makefile distinfo
Added Files:
pkgsrc/print/cups/patches: patch-au
Log Message:
Fix for CVE-2007-4351
PKGREVISION++
|
|
security update for mantis
- pkgsrc/devel/mantis/Makefile 1.28
- pkgsrc/devel/mantis/PLIST 1.10
- pkgsrc/devel/mantis/distinfo 1.10
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 27 22:31:10 UTC 2007
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Update to 1.0.8
- 0007902: [bugtracker] constant_inc is missing statement in 1.0.7 (vboctor)
- 0008020: [installation] Port 7907: Allow using system adodb (giallu)
- 0008029: [localization] Spelling mistake in value of string
$s_by_severity file lang/strings_spanish.txt (giallu)
- 0008019: [other] Port 5333: Invalid zip file core/adodb/adodb-time.zip
in CVS (giallu)
- 0007939: [rss] Port 7738: Replace non free RSS creation class (vboctor)
2007.04.04 - 1.0.7
- 0007743: [security] Port: CVE-2006-6574 (vboctor)
- 0007772: [security] email notifications bypass security on custom
fields (vboctor)
- 0007784: [security] XSS vulnerabilities (vboctor)
- 0007774: [custom fields] custom fields not stored correctly in bug
history (vboctor)
- 0007783: [filters] Port: Dynamic filter selection (XMLHTTPRequest)
broken when using IE7
(vboctor)
|
|
|
|
security update for openldap
Revisions pulled up:
- pkgsrc/databases/openldap/Makefile 1.122
- pkgsrc/databases/openldap/Makefile.common 1.11
- pkgsrc/databases/openldap/distinfo 1.59
- pkgsrc/databases/openldap-doc/Makefile 1.8
Module Name: pkgsrc
Committed By: ghen
Date: Sun Nov 18 19:46:16 UTC 2007
Modified Files:
pkgsrc/databases/openldap: Makefile Makefile.common distinfo
pkgsrc/databases/openldap-doc: Makefile
Log Message:
Update openldap packages to 2.3.39, the latest stable release.
The next stable release will be 2.4.x.
OpenLDAP 2.3.39 Release (2007/10/26)
Fixed slapd database/overlay config conflict (ITS#4848)
Fixed slapd password_hash config order (ITS#5082)
Fixed slapd slap_mods_check bug (ITS#5119)
Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
Fixed slapd ordered values add normalization issue (ITS#5136)
Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
Fixed slapd-ldap search control parsing (ITS#5138)
Fixed slapd-ldap SASL idassert w/o authcId
Fixed slapd-ldif directory separators in DN (ITS#5172)
Fixed slapd-meta conn caching on bind failure (ITS#5154)
Fixed slapd-meta bind timeout assertion (ITS#5185)
Fixed slapd-sql concurrency issue (ITS#5095)
Fixed slapo-chain double-free (ITS#5137)
Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
Fixed slapo-rwm modlist handling (ITS#5124)
Fixed slapo-rwm UUID in filter (ITS#5168)
Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
Fixed liblber Windows x64 portability (ITS#5105)
Fixed libldap ppolicy control creation (ITS#5103)
Build Environment
Fixed termios macro check (ITS#4880)
Updated Makefiles
Documentation
Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134)
Added slapd-sql(5) empty oc mapping workaround (ITS#4785)
Added max-depth/return-error to slapo-chain(5)
slapadd/slapindex note about file ownership (ITS#5166)
slapcat note about using against running slapd (ITS#5028)
Fixed Admin Guide URL in README (ITS#5107)
|
|
|
|
security update for apache-tomcat
- pkgsrc/www/apache-tomcat55/Makefile 1.12
- pkgsrc/www/apache-tomcat55/PLIST 1.4
- pkgsrc/www/apache-tomcat55/distinfo 1.5
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Nov 20 22:13:30 UTC 2007
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Update to 5.5.25
Fix install permissions to silence checkperms
In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an
env-entry in web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation
path contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
For all the details see:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
|
|
|
|
security update for samba
- pkgsrc/net/samba/Makefile 1.175-1.177
- pkgsrc/net/samba/Makefile.patches 1.5-1.6
- pkgsrc/net/samba/PLIST 1.37
- pkgsrc/net/samba/distinfo 1.55-1.57
- pkgsrc/net/samba/options.mk 1.22
- pkgsrc/net/samba/patches/patch-ag 1.7
- pkgsrc/net/samba/patches/patch-ai removed
- pkgsrc/net/samba/patches/patch-aj removed
- pkgsrc/net/samba/patches/patch-al removed
- pkgsrc/net/samba/patches/patch-am removed
- pkgsrc/net/samba/patches/patch-au 1.7
- pkgsrc/net/samba/patches/patch-au 1.7
- pkgsrc/net/samba/patches/patch-av 1.3
- pkgsrc/net/samba/patches/patch-ay 1.3
- pkgsrc/net/samba/patches/patch-ba 1.5-1.6
- pkgsrc/net/samba/patches/patch-bb removed
- pkgsrc/net/samba/patches/patch-bc 1.2
- pkgsrc/net/samba/patches/patch-bd 1.3
- pkgsrc/net/samba/patches/patch-be 1.3
- pkgsrc/net/samba/patches/patch-bf removed
- pkgsrc/net/samba/patches/patch-bh 1.3
- pkgsrc/net/samba/patches/patch-bi 1.5
- pkgsrc/net/samba/patches/patch-bj removed
- pkgsrc/net/samba/patches/patch-bk removed
- pkgsrc/net/samba/patches/patch-bo 1.4
- pkgsrc/net/samba/patches/patch-bp 1.4
- pkgsrc/net/samba/patches/patch-br 1.3
- pkgsrc/net/samba/patches/patch-bs 1.4
- pkgsrc/net/samba/patches/patch-bt 1.3
- pkgsrc/net/samba/patches/patch-bu 1.5
- pkgsrc/net/samba/patches/patch-bw 1.4
- pkgsrc/net/samba/patches/patch-bx removed
- pkgsrc/net/samba/patches/patch-by removed
- pkgsrc/net/samba/patches/patch-bz removed
- pkgsrc/net/samba/patches/patch-ca 1.4
- pkgsrc/net/samba/patches/patch-ce 1.1
- pkgsrc/net/samba/patches/patch-cf 1.1
- pkgsrc/net/samba/patches/patch-cg 1.1
- pkgsrc/net/samba/patches/patch-ch 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 07:28:51 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile Makefile.patches PLIST distinfo options.mk
pkgsrc/net/samba/patches: patch-ag patch-at patch-au patch-av patch-ay
patch-ba patch-bc patch-bd patch-be patch-bh patch-bi patch-bo
patch-bp patch-br patch-bs patch-bt patch-bu patch-bw patch-ca
Added Files:
pkgsrc/net/samba/patches: patch-ce patch-cf patch-cg patch-ch
Removed Files:
pkgsrc/net/samba/patches: patch-ai patch-aj patch-al patch-am patch-bb
patch-bf patch-bj patch-bk patch-bx patch-by patch-bz
Log Message:
Update samba to 3.0.26a.
pkgsrc change: Add support for DESTDIR.
Changes from 3.0.24 are huge, please refer WHATSNEW.txt.
<http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_26/WHATSNEW.txt?rev=22651&view=markup>
---
Module Name: pkgsrc
Committed By: rillig
Date: Tue Nov 6 00:47:53 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile distinfo
pkgsrc/net/samba/patches: patch-ba
Log Message:
Fixed an expansion of @mandir@ that accidentally got into patch-ba in
revision 1.5.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Nov 16 11:41:38 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile Makefile.patches distinfo
Log Message:
Apply security fixes for CVE-2007-4572 and CVE-2007-5398 released by the
Samba project. Bump package revision.
|
|
|
|
security update for thunderbird
- pkgsrc/mail/thunderbird/Makefile 1.30 via patch
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.31
- pkgsrc/mail/thunderbird/distinfo 1.42
- pkgsrc/mail/thunderbird/patches/patch-ac 1.8
Module Name: pkgsrc
Committed By: tron
Date: Thu Nov 15 15:05:23 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo
pkgsrc/mail/thunderbird/patches: patch-ac
Log Message:
Update "thunderbird" package to version 2.0.0.9. It fixes the following
security problems:
- MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
- MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
|
|
|
|
security fix for kdegraphics3
- pkgsrc/graphics/kdegraphics3/Makefile 1.75 via patch
- pkgsrc/graphics/kdegraphics3/distinfo 1.48 via patch
Module Name: pkgsrc
Committed By: markd
Date: Thu Nov 8 21:30:57 UTC 2007
Modified Files:
pkgsrc/graphics/kdegraphics3: Makefile distinfo
Log Message:
Another xpdf issue
http://www.kde.org/info/security/advisory-20071107-1.txt
|
|
|
|
security update for phpmyadmin
- pkgsrc/databases/phpmyadmin/Makefile 1.62
- pkgsrc/databases/phpmyadmin/PLIST 1.18
- pkgsrc/databases/phpmyadmin/distinfo 1.30
Module Name: pkgsrc
Committed By: tron
Date: Mon Nov 12 14:05:26 UTC 2007
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.2.1.
Change since version 2.10.2:
- creating VIEWs from query results
- managing triggers, procedures and functions
- supports MySQL 5.0.37 query profiling
- improved interface for servers hosting thousands of databases and tables.
- security fixes for PMASA-2007-5, PMASA-2007-6 and PMASA-2007-7
|
|
|
|
security fix for koffice
- pkgsrc/misc/koffice/Makefile 1.98
- pkgsrc/misc/koffice/distinfo 1.43
Module Name: pkgsrc
Committed By: markd
Date: Thu Nov 8 21:36:03 UTC 2007
Modified Files:
pkgsrc/misc/koffice: Makefile distinfo
Log Message:
Another xpdf issue
http://www.kde.org/info/security/advisory-20071107-1.txt
PKGREVISION++
|
|
security fix for perl
- pkgsrc/lang/perl5/Makefile 1.129
- pkgsrc/lang/perl5/distinfo 1.43
- pkgsrc/lang/perl5/patches/patch-da 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Nov 6 19:54:53 UTC 2007
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
|
|
|
|
security update for libpurple/pidgin/finch
- pkgsrc/chat/finch/Makefile 1.9
- pkgsrc/chat/finch/PLIST 1.4
- pkgsrc/chat/libpurple/Makefile.common 1.7
- pkgsrc/chat/libpurple/PLIST 1.7
- pkgsrc/chat/libpurple/buildlink3.mk 1.4
- pkgsrc/chat/libpurple/distinfo 1.10
- pkgsrc/chat/pidgin/buildlink3.mk 1.4
- pkgsrc/chat/pidgin/distinfo 1.6
Module Name: pkgsrc
Committed By: tnn
Date: Sat Nov 3 15:59:18 UTC 2007
Modified Files:
pkgsrc/chat/finch: Makefile PLIST
pkgsrc/chat/libpurple: Makefile.common PLIST buildlink3.mk
distinfo pkgsrc/chat/pidgin: buildlink3.mk
pkgsrc/chat/pidgin-silc: distinfo
Log Message:
Update pidgin IM suite to 2.2.2 for the CVE-2007-4999 fix.
(A remote user can cause a DoS by sending a message with invalid HTML.)
version 2.2.2 (10/23/2007):
http://developer.pidgin.im/query?status=closed&milestone=2.2.2
NOTE: Due to the way this release was made, it is possible that
bugs marked as fixed in 2.2.1 or 2.2.2 will not be fixed
until the next release.
* Various bug and memory leak fixes
|
|
|
|
build fix for shared-mime-info
- pkgsrc/databases/shared-mime-info/distinfo patch
- pkgsrc/databases/shared-mime-info/patches/patch-ab 1.3 via patch
- pkgsrc/databases/shared-mime-info/patches/patch-ac 1.1 via patch
Module Name: pkgsrc
Committed By: joerg
Date: Sat Nov 3 16:37:44 UTC 2007
Modified Files:
pkgsrc/databases/shared-mime-info: distinfo
Added Files:
pkgsrc/databases/shared-mime-info/patches: patch-ab patch-ac
Log Message:
Remove INCOMPAT_GETTEXT and the automatic rebuilding of the PO files.
This fixes the build on older NetBSD systems in a clean way.
|
|
|
|
NetBSD-4 (at least). Else pkg_sync and pkg_tarup won't work.
|
|
|
|
security update for seamonkey
Revisions pulled up:
- pkgsrc/www/seamonkey/Makefile 1.24
- pkgsrc/www/seamonkey/Makefile-seamonkey.common 1.13
- pkgsrc/www/seamonkey/distinfo 1.25
- pkgsrc/www/seamonkey/patches/patch-ac 1.4
- pkgsrc/www/seamonkey-gtk1/Makefile 1.17
- pkgsrc/www/seamonkey-bin/Makefile 1.17
- pkgsrc/www/seamonkey-bin/distinfo 1.14
Module Name: pkgsrc
Committed By: ghen
Date: Mon Oct 22 08:04:08 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile Makefile-seamonkey.common distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
pkgsrc/www/seamonkey-gtk1: Makefile
pkgsrc/www/seamonkey/patches: patch-ac
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to SeaMonkey 1.1.5.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
|
|
|
|
removal of ion3-devel
- pkgsrc/wm/Makefile 1.99
- pkgsrc/wm/ion3-devel/DESCR removed
- pkgsrc/wm/ion3-devel/Makefile removed
- pkgsrc/wm/ion3-devel/PLIST removed
- pkgsrc/wm/ion3-devel/distinfo removed
- pkgsrc/wm/ion3-devel/patches/patch-aa removed
- pkgsrc/wm/ion3-devel/patches/patch-ab removed
- pkgsrc/wm/ion3-devel/patches/patch-ac removed
- pkgsrc/wm/ion3-devel/patches/patch-ae removed
- pkgsrc/wm/ion3-devel/patches/patch-ag removed
- pkgsrc/wm/ion3-devel/patches/patch-ah removed
- pkgsrc/wm/ion3-devel/patches/patch-aj removed
- pkgsrc/wm/ion3-devel/patches/patch-ak removed
- pkgsrc/wm/ion3-devel/patches/patch-al removed
- pkgsrc/wm/ion3-devel/patches/patch-am removed
Module Name: pkgsrc
Committed By: tnn
Date: Sun Oct 28 12:31:57 UTC 2007
Modified Files:
pkgsrc/wm: Makefile
Removed Files:
pkgsrc/wm/ion3-devel: DESCR Makefile PLIST distinfo
pkgsrc/wm/ion3-devel/patches: patch-aa patch-ab patch-ac
patch-ae patch-ag patch-ah patch-aj patch-ak patch-al patch-am
Log Message:
Remove ion3-devel.
The holder of the Ion3(tm) trademark and copyright demands that
this package must be kept up-to-date at all times. We cannot comply
with such demands, especially considering that pkgsrc has
"stable branches".
(If anyone cares about this package, I suggest we maintain it in
pkgsrc-wip instead.)
|
|
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.49
- pkgsrc/www/firefox/distinfo 1.70
- pkgsrc/www/firefox/patches/patch-ac 1.10
- pkgsrc/www/firefox-bin/Makefile 1.35
- pkgsrc/www/firefox-bin/distinfo 1.33, 1.34, 1.35
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 08:59:56 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox/patches: patch-ac
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.8.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 19:47:43 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Add distinfo entries for Solaris {8,10}/{i386,sparc} as well.
Noted by dmcmahill.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Oct 20 10:42:37 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Remove empty lines to get rid of warnings in weekly pkgsrc checks on babylon5.
Suggested by veego.
|
|
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.24
- pkgsrc/www/drupal/distinfo 1.17
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Oct 18 13:01:36 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.3
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment
Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no
admin links for the module
See http://drupal.org/node/184395 for all the details
|
|
bugfix for "make readme"
- pkgsrc/mk/bsd.pkg.readme.mk 1.15
- pkgsrc/mk/scritps/genreadme.awk 1.29
- pkgsrc/mk/scritps/mkreadme 1.20
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 20 13:35:12 UTC 2007
Modified Files:
pkgsrc/mk: bsd.pkg.readme.mk
pkgsrc/mk/scripts: genreadme.awk mkreadme
Log Message:
Rename PKGTOOLS_VER to PKGTOOLS_VERSION and use that everywhere
Export PKGTOOLS_VERSION so that genreadme.awk can use it
This will sync the output between './mkreadme' and 'make readme'
|