Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for squid
- pkgsrc/www/squid/Makefile 1.197-1.199
- pkgsrc/www/squid/distinfo 1.135
- pkgsrc/www/squid/patches/patch-av removed
Module Name: pkgsrc
Committed By: wiz
Date: Mon Nov 12 00:15:00 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove ftp.leo.org from MASTER_SITES, doesn't resolve.
From Zafer Aydogan in PR 37341.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Dec 2 11:46:11 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove Ex-MASTER_SITE. From Zafer Aydogan.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 2 14:47:08 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Removed Files:
pkgsrc/www/squid/patches: patch-av
Log Message:
Update squid package to 2.6.17 (2.6.STABLE17).
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.25
- pkgsrc/www/drupal/distinfo 1.18
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Dec 5 23:16:19 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
This release fixes a security vulnerability. Sites are urged to upgrade
immediately. For more details, please see the security announcement:
* SA-2007-031 - Drupal core - SQL Injection possible when certain
contributed modules are enabled
In addition to this security vulnerability, the following bugs have been
fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not
accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order
comments by cid (ie. original submission order) instead of timestamp
(ie. last editing time order) to avoid comments jumping around when
being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap()
not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft
carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in
install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited
accounts so they are exempt from the spam protection we have for
accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no
taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
|
|
|
|
security update for php5
- pkgsrc/lang/php5/Makefile 1.62
- pkgsrc/lang/php5/Makefile.common 1.28
- pkgsrc/lang/php5/distinfo 1.50
- pkgsrc/lang/php5/patches/patch-ao removed
- pkgsrc/lang/php5/patches/patch-ar removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Nov 23 13:20:01 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ao patch-ar
Log Message:
Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions.
Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported by
SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to
non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using
ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(),
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale
rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
|
|
|
|
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.95
- pkgsrc/mail/squirrelmail/PLIST 1.24
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.17
- pkgsrc/mail/squirrelmail/distinfo 1.43
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.14
Module Name: pkgsrc
Committed By: martti
Date: Wed Dec 5 07:11:29 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
|
|
|
|
security update for ircservices
- pkgsrc/chat/ircservices/Makefile 1.31
- pkgsrc/chat/ircservices/distinfo 1.13
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Nov 24 00:47:37 UTC 2007
Modified Files:
pkgsrc/chat/ircservices: Makefile distinfo
Log Message:
Update to 5.0.63
2007/06/10 .62 Backported 5.1 fix for a bug allowing guest nicknames to be
linked.
This release fixes two security-related bugs discovered in version 5.1 which
are also present in 5.0.
|
|
security fix for cups
- pkgsrc/print/cups/Makefile 1.127-1.128
- pkgsrc/print/cups/distifno 1.53
- pkgsrc/print/cups/patches/patch-au 1.9
Module Name: pkgsrc
Committed By: dsainty
Date: Mon Oct 22 11:56:46 UTC 2007
Modified Files:
pkgsrc/print/cups: Makefile
Log Message:
Fix the output of "cups-config --ldflags" to output "-Wl,-R/usr/pkg" like
other config scripts do.
Bump PKGREVISION since client software may not correctly build or run
without this fix.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Nov 5 20:16:19 UTC 2007
Modified Files:
pkgsrc/print/cups: Makefile distinfo
Added Files:
pkgsrc/print/cups/patches: patch-au
Log Message:
Fix for CVE-2007-4351
PKGREVISION++
|
|
security update for mantis
- pkgsrc/devel/mantis/Makefile 1.28
- pkgsrc/devel/mantis/PLIST 1.10
- pkgsrc/devel/mantis/distinfo 1.10
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 27 22:31:10 UTC 2007
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Update to 1.0.8
- 0007902: [bugtracker] constant_inc is missing statement in 1.0.7 (vboctor)
- 0008020: [installation] Port 7907: Allow using system adodb (giallu)
- 0008029: [localization] Spelling mistake in value of string
$s_by_severity file lang/strings_spanish.txt (giallu)
- 0008019: [other] Port 5333: Invalid zip file core/adodb/adodb-time.zip
in CVS (giallu)
- 0007939: [rss] Port 7738: Replace non free RSS creation class (vboctor)
2007.04.04 - 1.0.7
- 0007743: [security] Port: CVE-2006-6574 (vboctor)
- 0007772: [security] email notifications bypass security on custom
fields (vboctor)
- 0007784: [security] XSS vulnerabilities (vboctor)
- 0007774: [custom fields] custom fields not stored correctly in bug
history (vboctor)
- 0007783: [filters] Port: Dynamic filter selection (XMLHTTPRequest)
broken when using IE7
(vboctor)
|
|
|
|
security update for openldap
Revisions pulled up:
- pkgsrc/databases/openldap/Makefile 1.122
- pkgsrc/databases/openldap/Makefile.common 1.11
- pkgsrc/databases/openldap/distinfo 1.59
- pkgsrc/databases/openldap-doc/Makefile 1.8
Module Name: pkgsrc
Committed By: ghen
Date: Sun Nov 18 19:46:16 UTC 2007
Modified Files:
pkgsrc/databases/openldap: Makefile Makefile.common distinfo
pkgsrc/databases/openldap-doc: Makefile
Log Message:
Update openldap packages to 2.3.39, the latest stable release.
The next stable release will be 2.4.x.
OpenLDAP 2.3.39 Release (2007/10/26)
Fixed slapd database/overlay config conflict (ITS#4848)
Fixed slapd password_hash config order (ITS#5082)
Fixed slapd slap_mods_check bug (ITS#5119)
Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
Fixed slapd ordered values add normalization issue (ITS#5136)
Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
Fixed slapd-ldap search control parsing (ITS#5138)
Fixed slapd-ldap SASL idassert w/o authcId
Fixed slapd-ldif directory separators in DN (ITS#5172)
Fixed slapd-meta conn caching on bind failure (ITS#5154)
Fixed slapd-meta bind timeout assertion (ITS#5185)
Fixed slapd-sql concurrency issue (ITS#5095)
Fixed slapo-chain double-free (ITS#5137)
Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
Fixed slapo-rwm modlist handling (ITS#5124)
Fixed slapo-rwm UUID in filter (ITS#5168)
Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
Fixed liblber Windows x64 portability (ITS#5105)
Fixed libldap ppolicy control creation (ITS#5103)
Build Environment
Fixed termios macro check (ITS#4880)
Updated Makefiles
Documentation
Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134)
Added slapd-sql(5) empty oc mapping workaround (ITS#4785)
Added max-depth/return-error to slapo-chain(5)
slapadd/slapindex note about file ownership (ITS#5166)
slapcat note about using against running slapd (ITS#5028)
Fixed Admin Guide URL in README (ITS#5107)
|
|
|
|
security update for apache-tomcat
- pkgsrc/www/apache-tomcat55/Makefile 1.12
- pkgsrc/www/apache-tomcat55/PLIST 1.4
- pkgsrc/www/apache-tomcat55/distinfo 1.5
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Nov 20 22:13:30 UTC 2007
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Update to 5.5.25
Fix install permissions to silence checkperms
In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an
env-entry in web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation
path contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
For all the details see:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
|
|
|
|
security update for samba
- pkgsrc/net/samba/Makefile 1.175-1.177
- pkgsrc/net/samba/Makefile.patches 1.5-1.6
- pkgsrc/net/samba/PLIST 1.37
- pkgsrc/net/samba/distinfo 1.55-1.57
- pkgsrc/net/samba/options.mk 1.22
- pkgsrc/net/samba/patches/patch-ag 1.7
- pkgsrc/net/samba/patches/patch-ai removed
- pkgsrc/net/samba/patches/patch-aj removed
- pkgsrc/net/samba/patches/patch-al removed
- pkgsrc/net/samba/patches/patch-am removed
- pkgsrc/net/samba/patches/patch-au 1.7
- pkgsrc/net/samba/patches/patch-au 1.7
- pkgsrc/net/samba/patches/patch-av 1.3
- pkgsrc/net/samba/patches/patch-ay 1.3
- pkgsrc/net/samba/patches/patch-ba 1.5-1.6
- pkgsrc/net/samba/patches/patch-bb removed
- pkgsrc/net/samba/patches/patch-bc 1.2
- pkgsrc/net/samba/patches/patch-bd 1.3
- pkgsrc/net/samba/patches/patch-be 1.3
- pkgsrc/net/samba/patches/patch-bf removed
- pkgsrc/net/samba/patches/patch-bh 1.3
- pkgsrc/net/samba/patches/patch-bi 1.5
- pkgsrc/net/samba/patches/patch-bj removed
- pkgsrc/net/samba/patches/patch-bk removed
- pkgsrc/net/samba/patches/patch-bo 1.4
- pkgsrc/net/samba/patches/patch-bp 1.4
- pkgsrc/net/samba/patches/patch-br 1.3
- pkgsrc/net/samba/patches/patch-bs 1.4
- pkgsrc/net/samba/patches/patch-bt 1.3
- pkgsrc/net/samba/patches/patch-bu 1.5
- pkgsrc/net/samba/patches/patch-bw 1.4
- pkgsrc/net/samba/patches/patch-bx removed
- pkgsrc/net/samba/patches/patch-by removed
- pkgsrc/net/samba/patches/patch-bz removed
- pkgsrc/net/samba/patches/patch-ca 1.4
- pkgsrc/net/samba/patches/patch-ce 1.1
- pkgsrc/net/samba/patches/patch-cf 1.1
- pkgsrc/net/samba/patches/patch-cg 1.1
- pkgsrc/net/samba/patches/patch-ch 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 07:28:51 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile Makefile.patches PLIST distinfo options.mk
pkgsrc/net/samba/patches: patch-ag patch-at patch-au patch-av patch-ay
patch-ba patch-bc patch-bd patch-be patch-bh patch-bi patch-bo
patch-bp patch-br patch-bs patch-bt patch-bu patch-bw patch-ca
Added Files:
pkgsrc/net/samba/patches: patch-ce patch-cf patch-cg patch-ch
Removed Files:
pkgsrc/net/samba/patches: patch-ai patch-aj patch-al patch-am patch-bb
patch-bf patch-bj patch-bk patch-bx patch-by patch-bz
Log Message:
Update samba to 3.0.26a.
pkgsrc change: Add support for DESTDIR.
Changes from 3.0.24 are huge, please refer WHATSNEW.txt.
<http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_26/WHATSNEW.txt?rev=22651&view=markup>
---
Module Name: pkgsrc
Committed By: rillig
Date: Tue Nov 6 00:47:53 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile distinfo
pkgsrc/net/samba/patches: patch-ba
Log Message:
Fixed an expansion of @mandir@ that accidentally got into patch-ba in
revision 1.5.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Nov 16 11:41:38 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile Makefile.patches distinfo
Log Message:
Apply security fixes for CVE-2007-4572 and CVE-2007-5398 released by the
Samba project. Bump package revision.
|
|
|
|
security update for thunderbird
- pkgsrc/mail/thunderbird/Makefile 1.30 via patch
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.31
- pkgsrc/mail/thunderbird/distinfo 1.42
- pkgsrc/mail/thunderbird/patches/patch-ac 1.8
Module Name: pkgsrc
Committed By: tron
Date: Thu Nov 15 15:05:23 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo
pkgsrc/mail/thunderbird/patches: patch-ac
Log Message:
Update "thunderbird" package to version 2.0.0.9. It fixes the following
security problems:
- MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
- MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
|
|
|
|
security fix for kdegraphics3
- pkgsrc/graphics/kdegraphics3/Makefile 1.75 via patch
- pkgsrc/graphics/kdegraphics3/distinfo 1.48 via patch
Module Name: pkgsrc
Committed By: markd
Date: Thu Nov 8 21:30:57 UTC 2007
Modified Files:
pkgsrc/graphics/kdegraphics3: Makefile distinfo
Log Message:
Another xpdf issue
http://www.kde.org/info/security/advisory-20071107-1.txt
|
|
|
|
security update for phpmyadmin
- pkgsrc/databases/phpmyadmin/Makefile 1.62
- pkgsrc/databases/phpmyadmin/PLIST 1.18
- pkgsrc/databases/phpmyadmin/distinfo 1.30
Module Name: pkgsrc
Committed By: tron
Date: Mon Nov 12 14:05:26 UTC 2007
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.2.1.
Change since version 2.10.2:
- creating VIEWs from query results
- managing triggers, procedures and functions
- supports MySQL 5.0.37 query profiling
- improved interface for servers hosting thousands of databases and tables.
- security fixes for PMASA-2007-5, PMASA-2007-6 and PMASA-2007-7
|
|
|
|
security fix for koffice
- pkgsrc/misc/koffice/Makefile 1.98
- pkgsrc/misc/koffice/distinfo 1.43
Module Name: pkgsrc
Committed By: markd
Date: Thu Nov 8 21:36:03 UTC 2007
Modified Files:
pkgsrc/misc/koffice: Makefile distinfo
Log Message:
Another xpdf issue
http://www.kde.org/info/security/advisory-20071107-1.txt
PKGREVISION++
|
|
security fix for perl
- pkgsrc/lang/perl5/Makefile 1.129
- pkgsrc/lang/perl5/distinfo 1.43
- pkgsrc/lang/perl5/patches/patch-da 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Nov 6 19:54:53 UTC 2007
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
|
|
|
|
security update for libpurple/pidgin/finch
- pkgsrc/chat/finch/Makefile 1.9
- pkgsrc/chat/finch/PLIST 1.4
- pkgsrc/chat/libpurple/Makefile.common 1.7
- pkgsrc/chat/libpurple/PLIST 1.7
- pkgsrc/chat/libpurple/buildlink3.mk 1.4
- pkgsrc/chat/libpurple/distinfo 1.10
- pkgsrc/chat/pidgin/buildlink3.mk 1.4
- pkgsrc/chat/pidgin/distinfo 1.6
Module Name: pkgsrc
Committed By: tnn
Date: Sat Nov 3 15:59:18 UTC 2007
Modified Files:
pkgsrc/chat/finch: Makefile PLIST
pkgsrc/chat/libpurple: Makefile.common PLIST buildlink3.mk
distinfo pkgsrc/chat/pidgin: buildlink3.mk
pkgsrc/chat/pidgin-silc: distinfo
Log Message:
Update pidgin IM suite to 2.2.2 for the CVE-2007-4999 fix.
(A remote user can cause a DoS by sending a message with invalid HTML.)
version 2.2.2 (10/23/2007):
http://developer.pidgin.im/query?status=closed&milestone=2.2.2
NOTE: Due to the way this release was made, it is possible that
bugs marked as fixed in 2.2.1 or 2.2.2 will not be fixed
until the next release.
* Various bug and memory leak fixes
|
|
|
|
build fix for shared-mime-info
- pkgsrc/databases/shared-mime-info/distinfo patch
- pkgsrc/databases/shared-mime-info/patches/patch-ab 1.3 via patch
- pkgsrc/databases/shared-mime-info/patches/patch-ac 1.1 via patch
Module Name: pkgsrc
Committed By: joerg
Date: Sat Nov 3 16:37:44 UTC 2007
Modified Files:
pkgsrc/databases/shared-mime-info: distinfo
Added Files:
pkgsrc/databases/shared-mime-info/patches: patch-ab patch-ac
Log Message:
Remove INCOMPAT_GETTEXT and the automatic rebuilding of the PO files.
This fixes the build on older NetBSD systems in a clean way.
|
|
|
|
NetBSD-4 (at least). Else pkg_sync and pkg_tarup won't work.
|
|
|
|
security update for seamonkey
Revisions pulled up:
- pkgsrc/www/seamonkey/Makefile 1.24
- pkgsrc/www/seamonkey/Makefile-seamonkey.common 1.13
- pkgsrc/www/seamonkey/distinfo 1.25
- pkgsrc/www/seamonkey/patches/patch-ac 1.4
- pkgsrc/www/seamonkey-gtk1/Makefile 1.17
- pkgsrc/www/seamonkey-bin/Makefile 1.17
- pkgsrc/www/seamonkey-bin/distinfo 1.14
Module Name: pkgsrc
Committed By: ghen
Date: Mon Oct 22 08:04:08 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile Makefile-seamonkey.common distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
pkgsrc/www/seamonkey-gtk1: Makefile
pkgsrc/www/seamonkey/patches: patch-ac
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to SeaMonkey 1.1.5.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
|
|
|
|
removal of ion3-devel
- pkgsrc/wm/Makefile 1.99
- pkgsrc/wm/ion3-devel/DESCR removed
- pkgsrc/wm/ion3-devel/Makefile removed
- pkgsrc/wm/ion3-devel/PLIST removed
- pkgsrc/wm/ion3-devel/distinfo removed
- pkgsrc/wm/ion3-devel/patches/patch-aa removed
- pkgsrc/wm/ion3-devel/patches/patch-ab removed
- pkgsrc/wm/ion3-devel/patches/patch-ac removed
- pkgsrc/wm/ion3-devel/patches/patch-ae removed
- pkgsrc/wm/ion3-devel/patches/patch-ag removed
- pkgsrc/wm/ion3-devel/patches/patch-ah removed
- pkgsrc/wm/ion3-devel/patches/patch-aj removed
- pkgsrc/wm/ion3-devel/patches/patch-ak removed
- pkgsrc/wm/ion3-devel/patches/patch-al removed
- pkgsrc/wm/ion3-devel/patches/patch-am removed
Module Name: pkgsrc
Committed By: tnn
Date: Sun Oct 28 12:31:57 UTC 2007
Modified Files:
pkgsrc/wm: Makefile
Removed Files:
pkgsrc/wm/ion3-devel: DESCR Makefile PLIST distinfo
pkgsrc/wm/ion3-devel/patches: patch-aa patch-ab patch-ac
patch-ae patch-ag patch-ah patch-aj patch-ak patch-al patch-am
Log Message:
Remove ion3-devel.
The holder of the Ion3(tm) trademark and copyright demands that
this package must be kept up-to-date at all times. We cannot comply
with such demands, especially considering that pkgsrc has
"stable branches".
(If anyone cares about this package, I suggest we maintain it in
pkgsrc-wip instead.)
|
|
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.49
- pkgsrc/www/firefox/distinfo 1.70
- pkgsrc/www/firefox/patches/patch-ac 1.10
- pkgsrc/www/firefox-bin/Makefile 1.35
- pkgsrc/www/firefox-bin/distinfo 1.33, 1.34, 1.35
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 08:59:56 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox/patches: patch-ac
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.8.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 19:47:43 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Add distinfo entries for Solaris {8,10}/{i386,sparc} as well.
Noted by dmcmahill.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Oct 20 10:42:37 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Remove empty lines to get rid of warnings in weekly pkgsrc checks on babylon5.
Suggested by veego.
|
|
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.24
- pkgsrc/www/drupal/distinfo 1.17
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Oct 18 13:01:36 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.3
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment
Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no
admin links for the module
See http://drupal.org/node/184395 for all the details
|
|
bugfix for "make readme"
- pkgsrc/mk/bsd.pkg.readme.mk 1.15
- pkgsrc/mk/scritps/genreadme.awk 1.29
- pkgsrc/mk/scritps/mkreadme 1.20
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 20 13:35:12 UTC 2007
Modified Files:
pkgsrc/mk: bsd.pkg.readme.mk
pkgsrc/mk/scripts: genreadme.awk mkreadme
Log Message:
Rename PKGTOOLS_VER to PKGTOOLS_VERSION and use that everywhere
Export PKGTOOLS_VERSION so that genreadme.awk can use it
This will sync the output between './mkreadme' and 'make readme'
|
|
|
|
bugfix update for postfix
- pkgsrc/mail/postfix/Makefile 1.208
- pkgsrc/mail/postfix/distinfo 1.114
Module Name: pkgsrc
Committed By: martti
Date: Mon Oct 22 06:15:20 UTC 2007
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.4.6
- A remote SMTP client TLS certificate with an unparsable canonical
name triggered a panic error in the Postfix SMTP server (attempt
to allocate zero-length memory) while sending a request to an
SMTPD policy server.
- On backup MX servers where the queue file system is mounted with
"atime" (file read/execute access time) updates disabled, the
flush daemon would trigger mail delivery attempts once every 1000
seconds, thus rendering the maximal_backoff_time setting useless
for backup MX service.
|
|
|
|
security fix for gdm
- pkgsrc/x11/gdm/Makefile 1.133
- pkgsrc/x11/gdm/distinfo 1.51
- pkgsrc/x11/gdm/patches/patch-am 1.3
- pkgsrc/x11/gdm/patches/patch-an 1.1
Module Name: pkgsrc
Committed By: hauke
Date: Thu Oct 11 09:35:11 UTC 2007
Added Files:
pkgsrc/x11/gdm/patches: patch-am patch-an
Log Message:
The code to verify user and password provided in
daemon/verify-{crypt,shadow}.c prints out the user name in various
places, where daemon/verify-pam.c code does not. Get out of sync with
the login dialog, and you'll have your password logged.
Adapt patches from the gdm 2.20 branch for
(1) not logging the user name in any sy slog error messages
(2) not localizing the log messages.
Fixes PR 31417.
|
|
|
|
security fix for openssl
- pkgsrc/security/openssl/Makefile 1.128
- pkgsrc/security/openssl/distinfo 1.56
- pkgsrc/security/openssl/patches/patch-ao 1.2
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Oct 21 17:52:53 UTC 2007
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
pkgsrc/security/openssl/patches: patch-ao
Log Message:
Full and proper fix for CVE-2007-5135
PKGREVISION++
|
|
|
|
|
|
|
|
|