| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
latest update for clamav
- pkgsrc/mail/clamav/Makefile 1.81
- pkgsrc/mail/clamav/PLIST 1.19
- pkgsrc/mail/clamav/distinfo 1.49
- pkgsrc/mail/clamav/patches/patch-ad 1.13
- pkgsrc/mail/clamav/patches/patch-ah 1.12
Module Name: pkgsrc
Committed By: martti
Date: Tue Dec 18 08:16:11 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile PLIST distinfo
pkgsrc/mail/clamav/patches: patch-ad patch-ah
Log Message:
Updated mail/clamav to 0.92
This release provides various bugfixes, optimisations and improvements
to the scanning engine. The new features include support for ARJ and
SFX-ARJ archives, AutoIt, basic SPF parser in clamav-milter (to reduce
phishing false-positives), faster scanning and others (see ChangeLog).
To get a consistent behaviour of the anti-phishing module on all platforms,
libclamav now includes the regex library from OpenBSD.
|
|
security fix for ruby-gnome2-gtk
- pkgsrc/x11/ruby-gnome2-gtk/Makefile 1.10
- pkgsrc/x11/ruby-gnome2-gtk/distinfo 1.2
- pkgsrc/x11/ruby-gnome2-gtk/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: obache
Date: Mon Dec 17 02:59:59 UTC 2007
Modified Files:
pkgsrc/x11/ruby-gnome2-gtk: Makefile distinfo
Added Files:
pkgsrc/x11/ruby-gnome2-gtk/patches: patch-ab
Log Message:
Added a patch for fixing format string vulnerability (CVE-2007-6183).
http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2?view=rev&revision=2720
Bump PKGREVISION.
|
|
|
|
build fix for p5-Math-Pari
- pkgsrc/math/p5-Math-Pari/distinfo 1.9
- pkgsrc/math/p5-Math-Pari/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: obache
Date: Sun Oct 14 08:08:53 UTC 2007
Modified Files:
pkgsrc/math/p5-Math-Pari: distinfo
Added Files:
pkgsrc/math/p5-Math-Pari/patches: patch-ac
Log Message:
Fix build problem on NetBSD/i386.
Patch provided by Yakovetsky Vladimir in PR 36934,
same as math/pari/patches/patch-ac.
|
|
build fix for kphotobook
- pkgsrc/graphics/kphotobook/distinfo 1.3
- pkgsrc/graphics/kphotobook/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Oct 30 21:24:14 UTC 2007
Modified Files:
pkgsrc/graphics/kphotobook: distinfo
Added Files:
pkgsrc/graphics/kphotobook/patches: patch-ac
Log Message:
make this compile (with newer KDE/qt?), from Phil Nelson per PR pkg/37199
|
|
build fix for sawfish
- pkgsrc/wm/sawfish/distinfo 1.12
- pkgsrc/wm/sawfish/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: tnn
Date: Sat Oct 20 14:13:45 UTC 2007
Modified Files:
pkgsrc/wm/sawfish: distinfo
Added Files:
pkgsrc/wm/sawfish/patches: patch-ac
Log Message:
Fix, hopefully, problem spotted in 2007Q3 bulk builds when using
XFree86.
|
|
bugfix for mrtg
- pkgsrc/net/mrtg/Makefile 1.83, 1.84
- pkgsrc/net/mrtg/PLIST 1.11
Module Name: pkgsrc
Committed By: mishka
Date: Fri Nov 9 16:41:51 UTC 2007
Modified Files:
pkgsrc/net/mrtg: Makefile PLIST
Log Message:
SNMPv3 requires the Net_SNMP_util.pm custom library.
---
Module Name: pkgsrc
Committed By: mishka
Date: Fri Nov 30 09:51:52 UTC 2007
Modified Files:
pkgsrc/net/mrtg: Makefile
Log Message:
The pkgsrc developer's guide says: "... changes that do merit an
increase to PKGREVISION include: Changes to the PLIST" [1]. DTRT.
[1] http://www.NetBSD.org/docs/pkgsrc/fixes.html#bumping-pkgrevision
|
|
security update for py-django
- pkgsrc/www/py-django/Makefile 1.9
- pkgsrc/www/py-django/distinfo 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Thu Nov 1 21:24:02 UTC 2007
Modified Files:
pkgsrc/www/py-django: Makefile distinfo
Log Message:
Update to Django 0.96.1: Fix a DOS in the i18n layer.
|
|
|
|
security update for wireshark
- pkgsrc/net/wireshark/Makefile 1.13
- pkgsrc/net/wireshark/PLIST 1.7
- pkgsrc/net/wireshark/distinfo 1.9
Module Name: pkgsrc
Committed By: tron
Date: Sat Dec 15 13:53:27 UTC 2007
Modified Files:
pkgsrc/net/wireshark: Makefile PLIST distinfo
Log Message:
Update "wireshark" package to version 0.99.7pre2. Changes since
version 0.99.6:
- Fixes for the security problems reported in "wnpa-sec-2007-03"
- Most of the capture code has been moved out of the GUI, which means
that Wireshark no longer needs to be run as root.
- Many display filter names have been cleaned up. If your favorite
display filter just went missing, please consult the display filter
reference to find out where it ended up.
- You can now filter directly on SNMP OIDs.
- IO graphs have more display options, and you can now export graphs.
- You can now follow UDP streams in addition to TCP and SSL streams.
- You can now disable coloring rules without deleting them.
- Main window toolbar buttons are now available even when the window is
small.
- Optimizations have been applied in some places to make Wireshark start up
and run faster.
- New Protocol Support
ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT,
ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah,
IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN,
WiMAX ASN Control Plane, X.224
- Updated Protocol Support
3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP,
Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT,
CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC
ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI,
DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS,
DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE,
FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP,
IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS,
ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP,
MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2,
MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER,
PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP,
Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP,
RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB,
SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP,
text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX,
WLCCP, X.411, X.420, X.509 SAT, XML
- New and Updated Capture File Support
Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks,
Windows Sniffer (NetXRay)
|
|
security update for openoffice2-bin
- pkgsrc/misc/openoffice2-bin/Makefile 1.34
- pkgsrc/misc/openoffice2-bin/distinfo 1.13
Module Name: pkgsrc
Committed By: tron
Date: Sat Dec 15 13:32:17 UTC 2007
Modified Files:
pkgsrc/misc/openoffice2-bin: Makefile distinfo
Log Message:
Update "openoffice2-bin" package to version 2.3.1.
This update provides a fix for the security vulnerability reported in
CVE-2007-4575 and a lot of other bug-fixes.
The complete release notes are available here:
http://development.openoffice.org/releases/2.3.1.html
|
|
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97
- pkgsrc/mail/squirrelmail/PLIST 1.25
- pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46
- pkgsrc/mail/squirrelmail/options.mk 1.7
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 14 20:44:35 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Updated mail/squirrelmail to 1.4.13
(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Dec 15 13:58:12 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
Bump PKG_REVISION.
|
|
security update for mysql5
- pkgsrc/databases/mysql5-client/Makefile 1.11, 1.12, 1.14
- pkgsrc/databases/mysql5-client/Makefile.common 1.26, 1.28
- pkgsrc/databases/mysql5-client/PLIST 1.8, 1.9
- pkgsrc/databases/mysql5-client/distinfo 1.20, 1.21
- pkgsrc/databases/mysql5-client/patches/patch-ad 1.7
- pkgsrc/databases/mysql5-server/Makefile 1.20
- pkgsrc/databases/mysql5-server/PLIST 1.12
- pkgsrc/databases/mysql5-server/distinfo 1.17
- pkgsrc/databases/mysql5-server/patches/patch-ab 1.5
- pkgsrc/databases/mysql5-server/patches/patch-ak 1.4
- pkgsrc/databases/mysql5-server/patches/patch-an 1.4
Module Name: pkgsrc
Committed By: rillig
Date: Fri Oct 12 14:32:46 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo
pkgsrc/databases/mysql5-client/patches: patch-ad
Log Message:
The mysql.info file is not rebuilt anymore, so it is safe to install the
documentation.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Oct 14 17:43:33 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile PLIST
Log Message:
The file manual.chm is installed additionally, since it is much more
comfortable to browse than the GNU info file.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Dec 14 13:36:54 UTC 2007
Modified Files:
pkgsrc/databases/mysql5-client: Makefile Makefile.common distinfo
pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
pkgsrc/databases/mysql5-server/patches: patch-ab patch-ak patch-an
Log Message:
Update "mysql5-client" and "mysql5-server" packages to version 5.0.51.
This version fixes a lot of bugs including the security vulnerability
reported in CVE-2007-5969.
A complete list of the changes can be found here:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
|
|
|
|
security update for ruby-actionpack
- pkgsrc/databases/ruby-activerecord/Makefile 1.10
- pkgsrc/databases/ruby-activerecord/distinfo 1.10
- pkgsrc/devel/ruby-activesupport/Makefile 1.12
- pkgsrc/devel/ruby-activesupport/distinfo 1.10
- pkgsrc/mail/ruby-actionmailer/Makefile 1.9
- pkgsrc/mail/ruby-actionmailer/distinfo 1.10
- pkgsrc/www/rails/Makefile 1.6
- pkgsrc/www/rails/PLIST 1.3
- pkgsrc/www/rails/distinfo 1.5
- pkgsrc/www/rails/patches/patch-ab 1.4
- pkgsrc/www/ruby-actionpack/Makefile 1.9, 1.10
- pkgsrc/www/ruby-actionpack/PLIST 1.10
- pkgsrc/www/ruby-actionpack/distinfo 1.10, 1.11
- pkgsrc/www/ruby-actionwebservice/Makefile 1.8
- pkgsrc/www/ruby-actionwebservice/distinfo 1.9
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 02:56:02 UTC 2007
Modified Files:
pkgsrc/devel/ruby-activesupport: Makefile distinfo
Log Message:
Update ruby-activesupport to 1.4.4.
Changes:
* Backport: allow array and hash query parameters. Array route
parameters are converted/to/a/path as before.
* Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read
files or stdin.
* Document Object#blank?.
* Update Dependencies to ignore constants inherited from ancestors.
* Improved multibyte performance by relying less on exception raising
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:17:32 UTC 2007
Modified Files:
pkgsrc/www/ruby-actionpack: Makefile PLIST distinfo
Log Message:
Update ruby-actionpack to 1.13.5.
Changes:
* Backport: allow array and hash query parameters. Array route
parameters are converted/to/a/path as before. #6765, #7047, #7462 [bgipsy,
Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou]
* Fix in place editor's setter action with non-string fields. #7418
[Andreas]
* Only accept session ids from cookies, prevents session fixation
attacks.
* Change the resource seperator from ; to / change the generated
routes to use the new-style named routes. e.g. new_group_user_path(@group)
instead of group_new_user_path(@group). [pixeltrix]
* Integration tests: introduce methods for other HTTP methods. #6353
[caboose]
* Improve performance of action caching. Closes #8231 [skaes]
* Fix errors with around_filters which do not yield, restore 1.1
behaviour with after filters. Closes #8891 [skaes]
* Allow you to delete cookies with options. Closes #3685
* Deprecate pagination. Install the classic_pagination plugin for
forward compatibility, or move to the superior will_paginate plugin. #8157
* Fix filtered parameter logging with nil parameter values. #8422
[choonkeat]
* Integration tests: alias xhr to xml_http_request and add a
request_method argument instead of always using POST. #7124
* Document caches_action. #5419 [Jarkko Laine]
* observe_form always sends the serialized form. #5271
* Update UrlWriter to accept :anchor parameter. Closes #6771.
[octopod]
* Replace the current block/continuation filter chain handling by an
implementation based on a simple loop. Closes #8226 [Stefan Kaes]
* Return the string representation from an Xml Builder when
rendering a partial. #5044 [tpope]
* Cleaned up, corrected, and mildly expanded ActionPack
documentation. Closes #7190 [jeremymcanally]
* Small collection of ActionController documentation cleanups.
Closes #7319
* Performance: patch cgi/session/pstore to require digest/md5 once
rather than per #initialize. #7583 [Stefan Kaes]
* Deprecation: verification with :redirect_to => :named_route
shouldn't be deprecated. #7525 [Justin French]
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:05:39 UTC 2007
Modified Files:
pkgsrc/databases/ruby-activerecord: Makefile distinfo
Log Message:
Update ruby-activerecord to 1.15.5.
Changes:
* Depend on Action Pack 1.4.4
* Fix #count on a has_many :through association so that it
recognizes the :uniq option. Closes #8801 [lifofifo]
* Don't clobber includes passed to has_many.count [danger]
* Make sure has_many uses :include when counting [danger]
* Save associated records only if the association is already
loaded. #8713
* Changing the :default Date format doesn't break date quoting. #6312
* Allow nil serialized attributes with a set class constraint. #7293
* belongs_to assignment creates a new proxy rather than modifying
its target in-place. #8412 [mmangino@elevatedrails.com]
* Fix column type detection while loading fixtures. Closes #7987
[roderickvd]
* Document deep eager includes. #6267 [Josh Susser, Dan Manges]
* Oracle: extract column length for CHAR also. #7866 [ymendel]
* Small additions and fixes for ActiveRecord documentation. Closes
#7342
* SQLite: binary escaping works with $KCODE='u'. #7862 [tsuka]
* Improved cloning performance by relying less on exception raising
#8159
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:26:23 UTC 2007
Modified Files:
pkgsrc/mail/ruby-actionmailer: Makefile distinfo
Log Message:
Update ruby-actionmailer to 1.3.5.
Changes:
* Depend on Action Pack 1.13.5
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 03:31:02 UTC 2007
Modified Files:
pkgsrc/www/ruby-actionwebservice: Makefile distinfo
Log Message:
Update ruby-actionwebservice to 1.2.5.
Changes:
* Depend on Action Pack 1.13.5
* Depend on Active Record 1.15.5
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Oct 16 04:03:43 UTC 2007
Modified Files:
pkgsrc/www/rails: Makefile PLIST distinfo
pkgsrc/www/rails/patches: patch-ab
Log Message:
Update rails to 1.2.5.
Changes:
* Correct RAILS_GEM_VERSION regexp. Use =version gem requirement
instead of ~>version so you don't get surprised by a beta gem in
production. This change means upgrading to 1.2.5 will require a boot.rb
upgrade.
* Move custom inflections example so available before route
generation.
* Add a new rake task to aid debugging of named routes.
* use Gem.find_name instead of search when freezing gems. Prevent
false positives for other gems with rails in the name. Closes #8729
[wselman]
* Fix syntax error in dispatcher than wrecked failsafe responses.
* Add Active Resource to rails:freeze:edge and drop Action Web
Service.
* Give generate scaffold a more descriptive database message.
Closes #7316
* Canonicalize RAILS_ROOT by using File.expand_path on Windows,
which doesn't have to worry about symlinks, and Pathname#realpath
elsewhere, which respects symlinks in relative paths but is incompatible
with Windows. #6755 [Jeremy Kemper, trevor]
---
Module Name: pkgsrc
Committed By: minskim
Date: Mon Dec 10 05:47:03 UTC 2007
Modified Files:
pkgsrc/www/ruby-actionpack: Makefile distinfo
Log Message:
Update ruby-actionpack to 1.13.6.
Changes:
* Correct Broken Fix for session_fixation attacks
* Ensure that cookies handle array values correctly. Closes #9937
[queso]
|
|
|
|
bugfix update for squirrelmail (squirrelmail-japanese option)
- pkgsrc/mail/squirrelmail/distinfo 1.44
- pkgsrc/mail/squirrelmail/options.mk 1.6
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 5 11:25:57 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: distinfo options.mk
Log Message:
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
|
|
security update for squid
- pkgsrc/www/squid/Makefile 1.197-1.199
- pkgsrc/www/squid/distinfo 1.135
- pkgsrc/www/squid/patches/patch-av removed
Module Name: pkgsrc
Committed By: wiz
Date: Mon Nov 12 00:15:00 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove ftp.leo.org from MASTER_SITES, doesn't resolve.
From Zafer Aydogan in PR 37341.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Dec 2 11:46:11 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove Ex-MASTER_SITE. From Zafer Aydogan.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 2 14:47:08 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Removed Files:
pkgsrc/www/squid/patches: patch-av
Log Message:
Update squid package to 2.6.17 (2.6.STABLE17).
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.25
- pkgsrc/www/drupal/distinfo 1.18
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Dec 5 23:16:19 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
This release fixes a security vulnerability. Sites are urged to upgrade
immediately. For more details, please see the security announcement:
* SA-2007-031 - Drupal core - SQL Injection possible when certain
contributed modules are enabled
In addition to this security vulnerability, the following bugs have been
fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not
accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order
comments by cid (ie. original submission order) instead of timestamp
(ie. last editing time order) to avoid comments jumping around when
being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap()
not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft
carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in
install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited
accounts so they are exempt from the spam protection we have for
accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no
taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
|
|
|
|
security update for php5
- pkgsrc/lang/php5/Makefile 1.62
- pkgsrc/lang/php5/Makefile.common 1.28
- pkgsrc/lang/php5/distinfo 1.50
- pkgsrc/lang/php5/patches/patch-ao removed
- pkgsrc/lang/php5/patches/patch-ar removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Nov 23 13:20:01 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ao patch-ar
Log Message:
Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions.
Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported by
SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to
non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using
ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(),
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale
rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
|
|
|
|
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.95
- pkgsrc/mail/squirrelmail/PLIST 1.24
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.17
- pkgsrc/mail/squirrelmail/distinfo 1.43
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.14
Module Name: pkgsrc
Committed By: martti
Date: Wed Dec 5 07:11:29 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
|
|
|
|
security update for ircservices
- pkgsrc/chat/ircservices/Makefile 1.31
- pkgsrc/chat/ircservices/distinfo 1.13
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Nov 24 00:47:37 UTC 2007
Modified Files:
pkgsrc/chat/ircservices: Makefile distinfo
Log Message:
Update to 5.0.63
2007/06/10 .62 Backported 5.1 fix for a bug allowing guest nicknames to be
linked.
This release fixes two security-related bugs discovered in version 5.1 which
are also present in 5.0.
|
|
security fix for cups
- pkgsrc/print/cups/Makefile 1.127-1.128
- pkgsrc/print/cups/distifno 1.53
- pkgsrc/print/cups/patches/patch-au 1.9
Module Name: pkgsrc
Committed By: dsainty
Date: Mon Oct 22 11:56:46 UTC 2007
Modified Files:
pkgsrc/print/cups: Makefile
Log Message:
Fix the output of "cups-config --ldflags" to output "-Wl,-R/usr/pkg" like
other config scripts do.
Bump PKGREVISION since client software may not correctly build or run
without this fix.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Nov 5 20:16:19 UTC 2007
Modified Files:
pkgsrc/print/cups: Makefile distinfo
Added Files:
pkgsrc/print/cups/patches: patch-au
Log Message:
Fix for CVE-2007-4351
PKGREVISION++
|
|
security update for mantis
- pkgsrc/devel/mantis/Makefile 1.28
- pkgsrc/devel/mantis/PLIST 1.10
- pkgsrc/devel/mantis/distinfo 1.10
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 27 22:31:10 UTC 2007
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Update to 1.0.8
- 0007902: [bugtracker] constant_inc is missing statement in 1.0.7 (vboctor)
- 0008020: [installation] Port 7907: Allow using system adodb (giallu)
- 0008029: [localization] Spelling mistake in value of string
$s_by_severity file lang/strings_spanish.txt (giallu)
- 0008019: [other] Port 5333: Invalid zip file core/adodb/adodb-time.zip
in CVS (giallu)
- 0007939: [rss] Port 7738: Replace non free RSS creation class (vboctor)
2007.04.04 - 1.0.7
- 0007743: [security] Port: CVE-2006-6574 (vboctor)
- 0007772: [security] email notifications bypass security on custom
fields (vboctor)
- 0007784: [security] XSS vulnerabilities (vboctor)
- 0007774: [custom fields] custom fields not stored correctly in bug
history (vboctor)
- 0007783: [filters] Port: Dynamic filter selection (XMLHTTPRequest)
broken when using IE7
(vboctor)
|
|
|
|
security update for openldap
Revisions pulled up:
- pkgsrc/databases/openldap/Makefile 1.122
- pkgsrc/databases/openldap/Makefile.common 1.11
- pkgsrc/databases/openldap/distinfo 1.59
- pkgsrc/databases/openldap-doc/Makefile 1.8
Module Name: pkgsrc
Committed By: ghen
Date: Sun Nov 18 19:46:16 UTC 2007
Modified Files:
pkgsrc/databases/openldap: Makefile Makefile.common distinfo
pkgsrc/databases/openldap-doc: Makefile
Log Message:
Update openldap packages to 2.3.39, the latest stable release.
The next stable release will be 2.4.x.
OpenLDAP 2.3.39 Release (2007/10/26)
Fixed slapd database/overlay config conflict (ITS#4848)
Fixed slapd password_hash config order (ITS#5082)
Fixed slapd slap_mods_check bug (ITS#5119)
Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
Fixed slapd ordered values add normalization issue (ITS#5136)
Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
Fixed slapd-ldap search control parsing (ITS#5138)
Fixed slapd-ldap SASL idassert w/o authcId
Fixed slapd-ldif directory separators in DN (ITS#5172)
Fixed slapd-meta conn caching on bind failure (ITS#5154)
Fixed slapd-meta bind timeout assertion (ITS#5185)
Fixed slapd-sql concurrency issue (ITS#5095)
Fixed slapo-chain double-free (ITS#5137)
Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
Fixed slapo-rwm modlist handling (ITS#5124)
Fixed slapo-rwm UUID in filter (ITS#5168)
Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
Fixed liblber Windows x64 portability (ITS#5105)
Fixed libldap ppolicy control creation (ITS#5103)
Build Environment
Fixed termios macro check (ITS#4880)
Updated Makefiles
Documentation
Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134)
Added slapd-sql(5) empty oc mapping workaround (ITS#4785)
Added max-depth/return-error to slapo-chain(5)
slapadd/slapindex note about file ownership (ITS#5166)
slapcat note about using against running slapd (ITS#5028)
Fixed Admin Guide URL in README (ITS#5107)
|
|
|
|
security update for apache-tomcat
- pkgsrc/www/apache-tomcat55/Makefile 1.12
- pkgsrc/www/apache-tomcat55/PLIST 1.4
- pkgsrc/www/apache-tomcat55/distinfo 1.5
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Nov 20 22:13:30 UTC 2007
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Update to 5.5.25
Fix install permissions to silence checkperms
In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an
env-entry in web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation
path contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
For all the details see:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
|
|
|
|
security update for samba
- pkgsrc/net/samba/Makefile 1.175-1.177
- pkgsrc/net/samba/Makefile.patches 1.5-1.6
- pkgsrc/net/samba/PLIST 1.37
- pkgsrc/net/samba/distinfo 1.55-1.57
- pkgsrc/net/samba/options.mk 1.22
- pkgsrc/net/samba/patches/patch-ag 1.7
- pkgsrc/net/samba/patches/patch-ai removed
- pkgsrc/net/samba/patches/patch-aj removed
- pkgsrc/net/samba/patches/patch-al removed
- pkgsrc/net/samba/patches/patch-am removed
- pkgsrc/net/samba/patches/patch-au 1.7
- pkgsrc/net/samba/patches/patch-au 1.7
- pkgsrc/net/samba/patches/patch-av 1.3
- pkgsrc/net/samba/patches/patch-ay 1.3
- pkgsrc/net/samba/patches/patch-ba 1.5-1.6
- pkgsrc/net/samba/patches/patch-bb removed
- pkgsrc/net/samba/patches/patch-bc 1.2
- pkgsrc/net/samba/patches/patch-bd 1.3
- pkgsrc/net/samba/patches/patch-be 1.3
- pkgsrc/net/samba/patches/patch-bf removed
- pkgsrc/net/samba/patches/patch-bh 1.3
- pkgsrc/net/samba/patches/patch-bi 1.5
- pkgsrc/net/samba/patches/patch-bj removed
- pkgsrc/net/samba/patches/patch-bk removed
- pkgsrc/net/samba/patches/patch-bo 1.4
- pkgsrc/net/samba/patches/patch-bp 1.4
- pkgsrc/net/samba/patches/patch-br 1.3
- pkgsrc/net/samba/patches/patch-bs 1.4
- pkgsrc/net/samba/patches/patch-bt 1.3
- pkgsrc/net/samba/patches/patch-bu 1.5
- pkgsrc/net/samba/patches/patch-bw 1.4
- pkgsrc/net/samba/patches/patch-bx removed
- pkgsrc/net/samba/patches/patch-by removed
- pkgsrc/net/samba/patches/patch-bz removed
- pkgsrc/net/samba/patches/patch-ca 1.4
- pkgsrc/net/samba/patches/patch-ce 1.1
- pkgsrc/net/samba/patches/patch-cf 1.1
- pkgsrc/net/samba/patches/patch-cg 1.1
- pkgsrc/net/samba/patches/patch-ch 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 28 07:28:51 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile Makefile.patches PLIST distinfo options.mk
pkgsrc/net/samba/patches: patch-ag patch-at patch-au patch-av patch-ay
patch-ba patch-bc patch-bd patch-be patch-bh patch-bi patch-bo
patch-bp patch-br patch-bs patch-bt patch-bu patch-bw patch-ca
Added Files:
pkgsrc/net/samba/patches: patch-ce patch-cf patch-cg patch-ch
Removed Files:
pkgsrc/net/samba/patches: patch-ai patch-aj patch-al patch-am patch-bb
patch-bf patch-bj patch-bk patch-bx patch-by patch-bz
Log Message:
Update samba to 3.0.26a.
pkgsrc change: Add support for DESTDIR.
Changes from 3.0.24 are huge, please refer WHATSNEW.txt.
<http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_26/WHATSNEW.txt?rev=22651&view=markup>
---
Module Name: pkgsrc
Committed By: rillig
Date: Tue Nov 6 00:47:53 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile distinfo
pkgsrc/net/samba/patches: patch-ba
Log Message:
Fixed an expansion of @mandir@ that accidentally got into patch-ba in
revision 1.5.
PKGREVISION++
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Nov 16 11:41:38 UTC 2007
Modified Files:
pkgsrc/net/samba: Makefile Makefile.patches distinfo
Log Message:
Apply security fixes for CVE-2007-4572 and CVE-2007-5398 released by the
Samba project. Bump package revision.
|
|
|
|
security update for thunderbird
- pkgsrc/mail/thunderbird/Makefile 1.30 via patch
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.31
- pkgsrc/mail/thunderbird/distinfo 1.42
- pkgsrc/mail/thunderbird/patches/patch-ac 1.8
Module Name: pkgsrc
Committed By: tron
Date: Thu Nov 15 15:05:23 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo
pkgsrc/mail/thunderbird/patches: patch-ac
Log Message:
Update "thunderbird" package to version 2.0.0.9. It fixes the following
security problems:
- MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
- MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
|
|
|
|
security fix for kdegraphics3
- pkgsrc/graphics/kdegraphics3/Makefile 1.75 via patch
- pkgsrc/graphics/kdegraphics3/distinfo 1.48 via patch
Module Name: pkgsrc
Committed By: markd
Date: Thu Nov 8 21:30:57 UTC 2007
Modified Files:
pkgsrc/graphics/kdegraphics3: Makefile distinfo
Log Message:
Another xpdf issue
http://www.kde.org/info/security/advisory-20071107-1.txt
|
|
|
|
security update for phpmyadmin
- pkgsrc/databases/phpmyadmin/Makefile 1.62
- pkgsrc/databases/phpmyadmin/PLIST 1.18
- pkgsrc/databases/phpmyadmin/distinfo 1.30
Module Name: pkgsrc
Committed By: tron
Date: Mon Nov 12 14:05:26 UTC 2007
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.2.1.
Change since version 2.10.2:
- creating VIEWs from query results
- managing triggers, procedures and functions
- supports MySQL 5.0.37 query profiling
- improved interface for servers hosting thousands of databases and tables.
- security fixes for PMASA-2007-5, PMASA-2007-6 and PMASA-2007-7
|
|
|
|
security fix for koffice
- pkgsrc/misc/koffice/Makefile 1.98
- pkgsrc/misc/koffice/distinfo 1.43
Module Name: pkgsrc
Committed By: markd
Date: Thu Nov 8 21:36:03 UTC 2007
Modified Files:
pkgsrc/misc/koffice: Makefile distinfo
Log Message:
Another xpdf issue
http://www.kde.org/info/security/advisory-20071107-1.txt
PKGREVISION++
|
|
security fix for perl
- pkgsrc/lang/perl5/Makefile 1.129
- pkgsrc/lang/perl5/distinfo 1.43
- pkgsrc/lang/perl5/patches/patch-da 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Nov 6 19:54:53 UTC 2007
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
|
|
|
|
security update for libpurple/pidgin/finch
- pkgsrc/chat/finch/Makefile 1.9
- pkgsrc/chat/finch/PLIST 1.4
- pkgsrc/chat/libpurple/Makefile.common 1.7
- pkgsrc/chat/libpurple/PLIST 1.7
- pkgsrc/chat/libpurple/buildlink3.mk 1.4
- pkgsrc/chat/libpurple/distinfo 1.10
- pkgsrc/chat/pidgin/buildlink3.mk 1.4
- pkgsrc/chat/pidgin/distinfo 1.6
Module Name: pkgsrc
Committed By: tnn
Date: Sat Nov 3 15:59:18 UTC 2007
Modified Files:
pkgsrc/chat/finch: Makefile PLIST
pkgsrc/chat/libpurple: Makefile.common PLIST buildlink3.mk
distinfo pkgsrc/chat/pidgin: buildlink3.mk
pkgsrc/chat/pidgin-silc: distinfo
Log Message:
Update pidgin IM suite to 2.2.2 for the CVE-2007-4999 fix.
(A remote user can cause a DoS by sending a message with invalid HTML.)
version 2.2.2 (10/23/2007):
http://developer.pidgin.im/query?status=closed&milestone=2.2.2
NOTE: Due to the way this release was made, it is possible that
bugs marked as fixed in 2.2.1 or 2.2.2 will not be fixed
until the next release.
* Various bug and memory leak fixes
|
|
|
|
build fix for shared-mime-info
- pkgsrc/databases/shared-mime-info/distinfo patch
- pkgsrc/databases/shared-mime-info/patches/patch-ab 1.3 via patch
- pkgsrc/databases/shared-mime-info/patches/patch-ac 1.1 via patch
Module Name: pkgsrc
Committed By: joerg
Date: Sat Nov 3 16:37:44 UTC 2007
Modified Files:
pkgsrc/databases/shared-mime-info: distinfo
Added Files:
pkgsrc/databases/shared-mime-info/patches: patch-ab patch-ac
Log Message:
Remove INCOMPAT_GETTEXT and the automatic rebuilding of the PO files.
This fixes the build on older NetBSD systems in a clean way.
|
|
|
|
NetBSD-4 (at least). Else pkg_sync and pkg_tarup won't work.
|
|
|
