Age | Commit message (Collapse) | Author | Files | Lines |
|
thunderbird, thunderbird-gtk1: update package for security fixes
revisions pulled up:
pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.36
pkgsrc/mail/thunderbird/PLIST 1.24
pkgsrc/mail/thunderbird/distinfo 1.46
pkgsrc/mail/thunderbird-gtk1/PLIST 1.14
pkgsrc/mail/thunderbird/patches/patch-af 1.5
pkgsrc/mail/thunderbird/patches/patch-ap 1.5
pkgsrc/mail/thunderbird/patches/patch-dw 1.2
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 22 09:42:15 UTC 2008
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/mail/thunderbird/patches: patch-af patch-ap patch-dw
Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.16.
Security fixes in this version:
MFSA 2008-34 Remote code execution by overflowing CSS reference counter
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-21 Crashes with evidence of memory corruption
For more info, see
+http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/
|
|
|
|
x11-links: update package for newer library version on mac os x
revisions pulled up:
pkgsrc/pkgtools/x11-links/Makefile 1.93
pkgsrc/pkgtools/x11-links/buildlink3.mk 1.14
pkgsrc/pkgtools/x11-links/files/xorg 1.7
pkgsrc/pkgtools/x11-links/files/xorg.Xcomposite 1.2
pkgsrc/pkgtools/x11-links/files/xorg.fontconfig 1.2
pkgsrc/pkgtools/x11-links/files/xorg.libXrandr 1.3
Module Name: pkgsrc
Committed By: tron
Date: Fri Aug 22 13:34:39 UTC 2008
Modified Files:
pkgsrc/pkgtools/x11-links: Makefile buildlink3.mk
pkgsrc/pkgtools/x11-links/files: xorg xorg.Xcomposite xorg.fontconfig
xorg.libXrandr
Log Message:
Update "x11-links" package to version 0.37:
Add newer library version as provided by Mac OS 10.5.4. Based on a patch
submitted by Brian de Alwis in PR pkg/39207.
Tested under NetBSD/i386 4.0_STABLE and Mac OS PPC 10.5.4.
|
|
|
|
zope211: security fix
Revisions pulled up:
- www/zope211/Makefile 1.3
- www/zope211/distinfo 1.3
- www/zope211/patches/patch-aj 1.1
- www/zope211/patches/patch-ak 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 17 15:13:23 UTC 2008
Modified Files:
pkgsrc/www/zope211: Makefile distinfo
Added Files:
pkgsrc/www/zope211/patches: patch-aj patch-ak
Log Message:
Add some changes from Zope's svn repository which should fix
Zope's security advisory 2008-08-12.
Bump PKGREVISION.
|
|
|
|
transfig: pullup workaround fix for pr
revisions pulled up:
pkgsrc/print/transfig/Makefile 1.36
pkgsrc/print/transfig/distinfo 1.15
pkgsrc/print/transfig/patches/patch-aa 1.11
Module Name: pkgsrc
Committed By: is
Date: Wed Aug 20 10:25:12 UTC 2008
Modified Files:
pkgsrc/print/transfig: Makefile distinfo
pkgsrc/print/transfig/patches: patch-aa
Log Message:
Workaround for my own PR 39379:
Don't -DUSE_INLINE - this creates "static inline", and the imake setup
at least on NetBSD-4/arm calls "cc -ansi", which, as being a c89 compiler,
refuses this c99 code (or so I've been told by C language lawyers).
(Maybe somebody can come up with a patch that does the right thing
wrt. this stuff for all our environments.)
|
|
|
|
zope210: patch for security fixes
revisions pulled up:
pkgsrc/www/zope210/Makefile 1.7
pkgsrc/www/zope210/distinfo 1.3
pkgsrc/www/zope210/patches/patch-aj 1.1
pkgsrc/www/zope210/patches/patch-ak 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 17 15:12:57 UTC 2008
Modified Files:
pkgsrc/www/zope210: Makefile distinfo
Added Files:
pkgsrc/www/zope210/patches: patch-aj patch-ak
Log Message:
Add some changes from Zope's svn repository which should fix
Zope's security advisory 2008-08-12.
Bump PKGREVISION.
|
|
awstats: security fix
Revisions pulled up:
- www/awstats/Makefile 1.38
- www/awstats/distinfo 1.21
- www/awstats/patches/patch-ac 1.1
---
Module Name: pkgsrc
Committed By: minskim
Date: Wed Aug 20 21:20:33 UTC 2008
Modified Files:
pkgsrc/www/awstats: Makefile distinfo
Added Files:
pkgsrc/www/awstats/patches: patch-ac
Log Message:
Fix XSS (http://secunia.com/advisories/31519/). Bump PKGREVISION.
|
|
|
|
zope29: security patch
Revisions pulled up:
- www/zope29/Makefile 1.20
- www/zope29/distinfo 1.7
- www/zope29/patches/patch-ak 1.1
- www/zope29/patches/patch-al 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 17 15:12:32 UTC 2008
Modified Files:
pkgsrc/www/zope29: Makefile distinfo
Added Files:
pkgsrc/www/zope29/patches: patch-ak patch-al
Log Message:
Add some changes from Zope's svn repository which should fix
Zope's security advisory 2008-08-12.
Bump PKGREVISION.
|
|
openttd: security update
Revisions pulled up:
- games/openttd/Makefile 1.28
- games/openttd/PLIST 1.11
- games/openttd/distinfo 1.13
- games/openttd/patches/patch-aa 1.7
---
Module Name: pkgsrc
Committed By: kefren
Date: Tue Aug 5 12:38:23 UTC 2008
Modified Files:
pkgsrc/games/openttd: Makefile PLIST distinfo
pkgsrc/games/openttd/patches: patch-aa
Log Message:
update to 0.6.2
not sure if midi music option is still available currently
|
|
sun-jdk15: security update
sun-jre15: security update
Revisions pulled up:
- lang/sun-jdk15/Makefile 1.32
- lang/sun-jdk15/distinfo 1.19
- lang/sun-jre15/Makefile 1.55
- lang/sun-jre15/PLIST.linux-i386 1.8
- lang/sun-jre15/PLIST.linux-x86_64 1.6
- lang/sun-jre15/distinfo 1.20
---
Module Name: pkgsrc
Committed By: he
Date: Fri Aug 15 15:06:36 UTC 2008
Modified Files:
pkgsrc/lang/sun-jdk15: Makefile distinfo
pkgsrc/lang/sun-jre15: Makefile PLIST.linux-i386 PLIST.linux-x86_64
distinfo
Log Message:
Update to Java 5.0 Update 16. Fixes a number of security vulnerabilities.
Also updates some root certificates and imports tzdata2008b.
Sun's release notes are at
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_16
|
|
|
|
turba: fix plist
revisions pulled up:
pkgsrc/mail/turba/Makefile 1.30
pkgsrc/mail/turba/PLIST 1.12
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 31 19:54:04 UTC 2008
Modified Files:
pkgsrc/mail/turba: Makefile PLIST
Log Message:
Add js directory which should fix PR 39253
PKGREVISION++
|
|
|
|
imp: fix package plist
revisions pulled up:
pkgsrc/mail/imp/Makefile 1.49
pkgsrc/mail/imp/PLIST 1.12
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 31 19:48:20 UTC 2008
Modified Files:
pkgsrc/mail/imp: Makefile PLIST
Log Message:
Add js directory which should fix PR 39253
PKGREVISION++
|
|
|
|
ipsec-tools: update package for cve
revisions pulled up:
pkgsrc/security/ipsec-tools/Makefile 1.28
pkgsrc/security/ipsec-tools/distinfo 1.15
Module Name: pkgsrc
Committed By: manu
Date: Sat Aug 16 06:55:18 UTC 2008
Modified Files:
pkgsrc/doc: CHANGES-2008
pkgsrc/security/ipsec-tools: Makefile distinfo
Log Message:
Update to ipsec-tools 0.7.1, fixes CVE-2008-3652
Changes since the 0.6 branch:
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
purge_ipsec_sp
i()
o Generates a log if cert validation has been disabled by
configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
|
|
|
|
bugzilla3: update package for security issues
revisions pulled up:
pkgsrc/devel/bugzilla3/Makefile 1.8
pkgsrc/devel/bugzilla3/PLIST 1.3
pkgsrc/devel/bugzilla3/distinfo 1.4
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Aug 17 09:24:38 UTC 2008
Modified Files:
pkgsrc/devel/bugzilla3: Makefile PLIST distinfo
Log Message:
Update to 3.0.5
* If you don't have permission to set a flag, it will now appear
unchangeable in the UI. (Bug 433851)
* If you were running mod_perl, Bugzilla was not correctly closing its
connections to the database since 3.0.3, and so sometimes the DB would run
out of connections. (Bug 441592)
* The installation script is now clear about exactly which Email:: modules
are required in Perl, thus avoiding the problem where emails show up with a
body like SCALAR(0xBF126795). (Bug 441541)
* email_in.pl is no longer case-sensitive for values of @product. (Bug
365697)
Also addresses a new security issue:
http://www.bugzilla.org/security/2.22.4/
|
|
|
|
bugzilla: update for security issue
revisions pulled up:
pkgsrc/devel/bugzilla/Makefile 1.32
pkgsrc/devel/bugzilla/distinfo 1.16
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Aug 17 09:21:47 UTC 2008
Modified Files:
pkgsrc/devel/bugzilla: Makefile distinfo
Log Message:
Update to 2.22.5
Addresses a new security issue:
http://www.bugzilla.org/security/2.22.4/
|
|
|
|
gnutls: update package for fixes
revisions pulled up:
pkgsrc/security/gnutls/Makefile 1.71
pkgsrc/security/gnutls/PLIST 1.32
pkgsrc/security/gnutls/distinfo 1.45
pkgsrc/security/gnutls/patches/patch-ad r0
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 30 17:17:21 UTC 2008
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-ad
Log Message:
update to gnutls-2.4.1
Changes:
** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
** libgnutls: Fix memory leaks when doing a re-handshake.
** Fix compiler warnings.
** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
** srptool: Fix a problem where --verify check does not succeed.
|
|
postfix-current: update package for fixes
revisions pulled up:
pkgsrc/mail/postfix-current/Makefile 1.99
pkgsrc/mail/postfix-current/distinfo 1.45
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:19:13 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
Log Message:
Updated mail/postfix-current to 2.6.20080814
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
|
|
|
|
postfix-current: update package for fixes
revisions pulled up:
pkgsrc/mail/postfix-current/Makefile 1.98
pkgsrc/mail/postfix-current/distinfo 1.44
Module Name: pkgsrc
Committed By: martti
Date: Wed Aug 13 07:34:44 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
Log Message:
Updated mail/postfix-current to 2.6.20080726
* Lots of bug fixes
|
|
|
|
postfix: update package for security fixes
revisions pulled up:
pkgsrc/mail/postfix/Makefile 1.218
pkgsrc/mail/postfix/distinfo 1.118
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:13:41 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.5.4
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
|
|
|
|
blobwars: remove at request of upstream author.
starfighter: remove at request of upstream author.
Revisions pulled up:
- games/Makefile 1.306
- games/blobwars/DESCR delete
- games/blobwars/Makefile delete
- games/blobwars/PLIST delete
- games/blobwars/distinfo delete
- games/blobwars/patches/patch-aa delete
- games/starfighter/DESCR delete
- games/starfighter/Makefile delete
- games/starfighter/PLIST delete
- games/starfighter/distinfo delete
- games/starfighter/patches/patch-aa delete
---
Module Name: pkgsrc
Committed By: gdt
Date: Sun Aug 17 13:09:42 UTC 2008
Modified Files:
pkgsrc/games: Makefile
Removed Files:
pkgsrc/games/blobwars: DESCR Makefile PLIST distinfo
pkgsrc/games/blobwars/patches: patch-aa
pkgsrc/games/starfighter: DESCR Makefile PLIST distinfo
pkgsrc/games/starfighter/patches: patch-aa
Log Message:
Remove blobwars and starfighter at request of upstream author.
|
|
|
|
drupal6: update for security fixes
revisions pulled up:
pkgsrc/www/drupal6/Makefile 1.6
pkgsrc/www/drupal6/distinfo 1.4
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 15 15:54:30 UTC 2008
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update drupal6 package to 6.4.
Drupal 6.4, 2008-08-13
----------------------
- Fixed a security issue (Cross site scripting, Arbitrary file uploads via
BlogAPI, Cross site request forgeries and Various Upload module
vulnerabilities), see SA-2008-047.
- Improved error messages during installation.
- Fixed a bug that prevented AHAH handlers to be attached to radios widgets.
- Fixed a variety of small bugs.
|
|
|
|
drupal: update package for security fixes
revisions pulled up:
pkgsrc/www/drupal/Makefile 1.32
pkgsrc/www/drupal/PLIST 1.7
pkgsrc/www/drupal/distinfo 1.23
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 15 15:54:08 UTC 2008
Modified Files:
pkgsrc/www/drupal: Makefile PLIST distinfo
Log Message:
Update drupal package to 5.10.
Drupal 5.10, 2008-08-13
-----------------------
- fixed a variety of small bugs.
- fixed security issues, (Cross site scripting, Arbitrary file uploads via
BlogAPI and Cross site request forgery), see SA-2008-047
|
|
|
|
Security update for amarok
Revisions pulled up:
- audio/amarok/Makefile 1.67
- audio/amarok/PLIST 1.29
- audio/amarok/distinfo 1.34
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Aug 15 12:52:57 UTC 2008
Modified Files:
pkgsrc/audio/amarok: Makefile PLIST distinfo
Log Message:
Update to 1.4.10:
VERSION 1.4.10
BUGFIX:
* Fix vulnerability in the Magnatune database parsing code. Secunia
Advisory #SA31418. Thanks to Google Alerts for notifying us about this
vulnerability.
|
|
|
|
jabberd: force preference on openssl (fixes pr)
revisions pulled up:
pkgsrc/chat/jabberd/Makefile 1.31
pkgsrc/chat/jabberd/distinfo 1.7
pkgsrc/chat/jabberd/patches/patch-aa 1.5
Module Name: pkgsrc
Committed By: obache
Date: Sun Aug 3 05:17:40 UTC 2008
Modified Files:
pkgsrc/chat/jabberd: Makefile distinfo
pkgsrc/chat/jabberd/patches: patch-aa
Log Message:
Force to pick up prefer OpenSSL.
Fixes PR 39198.
|
|
|
|
chrony: update package for fixes
revisions pulled up:
pkgsrc/net/chrony/Makefile 1.24
pkgsrc/net/chrony/distinfo 1.6
pkgsrc/net/chrony/patches/patch-ag 1.2
pkgsrc/net/chrony/patches/patch-ah 0
Module Name: pkgsrc
Committed By: sborrill
Date: Tue Aug 12 16:37:32 UTC 2008
Modified Files:
pkgsrc/net/chrony: Makefile distinfo
pkgsrc/net/chrony/patches: patch-ag
Removed Files:
pkgsrc/net/chrony/patches: patch-ah
Log Message:
Update to 1.23 and fix coredump on NetBSD 4.0 and later.
The changes in version 1.23 are
* Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD
* Fix serious sign-extension error in handling IP addresses
* RTC support can be excluded at compile time
* Make sources gcc-4 compatible
* Fix various compiler warnings
* Handle fluctuations in peer distance better.
* Fixed handling of stratum zero.
* Fix various problems for 64-bit systems
* Flush chronyc output streams after each command, to allow it to be
driven through pipes
* Manpage improvements
The changes in version 1.21 are
* Don't include Linux kernel header files any longer : allows chrony to
compile on recent distros.
* Stop trying to use RTC if continuous streams of error messages would
occur (Linux with HPET).
|
|
|
|
Security fix
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.28
- pkgsrc/www/apache22/distinfo 1.12
- pkgsrc/www/apache22/patches/patch-ab 1.8
Module Name: pkgsrc
Committed By: tron
Date: Sat Aug 9 22:16:44 UTC 2008
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-ab
Log Message:
Add patch from Apache SVN repository to avoid cross-site scripting attacks
in the FTP proxy module. This fixes the security vulnerability reported
in CVE-2008-2939.
To generate a diff of this commit:
cvs rdiff -r1.27 -r1.28 pkgsrc/www/apache22/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/www/apache22/distinfo
cvs rdiff -r0 -r1.8 pkgsrc/www/apache22/patches/patch-ab
|
|
|
|
powerdns: security fix
revisions pulled up:
pkgsrc/net/powerdns/Makefile 1.4
pkgsrc/net/powerdns/distinfo 1.3
pkgsrc/net/powerdns/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: ghen
Date: Mon Aug 11 13:59:48 UTC 2008
Modified Files:
pkgsrc/net/powerdns: Makefile distinfo
Added Files:
pkgsrc/net/powerdns/patches: patch-ac
Log Message:
Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
mailformed queries instead of just dropping them (as this facilitates
DNS spoofing attacks). Bump PKGREVISION.
|
|
|
|
ruby-curses, ruby, ruby18-base, ruby-tk: security fix
revisions pulled up
pkgsrc/lang/ruby/rubyversion.mk 1.44
pkgsrc/lang/ruby18-base/distinfo 1.17
pkgsrc/devel/ruby-curses/distinfo 1.33
pkgsrc/x11/ruby-tk/distinfo 1.20
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 06:58:33 UTC 2008
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby18-base: distinfo
Log Message:
Update ruby18-base to 1.8.7.72 (Ruby 1.8.7-p72).
These packages are implicitly updated with distfile update only.
databases/ruby-gdbm
devel/ruby-readline
lang/ruby
lang/ruby18
Here's quote from release announce:
Sorry for a fuss, but it turned out that taintness check of dl in last
releases I made was incomplete. Here are fixes for that.
And relevant changes:
Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
* ext/dl/dl.c (rb_ary_to_ptr): ditto.
* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
well.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 06:59:40 UTC 2008
Modified Files:
pkgsrc/devel/ruby-curses: distinfo
Log Message:
Update ruby-curses package to 1.8.7.72.
It is distfile change only.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 06:59:55 UTC 2008
Modified Files:
pkgsrc/x11/ruby-tk: distinfo
Log Message:
Update ruby-curses package to 1.8.7.72.
It is distfile change only.
|
|
|