Age | Commit message (Collapse) | Author | Files | Lines |
|
multimedia/mplayer-plugin: build fix
Revisions pulled up;
- multimedia/mplayer-plugin/distinfo 1.2
- multimedia/mplayer-plugin/patches/patch-aa 1.2
- multimedia/mplayer-plugin/patches/patch-ab delete
- multimedia/mplayer-plugin/patches/patch-ad delete
- multimedia/mplayer-plugin/patches/patch-ag 1.2
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Apr 21 15:58:03 UTC 2010
Modified Files:
pkgsrc/multimedia/mplayer-plugin: distinfo
pkgsrc/multimedia/mplayer-plugin/patches: patch-aa patch-ag
Removed Files:
pkgsrc/multimedia/mplayer-plugin/patches: patch-ab patch-ad
Log Message:
fix xulrunner-1.9.2.x build breakage reported on pkgsrc-users@
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/databases/mysql51-client/Makefile 1.4
- pkgsrc/databases/mysql51-client/Makefile.common 1.5
- pkgsrc/databases/mysql51-client/distinfo 1.2
- pkgsrc/databases/mysql51-server/Makefile 1.4
- pkgsrc/databases/mysql51-server/PLIST 1.3
- pkgsrc/databases/mysql51-server/distinfo 1.3
Files added:
pkgsrc/databases/mysql51-server/patches/patch-av
--------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 20 22:58:10 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile Makefile.common distinfo
pkgsrc/databases/mysql51-server: Makefile PLIST distinfo
Added Files:
pkgsrc/databases/mysql51-server/patches: patch-av
Log Message:
Update mysql51-client/mysql51-server package to 5.1.45.
This is maintainous release and please refer for full changes:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-45.html
Added a patch for recent security problem to mysql51-server, too.
http://secunia.com/advisories/39454
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/databases/mysql51-client/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/databases/mysql51-client/Makefile.common
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/databases/mysql51-client/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/databases/mysql51-server/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/databases/mysql51-server/PLIST \
pkgsrc/databases
|
|
|
|
print/abcm2ps: security update
Revisions pulled up:
- print/abcm2ps/Makefile 1.6
- print/abcm2ps/PLIST 1.5
- print/abcm2ps/distinfo 1.6
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Apr 20 17:40:47 UTC 2010
Modified Files:
pkgsrc/print/abcm2ps: Makefile PLIST distinfo
Log Message:
Update abcm2ps to 5.9.13.
This version fixes several security vulnerabilities including Secunia
Advisory SA39345. For other changes, see share/doc/abcm2ps/Changes.
|
|
print/dvipsk: security patch
Revisions pulled up:
- print/dvipsk/Makefile 1.5
- print/dvipsk/distinfo 1.4
- print/dvipsk/patches/patch-ab 1.3
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Apr 20 17:07:28 UTC 2010
Modified Files:
pkgsrc/print/dvipsk: Makefile distinfo
Added Files:
pkgsrc/print/dvipsk/patches: patch-ab
Log Message:
Avoid integer overflow (CVE-2010-0739).
Patch from TeX Live repository (Revision 17559).
|
|
irssi: security update
irssi-icb: security update
Revisions pulled up:
- chat/irssi-icb/distinfo 1.15
- chat/irssi/Makefile.common 1.11
- chat/irssi/distinfo 1.31
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Apr 18 06:29:16 UTC 2010
Modified Files:
pkgsrc/chat/irssi: Makefile.common distinfo
pkgsrc/chat/irssi-icb: distinfo
Log Message:
updating irssi to next version (0.8.15). Changelog:
Features:
* Add active_window_ignore_refnum option With active_window_ignore_refnum
ON, the current behavior for the active_window key (meta-a by default) is
preserved: it switches to the window with the highest activity level that was
last activated. With active_window_ignore_refnum OFF, the old behavior is used:
it switches to the window with the highest activity level with the lowest
refnum. (by Matt Sparks, bug #667)
* Show new Charybdis +q list in channel windows (numerics 728 and 729).
* Allow servers to belong to multiple networks.
* Improve paste detection. Irssi now detects a paste if it reads at least
three bytes in a single read; subsequent reads are associated to the same paste
if they happen before 'paste_detect_time' time since the last read. If no read
occurs after 'paste_detect_time' time the paste buffer is flushed; if there is
at least one complete line its content is sent as a paste, otherwise it is
processed normally.
* Show "target changing too fast" messages in the channel/query window.
* Use default trusted CAs if nothing is specified. This allows useful use
of -ssl_verify without -ssl_cafile/-ssl_capath, using OpenSSL's default trusted
CAs.
* Show why an SSL certificate failed validation.
* Make own nick and actions use default colour instead of white (by Tim
Retout).
Bugfixes:
* Change some characters illegal in Windows filenames to underscores in logs
* Fix disconnects when sending large amounts of data over SSL
* Show all nicks instead of just the first in an /accept * listing (Bug
#704)
* Make several signals without parameters available to perl again. In
particular, this includes the "beep" signal (by Matt Sparks, bug #674)
* Close the config file fd after saving (by Sven Wegener)
* Check if an SSL certificate matches the hostname of the server we are
connecting to.
* Fix bash'isms, use command -v instead of which and use bc -l in /CALC.
* Fix a crash with handling the DCC queue.
* Fix crash when checking for fuzzy nick match when not on the channel.
Reported by Aurelien Delaitre (SATE 2009).
|
|
|
|
mail/spamass-milter: security patch
Revisions pulled up:
- mail/spamass-milter/Makefile 1.27
- mail/spamass-milter/distinfo 1.7
- mail/spamass-milter/patches/patch-aa 1.3
- mail/spamass-milter/patches/patch-ab 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Sat Apr 17 21:11:18 UTC 2010
Modified Files:
pkgsrc/mail/spamass-milter: Makefile distinfo
pkgsrc/mail/spamass-milter/patches: patch-aa
Added Files:
pkgsrc/mail/spamass-milter/patches: patch-ab
Log Message:
Added CVE-2010-1132 patch from:
https://bugzilla.redhat.com/attachment.cgi?id=401011
|
|
|
|
editors/nano: security update
Revisions pulled up:
- editors/nano/Makefile 1.38
- editors/nano/PLIST 1.15
- editors/nano/distinfo 1.17
---
Module Name: pkgsrc
Committed By: tez
Date: Sun Apr 18 17:21:34 UTC 2010
Modified Files:
pkgsrc/editors/nano: Makefile PLIST distinfo
Log Message:
update to 2.2.4 to resolve CVE-2010-1160 & CVE-2010-1161
|
|
lang/erlang: security patch
Revisions pulled up:
- lang/erlang/Makefile 1.45
- lang/erlang/distinfo 1.22
- lang/erlang/patches/patch-ax 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Sat Apr 17 20:10:16 UTC 2010
Modified Files:
pkgsrc/lang/erlang: Makefile distinfo
Added Files:
pkgsrc/lang/erlang/patches: patch-ax
Log Message:
CVE-2008-2371 pcro buffer overflow fix based on:
http://vcs.pcre.org/viewvc/code/trunk/pcre_compile.c?r1=504&r2=505&view=patch
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/security/sudo/Makefile 1.120
- pkgsrc/security/sudo/distinfo 1.62
- pkgsrc/security/sudo/patches/patch-aa 1.23
--------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri Apr 16 15:33:52 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-aa
Log Message:
Update sudo package from sudo-1.7.2p4 to sudo-1.7.2p6.
Sudo versions 1.7.2p6 and 1.6.9p22 are now available. These releases
fix a privilege escalation bug in the sudoedit functionality.
Summary:
A flaw exists in sudo's -e option (aka sudoedit) in sudo versions
1.6.8 through 1.7.2p5 that may give a user with permission to
run sudoedit the ability to run arbitrary commands. This bug
is related to, but distinct from, CVE 2010-0426.
Sudo versions affected:
1.6.8 through 1.7.2p5 inclusive.
To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/sudo/patches/patch-aa
|
|
|
|
net/samba: build fix and bug fix
net/samba33: build fix and bug fix
Revisions pulled up:
- net/samba/Makefile 1.199-1.200
- net/samba/files/winbindd.sh 1.5
- net/samba33/Makefile 1.8-1.9
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Apr 14 14:51:01 UTC 2010
Modified Files:
pkgsrc/net/samba: Makefile
pkgsrc/net/samba33: Makefile
Log Message:
Add openssl bl3.mk file so that we play nicely with PREFER_PKGSRC+=openssl
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 15 09:36:50 UTC 2010
Modified Files:
pkgsrc/net/samba/files: winbindd.sh
Log Message:
winbindd does not have a -B flag. As far as I can see, it never did have
(It was added to this rc.d script as part of the upgrade to 3.0.20b, but
winbindd in 3.0.20b does not have a -B flag).
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Apr 15 09:38:09 UTC 2010
Modified Files:
pkgsrc/net/samba: Makefile
pkgsrc/net/samba33: Makefile
Log Message:
Bump PKGREVISION due to removing -B flag from winbindd rc.d script
|
|
|
|
typo3: security update
Revisions pulled up:
- www/typo3/Makefile 1.21
- www/typo3/PLIST 1.12
- www/typo3/distinfo 1.14
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Apr 9 10:15:24 UTC 2010
Modified Files:
pkgsrc/www/typo3: Makefile PLIST distinfo
Log Message:
Update typo3 package to 4.3.3.
I coudn't access release note with the URL in release announce but
I could with http://wiki.typo3.org/index.php/TYPO3_4.3.3 at this
moment.
Quote from release announce:
TYPO3 version 4.3.3 is ready for download. It is a maintenance release
of version 4.3 and therefore contains only bugfixes and security fixes.
IMPORTANT: This version includes an important security fix
to the TYPO3 core. A security announcement has just been
released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/
For details about the release, see:
http://wiki.typo3.org/TYPO3_4.3.3
|
|
|
|
|
|
Explicitly specify CFLAGS on NetBSD/i386 and should fix PR pkg/43108.
|
|
support (e.g. on Mac OS X). Tested - works on Mac OS X without X11.
|
|
private mail).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
to 2.5.4.
(ok to update during freeze by wiz@)
Extension Modules
-----------------
- expat: Fix DoS via XML document with malformed UTF-8 sequences
(CVE_2009_3560).
- expat: Fix DoS via malformed XML (CVE-2009-3720).
Core and builtins
-----------------
- Issue #6990: Fix threading.local subclasses leaving old state around
after a reference cycle GC which could be recycled by new locals.
Library
-------
- Issue #7403: logging: Fixed possible race condition in lock creation.
- Issue #5068: Fixed the tarfile._BZ2Proxy.read() method that would loop
forever on incomplete input. That caused tarfile.open() to hang when used
with mode 'r' or 'r:bz2' and a fileobj argument that contained no data or
partial bzip2 compressed data.
|
|
|
|
Based on PR#43124 by Wen Heping.
Changes since version 1.2.0b1:
* Fix DIGEST-MD5 authentication (Aleksander Machniak, Bug #17285).
* Don't try to call dl() if mbstring extension isn't loaded (Bug #17038).
Changes since version 1.1.7:
* Added support for adding a custom debug handler (Aleksander Machniak, Request #16681).
* Fix breakage with certain locales, especially Turkish.
* Fix reading authentication responses without literals (Bug #16647).
* Code cleanup.
|
|
delegate-9.9.7, elm-me-2.5plalpha23, enchant-1.6.0, erlang-13b4,
fetchmail-6.3.16, fotoxx-10.0, gbrainy-1.41, gob2-2.0.17,
grep-2.6.3, hugin-2010.0.0, inn-2.5.2, irssi-0.8.15, kye-0.9.4,
lensfun-0.2.5, libart-2.3.21, libdrm-2.4.20, libgnomecanvas-2.30.1
[GNOME 2.30], libotf-0.9.11, mDNSResponder-214.3, mc-4.7.0.4,
metacity-2.30.1 [GNOME 2.30], p5-Any-Moose-0.12, p5-Config-General-2.45,
p5-DateTime-TimeZone-1.15, p5-FCGI-0.71, p5-HTML-Parser-3.65,
p5-JSON-2.20, p5-POE-1.289 [pkg/43115], p5-POE-Component-SNMP-1.1006
[pkg/43116], p5-POE-Test-Loops-1.035 [pkg/43114], p5-URI-1.54,
pear-Net_Sieve-1.2.0 [pkg/43124], puzzles-8914, py-adns-1.2.1
[pkg/43127], py-anita-1.10, py-dateutil-1.5, py-pytz-2010g,
py-urwid-0.9.9.1 [pkg/43104], scmgit-base-1.7.0.4, scmgit-docs-1.7.0.4,
scummvm-1.1.0, srp_client-1.7.5, stunnel-4.33, sympa-6.0.1,
windowlab-1.40, wine-devel-1.1.42, x264-devel-20100404,
xf86-video-ati-6.13.0, xorg-util-macros-1.7.0.
|
|
|
|
|
|
0.4.3 Ungrab keyboard after a key press 2010-04-02
0.4.2.1 Fix GCC warning on FreeBSD. 2010-03-22
0.4.2 Add some debug for buttons. 2010-03-21
0.4.1 This one should fix title problems 2010-03-12
|
|
ready to commit - ming and clutter related packages.
|
|
|
|
|
|
This is a security and bugfix release of MediaWiki 1.15.3 and MediaWiki
1.16.0beta2.
MediaWiki was found to be vulnerable to login CSRF. An attacker who
controls a user account on the target wiki can force the victim to log
in as the attacker, via a script on an external website. If the wiki is
configured to allow user scripts, say with "$wgAllowUserJs = true" in
LocalSettings.php, then the attacker can proceed to mount a
phishing-style attack against the victim to obtain their password.
Even without user scripting, this attack is a potential nuisance, and so
all public wikis should be upgraded if possible.
Our fix includes a breaking change to the API login action. Any clients
using it will need to be updated. We apologise for making such a
disruptive change in a minor release, but we feel that security is
paramount.
For more details see https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
|
|
|
|
Update Dutch language files.
|
|
|
|
Bump PKGREVISION
OK wiz@
|
|
about an unused one. PR toolchain/43123 seems to be caused by a bug in
flex(1) under NetBSD-current and not by problem with this package.
|
|
intended, the format string parser that generates the va_list does not support
all formatting characters.
Make this code portable by failing to parse any format string at all, not just
the ones that aren't fully supported.
Bump PKGREVISION for the functional change, though this code is probably
generally unused anyway. Unmark as BROKEN and NOT_FOR_PLATFORM - I think all
uses of va_list casts are inhibited.
|
|
|
|
* Updated to tzdata version 2010h
(http://article.gmane.org/gmane.comp.time.tz/3188).
|
|
fix the build problem reported by Hisashi T Fujinaka in PR pkg/43123.
|
|
|