Age | Commit message (Collapse) | Author | Files | Lines |
|
textproc/libxml2: security patch
Revisions pulled up:
- textproc/libxml2/Makefile 1.119
- textproc/libxml2/distinfo 1.94
- textproc/libxml2/patches/patch-ba 1.1
- textproc/libxml2/patches/patch-bb 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Aug 1 14:51:37 UTC 2012
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-ba patch-bb
Log Message:
add patches from upstream to fix integer overflows which can cause
DOS or possibly other corruption (CVE-2012-2807)
bump PKGREV
|
|
|
|
databases/phpmyadmin: security update
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.102-1.103
- databases/phpmyadmin/PLIST 1.28
- databases/phpmyadmin/distinfo 1.62-1.63
- databases/phpmyadmin/patches/patch-libraries_header_http.inc.php deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 15 13:02:32 UTC 2012
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Removed Files:
pkgsrc/databases/phpmyadmin/patches:
patch-libraries_header_http.inc.php
Log Message:
Update "phpmyadmin" package to version 3.5.2. Changes since 3.5.1:
- bug #3521416 [interface] JS error when editing index
- bug #3521313 [core] Call to undefined function __()
- bug #3521016 [edit] NOW() function incorrectly selected
- bug [GUI] Invalid HTML code on transformation_overview.php
- bug #3522930 [browse] Missing validation in Ajax mode
- bug Fix popup message on build SQL of import
- bug #3523499 [core] Make X-WebKit-CSP work better
- replace Highcharts with jqplot for query profiling, zoom search
- bug #3531584 [interface] No form validation in change password dialog
- bug #3531585 [interface] Broken password validation in copy user form
- bug #3531586 [unterface] Add user form prints JSON when user presses enter
- bug #3534121 [config] duplicate line in config.sample.inc.php
- bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values
- bug #3510196 [core] More clever URL rewriting with ForceSSL
To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/databases/phpmyadmin/PLIST
cvs rdiff -u -r1.61 -r1.62 pkgsrc/databases/phpmyadmin/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/databases/phpmyadmin/patches/patch-libraries_header_http.inc.php
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 8 07:17:00 UTC 2012
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 3.5.2.1. Changes since 3.5.2:
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-3
To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/databases/phpmyadmin/distinfo
|
|
|
|
www/opera: security update
Revisions pulled up:
- www/opera/Makefile 1.97
- www/opera/distinfo 1.40
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 3 13:08:24 UTC 2012
Modified Files:
pkgsrc/www/opera: Makefile distinfo
Log Message:
Update opera to 12.01.
Opera 12.01 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.00
General and User Interface
* Several general fixes and stability improvements
* Website thumbnail memory usage improvements
* Address bar inline auto-completion no longer prefers shortest domain
* Corrected an error that could occur after removing the plugin wrapper
* Resolved an issue where favicons were squeezed too much when many tabs were
open
Display and Scripting
* Resolved an error with XHR transfers where content-type was incorrectly
determined
* Improved handling of object literals with numeric duplicate properties
* Changed behavior of nested/chained comma expressions: now expressing and
compiling them as a list rather than a tree
* Aligned behavior of the #caller property on function code objects in
ECMAScript 5 strict mode with the specification
* Fixed an issue where input type=month would return an incorrect value in its
valueAsDate property
* Resolved an issue with JSON.stringify() that could occur on cached number
conversion
* Fixed a problem with redefining special properties using
Object.defineProperty()
Network and Site-Specific
* Fixed an issue where loading would stop at "Document 100%" but the page
would still be loading
* tuenti.com: Corrected behavior when long content was displayed
* https://twitter.com: Fixed an issue with secure transaction errors
* Fixed an issue with Google Maps Labs that occured when compiling top-level
loops inside strict evals
* Corrected a problem that could occur with DISQUS
* Fixed a crash occurring on Lenovo's "Shop now" page
* Corrected issues when calling window.console.log via a variable at watch4you
* Resolved an issue with Yahoo! chat
Mail, News, Chat
* Resolved an issue where under certain conditions the mail panel would
continuously scroll up
* Fixed a crash occurring when loading mail databases on startup
Security
* Re-fixed an issue where certain URL constructs could allow arbitrary code
execution, as reported by Andrey Stroganov; see our advisory
http://www.opera.com/support/kb/view/1016/
* Fixed an issue where certain characters in HTML could incorrectly be
ignored, which could facilitate XSS attacks; see our advisory
http://www.opera.com/support/kb/view/1026/
* Fixed another issue where small windows could be used to trick users into
executing downloads as reported by Jordi Chancel; see our advisory
http://www.opera.com/support/kb/view/1027/
* Fixed an issue where an element's HTML content could be incorrectly
returned without escaping, bypassing some HTML sanitizers; see our advisory
http://www.opera.com/support/kb/view/1025/
* Fixed a low severity issue, details will be disclosed at a later date
|
|
|
|
emulators/suse121_libpng: security update
Revisions pulled up:
- emulators/suse121_libpng/Makefile 1.4
- emulators/suse121_libpng/distinfo 1.4
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 3 08:29:56 UTC 2012
Modified Files:
pkgsrc/emulators/suse121_libpng: Makefile distinfo
Log Message:
Update libpng14 RPM to resolve CVE-2012-3425.
Bump PKGREVISION.
|
|
|
|
emulators/suse121_libjpeg: security update
Revisions pulled up:
- emulators/suse121_libjpeg/Makefile 1.2
- emulators/suse121_libjpeg/distinfo 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Aug 2 09:03:11 UTC 2012
Modified Files:
pkgsrc/emulators/suse121_libjpeg: Makefile distinfo
Log Message:
Update ibjpeg62-62.0.0 rpm to 10.4.1 for CVE-2012-2806.
Bump PKGREVISION.
|
|
|
|
sysutils/xenkernel33: security patch
sysutils/xenkernel41: security patch
Revisions pulled up:
- sysutils/xenkernel33/Makefile 1.18
- sysutils/xenkernel33/distinfo 1.16
- sysutils/xenkernel33/patches/patch-CVE-2012-3432 1.1
- sysutils/xenkernel41/Makefile 1.8
- sysutils/xenkernel41/distinfo 1.8
- sysutils/xenkernel41/patches/patch-CVE-2012-3432 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Jul 27 18:50:34 UTC 2012
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2012-3432
Log Message:
add patch from upstream to fix bug in MMIO emulation which can cause
guest crashes by unprivileged users, only for HVM guests, and if
MMIO is granted to the user process (CVE-2012-3432)
bump PKGREV
---
Module Name: pkgsrc
Committed By: drochner
Date: Sat Jul 28 12:02:16 UTC 2012
Modified Files:
pkgsrc/sysutils/xenkernel33: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel33/patches: patch-CVE-2012-3432
Log Message:
copy security patch from xenkernel41 - it also applies to 3.3
(noticed by Daniel Horecki)
bump PKGREV
|
|
graphics/GraphicsMagick: security patch
Revisions pulled up:
- graphics/GraphicsMagick/Makefile 1.49
- graphics/GraphicsMagick/distinfo 1.31
- graphics/GraphicsMagick/patches/patch-coders_png.c 1.3
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 30 09:25:29 UTC 2012
Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/GraphicsMagick/patches: patch-coders_png.c
Log Message:
Fix possible security problem. Bump PKGREVISION.
|
|
graphics/ImageMagick: security patch
Revisions pulled up:
- graphics/ImageMagick/Makefile 1.183
- graphics/ImageMagick/distinfo 1.114
- graphics/ImageMagick/patches/patch-coders_png.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 30 09:20:08 UTC 2012
Modified Files:
pkgsrc/graphics/ImageMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/ImageMagick/patches: patch-coders_png.c
Log Message:
Fix possible denial of service. Bump PKGREVISION.
|
|
graphics/camlimages: build fix
Revisions pulled up:
- graphics/camlimages/Makefile 1.44 via patch
- graphics/camlimages/distinfo 1.9
- graphics/camlimages/patches/patch-src_tiffread.c 1.2
- graphics/camlimages/patches/patch-src_tiffwrite.c 1.1
---
Module Name: pkgsrc
Committed By: marino
Date: Sun Jul 29 12:52:56 UTC 2012
Modified Files:
pkgsrc/graphics/camlimages: Makefile distinfo
pkgsrc/graphics/camlimages/patches: patch-src_tiffread.c
Added Files:
pkgsrc/graphics/camlimages/patches: patch-src_tiffwrite.c
Log Message:
graphics/camlimages: Fix tiff-4.0 regression
When tiff was upgraded to 4.0, camlimages stopped building. Both
caml and tiff redefine several common typedefs such as uint32. Unlike
the 3-series of tiff, tiff-4.0 also redefined int64 and uint64. The
existing hack didn't foresee int64 and uint64 getting used, and so
camlimages broke.
One patch was created and another revised to override the caml typedef
definitions with macros before tiff.h is included. The original
tiffread.c patch was reworked to override uint16 and uint32 *again*
after the tiff.h include and not before as it was originally. Very ugly
all around, but I just extended what camlimages was already doing.
|
|
|
|
net/Transmission: security update
net/Transmission-gui: security update
Revisions pulled up:
- net/Transmission-gui/Makefile 1.4-1.5
- net/Transmission-gui/PLIST 1.2-1.3
- net/Transmission/Makefile 1.79
- net/Transmission/Makefile.common 1.2-1.4
- net/Transmission/PLIST 1.11-1.12
- net/Transmission/distinfo 1.58-1.60
- net/Transmission/patches/patch-aa 1.11
- net/Transmission/patches/patch-ad deleted
- net/Transmission/patches/patch-ae 1.11
- net/Transmission/patches/patch-af deleted
- net/Transmission/patches/patch-qt_qtr.pro 1.1
- net/Transmission/patches/patch-third-party_miniupnp_miniupnp.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 12 18:29:46 UTC 2012
Modified Files:
pkgsrc/net/Transmission: Makefile Makefile.common PLIST distinfo
pkgsrc/net/Transmission-gui: Makefile PLIST distinfo
pkgsrc/net/Transmission/patches: patch-aa patch-ae
Added Files:
pkgsrc/net/Transmission/patches: patch-qt_qtr.pro
Removed Files:
pkgsrc/net/Transmission/patches: patch-ad patch-af
Log Message:
Update Transmission* to 2.60, inspired by PR 46695 by Ken Wong.
Transmission 2.60 (2012/07/05)
Fix issues when adding magnet links
Improved scraping behavior for certain trackers
Fix bug where cleared statistics might not save
Updated versions of miniupnpc and libuTP
Fixed compilation issues with Solaris and FreeBSD
Other minor fixes
Web Client
Notification of downloading and seeding completion (requires browser support of notifications)
Re-add select all and deselect all buttons to the file inspector tab
Qt
Add Basque translation
Transmission 2.52 (2012/05/19)
Fix bug with zero termination of multiscrape strings
Update the bundled libnatpmp and miniupnp port forwarding libraries
GTK+
Fix minor bug in Ubuntu app indicator support
Transmission 2.51 (2012/04/08)
Update the bundled libnatpmp and miniupnp port forwarding libraries
Add environment variable options to have libcurl verify SSL certs
Support user-specified CXX environment variables during compile time
GTK+
Fix crash when adding torrents on systems without G_USER_DIRECTORY_DOWNLOAD
Honor the notification sound setting
Add a tooltip to files in the torrents' file list
Fix broken handling of the Cancel button in the "Open URL" dialog
Improve support for Gnome Shell and Unity
Catch SIGTERM instead of SIGKILL
Qt
Progress bar colors are now similar to the Mac and Web clients'
Improve the "Open Folder" behavior
Web Client
Fix global seed ratio progress bars
Fix sometimes-incorrect ratio being displayed in the inspector
If multiple torrents are selected, show the aggregate info in the inspector
Upgrade to jQuery 1.7.2
Daemon
Show magnet link information in transmission-remote -i
Transmission 2.50 (2012/02/14)
Fix crash when adding some magnet links
Improved support for downloading webseeds with large files
Gracefully handle incorrectly-compressed data from webseed downloads
Fairer bandwidth distribution across connected peers
Use less CPU when calculating undownloaded portions of large torrents
Use the Selection Algorithm, rather than sorting, to select peer candidates
Use base-10 units when displaying bandwidth speed and disk space
If the OS has its own copy of natpmp, prefer it over our bundled version
Fix Fails-To-Build error on Solaris 10 from use of mkdtemp()
Fix Fails-To-Build error on FreeBSD from use of alloca()
Fix Fails-To-Build error when building without a C++ compiler for libuTP
GTK+
Fix regression that broke the "--minimized" command-line argument
Instead of notify-send, use the org.freedesktop.Notifications DBus API
Fix a handful of small memory leaks
Qt
Fix FTB when building without libuTP support on Debian
Web Client
Filtering by state and tracker
Sorting by size
Larger, easier-to-press toolbar buttons
Fix the torrent size and time remaining in the inspector's details tab
Bundle jQuery and the stylesheets to avoid third-party CDNs
Upgrade to jQuery 1.7.1
Fix runtime errors in IE 8, IE 9, and Opera
Revise CSS stylesheets to use SASS
Minor interface tweaks
Daemon
Fix corrupted status string in transmission-remote
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 12 18:35:30 UTC 2012
Modified Files:
pkgsrc/net/Transmission: PLIST
Log Message:
Sort.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 12 18:35:42 UTC 2012
Modified Files:
pkgsrc/net/Transmission: Makefile.common
Removed Files:
pkgsrc/net/Transmission-gui: distinfo
Log Message:
Share distinfo between Transmission packages.
---
Module Name: pkgsrc
Committed By: marino
Date: Wed Jul 18 17:50:22 UTC 2012
Modified Files:
pkgsrc/net/Transmission: distinfo
Added Files:
pkgsrc/net/Transmission/patches: patch-third-party_miniupnp_miniupnp.c
Log Message:
net/Transmission: Disable IP Multicast interface for DragonFly
The only BSD to support the IP Multicast interface is FreeBSD. NetBSD,
OpenBSD, and even MacOS have this turned off, so DragonFly gets added
to the OS macro list to fix the build.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 28 15:13:42 UTC 2012
Modified Files:
pkgsrc/net/Transmission: Makefile.common distinfo
pkgsrc/net/Transmission-gui: Makefile PLIST
Log Message:
Update to 2.61:
=== Transmission 2.61 (2012/07/23) ===
[http://trac.transmissionbt.com/query?milestone=2.61&group=component&order=severity All tickets closed by this release]
==== All Platforms ====
==== Mac ====
* Fix crash when creating a torrent file on Lion or newer
==== GTK+ ====
* Support startup notification
* Require GTK+ 3
==== Qt ====
* Fix bug when opening the web client via the Preferences dialog
* Better opening of magnet links
* The Torrent File list now handles very long lists faster
* Fix i18n problem introduced in 2.60
==== Web Client ====
* Close potential cross-scripting vulnerability from malicious torrent files
==== Utils ====
* Add magnet link generation to the transmission-show command line tool
|
|
|
|
devel/RTFM: security update
Revisions pulled up:
- devel/RTFM/Makefile 1.9
- devel/RTFM/PLIST 1.4-1.5
- devel/RTFM/distinfo 1.3
---
Module Name: pkgsrc
Committed By: morr
Date: Fri Jul 27 20:22:13 UTC 2012
Modified Files:
pkgsrc/devel/RTFM: Makefile PLIST distinfo
Log Message:
Update to newest version, including security fixes.
ChangeLog from last version:
SECURITY
========
* Close several XSS vulnerabilities in topic administration page. This
resolves CVE-2012-2768.
DOC
===
* Clarify that the only version incompatibility is 3.8.0; 3.8.x for
values of x != 0 is fine.
* Note incompatibility with RT 4 and above, which already include RTFM
functionality as "Articles"
XXX: for now disable copying of PO files, they conflict with RT ones.
---
Module Name: pkgsrc
Committed By: morr
Date: Fri Jul 27 20:24:53 UTC 2012
Modified Files:
pkgsrc/devel/RTFM: PLIST
Log Message:
Remove I18N files from PLIST
|
|
|
|
mk/tools: fix build problems under MirBSD
Revisions pulled up:
- mk/tools/tools.MirBSD.mk 1.3
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 27 12:53:26 UTC 2012
Modified Files:
pkgsrc/mk/tools: tools.MirBSD.mk
Log Message:
Use /usr/bin/true instead of : for true. The latter is incompatible with
the use of a colon as a separator, such as in
sed "s:@FOO@:${FOO}"
This unbreaks a variety of packages in MirBSD.
|
|
www/moodle: security update
Revisions pulled up:
- www/moodle/Makefile 1.13
- www/moodle/PLIST 1.10
- www/moodle/distinfo 1.10
---
Module Name: pkgsrc
Committed By: wen
Date: Fri Jul 27 12:44:21 UTC 2012
Modified Files:
pkgsrc/www/moodle: Makefile PLIST distinfo
Log Message:
Update to 2.1.7
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
|
|
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.80 via patch
- net/wireshark/distinfo 1.56
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Jul 24 17:24:55 UTC 2012
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
update to 1.6.9
changes:
-security fixes:
-The PPP dissector could crash (CVE-2012-4048)
-The NFS dissector could use excessive amounts of CPU (CVE-2012-4049)
-more bugfixes, see
http://www.wireshark.org/lists/wireshark-announce/201207/msg00002.html
for details
approved by The Maintainer
|
|
|
|
www/contao211: security update
Revisions pulled up:
- www/contao/Makefile.common 1.19
- www/contao211/Makefile 1.4
- www/contao211/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 26 03:06:05 UTC 2012
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao211: Makefile distinfo
Log Message:
Update contao211 package to 2.11.5.
It also fixes a little security problem of permission check about undo
processing.
Quote from release announce: http://www.contao.org/en/news/contao-2_11_5.html
The bugfix release fixes a couple of issues, including the SOAP
compression problem in PHP 5.4, the IDNA URL converting issue and
the TinyMCE relative URLs problem.
|
|
|
|
emulators/suse121_gtk2: security update
Revisions pulled up:
- emulators/suse121_gtk2/Makefile 1.3
- emulators/suse121_gtk2/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: obache
Date: Tue Jul 24 10:02:27 UTC 2012
Modified Files:
pkgsrc/emulators/suse121_gtk2: Makefile distinfo
Log Message:
Update gdk-pixbuf-query-loaders and libgdk_pixbuf-2_0-0 rpm to 2.24.0-2.4.1
for CVE-2012-2370.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/emulators/suse121_gtk2/Makefile \
pkgsrc/emulators/suse121_gtk2/distinfo
|
|
emulators/suse121_base: security update
Revisions pulled up:
- emulators/suse121_base/Makefile 1.4
- emulators/suse121_base/distinfo 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: obache
Date: Tue Jul 24 09:59:48 UTC 2012
Modified Files:
pkgsrc/emulators/suse121_base: Makefile distinfo
Log Message:
Update bash-4.2/libreadline6-6.2 rpm to 1.14.1 for CVE-2012-3410.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/emulators/suse121_base/Makefile \
pkgsrc/emulators/suse121_base/distinfo
|
|
|
|
lang/php: fix PHP version numbers in dependencies after recent update
Revisions pulled up:
- lang/php/phpversion.mk 1.20
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 25 10:50:12 UTC 2012
Modified Files:
pkgsrc/lang/php: phpversion.mk
Log Message:
Update PHP53_VERSION and PHP54_VERSION noted by Uwe Klaus.
|
|
|
|
net/bind96 security update
Revisions pulled up:
- net/bind96/Makefile 1.28
- net/bind96/distinfo 1.19
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 21:14:20 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
patch version fixing CVE-2012-3817:
--- 9.6-ESV-R7-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/bind97 security update
Revisions pulled up:
- net/bind97/Makefile 1.17
- net/bind97/distinfo 1.15
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 21:01:11 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
patch release with fix for CVE-2012-3817:
--- 9.7.6-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/bind99 security update
Revisions pulled up:
- net/bind99/Makefile 1.9
- net/bind99/distinfo 1.7
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 20:40:12 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
patch version fixing CVE-2012-3817 and CVE-2012-3868:
--- 9.9.1-P2 released ---
3349. [bug] Change #3345 was incomplete. [RT #30233]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/bind98 security update
Revisions pulled up:
- net/bind98/Makefile 1.14
- net/bind98/distinfo 1.13
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 20:16:21 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
patch update for CVE-2012-3817:
--- 9.8.3-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/isc-dhcp4: security update
Revisions pulled up:
- net/isc-dhcp4/Makefile.common 1.16
- net/isc-dhcp4/distinfo 1.12
- net/isc-dhcp4/patches/patch-includes_Makefile.in 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 25 00:56:53 UTC 2012
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile.common distinfo
pkgsrc/net/isc-dhcp4/patches: patch-includes_Makefile.in
Log Message:
Update isc-dhcp4 package to 4.2.4p1 (ISC DHCP 4.2.4-P1).
Fixes security problems.
Changes since 4.2.4
! Previously the server code was relaxed to allow packets with zero
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851]
CVE: CVE-2012-3571
! When attempting to convert a DUID from a client id option
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852]
CVE: CVE-2012-3570
! A pair of memory leaks were found and fixed. Thanks to
Glen Eustace of Massey University, New Zealand for finding
this issue.
[ISC-Bugs #30024]
CVE: CVE-2012-3954
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/isc-dhcp4/Makefile.common
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/isc-dhcp4/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/isc-dhcp4/patches/patch-includes_Makefile.in
|
|
|
|
archivers/php-bz2: security update
archivers/php-zip: security update
archivers/php-zlib: security update
converters/php-iconv: security update
converters/php-mbstring: security update
databases/php-dba: security update
databases/php-ldap: security update
databases/php-mssql: security update
databases/php-mysql: security update
databases/php-mysqli: security update
databases/php-pdo: security update
databases/php-pdo_dblib: security update
databases/php-pdo_mysql: security update
databases/php-pdo_pgsql: security update
databases/php-pdo_sqlite: security update
databases/php-pgsql: security update
databases/php-sqlite: security update
devel/php-gettext: security update
devel/php-gmp: security update
devel/php-pcntl: security update
devel/php-posix: security update
devel/php-shmop: security update
devel/php-sysvmsg: security update
devel/php-sysvsem: security update
devel/php-sysvshm: security update
graphics/php-exif: security update
graphics/php-gd: security update
lang/php53: security update
lang/php54: security update
mail/php-imap: security update
math/php-bcmath: security update
net/php-ftp: security update
net/php-snmp: security update
net/php-soap: security update
net/php-sockets: security update
net/php-xmlrpc: security update
security/php-mcrypt: security update
textproc/php-dom: security update
textproc/php-enchant: security update
textproc/php-intl: security update
textproc/php-json: security update
textproc/php-pspell: security update
textproc/php-wddx: security update
textproc/php-xsl: security update
time/php-calendar: security update
www/ap-php: security update
www/php-curl: security update
www/php-fpm: security update
www/php-tidy: security update
Revisions pulled up:
- archivers/php-zip/Makefile 1.15
- databases/php-dba/Makefile 1.15
- databases/php-mssql/Makefile 1.14
- databases/php-pdo_dblib/Makefile 1.15
- databases/php-pdo_sqlite/Makefile 1.12
- databases/php-sqlite/Makefile 1.16
- devel/php-gettext/Makefile 1.11
- devel/php-shmop/Makefile 1.11
- graphics/php-exif/Makefile 1.11
- graphics/php-gd/Makefile 1.28
- lang/php53/Makefile.common 1.15
- lang/php53/Makefile.php 1.19
- lang/php53/distinfo 1.46
- lang/php53/patches/patch-aj 1.2
- lang/php54/Makefile.common 1.2
- lang/php54/distinfo 1.2
- lang/php54/patches/patch-run-tests.php 1.2
- net/php-soap/Makefile 1.4
- net/php-xmlrpc/Makefile 1.15
- textproc/php-dom/Makefile 1.4
- textproc/php-intl/Makefile 1.13
- textproc/php-pspell/Makefile 1.13
- textproc/php-wddx/Makefile 1.17
- textproc/php-xsl/Makefile 1.5
- www/ap-php/Makefile 1.27
- www/php-curl/Makefile 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:28:18 UTC 2012
Modified Files:
pkgsrc/lang/php53: Makefile.common Makefile.php distinfo
pkgsrc/lang/php53/patches: patch-aj
Log Message:
Update php53 pacakge to 5.3.15 (PHP 5.3.15).
19-July-2012
o Zend Engine
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
o COM
* Fixed bug #62146 com_dotnet cannot be built shared
o Core
* Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
o Fileinfo
* Fixed magic file regex support
o FPM
* Fixed bug #61045 (fpm don't send error log to fastcgi clients)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user' for
non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances
can be launched without errors)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr))
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
o JSON
* Reverted fix for bug #61537
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o SPL
* Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
o SQLite
* Fixed open_basedir bypass, CVE-2012-3365
o XML Write
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:29:05 UTC 2012
Modified Files:
pkgsrc/lang/php54: Makefile.common distinfo
pkgsrc/lang/php54/patches: patch-run-tests.php
Log Message:
Update php54 package to 5.4.5 (PHP 5.4.5).
19-July-2012
o Core
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62373 (serialize() generates wrong reference to the
object).
* Fixed bug #62357 (compile failure: (S) Arguments missing for
built-in function __memcmp)
* Fixed bug #61998 (Using traits with method aliases appears to result
in crash during execution)
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
* Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)
o EXIF
* Fixed information leak in ext exi
o FPM
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user'
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #61045 (fpm don't send error log to fastcgi clients).
(fat) for non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address).
(fat) can be launched without errors)
o Iconv
* Fixed bug #55042 (Erealloc in iconv.c unsafe)
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
* ResourceBundle constructor now accepts NULL for the first two arguments
o JSON
* Fixed bug #61359 (json_encode() calls too many reallocs)
o libxml
* Fixed bug #62266 (Custom extension segfaults during xmlParseFile
with FPM SAPI)
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Readline
* Fixed bug #62186 (readline fails to compile - void function should
not return a value)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o Sockets
* Fixed bug #62025 (__ss_family was changed on AIX 5.3)
o SPL
* Fixed bug #62433 (Inconsistent behavior of
RecursiveDirectoryIterator to dot files)
* Fixed bug #62262 (RecursiveArrayIterator does not implement
Countable)
o XML Writer
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10.
{
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:30:38 UTC 2012
Modified Files:
pkgsrc/archivers/php-zip: Makefile
pkgsrc/databases/php-dba: Makefile
pkgsrc/databases/php-mssql: Makefile
pkgsrc/databases/php-pdo_dblib: Makefile
pkgsrc/databases/php-pdo_sqlite: Makefile
pkgsrc/databases/php-sqlite: Makefile
pkgsrc/devel/php-gettext: Makefile
pkgsrc/devel/php-shmop: Makefile
pkgsrc/graphics/php-exif: Makefile
pkgsrc/graphics/php-gd: Makefile
pkgsrc/net/php-soap: Makefile
pkgsrc/net/php-xmlrpc: Makefile
pkgsrc/textproc/php-dom: Makefile
pkgsrc/textproc/php-intl: Makefile
pkgsrc/textproc/php-pspell: Makefile
pkgsrc/textproc/php-wddx: Makefile
pkgsrc/textproc/php-xsl: Makefile
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php-curl: Makefile
Log Message:
- Reset PKG_REVISION by both php53 and php54 are updated.
- Remove supporting php5 (PHP 5.2.x) supporting codes.
|
|
|
|
net/nsd: security update
Revisions pulled up:
- net/nsd/Makefile 1.56
- net/nsd/distinfo 1.34
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jul 20 16:28:49 UTC 2012
Modified Files:
pkgsrc/net/nsd: Makefile distinfo
Log Message:
Update to 3.2.12, prompted by Lloyd Parkes in PR 46727.
NSD 3.2.12
Bugfixes
Fix for VU#624931 CVE-2012-2978: NSD denial of service
vulnerability from non-standard DNS packet from any host on
the internet.
NSD 3.2.11
Features
Fallback to AXFR if IXFR is unknown at the primary. NSD considers
IXFR unknown at the primary if there is a negative response
for the IXFR RRtype. This does not override the value for
'allow-axfr-fallback'.
Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
RFC5702, RFC5933, and RFC6605 (ECDSA)).
Zone statistics, enable with --enable-zone-stats. This stores
the BIND8 stats per zone in a configurable statistics file.
This option does not scale and should therefore not be enabled
when serving many zones.
Support for TLSA RRtype (DANE).
Bugfixes
Fix for qtype ANY for a wildcard domain in NSEC signed zone:
Don't add the wildcard domain NSEC into the answer section.
Instead, put the wildcard expanded NSEC into the answer section
and keep the wildcard domain NSEC in the authority section.
Fix for accept spinning reported by OpenBSD.
Fix restart failed due to bad ixfr packet because of zone
removed from nsd.conf.
Bugfix #453: typo in nsdc man page.
Operational notes
NSD uses the query name for dname compression again (Fix #235
had as side effect that this didn't happen anymore and is hereby
undone).
|
|
www/seamonkey-l10n: sync with seamonkey package
Revisions pulled up:
- www/seamonkey-l10n/Makefile 1.11
- www/seamonkey-l10n/PLIST 1.7
- www/seamonkey-l10n/distinfo 1.10
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Jul 19 17:44:09 UTC 2012
Modified Files:
pkgsrc/www/seamonkey-l10n: Makefile PLIST distinfo
Log Message:
Update to 2.11
* Sync with www/seaonkey
|
|
www/seamonkey: security update
Revisions pulled up:
- www/seamonkey/Makefile 1.74 via patch
- www/seamonkey/PLIST 1.28
- www/seamonkey/PLIST.lightning 1.4
- www/seamonkey/distinfo 1.84
- www/seamonkey/enigmail.mk 1.5
- www/seamonkey/patches/patch-av 1.5
- www/seamonkey/patches/patch-bd 1.5
- www/seamonkey/patches/patch-mk 1.7
- www/seamonkey/patches/patch-mm 1.9
- www/seamonkey/patches/patch-mozilla_js_src_config_rules.mk 1.2
- www/seamonkey/patches/patch-mozilla_memory_mozalloc_mozalloc.cpp 1.1
- www/seamonkey/patches/patch-mozilla_netwerk_protocol_http_HttpChannelParent.cpp 1.3
- www/seamonkey/patches/patch-mozilla_storage_src_Makefile.in 1.2
- www/seamonkey/patches/patch-mozilla_storage_src_mozStorageService.cpp deleted
- www/seamonkey/patches/patch-mozilla_xpcom_idl-parser_Makefile.in 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Jul 19 17:33:29 UTC 2012
Modified Files:
pkgsrc/www/seamonkey: Makefile PLIST PLIST.lightning distinfo
enigmail.mk
pkgsrc/www/seamonkey/patches: patch-av patch-bd patch-mk patch-mm
patch-mozilla_js_src_config_rules.mk
patch-mozilla_netwerk_protocol_http_HttpChannelParent.cpp
patch-mozilla_storage_src_Makefile.in
patch-mozilla_xpcom_idl-parser_Makefile.in
Added Files:
pkgsrc/www/seamonkey/patches:
patch-mozilla_memory_mozalloc_mozalloc.cpp
Removed Files:
pkgsrc/www/seamonkey/patches:
patch-mozilla_storage_src_mozStorageService.cpp
Log Message:
Update to 2.11
* Use Lightning 1.6 release
* Enigmail is not tested fully
Changelog: from http://www.seamonkey-project.org/releases/seamonkey2.11/
SeaMonkey-specific changes
A click-to-play option (off by default for now) has been implemented for plugins.
Mozilla platform changes
The Pointer Lock API has been implemented.
A new API to prevent your display from sleeping is available.
New text-transform and font-variant CSS improvements have been made for Turkic languages and Greek.
Fixed several stability issues.
|
|
|
|
|
|
graphics/tiff security update
Revisions pulled up:
- graphics/tiff/Makefile 1.106
- graphics/tiff/distinfo 1.57
- graphics/tiff/patches/patch-tools_tiff2pdf.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 19 21:41:45 UTC 2012
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-tools_tiff2pdf.c
Log Message:
Fix CVE-2012-3401, buffer overflow in tiff2pdf.
Bump PKGREVISION.
|
|
|
|
|
|
shells/bash: security patch
Revisions pulled up:
- shells/bash/Makefile 1.53
- shells/bash/distinfo 1.25
- shells/bash/patches/patch-lib_sh_eaccess.c 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Jul 18 15:43:12 UTC 2012
Modified Files:
pkgsrc/shells/bash: Makefile distinfo
Added Files:
pkgsrc/shells/bash/patches: patch-lib_sh_eaccess.c
Log Message:
add patch from the Bash project fixing CVE-2012-3410
|
|
|
|
net/libtorrent build fix
Revisions pulled up:
- net/libtorrent/Makefile 1.45
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Jul 2 07:01:52 UTC 2012
Modified Files:
pkgsrc/net/libtorrent: Makefile
Log Message:
Compile with GCC option "-march=i486" on x86 systems to make the required
function "__sync_bool_compare_and_swap_4" available. This fixes the build
of the "rtorrent" package under NetBSD/i386 5.1_STABLE.
|