summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-12-26Pullup ticket #4877 - requested by cyberpkgsrc-2015Q3bsiegert4-11/+43
security/openssl: security fix Revisions pulled up: - security/openssl/Makefile 1.214-1.216 - security/openssl/PLIST.common 1.26 - security/openssl/distinfo 1.116,1.118 - security/openssl/patches/patch-Makefile.shared 1.3 --- Module Name: pkgsrc Committed By: jperkin Date: Fri Oct 9 11:44:48 UTC 2015 Modified Files: pkgsrc/security/openssl: Makefile Log Message: Force the "linux-elf" Configure target for Linux 32-bit, fixes the build when running with ABI=32 on a 64-bit native host. --- Module Name: pkgsrc Committed By: jperkin Date: Mon Oct 26 09:42:47 UTC 2015 Modified Files: pkgsrc/security/openssl: Makefile distinfo pkgsrc/security/openssl/patches: patch-Makefile.shared Log Message: Support SunOS/clang and pass -h linker argument correctly. Doesn't fully fix the build yet, an additional patch to remove LD_LIBRARY_PATH is required but needs wider testing. --- Module Name: pkgsrc Committed By: jperkin Date: Mon Dec 7 15:57:42 UTC 2015 Modified Files: pkgsrc/security/openssl: Makefile PLIST.common distinfo Log Message: Update security/openssl to 1.0.2e. pkgsrc changes: - We now need to run 'make depend' after configure to pick up algorithm selection changes. Upstream changes: Changes between 1.0.2d and 1.0.2e [3 Dec 2015] *) BN_mod_exp may produce incorrect results on x86_64 There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. This issue was reported to OpenSSL by Hanno Böck. (CVE-2015-3193) [Andy Polyakov] *) Certificate verify crash with missing PSS parameter The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). (CVE-2015-3194) [Stephen Henson] *) X509_ATTRIBUTE memory leak When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using libFuzzer. (CVE-2015-3195) [Stephen Henson] *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, though the change is mostly in the more lenient direction, and legacy behaviour is preserved as much as possible. [Emilia Käsper] *) In DSA_generate_parameters_ex, if the provided seed is too short, return an error [Rich Salz and Ismo Puustinen <ismo.puustinen%intel.com@localhost>]
2015-12-26Part 2 of pullup ticket #4876 - requested by ryoonbsiegert2-5/+5
emulators/qemu: security fix Revisions pulled up: - emulators/qemu/distinfo 1.111 - emulators/qemu/patches/patch-configure 1.9 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Dec 22 23:52:00 UTC 2015 Modified Files: pkgsrc/emulators/qemu: distinfo pkgsrc/emulators/qemu/patches: patch-configure Log Message: Build ivshmem* conditionally, fix broken if conditional
2015-12-22Pullup ticket #4876.bsiegert1-1/+4
2015-12-22Pullup ticket #4876 - requested by ryoonbsiegert8-20/+118
emulators/qemu: security fix Revisions pulled up: - emulators/qemu/Makefile 1.147-1.148 - emulators/qemu/PLIST 1.44-1.45 - emulators/qemu/distinfo 1.109-1.110 - emulators/qemu/options.mk 1.2 - emulators/qemu/patches/patch-Makefile.objs 1.1 - emulators/qemu/patches/patch-configure 1.7-1.8 - emulators/qemu/patches/patch-default-configs_pci.mak 1.1 - emulators/qemu/patches/patch-tests_Makefile 1.3 --- Module Name: pkgsrc Committed By: ryoon Date: Fri Dec 18 22:39:33 UTC 2015 Modified Files: pkgsrc/emulators/qemu: Makefile PLIST distinfo pkgsrc/emulators/qemu/patches: patch-configure patch-tests_Makefile Log Message: Update to 2.5.0 Changelog: == System emulation == * guard pages are now inserted after guest RAM, to guard against guest-triggered buffer overflow attacks === Incompatible changes === * The mips32r5-generic CPU was renamed to P5600 * Host floppy device pass-through (block driver "host_floppy") has been removed; it is still possible to use them just like any other device file, however, a medium change will no longer be passed through to the guest === Future incompatible changes === * Three options are using different names on the command line and in configuration file. In particular: ** The "acpi" configuration file section matches command-line option "acpitable"; ** The "boot-opts" configuration file section matches command-line option "boot"; ** The "smp-opts" configuration file section matches command-line option "smp". :-readconfig will standardize on the name for the command line option. * Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them. * Image encryption is fatally flawed, and will be dropped entirely. It'll remain available only in qemu-img, so you can use 'qemu-img convert' to convert encrypted images to uncrypted ones. * Block device parameter aio=native has no effect without cache.direct=on. It will be made an error. * Block device parameter aio=native has no effect if qemu is compiled without libaio support. It will be made an error. * A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog. * QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly. * The s390-virtio machine has been deprecated for 2.5; it will be removed in 2.6. s390x users should switch to the (default) s390-ccw-virtio machine. * Changes to device "sdhci-pci" will make migration between old and new versions impossible. * We intend to drop support for running QEMU on MacOSX 10.5 hosts in the QEMU 2.6 release, unless somebody who uses it wishes to step forward and help us with regular testing. === Alpha === === ARM === * The "virt" machine type supports passing SMBIOS to the firmware. * Semihosting support on AArch64 * New i.MX31 SoC. * The ZynqMP and Allwinner A10 platforms support AHCI. * Support for VGICv3 in KVM * Support for GICv3 in the ACPI tables. * The "virt" machine now has a second PCIe MMIO region of 512GB in size in high memory. Note that older 32-bit ARM Linux kernels built without CONFIG_LPAE have a bug where the presence of this region in high memory causes them to refuse to use the PCIe controller at all. In this case you can either reconfigure your kernel with CONFIG_LPAE=y, or pass QEMU the "-machine highmem=off" option to disable the use of high memory for PCIe. The kernel bug is expected to be fixed in Linux kernel release 4.4. === MIPS === * The mips32r5-generic CPU was renamed to P5600 * Improvements to MIPS R6 emulation === PowerPC === ==== pSeries ==== * Support for memory hotplug * The shipped version of SLOF includes GPT support. * Using VFIO doesn't need spapr-pci-vfio-host-bridge anymore. * virtio-vga now supported on sPAPR guests. * [[Features/HRandomHypercall | H_RANDOM hypercall]] device for providing good random data to the guests. ==== Mac99 ==== * Improve ability to boot MacOS 9 (based upon GSoC project "Implement support for Mac OS 9 in QEMU " by Cormac O'Brien) === s390 === * Storage keys are migrated. * New "info skeys" command in HMP to dump the storage key for a given address. * Support for virtio 1 in the virtio-ccw devices. ** A maximum virtio-ccw revision can be specified via the "max_revision" property: max_revision=0 may be used to enforce usage of legacy virtio mode. * Support for boot from El Torito iso images on virtio-blk has been added. === SH === === SPARC === * sun4u: Fix EBus device enumeration under FreeBSD SPARC64 (OpenBIOS) === TileGX === * New target. === x86 === * The emulated IOMMU (VT-d) supports devices behind a bridge * QEMU will warn when using a "-cpu" model that includes unsupported features. These features are disabled automatically, just like in previous versions of QEMU * /machine/icc-bridge was removed from the QOM tree. Software relying on icc-bridge to find CPU objects should use the "qom_path" field of "query-cpus" QMP command ==== CPU models and features ==== * Haswell and Broadwell CPU models now include ABM * Cache information passthrough (which was enabled by default on "-cpu host") is now disabled by default * ABM, POPCNT, and SSE4a are not enabled in the default CPU models (qemu64, qemu32) anymore, as many hosts don't support it * RDTSCP was removed from AMD CPU models, as current KVM versions can't expose RDTSCP to guests in AMD hosts * New Intel memory instructions (clflushopt/clwb/pcommit) are now supported * TCG now supports Debug Extensions (CR4.DE) ==== KVM ==== * Support for Hyper-V-compatible reporting of crashes. ==== Xen ==== * Support for passthrough of Intel integrated GPUs. === Device emulation and assignment === * fw_cfg supports a DMA interface on ARM and x86. This interface makes -kernel/-initrd much faster if supported by the firmware. SeaBIOS supports the DMA interface starting with release 1.9.0 (commit 06316c9d). The UEFI guest fw for ARM VMs (known as ArmVirtQemu or AAVMF) supports the DMA interface starting with git commit 953bcbcc / SVN r18545. ==== ACPI ==== ==== Audio ==== ==== Block devices ==== ==== Character devices ==== ==== IDE ==== * AHCI ATAPI PIO transfers greater than one sector are fixe 0. On guest acknowledge, all functions are ejected together. ==== TPM ==== ==== VFIO ==== ==== virtio ==== * virtio-gpu now supports 3D mode * vhost-user now supports live migration. client changes are required to enable this. When used with an old client without migration support, vhost-user will now block migration (instead of failing silently) * vhost-user now supports multi-queue. Use queues=# to enable this. client changes are required to enable this mode. When used with an old client without multi-queue support, device will automatically fall back on using a single pair of queues. * vhost-user protocol now includes protocol feature negotiation, including multiple new messages. When used with old clients, all new messages are automatically disabled. * vhost-user no longer sents the RESET_OWNER message on device stop. The only QEMU version that sent it was 2.4, the message is now officially deprecated. * migration now works when virtio 1 is enabled for virtio-pci * For virtio-pci, virtio 1 performance on kvm on Intel CPUs has been improved (on kernel 4.4 and up). * a new flag modern-pio-notify can be used to enable PIO for notifications in virtio 1 mode, to improve performance for host kernels older than 4.4, and processors without EPT support. * virtio devices can now be placed on the pci express bus * vhost is no longer disabled when guest does not use MSI-X. The vhostforce flag is no longer required. * in virtio 1 mode, scsi passthrough is now disabled for virtio blk * Please note that for virtio-pci, the modern (virtio 1) interface is still disabled by default. To enable, set the flag disable-modern=off. ==== VGA ==== === Character devices === === GUI === * New syntax for enabling TLS in the VNC server: ** Equivalent to <tt>-vnc hostname:0,tls</tt>: <tt>-object tls-creds-anon,id=tls0,endpoint=server -vnc hostname:0,tls-creds=tls0</tt> ** Equivalent to <tt>-vnc hostname:0,tls,x509=/path/to/certs</tt>: <tt>-object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=no -vnc hostname:0,tls-creds=tls0</tt> ** Equivalent to <tt>-vnc hostname:0,tls,x509verify=/path/to/certs</tt>: <tt>-object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=yes -vnc hostname:0,tls-creds=tls0</tt> * The Cocoa GUI does not have show an 'open image file' dialog box anymore even if QEMU is started without arguments * Thu curses GUI supports 256 colors and line graphics. === Monitor === * New "info iothreads" command. * New "query-qmp-schema" command allows the caller to [[Features/QMP/Introspection | introspect the QMP schema]] used by QEMU. === Migration === * [[Features/PostCopyLiveMigration | Postcopy migration]] for migration of large/busy guests * A more flexible [[Features/AutoconvergeLiveMigration | auto-converge mechanism]] (for busy guests) === Network === * Support for multiqueue in vhost-user. * Support for network filters. Currently, the only filter objects are "filter-buffer", which batches packets every N microseconds, and "filter-dump", which can be used to log the network traffic in a file. Filters are attached to a netdev device using e.g. "-object filter-buffer,id=filter,netdev=net0,queue=rx,interval=1000" (which creates a 1ms filter-buffer). === Block devices in system emulation === === Command-line options === === TCG === * Improved system emulation performance for targets with software TLBs (e.g. SPARC). * Initial support for [[Features/record-replay | record/replay]]. == Block devices and tools == * The HMP "change" command (QMP's $B!H(B"lockdev-change-medium") now allows you to change the read-only mode of the device (e.g. when inserting a read-only floppy disk image into a previously R/W drive) * Fine-grained control over a block device's tray with the new QMP commands "blockdev-open-tray", "blockdev-close-tray", "x-blockdev-insert-medium", and "x-blockdev-remove-medium" (the latter two are experimental for now) * New "reopen" command in qemu-io * block-dirty-bitmap-add and block-dirty-bitmap-clear transaction actions have been added to now fully support (transient) incremental bitmap usage and management. * QMP transactions now support a "completion-mode" parameter which controls the completion behavior of jobs launched by transactions, which will allow them to fail together. See the [https://github.com/qemu/qemu/blob/master/docs/bitmaps.md bitmaps.md] documentation for how this affects incremental backups. * Block I/O accounting can now report average queue depth, min/avg/max latency, and failed/invalid request counts * qcow2 learnt a new option ''cache-clean-interval'', which allows to free unused cache entries after some time. * An experimental QMP command ''x-blockdev-del'' was added as a completement for the (also still experimental) ''blockdev-add'' command. * A new QMP command ''blockdev-snapshot'' that allows creating a snapshot using as overlay an image previously opened with ''blockdev-add''. This allows opening the overlay image with arbitrary run-time options, solving one of the limitations of ''blockdev-snapshot-sync''. * It is now possible to open an image without its backing file by specifying the empty string as a backing file reference when opening the image. This is useful for creating snapshots, since images opened with ''blockdev-add'' are not supposed to have a backing file before the ''blockdev-snapshot'' operation. * Host CD-ROM support now works on Mac OS X hosts * Host floppy support has been removed (it was deprecated in QEMU 2.3) * The temporary "x-data-plane=on/off" option for virtio-blk device is removed now, all users are requested to use the canonical "-object iothread,id=<id> -device virtio-blk,iothread=<id>,..." syntax. == Audio == == Guest agent == * Add an optional qemu-ga.conf system configuration * Support for dumping the configuration current file with --dump-conf * Win32 support for guest-set-user-password * New command guest-exec == User-mode emulation == * The configure option --disable-guest-base has been removed. == Build dependencies == * libcacard has been moved to a standalone project, hosted at git://anongit.freedesktop.org/spice/libcacard. The libcacard library from QEMU 2.4 can also be used to build QEMU 2.5. * virtio-gpu 3D support requires virglrenderer. == Known issues == * SDL audio only works with SDL 1.x. * 64-bit QEMU might crash on Windows (problems with stack unwinding, depends on build environment, [http://repo.or.cz/w/qemu/ar7.git/commit/8fa9c07c9a33174905e67589bea6be3e278712cb possible fix]) * QEMU's configure script fails with pdksh from OpenBSD (see [https://bugs.launchpad.net/qemu/+bug/1525682 bug #1525682]. Using another shell with configure should work. --- Module Name: pkgsrc Committed By: ryoon Date: Mon Dec 21 12:10:22 UTC 2015 Modified Files: pkgsrc/emulators/qemu: Makefile PLIST distinfo options.mk pkgsrc/emulators/qemu/patches: patch-configure Added Files: pkgsrc/emulators/qemu/patches: patch-Makefile.objs patch-default-configs_pci.mak Log Message: Fix build under NetBSD 6 or other platform that has no shm_open() Fix PR pkg/50572.
2015-12-18Pullup tickets #4872 and #4873.bsiegert1-1/+7
2015-12-18Pullup ticket #4873 - requested by cyberbsiegert8-215/+255
devel/nbpatch: security fix Revisions pulled up: - devel/nbpatch/Makefile 1.10 - devel/nbpatch/files/backupfile.c 1.3 - devel/nbpatch/files/common.h 1.5 - devel/nbpatch/files/inp.c 1.7 - devel/nbpatch/files/nbpatch.1 1.2 - devel/nbpatch/files/nbpatch.cat1 1.2 - devel/nbpatch/files/patch.c 1.3 - devel/nbpatch/files/pch.c 1.2 --- Module Name: pkgsrc Committed By: joerg Date: Sat Nov 7 18:29:50 UTC 2015 Modified Files: pkgsrc/devel/nbpatch: Makefile pkgsrc/devel/nbpatch/files: backupfile.c common.h inp.c nbpatch.1 nbpatch.cat1 patch.c pch.c Log Message: nbpatch-20151107: Merge various changes from NetBSD: (1) Allow "-V none" to disable backups. (2) Stricter control about valid ed-style patches. (3) Avoid shell use when looking for RCS, remove SCCS support.
2015-12-18Pullup ticket #4872 - requested by tacabsiegert5-52/+35
net/bind910: security fix Revisions pulled up: - net/bind910/Makefile 1.13-1.14 - net/bind910/distinfo 1.12-1.13 - net/bind910/patches/patch-bin_dig_dighost.c 1.3 - net/bind910/patches/patch-bin_tests_system_Makefile.in 1.3 - net/bind910/patches/patch-configure 1.4 --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 13 17:35:22 UTC 2015 Modified Files: pkgsrc/net/bind910: Makefile distinfo pkgsrc/net/bind910/patches: patch-bin_dig_dighost.c patch-bin_tests_system_Makefile.in patch-configure Log Message: Update bind910 to 9.10.3. Security Fixes * An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. This flaw is disclosed in CVE-2015-5986. [RT #40286] * A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. This flaw was discovered by Hanno Böck of the Fuzzing Project, and is disclosed in CVE-2015-5722. [RT #40212] * A specially crafted query could trigger an assertion failure in message.c. This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477. [RT #40046] * On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server. This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795] New Features * New quotas have been added to limit the queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks. When configured, these options can both reduce the harm done to authoritative servers and also avoid the resource exhaustion that can be experienced by recursives when they are being used as a vehicle for such an attack. NOTE: These options are not available by default; use configure --enable-fetchlimit to include them in the build. + fetches-per-server limits the number of simultaneous queries that can be sent to any single authoritative server. The configured value is a starting point; it is automatically adjusted downward if the server is partially or completely non-responsive. The algorithm used to adjust the quota can be configured via the fetch-quota-params option. + fetches-per-zone limits the number of simultaneous queries that can be sent for names within a single domain. (Note: Unlike "fetches-per-server", this value is not self-tuning.) Statistics counters have also been added to track the number of queries affected by these quotas. * dig +ednsflags can now be used to set yet-to-be-defined EDNS flags in DNS requests. * dig +[no]ednsnegotiation can now be used enable / disable EDNS version negotiation. * An --enable-querytrace configure switch is now available to enable very verbose query tracelogging. This option can only be set at compile time. This option has a negative performance impact and should be used only for debugging. Feature Changes * Large inline-signing changes should be less disruptive. Signature generation is now done incrementally; the number of signatures to be generated in each quantum is controlled by "sig-signing-signatures number;". [RT #37927] * The experimental SIT extension now uses the EDNS COOKIE option code point (10) and is displayed as "COOKIE: <value>". The existing named.conf directives; "request-sit", "sit-secret" and "nosit-udp-size", are still valid and will be replaced by "send-cookie", "cookie-secret" and "nocookie-udp-size" in BIND 9.11. The existing dig directive "+sit" is still valid and will be replaced with "+cookie" in BIND 9.11. * When retrying a query via TCP due to the first answer being truncated, dig will now correctly send the COOKIE value returned by the server in the prior response. [RT #39047] * Retrieving the local port range from net.ipv4.ip_local_port_range on Linux is now supported. * Active Directory names of the form gc._msdcs.<forest> are now accepted as valid hostnames when using the check-names option. <forest> is still restricted to letters, digits and hyphens. * Names containing rich text are now accepted as valid hostnames in PTR records in DNS-SD reverse lookup zones, as specified in RFC 6763. [RT #37889] Bug Fixes * Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573] * A race during shutdown or reconfiguration could cause an assertion failure in mem.c. [RT #38979] * Some answer formatting options didn't work correctly with dig +short. [RT #39291] * Malformed records of some types, including NSAP and UNSPEC, could trigger assertion failures when loading text zone files. [RT #40274] [RT #40285] * Fixed a possible crash in ratelimiter.c caused by NOTIFY messages being removed from the wrong rate limiter queue. [RT #40350] * The default rrset-order of random was inconsistently applied. [RT #40456] * BADVERS responses from broken authoritative name servers were not handled correctly. [RT #40427] * Several bugs have been fixed in the RPZ implementation: + Policy zones that did not specifically require recursion could be treated as if they did; consequently, setting qname-wait-recurse no; was sometimes ineffective. This has been corrected. In most configurations, behavioral changes due to this fix will not be noticeable. [RT #39229] + The server could crash if policy zones were updated (e.g. via rndc reload or an incoming zone transfer) while RPZ processing was still ongoing for an active query. [RT #39415] + On servers with one or more policy zones configured as slaves, if a policy zone updated during regular operation (rather than at startup) using a full zone reload, such as via AXFR, a bug could allow the RPZ summary data to fall out of sync, potentially leading to an assertion failure in rpz.c when further incremental updates were made to the zone, such as via IXFR. [RT #39567] + The server could match a shorter prefix than what was available in CLIENT-IP policy triggers, and so, an unexpected action could be taken. This has been corrected. [RT #39481] + The server could crash if a reload of an RPZ zone was initiated while another reload of the same zone was already in progress. [RT #39649] + Query names could match against the wrong policy zone if wildcard records were present. [RT #40357] --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 16 00:31:22 UTC 2015 Modified Files: pkgsrc/net/bind910: Makefile distinfo Log Message: Update bind910 package to 9.10.3pl2 (BIND 9.10.3-P2), security release. --- 9.10.3-P2 released --- 4270. [security] Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193. 4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556] 4260. [security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987] 4253. [security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945] --- 9.10.3-P1 (withdrawn) ---
2015-12-17Pullup ticket #4871.bsiegert1-1/+4
2015-12-17Pullup ticket #4871 - requested by tacabsiegert5-61/+34
net/bind99: security fix Revisions pulled up: - net/bind99/Makefile 1.49-1.50 - net/bind99/distinfo 1.34-1.35 - net/bind99/patches/patch-bin_dig_dighost.c 1.5 - net/bind99/patches/patch-bin_tests_system_Makefile.in 1.6 - net/bind99/patches/patch-configure 1.11 --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 13 17:37:00 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo pkgsrc/net/bind99/patches: patch-bin_dig_dighost.c patch-bin_tests_system_Makefile.in patch-configure Log Message: Update bind99 to 9.9.8. Security Fixes * An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. This flaw is disclosed in CVE-2015-5986. [RT #40286] * A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys. This flaw was discovered by Hanno Böck of the Fuzzing Project, and is disclosed in CVE-2015-5722. [RT #40212] * A specially crafted query could trigger an assertion failure in message.c. This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477. [RT #40046] * On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server. This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795] New Features * New quotas have been added to limit the queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks. When configured, these options can both reduce the harm done to authoritative servers and also avoid the resource exhaustion that can be experienced by recursives when they are being used as a vehicle for such an attack. NOTE: These options are not available by default; use configure --enable-fetchlimit to include them in the build. + fetches-per-server limits the number of simultaneous queries that can be sent to any single authoritative server. The configured value is a starting point; it is automatically adjusted downward if the server is partially or completely non-responsive. The algorithm used to adjust the quota can be configured via the fetch-quota-params option. + fetches-per-zone limits the number of simultaneous queries that can be sent for names within a single domain. (Note: Unlike "fetches-per-server", this value is not self-tuning.) Statistics counters have also been added to track the number of queries affected by these quotas. * An --enable-querytrace configure switch is now available to enable very verbose query tracelogging. This option can only be set at compile time. This option has a negative performance impact and should be used only for debugging. * EDNS COOKIE options content is now displayed as "COOKIE: <hexvalue>". Feature Changes * Large inline-signing changes should be less disruptive. Signature generation is now done incrementally; the number of signatures to be generated in each quantum is controlled by "sig-signing-signatures number;". [RT #37927] * Retrieving the local port range from net.ipv4.ip_local_port_range on Linux is now supported. * Active Directory names of the form gc._msdcs.<forest> are now accepted as valid hostnames when using the check-names option. <forest> is still restricted to letters, digits and hyphens. * Names containing rich text are now accepted as valid hostnames in PTR records in DNS-SD reverse lookup zones, as specified in RFC 6763. [RT #37889] Bug Fixes * Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573] * A race during shutdown or reconfiguration could cause an assertion failure in mem.c. [RT #38979] * Some answer formatting options didn't work correctly with dig +short. [RT #39291] * Malformed records of some types, including NSAP and UNSPEC, could trigger assertion failures when loading text zone files. [RT #40274] [RT #40285] * Fixed a possible crash in ratelimiter.c caused by NOTIFY messages being removed from the wrong rate limiter queue. [RT #40350] * The default rrset-order of random was inconsistently applied. [RT #40456] * BADVERS responses from broken authoritative name servers were not handled correctly. [RT #40427] --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 16 00:32:06 UTC 2015 Modified Files: pkgsrc/net/bind99: Makefile distinfo Log Message: Update bind99 package to 9.9.8pl2 (BIND 9.9.8-P2), security release. --- 9.9.8-P2 released --- 4270. [security] Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193. 4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556] 4260. [security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987] 4253. [security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945] --- 9.9.8-P1 (withdrawn) ---
2015-12-17Pullup ticket #4870.bsiegert1-1/+4
2015-12-17Pullup ticket #4870 - requested by tacabsiegert3-27/+49
www/typo3_62: security fix Revisions pulled up: - www/typo3_62/Makefile 1.10-1.11 - www/typo3_62/PLIST 1.8 --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 13 14:41:32 UTC 2015 Modified Files: pkgsrc/www/drupal6: Makefile pkgsrc/www/drupal7: Makefile pkgsrc/www/typo3_62: Makefile Log Message: Prefix PKGNAME with ${PHP_PKG_PREFIX}. --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 15 15:53:29 UTC 2015 Modified Files: pkgsrc/www/typo3_62: Makefile PLIST distinfo Log Message: Update typo3_62 to 6.2.16, security fix. Quote from release announce: the TYPO3 Community has just released TYPO3 CMS versions 6.2.16 LTS and 7.6.1 LTS which are now ready for you to download. All versions are maintenance releases and contain bug fixes and security fixes. *IMPORTANT* These versions include important security fixes to the TYPO3 CMS Core. The according security bulletins with details have just been released: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor e-sa-2015-010/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor e-sa-2015-011/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor e-sa-2015-012/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor e-sa-2015-013/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor e-sa-2015-014/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor e-sa-2015-015/
2015-12-06Pullup ticket #4668.bsiegert1-1/+4
2015-12-06Pullup ticket #4868 - requested by wizbsiegert5-9/+42
security/keepassx: security fix Revisions pulled up: - security/keepassx/Makefile 1.31 - security/keepassx/distinfo 1.8 - security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp 1.2 - security/keepassx/patches/patch-src_lib_FileDialogs.cpp 1.1 - security/keepassx/patches/patch-src_lib_random.cpp 1.4 --- Module Name: pkgsrc Committed By: wiz Date: Sun Dec 6 14:20:34 UTC 2015 Modified Files: pkgsrc/security/keepassx: Makefile distinfo pkgsrc/security/keepassx/patches: patch-src_lib_AutoTypeX11.cpp patch-src_lib_random.cpp Added Files: pkgsrc/security/keepassx/patches: patch-src_lib_FileDialogs.cpp Log Message: Fix CVE-2015-8378 using the patch from Debian. Bump PKGREVISION. While here, clean up pkglint.
2015-12-04Pullup ticket #4866bsiegert1-2/+5
2015-12-04Pullup ticket #4866 - requested by wizbsiegert2-7/+7
graphics/png: security fix Revisions pulled up: - graphics/png/Makefile 1.180 - graphics/png/distinfo 1.125 --- Module Name: pkgsrc Committed By: wiz Date: Thu Dec 3 15:17:02 UTC 2015 Modified Files: pkgsrc/graphics/png: Makefile distinfo Log Message: Update to 1.6.20: Version 1.6.20beta01 [November 20, 2015] Avoid potential pointer overflow/underflow in png_handle_sPLT() and png_handle_pCAL() (Bug report by John Regehr). Version 1.6.20beta02 [November 23, 2015] Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability. Version 1.6.20beta03 [November 24, 2015] Backported tests from libpng-1.7.0beta69. Version 1.6.20rc01 [November 26, 2015] Fixed an error in handling of bad zlib CMINFO field in pngfix, found by American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't immediately fault a bad CMINFO field; instead a 'too far back' error happens later (at least some times). pngfix failed to limit CMINFO to the allowed values but then assumed that window_bits was in range, triggering an assert. The bug is mostly harmless; the PNG file cannot be fixed. Version 1.6.20rc02 [November 29, 2015] In libpng 1.6 zlib initialization was changed to use the window size in the zlib stream, not a fixed value. This causes some invalid images, where CINFO is too large, to display 'correctly' if the rest of the data is valid. This provides a workaround for zlib versions where the error arises (ones that support the API change to use the window size in the stream). Version 1.6.20 [December 3, 2015] No changes. 'correctly' if the rest of the data is valid. This provides a workaround for zlib versions where the error arises (ones that support the API change to use the window size in the stream). Version 1.6.20 [December 3, 2015] No changes.
2015-11-24Pullup tickets #4860, #4861, #4862, #4863 and #4864.bsiegert1-1/+16
2015-11-24Pullup ticket #4863 - requested by tacabsiegert4-12/+22
textproc/ruby-nokogiri: security fix Revisions pulled up: - textproc/ruby-nokogiri/ALTERNATIVES 1.1 - textproc/ruby-nokogiri/Makefile 1.27-1.28 - textproc/ruby-nokogiri/PLIST 1.15-1.16 - textproc/ruby-nokogiri/distinfo 1.17-1.18 --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 18 16:04:50 UTC 2015 Modified Files: pkgsrc/textproc/ruby-nokogiri: Makefile PLIST distinfo Added Files: pkgsrc/textproc/ruby-nokogiri: ALTERNATIVES Log Message: Update ruby-nokogiri to 1.6.6.3. pkgsrc change: Add pkg_alternatives support. === 1.6.6.3 / 2015-11-16 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address: * CVE-2015-1819 * CVE-2015-7941_1 * CVE-2015-7941_2 * CVE-2015-7942 * CVE-2015-7942-2 * CVE-2015-8035 * CVE-2015-7995 See #1374 for details. --- Module Name: pkgsrc Committed By: taca Date: Mon Nov 23 07:28:01 UTC 2015 Modified Files: pkgsrc/textproc/ruby-nokogiri: Makefile PLIST distinfo Log Message: Update ruby-nokogiri to 1.6.8.4. === 1.6.6.4 / 2015-11-19 This version pulls in an upstream patche to the vendored libxml2 to address: * unclosed comment uninitialized access issue (#1376) This issue does not have a CVE assigned to it as this time.
2015-11-24Pullup ticket #4864 - requested by wizbsiegert2-6/+7
devel/pcre: security fix Revisions pulled up: - devel/pcre/Makefile 1.77 - devel/pcre/distinfo 1.58 --- Module Name: pkgsrc Committed By: wiz Date: Tue Nov 24 11:04:03 UTC 2015 Modified Files: pkgsrc/devel/pcre: Makefile distinfo Log Message: Update pcre to 8.38: Version 8.38 23-November-2015 ----------------------------- 1. If a group that contained a recursive back reference also contained a forward reference subroutine call followed by a non-forward-reference subroutine call, for example /.((?2)(?R)\1)()/, pcre2_compile() failed to compile correct code, leading to undefined behaviour or an internally detected error. This bug was discovered by the LLVM fuzzer. 2. Quantification of certain items (e.g. atomic back references) could cause incorrect code to be compiled when recursive forward references were involved. For example, in this pattern: /(?1)()((((((\1++))\x85)+)|))/. This bug was discovered by the LLVM fuzzer. 3. A repeated conditional group whose condition was a reference by name caused a buffer overflow if there was more than one group with the given name. This bug was discovered by the LLVM fuzzer. 4. A recursive back reference by name within a group that had the same name as another group caused a buffer overflow. For example: /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer. 5. A forward reference by name to a group whose number is the same as the current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused a buffer overflow at compile time. This bug was discovered by the LLVM fuzzer. 6. A lookbehind assertion within a set of mutually recursive subpatterns could provoke a buffer overflow. This bug was discovered by the LLVM fuzzer. 7. Another buffer overflow bug involved duplicate named groups with a reference between their definition, with a group that reset capture numbers, for example: /(?J:(?|(?'R')(\k'R')|((?'R'))))/. This has been fixed by always allowing for more memory, even if not needed. (A proper fix is implemented in PCRE2, but it involves more refactoring.) 8. There was no check for integer overflow in subroutine calls such as (?123). 9. The table entry for \l in EBCDIC environments was incorrect, leading to its being treated as a literal 'l' instead of causing an error. 10. There was a buffer overflow if pcre_exec() was called with an ovector of size 1. This bug was found by american fuzzy lop. 11. If a non-capturing group containing a conditional group that could match an empty string was repeated, it was not identified as matching an empty string itself. For example: /^(?:(?(1)x|)+)+$()/. 12. In an EBCDIC environment, pcretest was mishandling the escape sequences \a and \e in test subject lines. 13. In an EBCDIC environment, \a in a pattern was converted to the ASCII instead of the EBCDIC value. 14. The handling of \c in an EBCDIC environment has been revised so that it is now compatible with the specification in Perl's perlebcdic page. 15. The EBCDIC character 0x41 is a non-breaking space, equivalent to 0xa0 in ASCII/Unicode. This has now been added to the list of characters that are recognized as white space in EBCDIC. 16. When PCRE was compiled without UCP support, the use of \p and \P gave an error (correctly) when used outside a class, but did not give an error within a class. 17. \h within a class was incorrectly compiled in EBCDIC environments. 18. A pattern with an unmatched closing parenthesis that contained a backward assertion which itself contained a forward reference caused buffer overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/. 19. JIT should return with error when the compiled pattern requires more stack space than the maximum. 20. A possessively repeated conditional group that could match an empty string, for example, /(?(R))*+/, was incorrectly compiled. 21. Fix infinite recursion in the JIT compiler when certain patterns such as /(?:|a|){100}x/ are analysed. 22. Some patterns with character classes involving [: and \\ were incorrectly compiled and could cause reading from uninitialized memory or an incorrect error diagnosis. 23. Pathological patterns containing many nested occurrences of [: caused pcre_compile() to run for a very long time. 24. A conditional group with only one branch has an implicit empty alternative branch and must therefore be treated as potentially matching an empty string. 25. If (?R was followed by - or + incorrect behaviour happened instead of a diagnostic. 26. Arrange to give up on finding the minimum matching length for overly complex patterns. 27. Similar to (4) above: in a pattern with duplicated named groups and an occurrence of (?| it is possible for an apparently non-recursive back reference to become recursive if a later named group with the relevant number is encountered. This could lead to a buffer overflow. Wen Guanxing from Venustech ADLAB discovered this bug. 28. If pcregrep was given the -q option with -c or -l, or when handling a binary file, it incorrectly wrote output to stdout. 29. The JIT compiler did not restore the control verb head in case of *THEN control verbs. This issue was found by Karl Skomski with a custom LLVM fuzzer. 30. Error messages for syntax errors following \g and \k were giving inaccurate offsets in the pattern. 31. Added a check for integer overflow in conditions (?(<digits>) and (?(R<digits>). This omission was discovered by Karl Skomski with the LLVM fuzzer. 32. Handling recursive references such as (?2) when the reference is to a group later in the pattern uses code that is very hacked about and error-prone. It has been re-written for PCRE2. Here in PCRE1, a check has been added to give an internal error if it is obvious that compiling has gone wrong. 33. The JIT compiler should not check repeats after a {0,1} repeat byte code. This issue was found by Karl Skomski with a custom LLVM fuzzer. 34. The JIT compiler should restore the control chain for empty possessive repeats. This issue was found by Karl Skomski with a custom LLVM fuzzer. 35. Match limit check added to JIT recursion. This issue was found by Karl Skomski with a custom LLVM fuzzer. 36. Yet another case similar to 27 above has been circumvented by an unconditional allocation of extra memory. This issue is fixed "properly" in PCRE2 by refactoring the way references are handled. Wen Guanxing from Venustech ADLAB discovered this bug. 37. Fix two assertion fails in JIT. These issues were found by Karl Skomski with a custom LLVM fuzzer. 38. Fixed a corner case of range optimization in JIT. 39. An incorrect error "overran compiling workspace" was given if there were exactly enough group forward references such that the last one extended into the workspace safety margin. The next one would have expanded the workspace. The test for overflow was not including the safety margin. 40. A match limit issue is fixed in JIT which was found by Karl Skomski with a custom LLVM fuzzer. 41. Remove the use of /dev/null in testdata/testinput2, because it doesn't work under Windows. (Why has it taken so long for anyone to notice?) 42. In a character class such as [\W\p{Any}] where both a negative-type escape ("not a word character") and a property escape were present, the property escape was being ignored. 43. Fix crash caused by very long (*MARK) or (*THEN) names. 44. A sequence such as [[:punct:]b] that is, a POSIX character class followed by a single ASCII character in a class item, was incorrectly compiled in UCP mode. The POSIX class got lost, but only if the single character followed it. 45. [:punct:] in UCP mode was matching some characters in the range 128-255 that should not have been matched. 46. If [:^ascii:] or [:^xdigit:] or [:^cntrl:] are present in a non-negated class, all characters with code points greater than 255 are in the class. When a Unicode property was also in the class (if PCRE_UCP is set, escapes such as \w are turned into Unicode properties), wide characters were not correctly handled, and could fail to match.
2015-11-24Pullup ticket #4862 - requested by tacabsiegert4-21/+12
mail/roundcube: security fix Revisions pulled up: - mail/roundcube/Makefile 1.77 - mail/roundcube/PLIST 1.38 - mail/roundcube/distinfo 1.45 - mail/roundcube/options.mk 1.14 --- Module Name: pkgsrc Committed By: prlw1 Date: Thu Oct 29 15:54:20 UTC 2015 Modified Files: pkgsrc/mail/roundcube: Makefile PLIST distinfo options.mk Log Message: Update roundcube to 1.1.3 ok taca@ Since Makefile 1.59, the iconv option had no effect - reinstate iconv as being optional. This update to 1.1.3 makes multibyte and openssl a requirement (and drops mcrypt support). RELEASE 1.1.3 ------------- - Fix closing of nested menus (#1490443) - Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281) - Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424) - Get rid of Mail_mimeDecode package dependency (#1490416) - Fix "Importing..." message does not hide on error (#1490422) - Fix Compose action in addressbook for results from multiple addressbooks (#1490413) - Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426) - Fix unintentional messages list page change on page switch in compose addressbook (#1490427) - Fix race-condition in saving user preferences and loading plugin config (#1490431) - Fix so plain text signature field uses monospace font (#1490435) - Fix so links with href == content aren't added to links list on html to text conversion (#1490434) - Fix handling of non-break spaces in html to text conversion (#1490436) - Fix self-reply detection issues (#1490439) - Fix multi-folder search result sorting by arrival date (#1490450) - Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452) - Update to TinyMCE 4.1.10 (#1490405) - Fix draft removal after a message is sent and storing sent message is disabled (#1490467) - Fix so imap folder attribute comparisons are case-insensitive (#1490466) - Fix bug where new messages weren't added to the list in search mode - Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035) - Fix some javascript errors in rare situations (#1490441) - Fix error when using back button after sending an email (#1490009) - Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470) - Disable links list generation on html-to-text conversion of identities or composed message (#1490437) - Fix "washing" of style elements wrapped into many lines - Fix so input field (e.g. search box) does not loose focus on list load (#1490455) - Fix so css of one html part does not apply to other text parts on message display (#1490505) - Fix XSS issue in drag-n-drop file uploads (#1490530) - Fix handling of plus character in mailto: links (#1490510) - Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472) - Fix so gc.sh script removes also expired sessions from sql database (#1490512) - Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) - Fix various issues with Turkish (and similar) locales (#1490519) - Fix so In-Reply-To header is set also for MDN receipts (#1490523) - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header - Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482)
2015-11-24Pullup ticket #4861 - requested by tacabsiegert4-6/+23
net/ntp4: build fix Revisions pulled up: - net/ntp4/Makefile 1.89 - net/ntp4/distinfo 1.24 - net/ntp4/patches/patch-aa deleted - net/ntp4/patches/patch-include-ntp__syscall.h 1.1 - net/ntp4/patches/patch-ntpd-ntpd.c 1.1 --- Module Name: pkgsrc Committed By: christos Date: Thu Oct 29 11:23:47 UTC 2015 Added Files: pkgsrc/net/ntp4/patches: patch-include-ntp__syscall.h patch-ntpd-ntpd.c Removed Files: pkgsrc/net/ntp4/patches: patch-aa Log Message: - rename patch-aa to follow not so new anymore convention - apply the "warmup" patch only on linux. should fix the build on netbsd-6 --- Module Name: pkgsrc Committed By: christos Date: Thu Oct 29 11:28:44 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile distinfo Log Message: update checksum and bump revision
2015-11-24Pullup ticket #4860 - requested by tacabsiegert3-8/+19
www/squid3: security fix Revisions pulled up: - www/squid3/Makefile 1.54-1.56 - www/squid3/distinfo 1.41-1.43 - www/squid3/files/squid.sh 1.3 --- Module Name: pkgsrc Committed By: adam Date: Fri Oct 2 07:57:13 UTC 2015 Modified Files: pkgsrc/www/squid3: Makefile distinfo Log Message: Changes 3.5.10: * Align behavior of MEMPROXY_CLASS's operator delete with ::delete on nullptr * Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size * Fix cache_peer login=PASS(THRU) after CVE-2015-5400 * Bug 4304: PeerConnector.cc:743 "!callback" assertion. * Relicense SSPI helper to GPLv2+ * Bug 4208: more than one port in wccp2_service_info line causes error * Relicense smb_lm auth helper to GPLv2+ * Relicense ntlm_fake_auth.pl to GPLv2+ * SMP: register worker listening ports one by one * Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules * Bug 4323: Netfilter broken cross-includes with Linux 4.2 * Cleanup: Migrate StoreEntry to using MEMPROXY_CLASS * Remove custom pool chunk size for StoreEntry * Implement default constructor for hash_link * Bug 4326: base64 binary encoder rejects data beginning with nil byte --- Module Name: pkgsrc Committed By: sborrill Date: Thu Oct 8 10:07:10 UTC 2015 Modified Files: pkgsrc/www/squid3: Makefile pkgsrc/www/squid3/files: squid.sh Log Message: Check current file descriptor limit and raise if required rather than blindly setting to 4096 (which may in fact be lower than current limit). Bump PKGREVISION --- Module Name: pkgsrc Committed By: adam Date: Wed Nov 4 21:44:27 UTC 2015 Modified Files: pkgsrc/www/squid3: Makefile distinfo Log Message: Changes 3.5.11: * Add Locker friend class to SBuf for protection against memory issues * Connection stats, including %<lp, missing for persistent connections * Fix incorrect authentication headers on cache digest requests * Bug 4281: copy-paste typos in src/tools.cc * Bug 4188: Bumping intercepted SSL connections does not work on Solaris * Avoid errors when parsing manager ACL in old squid.conf * Bug 4279: No response from proxy for FTP-download of non-existing file * Bug 3574: crashes on reconfigure and startup * Bug 4347: compile errors with LibreSSL 2.3
2015-11-23Pullup tickert #4859.bsiegert1-1/+4
2015-11-23Pullup ticket #4859 - requested by agcbsiegert3-13/+14
pkgtools/pkg_comp: bugfix Revisions pulled up: - pkgtools/pkg_comp/Makefile 1.55 - pkgtools/pkg_comp/files/pkg_comp.8 1.41 - pkgtools/pkg_comp/files/pkg_comp.sh 1.43 --- Module Name: pkgsrc Committed By: agc Date: Sat Nov 21 23:10:27 UTC 2015 Modified Files: pkgsrc/pkgtools/pkg_comp: Makefile pkgsrc/pkgtools/pkg_comp/files: pkg_comp.8 pkg_comp.sh Log Message: Update pkg_comp to 1.38nb1 pkgsrc uses the "BUILD_TARGET" definition internally as the primary target for building in a package's WRKDIR. It defaults to "all". So pkgsrc cd's to ${WRKDIR} and does a "make ${BUILD_TARGET}" pkg_comp also wants to use the same "BUILD_TARGET" definition internally for itself to guide the builds for making binary packages. It's done at a higher level than the pkgsrc definition. It defaults to "package". The use of the same name for two different purposes can cause pkg_comp to fail to build packages. This commit renames the pkg_comp definition to be "BUILD_PKG_COMP_TARGET". With this change in place, my pkg_comp builds now complete successfully. Bump PKGREVISION for the BUILD_PKG_COMP_TARGET fix
2015-11-22Pullup ticket #4858.bsiegert1-1/+4
2015-11-22Pullup ticket #4858 - requested by tezbsiegert1-1/+2
security/mit-krb5: build fix Revisions pulled up: - security/mit-krb5/Makefile 1.85 --- Module Name: pkgsrc Committed By: tez Date: Thu Nov 5 19:10:30 UTC 2015 Modified Files: pkgsrc/security/mit-krb5: Makefile Log Message: Fix build in case there is a system version of verto found. No revbump because it failed to build before if there was one. Fixes pkg/50348
2015-11-21Pullup ticket #4852.bsiegert1-1/+4
2015-11-21Pullup ticket #4852 - requested by hebsiegert2-3/+15
lang/g95: build fix Revisions pulled up: - lang/g95/distinfo 1.24 - lang/g95/patches/patch-ac deleted - lang/g95/patches/patch-configure 1.1 --- Module Name: pkgsrc Committed By: he Date: Sat Nov 7 22:56:13 UTC 2015 Modified Files: pkgsrc/lang/g95: distinfo Added Files: pkgsrc/lang/g95/patches: patch-configure Removed Files: pkgsrc/lang/g95/patches: patch-ac Log Message: Let g95 build for NetBSD powerpc as well: treat NetBSD the same as Linux in terms of FPU usage. Since this is only a build fix for the NetBSD powerpc ports, there's no revision bump.
2015-11-20Pullup tickets #4854, #4855 and #4856.bsiegert1-1/+8
2015-11-20Pullup ticket #4855 - requested by hebsiegert4-9/+72
archivers/unzip: security fix Revisions pulled up: - archivers/unzip/Makefile 1.91 - archivers/unzip/distinfo 1.29 - archivers/unzip/patches/patch-crypt.c 1.1 - archivers/unzip/patches/patch-extract.c 1.3 --- Module Name: pkgsrc Committed By: wiz Date: Wed Nov 11 12:47:27 UTC 2015 Modified Files: pkgsrc/archivers/unzip: Makefile distinfo pkgsrc/archivers/unzip/patches: patch-extract.c Added Files: pkgsrc/archivers/unzip/patches: patch-crypt.c Log Message: Add patches to fix CVE-2015-7696, CVE-2015-7697, and an integer underflow. From Debian. Bump PKGREVISION.
2015-11-20Pullup ticket #4854 - requested by sevanbsiegert2-6/+7
Pullup ticket #4856 - requested by he graphics/png: security fix Revisions pulled up: - graphics/png/Makefile 1.179 - graphics/png/distinfo 1.124 --- Module Name: pkgsrc Committed By: wiz Date: Thu Nov 12 16:12:19 UTC 2015 Modified Files: pkgsrc/graphics/png: Makefile distinfo Log Message: Update png to 1.6.19: Libpng 1.6.19 - November 12, 2015 Changes since the last public release (1.6.18): Updated obsolete information about the simplified API macros in the manual pages (Bug report by Arc Riley). Avoid potentially dereferencing NULL info_ptr in png_info_init_3(). Rearranged png.h to put the major sections in the same order as in libpng17. Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and PNG_WEIGHT_FACTOR macros. Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler (Bug report by Viktor Szakats). Several warnings remain and are unavoidable, where we test for overflow. Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c Fixed uninitialized variable in contrib/gregbook/rpng2-x.c Moved config.h.in~ from the "libpng_autotools_files" list to the "libpng_autotools_extra" list in autogen.sh because it was causing a false positive for missing files (bug report by Robert C. Seacord). Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c to suppress clang warnings (Bug report by Viktor Szakats). Fixed some bad links in the man page. Changed "n bit" to "n-bit" in comments. Added signed/unsigned 16-bit safety net. This removes the dubious 0x8000 flag definitions on 16-bit systems. They aren't supported yet the defs *probably* work, however it seems much safer to do this and be advised if anyone, contrary to advice, is building libpng 1.6 on a 16-bit system. It also adds back various switch default clauses for GCC; GCC errors out if they are not present (with an appropriately high level of warnings). Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert Seacord). Fixed the recently reported 1's complement security issue by replacing the value that is illegal in the PNG spec, in both signed and unsigned values, with 0. Illegal unsigned values (anything greater than or equal to 0x80000000) can still pass through, but since these are not illegal in ANSI-C (unlike 0x80000000 in the signed case) the checking that occurs later can catch them (John Bowler). Fixed png_save_int_32 when int is not 2's complement (John Bowler). Updated libpng16 with all the recent test changes from libpng17, including changes to pngvalid.c to ensure that the original, distributed, version of contrib/visupng/cexcept.h can be used (John Bowler). pngvalid contains the correction to the use of SAVE/STORE_ UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More tests contain the --strict option to detect warnings and the pngvalid-standard test has been corrected so that it does not turn on progressive-read. There is a separate test which does that. (John Bowler) Also made some signed/unsigned fixes. Make pngstest error limits version specific. Splitting the machine generated error structs out to a file allows the values to be updated without changing pngstest.c itself. Since libpng 1.6 and 1.7 have slightly different error limits this simplifies maintenance. The makepngs.sh script has also been updated to more accurately reflect current problems in libpng 1.7 (John Bowler). Incorporated new test PNG files into make check. tests/pngstest-* are changed so that the new test files are divided into 8 groups by gamma and alpha channel. These tests have considerably better code and pixel-value coverage than contrib/pngsuite; however,coverage is still incomplete (John Bowler). Removed the '--strict' in 1.6 because of the double-gamma-correction warning, updated pngstest-errors.h for the errors detected with the new contrib/testspngs PNG test files (John Bowler). Worked around rgb-to-gray issues in libpng 1.6. The previous attempts to ignore the errors in the code aren't quite enough to deal with the 'channel selection' encoding added to libpng 1.7; abort. Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a macro, therefore the argument list cannot contain preprocessing directives. Make sure pow is a function where this happens. This is a minimal safe fix, the issue only arises in non-performance-critical code (bug report by Curtis Leach, fix by John Bowler). Added sPLT support to pngtest.c Prevent setting or writing over-length PLTE chunk (Cosmin Truta). Silently truncate over-length PLTE chunk while reading. Libpng incorrectly calculated the output rowbytes when the application decreased either the number of channels or the bit depth (or both) in a user transform. This was safe; libpng overallocated buffer space (potentially by quite a lot; up to 4 times the amount required) but, from 1.5.4 on, resulted in a png_error (John Bowler). Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed(). Clarified COPYRIGHT information to state explicitly that versions are derived from previous versions. Removed much of the long list of previous versions from png.h and libpng.3.
2015-11-19Pullup ticket #4853.bsiegert1-1/+4
2015-11-19Pullup ticket #4853 - requested by hebsiegert2-6/+7
devel/nss: security fix Revisions pulled up: - devel/nss/Makefile 1.103 - devel/nss/distinfo 1.52 --- Module Name: pkgsrc Committed By: ryoon Date: Tue Nov 3 16:55:07 UTC 2015 Modified Files: pkgsrc/devel/nss: Makefile distinfo Log Message: Update to 3.20.1 Changelog: The following security-relevant bugs have been resolved in NSS 3.20.1. Users are encouraged to upgrade immediately. * Bug 1192028 (CVE-2015-7181) and Bug 1202868 (CVE-2015-7182): Several issues existed within the ASN.1 decoder used by NSS for handling streaming BER data. While the majority of NSS uses a separate, unaffected DER decoder, several public routines also accept BER data, and thus are affected. An attacker that successfully exploited these issues can overflow the heap and may be able to obtain remote code execution.
2015-11-08Pullup ticket #5851.bsiegert1-1/+4
2015-11-08Pullup ticket #4851 - requested by hebsiegert3-2/+53
x11/gtk3: build fix Revisions pulled up: - x11/gtk3/Makefile 1.70 - x11/gtk3/distinfo 1.32 - x11/gtk3/patches/patch-gtk_fallback-c89.c 1.1 --- Module Name: pkgsrc Committed By: he Date: Sat Nov 7 15:49:38 UTC 2015 Modified Files: pkgsrc/x11/gtk3: Makefile distinfo Log Message: Improve compatibility with systems which lack either round(), rint() or nearbyint(), but might still have them declared in <math.h>. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: he Date: Sat Nov 7 15:51:40 UTC 2015 Added Files: pkgsrc/x11/gtk3/patches: patch-gtk_fallback-c89.c Log Message: Improve compatibility with systems which lack either round(), rint() or nearbyint(), but might still have them declared in <math.h>. Bump PKGREVISION.
2015-11-05Pullup tickets #4848, #4849 and #4850.bsiegert1-1/+10
2015-11-04Pullup ticket #4850 - requested by bouyerbsiegert6-2/+291
sysutils/xenkernel45: security fix Revisions pulled up: - sysutils/xenkernel45/Makefile 1.10 - sysutils/xenkernel45/distinfo 1.10 - sysutils/xenkernel45/patches/patch-CVE-2015-7835 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7969 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7970 1.1 - sysutils/xenkernel45/patches/patch-CVE-2015-7971 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Oct 29 20:40:53 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel45: Makefile Added Files: pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-7835 patch-CVE-2015-7969 patch-CVE-2015-7970 patch-CVE-2015-7971 Log Message: Add patches from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7970 aka XSA-150 CVE-2015-7971 aka XSA-152 Bump PKGREVISION --- Module Name: pkgsrc Committed By: bouyer Date: Fri Oct 30 07:46:36 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel45: distinfo Log Message: Add patch entries from previous security commit. Pointed out by Takahiro Hayashi, thanks !
2015-11-04Pullup ticket #4849 - requested by bouyerbsiegert5-3/+106
sysutils/xenkernel42: security fix Revisions pulled up: - sysutils/xenkernel42/Makefile 1.18 - sysutils/xenkernel42/distinfo 1.17 - sysutils/xenkernel42/patches/patch-CVE-2015-7835 1.1 - sysutils/xenkernel42/patches/patch-CVE-2015-7969 1.1 - sysutils/xenkernel42/patches/patch-CVE-2015-7971 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Oct 29 21:59:16 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel42: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-7835 patch-CVE-2015-7969 patch-CVE-2015-7971 Log Message: Add patches, derived from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7971 aka XSA-152 Bump PKGREVISION
2015-11-04Pullup ticket #4848 - requested by bouyerbsiegert5-3/+121
sysutils/xenkernel41: security fix Revisions pulled up: - sysutils/xenkernel41/Makefile 1.46 - sysutils/xenkernel41/distinfo 1.38 - sysutils/xenkernel41/patches/patch-CVE-2015-7835 1.1 - sysutils/xenkernel41/patches/patch-CVE-2015-7969 1.1 - sysutils/xenkernel41/patches/patch-CVE-2015-7971 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Oct 29 20:29:56 UTC 2015 Modified Files: pkgsrc/sysutils/xenkernel41: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-7835 patch-CVE-2015-7969 patch-CVE-2015-7971 Log Message: Add patches, derived from Xen security advisory, fixing: CVE-2015-7835 aka XSA-148 CVE-2015-7869 aka XSA-149 + XSA-151 CVE-2015-7971 aka XSA-152 Bump PKGREVISION
2015-10-27Pullup ticket #4846bsiegert1-1/+4
2015-10-27Pullup ticket #4846 - requested by tacabsiegert5-272/+27
net/ntp4: security fix Revisions pulled up: - net/ntp4/Makefile 1.88 - net/ntp4/PLIST 1.20 - net/ntp4/distinfo 1.23 - net/ntp4/patches/patch-configure deleted - net/ntp4/patches/patch-sntp_configure deleted --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 23 03:43:31 UTC 2015 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Removed Files: pkgsrc/net/ntp4/patches: patch-configure patch-sntp_configure Log Message: Update ntp4 to 4.2.8p4. pkgsrc change: * Remove duplicated HTML documents. * Install some addtional documents. Changes are too many to write here, please refer NEWS files and this release fixes security problems. October 2015 NTP Security Vulnerability Announcement (Medium) NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015: * Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG) * Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA) * Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS) * Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS) * Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS) * Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS) * Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS) * Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS) * Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable) * Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat) * Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University) * Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable) The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4. Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here: * Bug 2382 : Peer precision < -31 gives division by zero * Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL * Bug 1593 : ntpd abort in free() with logconfig syntax error
2015-10-26Pullup tickets #4843, #4844 and #4845.bsiegert1-2/+11
2015-10-26Pullup ticket #4845 - requested by tacabsiegert3-8/+18
www/drupal7: security fix Revisions pulled up: - www/drupal7/Makefile 1.34-1.35 - www/drupal7/PLIST 1.13 - www/drupal7/distinfo 1.27-1.28 --- Module Name: pkgsrc Committed By: wen Date: Sun Oct 18 03:30:53 UTC 2015 Modified Files: pkgsrc/www/drupal7: Makefile PLIST distinfo Log Message: Update to 7.40 Upstream changes: Drupal 7.40, 2015-10-14 ----------------------- - Made Drupal's code for parsing .info files run much faster and use much less memory. - Prevented drupal_http_request() from returning an error when it receives a 201 through 206 HTTP status code. - Added support for autoloading traits via the registry on sites running PHP 5.4 or higher. - Allowed the user-picture.tpl.php theme template to have HTML classes besides the default "user-picture" class printed in it (markup change). - Fixed the URL text filter to convert e-mail addresses with plus signs into mailto: links. - Added alternate text to file icons displayed by the File module, to improve accessibility (string change, and minor API addition to theme_file_icon()). - Changed one-time login link failure messages to be displayed as errors or warnings as appropriate, rather than as regular status messages (minor UI change and data structure change). - Changed the default settings.php configuration to exclude private files from the "404_fast_paths" behavior. - Changed the page that displays filter tips for a particular text format, for example filter/tips/full_html, to return "page not found" or "access denied" if the format does not exist or the user does not have access to it. This change adds a new menu item to the Filter module's hook_menu() entry (minor data structure change). - Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the cache keys used for caching a particular block. - Made drupal_set_message() display and return messages when "0" is passed in as the message to set. - Fixed non-functional "Files displayed by default" setting on file fields. - The "worker callback" provided in hook_cron_queue_info() and the "finished" callback specified during batch processing can now be any PHP callable instead of just functions. - Prevented drupal_set_time_limit() from decreasing the time limit in the case where the PHP maximum execution time is already unlimited. - Changed the default thousand marker for numeric fields from a space ("1 000") to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376). - Prevented malformed theme .info files (without a "name" key) from causing exceptions during menu rebuilds. If an .info file without a "name" key is found in a module or theme directory, Drupal will now use the module or theme's machine name as the display name instead. - Made the format column in the {date_format_locale} database table case-sensitive, to match the equivalent column in the {date_formats} table. - Fixed a bug in the Statistics module that caused JavaScript files attached to a node while it is being viewed to be omitted from the page. - Added an optional 'project:' prefix that can be added to dependencies in a module's .info file to indicate which project the dependency resides in (API addition: https://www.drupal.org/node/2299747). - Fixed various bugs that occurred after hooks were invoked early in the Drupal bootstrap and that caused module_implements() and drupal_alter() to cache an incomplete set of hook implementations for later use. - Set the X-Content-Type-Options header to "nosniff" when possible, to prevent certain web browsers from picking an unsafe MIME type. - Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection (API change: https://www.drupal.org/node/2463973). - Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file. - Numerous small bug fixes. - Numerous API documentation improvements. - Additional automated test coverage. --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 22 09:59:44 UTC 2015 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: Update drupal7 to 7.41. Drupal 7.41, 2015-10-21 ----------------------- - Fixed security issues (open redirect). See SA-CORE-2015-004.
2015-10-26Pullup ticket #4844 - requested by joergbsiegert3-1/+51
net/unbound: SMF support Revisions pulled up: - net/unbound/Makefile 1.38 - net/unbound/files/smf/manifest.xml 1.1 - net/unbound/files/smf/unbound.sh 1.1 --- Module Name: pkgsrc Committed By: joerg Date: Wed Oct 21 21:30:14 UTC 2015 Modified Files: pkgsrc/net/unbound: Makefile Added Files: pkgsrc/net/unbound/files/smf: manifest.xml unbound.sh Log Message: Add SMF support. Bump revision.
2015-10-26Pullup ticket #4843 - requested by joergbsiegert1-1/+2
security/botan-devel: build fix Revisions pulled up: - security/botan-devel/Makefile 1.11 --- Module Name: pkgsrc Committed By: joerg Date: Wed Oct 21 21:29:14 UTC 2015 Modified Files: pkgsrc/security/botan-devel: Makefile Log Message: For amd64 builds, override the automatic CPU detection. It fails on SmartOS for 64bit builds.
2015-10-24Pullup ticket #4842.bsiegert1-1/+4
2015-10-24Pullup ticket #4842 - requested by joergbsiegert6-3/+84
devel/netbsd-iscsi-lib: SmartOS build fix Revisions pulled up: - devel/netbsd-iscsi-lib/Makefile 1.5 - devel/netbsd-iscsi-lib/distinfo 1.6 - devel/netbsd-iscsi-lib/patches/patch-ac 1.2 - devel/netbsd-iscsi-lib/patches/patch-include_iscsi-md5.h 1.1 - devel/netbsd-iscsi-lib/patches/patch-src_lib_md5c.c 1.1 - devel/netbsd-iscsi-lib/patches/patch-src_lib_md5hl.c 1.1 --- Module Name: pkgsrc Committed By: joerg Date: Thu Oct 15 13:15:50 UTC 2015 Modified Files: pkgsrc/devel/netbsd-iscsi-lib: Makefile distinfo pkgsrc/devel/netbsd-iscsi-lib/patches: patch-ac Added Files: pkgsrc/devel/netbsd-iscsi-lib/patches: patch-include_iscsi-md5.h patch-src_lib_md5c.c patch-src_lib_md5hl.c Log Message: Fix for non-BSD platforms by avoiding sys/cdefs.h dependency. Avoid system namespace for headers. Add missing RCS ID.
2015-10-18pullups 4839 4840 4841spz1-1/+10
2015-10-18Pullup ticket #4841 - requested by tnnspz2-6/+7
multimedia/adobe-flash-plugin11: security update Revisions pulled up: - multimedia/adobe-flash-plugin11/Makefile 1.50,1.52 - multimedia/adobe-flash-plugin11/distinfo 1.47,1.49 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tsutsui Date: Sun Oct 18 14:15:23 UTC 2015 Modified Files: pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo Log Message: Update adobe-flash-plugin11 to 11.2.202.540. Upstream announcement: https://helpx.adobe.com/security/products/flash-player/apsb15-27.html Adobe Security Bulletin Security updates available for Adobe Flash Player Release date: October 16, 2015 Vulnerability identifier: APSB15-27 CVE number: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648 Platform: All Platforms To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 pkgsrc/multimedia/adobe-flash-plugin11/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/multimedia/adobe-flash-plugin11/distinfo
2015-10-18Pullup ticket #4840 - requested by mrgspz1-1/+2
lang/perl5: fix for sparc Revisions pulled up: - lang/perl5/hacks.mk 1.18 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: mrg Date: Thu Oct 15 00:15:52 UTC 2015 Modified Files: pkgsrc/lang/perl5: hacks.mk Log Message: enable the GCC 4.5 op.c hack for sparc. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/perl5/hacks.mk
2015-10-18Pullup ticket #4839 - requested by gdtspz2-1/+16
sysutils/dbus: build fix Revisions pulled up: - sysutils/dbus/distinfo 1.67 - sysutils/dbus/patches/patch-tools_dbus-print-message.c 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: joerg Date: Thu Oct 8 14:32:09 UTC 2015 Modified Files: pkgsrc/sysutils/dbus: distinfo Added Files: pkgsrc/sysutils/dbus/patches: patch-tools_dbus-print-message.c Log Message: Fix build on NetBSD 5.x and 6.x. To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 pkgsrc/sysutils/dbus/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/sysutils/dbus/patches/patch-tools_dbus-print-message.c
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 07:07:41 +0000