Age | Commit message (Collapse) | Author | Files | Lines |
|
security/openssl: security fix
Revisions pulled up:
- security/openssl/Makefile 1.214-1.216
- security/openssl/PLIST.common 1.26
- security/openssl/distinfo 1.116,1.118
- security/openssl/patches/patch-Makefile.shared 1.3
---
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Oct 9 11:44:48 UTC 2015
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
Force the "linux-elf" Configure target for Linux 32-bit, fixes the build when
running with ABI=32 on a 64-bit native host.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon Oct 26 09:42:47 UTC 2015
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
pkgsrc/security/openssl/patches: patch-Makefile.shared
Log Message:
Support SunOS/clang and pass -h linker argument correctly. Doesn't fully
fix the build yet, an additional patch to remove LD_LIBRARY_PATH is required
but needs wider testing.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon Dec 7 15:57:42 UTC 2015
Modified Files:
pkgsrc/security/openssl: Makefile PLIST.common distinfo
Log Message:
Update security/openssl to 1.0.2e.
pkgsrc changes:
- We now need to run 'make depend' after configure to pick up algorithm
selection changes.
Upstream changes:
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
*) BN_mod_exp may produce incorrect results on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue was reported to OpenSSL by Hanno Böck.
(CVE-2015-3193)
[Andy Polyakov]
*) Certificate verify crash with missing PSS parameter
The signature verification routines will crash with a NULL pointer
dereference if presented with an ASN.1 signature using the RSA PSS
algorithm and absent mask generation function parameter. Since these
routines are used to verify certificate signature algorithms this can be
used to crash any certificate verification operation and exploited in a
DoS attack. Any application which performs certificate verification is
vulnerable including OpenSSL clients and servers which enable client
authentication.
This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
(CVE-2015-3194)
[Stephen Henson]
*) X509_ATTRIBUTE memory leak
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is
affected. SSL/TLS is not affected.
This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
libFuzzer.
(CVE-2015-3195)
[Stephen Henson]
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
This changes the decoding behaviour for some invalid messages,
though the change is mostly in the more lenient direction, and
legacy behaviour is preserved as much as possible.
[Emilia Käsper]
*) In DSA_generate_parameters_ex, if the provided seed is too short,
return an error
[Rich Salz and Ismo Puustinen <ismo.puustinen%intel.com@localhost>]
|
|
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/distinfo 1.111
- emulators/qemu/patches/patch-configure 1.9
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Dec 22 23:52:00 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: distinfo
pkgsrc/emulators/qemu/patches: patch-configure
Log Message:
Build ivshmem* conditionally, fix broken if conditional
|
|
|
|
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/Makefile 1.147-1.148
- emulators/qemu/PLIST 1.44-1.45
- emulators/qemu/distinfo 1.109-1.110
- emulators/qemu/options.mk 1.2
- emulators/qemu/patches/patch-Makefile.objs 1.1
- emulators/qemu/patches/patch-configure 1.7-1.8
- emulators/qemu/patches/patch-default-configs_pci.mak 1.1
- emulators/qemu/patches/patch-tests_Makefile 1.3
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Dec 18 22:39:33 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo
pkgsrc/emulators/qemu/patches: patch-configure patch-tests_Makefile
Log Message:
Update to 2.5.0
Changelog:
== System emulation ==
* guard pages are now inserted after guest RAM, to guard against guest-triggered buffer overflow attacks
=== Incompatible changes ===
* The mips32r5-generic CPU was renamed to P5600
* Host floppy device pass-through (block driver "host_floppy") has been removed; it is still possible to use them just like any other device file, however, a medium change will no longer be passed
through to the guest
=== Future incompatible changes ===
* Three options are using different names on the command line and in configuration file. In particular:
** The "acpi" configuration file section matches command-line option "acpitable";
** The "boot-opts" configuration file section matches command-line option "boot";
** The "smp-opts" configuration file section matches command-line option "smp".
:-readconfig will standardize on the name for the command line option.
* Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on
upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
* Image encryption is fatally flawed, and will be dropped entirely. It'll remain available only in qemu-img, so you can use 'qemu-img convert' to convert encrypted images to uncrypted ones.
* Block device parameter aio=native has no effect without cache.direct=on. It will be made an error.
* Block device parameter aio=native has no effect if qemu is compiled without libaio support. It will be made an error.
* A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
* QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly.
* The s390-virtio machine has been deprecated for 2.5; it will be removed in 2.6. s390x users should switch to the (default) s390-ccw-virtio machine.
* Changes to device "sdhci-pci" will make migration between old and new versions impossible.
* We intend to drop support for running QEMU on MacOSX 10.5 hosts in the QEMU 2.6 release, unless somebody who uses it wishes to step forward and help us with regular testing.
=== Alpha ===
=== ARM ===
* The "virt" machine type supports passing SMBIOS to the firmware.
* Semihosting support on AArch64
* New i.MX31 SoC.
* The ZynqMP and Allwinner A10 platforms support AHCI.
* Support for VGICv3 in KVM
* Support for GICv3 in the ACPI tables.
* The "virt" machine now has a second PCIe MMIO region of 512GB in size in high memory. Note that older 32-bit ARM Linux kernels built without CONFIG_LPAE have a bug where the presence of this region
in high memory causes them to refuse to use the PCIe controller at all. In this case you can either reconfigure your kernel with CONFIG_LPAE=y, or pass QEMU the "-machine highmem=off" option to
disable the use of high memory for PCIe. The kernel bug is expected to be fixed in Linux kernel release 4.4.
=== MIPS ===
* The mips32r5-generic CPU was renamed to P5600
* Improvements to MIPS R6 emulation
=== PowerPC ===
==== pSeries ====
* Support for memory hotplug
* The shipped version of SLOF includes GPT support.
* Using VFIO doesn't need spapr-pci-vfio-host-bridge anymore.
* virtio-vga now supported on sPAPR guests.
* [[Features/HRandomHypercall | H_RANDOM hypercall]] device for providing good random data to the guests.
==== Mac99 ====
* Improve ability to boot MacOS 9 (based upon GSoC project "Implement support for Mac OS 9 in QEMU " by Cormac O'Brien)
=== s390 ===
* Storage keys are migrated.
* New "info skeys" command in HMP to dump the storage key for a given address.
* Support for virtio 1 in the virtio-ccw devices.
** A maximum virtio-ccw revision can be specified via the "max_revision" property: max_revision=0 may be used to enforce usage of legacy virtio mode.
* Support for boot from El Torito iso images on virtio-blk has been added.
=== SH ===
=== SPARC ===
* sun4u: Fix EBus device enumeration under FreeBSD SPARC64 (OpenBIOS)
=== TileGX ===
* New target.
=== x86 ===
* The emulated IOMMU (VT-d) supports devices behind a bridge
* QEMU will warn when using a "-cpu" model that includes unsupported features. These features are disabled automatically, just like in previous versions of QEMU
* /machine/icc-bridge was removed from the QOM tree. Software relying on icc-bridge to find CPU objects should use the "qom_path" field of "query-cpus" QMP command
==== CPU models and features ====
* Haswell and Broadwell CPU models now include ABM
* Cache information passthrough (which was enabled by default on "-cpu host") is now disabled by default
* ABM, POPCNT, and SSE4a are not enabled in the default CPU models (qemu64, qemu32) anymore, as many hosts don't support it
* RDTSCP was removed from AMD CPU models, as current KVM versions can't expose RDTSCP to guests in AMD hosts
* New Intel memory instructions (clflushopt/clwb/pcommit) are now supported
* TCG now supports Debug Extensions (CR4.DE)
==== KVM ====
* Support for Hyper-V-compatible reporting of crashes.
==== Xen ====
* Support for passthrough of Intel integrated GPUs.
=== Device emulation and assignment ===
* fw_cfg supports a DMA interface on ARM and x86. This interface makes -kernel/-initrd much faster if supported by the firmware. SeaBIOS supports the DMA interface starting with release 1.9.0
(commit 06316c9d). The UEFI guest fw for ARM VMs (known as ArmVirtQemu or AAVMF) supports the DMA interface starting with git commit 953bcbcc / SVN r18545.
==== ACPI ====
==== Audio ====
==== Block devices ====
==== Character devices ====
==== IDE ====
* AHCI ATAPI PIO transfers greater than one sector are fixe 0. On guest
acknowledge, all functions are ejected together.
==== TPM ====
==== VFIO ====
==== virtio ====
* virtio-gpu now supports 3D mode
* vhost-user now supports live migration. client changes are required to enable this. When used with an old client without migration support, vhost-user will now block migration (instead of failing
silently)
* vhost-user now supports multi-queue. Use queues=# to enable this. client changes are required to enable this mode. When used with an old client without multi-queue support, device will
automatically fall back on using a single pair of queues.
* vhost-user protocol now includes protocol feature negotiation, including multiple new messages. When used with old clients, all new messages are automatically disabled.
* vhost-user no longer sents the RESET_OWNER message on device stop. The only QEMU version that sent it was 2.4, the message is now officially deprecated.
* migration now works when virtio 1 is enabled for virtio-pci
* For virtio-pci, virtio 1 performance on kvm on Intel CPUs has been improved (on kernel 4.4 and up).
* a new flag modern-pio-notify can be used to enable PIO for notifications in virtio 1 mode, to improve performance for host kernels older than 4.4, and processors without EPT support.
* virtio devices can now be placed on the pci express bus
* vhost is no longer disabled when guest does not use MSI-X. The vhostforce flag is no longer required.
* in virtio 1 mode, scsi passthrough is now disabled for virtio blk
* Please note that for virtio-pci, the modern (virtio 1) interface is still disabled by default. To enable, set the flag disable-modern=off.
==== VGA ====
=== Character devices ===
=== GUI ===
* New syntax for enabling TLS in the VNC server:
** Equivalent to <tt>-vnc hostname:0,tls</tt>: <tt>-object tls-creds-anon,id=tls0,endpoint=server -vnc hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc hostname:0,tls,x509=/path/to/certs</tt>: <tt>-object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=no -vnc hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc hostname:0,tls,x509verify=/path/to/certs</tt>: <tt>-object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=yes -vnc hostname:0,tls-creds=tls0</tt>
* The Cocoa GUI does not have show an 'open image file' dialog box anymore even if QEMU is started without arguments
* Thu curses GUI supports 256 colors and line graphics.
=== Monitor ===
* New "info iothreads" command.
* New "query-qmp-schema" command allows the caller to [[Features/QMP/Introspection | introspect the QMP schema]] used by QEMU.
=== Migration ===
* [[Features/PostCopyLiveMigration | Postcopy migration]] for migration of large/busy guests
* A more flexible [[Features/AutoconvergeLiveMigration | auto-converge mechanism]] (for busy guests)
=== Network ===
* Support for multiqueue in vhost-user.
* Support for network filters. Currently, the only filter objects are "filter-buffer", which batches packets every N microseconds, and "filter-dump", which can be used to log the network traffic in
a file. Filters are attached to a netdev device using e.g. "-object filter-buffer,id=filter,netdev=net0,queue=rx,interval=1000" (which creates a 1ms filter-buffer).
=== Block devices in system emulation ===
=== Command-line options ===
=== TCG ===
* Improved system emulation performance for targets with software TLBs (e.g. SPARC).
* Initial support for [[Features/record-replay | record/replay]].
== Block devices and tools ==
* The HMP "change" command (QMP's $B!H(B"lockdev-change-medium") now allows you to change the read-only mode of the device (e.g. when inserting a read-only floppy disk image into a previously R/W drive)
* Fine-grained control over a block device's tray with the new QMP commands "blockdev-open-tray", "blockdev-close-tray", "x-blockdev-insert-medium", and "x-blockdev-remove-medium" (the latter two are
experimental for now)
* New "reopen" command in qemu-io
* block-dirty-bitmap-add and block-dirty-bitmap-clear transaction actions have been added to now fully support (transient) incremental bitmap usage and management.
* QMP transactions now support a "completion-mode" parameter which controls the completion behavior of jobs launched by transactions, which will allow them to fail together. See the
[https://github.com/qemu/qemu/blob/master/docs/bitmaps.md bitmaps.md] documentation for how this affects incremental backups.
* Block I/O accounting can now report average queue depth, min/avg/max latency, and failed/invalid request counts
* qcow2 learnt a new option ''cache-clean-interval'', which allows to free unused cache entries after some time.
* An experimental QMP command ''x-blockdev-del'' was added as a completement for the (also still experimental) ''blockdev-add'' command.
* A new QMP command ''blockdev-snapshot'' that allows creating a snapshot using as overlay an image previously opened with ''blockdev-add''. This allows opening the overlay image with arbitrary
run-time options, solving one of the limitations of ''blockdev-snapshot-sync''.
* It is now possible to open an image without its backing file by specifying the empty string as a backing file reference when opening the image. This is useful for creating snapshots, since images
opened with ''blockdev-add'' are not supposed to have a backing file before the ''blockdev-snapshot'' operation.
* Host CD-ROM support now works on Mac OS X hosts
* Host floppy support has been removed (it was deprecated in QEMU 2.3)
* The temporary "x-data-plane=on/off" option for virtio-blk device is removed now, all users are requested to use the canonical "-object iothread,id=<id> -device virtio-blk,iothread=<id>,..." syntax.
== Audio ==
== Guest agent ==
* Add an optional qemu-ga.conf system configuration
* Support for dumping the configuration current file with --dump-conf
* Win32 support for guest-set-user-password
* New command guest-exec
== User-mode emulation ==
* The configure option --disable-guest-base has been removed.
== Build dependencies ==
* libcacard has been moved to a standalone project, hosted at git://anongit.freedesktop.org/spice/libcacard. The libcacard library from QEMU 2.4 can also be used to build QEMU 2.5.
* virtio-gpu 3D support requires virglrenderer.
== Known issues ==
* SDL audio only works with SDL 1.x.
* 64-bit QEMU might crash on Windows (problems with stack unwinding, depends on build environment, [http://repo.or.cz/w/qemu/ar7.git/commit/8fa9c07c9a33174905e67589bea6be3e278712cb possible fix])
* QEMU's configure script fails with pdksh from OpenBSD (see [https://bugs.launchpad.net/qemu/+bug/1525682 bug #1525682]. Using another shell with configure should work.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Dec 21 12:10:22 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo options.mk
pkgsrc/emulators/qemu/patches: patch-configure
Added Files:
pkgsrc/emulators/qemu/patches: patch-Makefile.objs
patch-default-configs_pci.mak
Log Message:
Fix build under NetBSD 6 or other platform that has no shm_open()
Fix PR pkg/50572.
|
|
|
|
devel/nbpatch: security fix
Revisions pulled up:
- devel/nbpatch/Makefile 1.10
- devel/nbpatch/files/backupfile.c 1.3
- devel/nbpatch/files/common.h 1.5
- devel/nbpatch/files/inp.c 1.7
- devel/nbpatch/files/nbpatch.1 1.2
- devel/nbpatch/files/nbpatch.cat1 1.2
- devel/nbpatch/files/patch.c 1.3
- devel/nbpatch/files/pch.c 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat Nov 7 18:29:50 UTC 2015
Modified Files:
pkgsrc/devel/nbpatch: Makefile
pkgsrc/devel/nbpatch/files: backupfile.c common.h inp.c nbpatch.1
nbpatch.cat1 patch.c pch.c
Log Message:
nbpatch-20151107: Merge various changes from NetBSD:
(1) Allow "-V none" to disable backups.
(2) Stricter control about valid ed-style patches.
(3) Avoid shell use when looking for RCS, remove SCCS support.
|
|
net/bind910: security fix
Revisions pulled up:
- net/bind910/Makefile 1.13-1.14
- net/bind910/distinfo 1.12-1.13
- net/bind910/patches/patch-bin_dig_dighost.c 1.3
- net/bind910/patches/patch-bin_tests_system_Makefile.in 1.3
- net/bind910/patches/patch-configure 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 13 17:35:22 UTC 2015
Modified Files:
pkgsrc/net/bind910: Makefile distinfo
pkgsrc/net/bind910/patches: patch-bin_dig_dighost.c
patch-bin_tests_system_Makefile.in patch-configure
Log Message:
Update bind910 to 9.10.3.
Security Fixes
* An incorrect boundary check in the OPENPGPKEY rdatatype could
trigger an assertion failure. This flaw is disclosed in
CVE-2015-5986. [RT #40286]
* A buffer accounting error could trigger an assertion failure when
parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Böck of the Fuzzing Project, and
is disclosed in CVE-2015-5722. [RT #40212]
* A specially crafted query could trigger an assertion failure in
message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in
CVE-2015-5477. [RT #40046]
* On servers configured to perform DNSSEC validation, an assertion
failure could be triggered on answers from a specially configured
server.
This flaw was discovered by Breno Silveira Soares, and is disclosed
in CVE-2015-4620. [RT #39795]
New Features
* New quotas have been added to limit the queries that are sent by
recursive resolvers to authoritative servers experiencing
denial-of-service attacks. When configured, these options can both
reduce the harm done to authoritative servers and also avoid the
resource exhaustion that can be experienced by recursives when they
are being used as a vehicle for such an attack.
NOTE: These options are not available by default; use configure
--enable-fetchlimit to include them in the build.
+ fetches-per-server limits the number of simultaneous queries
that can be sent to any single authoritative server. The
configured value is a starting point; it is automatically
adjusted downward if the server is partially or completely
non-responsive. The algorithm used to adjust the quota can be
configured via the fetch-quota-params option.
+ fetches-per-zone limits the number of simultaneous queries
that can be sent for names within a single domain. (Note:
Unlike "fetches-per-server", this value is not self-tuning.)
Statistics counters have also been added to track the number of
queries affected by these quotas.
* dig +ednsflags can now be used to set yet-to-be-defined EDNS flags
in DNS requests.
* dig +[no]ednsnegotiation can now be used enable / disable EDNS
version negotiation.
* An --enable-querytrace configure switch is now available to enable
very verbose query tracelogging. This option can only be set at
compile time. This option has a negative performance impact and
should be used only for debugging.
Feature Changes
* Large inline-signing changes should be less disruptive. Signature
generation is now done incrementally; the number of signatures to
be generated in each quantum is controlled by
"sig-signing-signatures number;". [RT #37927]
* The experimental SIT extension now uses the EDNS COOKIE option code
point (10) and is displayed as "COOKIE: <value>". The existing
named.conf directives; "request-sit", "sit-secret" and
"nosit-udp-size", are still valid and will be replaced by
"send-cookie", "cookie-secret" and "nocookie-udp-size" in BIND
9.11. The existing dig directive "+sit" is still valid and will be
replaced with "+cookie" in BIND 9.11.
* When retrying a query via TCP due to the first answer being
truncated, dig will now correctly send the COOKIE value returned by
the server in the prior response. [RT #39047]
* Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
* Active Directory names of the form gc._msdcs.<forest> are now
accepted as valid hostnames when using the check-names option.
<forest> is still restricted to letters, digits and hyphens.
* Names containing rich text are now accepted as valid hostnames in
PTR records in DNS-SD reverse lookup zones, as specified in RFC
6763. [RT #37889]
Bug Fixes
* Asynchronous zone loads were not handled correctly when the zone
load was already in progress; this could trigger a crash in zt.c.
[RT #37573]
* A race during shutdown or reconfiguration could cause an assertion
failure in mem.c. [RT #38979]
* Some answer formatting options didn't work correctly with dig
+short. [RT #39291]
* Malformed records of some types, including NSAP and UNSPEC, could
trigger assertion failures when loading text zone files. [RT
#40274] [RT #40285]
* Fixed a possible crash in ratelimiter.c caused by NOTIFY messages
being removed from the wrong rate limiter queue. [RT #40350]
* The default rrset-order of random was inconsistently applied. [RT
#40456]
* BADVERS responses from broken authoritative name servers were not
handled correctly. [RT #40427]
* Several bugs have been fixed in the RPZ implementation:
+ Policy zones that did not specifically require recursion could
be treated as if they did; consequently, setting
qname-wait-recurse no; was sometimes ineffective. This has
been corrected. In most configurations, behavioral changes due
to this fix will not be noticeable. [RT #39229]
+ The server could crash if policy zones were updated (e.g. via
rndc reload or an incoming zone transfer) while RPZ processing
was still ongoing for an active query. [RT #39415]
+ On servers with one or more policy zones configured as slaves,
if a policy zone updated during regular operation (rather than
at startup) using a full zone reload, such as via AXFR, a bug
could allow the RPZ summary data to fall out of sync,
potentially leading to an assertion failure in rpz.c when
further incremental updates were made to the zone, such as via
IXFR. [RT #39567]
+ The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an unexpected
action could be taken. This has been corrected. [RT #39481]
+ The server could crash if a reload of an RPZ zone was
initiated while another reload of the same zone was already in
progress. [RT #39649]
+ Query names could match against the wrong policy zone if
wildcard records were present. [RT #40357]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 16 00:31:22 UTC 2015
Modified Files:
pkgsrc/net/bind910: Makefile distinfo
Log Message:
Update bind910 package to 9.10.3pl2 (BIND 9.10.3-P2), security release.
--- 9.10.3-P2 released ---
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
[RT #40556]
4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
4253. [security] Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]
--- 9.10.3-P1 (withdrawn) ---
|
|
|
|
net/bind99: security fix
Revisions pulled up:
- net/bind99/Makefile 1.49-1.50
- net/bind99/distinfo 1.34-1.35
- net/bind99/patches/patch-bin_dig_dighost.c 1.5
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.6
- net/bind99/patches/patch-configure 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 13 17:37:00 UTC 2015
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
pkgsrc/net/bind99/patches: patch-bin_dig_dighost.c
patch-bin_tests_system_Makefile.in patch-configure
Log Message:
Update bind99 to 9.9.8.
Security Fixes
* An incorrect boundary check in the OPENPGPKEY rdatatype could
trigger an assertion failure. This flaw is disclosed in
CVE-2015-5986. [RT #40286]
* A buffer accounting error could trigger an assertion failure when
parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Böck of the Fuzzing Project, and
is disclosed in CVE-2015-5722. [RT #40212]
* A specially crafted query could trigger an assertion failure in
message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in
CVE-2015-5477. [RT #40046]
* On servers configured to perform DNSSEC validation, an assertion
failure could be triggered on answers from a specially configured
server.
This flaw was discovered by Breno Silveira Soares, and is disclosed
in CVE-2015-4620. [RT #39795]
New Features
* New quotas have been added to limit the queries that are sent by
recursive resolvers to authoritative servers experiencing
denial-of-service attacks. When configured, these options can both
reduce the harm done to authoritative servers and also avoid the
resource exhaustion that can be experienced by recursives when they
are being used as a vehicle for such an attack.
NOTE: These options are not available by default; use configure
--enable-fetchlimit to include them in the build.
+ fetches-per-server limits the number of simultaneous queries
that can be sent to any single authoritative server. The
configured value is a starting point; it is automatically
adjusted downward if the server is partially or completely
non-responsive. The algorithm used to adjust the quota can be
configured via the fetch-quota-params option.
+ fetches-per-zone limits the number of simultaneous queries
that can be sent for names within a single domain. (Note:
Unlike "fetches-per-server", this value is not self-tuning.)
Statistics counters have also been added to track the number of
queries affected by these quotas.
* An --enable-querytrace configure switch is now available to enable
very verbose query tracelogging. This option can only be set at
compile time. This option has a negative performance impact and
should be used only for debugging.
* EDNS COOKIE options content is now displayed as "COOKIE:
<hexvalue>".
Feature Changes
* Large inline-signing changes should be less disruptive. Signature
generation is now done incrementally; the number of signatures to
be generated in each quantum is controlled by
"sig-signing-signatures number;". [RT #37927]
* Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
* Active Directory names of the form gc._msdcs.<forest> are now
accepted as valid hostnames when using the check-names option.
<forest> is still restricted to letters, digits and hyphens.
* Names containing rich text are now accepted as valid hostnames in
PTR records in DNS-SD reverse lookup zones, as specified in RFC
6763. [RT #37889]
Bug Fixes
* Asynchronous zone loads were not handled correctly when the zone
load was already in progress; this could trigger a crash in zt.c.
[RT #37573]
* A race during shutdown or reconfiguration could cause an assertion
failure in mem.c. [RT #38979]
* Some answer formatting options didn't work correctly with dig
+short. [RT #39291]
* Malformed records of some types, including NSAP and UNSPEC, could
trigger assertion failures when loading text zone files. [RT
#40274] [RT #40285]
* Fixed a possible crash in ratelimiter.c caused by NOTIFY messages
being removed from the wrong rate limiter queue. [RT #40350]
* The default rrset-order of random was inconsistently applied. [RT
#40456]
* BADVERS responses from broken authoritative name servers were not
handled correctly. [RT #40427]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 16 00:32:06 UTC 2015
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 package to 9.9.8pl2 (BIND 9.9.8-P2), security release.
--- 9.9.8-P2 released ---
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
[RT #40556]
4260. [security] Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
4253. [security] Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]
--- 9.9.8-P1 (withdrawn) ---
|
|
|
|
www/typo3_62: security fix
Revisions pulled up:
- www/typo3_62/Makefile 1.10-1.11
- www/typo3_62/PLIST 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 13 14:41:32 UTC 2015
Modified Files:
pkgsrc/www/drupal6: Makefile
pkgsrc/www/drupal7: Makefile
pkgsrc/www/typo3_62: Makefile
Log Message:
Prefix PKGNAME with ${PHP_PKG_PREFIX}.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Dec 15 15:53:29 UTC 2015
Modified Files:
pkgsrc/www/typo3_62: Makefile PLIST distinfo
Log Message:
Update typo3_62 to 6.2.16, security fix.
Quote from release announce:
the TYPO3 Community has just released TYPO3 CMS versions 6.2.16 LTS
and 7.6.1 LTS which are now ready for you to download.
All versions are maintenance releases and contain bug fixes and
security fixes.
*IMPORTANT*
These versions include important security fixes to the TYPO3 CMS Core.
The according security bulletins with details have just been released:
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-010/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-011/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-012/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-013/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-014/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor
e-sa-2015-015/
|
|
|
|
security/keepassx: security fix
Revisions pulled up:
- security/keepassx/Makefile 1.31
- security/keepassx/distinfo 1.8
- security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp 1.2
- security/keepassx/patches/patch-src_lib_FileDialogs.cpp 1.1
- security/keepassx/patches/patch-src_lib_random.cpp 1.4
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Dec 6 14:20:34 UTC 2015
Modified Files:
pkgsrc/security/keepassx: Makefile distinfo
pkgsrc/security/keepassx/patches: patch-src_lib_AutoTypeX11.cpp
patch-src_lib_random.cpp
Added Files:
pkgsrc/security/keepassx/patches: patch-src_lib_FileDialogs.cpp
Log Message:
Fix CVE-2015-8378 using the patch from Debian.
Bump PKGREVISION.
While here, clean up pkglint.
|
|
|
|
graphics/png: security fix
Revisions pulled up:
- graphics/png/Makefile 1.180
- graphics/png/distinfo 1.125
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Dec 3 15:17:02 UTC 2015
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update to 1.6.20:
Version 1.6.20beta01 [November 20, 2015]
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
Version 1.6.20rc01 [November 26, 2015]
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
Version 1.6.20rc02 [November 29, 2015]
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes. 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes.
|
|
|
|
textproc/ruby-nokogiri: security fix
Revisions pulled up:
- textproc/ruby-nokogiri/ALTERNATIVES 1.1
- textproc/ruby-nokogiri/Makefile 1.27-1.28
- textproc/ruby-nokogiri/PLIST 1.15-1.16
- textproc/ruby-nokogiri/distinfo 1.17-1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Nov 18 16:04:50 UTC 2015
Modified Files:
pkgsrc/textproc/ruby-nokogiri: Makefile PLIST distinfo
Added Files:
pkgsrc/textproc/ruby-nokogiri: ALTERNATIVES
Log Message:
Update ruby-nokogiri to 1.6.6.3.
pkgsrc change: Add pkg_alternatives support.
=== 1.6.6.3 / 2015-11-16
This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
* CVE-2015-1819
* CVE-2015-7941_1
* CVE-2015-7941_2
* CVE-2015-7942
* CVE-2015-7942-2
* CVE-2015-8035
* CVE-2015-7995
See #1374 for details.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 23 07:28:01 UTC 2015
Modified Files:
pkgsrc/textproc/ruby-nokogiri: Makefile PLIST distinfo
Log Message:
Update ruby-nokogiri to 1.6.8.4.
=== 1.6.6.4 / 2015-11-19
This version pulls in an upstream patche to the vendored libxml2 to address:
* unclosed comment uninitialized access issue (#1376)
This issue does not have a CVE assigned to it as this time.
|
|
devel/pcre: security fix
Revisions pulled up:
- devel/pcre/Makefile 1.77
- devel/pcre/distinfo 1.58
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Nov 24 11:04:03 UTC 2015
Modified Files:
pkgsrc/devel/pcre: Makefile distinfo
Log Message:
Update pcre to 8.38:
Version 8.38 23-November-2015
-----------------------------
1. If a group that contained a recursive back reference also contained a
forward reference subroutine call followed by a non-forward-reference
subroutine call, for example /.((?2)(?R)\1)()/, pcre2_compile() failed to
compile correct code, leading to undefined behaviour or an internally
detected error. This bug was discovered by the LLVM fuzzer.
2. Quantification of certain items (e.g. atomic back references) could cause
incorrect code to be compiled when recursive forward references were
involved. For example, in this pattern: /(?1)()((((((\1++))\x85)+)|))/.
This bug was discovered by the LLVM fuzzer.
3. A repeated conditional group whose condition was a reference by name caused
a buffer overflow if there was more than one group with the given name.
This bug was discovered by the LLVM fuzzer.
4. A recursive back reference by name within a group that had the same name as
another group caused a buffer overflow. For example:
/(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.
5. A forward reference by name to a group whose number is the same as the
current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused
a buffer overflow at compile time. This bug was discovered by the LLVM
fuzzer.
6. A lookbehind assertion within a set of mutually recursive subpatterns could
provoke a buffer overflow. This bug was discovered by the LLVM fuzzer.
7. Another buffer overflow bug involved duplicate named groups with a
reference between their definition, with a group that reset capture
numbers, for example: /(?J:(?|(?'R')(\k'R')|((?'R'))))/. This has been
fixed by always allowing for more memory, even if not needed. (A proper fix
is implemented in PCRE2, but it involves more refactoring.)
8. There was no check for integer overflow in subroutine calls such as (?123).
9. The table entry for \l in EBCDIC environments was incorrect, leading to its
being treated as a literal 'l' instead of causing an error.
10. There was a buffer overflow if pcre_exec() was called with an ovector of
size 1. This bug was found by american fuzzy lop.
11. If a non-capturing group containing a conditional group that could match
an empty string was repeated, it was not identified as matching an empty
string itself. For example: /^(?:(?(1)x|)+)+$()/.
12. In an EBCDIC environment, pcretest was mishandling the escape sequences
\a and \e in test subject lines.
13. In an EBCDIC environment, \a in a pattern was converted to the ASCII
instead of the EBCDIC value.
14. The handling of \c in an EBCDIC environment has been revised so that it is
now compatible with the specification in Perl's perlebcdic page.
15. The EBCDIC character 0x41 is a non-breaking space, equivalent to 0xa0 in
ASCII/Unicode. This has now been added to the list of characters that are
recognized as white space in EBCDIC.
16. When PCRE was compiled without UCP support, the use of \p and \P gave an
error (correctly) when used outside a class, but did not give an error
within a class.
17. \h within a class was incorrectly compiled in EBCDIC environments.
18. A pattern with an unmatched closing parenthesis that contained a backward
assertion which itself contained a forward reference caused buffer
overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
19. JIT should return with error when the compiled pattern requires more stack
space than the maximum.
20. A possessively repeated conditional group that could match an empty string,
for example, /(?(R))*+/, was incorrectly compiled.
21. Fix infinite recursion in the JIT compiler when certain patterns such as
/(?:|a|){100}x/ are analysed.
22. Some patterns with character classes involving [: and \\ were incorrectly
compiled and could cause reading from uninitialized memory or an incorrect
error diagnosis.
23. Pathological patterns containing many nested occurrences of [: caused
pcre_compile() to run for a very long time.
24. A conditional group with only one branch has an implicit empty alternative
branch and must therefore be treated as potentially matching an empty
string.
25. If (?R was followed by - or + incorrect behaviour happened instead of a
diagnostic.
26. Arrange to give up on finding the minimum matching length for overly
complex patterns.
27. Similar to (4) above: in a pattern with duplicated named groups and an
occurrence of (?| it is possible for an apparently non-recursive back
reference to become recursive if a later named group with the relevant
number is encountered. This could lead to a buffer overflow. Wen Guanxing
from Venustech ADLAB discovered this bug.
28. If pcregrep was given the -q option with -c or -l, or when handling a
binary file, it incorrectly wrote output to stdout.
29. The JIT compiler did not restore the control verb head in case of *THEN
control verbs. This issue was found by Karl Skomski with a custom LLVM
fuzzer.
30. Error messages for syntax errors following \g and \k were giving inaccurate
offsets in the pattern.
31. Added a check for integer overflow in conditions (?(<digits>) and
(?(R<digits>). This omission was discovered by Karl Skomski with the LLVM
fuzzer.
32. Handling recursive references such as (?2) when the reference is to a group
later in the pattern uses code that is very hacked about and error-prone.
It has been re-written for PCRE2. Here in PCRE1, a check has been added to
give an internal error if it is obvious that compiling has gone wrong.
33. The JIT compiler should not check repeats after a {0,1} repeat byte code.
This issue was found by Karl Skomski with a custom LLVM fuzzer.
34. The JIT compiler should restore the control chain for empty possessive
repeats. This issue was found by Karl Skomski with a custom LLVM fuzzer.
35. Match limit check added to JIT recursion. This issue was found by Karl
Skomski with a custom LLVM fuzzer.
36. Yet another case similar to 27 above has been circumvented by an
unconditional allocation of extra memory. This issue is fixed "properly" in
PCRE2 by refactoring the way references are handled. Wen Guanxing
from Venustech ADLAB discovered this bug.
37. Fix two assertion fails in JIT. These issues were found by Karl Skomski
with a custom LLVM fuzzer.
38. Fixed a corner case of range optimization in JIT.
39. An incorrect error "overran compiling workspace" was given if there were
exactly enough group forward references such that the last one extended
into the workspace safety margin. The next one would have expanded the
workspace. The test for overflow was not including the safety margin.
40. A match limit issue is fixed in JIT which was found by Karl Skomski
with a custom LLVM fuzzer.
41. Remove the use of /dev/null in testdata/testinput2, because it doesn't
work under Windows. (Why has it taken so long for anyone to notice?)
42. In a character class such as [\W\p{Any}] where both a negative-type escape
("not a word character") and a property escape were present, the property
escape was being ignored.
43. Fix crash caused by very long (*MARK) or (*THEN) names.
44. A sequence such as [[:punct:]b] that is, a POSIX character class followed
by a single ASCII character in a class item, was incorrectly compiled in
UCP mode. The POSIX class got lost, but only if the single character
followed it.
45. [:punct:] in UCP mode was matching some characters in the range 128-255
that should not have been matched.
46. If [:^ascii:] or [:^xdigit:] or [:^cntrl:] are present in a non-negated
class, all characters with code points greater than 255 are in the class.
When a Unicode property was also in the class (if PCRE_UCP is set, escapes
such as \w are turned into Unicode properties), wide characters were not
correctly handled, and could fail to match.
|
|
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube/Makefile 1.77
- mail/roundcube/PLIST 1.38
- mail/roundcube/distinfo 1.45
- mail/roundcube/options.mk 1.14
---
Module Name: pkgsrc
Committed By: prlw1
Date: Thu Oct 29 15:54:20 UTC 2015
Modified Files:
pkgsrc/mail/roundcube: Makefile PLIST distinfo options.mk
Log Message:
Update roundcube to 1.1.3
ok taca@
Since Makefile 1.59, the iconv option had no effect - reinstate iconv as
being optional.
This update to 1.1.3 makes multibyte and openssl a requirement (and drops
mcrypt support).
RELEASE 1.1.3
-------------
- Fix closing of nested menus (#1490443)
- Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281)
- Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424)
- Get rid of Mail_mimeDecode package dependency (#1490416)
- Fix "Importing..." message does not hide on error (#1490422)
- Fix Compose action in addressbook for results from multiple addressbooks (#1490413)
- Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426)
- Fix unintentional messages list page change on page switch in compose addressbook (#1490427)
- Fix race-condition in saving user preferences and loading plugin config (#1490431)
- Fix so plain text signature field uses monospace font (#1490435)
- Fix so links with href == content aren't added to links list on html to text conversion (#1490434)
- Fix handling of non-break spaces in html to text conversion (#1490436)
- Fix self-reply detection issues (#1490439)
- Fix multi-folder search result sorting by arrival date (#1490450)
- Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452)
- Update to TinyMCE 4.1.10 (#1490405)
- Fix draft removal after a message is sent and storing sent message is disabled (#1490467)
- Fix so imap folder attribute comparisons are case-insensitive (#1490466)
- Fix bug where new messages weren't added to the list in search mode
- Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035)
- Fix some javascript errors in rare situations (#1490441)
- Fix error when using back button after sending an email (#1490009)
- Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470)
- Disable links list generation on html-to-text conversion of identities or composed message (#1490437)
- Fix "washing" of style elements wrapped into many lines
- Fix so input field (e.g. search box) does not loose focus on list load (#1490455)
- Fix so css of one html part does not apply to other text parts on message display (#1490505)
- Fix XSS issue in drag-n-drop file uploads (#1490530)
- Fix handling of plus character in mailto: links (#1490510)
- Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472)
- Fix so gc.sh script removes also expired sessions from sql database (#1490512)
- Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517)
- Fix various issues with Turkish (and similar) locales (#1490519)
- Fix so In-Reply-To header is set also for MDN receipts (#1490523)
- Fix missing HTTP_X_FORWARDED_FOR address in generated Received header
- Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482)
|
|
net/ntp4: build fix
Revisions pulled up:
- net/ntp4/Makefile 1.89
- net/ntp4/distinfo 1.24
- net/ntp4/patches/patch-aa deleted
- net/ntp4/patches/patch-include-ntp__syscall.h 1.1
- net/ntp4/patches/patch-ntpd-ntpd.c 1.1
---
Module Name: pkgsrc
Committed By: christos
Date: Thu Oct 29 11:23:47 UTC 2015
Added Files:
pkgsrc/net/ntp4/patches: patch-include-ntp__syscall.h patch-ntpd-ntpd.c
Removed Files:
pkgsrc/net/ntp4/patches: patch-aa
Log Message:
- rename patch-aa to follow not so new anymore convention
- apply the "warmup" patch only on linux. should fix the build on netbsd-6
---
Module Name: pkgsrc
Committed By: christos
Date: Thu Oct 29 11:28:44 UTC 2015
Modified Files:
pkgsrc/net/ntp4: Makefile distinfo
Log Message:
update checksum and bump revision
|
|
www/squid3: security fix
Revisions pulled up:
- www/squid3/Makefile 1.54-1.56
- www/squid3/distinfo 1.41-1.43
- www/squid3/files/squid.sh 1.3
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Oct 2 07:57:13 UTC 2015
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.5.10:
* Align behavior of MEMPROXY_CLASS's operator delete with ::delete on nullptr
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size
* Fix cache_peer login=PASS(THRU) after CVE-2015-5400
* Bug 4304: PeerConnector.cc:743 "!callback" assertion.
* Relicense SSPI helper to GPLv2+
* Bug 4208: more than one port in wccp2_service_info line causes error
* Relicense smb_lm auth helper to GPLv2+
* Relicense ntlm_fake_auth.pl to GPLv2+
* SMP: register worker listening ports one by one
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
* Cleanup: Migrate StoreEntry to using MEMPROXY_CLASS
* Remove custom pool chunk size for StoreEntry
* Implement default constructor for hash_link
* Bug 4326: base64 binary encoder rejects data beginning with nil byte
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Oct 8 10:07:10 UTC 2015
Modified Files:
pkgsrc/www/squid3: Makefile
pkgsrc/www/squid3/files: squid.sh
Log Message:
Check current file descriptor limit and raise if required rather than
blindly setting to 4096 (which may in fact be lower than current limit).
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Nov 4 21:44:27 UTC 2015
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.5.11:
* Add Locker friend class to SBuf for protection against memory issues
* Connection stats, including %<lp, missing for persistent connections
* Fix incorrect authentication headers on cache digest requests
* Bug 4281: copy-paste typos in src/tools.cc
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
* Avoid errors when parsing manager ACL in old squid.conf
* Bug 4279: No response from proxy for FTP-download of non-existing file
* Bug 3574: crashes on reconfigure and startup
* Bug 4347: compile errors with LibreSSL 2.3
|
|
|
|
pkgtools/pkg_comp: bugfix
Revisions pulled up:
- pkgtools/pkg_comp/Makefile 1.55
- pkgtools/pkg_comp/files/pkg_comp.8 1.41
- pkgtools/pkg_comp/files/pkg_comp.sh 1.43
---
Module Name: pkgsrc
Committed By: agc
Date: Sat Nov 21 23:10:27 UTC 2015
Modified Files:
pkgsrc/pkgtools/pkg_comp: Makefile
pkgsrc/pkgtools/pkg_comp/files: pkg_comp.8 pkg_comp.sh
Log Message:
Update pkg_comp to 1.38nb1
pkgsrc uses the "BUILD_TARGET" definition internally as the primary
target for building in a package's WRKDIR. It defaults to "all".
So pkgsrc cd's to ${WRKDIR} and does a "make ${BUILD_TARGET}"
pkg_comp also wants to use the same "BUILD_TARGET" definition
internally for itself to guide the builds for making binary packages.
It's done at a higher level than the pkgsrc definition. It defaults
to "package".
The use of the same name for two different purposes can cause
pkg_comp to fail to build packages. This commit renames the pkg_comp
definition to be "BUILD_PKG_COMP_TARGET".
With this change in place, my pkg_comp builds now complete successfully.
Bump PKGREVISION for the BUILD_PKG_COMP_TARGET fix
|
|
|
|
security/mit-krb5: build fix
Revisions pulled up:
- security/mit-krb5/Makefile 1.85
---
Module Name: pkgsrc
Committed By: tez
Date: Thu Nov 5 19:10:30 UTC 2015
Modified Files:
pkgsrc/security/mit-krb5: Makefile
Log Message:
Fix build in case there is a system version of verto found.
No revbump because it failed to build before if there was one.
Fixes pkg/50348
|
|
|
|
lang/g95: build fix
Revisions pulled up:
- lang/g95/distinfo 1.24
- lang/g95/patches/patch-ac deleted
- lang/g95/patches/patch-configure 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Sat Nov 7 22:56:13 UTC 2015
Modified Files:
pkgsrc/lang/g95: distinfo
Added Files:
pkgsrc/lang/g95/patches: patch-configure
Removed Files:
pkgsrc/lang/g95/patches: patch-ac
Log Message:
Let g95 build for NetBSD powerpc as well: treat NetBSD the same
as Linux in terms of FPU usage. Since this is only a build fix
for the NetBSD powerpc ports, there's no revision bump.
|
|
|
|
archivers/unzip: security fix
Revisions pulled up:
- archivers/unzip/Makefile 1.91
- archivers/unzip/distinfo 1.29
- archivers/unzip/patches/patch-crypt.c 1.1
- archivers/unzip/patches/patch-extract.c 1.3
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Nov 11 12:47:27 UTC 2015
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
pkgsrc/archivers/unzip/patches: patch-extract.c
Added Files:
pkgsrc/archivers/unzip/patches: patch-crypt.c
Log Message:
Add patches to fix CVE-2015-7696, CVE-2015-7697, and an integer underflow.
From Debian.
Bump PKGREVISION.
|
|
Pullup ticket #4856 - requested by he
graphics/png: security fix
Revisions pulled up:
- graphics/png/Makefile 1.179
- graphics/png/distinfo 1.124
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Nov 12 16:12:19 UTC 2015
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update png to 1.6.19:
Libpng 1.6.19 - November 12, 2015
Changes since the last public release (1.6.18):
Updated obsolete information about the simplified API macros in the
manual pages (Bug report by Arc Riley).
Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
Rearranged png.h to put the major sections in the same order as
in libpng17.
Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
PNG_WEIGHT_FACTOR macros.
Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
(Bug report by Viktor Szakats). Several warnings remain and are
unavoidable, where we test for overflow.
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
Moved config.h.in~ from the "libpng_autotools_files" list to the
"libpng_autotools_extra" list in autogen.sh because it was causing a
false positive for missing files (bug report by Robert C. Seacord).
Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
to suppress clang warnings (Bug report by Viktor Szakats).
Fixed some bad links in the man page.
Changed "n bit" to "n-bit" in comments.
Added signed/unsigned 16-bit safety net. This removes the dubious
0x8000 flag definitions on 16-bit systems. They aren't supported
yet the defs *probably* work, however it seems much safer to do this
and be advised if anyone, contrary to advice, is building libpng 1.6
on a 16-bit system. It also adds back various switch default clauses
for GCC; GCC errors out if they are not present (with an appropriately
high level of warnings).
Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
Seacord).
Fixed the recently reported 1's complement security issue by replacing
the value that is illegal in the PNG spec, in both signed and unsigned
values, with 0. Illegal unsigned values (anything greater than or equal
to 0x80000000) can still pass through, but since these are not illegal
in ANSI-C (unlike 0x80000000 in the signed case) the checking that
occurs later can catch them (John Bowler).
Fixed png_save_int_32 when int is not 2's complement (John Bowler).
Updated libpng16 with all the recent test changes from libpng17,
including changes to pngvalid.c to ensure that the original,
distributed, version of contrib/visupng/cexcept.h can be used
(John Bowler).
pngvalid contains the correction to the use of SAVE/STORE_
UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
tests contain the --strict option to detect warnings and the
pngvalid-standard test has been corrected so that it does not
turn on progressive-read. There is a separate test which does
that. (John Bowler)
Also made some signed/unsigned fixes.
Make pngstest error limits version specific. Splitting the machine
generated error structs out to a file allows the values to be updated
without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
slightly different error limits this simplifies maintenance. The
makepngs.sh script has also been updated to more accurately reflect
current problems in libpng 1.7 (John Bowler).
Incorporated new test PNG files into make check. tests/pngstest-*
are changed so that the new test files are divided into 8 groups by
gamma and alpha channel. These tests have considerably better code
and pixel-value coverage than contrib/pngsuite; however,coverage is
still incomplete (John Bowler).
Removed the '--strict' in 1.6 because of the double-gamma-correction
warning, updated pngstest-errors.h for the errors detected with the
new contrib/testspngs PNG test files (John Bowler).
Worked around rgb-to-gray issues in libpng 1.6. The previous
attempts to ignore the errors in the code aren't quite enough to
deal with the 'channel selection' encoding added to libpng 1.7; abort.
Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
macro, therefore the argument list cannot contain preprocessing
directives. Make sure pow is a function where this happens. This is
a minimal safe fix, the issue only arises in non-performance-critical
code (bug report by Curtis Leach, fix by John Bowler).
Added sPLT support to pngtest.c
Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
Silently truncate over-length PLTE chunk while reading.
Libpng incorrectly calculated the output rowbytes when the application
decreased either the number of channels or the bit depth (or both) in
a user transform. This was safe; libpng overallocated buffer space
(potentially by quite a lot; up to 4 times the amount required) but,
from 1.5.4 on, resulted in a png_error (John Bowler).
Fixed some inconsequential cut-and-paste typos in
png_set_cHRM_XYZ_fixed().
Clarified COPYRIGHT information to state explicitly that versions
are derived from previous versions.
Removed much of the long list of previous versions from png.h and
libpng.3.
|
|
|
|
devel/nss: security fix
Revisions pulled up:
- devel/nss/Makefile 1.103
- devel/nss/distinfo 1.52
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Nov 3 16:55:07 UTC 2015
Modified Files:
pkgsrc/devel/nss: Makefile distinfo
Log Message:
Update to 3.20.1
Changelog:
The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.
* Bug 1192028 (CVE-2015-7181) and
Bug 1202868 (CVE-2015-7182):
Several issues existed within the ASN.1 decoder used by NSS for handling
streaming BER data. While the majority of NSS uses a separate, unaffected
DER decoder, several public routines also accept BER data, and thus are
affected. An attacker that successfully exploited these issues can overflow
the heap and may be able to obtain remote code execution.
|
|
|
|
x11/gtk3: build fix
Revisions pulled up:
- x11/gtk3/Makefile 1.70
- x11/gtk3/distinfo 1.32
- x11/gtk3/patches/patch-gtk_fallback-c89.c 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Sat Nov 7 15:49:38 UTC 2015
Modified Files:
pkgsrc/x11/gtk3: Makefile distinfo
Log Message:
Improve compatibility with systems which lack either round(), rint()
or nearbyint(), but might still have them declared in <math.h>.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: he
Date: Sat Nov 7 15:51:40 UTC 2015
Added Files:
pkgsrc/x11/gtk3/patches: patch-gtk_fallback-c89.c
Log Message:
Improve compatibility with systems which lack either round(), rint()
or nearbyint(), but might still have them declared in <math.h>.
Bump PKGREVISION.
|
|
|
|
sysutils/xenkernel45: security fix
Revisions pulled up:
- sysutils/xenkernel45/Makefile 1.10
- sysutils/xenkernel45/distinfo 1.10
- sysutils/xenkernel45/patches/patch-CVE-2015-7835 1.1
- sysutils/xenkernel45/patches/patch-CVE-2015-7969 1.1
- sysutils/xenkernel45/patches/patch-CVE-2015-7970 1.1
- sysutils/xenkernel45/patches/patch-CVE-2015-7971 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu Oct 29 20:40:53 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel45: Makefile
Added Files:
pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-7835
patch-CVE-2015-7969 patch-CVE-2015-7970 patch-CVE-2015-7971
Log Message:
Add patches from Xen security advisory, fixing:
CVE-2015-7835 aka XSA-148
CVE-2015-7869 aka XSA-149 + XSA-151
CVE-2015-7970 aka XSA-150
CVE-2015-7971 aka XSA-152
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Oct 30 07:46:36 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel45: distinfo
Log Message:
Add patch entries from previous security commit. Pointed out by
Takahiro Hayashi, thanks !
|
|
sysutils/xenkernel42: security fix
Revisions pulled up:
- sysutils/xenkernel42/Makefile 1.18
- sysutils/xenkernel42/distinfo 1.17
- sysutils/xenkernel42/patches/patch-CVE-2015-7835 1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-7969 1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-7971 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu Oct 29 21:59:16 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel42: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-7835
patch-CVE-2015-7969 patch-CVE-2015-7971
Log Message:
Add patches, derived from Xen security advisory, fixing:
CVE-2015-7835 aka XSA-148
CVE-2015-7869 aka XSA-149 + XSA-151
CVE-2015-7971 aka XSA-152
Bump PKGREVISION
|
|
sysutils/xenkernel41: security fix
Revisions pulled up:
- sysutils/xenkernel41/Makefile 1.46
- sysutils/xenkernel41/distinfo 1.38
- sysutils/xenkernel41/patches/patch-CVE-2015-7835 1.1
- sysutils/xenkernel41/patches/patch-CVE-2015-7969 1.1
- sysutils/xenkernel41/patches/patch-CVE-2015-7971 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu Oct 29 20:29:56 UTC 2015
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-7835
patch-CVE-2015-7969 patch-CVE-2015-7971
Log Message:
Add patches, derived from Xen security advisory, fixing:
CVE-2015-7835 aka XSA-148
CVE-2015-7869 aka XSA-149 + XSA-151
CVE-2015-7971 aka XSA-152
Bump PKGREVISION
|
|
|
|
net/ntp4: security fix
Revisions pulled up:
- net/ntp4/Makefile 1.88
- net/ntp4/PLIST 1.20
- net/ntp4/distinfo 1.23
- net/ntp4/patches/patch-configure deleted
- net/ntp4/patches/patch-sntp_configure deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 23 03:43:31 UTC 2015
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/ntp4/patches: patch-configure patch-sntp_configure
Log Message:
Update ntp4 to 4.2.8p4.
pkgsrc change:
* Remove duplicated HTML documents.
* Install some addtional documents.
Changes are too many to write here, please refer NEWS files and this
release fixes security problems.
October 2015 NTP Security Vulnerability Announcement (Medium)
NTF's NTP Project has been notified of the following 13 low- and
medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on
Wednesday, 21 October 2015:
* Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association
authentication bypass via crypto-NAK (Cisco ASIG)
* Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning
FAIL on some bogus values (IDA)
* Bug 2921 CVE-2015-7854 Password Length Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock
driver could cause a buffer overflow. (Cisco TALOS)
* Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption
Vulnerability. (Cisco TALOS)
* Bug 2918 CVE-2015-7851 saveconfig Directory Traversal
Vulnerability. (OpenVMS) (Cisco TALOS)
* Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
* Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
* Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
* Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
* Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile"
should only be allowed locally. (RedHat)
* Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field. (Boston University)
* Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks. (Tenable)
The only generally-exploitable bug in the above list is the crypto-NAK bug,
which has a CVSS2 score of 6.4.
Additionally, three bugs that have already been fixed in ntp-4.2.8 but were
not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all
below 1.8 CVSS score, so we're reporting them here:
* Bug 2382 : Peer precision < -31 gives division by zero
* Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
* Bug 1593 : ntpd abort in free() with logconfig syntax error
|
|
|
|
www/drupal7: security fix
Revisions pulled up:
- www/drupal7/Makefile 1.34-1.35
- www/drupal7/PLIST 1.13
- www/drupal7/distinfo 1.27-1.28
---
Module Name: pkgsrc
Committed By: wen
Date: Sun Oct 18 03:30:53 UTC 2015
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update to 7.40
Upstream changes:
Drupal 7.40, 2015-10-14
-----------------------
- Made Drupal's code for parsing .info files run much faster and use much less
memory.
- Prevented drupal_http_request() from returning an error when it receives a
201 through 206 HTTP status code.
- Added support for autoloading traits via the registry on sites running PHP
5.4 or higher.
- Allowed the user-picture.tpl.php theme template to have HTML classes besides
the default "user-picture" class printed in it (markup change).
- Fixed the URL text filter to convert e-mail addresses with plus signs into
mailto: links.
- Added alternate text to file icons displayed by the File module, to improve
accessibility (string change, and minor API addition to theme_file_icon()).
- Changed one-time login link failure messages to be displayed as errors or
warnings as appropriate, rather than as regular status messages (minor UI
change and data structure change).
- Changed the default settings.php configuration to exclude private files from
the "404_fast_paths" behavior.
- Changed the page that displays filter tips for a particular text format, for
example filter/tips/full_html, to return "page not found" or "access denied"
if the format does not exist or the user does not have access to it. This
change adds a new menu item to the Filter module's hook_menu() entry (minor
data structure change).
- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the
cache keys used for caching a particular block.
- Made drupal_set_message() display and return messages when "0" is passed in
as the message to set.
- Fixed non-functional "Files displayed by default" setting on file fields.
- The "worker callback" provided in hook_cron_queue_info() and the "finished"
callback specified during batch processing can now be any PHP callable
instead of just functions.
- Prevented drupal_set_time_limit() from decreasing the time limit in the case
where the PHP maximum execution time is already unlimited.
- Changed the default thousand marker for numeric fields from a space ("1 000")
to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
- Prevented malformed theme .info files (without a "name" key) from causing
exceptions during menu rebuilds. If an .info file without a "name" key is
found in a module or theme directory, Drupal will now use the module or
theme's machine name as the display name instead.
- Made the format column in the {date_format_locale} database table
case-sensitive, to match the equivalent column in the {date_formats} table.
- Fixed a bug in the Statistics module that caused JavaScript files attached to
a node while it is being viewed to be omitted from the page.
- Added an optional 'project:' prefix that can be added to dependencies in a
module's .info file to indicate which project the dependency resides in (API
addition: https://www.drupal.org/node/2299747).
- Fixed various bugs that occurred after hooks were invoked early in the Drupal
bootstrap and that caused module_implements() and drupal_alter() to cache an
incomplete set of hook implementations for later use.
- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent
certain web browsers from picking an unsafe MIME type.
- Prevented the database API from executing multiple queries at once on MySQL,
if the site's PHP version is new enough to do so. This is a secondary defense
against SQL injection (API change: https://www.drupal.org/node/2463973).
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade
to fail when there were multiple file records pointing to the same file.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 09:59:44 UTC 2015
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
Update drupal7 to 7.41.
Drupal 7.41, 2015-10-21
-----------------------
- Fixed security issues (open redirect). See SA-CORE-2015-004.
|
|
net/unbound: SMF support
Revisions pulled up:
- net/unbound/Makefile 1.38
- net/unbound/files/smf/manifest.xml 1.1
- net/unbound/files/smf/unbound.sh 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 21 21:30:14 UTC 2015
Modified Files:
pkgsrc/net/unbound: Makefile
Added Files:
pkgsrc/net/unbound/files/smf: manifest.xml unbound.sh
Log Message:
Add SMF support. Bump revision.
|
|
security/botan-devel: build fix
Revisions pulled up:
- security/botan-devel/Makefile 1.11
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 21 21:29:14 UTC 2015
Modified Files:
pkgsrc/security/botan-devel: Makefile
Log Message:
For amd64 builds, override the automatic CPU detection. It fails on
SmartOS for 64bit builds.
|
|
|
|
devel/netbsd-iscsi-lib: SmartOS build fix
Revisions pulled up:
- devel/netbsd-iscsi-lib/Makefile 1.5
- devel/netbsd-iscsi-lib/distinfo 1.6
- devel/netbsd-iscsi-lib/patches/patch-ac 1.2
- devel/netbsd-iscsi-lib/patches/patch-include_iscsi-md5.h 1.1
- devel/netbsd-iscsi-lib/patches/patch-src_lib_md5c.c 1.1
- devel/netbsd-iscsi-lib/patches/patch-src_lib_md5hl.c 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 15 13:15:50 UTC 2015
Modified Files:
pkgsrc/devel/netbsd-iscsi-lib: Makefile distinfo
pkgsrc/devel/netbsd-iscsi-lib/patches: patch-ac
Added Files:
pkgsrc/devel/netbsd-iscsi-lib/patches: patch-include_iscsi-md5.h
patch-src_lib_md5c.c patch-src_lib_md5hl.c
Log Message:
Fix for non-BSD platforms by avoiding sys/cdefs.h dependency.
Avoid system namespace for headers. Add missing RCS ID.
|
|
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.50,1.52
- multimedia/adobe-flash-plugin11/distinfo 1.47,1.49
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tsutsui
Date: Sun Oct 18 14:15:23 UTC 2015
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.540.
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: October 16, 2015
Vulnerability identifier: APSB15-27
CVE number: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Platform: All Platforms
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 pkgsrc/multimedia/adobe-flash-plugin11/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/multimedia/adobe-flash-plugin11/distinfo
|
|
lang/perl5: fix for sparc
Revisions pulled up:
- lang/perl5/hacks.mk 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: mrg
Date: Thu Oct 15 00:15:52 UTC 2015
Modified Files:
pkgsrc/lang/perl5: hacks.mk
Log Message:
enable the GCC 4.5 op.c hack for sparc.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/perl5/hacks.mk
|
|
sysutils/dbus: build fix
Revisions pulled up:
- sysutils/dbus/distinfo 1.67
- sysutils/dbus/patches/patch-tools_dbus-print-message.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 8 14:32:09 UTC 2015
Modified Files:
pkgsrc/sysutils/dbus: distinfo
Added Files:
pkgsrc/sysutils/dbus/patches: patch-tools_dbus-print-message.c
Log Message:
Fix build on NetBSD 5.x and 6.x.
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.67 pkgsrc/sysutils/dbus/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/dbus/patches/patch-tools_dbus-print-message.c
|