Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security fix for imlib
Module Name: pkgsrc
Committed By: tron
Date: Sat Nov 27 08:09:38 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile
Log Message:
Remove me as maintainer of this package.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Dec 3 13:42:47 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile distinfo
pkgsrc/graphics/imlib/patches: patch-ag patch-ah
Log Message:
Changes 1.9.15:
* Minor bug fixes
---
Module Name: pkgsrc
Committed By: salo
Date: Fri Dec 10 09:30:42 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile buildlink3.mk distinfo
pkgsrc/graphics/imlib/patches: patch-ab patch-ai
Added Files:
pkgsrc/graphics/imlib/patches: patch-aj patch-ak patch-al
patch-am patch-an patch-ao
Log Message:
Bump PKGREVISION, security fix:
"Multiple buffer overflows in imlib 1.9.14 and earlier, which is
used by gkrellm and several window managers, allow remote attackers
to execute arbitrary code via certain image files." (1.9.15 is also
affected)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
Patch from Pavel Kankovsky.
|
|
|
|
security fix for ssmtp
Module Name: pkgsrc
Committed By: tv
Date: Fri Oct 22 14:45:47 UTC 2004
Modified Files:
pkgsrc/mail/ssmtp: Makefile distinfo
pkgsrc/mail/ssmtp/patches: patch-ab
Log Message:
Update to 2.61, and obey USE_INET6. Change highlights:
* Fixed two format string vulnerabilities (die() and log_event())
(Closes: #243945)
* Segfaults when trying to send mail with authenticated smtp
(Closes: #261975)
* Make address rewriting possible to disable (Closes: #146238)
* Add AuthUser, AuthPass, AuthMethod to configuration file
(Closes: #249905)
* Logic to choose cram-md5 authentication is backwards
(Closes: #249907)
* SSMTP builds with MD5 support but during the exchange it
segfaults (Closes: #249203)
* The source compilaton fails if ./configure --enable-logfile
is selected (Closes: #242905)
* SSL/TLS support cannot handle STARTTLS (Closes: #244666)
* Creates bad date headers on some systems (Closes: #230864)
* Fix 'MAIL FROM' problems with cron and the like setting bad
'From:' address when FromLineOverride=YES is set (Closes: #205513)
* Update version string in ssmtp.c (Closes: #198763)
* Work around missing spaces in headers (Closes: #192445)
|
|
|
|
MASTER_SITES fix for shared-mime-info
Module Name: pkgsrc
Committed By: sketch
Date: Fri Nov 26 17:20:07 UTC 2004
Modified Files:
pkgsrc/databases/shared-mime-info: Makefile
Log Message:
Correct URL to distfile, from Alexis Robert.
|
|
|
|
security fix for sun-jre14 and sun-jdk14
Module Name: pkgsrc
Committed By: tv
Date: Tue Oct 5 22:09:23 UTC 2004
Modified Files:
pkgsrc/lang/sun-jdk13: Makefile PLIST
pkgsrc/lang/sun-jdk14: Makefile PLIST pkgsrc/lang/sun-jdk15: Makefile PLIST
pkgsrc/lang/sun-jre13: Makefile PLIST
pkgsrc/lang/sun-jre14: Makefile PLIST
pkgsrc/lang/sun-jre15: Makefile PLIST
Log Message:
Expand the JAVA_WRAPPERS definitions for the sun-j{re,dk}* packages.
This adds many commonly used tools to $PREFIX/bin, such as keytool,
rmiregistry, rmic, idlj, etc.
---
Module Name: pkgsrc
Committed By: tv
Date: Mon Oct 11 14:07:38 UTC 2004
Modified Files:
pkgsrc/lang/blackdown-jdk13: Makefile PLIST
pkgsrc/lang/jdk: Makefile PLIST
pkgsrc/lang/sun-jdk13: Makefile PLIST
pkgsrc/lang/sun-jdk14: Makefile PLIST
pkgsrc/lang/win32-jdk: PLIST
Log Message:
Fix the "jre" symlink in the various Sun-based JDK packages; it was wrong
for quite some time after the ${PREFIX}/java migration. Since pkgsrc now
has proper symlink handling in pkg_install, this can now be a simple
PLIST entry rather than an @exec/@unexec pair.
---
Committed By: jschauma
Date: Thu Oct 14 14:32:32 UTC 2004
Modified Files:
pkgsrc/lang/sun-jdk14: Makefile distinfo
pkgsrc/lang/sun-jre14: Makefile Makefile.common PLIST distinfo
Log Message:
Tell people to fetch the JCE file if necessary.
Update sun-j*4 to 14-2.6 (aka sun-jdk/jre version 1.4.2_06).
Bugs fixed since last according to
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html:
- jResourceBundle holds ClassLoader references using SoftReference (not weak)
- enablev006: JVMPI_EVENT_ OBJECT_ALLOC request crashes Server VM
- Update cacerts with new VeriSign ca certs
- (so) Selector.select() throws CancelledKeyException
- Internal Error occurs during offet conversion of byte code in rewrite/relocate
- SEGV in MapLoops test
- REGRESSION 1.4: PropertyDescriptors do not find the most specific methods
- REGRESSION 1.5: Introspector.getBeanInfo throws NPE if a primitive type is passed
- CMS: vtest died with tiger b26
- JVM crashes during deoptimization phase
- CMS thread/SLT deadlock problem
- Unable to create Logger during JVM shutdown
- 64bit j2sdk1.4.2_01 and j2sdk1.4.2_03 dump core with oracle 64bit jdbc oci driver
- Cannot set different runtime parameters for different 1.4.2_x versions
- "java_g -version" dies on an assertion on RH9.0 and RHEL 3.0
- 1.4.2_05: 3 JCK tests failing with -Xcheck:jni flag on Linux
- RH Enterprise 3 and Suse Ent 8 server / desktop asian font properties needed
- Clent VM crash while compiling a large JSP generated method
- NullPointerException in reading an rtf-file into a javax.swing.text.rtf.RTFEdito
- RTFEditorKit wrongly parses rtf if fontname has unicode characters
- 1.4.2_04 Server VM - C2 crash in PhaseCFG::ScheduleLate on Solaris
- bf) Direct memory cannot be unreserved while reserving thread sleeps
- Hotspot compiler changes behaviour of program
- VM segv's running jvmti/jvmpi profiler
- J2SE 1.4.2 cannot display certain awt components in Asian characters in RH2.1 AS
- exception thows from jconsole when run any GUI which works fine with jdk1.4.x
- Can not eliminate implicit null checks for method invocations based on profile
- Regression 1.4.2_06b1 4937429 failing. cacerts in javaws and security dirs diffe
- /api/javax_swing/ SwingUtilities/descriptions.html fails for JCK14a, 1.4.2_06b1
- Regression:4683022 fails for 1.4.2_06-b01
- REGRESSION: ResourceBundle.getBundle(String, Locale) is broken in jdk 1.4.2_05
|
|
|
|
security fix for thunderbird and thunderbird-gtk2
Module Name: pkgsrc
Committed By: kristerw
Date: Thu Nov 4 20:06:34 UTC 2004
Modified Files:
pkgsrc/mail/thunderbird: distinfo
pkgsrc/mail/thunderbird/patches: patch-bt
Log Message:
Use __va_copy instead of va_copy for NetBSD. This is needed on gcc 3.4=
since the build use -ansi that in turn makes gcc 3.4 modify its pre-
defined symbols in such a way that va_copy is not defined.
---
Module Name: pkgsrc
Committed By: taya
Date: Sun Nov 14 23:38:20 UTC 2004
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST dist=
info
pkgsrc/mail/thunderbird-gtk2: PLIST
Log Message:
Update thunderbird & thunderbird-gtk2 to 0.9
Here are the highlights for this Thunderbird release:
* Saved Search Folders
- Saved Search Folders display messages based on previously set search
criteria. For example, instead of filtering messages into a new
folder, you could create a Saved Search Folder that lists all the
messages received from a certain person over the past 30 days, even if
those messages are stored in different folders and subfolders.
* Message Grouping
- You can now group messages in a folder by attributes such as date,
sender, priority or a custom label. For instance, a folder grouped by
date will group messages from today, yesterday, last week, etc. into
self-contained groups in the message list pane. (View > Sort By >
Grouped By Sort)
* Other New Features
- Messages with attachments now get marked as such in the message list
pane immediately and not when the message is displayed.
- Improvements to Thunderbird's Global Inbox support for POP3 users.
- The new quick search bar introduced in 0.8 now features a clear
button when search text is present inside the quick search box.
- Fixed a regression introduced in 0.8 where a user could not change
the local folder path in the Account Manager.
- Improved offline support including fixes for common offline-related
problems.
- Improved privacy controls block remote content in e-mail messages
from senders not in your address book.
- Long file attachment names are no longer truncated in the message
pane.
- Bug fixes too numerous to mention!
|
|
|
|
win32-codecs update
Module Name: pkgsrc
Committed By: salo
Date: Tue Nov 9 10:05:49 UTC 2004
Modified Files:
pkgsrc/multimedia/win32-codecs: Makefile distinfo
Log Message:
Update windows-all, the old distfile no longer available. *sigh*
---
Module Name: pkgsrc
Committed By: salo
Date: Tue Nov 9 10:12:38 UTC 2004
Modified Files:
pkgsrc/multimedia/win32-codecs: PLIST
Log Message:
Might as well just commit the PLIST changes too..
---
Module Name: pkgsrc
Committed By: grant
Date: Sat Nov 13 07:33:52 UTC 2004
Modified Files:
pkgsrc/multimedia/win32-codecs: Makefile
Log Message:
this has no build or configure phase.
|
|
|
|
security fix for apache
Module Name: pkgsrc
Committed By: tron
Date: Mon Oct 25 08:44:16 UTC 2004
Modified Files:
pkgsrc/www/apache: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/apache/patches: patch-ap
Log Message:
Update "apache" package to version 1.3.32. Changes since version 1.3.31:
- mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
[michael teitler <michael.teitler cetelem.fr>,
Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
- mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036. [André Malo]
- mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920. [Joe Orton]
- Trigger an error when a LoadModule directive attempts to
load a module which is built-in. This is a common error when
switching from a DSO build to a static build.
[Jeff Trawick, Geoffrey Young]
- Fix trivial bug in mod_log_forensic that caused the child
to seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
[Will Slater <Will Slater orbisuk.com>]
- Fix memory leak in the cache handling of mod_rewrite. PR 27862.
[chunyan sheng <shengperson yahoo.com>, André Malo]
- mod_rewrite no longer confuses the RewriteMap caches if
different maps defined in different virtual hosts use the
same map name. PR 26462. [André Malo]
- mod_setenvif: Remove "support" for Remote_User variable which
never worked at all. PR 25725. [André Malo]
- mod_usertrack: Escape the cookie name before pasting into the
regexp. [André Malo]
- Win32: Improve error reporting after a failed attempt to spawn a
piped log process or rewrite map process. [Jeff Trawick]
- SECURITY: CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid (negative)
Content-Length. [Mark Cox]
- Fix a bunch of cases where the return code of the regex compiler
was not checked properly. This affects mod_usertrack and
core. PR 28218. [André Malo]
- No longer breaks mod_dav, frontpage and others. Repair a patch
in 1.3.31 which prevented discarding the request body for requests
that will be keptalive but are not currently keptalive. PR 29237.
[Jim Jagielski, Rasmus Lerdorf]
- COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT.
It controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined during
compilation, UseCanonicalName Off will use the physical port number to
generate the canonical name. If not defined, it tries the current Port
value followed by the default port for the current scheme.
[Jim Jagielski]
---
Module Name: pkgsrc
Committed By: abs
Date: Fri Oct 29 13:48:31 UTC 2004
Modified Files:
pkgsrc/www/apache: Makefile distinfo
pkgsrc/www/apache/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-ah patch-ai patch-aj
patch-ak patch-am patch-ao
Removed Files:
pkgsrc/www/apache/patches: patch-al
Log Message:
Update apache to 1.3.33
The main security vulnerabilities addressed in 1.3.33 are:
* CAN-2004-0940 (cve.mitre.org)
Fix potential buffer overflow with escaped characters in SSI
tag string.
* CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid
(negative) Content-Length.
New features
* Win32: Improve error reporting after a failed attempt to
spawn a piped log process or rewrite map process.
* Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It
controls how UseCanonicalName Off determines the port value if
the client doesn't provide one in the Host header. If defined
during compilation, UseCanonicalName Off will use the physical
port number to generate the canonical name. If not defined, it
tries the current Port value followed by the default port for
the current scheme.
The following bugs were found in Apache 1.3.31 (or earlier) and
have been fixed in Apache 1.3.33:
* mod_rewrite: Fix query string handling for proxied URLs.
PR 14518.
* mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036.
* mod_digest: Fix nonce string calculation since 1.3.31 which
would force re-authentication for every connection if
AuthDigestRealmSeed was not configured. PR 30920.
* Fix trivial bug in mod_log_forensic that caused the child to
seg fault when certain invalid requests were fired at it with
forensic logging is enabled. PR 29313.
* No longer breaks mod_dav, frontpage and others. Repair a
patch in 1.3.31 which prevented discarding the request body
for requests that will be keptalive but are not currently
keptalive. PR 29237.
---
Module Name: pkgsrc
Committed By: salo
Date: Mon Nov 15 19:13:41 UTC 2004
Modified Files:
pkgsrc/www/apache/patches: patch-ai
Log Message:
Revert rev 1.9, do not expand @INSTALL@, it's done in post-patch.
(hi abs!)
---
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 16 08:23:45 UTC 2004
Modified Files:
pkgsrc/www/apache: distinfo
Log Message:
Regen after "patch-ai" was changed. (hi salo!)
|
|
|
|
security fixes for mozilla and firefox
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 11:52:09 UTC 2004
Modified Files:
pkgsrc/www/mozilla: distinfo
Log Message:
bring across a patch in Firefox for using thread-safe resolver
library functions on NetBSD >=2.0F.
---
Module Name: pkgsrc
Committed By: grant
Date: Mon Oct 4 11:52:45 UTC 2004
Modified Files:
pkgsrc/www/mozilla/patches: patch-br
Log Message:
bring across a patch in Firefox for using thread-safe resolver
library functions on NetBSD >=2.0F.
---
Module Name: pkgsrc
Committed By: sekiya
Date: Mon Oct 25 13:02:15 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile.common distinfo
pkgsrc/www/mozilla/patches: patch-bt
Log Message:
Force gcc34 and use the right varargs macro for amd64. Mozilla
(and its derivatives) now appears to work properly on amd64.
Patches from Nicholas Joly.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Mon Oct 25 18:06:26 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile Makefile.common PLIST
pkgsrc/www/mozilla-gtk2: Makefile PLIST
pkgsrc/www/mozilla/files: moz-install
Log Message:
Modify mozilla and mozilla-gtk2 to install several additional headers.
More specifically, this lets Mozilla NSS be used by other programs.
Also make the pkgconfig substitutions happen at post-build time, so
that the right rpaths are added to the mozilla-nspr.pc file (which is
filled in during the build).
Bump PKGREVISION to 1 for both packages. Ok'ed by taya@, the
maintainer.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Nov 12 02:11:22 UTC 2004
Modified Files:
pkgsrc/www/mozilla: Makefile distinfo
pkgsrc/www/mozilla-gtk2: Makefile
Added Files:
pkgsrc/www/mozilla/patches: patch-bj
Log Message:
Update mozilla and mozilla-gtk2 to 1.7.3nb2 with a security fix
from mozilla CVS.
---
Module Name: pkgsrc
Committed By: kristerw
Date: Mon Nov 1 18:07:24 UTC 2004
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-bt
Log Message:
Use __va_copy instead of va_copy for NetBSD. This is needed on gcc
3.4 since the build use -ansi that in turn makes gcc 3.4 modify its
predefined symbols in such a way that va_copy is not defined.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Tue Nov 9 20:10:14 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
Update firefox and firefox-gtk2 to 1.0.
This is a bugfix release, to fix the problems reported in Preview
Releases, etc.
---
Module Name: pkgsrc
Committed By: taya
Date: Wed Nov 10 14:38:45 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
Log Message:
- correct path of mirror site
- add some missing files to PLIST
---
Module Name: pkgsrc
Committed By: taya
Date: Wed Nov 10 14:40:24 UTC 2004
Modified Files:
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
add some missing files to PLIST
---
Module Name: pkgsrc
Committed By: taya
Date: Sat Nov 13 07:03:08 UTC 2004
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST
Log Message:
remove typeahead extension that confilicts with buildin typeahead
component.
fix pkg/28164.
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: taya
Date: Sat Nov 13 08:57:54 UTC 2004
Modified Files:
pkgsrc/www/firefox-gtk2: PLIST
Log Message:
remove typeahead extension
|
|
|
|
security fix for libxml2
Module Name: pkgsrc
Committed By: xtraeme
Date: Thu Oct 21 05:28:17 UTC 2004
Modified Files:
pkgsrc/doc: CHANGES TODO
pkgsrc/textproc/libxml2: Makefile distinfo
Log Message:
Update textproc/libxml2 to 2.6.14, this is a bugfix release.
---
Module Name: pkgsrc
Committed By: recht
Date: Sun Oct 31 10:40:51 UTC 2004
Modified Files:
pkgsrc/textproc/libxml2: Makefile buildlink3.mk distinfo
pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
Log Message:
update to libxml2-2.6.15
changes:
* security fixes on the nanoftp and nanohttp modules
For details see:
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
* build fixes:
- xmllint detection bug in configure
- building outside the source tree (Thomas Fitzsimmons)
* bug fixes:
- HTML parser on broken ASCII chars in names (William)
- Python paths (Malcolm Tredinnick)
- xmlHasNsProp and default namespace (William)
- saving to python file objects (Malcolm Tredinnick)
- DTD lookup fix (Malcolm)
- save back <group> in catalogs (William)
- tree build fixes (DV and Rob Richards)
- Schemas memory bug
- structured error handler on Python 64bits
- thread local memory deallocation
- memory leak reported by Volker Roth
- xmlValidateDtd in the presence of an internal subset
- entities and _private problem (William)
- xmlBuildRelativeURI error (William).
* improvements:
- better XInclude error reports (William)
- tree debugging module and tests
- convenience functions at the Reader API (Graham Bennett)
- add support for PI in the HTML parser.
Update BUILDLINK_RECOMMENDED to 2.6.15 for the security fix.
---
Module Name: pkgsrc
Committed By: minskim
Date: Wed Nov 3 16:41:56 UTC 2004
Modified Files:
pkgsrc/textproc/py-libxml2: Makefile distinfo
Log Message:
Sync with libxml2-2.6.15.
Changes since 2.6.12:
- saving to python file objects (Malcolm Tredinnick)
- structured error handler on Python 64bits
- Python space/tabs cleanups
- Python libxml2 driver improvement
---
Module Name: pkgsrc
Committed By: recht
Date: Thu Nov 11 21:01:15 UTC 2004
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
Log Message:
update to 2.6.16
2.6.16: Nov 10 2004:
- general hardening and bug fixing crossing all the API based on
new automated regression testing
- build fix: IPv6 build and test on AIX (Dodji Seketeli)
- bug fixes: problem with XML::Libxml reported by Petr Pajas,
encoding conversion functions return values, UTF-8 bug affecting
XPath reported by Markus Bertheau, catalog problem with NULL
entries (William Brack)
- documentation: fix to xmllint man page, some API function
descritpion were updated.
- improvements: DTD validation APIs provided at the Python level
(Brent Hendricks)
---
Module Name: pkgsrc
Committed By: minskim
Date: Thu Nov 25 18:37:43 UTC 2004
Modified Files:
pkgsrc/textproc/py-libxml2: Makefile distinfo
pkgsrc/textproc/py-libxml2/patches: patch-aa
Log Message:
Update py-libxml2 to 2.6.16.
Changes:
- improvements: DTD validation APIs provided at the Python level.
|
|
|
|
remove gnats4 package
"The gnats4 pkg has been superseced by the gnats pkg."
|
|
security fix for gnats
Module Name: pkgsrc
Committed By: soren
Date: Wed Nov 10 21:34:46 UTC 2004
Modified Files:
pkgsrc/databases/gnats: DESCR MESSAGE Makefile PLIST distinfo
pkgsrc/databases/gnats/patches: patch-aa patch-ab
Removed Files:
pkgsrc/databases/gnats/patches: patch-ac patch-ad patch-ae patch-af
patch-ag
Log Message:
Update using the databases/gnats4 package. gnats3 has numerous security
problems and is no longer supported.
---
Module Name: pkgsrc
Committed By: soren
Date: Sun Nov 14 10:59:58 UTC 2004
Modified Files:
pkgsrc/databases/gnats: Makefile PLIST distinfo
Log Message:
Update to gnats 4.0.1.
Fixes vulnerabilities described in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0623 .
|
|
|
|
remove apache6 package
removed from -current because of too many vulnerabilities and no newer
version available (people are expected to switch to apache2).
|
|
|
|
security fix for sudo
Module Name: pkgsrc
Committed By: cube
Date: Fri Nov 26 16:23:57 UTC 2004
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
sudo is nominated for crapware of the year. Now at version 1.6.8pl4!
Just as for pl2, changes are about environment sanitizing, meaning
there are possible security issues with current versions.
Changes:
550) The CDPATH variable is now stripped from the environment passed
to the program to be executed.
551) Fix temp file generation on systems where the _PATH_VARTMP macro
lacks a trailing slash.
552) The KRB5CCNAME environment variable is preserved during sudo
execution for password lookups that use GSSAPI.
|
|
|
|
security fix for sun-jdk13 and sun-jre13
Module Name: pkgsrc
Committed By: jschauma
Date: Tue Nov 23 16:56:33 UTC 2004
Modified Files:
pkgsrc/lang/sun-jdk13: Makefile distinfo
pkgsrc/lang/sun-jre13: Makefile distinfo
Log Message:
Update to version 1.3.1_13.
Addresses security issue
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
Changes since _12 according to
http://java.sun.com/j2se/1.3/ReleaseNotes.html
Can't display localized exception messages of the native method
correctly java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
|
|
|
|
security fix for apache2
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 2 15:47:03 UTC 2004
Modified Files:
pkgsrc/devel/apr: distinfo
pkgsrc/www/apache2: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/www/apache2/patches: patch-ab
Log Message:
Update apache to apache-2.0.52.
Also added comment to www/apache2/Makefile.common to remind to
update checksum in devel/apr also.
No actual devel/apr changes seen.
Also removed www/apache2/patches/patch-ab because it is identical to
fix for security in new version.
Changes with Apache 2.0.52
*) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
*) Fix the global mutex crash when the global mutex is never allocated
due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
*) Fix a segfault in the LDAP cache when it is configured switched
off. [Jess Holle <jessh ptc.com>]
*) SECURITY: CAN-2004-0811 (cve.mitre.org)
Fix merging of the Satisfy directive, which was applied to
the surrounding context and could allow access despite configured
authentication. PR 31315. [Rici Lake <rici ricilake.net>]
*) Fix the handling of URIs containing %2F when AllowEncodedSlashes
is enabled. Previously, such urls would still be rejected.
[Jeff Trawick, Bill Stoddard]
*) mod_mem_cache: Fixed race condition causing segfault because of memory being
freed twice, or reused after being freed.
[J. Clar, W. Stoddard, G. Ames]
*) Add -l option to rotatelogs to let it use local time rather than
UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
*) mod_log_config: Fix a bug which prevented request completion time
from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
processing. PR 29696. [Alois Treindl <alois astro.ch>]
---
Module Name: pkgsrc
Committed By: reed
Date: Sat Oct 2 16:38:38 UTC 2004
Modified Files:
pkgsrc/www/apache2: Makefile PLIST
Log Message:
Sort the share/httpd/manual entries in the PLIST.
Added 35 share/httpd/manual entries to PLIST. Most are .ko.euc-kr,
.ko, ja.euc-jp, and .ja files.
I don't know when these were added.
Bump PKGREVISION because now package has several more files.
|
|
|
|
security fix for xpdf
Module Name: pkgsrc
Committed By: dillo
Date: Thu Nov 25 13:20:36 UTC 2004
Modified Files:
pkgsrc/print/xpdf: Makefile distinfo
Log Message:
update to 3.00.1 (pl1): fix various buffer overflows
---
Module Name: pkgsrc
Committed By: dillo
Date: Thu Nov 25 13:26:16 UTC 2004
Modified Files:
pkgsrc/print/xpdf: Makefile
Log Message:
on second thought, let's call it pl1, as was done before
|
|
|
|
security fix for libxml
Module Name: pkgsrc
Committed By: jmmv
Date: Sat Nov 20 22:07:49 UTC 2004
Modified Files:
pkgsrc/textproc/libxml: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/textproc/libxml/patches: patch-ad patch-ae
Log Message:
Backport security fixes (in the nanohttp and the nanoftp modules)
from libxml2 (several buffer overflows). Bump PKGREVISION to 3.
|
|
|
|
security and usability fixes for ja-squirrelmail
Module Name: pkgsrc
Committed By: taca
Date: Wed Oct 20 14:38:58 UTC 2004
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile distinfo
Log Message:
Update ja-squirrelmail to 20041014 release (1.4.3a-ja-20041014).
Fix these bugs..
(1) A problem with displaying mails in Japanese unless they are specified
charset to ISO-2022-JP in Content-Type header;
- encoded with euc-JP or Shift_JIS
- encoded with ISO-2022-JP but no Content-Type header
(2) A problem with replying to a mail with HTML format.
Bump package revision.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Nov 16 11:51:16 UTC 2004
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile distinfo
Log Message:
Apply XSS patch:
http://article.gmane.org/gmane.mail.squirrelmail.user/21169
Bump package revision.
|
|
|
|
security, build and usability fixes for samba
Module Name: pkgsrc
Committed By: jmmv
Date: Sat Nov 6 11:07:17 UTC 2004
Modified Files:
pkgsrc/net/samba: Makefile PLIST options.mk
Log Message:
When cups support is enabled, link smbspool into cups' backend directory
as smb (as the manual says). This enables samba printing through cups
(at least, the option appears in the web configuration form).
Bump PKGREVISION to 2.
---
Module Name: pkgsrc
Committed By: grant
Date: Tue Nov 9 08:21:27 UTC 2004
Modified Files:
pkgsrc/net/samba: Makefile PLIST distinfo
Log Message:
update to samba-3.0.8.
Common bugs fixed in 3.0.8 include:
o Compile fixes for HP-UX
o Fixes for the printer publishing code used when joined to
an AD domain.
o Incompatibilities with file system quotas.
o Several bugs in the spoolss printing code and print system
backends.
o Inconsistencies in the username map functionality when
configured on domain member servers.
o Various compile warnings and errors on various platforms.
o Fixes for kerberos interoperability with Windows 200x
domains when using DES keys.
o Fix for CAN-2004-0930 -- smbd remote DoS vulnerability.
New features included in the 3.0.8 release are:
o New migration functionality added the the net tool
for files/directories, printers, and shares.
o New experimental idmap backend for assigning uids/gids
directly based on the user/group RID when acting as a
member of single domain without any trusts.
o Additional printer migration support for XP/2003 platforms.
---
Module Name: pkgsrc
Committed By: sketch
Date: Fri Nov 12 08:42:58 UTC 2004
Modified Files:
pkgsrc/net/samba: Makefile
Log Message:
Use ${VARBASE} instead of hardcoding /var.
---
Module Name: pkgsrc
Committed By: kim
Date: Sat Nov 13 21:48:11 UTC 2004
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Added Files:
pkgsrc/net/samba/patches: patch-ag
Log Message:
Fix full name expansion (again).
|
|
|
|
security fix for ruby-base
Module Name: pkgsrc
Committed By: taca
Date: Tue Nov 9 14:11:33 UTC 2004
Modified Files:
pkgsrc/lang/ruby-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby-base/patches: patch-ar
Log Message:
Fix potential DoS problem in CGI module from Ruby's CVS repository.
(noted by CAN-2004-0983)
Bump package revision.
|
|
|
|
security fix for sudo
Module Name: pkgsrc
Committed By: cube
Date: Fri Nov 12 16:47:31 UTC 2004
Modified Files:
pkgsrc/security/sudo: Makefile PLIST.NetBSD PLIST.SunOS distinfo
Log Message:
Update to version 1.6.8pl2. Fixes a security flaw for the sad people using
bash-as-sh (and people allowing bash scripts to be run through sudo). The
user could override commands by functions of her own.
ChangeLog:
549) Bash exported functions and the CDPATH variable are now stripped from
the environment passed to the program to be executed.
|
|
|
|
PLIST fix for jakarta-tomcat
|
|
|
|
remove gaim1 packages, they have been vulnerable for a long time,
and no fixes will be forthcoming.
|
|
|
|
security fix for mpg123
Module Name: pkgsrc
Committed By: tron
Date: Sun Nov 7 08:55:04 UTC 2004
Modified Files:
pkgsrc/audio/mpg123: Makefile distinfo
pkgsrc/audio/mpg123-esound: Makefile
pkgsrc/audio/mpg123-nas: Makefile
pkgsrc/audio/mpg123/patches: patch-aq
Log Message:
Add fix for security vulnerability reported in CAN-2004-0982 based on
patches from Debian's advisory DSA-578. Bump package revision because
of this fix.
|
|
|
|
security and bug fixes for postgresql73
Module Name: pkgsrc
Committed By: jdolecek
Date: Sun Oct 10 15:58:03 UTC 2004
Modified Files:
pkgsrc/databases/postgresql73-client: Makefile
Log Message:
kill -O pax argument - it's not portable, and it's not needed here
in first place
fixes PR pkg/23829 by Michal Pasternak
---
Module Name: pkgsrc
Committed By: jdolecek
Date: Sun Oct 10 17:27:43 UTC 2004
Modified Files:
pkgsrc/databases/postgresql73: Makefile.common
Added Files:
pkgsrc/databases/postgresql73/files: netbsd.c netbsd.h
Log Message:
Update the NetBSD dynloader wrapper code to use straigh dl*() calls on all
archs. This fixes support for dynamic loading on mips and also improves
error reporting.
Fixes PR pkg/25473 by Byron Servies.
PKGREVISION not bumped, will ride update to 7.3.7
---
Module Name: pkgsrc
Committed By: jdolecek
Date: Sun Oct 10 17:46:07 UTC 2004
Modified Files:
pkgsrc/databases/postgresql73: Makefile.common distinfo
pkgsrc/databases/postgresql73-client: Makefile
pkgsrc/databases/postgresql73-lib: Makefile
pkgsrc/databases/postgresql73-pltcl: Makefile
pkgsrc/databases/postgresql73-server: Makefile
pkgsrc/doc: CHANGES
Log Message:
Update to PostgreSQL 7.3.7.
Changes:
* Prevent possible loss of committed transactions during crash
Due to insufficient interlocking between transaction commit and
checkpointing, it was possible for transactions committed just
before the most recent checkpoint to be lost, in whole or in part,
following a database crash and restart. This is a serious bug that
has existed since PostgreSQL 7.1.
* Remove asymmetrical word processing in tsearch (Teodor)
* Properly schema-qualify function names when pg_dump'ing a CAST
---
Module Name: pkgsrc
Committed By: jdolecek
Date: Sun Oct 10 17:48:34 UTC 2004
Modified Files:
pkgsrc/databases/jdbc-postgresql: Makefile distinfo
pkgsrc/doc: CHANGES
Log Message:
Update to JDBC driver included with PostgreSQL 7.3.7.
Notable change in 7.3.5:
* Remove ability to bind a list of values to a single parameter in
JDBC (prevents possible SQL-injection attacks)
---
Module Name: pkgsrc
Committed By: kristerw
Date: Thu Oct 14 17:58:43 UTC 2004
Modified Files:
pkgsrc/databases/postgresql73-docs: Makefile PLIST
Log Message:
Correct PLIST.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: jdolecek
Date: Sun Oct 10 18:26:00 UTC 2004
Modified Files:
pkgsrc/databases/postgresql73: distinfo
pkgsrc/databases/postgresql73/patches: patch-ad
Added Files:
pkgsrc/databases/postgresql73/patches: patch-aj
Log Message:
add patches to make it possible to compile PL/Python
---
Module Name: pkgsrc
Committed By: jdolecek
Date: Mon Oct 25 17:40:01 UTC 2004
Modified Files:
pkgsrc/databases/jdbc-postgresql: Makefile distinfo
pkgsrc/databases/postgresql73: Makefile.common distinfo
pkgsrc/databases/postgresql73-docs: Makefile
pkgsrc/doc: CHANGES
Log Message:
Update all postgresql73 packages to 7.3.8. This fixes following two issues:
* A vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access
transaction status" failures, which qualifies it as a potential-data-loss bug.
---
Module Name: pkgsrc
Committed By: he
Date: Mon Nov 1 22:32:26 UTC 2004
Modified Files:
pkgsrc/databases/postgresql73-docs: PLIST
Log Message:
Correct PLIST after upgrade to postgresql 7.3.8.
|
|
|