Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
bugfix update for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.160
- pkgsrc/www/squid/distinfo 1.104
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 21 15:06:07 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to squid-2.5.10nb5.
Three new official patches are added.
o 2005-09-19 15:50 (Cosmetic) --with-maxfd=N configure option to override
max filedescriptors test
o 2005-09-16 21:58 (Minor) invalid host is processed as IP 255.255.255.255
in dst acl
o 2005-09-16 21:49 (Cosmetic) Odd results when pipeline_prefetch
is combined with NTLM authentication
One official patch was updated.
o 2005-09-20 12:29 (Major) FATAL: Incorrect scheme in auth header
|
|
security update for firefox-bin
Revisions pulled up:
- pkgsrc/www/firefox-bin/Makefile 1.10
- pkgsrc/www/firefox-bin/distinfo 1.12
Module Name: pkgsrc
Committed By: tron
Date: Wed Sep 21 10:07:39 UTC 2005
Modified Files:
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update "firefox-bin" package to version 1.0.7. Changes since version 1.0.6:
- Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed
by the shell
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
|
|
security and portability fixes for ruby16-base
Revisions pulled up:
- pkgsrc/lang/ruby16-base/Makefile 1.4, 1.5
- pkgsrc/lang/ruby16-base/distinfo 1.2, 1.3
- pkgsrc/lang/ruby16-base/patches/patch-aa 1.2
- pkgsrc/lang/ruby16-base/patches/patch-ab 1.2
- pkgsrc/lang/ruby16-base/patches/patch-al 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 18 13:36:30 UTC 2005
Modified Files:
pkgsrc/lang/ruby16-base: Makefile distinfo
pkgsrc/lang/ruby16-base/patches: patch-aa patch-ab
Added Files:
pkgsrc/lang/ruby16-base/patches: patch-al
Log Message:
Adding DrafonFly BSD support provided by Joerg Sonnenberger.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 21 14:04:55 UTC 2005
Modified Files:
pkgsrc/lang/ruby16-base: Makefile distinfo
Log Message:
Add a patch for fix the security problem which allows an arbitrary code
to run bypassing the safe level check.
Bump PKGREVISION.
|
|
security and portability fixes for ruby18-base
Revisions pulled up:
- pkgsrc/lang/ruby18-base/Makefile 1.7, 1.8
- pkgsrc/lang/ruby18-base/distinfo 1.3, 1.4, 1.5
- pkgsrc/lang/ruby18-base/patches/patch-aa 1.2
- pkgsrc/lang/ruby18-base/patches/patch-ab 1.2
- pkgsrc/lang/ruby18-base/patches/patch-ad 1.1
- pkgsrc/lang/ruby18-base/patches/patch-au 1.1
- pkgsrc/lang/ruby18-base/patches/patch-av 1.1
- pkgsrc/lang/ruby18-base/patches/patch-aw 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ax 1.1
- pkgsrc/lang/ruby18-base/patches/patch-ay 1.1
- pkgsrc/lang/ruby18-base/patches/patch-az 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 18 13:38:50 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-au patch-av patch-aw patch-ax
patch-ay patch-az
Log Message:
Adding DrafonFly BSD support based on patch provided by Joerg Sonnenberger.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Sep 19 15:19:13 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: distinfo
pkgsrc/lang/ruby18-base/patches: patch-aa patch-ab
Log Message:
Rearrange configure script a little:
- Correct case statement moving "interix3*)" to before "interrix*)" since
"interix3*)" wouldn't match and always match to "interix*)".
- Remove "interix3*" in the case condition which always "interix*" pattern.
This dosen't fix anything bulding on Interix3 (SFU 3.5) and on other
platforms, but fix obvious mistake in configure script.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 21 14:03:22 UTC 2005
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Add a patch for fix the security problem which allows an arbitrary code
to run bypassing the safe level check.
The patch was provided by Yukihiro Matsumoto on ruby-dev mailing list.
Bump PKGREVISION.
|
|
|
|
patchfile fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.159
- pkgsrc/www/squid/distinfo 1.103
Module Name: pkgsrc
Committed By: taca
Date: Fri Sep 16 14:19:00 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
The latest official patch updated to make NTLM authentication work again.
Bump PKGREVISION.
|
|
|
|
bugfix update for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.158
- pkgsrc/www/squid/distinfo 1.102
- pkgsrc/www/squid/options.mk 1.4
- pkgsrc/www/squid/patches/patch-ag 1.21
- pkgsrc/www/squid/patches/patch-an 1.9
- pkgsrc/www/squid/patches/patch-ap 1.2
- pkgsrc/www/squid/patches/patch-bb 1.8
- pkgsrc/www/squid/patches/patch-cd removed
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 15 15:40:47 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo options.mk
pkgsrc/www/squid/patches: patch-ag patch-an patch-ap patch-bb
Removed Files:
pkgsrc/www/squid/patches: patch-cd
Log Message:
Update squid package to 2.5.10nb3.
- pkgsrc update:
o s/SQUID_BACKEND/SQUID_BACKENDS/ as suggested by pkglint.
o Fix leaving ${PREFIX}/etc/squid/msntauth.conf.default out of PLIST.
o IP Filter related patches are incorporated to squid.
- Add/update official patches:
o 2005-09-15 11:15 (Major) FATAL: Incorrect scheme in auth header
o 2005-09-15 09:56 (Medium) Odd results on pipelined CONNECT requests
o 2005-09-13 23:59 (Minor) Transparent proxy problem with IP Filter
o 2005-09-11 01:53 (Medium) Clients bypassing delay pools by faking
a cache hit
o 2005-09-11 01:42 (Cosmetic) Allow leaving core dumps on Linux
o 2005-09-11 01:21 (Cosmetic) enums can not be assumed to be signed ints
o 2005-09-11 01:21 (Cosmetic) Incorrect store dir selection debug message
on objects >2G
o 2005-09-11 00:57 (Minor) LDAP helpers does not work with TLS (-Z option)
|
|
|
|
security update for xchat
Revisions pulled up:
- pkgsrc/chat/xchat/Makefile.common 1.44, 1.45
- pkgsrc/chat/xchat/PLIST 1.7
- pkgsrc/chat/xchat/distinfo 1.24, 1.25
Module Name: pkgsrc
Committed By: tron
Date: Tue Aug 23 22:48:07 UTC 2005
Modified Files:
pkgsrc/chat/xchat: Makefile Makefile.common PLIST distinfo
Log Message:
Update "xchat" to version 2.4.4. Change since version 2.4.3:
- Updated translations (hi, ko, lt, pa, ru, vi, zh_TW).
- People's away message is now shown in the right-click menu, if
known (Christopher Aillon).
- The "Bind to:" setting can now be set to 0.0.0.0 [1176256].
- Plugin API: Don't crash if a print-event closes the current context
and doesn't eat the event [1175674].
- Disabled parsing of quotation marks for /JOIN, so you can join
channels with a quote in them (Dan Fruehauf).
- Fixed truncation of the URL in the right-click menu. Now handles
UTF-8 properly [1188229].
- Fixed use of CP1255 charset, which would chop the last char when
receiving messages [1122089].
- The DCC windows now allow multiple selection and the columns auto
resize (Dan Fruehauf).
- Added "CTCP Sound to Channel" event [1159445].
- You can now drag and drop files into dialog windows to start file
transfers.
- Fixed: "XChat can't ban users with long idents" (Dan Fruehauf)
[1159447].
- Implemented taskbar flashing on unix. Requires a window manager
or taskbar that supports XUrgency flag (Adil).
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Sep 12 12:56:41 UTC 2005
Modified Files:
pkgsrc/chat/xchat: Makefile Makefile.common distinfo
Log Message:
Update "xchat" package to version 2.4.5. Changes since version 2.4.4:
- Updated translations (cs, el, fr, gl, it, nl, sl, sr, vi, zh_TW).
- Fixed incorrect information displayed in Plugins & scripts window
under unix (xc244-fixpluginns.diff).
- Added "/set irc_whois_front 1" option to show WHOIS in front tab.
- Lots of speed ups under the hood, mainly in handling of URL
highlighting during mouse motion. Also now allows underlining
.name and .info domains [1230265].
- Moved the "Insert color code" menu into the input box's right-
click menu.
- Fixed "Your Message" messing up when starting with a comma
[1230269].
- Added /id command to identify yourself to nickserv.
- Added /gui MSGBOX <text> for scripters.
- Added /menu command which lets plugins/scripts add their own
menu items.
- Added support for passive DCC chat via /DCC PCHAT <nick>.
- Added support for DCC sending and receiving very large files
(above 4 GB).
- Improved layout of "Info" button in the DCC windows.
- Improved layout of the nick-name right-click menu.
- Improved /help command's display of plugins/script commands.
- Fixed two bugs in detaching tabs (or CTRL-I) [1228926].
- Added /uselect command for scripters to select nick names in the
channel userlist (Daniel P. Stasinski).
- Fixed possible crashes while using the SJIS (Japanese) charset.
- Fixed various memory leaks in right-click menus.
|
|
|
|
security fix for squid
Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.155, 1.157
- pkgsrc/www/squid/PLIST 1.19
- pkgsrc/www/squid/distinfo 1.100, 1.101
- pkgsrc/www/squid/patches/patch-aa 1.17
- pkgsrc/www/squid/patches/patch-ag 1.20
- pkgsrc/www/squid/patches/patch-an 1.8
- pkgsrc/www/squid/patches/patch-ap 1.1
- pkgsrc/www/squid/patches/patch-bb 1.7
- pkgsrc/www/squid/patches/patch-cd 1.10, 1.11
Module Name: pkgsrc
Committed By: taca
Date: Tue Aug 9 15:48:30 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile PLIST distinfo
pkgsrc/www/squid/patches: patch-aa patch-cd
Added Files:
pkgsrc/www/squid/patches: patch-ap
Log Message:
- Add missing optional installed files.
- Slightly simplify installation of example configurations.
- Add official patches.
* 2005-07-11 00:46 (Cosmetic) The new --with-build-environment=...
option doesn't work
* 2005-07-09 08:58 (Cosmetic) Allow wb_ntlm_auth to run more silent
* 2005-07-03 08:24 (Cosmetic) "make all" gives many warnings
* 2005-06-29 20:36 (Minor) wbinfo_group.pl only looks into the first
group specified
* 2005-06-21 22:28 (Minor) FTP listings uses "BASE HREF" much more than
it needs to,
* 2005-06-22 10:46 (Cosmetic) Title in FTP listings somewhat messed up
* 2005-06-19 21:03 (Minor) SNMP GETNEXT fails if the given OID is
outside the Squid MIB
* 2005-06-19 09:39 (Minor) squid -k reconfigure internal corruption
if the type of a cache_dir is changed
* 2005-06-13 22:55 (Minor) httpd_accel_signle_host incompatible
with redireection
* 2005-06-30 08:49 (Minor) Core dump with --enable-ipf-transparent
if access to NAT device not granted
* 2005-06-27 21:24 (Minor) squid -k fails in combination with chroot
after patch for bug 1157
* 2005-06-09 08:01 (Minor) Squid internal icons served up with slightly
CVSincorrect HTTP headers
* 2005-06-06 21:38 (Cosmetic) Updated Spanish error messages
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 4 05:07:05 UTC 2005
Modified Files:
pkgsrc/www/squid: Makefile distinfo
pkgsrc/www/squid/patches: patch-ag patch-an patch-bb patch-cd
Log Message:
Update squid package to 2.5.10nb2.
- pkgsrc changes: check IP filter's header file <ipl.h> as well as
<netinet/ipl.h>.
- Apply recent official patches including a security fix for DoS noted by
http://secunia.com/advisories/16674/
* 2005-09-03 09:41 (Minor) E-mail sent when cache dies is blocked from
many antispam rules
* 2005-09-03 09:41 (Minor) Solaris 10 SPARC transparent proxy build problem
with ipfilter
* 2005-09-01 22:57 (Minor) snmo cacheClientTable fails on "long" IP
addresses
* 2005-09-01 22:49 (Minor) squid_ldap_auth -U does not work
* 2005-09-01 22:44 (Major) assertion failed:
store.c:523: "e->store_status == STORE_PENDING"
* 2005-09-01 22:39 (Cosmetic) Greek translation of error messages
* 2005-09-01 22:31 (Minor) Some odd FTP servers respond with 250
where 226 is expected
* 2005-09-01 22:26 (Cosmetic) Fails to compile with glibc -D_FORTIFY_SOURCE=2
* 2005-09-01 22:18 (Cosmetic) Odd URLs when failing to forward request via
parent and several error messages inconsistent
in reported request details
* 2005-09-01 22:09 (Minor) More chroot_dir and squid -k reconfigure issues
* 2005-09-01 21:56 (Medium) assertion failed:
StatHist.c:93: ((int) floor (0.99L + statHistVal(H, 0) - min)) == 0
* 2005-09-01 20:27 (Major) Segmentation fault in sslConnectTimeout
* 2005-08-19 09:31 (Minor) sync redeclarations when support for ARP acls
* 2005-08-14 17:05 (Cosmetic) New 'mail_program' configuration option in
squid.conf
|
|
|
|
|
|
build fix for PAM
Revision pulled up:
- pkgsrc/security/PAM/Makefile 1.35
Module Name: pkgsrc
Committed By: salo
Date: Thu Sep 8 21:57:56 UTC 2005
Modified Files:
pkgsrc/security/PAM: Makefile
Log Message:
Define USE_GETLOGIN for preprocessor instead so it later just DTRT.
Should fix PR pkg/30965
(the same issue was uncovered while working on a pullup ticket #738)
|
|
|
|
security fix for gpdf
Revisions pulled up:
- pkgsrc/print/gpdf/Makefile 1.29
- pkgsrc/print/gpdf/distinfo 1.12
- pkgsrc/print/gpdf/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: jmmv
Date: Mon Sep 5 14:42:43 UTC 2005
Modified Files:
pkgsrc/print/gpdf: Makefile distinfo
Added Files:
pkgsrc/print/gpdf/patches: patch-ab
Log Message:
Apply patch to fix CAN-2005-2097; taken from the Gentoo package, which
in turn took the patch from Red Hat. Bump PKGREVISION to 1.
|
|
|
|
security fix for phpldapadmin
Revisions pulled up:
- pkgsrc/databases/phpldapadmin/Makefile 1.11, 1.12, 1.13
- pkgsrc/databases/phpldapadmin/distinfo 1.6, 1.7
- pkgsrc/databases/phpldapadmin/patches/patch-ab 1.1
- pkgsrc/databases/phpldapadmin/patches/patch-aa 1.2
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Sep 3 16:14:18 UTC 2005
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile distinfo
Added Files:
pkgsrc/databases/phpldapadmin/patches: patch-ab
Log Message:
Security fix for http://secunia.com/advisories/16617/
Bump to nb4
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Sep 3 17:00:08 UTC 2005
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile distinfo
pkgsrc/databases/phpldapadmin/patches: patch-aa
Log Message:
Add updated patch-aa for a missed diff on login.php for the last
security fix
Re-do how .orig files are handled by pax as this wasn't working as
expected
Ride the previous package bump
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Sep 4 10:08:14 UTC 2005
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile
Log Message:
Use PAX options instead of ${FIND} and ${RM} to kill files that we don't
want to install. Patch from salo@ in private email.
No functional change.
|
|
|
|
security fix for php5
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.14
- pkgsrc/lang/php5/PLIST 1.6
- pkgsrc/lang/php5/buildlink3.mk 1.5
- pkgsrc/lang/php5/distinfo 1.7
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Sep 3 13:37:36 UTC 2005
Modified Files:
pkgsrc/lang/php5: Makefile PLIST distinfo
Log Message:
Update php5 to 5.0.4nb1 to address XML_RPC security issue(s)
Fix based on work done by tron@ for the PHP 4.x branch fix
PLIST fixup to correctly remove @PREFIX@/lib/php
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Sep 3 14:41:05 UTC 2005
Modified Files:
pkgsrc/lang/php5: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED to nb1 for recent security issue and fix typo
Fix suggested by salo@.
|
|
|
|
security update for nikto
Revisions pulled up:
- pkgsrc/security/nikto/MESSAGE 1.2
- pkgsrc/security/nikto/Makefile 1.6, 1.8
- pkgsrc/security/nikto/distinfo 1.4, 1.5
- pkgsrc/security/nikto/patches/patch-aa removed
- pkgsrc/security/nikto/patches/patch-ab 1.3
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jul 2 11:30:01 UTC 2005
Modified Files:
pkgsrc/security/nikto: MESSAGE Makefile distinfo
Added Files:
pkgsrc/security/nikto/patches: patch-ab
Removed Files:
pkgsrc/security/nikto/patches: patch-aa
Log Message:
- Update to 1.35
- Change MESSAGE based on new -config directive
- Remove outdated patch for bug that's no longer there in CHANGES.txt
- Set plugings directory in the default config.txt
- Point users to the installed customised config.txt instead of the sample
one
- From the CHANGELOG.txt
05.20.2005
Database Updates
- Multiple msgs updates from david.maciejak@kyxar.fr
- Multiple test updates from burak.dayioglu@pro-g.com.tr
nikto_core.plugin 1.31
- Bugfix: fingerprint was not including leading /. Thanks Axel
Meerschaert for the report.
- Bugfix: NMAPOPTS was not being used, thanks to David Rhoades
for patching.
- Added additional content checking to reduce false positives, thanks
to Pavel Kankovsky
nikto.pl 1.14
- Added -config option to specify a config file, thanks to Pavel
Kankovsky
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Sep 3 11:01:35 UTC 2005
Modified Files:
pkgsrc/security/nikto: Makefile distinfo
Log Message:
Update to include security warning for:
http://secunia.com/advisories/16669/
|
|
|
|
security fixes for phpldapadmin
Revisions pulled up:
- pkgsrc/databases/phpldapadmin/Makefile 1.8, 1.9, 1.10
- pkgsrc/databases/phpldapadmin/distinfo 1.5
- pkgsrc/databases/phpldapadmin/patches/patch-aa 1.1
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Aug 30 14:26:32 UTC 2005
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile distinfo
Added Files:
pkgsrc/databases/phpldapadmin/patches: patch-aa
Log Message:
Patch via Debian for recent security issue
Bump to nb2
---
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Aug 30 15:28:48 UTC 2005
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile
Log Message:
Remove .orig file in pre-install from patch-aa. Spotted by salo@.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Sep 1 19:56:57 UTC 2005
Modified Files:
pkgsrc/databases/phpldapadmin: Makefile
Log Message:
Add a depends on apache
Fix up previous handling of new patch as suggested by salo@ in private
email.
Bump PKGREVISION
|
|
|
|
security fix for apache2
Revisions pulled up:
- pkgsrc/www/apache2/Makefile 1.82
- pkgsrc/www/apache2/distinfo 1.41
- pkgsrc/www/apache2/patches/patch-ae 1.5
Module Name: pkgsrc
Committed By: tron
Date: Fri Sep 2 11:40:56 UTC 2005
Modified Files:
pkgsrc/www/apache2: Makefile distinfo
pkgsrc/www/apache2/patches: patch-ae
Log Message:
Add patch from Apache SVN repository to fix weak client certificate
validation reported in CAN-2005-2700. Bump package revision.
|
|
|
|
build fix for python24 modules
Revisions pulled up:
- pkgsrc/lang/python24/Makefile 1.11
- pkgsrc/lang/python24/distinfo 1.13
- pkgsrc/lang/python24/patches/patch-al 1.7
Module Name: pkgsrc
Committed By: darcy
Date: Wed Aug 31 12:13:03 UTC 2005
Modified Files:
pkgsrc/lang/python24: distinfo
pkgsrc/lang/python24/patches: patch-al
Log Message:
Fix problem where LDFLAGS is not being expanded on the command line.
Patch supplied by KISHIMOTO, Makoto <ksmakoto (you know what )
dd.iij4u.or.jp> Closes PR 31027
---
Module Name: pkgsrc
Committed By: darcy
Date: Thu Sep 1 13:14:35 UTC 2005
Modified Files:
pkgsrc/lang/python24: Makefile
Log Message:
Bump PKGREVISION for change made to patches/patch-al in revision 1.7 as
suggested by Lubomir Sedlacik in discussions on releng-pkgsrc and pullup
request 727.
|
|
|
|
|
|
build fix for pcre
Revision pulled up:
- pkgsrc/devel/pcre/Makefile 1.24
Module Name: pkgsrc
Committed By: spz
Date: Wed Aug 31 16:55:05 UTC 2005
Modified Files:
pkgsrc/devel/pcre: Makefile
Log Message:
added a workaround for core-dumping f77 on sparc64 (makes the package
work on NetBSD/sparc64 1.6.x)
|
|
|
|
security update for pcre
Revisions pulled up:
- pkgsrc/devel/pcre/Makefile 1.22-1.23
- pkgsrc/devel/pcre/PLIST 1.6
- pkgsrc/devel/pcre/distinfo 1.13
- pkgsrc/devel/pcre/patches/patch-aa removed
- pkgsrc/devel/pcre/buildlink3.mk 1.7
Module Name: pkgsrc
Committed By: wiz
Date: Wed Aug 3 17:43:13 UTC 2005
Modified Files:
pkgsrc/devel/pcre: Makefile PLIST distinfo
Removed Files:
pkgsrc/devel/pcre/patches: patch-aa
Log Message:
Update to 6.2:
Version 6.2 01-Aug-05
---------------------
1. There was no test for integer overflow of quantifier values. A
construction such as {1111111111111111} would give undefined results.
What is worse, if a minimum quantifier for a parenthesized subpattern
overflowed and became negative, the calculation of the memory size
went wrong. This could have led to memory overwriting.
2. Building PCRE using VPATH was broken. Hopefully it is now fixed.
3. Added "b" to the 2nd argument of fopen() in dftables.c, for
non-Unix-like operating environments where this matters.
4. Applied Giuseppe Maxia's patch to add additional features for
controlling PCRE options from within the C++ wrapper.
5. Named capturing subpatterns were not being correctly counted when a
pattern was compiled. This caused two problems: (a) If there were
more than 100 such subpatterns, the calculation of the memory needed
for the whole compiled pattern went wrong, leading to an overflow
error. (b) Numerical back references of the form \12, where the number
was greater than 9, were not recognized as back references, even
though there were sufficient previous subpatterns.
6. Two minor patches to pcrecpp.cc in order to allow it to compile on
older versions of gcc, e.g. 2.95.4.
Version 6.1 21-Jun-05
---------------------
1. There was one reference to the variable "posix" in pcretest.c that
was not surrounded by "#if !defined NOPOSIX".
2. Make it possible to compile pcretest without DFA support, UTF8
support, or the cross-check on the old pcre_info() function, for the
benefit of the cut-down version of PCRE that is currently imported
into Exim.
3. A (silly) pattern starting with (?i)(?-i) caused an internal space
allocation error. I've done the easy fix, which wastes 2 bytes for
sensible patterns that start (?i) but I don't think that matters.
The use of (?i) is just an example; this all applies to the other
options as well.
4. Since libtool seems to echo the compile commands it is issuing, the
output from "make" can be reduced a bit by putting "@" in front of
each libtool compile command.
5. Patch from the folks at Google for configure.in to be a bit more
thorough in checking for a suitable C++ installation before trying
to compile the C++ stuff. This should fix a reported problem when a
compiler was present, but no suitable headers.
6. The man pages all had just "PCRE" as their title. I have changed them
to be the relevant file name. I have also arranged that these names
are retained in the file doc/pcre.txt, which is a concatenation in
text format of all the man pages except the little individual ones
for each function.
7. The NON-UNIX-USE file had not been updated for the different set of
source files that come with release 6. I also added a few comments
about the C++ wrapper.
Version 6.0 07-Jun-05
---------------------
1. Some minor internal re-organization to help with my DFA experiments.
2. Some missing #ifdef SUPPORT_UCP conditionals in pcretest and printint
that didn't matter for the library itself when fully configured, but
did matter when compiling without UCP support, or within Exim, where
the ucp files are not imported.
3. Refactoring of the library code to split up the various functions
into different source modules. The addition of the new DFA matching
code (see below) to a single monolithic source would have made it
really too unwieldy, quite apart from causing all the code to be
include in a statically linked application, when only some functions
are used. This is relevant even without the DFA addition now that
patterns can be compiled in one application and matched in another.
The downside of splitting up is that there have to be some external
functions and data tables that are used internally in different
modules of the library but which are not part of the API. These have
all had their names changed to start with "_pcre_" so that they are
unlikely to clash with other external names.
4. Added an alternate matching function, pcre_dfa_exec(), which matches
using a different (DFA) algorithm. Although it is slower than the
original function, it does have some advantages for certain types of
matching problem.
5. Upgrades to pcretest in order to test the features of pcre_dfa_exec(),
including restarting after a partial match.
6. A patch for pcregrep that defines INVALID_FILE_ATTRIBUTES if it is not
defined when compiling for Windows was sent to me. I have put it into the
code, though I have no means of testing or verifying it.
7. Added the pcre_refcount() auxiliary function.
8. Added the PCRE_FIRSTLINE option. This constrains an unanchored
pattern to match before or at the first newline in the subject
string. In pcretest, the /f option on a pattern can be used to
set this.
9. A repeated \w when used in UTF-8 mode with characters greater than 256
would behave wrongly. This has been present in PCRE since release 4.0.
10. A number of changes to the pcregrep command:
(a) Refactored how -x works; insert ^(...)$ instead of setting
PCRE_ANCHORED and checking the length, in preparation for adding
something similar for -w.
(b) Added the -w (match as a word) option.
(c) Refactored the way lines are read and buffered so as to have more
than one at a time available.
(d) Implemented a pcregrep test script.
(e) Added the -M (multiline match) option. This allows patterns to
match over several lines of the subject. The buffering ensures
that at least 8K, or the rest of the document (whichever is the
shorter) is available for matching (and similarly the previous
8K for lookbehind assertions).
(f) Changed the --help output so that it now says
-w, --word-regex(p)
instead of two lines, one with "regex" and the other with "regexp"
because that confused at least one person since the short forms
are the same. (This required a bit of code, as the output is
generated automatically from a table. It wasn't just a text
change.)
(g) -- can be used to terminate pcregrep options if the next thing
isn't an option but starts with a hyphen. Could be a pattern or
a path name starting with a hyphen, for instance.
(h) "-" can be given as a file name to represent stdin.
(i) When file names are being printed, "(standard input)" is used for
the standard input, for compatibility with GNU grep. Previously
"<stdin>" was used.
(j) The option --label=xxx can be used to supply a name to be used for
stdin when file names are being printed. There is no short form.
(k) Re-factored the options decoding logic because we are going to
add two more options that take data. Such options can now be
given in four different ways, e.g. "-fname", "-f name",
"--file=name", "--file name".
(l) Added the -A, -B, and -C options for requesting that lines of
context around matches be printed.
(m) Added the -L option to print the names of files that do not
contain any matching lines, that is, the complement of -l.
(n) The return code is 2 if any file cannot be opened, but pcregrep
does continue to scan other files.
(o) The -s option was incorrectly implemented. For compatibility with
other greps, it now suppresses the error message for a
non-existent or non-accessible file (but not the return code).
There is a new option called -q that suppresses the output of
matching lines, which was what -s was previously doing.
(p) Added --include and --exclude options to specify files for
inclusion and exclusion when recursing.
11. The Makefile was not using the Autoconf-supported LDFLAGS macro
properly. Hopefully, it now does.
12. Missing cast in pcre_study().
13. Added an "uninstall" target to the makefile.
14. Replaced "extern" in the function prototypes in Makefile.in with
"PCRE_DATA_SCOPE", which defaults to 'extern' or 'extern "C"' in the
Unix world, but is set differently for Windows.
15. Added a second compiling function called pcre_compile2(). The only
difference is that it has an extra argument, which is a pointer to an
integer error code. When there is a compile-time failure, this is set
non-zero, in addition to the error test pointer being set to point to
an error message. The new argument may be NULL if no error number is
required (but then you may as well call pcre_compile(), which is now
just a wrapper). This facility is provided because some applications
need a numeric error indication, but it has also enabled me to tidy
up the way compile-time errors are handled in the POSIX wrapper.
16. Added VPATH=.libs to the makefile; this should help when building
with one prefix path and installing with another. (Or so I'm told by
someone who knows more about this stuff than I do.)
17. Added a new option, REG_DOTALL, to the POSIX function regcomp(). This
passes PCRE_DOTALL to the pcre_compile() function, making the "."
character match everything, including newlines. This is not
POSIX-compatible, but somebody wanted the feature. From pcretest it
can be activated by using both the P and the s flags.
18. AC_PROG_LIBTOOL appeared twice in Makefile.in. Removed one.
19. libpcre.pc was being incorrectly installed as executable.
20. A couple of places in pcretest check for end-of-line by looking for
'\n'; it now also looks for '\r' so that it will work unmodified on
Windows.
21. Added Google's contributed C++ wrapper to the distribution.
22. Added some untidy missing memory free() calls in pcretest, to keep
Electric Fence happy when testing.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 4 09:52:54 UTC 2005
Modified Files:
pkgsrc/devel/pcre: Makefile
Log Message:
Automatic build of the cpp library is currently broken,
build it manually.
---
Module Name: pkgsrc
Committed By: salo
Date: Tue Aug 30 12:34:07 UTC 2005
Modified Files:
pkgsrc/devel/pcre: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED for latest update with security fixes.
|
|
|
|
security update for elmo
Revisions pulled up:
- pkgsrc/mail/elmo/Makefile 1.6, 1.7
- pkgsrc/mail/elmo/PLIST 1.2
- pkgsrc/mail/elmo/distinfo 1.4
- pkgsrc/mail/elmo/patches/patch-aa 1.1
- pkgsrc/mail/elmo/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 16 15:40:56 UTC 2005
Modified Files:
pkgsrc/mail/elmo: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/elmo/patches: patch-aa patch-ab
Log Message:
Update to 1.3.2, provided by the maintainer Robert Lillack in
private mail.
New in 1.3.2
- support for matching arbitrary headers in rules
- bugfixes
pkgsrc includes additional changes:
- fix for http://secunia.com/advisories/15977/
- work around an annoying header parsing issue which
resulted in totally garbled date sorting
- work around random SIGSEVs
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Aug 29 17:53:49 UTC 2005
Modified Files:
pkgsrc/mail/elmo: Makefile
Log Message:
Add in a specific reference to ${BUILDLINK_PREFIX.openssl} so that
configure finds the right OpenSSL.
|
|
|
|
security update for phpmyadmin
Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.33
- pkgsrc/databases/phpmyadmin/PLIST 1.11
- pkgsrc/databases/phpmyadmin/distinfo 1.13
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Aug 29 17:09:31 UTC 2005
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update to 2.6.4-rc1
Security fix for two XSS security issues
Lots of other changes, a brief summary includes:
> Improvements:
> Foreign-key dropdowns can be more customized
> Export: configurable filename templates
> Display column comments while editing data
> Transformations: new hexadecimal mode
> HTTP auth: support FastCGI
> Themes: can now have different theme per server
> OLD_PASSWORD in the list of functions
> Better messages when checking numerical input
> Allow adding DROP TABLE when copying databases
> Better support of information_schema
> Various interface CSS improvements
> Tree subgroups in left panel database selector
> Documentation: links and anchors to every FAQ item
> Table comments move to page header
> Export: configurable default charset
> Removed warning about PmaAbsoluteUri not set
> Fixes:
> Database search in MySQL 5.0.x on fields without a charset
> Invalid "normal" cursor style
> Browsing state when deleting multiple rows
> Support bigger queries in print view, insert row, export results
> Unsaved changes to relations were lost when changing display field
> Exporting under IE 6 (Windows XP SP2)
> Better catching of parse errors in config file
> XSS on the cookie-based login panel
> Show all while browsing foreign values
> Escaping of special characters in ENUM or SET
> XSS on table creation page
> Using mysqli extension with MySQL 4.0.x
> "empty result set" message was sometimes not returned
> Incorrect message "You should define a primary key"
> Abide cfg['Lang'] settings even if using MySQL > 4.1.x
|
|
|
|
update and security fix for gnats
Revisions pulled up:
- pkgsrc/databases/gnats/Makefile 1.20 (partially), 1.21
- pkgsrc/databases/gnats/MESSAGE 1.7
- pkgsrc/databases/gnats/PLIST 1.9
- pkgsrc/databases/gnats/distinfo 1.7, 1.8
- pkgsrc/databases/gnats/patches/patch-aa 1.3, 1.4
- pkgsrc/databases/gnats/patches/patch-ab 1.4
- pkgsrc/databases/gnats/patches/patch-ac 1.4
- pkgsrc/databases/gnats/patches/patch-ad 1.3
- pkgsrc/databases/gnats/patches/patch-ae 1.3
Module Name: pkgsrc
Committed By: recht
Date: Sat Aug 27 22:24:02 UTC 2005
Modified Files:
pkgsrc/databases/gnats: MESSAGE Makefile PLIST distinfo
pkgsrc/databases/gnats/patches: patch-aa patch-ab
Added Files:
pkgsrc/databases/gnats/patches: patch-ac patch-ad patch-ae
Log Message:
Update to gnats 4.1.0.
Make a overhaul of the package and bring it closer to pkgsrc standards.
Addresses PR 26174 by Hauke Fath.
changes:
This is GNATS 4.1.0, a release that incorporates multiple bug fixes
and enhancements that have been committed to CVS since the release of
GNATS 4.0. Notable enhancements include:
- Upgrade to autoconf 2.59 generated configure scripts.
- New PR numbers are reported to the client upon new submissions
- Rewrite of install-sid. Now, rather than editing send-pr, which can
be installed on a read-only partition, install-sid creates or edits
user or site configuration files ~/.send-pr.conf or
/etc/gnats/send-pr.conf.
- Removal of libiberty, old manpages, and old build framework cruft
- Performance enhancements to indexing code
- Various cleanups and bugfixes. See the ChangeLog files for details.
---
Module Name: pkgsrc
Committed By: recht
Date: Sun Aug 28 12:36:42 UTC 2005
Modified Files:
pkgsrc/databases/gnats: Makefile distinfo
pkgsrc/databases/gnats/patches: patch-aa
Log Message:
Add a patch from gnats CSV to fix the security problem noted in:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2180
Patch by adrianp@.
ChangeLog from gnats CSV:
* Makefile.in (install-gnats-tools, install-gnats-bin): Removed chown
and chmod entries for setting binaries suid. CAN-2005-2180 advisory.
gen-index as setuid root can overwrite any system file.
Bump PKGREVISION to 1.
|
|
|
|
security fix for apache2
Revisions pulled up:
- pkgsrc/www/apache2/Makefile 1.81
- pkgsrc/www/apache2/distinfo 1.40
- pkgsrc/www/apache2/patches/patch-ah 1.8
- pkgsrc/www/apache2/patches/patch-aj 1.3
Module Name: pkgsrc
Committed By: tron
Date: Sun Aug 28 08:36:55 UTC 2005
Modified Files:
pkgsrc/www/apache2: Makefile distinfo
Added Files:
pkgsrc/www/apache2/patches: patch-ah patch-aj
Log Message:
- Add security patch for CAN-2005-2491 from Apache SVN repository.
- Add patch for high memory usage caused by "Byterange" support
from Apache SVN repository.
Bump package revision because of the above changes.
|
|
|
|
security fix for mplayer
Revisions pulled up:
- pkgsrc/multimedia/gmplayer/Makefile 1.37
- pkgsrc/multimedia/mencoder/Makefile 1.22
- pkgsrc/multimedia/mplayer/Makefile 1.20
- pkgsrc/multimedia/mplayer-share/distinfo 1.23
- pkgsrc/multimedia/mplayer-share/patches/patch-ag 1.1
Module Name: pkgsrc
Committed By: dogcow
Date: Sat Aug 27 06:59:52 UTC 2005
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile
pkgsrc/multimedia/mencoder: Makefile
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-ag
Log Message:
Security fix for mplayer as given in
http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt .
bump PKGREVISION of affected pkgs.
|
|
|
|
security fix for evolution
Revisions pulled up:
- pkgsrc/mail/evolution/Makefile 1.90
- pkgsrc/mail/evolution/distinfo 1.40
- pkgsrc/mail/evolution/patches/patch-ad 1.8
- pkgsrc/mail/evolution/patches/patch-ae 1.5
- pkgsrc/mail/evolution/patches/patch-af 1.6
- pkgsrc/mail/evolution/patches/patch-ag 1.7
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Aug 24 10:59:12 UTC 2005
Modified Files:
pkgsrc/mail/evolution: Makefile distinfo
Added Files:
pkgsrc/mail/evolution/patches: patch-ad patch-ae patch-af patch-ag
Log Message:
Fix for format string security issue:
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
Tested by myself and jmmv@
Bump to nb1
|
|
|
|
security fix for cvs
Revisions pulled up:
- pkgsrc/devel/cvs/Makefile 1.86
- pkgsrc/devel/cvs/distinfo 1.27
- pkgsrc/devel/cvs/patches/patch-ba 1.1
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Aug 26 21:36:29 UTC 2005
Modified Files:
pkgsrc/devel/cvs: Makefile distinfo
Added Files:
pkgsrc/devel/cvs/patches: patch-ba
Log Message:
Fix for http://secunia.com/advisories/16553/ via RedHat.
|
|
|