Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security update for netpbm
Revisions pulled up:
- pkgsrc/graphics/netpbm/Makefile 1.136, 1.137, 1.138, 1.142, 1.143
- pkgsrc/graphics/netpbm/distinfo 1.54, 1.56, 1.58, 1.59
- pkgsrc/graphics/netpbm/patches/patch-aa 1.37, 1.38
- pkgsrc/graphics/netpbm/patches/patch-ab 1.20
- pkgsrc/graphics/netpbm/patches/patch-ac removed
- pkgsrc/graphics/netpbm/patches/patch-ag removed
- pkgsrc/graphics/netpbm/patches/patch-ai removed
- pkgsrc/graphics/netpbm/patches/patch-aj removed
- pkgsrc/graphics/netpbm/patches/patch-ca 1.1
Module Name: pkgsrc
Committed By: tron
Date: Mon Apr 3 16:46:51 UTC 2006
Modified Files:
pkgsrc/graphics/netpbm: Makefile
Log Message:
Make sure all documentation files are installed world readable. Bump
package revision because this change affects the binary package.
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Apr 3 16:53:58 UTC 2006
Modified Files:
pkgsrc/graphics/netpbm: Makefile
Log Message:
Make last change work with IRIX's old fashioned "find" command.
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Apr 17 08:11:17 UTC 2006
Modified Files:
pkgsrc/graphics/netpbm: Makefile distinfo
Removed Files:
pkgsrc/graphics/netpbm/patches: patch-ag
Log Message:
Changes 10.33:
Add pamtosvg.
g3topbm: Add -width, -paper_size.
libnetpbm / most newer programs: Fix bug that produces
plain format output when it should be raw because
pnm_readpaminit() does not set 'plainformat' and most
programs just copy the input pam to the output pam.
pamflip: fix bug with left/right flip of PBM that has
width an even multiple of 8 plus something less than 8.
pnmquant: turn on autoflush when creating seekable file.
install: fix symbolic link pnmdepth -> pamdepth.
build: fix some importinc dependencies.
---
Module Name: pkgsrc
Committed By: jlam
Date: Wed May 10 17:19:00 UTC 2006
Modified Files:
pkgsrc/graphics/netpbm: distinfo
Added Files:
pkgsrc/graphics/netpbm/patches: patch-ca
Log Message:
On FreeBSD 4.x, <netinet/in.h> needs <sys/types.h> to be included first.
---
Module Name: pkgsrc
Committed By: minskim
Date: Sun Jun 18 16:18:11 UTC 2006
Modified Files:
pkgsrc/graphics/netpbm: Makefile distinfo
pkgsrc/graphics/netpbm/patches: patch-aa
Log Message:
Build .dylib instead of .so on Darwin. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: adam
Date: Sun Jun 25 06:35:58 UTC 2006
Modified Files:
pkgsrc/graphics/netpbm: Makefile distinfo
pkgsrc/graphics/netpbm/patches: patch-aa patch-ab
Removed Files:
pkgsrc/graphics/netpbm/patches: patch-ac patch-ag patch-ai patch-aj
Log Message:
This is a security update, which fixes a buffer overflow vulnerability.
Changes 10.34:
* Add pamthreshold, pamx, pamtoxvmini.
* pammasksharpen: Add -threshold.
* pnmtopng: make "N colors found" message verbose-only.
* pnmtopng: make "no room in palette" message non-verbose.
* picttoppm: Tolerate various PICT file corruptions.
* picttoppm: Don't issue warning message when file named
'fontdir' doesn't exist.
* libnetpbm: Add ppmd_fill_path().
* ppmtobmp: Fix for PBM input.
* bmptopnm: Don't crash on BMP with no color map.
* bmptopnm: Fix wrong file name in error messages.
* ppmtogif: fix bug: always produces garbage output.
* ppmtompeg: fix input from Standard Input.
* pnmflip: fix bug: -rotate90, -rotate180, and -rotate270
(and synonyms) don't work when followed by other rotation options.
* ppmtoilbm: Fig bug: generates more planes than necessary.
* pamtofits: fix buffer overflow in asembling header.
* picttoppm: fix bug - interprets some images wrong because of
bogus "rowBytes" value.
* Redo asprintfN(), etc. so as not to use va_list in a way
that doesn't work on some machines.
* cameratopam: remove definition of memmem() so it doesn't collide
with same in some C libraries. Add memmemN() and MEMEQ to libnetpbm.
* Fix build of filename.o.
|
|
|
|
security fix for gnupg-devel
Revisions pulled up:
- pkgsrc/security/gnupg-devel/Makefile 1.17
- pkgsrc/security/gnupg-devel/distinfo 1.12
- pkgsrc/security/gnupg-devel/patches/patch-ba 1.1
Module Name: pkgsrc
Committed By: shannonjr
Date: Fri Jun 23 12:28:55 UTC 2006
Modified Files:
pkgsrc/security/gnupg-devel: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/security/gnupg-devel/patches: patch-ba
Log Message:
Backport fix for CVE-2006-3082 from GnuPG: trunk/g10/
|
|
|
|
security update for gnupg
Revisions pulled up:
- pkgsrc/security/gnupg/Makefile 1.83, 1.86
- pkgsrc/security/gnupg/PLIST 1.16
- pkgsrc/security/gnupg/distinfo 1.39, 1.40
- pkgsrc/security/gnupg/options.mk 1.6, 1.7
- pkgsrc/security/gnupg/patches/patch-aa 1.11
- pkgsrc/security/gnupg/patches/patch-ak 1.3
- pkgsrc/security/gnupg/patches/patch-ba 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 4 21:16:37 UTC 2006
Modified Files:
pkgsrc/security/gnupg: Makefile PLIST distinfo options.mk
pkgsrc/security/gnupg/patches: patch-aa patch-ak
Log Message:
Update to 1.4.3:
Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------
* If available, cURL-based keyserver helpers are built that can
retrieve keys using HKP or any protocol that cURL supports
(HTTP, HTTPS, FTP, FTPS, etc). If cURL is not available, HKP
and HTTP are still supported using a built-in cURL emulator. To
force building the old pre-cURL keyserver helpers, use the
configure option --enable-old-keyserver-helpers. Note that none
of this affects finger or LDAP support, which are unchanged.
Note also that a future version of GnuPG will remove the old
keyserver helpers altogether.
* Implemented Public Key Association (PKA) signature verification.
This uses special DNS records and notation data to associate a
mail address with an OpenPGP key to prove that mail coming from
that address is legitimate without the need for a full trust
path to the signing key.
* When exporting subkeys, those specified with a key ID or
fingerpint and the '!' suffix are now merged into one keyblock.
* Added "gpg-zip", a program to create encrypted archives that can
interoperate with PGP Zip.
* Added support for signing subkey cross-certification "back
signatures". Requiring cross-certification to be present is
currently off by default, but will be changed to on by default
in the future, once more keys use it. A new "cross-certify"
command in the --edit-key menu can be used to update signing
subkeys to have cross-certification.
* The key cleaning options for --import-options and
--export-options have been further polished. "import-clean" and
"export-clean" replace the older
import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids option pairs.
* New "minimize" command in the --edit-key menu removes everything
that can be removed from a key, rendering it as small as
possible. There are corresponding "export-minimal" and
"import-minimal" commands for --export-options and
--import-options.
* New --fetch-keys command to retrieve keys by specifying a URI.
This allows direct key retrieval from a web page or other
location that can be specified in a URI. Available protocols
are HTTP and finger, plus anything that cURL supplies, if built
with cURL support.
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
* The keyserver helpers can now handle keys in either ASCII armor
or binary format.
* New auto-key-locate option that takes an ordered list of methods
to locate a key if it is not available at encryption time (-r or
--recipient). Possible methods include "cert" (use DNS CERT as
per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
server for the domain in question), "keyserver" (use the
currently defined keyserver), as well as arbitrary keyserver
URIs that will be contacted for the key.
* Able to retrieve keys using DNS CERT records as per RFC-2538bis
(currently in draft): http://www.josefsson.org/rfc2538bis
pkgsrc change:
make architecture-specific options really architecture-specific.
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Apr 5 10:04:12 UTC 2006
Modified Files:
pkgsrc/security/gnupg: options.mk
Log Message:
--with-libcurl is on per default, so revert the logics
(no functional change, just more effective because a compile check
is skipped)
---
Module Name: pkgsrc
Committed By: salo
Date: Sat Jun 24 14:20:29 UTC 2006
Modified Files:
pkgsrc/security/gnupg: Makefile distinfo
Added Files:
pkgsrc/security/gnupg/patches: patch-ba
Log Message:
Security fix for CVE-2006-3082:
"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
allows remote attackers to cause a denial of service (gpg crash) and
possibly overwrite memory via a message packet with a large length,
which could lead to an integer overflow, as demonstrated using the
--no-armor option."
Patch from GnuPG CVS repository.
Bump PKGREVISION.
|
|
|
|
security update for chmlib
Revisions pulled up:
- pkgsrc/devel/chmlib/Makefile 1.14
- pkgsrc/devel/chmlib/PLIST 1.3
- pkgsrc/devel/chmlib/distinfo 1.11
- pkgsrc/devel/chmlib/patches/patch-ab removed
- pkgsrc/devel/chmlib/patches/patch-ac 1.2
Module Name: pkgsrc
Committed By: salo
Date: Fri Jun 23 12:56:26 UTC 2006
Modified Files:
pkgsrc/devel/chmlib: Makefile PLIST distinfo
pkgsrc/devel/chmlib/patches: patch-ac
Removed Files:
pkgsrc/devel/chmlib/patches: patch-ab
Log Message:
Update to version 0.38
Changes:
- Security fix for extract_chmLib. Pathnames containing a ".." element
will not be extracted. There doesn't seem to be a legitimate reason
to use ".." as a path element in a chm file.
http://secunia.com/advisories/20734/
- Fix for reading some chm files. Running over a large directory of chm
files, about 1% of them turned out to be unreadable. This resulted
from an incomplete understanding of one of the header fields
(index_root). Apparently, this can take negative values other than -1.
|
|
|
|
security fix for mutt
Revisions pulled up:
- pkgsrc/mail/mutt/Makefile via patch
- pkgsrc/mail/mutt/distinfo 1.30
- pkgsrc/mail/mutt/patches/patch-ae 1.4
Module Name: pkgsrc
Committed By: tron
Date: Tue Jun 20 09:14:47 UTC 2006
Modified Files:
pkgsrc/mail/mutt: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/mutt/patches: patch-ae
Log Message:
Add fix from the "mutt" CVS repository for a buffer overflow in the
IMAP code which could be exploited by a malicious IMAP server.
Bump package revision.
|
|
|
|
security fix for kdebase3
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: markd
Date: Thu Jun 15 01:35:33 UTC 2006
Modified Files:
pkgsrc/x11/kdebase3: Makefile distinfo
Log Message:
Fix for KDM symlink vulnerability. CVE-2006-2449
Bump PKGREVISION.
|
|
|
|
security fix for gd
Revisions pulled up:
- pkgsrc/graphics/gd/Makefile 1.68, 1.69, 1.70
- pkgsrc/graphics/gd/distinfo 1.23
- pkgsrc/graphics/gd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: minskim
Date: Sun May 14 18:19:08 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile
Log Message:
Fix a pkglint warning.
---
Module Name: pkgsrc
Committed By: minskim
Date: Sun May 14 18:22:38 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile
Log Message:
This package installs a perl script. Add a dependency on perl using
USE_TOOLS.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Jun 14 21:42:33 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-ac
Log Message:
Security fix for CVE-2006-2906:
"The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote
attackers to cause a denial of service (CPU consumption) via malformed
GIF data that causes an infinite loop."
Patch from Xavier Roche via Ubuntu.
|
|
|
|
security fix for arts
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: markd
Date: Thu Jun 15 01:33:05 UTC 2006
Modified Files:
pkgsrc/audio/arts: Makefile distinfo
Log Message:
Fix for artswrapper return value checking vulnerability. CVE-2006-2916
Bump PKGREVISION
|
|
|
|
security fix for sendmail812
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Jun 14 18:57:34 UTC 2006
Modified Files:
pkgsrc/mail/sendmail812: Makefile distinfo
Added Files:
pkgsrc/mail/sendmail812/patches: patch-ah patch-ai patch-aj patch-ak
Log Message:
Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
|
|
security fix for sendmail
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Jun 14 18:53:54 UTC 2006
Modified Files:
pkgsrc/mail/sendmail: Makefile distinfo
Added Files:
pkgsrc/mail/sendmail/patches: patch-aj patch-ak patch-al patch-am
Log Message:
Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
|
|
|
|
security update for wv2
Revisions pulled up:
- pkgsrc/converters/wv2/Makefile 1.21
- pkgsrc/converters/wv2/distinfo 1.5
Module Name: pkgsrc
Committed By: markd
Date: Wed Jun 14 12:45:30 UTC 2006
Modified Files:
pkgsrc/converters/wv2: Makefile distinfo
Log Message:
Update to wv2-0.2.3
* Fixed an integer overflow bug (CVE-2006-2197)
* Applied a patch by Friedemann Kleint (Fa. metis)
with fixes for Solaris / Sun C++ 5.5 Patch 113817-02 2003/08/29.
Additionally fixes some tab-related bugs (unique and erase stuff)
|
|
|
|
security update for dia
Revisions pulled up:
- pkgsrc/graphics/dia-python/Makefile 1.8
- pkgsrc/graphics/dia-python/PLIST 1.2
Module Name: pkgsrc
Committed By: drochner
Date: Tue May 2 16:23:30 UTC 2006
Modified Files:
pkgsrc/graphics/dia: Makefile Makefile.common PLIST distinfo
pkgsrc/graphics/dia-python: Makefile PLIST
Removed Files:
pkgsrc/graphics/dia/patches: patch-ab patch-ac patch-ad
Log Message:
update to 0.95
changes:
-"mainpoint" system allows lines to always point towards the middle
-Python plug-ins added
-automatically change grid size depending on zoom level
-Text input now highlights the object
-security problems fixed in XFig import and Python plug-in
-new shapes added
-new UML objects added
-Full screen mode
-Improved SVG import
-Plug-in loading and unloading doesn't require restart
-i18n problems fixed
-bugs have been fixed
-Command line usage has improved
-ses the new GTK+ File Dialog
pkgsrc change:
-precompile Python files
|
|
security update for dia
Revisions pulled up:
- pkgsrc/graphics/dia/Makefile 1.44
- pkgsrc/graphics/dia/Makefile.common 1.10, 1.11, 1.12
- pkgsrc/graphics/dia/PLIST 1.12, 1.13
- pkgsrc/graphics/dia/distinfo 1.16, 1.17, 1.18
- pkgsrc/graphics/dia/options.mk 1.4
- pkgsrc/graphics/dia/patches/patch-ab removed
- pkgsrc/graphics/dia/patches/patch-ac removed
- pkgsrc/graphics/dia/patches/patch-ad removed
- pkgsrc/graphics/dia/patches/patch-ca 1.1
- pkgsrc/graphics/dia/patches/patch-cb 1.1
- pkgsrc/graphics/dia/patches/patch-cc 1.1
- pkgsrc/graphics/dia-python/Makefile 1.8
- pkgsrc/graphics/dia-python/PLIST 1.2
Module Name: pkgsrc
Committed By: drochner
Date: Tue May 2 16:23:30 UTC 2006
Modified Files:
pkgsrc/graphics/dia: Makefile Makefile.common PLIST distinfo
pkgsrc/graphics/dia-python: Makefile PLIST
Removed Files:
pkgsrc/graphics/dia/patches: patch-ab patch-ac patch-ad
Log Message:
update to 0.95
changes:
-"mainpoint" system allows lines to always point towards the middle
-Python plug-ins added
-automatically change grid size depending on zoom level
-Text input now highlights the object
-security problems fixed in XFig import and Python plug-in
-new shapes added
-new UML objects added
-Full screen mode
-Improved SVG import
-Plug-in loading and unloading doesn't require restart
-i18n problems fixed
-bugs have been fixed
-Command line usage has improved
-ses the new GTK+ File Dialog
pkgsrc change:
-precompile Python files
---
Module Name: pkgsrc
Committed By: abs
Date: Tue May 16 21:15:23 UTC 2006
Modified Files:
pkgsrc/graphics/dia: Makefile.common
Log Message:
USE_LANGUAGES+=c++
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 31 17:50:12 UTC 2006
Modified Files:
pkgsrc/graphics/dia: Makefile.common distinfo
Log Message:
update to 0.95.1
changes:
3 minor bugfixes
---
Module Name: pkgsrc
Committed By: drochner
Date: Sun Jun 11 16:55:35 UTC 2006
Modified Files:
pkgsrc/graphics/dia: PLIST distinfo options.mk
Added Files:
pkgsrc/graphics/dia/patches: patch-ca patch-cb patch-cc
Log Message:
fix help file installation in the !gnome case, problem found by
Lubomir Sedlacik
(no PKGREVISION bump because the default case is not affected)
Help display seems fundamentally broken to me in the !gnome case;
the code looks for an "index.html" which is not installed (and which
no make rule is present for).
|
|
|
|
security update for sylpheed
Revisions pulled up:
- pkgsrc/mail/sylpheed/Makefile 1.92, 1.93, 1.96
- pkgsrc/mail/sylpheed/distinfo 1.48, 1.49, 1.50
- pkgsrc/mail/sylpheed/options.mk 1.2
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Mar 29 22:04:57 UTC 2006
Modified Files:
pkgsrc/mail/sylpheed: Makefile distinfo
Log Message:
Update to:
* 2.2.3 (stable)
* The sorting of the result of the query search was enabled.
* The printing of messages now follows the state of 'Show all headers'.
* Relative path is allowed for signature files.
* The To, Cc, and Bcc button of the address book are now always enabled.
* The window position of the address book is now preserved.
* The toggle of the Cc entry on the composition window was enabled.
* The appearance of the address book was modified.
* Unix: The support of metamail command was removed, and it was replaced
with the alternative implementation.
* Win32: libwimp.dll was updated, and the appearance of the UI was
improved.
* Win32: zlib1.dll was updated.
* Win32: The application icon was updated.
* Win32: The unnecessary message catalog files were removed to reduce the
archive size.
---
Module Name: pkgsrc
Committed By: chris
Date: Wed Mar 29 22:54:42 UTC 2006
Modified Files:
pkgsrc/mail/sylpheed: Makefile distinfo options.mk
Log Message:
Update sylpheed to 2.2.4. Changes are:
* MIME filename encoding with RFC 2322 parameter value extension was
supported.
* The clear button for the quick search entry was added.
* The bug that bold face was disabled in GtkTreeView with GLib 2.10
and Pango 1.12 was fixed.
* Win32: libwimp.dll was updated.
* Win32: The bug that subfolders were duplicated when rebuilding
folder tree while the settings were shared between Win32 and Unix
was fixed.
* Win32: The uninstaller was modified so that it only removes files
and folders created by the installer.
Also remove extra blank lines at the end of options.mk to appease pkglint.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Sat Jun 10 23:38:36 UTC 2006
Modified Files:
pkgsrc/mail/sylpheed: Makefile distinfo
Log Message:
Update to 2.2.6.
Changes 2.2.6:
* The 8-bit literal (literal8) in IMAP4 response was supported.
* The missing timeout handling was added for SMTP.
* The failure of URI security check when they have leading space
was fixed.
Changes 2.2.5:
* The character corruption and crash bug when using Japanese
half-width kana on sending messages was fixed.
* The execution failure when using the accessibility module was fixed.
* The bug that new/unread count becoming negative value was fixed.
* The bug that bold face was disabled in the folder selection dialog
with GLib 2.10 and Pango 1.12 was fixed.
* The incorrect progressbar display when expired messages exist was
fixed.
|
|
|
|
security update for freeciv
Revisions pulled up:
- pkgsrc/games/freeciv-client/Makefile 1.27, 1.29
- pkgsrc/games/freeciv-server/Makefile 1.23
- pkgsrc/games/freeciv-share/Makefile 1.13
- pkgsrc/games/freeciv-share/Makefile.common 1.26, 1.27
- pkgsrc/games/freeciv-share/distinfo 1.13
- pkgsrc/games/freeciv-share/patches/patch-aa 1.5
- pkgsrc/games/freeciv-share/patches/patch-ab 1.4
Module Name: pkgsrc
Committed By: adam
Date: Sat Apr 15 09:30:46 UTC 2006
Modified Files:
pkgsrc/games/freeciv-client: Makefile
pkgsrc/games/freeciv-server: Makefile
pkgsrc/games/freeciv-share: Makefile Makefile.common distinfo
pkgsrc/games/freeciv-share/patches: patch-aa patch-ab
Log Message:
Changes 2.0.8:
- Simplification of pubserver authentication system, and other
pubserver-related changes.
- Fix problems with some strings in some languages on windows.
- Fix a potential desynchronization bug when establishing connections.
- Fix a potential crash when reading packets (CVE-2006-0047).
- Fix some bugs allowing illegal rehoming of units.
- Allow loading of savegames created by Freeciv 2.1.
- Allow client goto into unknown tiles.
- Fix a set of crashes likely to happen with the XAW client on
64-bit systems.
- Fix a bug that allowed unlimited incoming airlifts.
---
Module Name: pkgsrc
Committed By: minskim
Date: Thu Jun 8 16:06:50 UTC 2006
Modified Files:
pkgsrc/games/freeciv-share: Makefile.common
Log Message:
This package needs zlib.
---
Modified Files:
pkgsrc/games/freeciv-client: Makefile
Log Message:
Needs pkg-config to build.
|
|
|
|
security update/fix for tiff
Revisions pulled up:
- pkgsrc/graphics/tiff/Makefile 1.79, 1.80, 1.82
- pkgsrc/graphics/tiff/distinfo 1.37-1.38
- pkgsrc/graphics/tiff/PLIST 1.10
- pkgsrc/graphics/tiff/patches/patch-au 1.5
Module Name: pkgsrc
Committed By: drochner
Date: Fri Mar 31 14:31:03 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Log Message:
update to 3.8.2
changes: bugfixes
---
Module Name: pkgsrc
Committed By: uebayasi
Date: Wed Apr 5 07:04:18 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile PLIST
Log Message:
A missing entry in PLIST, found by ftp://ftp.NetBSD.org/pub/pkgsrc/misc/kristerw
/pkgstat/i386-2.1/20060404.0711/graphics/tiff/.broken.html.
Reviewed By: reed
---
Module Name: pkgsrc
Committed By: salo
Date: Thu Jun 8 11:05:14 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-au
Log Message:
Security fix for CVE-2006-2193:
"A vulnerability in LibTIFF can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.
The vulnerability is caused due to a boundary error within tiff2pdf
when handling a TIFF file with a "DocumentName" tag that contains
UTF-8 characters. This can be exploited to cause a stack-based buffer
overflow and may allow arbitrary code execution."
http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193
Patch from Ubuntu.
|
|
|
|
runtime fix for ruby-tk
Revisions pulled up:
- pkgsrc/x11/ruby-tk/Makefile 1.23
Module Name: pkgsrc
Committed By: taca
Date: Wed May 31 04:08:27 UTC 2006
Modified Files:
pkgsrc/x11/ruby-tk: Makefile
Log Message:
Specify X11BASE as configuration parameter. This change should fix
the problem which cause LoadError of libX11.so.6. This problem was
noted by rudolf <netbsd at eq.cz> on pkgsrc-users.
Bump PKGREVISION.
|
|
|
|
security update for spamassassin
Revisions pulled up:
- pkgsrc/mail/spamassassin/Makefile 1.71, 1.72
- pkgsrc/mail/spamassassin/PLIST 1.19
- pkgsrc/mail/spamassassin/distinfo 1.37, 1.38
- pkgsrc/mail/spamassassin/options.mk 1.6
- pkgsrc/mail/spamassassin/patches/patch-ab 1.12
- pkgsrc/mail/spamassassin/patches/patch-ad removed
- pkgsrc/mail/spamassassin/patches/patch-az removed
Module Name: pkgsrc
Committed By: heinz
Date: Fri May 26 20:53:00 UTC 2006
Modified Files:
pkgsrc/mail/spamassassin: Makefile PLIST distinfo options.mk
pkgsrc/mail/spamassassin/patches: patch-ab
Added Files:
pkgsrc/mail/spamassassin/patches: patch-bb
Removed Files:
pkgsrc/mail/spamassassin/patches: patch-ad patch-az
Log Message:
Updated to version 3.1.2.
Pkgsrc changes:
- The updates for rule files go into $VARBASE/spamassassin/.
- This above directory and the directory sa-update-keys for the GPG keys
are now handled automatically by OWN_DIRS.
- The growing number of *.pre files are managed in a loop in the Makefile.
They are no longer contained in the static PLIST.
- Removed some unnecessary trailing slashes.
- Patching init.pre in order to disable the SPF plugin broke the spf.t
test. This is now fixed, although in a rather ugly way :-/.
- patch-ab no longer needs to use BSD_INSTALL_DATA_DIR because we create
the directories through INSTALLATION_DIRS.
- patch-ad and patch-az were removed (changes integrated upstream).
- patch-bb fixes a small documentation error.
- Fixed some warnings by pkglint about the SUBST framework in Makefile
and options.mk.
Relevant changes since version 3.1.1:
=====================================
- bug 4802: implement DKIM plugin, including whitelist_from_dkim support
- bug 3838: work around Perl bug causing captured RE variables to become
tainted -- thanks to Mark Martinec for pointing out the bug with
Perl itself
- bug 4850: re-enable the Razor2 plugin by default due to a service
policy change
- bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
- bug 4827: M::SA::first_existing_path() would return the last array
entry passed in if none of the paths were found. Now return undef
instead and handle the error when it happens.
- bug 4813: generally open RE causes sendmail received header get read
in as qmail in error
- bug 4839: Logger.pm converts control chars including tab into
underscores which confuses a bunch of users when checking debug output.
Convert tab into space instead, etc.
- bug 4884: if a null message is passed in, there are several variables
which end up undefined causing warnings. fake an empty message if no
input is given.
- bug 4793: when replacing tags in a message (_TAG_), leave the tags
that don't exist alone instead of just removing them
- bug 4861, 4760: handle dccifd and dccproc failover properly, backport
relays_internal and relays_external code, backport bug 4760 fix so
that it's not possible to be in internal_networks without being in
trusted_networks as well
- bug 4901: deal more properly with failures in bgsend(). also, use
the proper variable to show when errors occur.
- bug 4867: fetchmail changed header formats at some point making Received
parsing fail in certain conditions
- bug 4699: use M::SA::Timeout for spamd copy_config call and allow for
empty $@ values
- bug 3754: if there's a problem opening a file via sa-learn or
spamassassin, return an error exit value.
---
Module Name: pkgsrc
Committed By: heinz
Date: Mon Jun 5 23:01:01 UTC 2006
Modified Files:
pkgsrc/mail/spamassassin: Makefile distinfo
Removed Files:
pkgsrc/mail/spamassassin/patches: patch-bb
Log Message:
Updated to version 3.1.3.
Pkgsrc changes:
- patch-bb for no longer necessary (integrated upstream).
Changes since version 3.1.2:
============================
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.
|
|
|
|
security update for miredo
Revisions pulled up:
- pkgsrc/net/miredo/Makefile 1.4, 1.5, 1.6, 1.7, 1.8
- pkgsrc/net/miredo/distinfo 1.3, 1.4, 1.5
- pkgsrc/net/miredo/PLIST 1.2, 1.3
- pkgsrc/net/miredo/patches/patch-aa 1.3
- pkgsrc/net/miredo/patches/patch-ab 1.3, 1.4
- pkgsrc/net/miredo/patches/patch-ac 1.3
- pkgsrc/net/miredo/patches/patch-ad 1.3
- pkgsrc/net/miredo/patches/patch-ae 1.3
- pkgsrc/net/miredo/patches/patch-af removed
Module Name: pkgsrc
Committed By: rpaulo
Date: Fri Mar 31 23:21:33 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile
Log Message:
SunOS is not supported. PR 33157.
---
Module Name: pkgsrc
Committed By: rpaulo
Date: Mon Apr 3 23:30:34 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile distinfo
pkgsrc/net/miredo/patches: patch-ab
Log Message:
NetBSD needs TUNIFHEAD.
---
Module Name: pkgsrc
Committed By: rpaulo
Date: Tue May 2 15:36:09 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile PLIST distinfo
pkgsrc/net/miredo/patches: patch-aa patch-ab patch-ac
Removed Files:
pkgsrc/net/miredo/patches: patch-ad patch-ae patch-af
Log Message:
Update to version 0.8.4.
Changes include the fix for this security problem:
http://www.simphalempin.com/dev/miredo/mtfl-sa-0601.shtml.en
and the additon of most pkgsrc patches.
---
Module Name: pkgsrc
Committed By: rpaulo
Date: Tue May 2 15:36:44 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile
Log Message:
Put back NOT_FOR_PLATFORM.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri May 12 08:25:47 UTC 2006
Modified Files:
pkgsrc/net/miredo: Makefile PLIST distinfo
pkgsrc/net/miredo/patches: patch-ac
Added Files:
pkgsrc/net/miredo/patches: patch-ad patch-ae
Log Message:
Fix PLIST and bump revision. Add DragonFly work arounds for pthread.h
and fix net/if_var.h test as well.
|
|
|
|
security update for quagga
Revisions pulled up:
- pkgsrc/net/quagga/Makefile 1.29
- pkgsrc/net/quagga/PLIST 1.8
- pkgsrc/net/quagga/distinfo 1.9
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 5 19:28:25 UTC 2006
Modified Files:
pkgsrc/net/quagga: Makefile PLIST distinfo
Log Message:
Update to 0.98.6.
Security:
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] 0.98 specific command changes, allow no-auth to be set
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated
route updates
[doc] Add text on 0.98 specific RIP authentication changes
[docs] Update ripd docs on version and authentication, see bugs
#261,#262
Thanks to Konstantin V. Gavrilenko for report and testing.
bgpd:
- bgpd Telnet Interface DoS:
OSVDB ID 25245:
http://www.osvdb.org/displayvuln.php?osvdb_id=25245
[quagga-dev 4051]:
http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
[bgpd] Fix infinite loop in community_str2com
[No NEWS entries for 0.98.2 to 0.98.6; many bugfixes]
|
|
|
|
security update for quagga-devel
Revisions pulled up:
- pkgsrc/net/quagga-devel/Makefile 1.3
- pkgsrc/net/quagga-devel/distinfo 1.3
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 5 13:58:54 UTC 2006
Modified Files:
pkgsrc/net/quagga-devel: Makefile distinfo
Log Message:
Update to 0.99.4.
Security:
bgpd:
- BGP Telnet Interface DoS
CVE-2006-2276, OSVDB ID 25245
[bgpd] Fix infinite loop in community_str2com
ripd:
- RIPD unauthenticated route table broadcast:
CVE-2006-2223, OSVDB ID 25224, Secunia SA19910
- RIPD unauthenticated route injection:
CVE-2006-2224, OSVDB ID 25225, Secunia SA19910
[ripd] bugs #261, #262: Fix RIPv1 info-leak and unauthenticated
route updates
[docs] Update ripd docs on version and authentication, see bugs
#261,#262
Many bugfixes (no NEWS entry).
|
|
|
|
security update for base
Revisions pulled up:
- pkgsrc/security/base/Makefile 1.8, 1.10
- pkgsrc/security/base/PLIST 1.3, 1.4
- pkgsrc/security/base/distinfo 1.3, 1.4
- pkgsrc/security/base/patches/patch-aa 1.2
Module Name: pkgsrc
Committed By: adrianp
Date: Fri May 12 22:31:38 UTC 2006
Modified Files:
pkgsrc/security/base: Makefile PLIST distinfo
pkgsrc/security/base/patches: patch-aa
Log Message:
Update to BASE 1.2.4
> Changes:
> - Fixed issue with PostGRES and schema in base_db.inc.php -- Kevin J and Nikns
> - Fixed bug 1284695 Error in SQL with PostgreSQL -- Kevin J and Nikns
> - Fixed issues displaying PortScans -- Nikns
> - Fixed sig_class (bug 1407325) and sig_priority filter bug -- Nikns and Max Valdez (garaged)
> - Fixed bug 1408387 Archive move and Email summary issues -- Nikns
> - Fixed bug when, after setup, archive database wasn't used -- Nikns
> - Fixed PostgreSQL archive database support -- Nikns
> - Fixed bug 1313261 Unable to use actions in base_stat_sensor.php -- Nikns
> - Fixed bug 1371532 First of month timestamp issue -- Nikns
> - Fixed bug 1406945 Lost alert order when switching between payload display -- Nikns
> - Fixed bug 1413712 base_conf.php file path issue under MS Windows -- garaged
> - Fixed search by signature name -- Nikns
> - Converted sql/create_base_tbls_mssql_extra.sql to CRLF line terminators -- Nikns
> - Fixed broken auth system for MSSQL -- Nikns
> - Changed MSSQL schema for table acid_event, sig_name now has type VARCHAR instead of TEXT -- Nikns
> - Fixed bug 1307250 broken base_stat_alerts.php with MSSQL -- Nikns
> - Fixed bug 1413594 Force to use alert database for auth system stuff -- Nikns
> - Setup fix, on error form values are remembered, default language is English -- garaged
> - Uppercased name 'Archive' in base_main.php (in sync with base_hdr1.php) -- Nikns
> - Fixed support for actions in base_stat_class.php -- Nikns
> - Fixed bug 1418660 Broken search by IP criteria -- Nikns
> - Added checkboxes and fixed support for actions in base_stat_iplink.php -- Nikns
> - Implemented RFE 1123382 support for actions in base_stat_uaddr.php -- Nikns
> - Implemented support for actions in base_stat_ports.php -- Nikns
> - Fixed bug 1422575 when empty email sent even if action unsuccessful -- Nikns
> - Fixed bug 1424033 Unable to Graph Alert Detection Time -- Nikns
> - Fixed bug 1426089 Score removed from email address -- Nikns
> - Fixed bug 1210542 and 1288402 Packet display mode issues -- Nikns
> - Detect archiving duplicates with select queries instead of catching db conflict error -- Nikns
> - Fixed bug 1430686 Update alert cache for archived alert right after it is coppied to archive db -- Nikns
> - Implemented archiving support for schema 107 -- Nikns
> - Added sig_gid (signature generator id) to snort signature reference url for schema 107 -- Nikns
> - session_start() on base_conf.php avoiding repetition, easier to handle with debug output -- garaged
> - debug_mode needs to be off on login (index.php:45 ) -- garaged
> - Fixed bug 1275536 Unable to download binary payload in Internet Explorer when using SSL -- Nikns
> - Implemented archiving support for FLoP extended database schema -- Nikns
> - Implemented rebuild of packet in pcap format for FLoP extended database -- Nikns
> - Added display of MAC addresses in base_query_alert.php for FLoP extended database -- Nikns
> - Fixed BASE authentication bypass in standalone mode for base_maintenance.php -- Nikns
> - Added HTTP response codes on authentication failure in base_maintenance.php for standalone mode -- Nikns
> - Fixed bug 1341286 Show IP header length in bytes, not words -- Juergen Leising
> - In plain display mode several sequential non-ASCII payload characters join together displaying their count -- Nikns
> - Changed input type of the password field in useradmin -- Kevin Johnson
---
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jun 6 19:41:43 UTC 2006
Modified Files:
pkgsrc/security/base: Makefile PLIST
Log Message:
Update to 1.2.5
> - 6/4/2006 1.2.5 (sarah)
> - Added base64 encoding support for MAC addresses presented on the screen for FLoP extended database -- Juergen Leising
> - Added base64 encoding support for rebuild of packet in pcap format for FLoP extended database -- Juergen Leising
> - Fixed issue with Oracle and schema version in base_db.inc.php -- Nikns
> - Fixed bug when alerts with sig references would fail to archive causing duplicates error -- Nikns
> - Added base64 encoding support for ICMP payload additional table in base_qry_alert.php -- Juergen Leising
> - Added check for PHP Logging Level against E_NOTICES in setup/index.php -- Nikns
> - Fixed bug when certain preprocessor alerts would not be cached (for example arpspoof) -- Nikns
> - Added setup/setup_db.inc.php with CreateBASEAG() to resolve redundancy in setup and base_db_setup.php -- Nikns
> - Removed unnecessary and broken search index stuff from Create BASE AG, since schemas are already with them -- Nikns
> - Added XSSPrintSafe() (array safe htmlspecilchars() function) and made filterSql() use ADOdb qmagic() -- Nikns
> - Changed input type of the password field to actually be password in setup3.php -- Nikns
> - Filtered all unfiltred (mainly auth system stuff) $_POST and $_GET variables using filterSql() -- Nikns
> - Santized all $_SERVER variables to be protected against XSS attacks -- Nikns
> - Added "Clear Data Tables" option in base_maintenance.php and "Repair Tables" option to execute CreateBASEAG() -- Nikns
> - Make use of FLoP's event reference. Signature name of alert which trigered "Tagged Packet" alert is shown too -- Nikns
> - Updated chinese.lang.php -- Johnson Chiang
> - Fixed Time error in searches -- Jeff Kell
> - Fixed refresh issue with ~ directories -- Kevin Johnson
> - Fixed cookie stored data and authentication scheme to correct Nikns' report on session forge issue -- GaRaGeD
> - Updated link to the Nessus plug in DB -- Jonathan W Miner
> - Fixed display after deleting alerts -- Bruce Briggs
> - Fixed Bug #1466392 - Back button doesn't work after refresh. -- Juergen Leising
> - Patches from jhart@spoofed.org to add missing ICMP and TCP type and codes - GaRaGeD
> - add support for ICMP redirect decoding. - Jon Hart
> - add decoding support for ICMP source quench and ICMP parameter problem - Jon Hart
> - split up "flags" into DF and MF, much like tcp flags are currently handled - Jon Hart
---
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jun 6 20:09:50 UTC 2006
Modified Files:
pkgsrc/security/base: distinfo
Log Message:
Update distinfo missed in the update to 1.2.5
|
|
|
|
security update for snort
Revisions pulled up:
- pkgsrc/net/snort/Makefile.common 1.35
- pkgsrc/net/snort/distinfo 1.35
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jun 6 18:51:52 UTC 2006
Modified Files:
pkgsrc/net/snort: Makefile.common distinfo
Log Message:
Update to 2.4.5
These releases have better performance, numerous new features and
incorporate many bug fixes. Notable bug fixes and improvements include:
* Tcp stream properly reassembled after failed sequence check,
which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible
evasion cases.
* Improved performance monitoring.
|
|
|
|
security fix for freetype2
Apply patch from salo, mirroring the recent xsrc fixes for CVE-2006-0747,
CVE-2006-1861, and CVE-2006-2661.
|
|
|
|
security update for drupal
Patch provided by the submitter.
Updated to version 4.6.8.
Drupal 4.6.8, 2006-06-01
------------------------
- fixed critical upload issue, see SA-2006-007
- fixed taxonomy XSS issue, see SA-2006-008
|
|
|
|
security fix for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.71, 1.73
- pkgsrc/mail/squirrelmail/distinfo 1.31, 1.32
- pkgsrc/mail/squirrelmail/patches/patch-ab 1.12
- pkgsrc/mail/squirrelmail/patches/patch-ac 1.3
- pkgsrc/mail/ja-squirrelmail/MESSAGE 1.3
- pkgsrc/mail/ja-squirrelmail/Makefile 1.27, 1.28, 1.30
- pkgsrc/mail/ja-squirrelmail/PLIST 1.4
- pkgsrc/mail/ja-squirrelmail/distinfo 1.9, 1.10, 1.11
- pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.3
- pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.3
- pkgsrc/mail/ja-squirrelmail/patches/patch-ad removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-ae removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-af removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-ag removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-ah removed
Module Name: pkgsrc
Committed By: martti
Date: Tue Apr 11 05:24:20 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/squirrelmail/patches: patch-ab
Log Message:
Updated mail/squirrelmail to 1.4.6nb1
* added patch for Ukrainian translation (needed by the new
* squirrelmail-locales)
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 5 02:46:54 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: MESSAGE Makefile distinfo
Removed Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-ah
Log Message:
Update ja-squirrelmail package to 1.4.6 after talking with martti@.
Prior to this release, there are security vulnerability the same as
squirrelmail 1.4.5.
This update made with temporary Japanese patch based on the patch
for 1.4.5.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri May 5 05:32:36 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ab
Log Message:
Updated ja-squirrelmail to 1.4.6nb1
* sync with squirrelmail-1.4.6nb1
---
Module Name: pkgsrc
Committed By: tron
Date: Sun Jun 4 12:31:31 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile distinfo
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ac
pkgsrc/mail/squirrelmail/patches: patch-ac
Log Message:
Add fix for security issue 2006-06-01 from SquirrelMail CVS repository.
Bump package revision.
|