Age | Commit message (Collapse) | Author | Files | Lines |
|
rsync bugfix update
Revisions pulled up:
- pkgsrc/net/rsync/Makefile 1.65
- pkgsrc/net/rsync/distinfo 1.24
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 28 16:08:37 UTC 2006
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Log Message:
Update to 2.6.8:
NEWS for rsync 2.6.8 (22 Apr 2006)
Protocol: 29 (unchanged)
Changes since 2.6.7:
BUG FIXES:
- Fixed a bug in the exclude code where an anchored exclude without any
wildcards fails to match an absolute source arg, but only when --relative
is in effect.
- Improved the I/O code for the generator to fix a potential hang when the
receiver gets an EOF on the socket but the generator's select() call
never indicates that the socket is writable for it to be notified about
the EOF. (This can happen when using stunnel).
- Fixed a problem with the file-reading code where a failed read (such as
that caused by a bad sector) would not advance the file's read-position
beyond the failed read's data.
- Fixed a logging bug where the "log file" directive was not being honored
in a single-use daemon (one spawned by a remote-shell connection or by
init).
- If rsync cannot honor the --delete option, we output an error and exit
instead of silently ignoring the option.
- Fixed a bug in the --link-dest code that prevented special files (such as
fifos) from being linked.
- The ability to hard-link symlinks and special files is now determined at
configure time instead of at runtime. This fixes a bug with --link-dest
creating a hard-link to a symlink's referent on a BSD system.
ENHANCEMENTS:
- In daemon mode, if rsync fails to bind to the requested port, the
error(s) returned by socket() and/or bind() are now logged.
- When we output a fatal error, we now output the version of rsync in the
message.
- Improved the documentation for the --owner and --group options.
- The rsyncstats script in "support" has an improved line-parsing regex
that is easier to read and also makes it to parse syslog-generated lines.
- A new script in "support": file-attr-restore, can be used to restore the
attributes of a file-set (the permissions, ownership, and group info)
taken from the cached output of a "find ARG... -ls" command.
|
|
|
|
security update for cgiirc
Revisions pulled up:
- pkgsrc/chat/cgiirc/Makefile 1.10
- pkgsrc/chat/cgiirc/PLIST 1.2
- pkgsrc/chat/cgiirc/distinfo 1.5
Module Name: pkgsrc
Committed By: adrianp
Date: Tue May 2 21:43:34 UTC 2006
Modified Files:
pkgsrc/chat/cgiirc: Makefile PLIST distinfo
Log Message:
Update to 0.5.8
> 0.5.8
> - Translations into German, Dutch, Romanian and Norwegian (thanks
> OUTsider/scarynet)
> - Russian translation of help
> - Some more UTF-8 fixes (including joining channels with non-ASCII chars,
> thanks to Jonas Liljegren)
> - Server balancing support
> - Identd supports multiple installs
> - Fix buffer overflow in client.cgi
> - Other misc fixes (see
> http://cvs.cgiirc.org/timeline?d=300&e=2006-Apr-30&c=2)
>
> 0.5.7
> - Fixed to work on Perl <5.8
> - Perform config option
|
|
|
|
security fix for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.34
- pkgsrc/www/firefox/distinfo 1.48
- pkgsrc/www/firefox/patches/patch-fa 1.1
- pkgsrc/www/firefox/patches/patch-fb 1.1
- pkgsrc/www/firefox-gtk1/Makefile 1.12
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 28 16:11:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Fix a memory management / refcount problem which can lead to a DOS or
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue May 2 10:10:43 UTC 2006
Modified Files:
pkgsrc/www/firefox-gtk1: Makefile
Log Message:
PKGREVISION bump for firefox security fix, pointed out by Lubomir Sedlacik
|
|
|
|
bonnie runtime fix
Revisions pulled up:
- pkgsrc/benchmarks/bonnie/Makefile 1.27
- pkgsrc/benchmarks/bonnie/distinfo 1.7
- pkgsrc/benchmarks/bonnie/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed Apr 12 10:55:49 UTC 2006
Modified Files:
pkgsrc/benchmarks/bonnie: Makefile distinfo
pkgsrc/benchmarks/bonnie/patches: patch-ac
Log Message:
The patch in PR pkg/21421 had a bug: The memory allocated for "Chunk"
was too short. This made the program die from EFAULT randomly.
Found by Konrad Schroder.
Apply his fix that and bump PKGREVISION.
|
|
|
|
security update for mantis
Revisions pulled up:
- pkgsrc/devel/mantis/Makefile 1.20
- pkgsrc/devel/mantis/PLIST 1.7
- pkgsrc/devel/mantis/distinfo 1.7
Module Name: pkgsrc
Committed By: adrianp
Date: Mon May 1 13:00:40 UTC 2006
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Update to 1.0.2
> 2006.04.18 - 1.0.2
> - 0006902: [security] XSS in mantis bug track system .... (thraxisp)
> - 0006859: [bugtracker] Can send reminders to all recipients (thraxisp)
>
> 2006.02.18 - 1.0.1
> - 0006722: [installation] Remaining mysqli_ install problems (ref.
> #0006672): my sqli_real_escape_string() expects parameter
> 1 to be link (thraxisp)
> - 0006672: [installation] install.php assumes mysql extension, fails
> with mysqli extension (thraxisp)
> - 0006668: [filters] Parse error while saving new filter: Call to
> undefined function: string_strip_tags() (thraxisp)
>
> 2006.02.04 - 1.0.0
> - 0006044: [security] 'Return' _GET is not checked (thraxisp)
> - 0006650: [security] ADOdb can be exploited to execute arbitrary SQL
> code (vboctor)
> - 0006659: [security] Cross site scripting vulnerability (thraxisp)
> - 0006634: [filters] Filter does not work with profiles (vboctor)
|
|
|
|
security update for clamav
Revisions pulled up:
- pkgsrc/mail/clamav/Makefile 1.58
- pkgsrc/mail/clamav/distinfo 1.35
Module Name: pkgsrc
Committed By: xtraeme
Date: Sun Apr 30 06:50:00 UTC 2006
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Log Message:
Update to 0.88.2:
This release improves virus detection, fixes zip handling on 64-bit
architectures and possible security problem in freshclam.
|
|
|
|
security updates for {,ja-}trac
Revisions pulled up:
- pkgsrc/www/trac/Makefile 1.19
- pkgsrc/www/trac/distinfo 1.14
- pkgsrc/www/ja-trac/Makefile 1.3
- pkgsrc/www/ja-trac/distinfo 1.3
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 26 16:08:21 UTC 2006
Modified Files:
pkgsrc/www/trac: Makefile distinfo
Log Message:
Update to version 0.9.5
From Akio OBATA via PR pkg/33367.
Changes:
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
Trac 0.9.4 (Feb 15, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.4
- Deletion of reports has been fixed.
- Various encoding issues with the timeline RSS feed have been fixed.
- Fixed a memory leak when syncing with the repository.
- Milestones in the roadmap are now ordered more intelligently.
- Fixed bugs: #1064, #1150, #2006, #2253, #2324, #2330, #2408, #2430,
#2431, #2459, #2544, #2459, #2481, #2485, #2536, #2544, #2553,
#2580, #2583, #2606, #2613, #2621, #2664, #2666, #2680, #2706,
#2707, #2735
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 26 16:09:49 UTC 2006
Modified Files:
pkgsrc/www/ja-trac: Makefile distinfo
Log Message:
Update to version 0.9.5.1
From Akio OBATA via PR pkg/33368.
Changes:
Trac-0.9.5-ja-1 (Apr 19, 2006)
- Merge trac-0.9.5
- Update to current statement.
- README.trac-ja
- wiki-default/TracJa
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
|
|
|
|
portability fix for emacs
Revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.92
- pkgsrc/editors/emacs/distinfo 1.27
- pkgsrc/editors/emacs/patches/patch-az 1.14
- pkgsrc/editors/emacs-nox11/Makefile 1.21
Module Name: pkgsrc
Committed By: markd
Date: Wed Apr 5 22:22:16 UTC 2006
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
pkgsrc/editors/emacs-nox11: Makefile
Added Files:
pkgsrc/editors/emacs/patches: patch-az
Log Message:
Pass the correct sized argument to sbrk() when trying to reduce the break
so that on 64bit systems it is actually a negative number, not a very
large positive one. Should fix PR pkg/29351.
Thanks to Martijn van Buul for giving me access to an amd64 box so I
could track this down. Bump PKGREVISION.
|
|
|
|
security fix for xine-ui
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 21 11:11:26 UTC 2006
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-aq patch-ar
Log Message:
fix some format string vulnerabilities, see
http://www.open-security.org/advisories/16
|
|
|
|
|
|
security update for ethereal
Revisions pulled up:
- pkgsrc/net/ethereal/Makefile 1.129
- pkgsrc/net/ethereal/PLIST 1.25
- pkgsrc/net/ethereal/distinfo 1.50
- pkgsrc/net/ethereal/patches/patch-aa removed
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 25 10:04:20 UTC 2006
Modified Files:
pkgsrc/net/ethereal: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/ethereal/patches: patch-aa
Log Message:
Update "ethereal" package to version 0.99.0.
Changes since version 0.10.14 include:
- security fixes for problems discovered by a Coverity scan
- new utility "dumpcap" for capturing packets from a live network and
writing them to a file has been added.
- support for ACP133, E.212, Nortel LGE Monitor and OICQ protocols
|
|
|
|
security update for mozilla
Revisions pulled up:
- pkgsrc/www/mozilla/DESCR 1.3, 1.4
- pkgsrc/www/mozilla/Makefile 1.158
- pkgsrc/www/mozilla/buildlink3.mk 1.20
- pkgsrc/www/mozilla/distinfo 1.89
- pkgsrc/www/mozilla-gtk2/DESCR 1.3, 1.4
- pkgsrc/www/mozilla/patches/patch-cn 1.1
- pkgsrc/www/mozilla-gtk2/Makefile 1.37
- pkgsrc/www/mozilla-gtk2/buildlink3.mk 1.18
Module Name: pkgsrc
Committed By: veego
Date: Mon Apr 24 16:52:58 UTC 2006
Modified Files:
pkgsrc/www/mozilla: Makefile buildlink3.mk distinfo
pkgsrc/www/mozilla-gtk2: Makefile buildlink3.mk
Added Files:
pkgsrc/www/mozilla/patches: patch-cn
Log Message:
Update "mozilla" packages to version 1.7.13. Changes since 1.7.12:
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
- additional patch to fix pr#33333
Shin'ichiro TAYA told me that i can do this update.
---
Module Name: pkgsrc
Committed By: ghen
Date: Mon Apr 24 18:48:12 UTC 2006
Modified Files:
pkgsrc/www/mozilla: DESCR
pkgsrc/www/mozilla-gtk2: DESCR
Log Message:
Reindent.
---
Module Name: pkgsrc
Committed By: ghen
Date: Mon Apr 24 18:52:25 UTC 2006
Modified Files:
pkgsrc/www/mozilla: DESCR
pkgsrc/www/mozilla-gtk2: DESCR
Log Message:
As the 1.7.13 release marked the end-of-life of the Mozilla Suite
product line, users of the Mozilla Suite are adviced to switch over to
Firefox (www/firefox) and Thunderbird (mail/thunderbird). For those who
still like the Suite, there is Seamonkey (pkgsrc/www/seamonkey), a
community-driven project to continue the Mozilla Suite.
For more information, see the Mozilla Suite 1.7.x Product Sunset
Announcement:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
|
|
|
|
security update for thunderbird
Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile 1.18
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.12
- pkgsrc/mail/thunderbird/distinfo 1.22
- pkgsrc/mail/thunderbird/patches/patch-ab 1.9
- pkgsrc/mail/thunderbird-gtk1/Makefile 1.9
Module Name: pkgsrc
Committed By: ghen
Date: Sun Apr 23 14:14:07 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common
distinfo
pkgsrc/mail/thunderbird-gtk1: Makefile
pkgsrc/mail/thunderbird/patches: patch-ab
Log Message:
Update to Thunderbird 1.5.0.2 (1.5.0.1 was skipped to stay in sync with
Firefox).
Thunderbird 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be
circumvented
MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator
objects
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards
For a detailed ChangeLog, see:
http://weblogs.mozillazine.org/rumblingedge/archives/2006/02/1-5-0-2.html
|
|
|
|
security update for mozilla-bin
Revisions pulled up:
- pkgsrc/www/mozilla-bin/Makefile 1.29
- pkgsrc/www/mozilla-bin/distinfo 1.18
Module Name: pkgsrc
Committed By: tron
Date: Sat Apr 22 13:16:28 UTC 2006
Modified Files:
pkgsrc/www/mozilla-bin: Makefile distinfo
Log Message:
Update "mozilla-bin" package to version 1.7.13. Changes since 1.7.12:
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
|
|
|
|
adobe-cmaps update
Revisions pulled up:
- pkgsrc/fonts/adobe-cmaps/Makefile 1.17
- pkgsrc/fonts/adobe-cmaps/PLIST 1.6
- pkgsrc/fonts/adobe-cmaps/distinfo 1.10
Module Name: pkgsrc
Committed By: minskim
Date: Thu Apr 20 17:37:00 UTC 2006
Modified Files:
pkgsrc/fonts/adobe-cmaps: Makefile PLIST distinfo
Log Message:
Update adobe-cmaps to 20060419. ag14 was updated to ag15.
|
|
|
|
security fixes for php
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.29
- pkgsrc/lang/php5/Makefile.php 1.18
- pkgsrc/lang/php5/distinfo 1.15
- pkgsrc/lang/php5/patches/patch-ap 1.1
- pkgsrc/lang/php5/patches/patch-aq 1.1
- pkgsrc/lang/php5/patches/patch-ar 1.1
- pkgsrc/www/php4/Makefile 1.63
- pkgsrc/www/php4/distinfo 1.52
- pkgsrc/www/php4/patches/patch-aq 1.1
- pkgsrc/www/php4/patches/patch-ar 1.1
- pkgsrc/www/php4/patches/patch-as 1.1
- pkgsrc/www/ap-php/Makefile 1.9
Module Name: pkgsrc
Committed By: cube
Date: Fri Apr 14 13:47:30 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.php distinfo
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php4: Makefile distinfo
Log Message:
PHP4/5 security changes... They're not critical issues; secunia classes
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/
http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
---
Module Name: pkgsrc
Committed By: cube
Date: Fri Apr 14 13:48:33 UTC 2006
Added Files:
pkgsrc/lang/php5/patches: patch-ap patch-aq patch-ar
pkgsrc/www/php4/patches: patch-aq patch-ar patch-as
Log Message:
The actual patches for PHP4/5.
|
|
|
|
security fix for cy2-digestmd5
Updated via patch provided by the submitter.
Fixes denial of service vulnerability described in CVE-2006-1721.
|
|
|
|
sync audit-packages with HEAD
Revisions pulled up:
- pkgsrc/security/audit-packages/Makefile 1.65-1.66
- pkgsrc/security/audit-packages/files/audit-packages 1.27
- pkgsrc/security/audit-packages/files/audit-packages.0 1.13
- pkgsrc/security/audit-packages/files/audit-packages.8 1.18
Module Name: pkgsrc
Committed By: salo
Date: Sat Apr 15 15:02:10 UTC 2006
Modified Files:
pkgsrc/security/audit-packages: Makefile
pkgsrc/security/audit-packages/files: audit-packages audit-packages.0
audit-packages.8
Log Message:
Version 1.42
- Remove the "ignore vulnerabilities" stuff which was backed out from pkgsrc
infrastructure months ago. We are back at format 1.0.0.
---
Module Name: pkgsrc
Committed By: salo
Date: Sun Apr 16 16:15:01 UTC 2006
Modified Files:
pkgsrc/security/audit-packages: Makefile
Log Message:
Remove unused variable, SKIP_AUDIT_PACKAGES.
|
|
|
|
security update for mysql5
Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile 1.7
- pkgsrc/databases/mysql5-client/Makefile.common 1.10
- pkgsrc/databases/mysql5-client/PLIST 1.4
- pkgsrc/databases/mysql5-client/distinfo 1.5
- pkgsrc/databases/mysql5-client/patches/patch-ae 1.4
- pkgsrc/databases/mysql5-server/PLIST 1.5
- pkgsrc/databases/mysql5-server/distinfo 1.5, 1.6
- pkgsrc/databases/mysql5-server/patches/patch-ao 1.1
Module Name: pkgsrc
Committed By: xtraeme
Date: Thu Apr 13 11:19:25 UTC 2006
Modified Files:
pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST
distinfo
pkgsrc/databases/mysql5-client/patches: patch-ae
pkgsrc/databases/mysql5-server: PLIST distinfo
Log Message:
Update mysql5-* to 5.0.20.
To see new changes and bugs fixed, see:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html.
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Apr 17 11:21:41 UTC 2006
Modified Files:
pkgsrc/databases/mysql5-server: distinfo
Added Files:
pkgsrc/databases/mysql5-server/patches: patch-ao
Log Message:
Add fix for CAN-2006-0903 taken from MySQL bug #17667. Bump package
revision because of this security fix.
|
|
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.32
- pkgsrc/www/firefox/Makefile-firefox.common 1.29
- pkgsrc/www/firefox/distinfo 1.46, 1.47
- pkgsrc/www/firefox/patches/patch-ab 1.6
- pkgsrc/www/firefox/patches/patch-ac 1.8
- pkgsrc/www/firefox/patches/patch-bu removed
- pkgsrc/www/firefox/patches/patch-bv removed
- pkgsrc/www/firefox-gtk1/Makefile 1.10
Module Name: pkgsrc
Committed By: taya
Date: Thu Apr 13 14:47:50 UTC 2006
Modified Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-ac
Removed Files:
pkgsrc/www/firefox/patches: patch-bu patch-bv
Log Message:
use xpcom code for linux instead of our original.
fix PR/33181.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Apr 15 14:20:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
pkgsrc/www/firefox-gtk1: Makefile
pkgsrc/www/firefox/patches: patch-ab
Log Message:
Update to Firefox 1.5.0.2.
Firefox 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
For a detailed ChangeLog, see:
http://www.squarefree.com/burningedge/releases/1.5.0.2.html
|
|
|
|
README.html generation fix
Revision pulled up:
- pkgsrc/mk/scripts/genreadme.awk 1.22
Module Name: pkgsrc
Committed By: salo
Date: Sat Apr 15 15:00:24 UTC 2006
Modified Files:
pkgsrc/mk/scripts: genreadme.awk
Log Message:
Back to pkg-vulnerabilities format 1.0.0.
|
|
|
|
build fix for libgnomeprint
Revision pulled up:
- pkgsrc/print/libgnomeprint/Makefile 1.49
Module Name: pkgsrc
Committed By: salo
Date: Thu Apr 6 16:07:30 UTC 2006
Modified Files:
pkgsrc/print/libgnomeprint: Makefile
Log Message:
Needs bison to build.
|
|
|
|
security update for firefox-bin
Revisions pulled up:
- pkgsrc/www/firefox-bin/Makefile 1.16
- pkgsrc/www/firefox-bin/distinfo 1.15
Module Name: pkgsrc
Committed By: xtraeme
Date: Fri Apr 14 14:06:56 UTC 2006
Modified Files:
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update to 1.5.0.2:
* Universal Binary support for Mac OS X which provides native support
for Macintosh with Intel Core processors. Firefox supports the
enhancements to performance introduced by the new MacIntel chipsets.
* Improvements to product stability.
* Several security fixes.
|
|
|
|
bugfixes for the PLIST generation infrastructure
Revisions pulled up:
- pkgsrc/mk/plist/plist-info.awk 1.11, 1.12
Module Name: pkgsrc
Committed By: jlam
Date: Wed Apr 12 20:49:12 UTC 2006
Modified Files:
pkgsrc/mk/plist: plist-info.awk
Log Message:
If the info file doesn't exist on the disk, we should still output an
entry for it in the final PLIST. This allows us to locate info files
in the PLIST that aren't on the system during the CHECK_FILES stage.
---
Module Name: pkgsrc
Committed By: jlam
Date: Fri Apr 14 13:23:42 UTC 2006
Modified Files:
pkgsrc/mk/plist: plist-info.awk
Log Message:
Avoid () as a regular expression as the interpretation seems to be
implementation-defined by various awks.
|
|
|
|
security update for mailman
Revisions pulled up:
- pkgsrc/mail/mailman/MESSAGE 1.4
- pkgsrc/mail/mailman/Makefile 1.33
- pkgsrc/mail/mailman/PLIST 1.10
- pkgsrc/mail/mailman/distinfo 1.11
- pkgsrc/mail/mailman/patches/patch-ai removed
- pkgsrc/mail/mailman/patches/patch-aj removed
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Apr 10 20:33:12 UTC 2006
Modified Files:
pkgsrc/mail/mailman: MESSAGE Makefile PLIST distinfo
Removed Files:
pkgsrc/mail/mailman/patches: patch-ai patch-aj
Log Message:
Upgrade mailman to 2.1.8rc1, fix a cross-site scripting issue.
pkgsrc changes:
- install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and
change MESSAGES to point to mailman-install.txt
changes between 2.1.7 and 2.1.8rc1:
- A cross-site scripting hole in the private archive script of 2.1.7
has been closed. Thanks to Moritz Naumann for its discovery.
- Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
and several others.
- Updated email library to 2.5.7 which will encode payload into qp/base64
upon setting. This enabled backing out the scrubber related patches
including 'X-Mailman-Scrubbed' header in 2.1.7.
- Fix SpamDetect.py potential hold/reject loop problem.
- A warning message from email package to the stderr can cause error
in Logging because stderr may be detached from the process during
the qrunner run. We chose not to output errors to stderr but to
the logs/error if the process is running under mailmanctl subprocess.
- DKIM header cleansing was separated from Cleanse.py and added to
-owner messages too.
- Fixes: Lose Topics when go directly to topics URL (1194419).
UnicodeError running bin/arch (1395683). edithtml.py missing import
(1400128). Bad escape in cleanarch. Wrong timezone in list archive
index pages (1433673). bin/arch fails with TypeError (1430236).
Subscription fails with some Language combinations (1435722).
Postfix delayed notification not recognized (863989). 2.1.7 (VERP)
mistakes delay notice for bounce (1421285). show_qfiles: 'str'
object has no attribute 'as_string' (1444447). Utils.get_domain()
wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
|
|
|
|
NetBSD tap(4) support for openvpn
Revisions pulled up:
- pkgsrc/net/openvpn/Makefile 1.17
- pkgsrc/net/openvpn/distinfo 1.8
- pkgsrc/net/openvpn/patches/patch-ab 1.4
- pkgsrc/net/openvpn/patches/patch-ac 1.3
- pkgsrc/net/openvpn/patches/patch-ad 1.1
- pkgsrc/net/openvpn/patches/patch-ae 1.1
- pkgsrc/net/openvpn/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: jlam
Date: Tue Apr 11 20:09:52 UTC 2006
Modified Files:
pkgsrc/net/openvpn: Makefile distinfo
Added Files:
pkgsrc/net/openvpn/patches: patch-ab patch-ac patch-ad patch-ae
patch-af
Log Message:
Add support for NetBSD's cloning tap device to support "device tap"
configurations. Changes supplied in PR pkg/32929 by Alan Barrett.
Bump PKGREVISION to 1.
|