Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security update for mysql5
Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile.common 1.11, 1.12
- pkgsrc/databases/mysql5-client/distinfo 1.6
- pkgsrc/databases/mysql5-client/patches/patch-ae 1.5
- pkgsrc/databases/mysql5-client/patches/patch-af 1.4
- pkgsrc/databases/mysql5-client/patches/patch-ag 1.2
- pkgsrc/databases/mysql5-server/Makefile 1.13
- pkgsrc/databases/mysql5-server/PLIST 1.6
- pkgsrc/databases/mysql5-server/distinfo 1.7
- pkgsrc/databases/mysql5-server/patches/patch-ac 1.2
- pkgsrc/databases/mysql5-server/patches/patch-ag 1.4
- pkgsrc/databases/mysql5-server/patches/patch-al 1.2
Module Name: pkgsrc
Committed By: cube
Date: Thu May 18 16:11:15 UTC 2006
Modified Files:
pkgsrc/databases/mysql5-client: Makefile.common distinfo
pkgsrc/databases/mysql5-client/patches: patch-ae patch-af patch-ag
pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
pkgsrc/databases/mysql5-server/patches: patch-ac patch-ag patch-al
Log Message:
Update to version 5.0.21.
Full listing of changes:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
Notable changes include:
- Security enhancement: Added the global max_prepared_stmt_count system
variable to limit the total number of prepared statements in the
server.
- The default for the innodb_thread_concurrency system variable was
changed to 8.
- Fixes for CVE-2006-1516, CVE-2006-1517 and CVE-2006-1518.
And a lot of bug fixes.
---
Module Name: pkgsrc
Committed By: tron
Date: Fri May 19 23:01:02 UTC 2006
Modified Files:
pkgsrc/databases/mysql5-client: Makefile.common
Log Message:
Fix build problem under Mac OS X by repairing broken OpenSSL (shared)
library detection.
|
|
|
|
security fix for xine-lib
Revisions pulled up:
- pkgsrc/multimedia/xine-lib/Makefile 1.35, 1.36
- pkgsrc/multimedia/xine-lib/distinfo 1.28, 1.29
- pkgsrc/multimedia/xine-lib/patches/patch-at 1.3
- pkgsrc/multimedia/xine-lib/patches/patch-aw 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 3 12:32:10 UTC 2006
Modified Files:
pkgsrc/multimedia/xine-lib: Makefile distinfo
Added Files:
pkgsrc/multimedia/xine-lib/patches: patch-aw
Log Message:
another missing mutex init
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: tron
Date: Thu May 18 18:45:37 UTC 2006
Modified Files:
pkgsrc/multimedia/xine-lib: Makefile distinfo
Added Files:
pkgsrc/multimedia/xine-lib/patches: patch-at
Log Message:
Fix security problem reported in CVE-2006-1664.
Bump package revision because of this fix.
|
|
|
|
security update for nagios
Revisions pulled up:
- pkgsrc/net/nagios-base/Makefile 1.8
- pkgsrc/net/nagios-base/distinfo 1.3
- pkgsrc/net/nagios-base/patches/patch-ah 1.1
Module Name: pkgsrc
Committed By: bouyer
Date: Wed May 17 20:47:41 UTC 2006
Modified Files:
pkgsrc/net/nagios-base: Makefile distinfo
Added Files:
pkgsrc/net/nagios-base/patches: patch-ah
Log Message:
Update to 2.3.1: fix another content-length buffer overflow in CGIs.
|
|
|
|
security update for awstats
Revisions pulled up:
- pkgsrc/www/awstats/MESSAGE 1.6
- pkgsrc/www/awstats/Makefile 1.25
- pkgsrc/www/awstats/PLIST 1.9, 1.10
- pkgsrc/www/awstats/distinfo 1.14
- pkgsrc/www/awstats/patches/patch-aa removed
- pkgsrc/www/awstats/patches/patch-ab 1.4
Module Name: pkgsrc
Committed By: minskim
Date: Tue May 16 18:13:55 UTC 2006
Modified Files:
pkgsrc/www/awstats: MESSAGE Makefile PLIST distinfo
pkgsrc/www/awstats/patches: patch-ab
Removed Files:
pkgsrc/www/awstats/patches: patch-aa
Log Message:
Update awstats to 6.6.
Major changes since 6.4:
- Fixed CVE-2006-2237.
- All geoip plugins support the PurePerl version.
- Possible use of vhost in extra section.
- Support IPv6 in AllowAccessFromWebToFollowingIPAddresses parameter.
- Added svn family to browsers detection.
- RSS catcher/readers in robot database.
- LogFormat=3D2 can now change its value dynamically if logformat change.
- More new features and bug fixes.
---
Module Name: pkgsrc
Committed By: minskim
Date: Wed May 17 16:39:47 UTC 2006
Modified Files:
pkgsrc/www/awstats: PLIST
Log Message:
Correct file names. Reported by Yoshito Komatsu in PR pkg/33501.
|
|
|
|
security update for dovecot
Revisions pulled up:
- pkgsrc/mail/dovecot/Makefile 1.47, 1.48, 1.49, 1.51
- pkgsrc/mail/dovecot/PLIST 1.9, 1.10
- pkgsrc/mail/dovecot/distinfo 1.26, 1.27, 1.28, 1.29
- pkgsrc/mail/dovecot/patches/patch-aa 1.6
- pkgsrc/mail/dovecot/patches/patch-ab 1.12
- pkgsrc/mail/dovecot/patches/patch-ac removed
- pkgsrc/mail/dovecot/patches/patch-ad removed
- pkgsrc/mail/dovecot/patches/patch-ae removed
Module Name: pkgsrc
Committed By: ghen
Date: Tue Apr 4 09:38:46 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile PLIST distinfo
pkgsrc/mail/dovecot/patches: patch-aa patch-ab
Removed Files:
pkgsrc/mail/dovecot/patches: patch-ac patch-ad patch-ae
Log Message:
Update Dovecot from 1.0beta3 to 1.0beta5. The beta4 release had SSL issues
which were fixed again in beta5.
patch-ac and patch-ad were taken from CVS and are not needed anymore.
Changes in Dovecot 1.0beta4:
* Changed the default lock_method back to fcntl. Apparently flock
gives problems with some systems.
* mbox: mailboxes beginning with '.' are now also listed
* Replaced mail_use_modules and mail_modules settings with mail_plugins
and mail_plugin_dir. Now instead of loading all plugins from the
directory, you'll have to give a list of plugins to load. If the
plugin couldn't be loaded, the process exits instead of just
ignoring the problem (this is important with ACL plugin).
+ Added support for "master users" who can log in as other people.
The master username can be given either in authorization ID
string with SASL PLAIN mechanism or by setting
auth_master_user_separator and giving it within the normal username
string.
+ Added ACL plugin with ACL file backend. This however doesn't mean
that there yet exists a proper shared folder support. If master user
logged in as someone else, the ACLs are checked as the master user.
+ Added some Dovecot extensions to checkpassword passdb, see ChangeLog
+ Updated passwd-file format to allow specifying any key=value fields
+ Maildir++ quota support and several quota fixes
+ passdb supporting extra fields: Added "allow_nets" option which takes
a comma separated list of IPs/networks where to allow user to log in.
+ NFS: Handle ESTALE errors the best way we can
+ IMAP now writes to log when client disconnects
+ In shared mailboxes (if dovecot-shared file exists) \Seen flags are
now kept only in index files, so as long as each user has a separate
index file they have separate \Seen flags.
- Fixes to DIGEST-MD5 realm handling so it works with more clients
- BODYSTRUCTURE -> BODY conversion from cache file was broken with
mails containing message/rfc822 parts.
- Fixed several memory leaks
- We could have sent client FETCH notifications about messages before
telling about them with EXISTS
- Compiling fixes for Solaris and some other OSes
- Fixed problem with internal timeout handling code, which caused eg.
outlook-idle workaround to break.
- If /dev/urandom didn't exist, we didn't seed OpenSSL's random number
generator properly. Patch by Vilmos Nebehaj.
- Maildir: Recent flags weren't always immediately removed from mails
when mailbox was opened.
- Several changes to SSL proxying code, hopefully making it work
better.
Changes in Dovecot 1.0beta5:
- Beta4's SSL proxying rewrite worked worse than I thought.
Reverted it back to original code.
- Filesystem quota plugin now looks up the mount path correctly.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Apr 12 18:19:16 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Log Message:
Update to 1.0beta6:
v1.0.beta6 2006-04-12
* The login and master usernames were reversed when using
master_user_separator (now the order is UW-IMAP compatible).
* Killing dovecot master process now kills all IMAP and POP3
processes also.
+ -a parameter to dovecot prints now all settings that Dovecot uses.
-n prints all settings that are different from defaults.
+ Added pop3_lock_session setting
+ %M modifier returns string's MD5 sum. Patch by Ben Winslow
- PLAIN SASL authentication wasn't working properly, causing failed
logins with some clients (broken in beta4)
- Fixes to Maildir++ quota, should actually work now
- Don't crash if passwd-file has entries without passwords
(eg. deny=yes databases)
- Fixed prefetch userdb to work nicely with other userdbs
- If master process runs out of file descriptors, don't go to
infinite loop (unlikely to have happened unless the OS's default
fd limit was too low)
- Fixed non-plaintext password lookups from LDAP. Patch by Lior Okman
- %U modifier was actually lowercasing the string. Patch by
Ben Winslow
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Apr 14 19:01:53 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Log Message:
Update dovecot to 1.0beta7:
+ Added shutdown_clients setting to control if existing imap/pop3 processes
should be killed when master is.
- Master login fixes, PLAIN authentication was still broken..
---
Module Name: pkgsrc
Committed By: grant
Date: Fri May 12 11:02:48 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Log Message:
update dovecot to 1.0beta8.
changes since 1.0beta7:
* Fixed a security hole with mbox: "1 LIST .. *" command could
list all directories and files under the mbox root directory, so
if your mails were stored in eg. /var/mail/%u/ directory, the
command would list everything under /var/mail.
+ Unless nfs_check=no or mmap_disable=yes, check for the first login
if the user's index directory exists in NFS mount. If so, refuse to
run. This is done only on first login to avoid constant extra
overhead.
+ If we have plugins set and imap_capability unset, figure out the
IMAP capabilities automatically by running imap binary at startup.
The generated capability list isn't updated until Dovecot is
restarted completely, so if you add or remove IMAP plugins you
should restart. If you have problems related to this, set
imap_capabilities setting manually to work around it.
+ Added auth_username_format setting
- pop3_lock_session setting wasn't really working
- Lots of fixes related to quota handling. It's still not working
perfectly though.
- Lots of index handling fixes, especially with mmap_disable=yes
- Maildir: saving mails could have sometimes caused "Append with UID
n, but next_uid = m" errors
- flock() locking never timeouted because ignoring SIGALRM caused the
system call just to be restarted when SIGALRM occurred (probably not
with all OSes though?)
- kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
---
Module Name: pkgsrc
Committed By: jwise
Date: Fri May 12 15:47:39 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: PLIST
Log Message:
Fix missing file (lib/dovecot/pop3/lib01_quota_plugin.so) in PLIST.
|
|
|
|
update checksum for qmail Darwin patch
Revisions pulled up:
- pkgsrc/mail/qmail/distinfo 1.15
Module Name: pkgsrc
Committed By: schmonz
Date: Thu May 11 20:10:10 UTC 2006
Modified Files:
pkgsrc/mail/qmail: distinfo
Log Message:
The descriptive text at the beginning of panther.patch has been changed;
update checksums.
|
|
|
|
portability fix for icewm
Revisions pulled up:
- pkgsrc/wm/icewm/distinfo 1.30
- pkgsrc/wm/icewm/patches/patch-aj 1.1
Module Name: pkgsrc
Committed By: ghen
Date: Sat May 13 17:01:11 UTC 2006
Modified Files:
pkgsrc/wm/icewm: distinfo
Added Files:
pkgsrc/wm/icewm/patches: patch-aj
Log Message:
Fix the build on NetBSD/sparc64.
|
|
|
|
security update for phpmyadmin
Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.49
- pkgsrc/databases/phpmyadmin/distinfo 1.21
Module Name: pkgsrc
Committed By: tron
Date: Sat May 13 09:56:36 UTC 2006
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 2.8.0.4. This version fixes the
security vulnerability reported in PMASA-2006-2 and CVE-2006-2031.
|
|
|
|
security update for nagios
Revisions pulled up:
- pkgsrc/net/nagios-base/Makefile 1.6
- pkgsrc/net/nagios-base/distinfo 1.2
Module Name: pkgsrc
Committed By: bouyer
Date: Tue May 9 18:09:10 UTC 2006
Modified Files:
pkgsrc/net/nagios-base: Makefile distinfo
Log Message:
Update to nagios 2.3:
[Security] Bug fix for negative HTTP content_length header in CGIs
Added missing links for notes_url and action_url to service column of status
detail page
Changed freshness logic so that passive checks don't immediately go stale
after program restart
Bug fix for minor memory leak in object cleanup code
Bug fix for flapping notifications during scheduled downtime
Bug fix for $TOTALHOSTSDOWNUNHANDLED$ macro
Bug fix in sample minimal.cfg file
Bug fix in status CGI when displaying servicegroups
Bug fixes in computation of indeterminate time and scheduled downtime in
availability CGI
Bug fix with not deleting all comments associated with a service
Lowered max plugin output length from 348 to 332 chars to run on 64-bit
systems without problems
Minor fix to p1.pl for embedded Perl interpreter
Minor fixes to WAP interface (statuswml CGI)
Minor bug fix to VRML interface (statuswrl CGI)
Minor doc updates
|
|
|
|
security fix for xorg
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: tron
Date: Wed May 3 12:23:48 UTC 2006
Modified Files:
pkgsrc/x11/xorg-libs: distinfo
pkgsrc/x11/xorg-server: Makefile
Added Files:
pkgsrc/x11/xorg-libs/patches: patch-bh
Log Message:
Apply patch to fix vulnerability reported in CVE-2006-1526.
Bump package revision because of this fix.
|
|
|
|
update acroread7 dependencies
Revisions pulled up:
- pkgsrc/print/acroread7/Makefile 1.11
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 17 21:40:11 UTC 2006
Modified Files:
pkgsrc/print/acroread7: Makefile
Log Message:
Fix dependencies for NetBSD/i386: needs 10.0 suse libraries and
suse_compat. Bump PKGREVISION.
Noted by smb@
|
|
|
|
security update for firefox-bin
Revisions pulled up:
- pkgsrc/www/firefox-bin/Makefile 1.17
- pkgsrc/www/firefox-bin/distinfo 1.16
Module Name: pkgsrc
Committed By: tron
Date: Wed May 3 08:29:19 UTC 2006
Modified Files:
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update "firefox-bin" package to version 1.5.0.3. Changes since 1.5.0.2:
- Security fix for denial of service vulnerability reported in
Mozilla Foundation Security Advisory 2006-30
|
|
|
|
security update for asterisk
Revisions pulled up:
- pkgsrc/comms/asterisk/Makefile 1.23, 1.24
- pkgsrc/comms/asterisk/PLIST.common 1.6
- pkgsrc/comms/asterisk/distinfo 1.12, 1.13
- pkgsrc/comms/asterisk/patches/patch-aa 1.8
- pkgsrc/comms/asterisk/patches/patch-ae 1.3
- pkgsrc/comms/asterisk/patches/patch-af 1.4
- pkgsrc/comms/asterisk/patches/patch-ag 1.2
Module Name: pkgsrc
Committed By: adam
Date: Thu Apr 13 08:47:06 UTC 2006
Modified Files:
pkgsrc/comms/asterisk: Makefile PLIST.common distinfo
pkgsrc/comms/asterisk/patches: patch-aa patch-ae patch-af patch-ag
Log Message:
Changes 1.2.7:
* Important bug fixes
* SIP handling
* MixMonitor call recording
---
Module Name: pkgsrc
Committed By: mjl
Date: Thu Apr 13 18:36:58 UTC 2006
Modified Files:
pkgsrc/comms/asterisk: Makefile distinfo
Log Message:
Update to asterisk 1.2.7.1
* apps/app_page.c: oops... let's not set a variable and then
immediately overwrite it while assuming its old value will
magically return
* pbx.c: Bug 6957 - variable names beginning with CALLERID weren't
substituted correctly
|
|
|
|
rsync bugfix update
Revisions pulled up:
- pkgsrc/net/rsync/Makefile 1.65
- pkgsrc/net/rsync/distinfo 1.24
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 28 16:08:37 UTC 2006
Modified Files:
pkgsrc/net/rsync: Makefile distinfo
Log Message:
Update to 2.6.8:
NEWS for rsync 2.6.8 (22 Apr 2006)
Protocol: 29 (unchanged)
Changes since 2.6.7:
BUG FIXES:
- Fixed a bug in the exclude code where an anchored exclude without any
wildcards fails to match an absolute source arg, but only when --relative
is in effect.
- Improved the I/O code for the generator to fix a potential hang when the
receiver gets an EOF on the socket but the generator's select() call
never indicates that the socket is writable for it to be notified about
the EOF. (This can happen when using stunnel).
- Fixed a problem with the file-reading code where a failed read (such as
that caused by a bad sector) would not advance the file's read-position
beyond the failed read's data.
- Fixed a logging bug where the "log file" directive was not being honored
in a single-use daemon (one spawned by a remote-shell connection or by
init).
- If rsync cannot honor the --delete option, we output an error and exit
instead of silently ignoring the option.
- Fixed a bug in the --link-dest code that prevented special files (such as
fifos) from being linked.
- The ability to hard-link symlinks and special files is now determined at
configure time instead of at runtime. This fixes a bug with --link-dest
creating a hard-link to a symlink's referent on a BSD system.
ENHANCEMENTS:
- In daemon mode, if rsync fails to bind to the requested port, the
error(s) returned by socket() and/or bind() are now logged.
- When we output a fatal error, we now output the version of rsync in the
message.
- Improved the documentation for the --owner and --group options.
- The rsyncstats script in "support" has an improved line-parsing regex
that is easier to read and also makes it to parse syslog-generated lines.
- A new script in "support": file-attr-restore, can be used to restore the
attributes of a file-set (the permissions, ownership, and group info)
taken from the cached output of a "find ARG... -ls" command.
|
|
|
|
security update for cgiirc
Revisions pulled up:
- pkgsrc/chat/cgiirc/Makefile 1.10
- pkgsrc/chat/cgiirc/PLIST 1.2
- pkgsrc/chat/cgiirc/distinfo 1.5
Module Name: pkgsrc
Committed By: adrianp
Date: Tue May 2 21:43:34 UTC 2006
Modified Files:
pkgsrc/chat/cgiirc: Makefile PLIST distinfo
Log Message:
Update to 0.5.8
> 0.5.8
> - Translations into German, Dutch, Romanian and Norwegian (thanks
> OUTsider/scarynet)
> - Russian translation of help
> - Some more UTF-8 fixes (including joining channels with non-ASCII chars,
> thanks to Jonas Liljegren)
> - Server balancing support
> - Identd supports multiple installs
> - Fix buffer overflow in client.cgi
> - Other misc fixes (see
> http://cvs.cgiirc.org/timeline?d=300&e=2006-Apr-30&c=2)
>
> 0.5.7
> - Fixed to work on Perl <5.8
> - Perform config option
|
|
|
|
security fix for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.34
- pkgsrc/www/firefox/distinfo 1.48
- pkgsrc/www/firefox/patches/patch-fa 1.1
- pkgsrc/www/firefox/patches/patch-fb 1.1
- pkgsrc/www/firefox-gtk1/Makefile 1.12
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 28 16:11:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Fix a memory management / refcount problem which can lead to a DOS or
possible code injection, affecting nested iframes.
See https://bugzilla.mozilla.org/show_bug.cgi?id=334515 and
http://www.securident.com/vuln/ff.txt
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue May 2 10:10:43 UTC 2006
Modified Files:
pkgsrc/www/firefox-gtk1: Makefile
Log Message:
PKGREVISION bump for firefox security fix, pointed out by Lubomir Sedlacik
|
|
|
|
bonnie runtime fix
Revisions pulled up:
- pkgsrc/benchmarks/bonnie/Makefile 1.27
- pkgsrc/benchmarks/bonnie/distinfo 1.7
- pkgsrc/benchmarks/bonnie/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed Apr 12 10:55:49 UTC 2006
Modified Files:
pkgsrc/benchmarks/bonnie: Makefile distinfo
pkgsrc/benchmarks/bonnie/patches: patch-ac
Log Message:
The patch in PR pkg/21421 had a bug: The memory allocated for "Chunk"
was too short. This made the program die from EFAULT randomly.
Found by Konrad Schroder.
Apply his fix that and bump PKGREVISION.
|
|
|
|
security update for mantis
Revisions pulled up:
- pkgsrc/devel/mantis/Makefile 1.20
- pkgsrc/devel/mantis/PLIST 1.7
- pkgsrc/devel/mantis/distinfo 1.7
Module Name: pkgsrc
Committed By: adrianp
Date: Mon May 1 13:00:40 UTC 2006
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Update to 1.0.2
> 2006.04.18 - 1.0.2
> - 0006902: [security] XSS in mantis bug track system .... (thraxisp)
> - 0006859: [bugtracker] Can send reminders to all recipients (thraxisp)
>
> 2006.02.18 - 1.0.1
> - 0006722: [installation] Remaining mysqli_ install problems (ref.
> #0006672): my sqli_real_escape_string() expects parameter
> 1 to be link (thraxisp)
> - 0006672: [installation] install.php assumes mysql extension, fails
> with mysqli extension (thraxisp)
> - 0006668: [filters] Parse error while saving new filter: Call to
> undefined function: string_strip_tags() (thraxisp)
>
> 2006.02.04 - 1.0.0
> - 0006044: [security] 'Return' _GET is not checked (thraxisp)
> - 0006650: [security] ADOdb can be exploited to execute arbitrary SQL
> code (vboctor)
> - 0006659: [security] Cross site scripting vulnerability (thraxisp)
> - 0006634: [filters] Filter does not work with profiles (vboctor)
|
|
|
|
security update for clamav
Revisions pulled up:
- pkgsrc/mail/clamav/Makefile 1.58
- pkgsrc/mail/clamav/distinfo 1.35
Module Name: pkgsrc
Committed By: xtraeme
Date: Sun Apr 30 06:50:00 UTC 2006
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Log Message:
Update to 0.88.2:
This release improves virus detection, fixes zip handling on 64-bit
architectures and possible security problem in freshclam.
|
|
|
|
security updates for {,ja-}trac
Revisions pulled up:
- pkgsrc/www/trac/Makefile 1.19
- pkgsrc/www/trac/distinfo 1.14
- pkgsrc/www/ja-trac/Makefile 1.3
- pkgsrc/www/ja-trac/distinfo 1.3
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 26 16:08:21 UTC 2006
Modified Files:
pkgsrc/www/trac: Makefile distinfo
Log Message:
Update to version 0.9.5
From Akio OBATA via PR pkg/33367.
Changes:
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
Trac 0.9.4 (Feb 15, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.4
- Deletion of reports has been fixed.
- Various encoding issues with the timeline RSS feed have been fixed.
- Fixed a memory leak when syncing with the repository.
- Milestones in the roadmap are now ordered more intelligently.
- Fixed bugs: #1064, #1150, #2006, #2253, #2324, #2330, #2408, #2430,
#2431, #2459, #2544, #2459, #2481, #2485, #2536, #2544, #2553,
#2580, #2583, #2606, #2613, #2621, #2664, #2666, #2680, #2706,
#2707, #2735
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 26 16:09:49 UTC 2006
Modified Files:
pkgsrc/www/ja-trac: Makefile distinfo
Log Message:
Update to version 0.9.5.1
From Akio OBATA via PR pkg/33368.
Changes:
Trac-0.9.5-ja-1 (Apr 19, 2006)
- Merge trac-0.9.5
- Update to current statement.
- README.trac-ja
- wiki-default/TracJa
Trac 0.9.5 (Apr 18, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
- Fixed wiki macro XSS vulnerability found by Mr. Kazuhiro Nishiyama
at InterAct. http://jvn.jp/jp/JVN%2384091359/index.html
- Smaller memory usage when accessing subversion history.
- Fixed issue with incorrectly generated urls when installed behind
a web proxy (#2531).
- Fixed bugs: #2531, #2777, #3020.
|
|
|
|
portability fix for emacs
Revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.92
- pkgsrc/editors/emacs/distinfo 1.27
- pkgsrc/editors/emacs/patches/patch-az 1.14
- pkgsrc/editors/emacs-nox11/Makefile 1.21
Module Name: pkgsrc
Committed By: markd
Date: Wed Apr 5 22:22:16 UTC 2006
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
pkgsrc/editors/emacs-nox11: Makefile
Added Files:
pkgsrc/editors/emacs/patches: patch-az
Log Message:
Pass the correct sized argument to sbrk() when trying to reduce the break
so that on 64bit systems it is actually a negative number, not a very
large positive one. Should fix PR pkg/29351.
Thanks to Martijn van Buul for giving me access to an amd64 box so I
could track this down. Bump PKGREVISION.
|
|
|
|
security fix for xine-ui
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 21 11:11:26 UTC 2006
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-aq patch-ar
Log Message:
fix some format string vulnerabilities, see
http://www.open-security.org/advisories/16
|
|
|
|
|
|
security update for ethereal
Revisions pulled up:
- pkgsrc/net/ethereal/Makefile 1.129
- pkgsrc/net/ethereal/PLIST 1.25
- pkgsrc/net/ethereal/distinfo 1.50
- pkgsrc/net/ethereal/patches/patch-aa removed
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 25 10:04:20 UTC 2006
Modified Files:
pkgsrc/net/ethereal: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/ethereal/patches: patch-aa
Log Message:
Update "ethereal" package to version 0.99.0.
Changes since version 0.10.14 include:
- security fixes for problems discovered by a Coverity scan
- new utility "dumpcap" for capturing packets from a live network and
writing them to a file has been added.
- support for ACP133, E.212, Nortel LGE Monitor and OICQ protocols
|
|
|
|
security update for mozilla
Revisions pulled up:
- pkgsrc/www/mozilla/DESCR 1.3, 1.4
- pkgsrc/www/mozilla/Makefile 1.158
- pkgsrc/www/mozilla/buildlink3.mk 1.20
- pkgsrc/www/mozilla/distinfo 1.89
- pkgsrc/www/mozilla-gtk2/DESCR 1.3, 1.4
- pkgsrc/www/mozilla/patches/patch-cn 1.1
- pkgsrc/www/mozilla-gtk2/Makefile 1.37
- pkgsrc/www/mozilla-gtk2/buildlink3.mk 1.18
Module Name: pkgsrc
Committed By: veego
Date: Mon Apr 24 16:52:58 UTC 2006
Modified Files:
pkgsrc/www/mozilla: Makefile buildlink3.mk distinfo
pkgsrc/www/mozilla-gtk2: Makefile buildlink3.mk
Added Files:
pkgsrc/www/mozilla/patches: patch-cn
Log Message:
Update "mozilla" packages to version 1.7.13. Changes since 1.7.12:
- stability fixes
- security fixes
- MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
- MFSA 2006-25 Privilege escalation through Print Preview
- MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
- MFSA 2006-23 File stealing by changing input type
- MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
- MFSA 2006-21 JavaScript execution in mail when forwarding in-line
- MFSA 2006-19 Cross-site scripting using .valueOf.call()
- MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
- MFSA 2006-17 cross-site scripting through window.controllers
- MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
- MFSA 2006-15 Privilege escalation using a JavaScript function's cloned
parent
- MFSA 2006-14 Privilege escalation via XBL.method.eval
- MFSA 2006-13 Downloading executables with "Save Image As..."
- MFSA 2006-12 Secure-site spoof (requires security warning dialog)
- MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
- MFSA 2006-10 JavaScript garbage-collection hazard audit
- MFSA 2006-09 Cross-site JavaScript injection using event handlers
- MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
- MFSA 2006-03 Long document title causes startup denial of Service
- MFSA 2006-01 JavaScript garbage-collection hazards
- additional patch to fix pr#33333
Shin'ichiro TAYA told me that i can do this update.
---
Module Name: pkgsrc
Committed By: ghen
Date: Mon Apr 24 18:48:12 UTC 2006
Modified Files:
pkgsrc/www/mozilla: DESCR
pkgsrc/www/mozilla-gtk2: DESCR
Log Message:
Reindent.
---
Module Name: pkgsrc
Committed By: ghen
Date: Mon Apr 24 18:52:25 UTC 2006
Modified Files:
pkgsrc/www/mozilla: DESCR
pkgsrc/www/mozilla-gtk2: DESCR
Log Message:
As the 1.7.13 release marked the end-of-life of the Mozilla Suite
product line, users of the Mozilla Suite are adviced to switch over to
Firefox (www/firefox) and Thunderbird (mail/thunderbird). For those who
still like the Suite, there is Seamonkey (pkgsrc/www/seamonkey), a
community-driven project to continue the Mozilla Suite.
For more information, see the Mozilla Suite 1.7.x Product Sunset
Announcement:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
|
|
|