| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
security fix for dovecot
Updated via patch provided by the submitter.
http://dovecot.org/list/dovecot-cvs/2007-March/008488.html
|
|
|
|
security update for firefox2
Revisions pulled up:
- pkgsrc/www/firefox2/Makefile-firefox.common 1.6
- pkgsrc/www/firefox2/distinfo 1.9
- pkgsrc/www/firefox2-bin/Makefile 1.6
- pkgsrc/www/firefox2-bin/distinfo 1.4
Module Name: pkgsrc
Committed By: ghen
Date: Wed Mar 21 13:45:21 UTC 2007
Modified Files:
pkgsrc/www/firefox2: Makefile-firefox.common distinfo
pkgsrc/www/firefox2-bin: Makefile distinfo
Log Message:
Update firefox2, firefox2-bin and firefox2-gtk1 to 2.0.0.3.
Fixed in this version:
* Security update: MFSA 2007-11 (FTP PASV port-scanning) has been fixed.
* Website Compatibility: Fixed various web compatibility regressions.
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.3/releasenotes/
|
|
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/DESCR 1.2
- pkgsrc/www/firefox/Makefile-firefox.common 1.42
- pkgsrc/www/firefox/distinfo 1.64
- pkgsrc/www/firefox-bin/Makefile 1.27
- pkgsrc/www/firefox-bin/distinfo 1.24
- pkgsrc/www/firefox-gtk1/DESCR 1.3
Module Name: pkgsrc
Committed By: ghen
Date: Wed Mar 21 13:33:05 UTC 2007
Modified Files:
pkgsrc/www/firefox: DESCR Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox-gtk1: DESCR
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 1.5.0.11.
Fixed in this version:
* Security update: MFSA 2007-11 (FTP PASV port-scanning) has been fixed.
* Website Compatibility: Fixed various web compatibility regressions.
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.11.html
|
|
|
|
portability fixes for firefox and thunderbird
Revisions pulled up:
- pkgsrc/mail/thunderbird/distinfo 1.36
- pkgsrc/mail/thunderbird/patches/patch-dw 1.1
- pkgsrc/www/firefox/distinfo 1.63
- pkgsrc/www/firefox/patches/patch-dw 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Wed Mar 7 22:02:26 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: distinfo
Added Files:
pkgsrc/mail/thunderbird/patches: patch-dw
Log Message:
Fix build on DragonFly as RNG_RNGInit was calling itself due to bad
linkage. I love platform dependent magic in each Makefile.
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Mar 7 22:05:22 UTC 2007
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-dw
Log Message:
Merge patch-dw from thunderbird to fix build on DragonFly.
|
|
|
|
security patch for zope29
- pkgsrc/www/zope29/Makefile 1.8-1.10
- pkgsrc/www/zope29/PLIST 1.3
- pkgsrc/www/zope29/distinfo 1.2-1.4
Module Name: pkgsrc
Committed By: wiz
Date: Thu Feb 22 19:27:30 UTC 2007
Modified Files:
pkgsrc/www/zope29: Makefile
Log Message:
Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Mar 21 14:26:26 UTC 2007
Modified Files:
pkgsrc/www/zope29: Makefile PLIST distinfo
Log Message:
Add Hotfix_20070320 which fixes a security of privilege escalation.
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Mar 22 09:58:45 UTC 2007
Modified Files:
pkgsrc/www/zope29: distinfo
Log Message:
Hotfix file has updated, only addition reference to CVS-2007-0240
in README.txt.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Mar 22 13:44:10 UTC 2007
Modified Files:
pkgsrc/www/zope29: Makefile distinfo
Log Message:
- Set DIST_SUBDIR including date string to handle sudden change of
hotfix's content without chaging its name.
- Correct MASTER_SITES.
|
|
|
|
security update for squid
- pkgsrc/www/squid/MESSAGE.common 1.2
- pkgsrc/www/squid/Makefile 1.189-1.191
- pkgsrc/www/squid/distinfo 1.127-1.131
- pkgsrc/www/squid/options.mk 1.11-1.12
- pkgsrc/www/squid/patches/patch-ag 1.26
- pkgsrc/www/squid/patches/patch-at 1.1
- pkgsrc/www/squid/patches/patch-bc 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Tue Feb 6 20:22:15 UTC 2007
Modified Files:
pkgsrc/www/squid: distinfo options.mk
Added Files:
pkgsrc/www/squid/patches: patch-at
Log Message:
Allow transparent proxy support for PF on DragonFly.
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Feb 6 22:06:32 UTC 2007
Modified Files:
pkgsrc/www/squid: distinfo
pkgsrc/www/squid/patches: patch-ag
Log Message:
don't complain if the location of the DragonFly header exists.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 25 07:34:45 UTC 2007
Modified Files:
pkgsrc/www/squid: MESSAGE.common options.mk
Log Message:
Fix build problem with aufs option on DragonFly.
Reported by PR pkg/35656 by Kimura Fuyuki and applied patch from it.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Mar 4 11:32:59 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update www/squid to squid-2.6.10 (squid-2.6.STABLE10).
Changes to squid-2.6.STABLE10 (Mar 4 2007)
- Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
- various diskd bugfixes
- In the access.log hierarchy field log the unique peer name
instead of the host name
- unlinkdClose() should be called after (not before) storeDirSync()
- CLEAN_BUF_SZ was defined, but never used anywhere
- logging HTTP-request size
- Fix icmp pinger communication on FreeBSD and other not supporing
large dgram AF_UNIX sockets
- Release objects on swapin failure
- Bug #1787: Objects stuck in cache if origin server clock in future
- Bug #1420: 302 responses with an Expires header is always cached
- Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
- Clean up relations between TCP probing and DNS checks of peers with
no known addresses.
- Fix a minor HTML coding error in ftp directory listings with // in
the path
- Bug #1875, #1420. Cleanup of refresh logics when dealing with
non-refreshable content
- Negotiate authentication fixed again. Broken since STABLE7 by the
patch for Bug #1792.
- Bug #1892: COSS tries to shut down the same directory twice on exit
- Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
entries
- Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Mar 17 15:14:27 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
pkgsrc/www/squid/patches: patch-bc
Log Message:
Update squid to 2.6.11 (squid-2.6.STABLE11).
Changes to squid-2.6.STABLE11 (Mar 17 2007)
- Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
- Handle garbage helper responses better in concurrent protocol format
- Fix kqueue when overflowing the changes queue
- Make sure the child worker process commits suicide if it could
not start up
- Don't log short responses at debug level 1
- Fix bswap16 & bwsap32 error on NetBSD
- Fix collapsed_forwarding for non-GET requests
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Mar 21 05:25:02 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to 2.6.12.
This fixes a DoS security problem.
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt
Changes to squid-2.6.STABLE12 (Mar 20 2007)
- Assertion error on TRACE
|
|
|
|
security update for openafs
Revisions pulled up:
- pkgsrc/net/openafs/Makefile 1.21, 1.22
- pkgsrc/net/openafs/PLIST 1.5
- pkgsrc/net/openafs/distinfo 1.11
Module Name: pkgsrc
Committed By: gendalia
Date: Wed Mar 21 04:29:29 UTC 2007
Modified Files:
pkgsrc/net/openafs: Makefile distinfo
Log Message:
Update OpenAFS from 1.4.1 to 1.4.4.
Changes:
* Security bugfix:
- SetUID is no longer honored for the local cell by default. The
"fs setcellstatus" command must be issued for any cell the system
administrator wishes to allow setuid files in.
>From 1.4.3:
All unix systems:
- Fix Universal AFS Error mapping when the local OS does not define some
errors.
- Avoid byte range locking for java when it means to ask for a whole file
lock but uses a -1 length.
- Reinit resolver library on afsdb failure.
All systems:
- Make rxdebug be less aggressive when retransmitting.
- Allow unix domain socket for fileserver-volserver communication.
- Fix server fake address support when NetRestrict is being used.
- Fix crash when 3.4 jumbograms are part of an Rx connection.
- Fix crashes in pts chown and pts rename.
- Make asetkey buildable with Heimdal.
- Avoid potential orphaned files during vos restore.
- Improve ubik debug logging.
- Add vldb repair tool.
- Avoid potential bosserver process list corruption.
- Revert to previous fileserver startup attachment order.
>From 1.4.2:
All systems:
* Volume dump parsing code in the volserver has better error checking.
* salvager has improved damaged volume handling on namei fileservers.
* fileserver has size validity checks for when large file support is
disabled.
* fileserver avoids potentially multiply adding a host to its hash table.
* rxkad client private data storage is allocated dynamically on ticket size.
* Handle universal error code translation for file locking.
* fileserver needs to swap callback connections on a client IP change.
* fileserver host package revised to reduce lock contention.
* Rx has been fixed to count hard acks, thus opening the congestion window.
* All servers support bound Rx sockets (on one interface).
* namei fileserver no longer use lockf() to avoid range locking issues.
* most binaries now support the -version switch.
* backup suite fixes for 64 bit platforms.
* volserver avoids holding holds during volume purges.
* volserver avoids losing files on namei during vos zap.
> Since 1.4.1:
All systems:
* Fix rx usage of WSAStartup/WSACleanup
* Fix the code that writes the backconnectionhostnames value
to ensure that the data buffer is written with the correct
length.
* Do not panic if the maximum number of volume entries are in use
and one of them can be recycled.
* Add a missing lock that was lost during the pullup
of patchs for 1.4.1c
* Fix the pthread library so that it can be loaded
and unloaded safely by an application.
---
Module Name: pkgsrc
Committed By: gendalia
Date: Wed Mar 21 19:49:24 UTC 2007
Modified Files:
pkgsrc/net/openafs: Makefile PLIST
Log Message:
fix PLIST, bump PKGREVISION
|
|
|
|
security update for phpmyadmin
Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.58
- pkgsrc/databases/phpmyadmin/PLIST 1.17
- pkgsrc/databases/phpmyadmin/distinfo 1.28
Module Name: pkgsrc
Committed By: tron
Date: Tue Mar 20 14:17:16 UTC 2007
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update "phpmyadmin" package to version 2.10.0.2:
- Fix for PMASA-2007-3 (PHP Executor Deep Recursion Stack Overflow)
- New graphical relation manager, called Designer, available in
database view
|
|
|
|
security update for libwpd
Revisions pulled up:
- pkgsrc/converters/libwpd/Makefile 1.13
- pkgsrc/converters/libwpd/distinfo 1.4
- pkgsrc/converters/libwpd/patches/patch-aa 1.1
Module Name: pkgsrc
Committed By: rillig
Date: Sun Mar 18 20:41:28 UTC 2007
Modified Files:
pkgsrc/converters/libwpd: Makefile distinfo
Log Message:
Updated libwpd to 0.8.9.
CHANGES:
0.8.8 - 0.8.9
- Fix http://qa.openoffice.org/issues/show_bug.cgi?id=74134, a bug in WP1
document type detection where we could try to seek to a negative place
in document (Fridrich)
- Fix a regression wrt. 0.8.7 preventing the conversion of tab table in
WP1 and WP3 file-format (Fridrich)
- Fixed several overflow bugs reported by iDefense. An attacker could
create a carefully crafted Word Perfect file that could cause an
application linked with libwpd, such as OpenOffice, to crash or possibly
execute arbitrary code if the file was opened by a victim. (CVE-2007-0002)
(iDefense's Sean Larsson, Fridrich)
0.8.7 - 0.8.8
- Add unit tests for the stream class (Fridrich & Andrew Ziem)
- Ignore foot/endnotes that are referenced inside other foot/endnotes
(Fridrich); fixes http://www.openoffice.org/issues/show_bug.cgi?id=71487
- Handle graciously unsupported password-protected documents; (Fridrich)
fixes http://www.openoffice.org/issues/show_bug.cgi?id=72307
- Remove warnings on main OpenOffice.org platforms (Fridrich)
- Remove some potential memory leaks in the WPXPropertyList class
and optimize the WPXPropertyList subscription operator (Fridrich)
- When possible, pass WPXStrings by reference instead of passing them
by copy (Fridrich)
- Refactor WPXString to not cast from and to void*; refactor
WPXPropertyList and WPXPropertyListVector classes as to save a bunch
of virtual calls (Fridrich)
---
Module Name: pkgsrc
Committed By: rillig
Date: Sun Mar 18 20:41:50 UTC 2007
Added Files:
pkgsrc/converters/libwpd/patches: patch-aa
Log Message:
... and a patch for NetBSD 3.0.
|
|
|
|
security update for horde
Revisions pulled up:
- pkgsrc/www/horde/Makefile 1.49
- pkgsrc/www/horde/PLIST 1.15
- pkgsrc/www/horde/distinfo 1.17
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Mar 18 12:24:14 UTC 2007
Modified Files:
pkgsrc/www/horde: Makefile PLIST distinfo
Log Message:
Update to 3.1.4
------
v3.1.4
------
[jan] SECURITY: Correctly quote file names in cleanup script for temporary
files.
[jan] Fix RPC authentication on CGI SAPIs.
[jan] Detect unencrypted PGP messages.
----------
v3.1.4-RC1
----------
[jan] SECURITY: Fix an XSS vulnerability in the language selection.
[jan] Complete Cyrus virtual domain support in cyrsql driver (Vilius
Sumskas <vilius@lnk.lt>, Request #4967).
[jan] Add option whether to strip domains from usernames in the account
block (Request #4955).
[jan] Fix email lists not being validated under certain conditions (Bug
#4834).
[cjh] Add a REST-ful preferences interface.
[cjh] Faster DataTree-to-SQL History migration script (josh@endries.org,
Request #4732).
[cjh] Improved automatic webroot detection (Ben Klang, Request #4126).
[cjh] Rewrite and fix the OCI8 SessionHandler (Bug #3452).
[cjh] Allow signup hooks to override the user_name and password fields
(thomas@gelf.net, Request #2904).
[cjh] Fix creation of mailbox quotas by the Auth_cyrus driver
(pascal@vmfacility.fr, Bug #4678).
[cjh] Add "Save and Finish" to the share edit window (webmgr@muskingum.edu,
Request #4307).
[cjh] Let mailto: and anchor (#) links through Horde::externalUrl (Bug
#3079).
[cjh] Add smbclient version of the SMB Auth class (larry@wimble.biz,
Request #4338).
[cjh] Remove problematic "data descriptor" segment from generated ZIP
files (reitsma@denison.edu, Bug #4670).
[cjh] Strip accesskeys from menu tooltips when only showing icons (Bug
#4667).
[jan] Fix saving files in the root directory of an SQL VFS backend (Bug
#4652, Ben Klang <ben@alkaloid.net>).
[jan] Fix displaying all maintenance tasks to be confirmed at once (Bug
#4377).
[cjh] Fix return format of DataTree_null::getByAttributes()
(thomas.jarosch@intra2net.com, Bug #4651).
[jan] Support departments in vCard's ORG properties (martin@matuska.org,
Request #4285).
[cjh] Rename Auth_sasl backend to Auth_peclsasl to avoid conflicts with
PEAR's Auth_SASL (Bug #4547).
[cjh] Implement handling of vTimezones in iCalendar data
(Carl Thompson <lists-horde@carlthompson.net>, Bug #4399).
[cjh] keybindings.js now works with Safari/KHTML.
[jan] Avoid recursive folder creation when sharing Kolab folders
(michael.sheldon@credativ.de, Bug #4325).
[jan] Add Kolab specific account block driver to support special Kolab
users (mzizka@hotmail.com, Request: #4119).
[mms] Only dim below the last signature line of input text in the
dimsignature Text_Filter driver.
|
|
|
|
security update for p5-CGI-Session
- pkgsrc/www/p5-CGI-Session/Makefile 1.8
- pkgsrc/www/p5-CGI-Session/distinfo 1.4
Module Name: pkgsrc
Committed By: wiz
Date: Fri Mar 16 20:41:22 UTC 2007
Modified Files:
pkgsrc/www/p5-CGI-Session: Makefile distinfo
Log Message:
Update to 4.20:
4.20 - Monday, December 4, 2006
* INTERNAL: No Changes since 4.20_1. Declaring stable.
4.20_1 - Friday, November 24, 2006
* FIX: -ip_match now works even when it's not the last import item. (RT#21779)
* FIX: In the PostgreSQL driver, a race condition is when storing is now worked around. (Mark Stosberg)
* FIX: Added important clarification and example to MySQL driver docs that the session column
needs to be defined as a primary key to avoid duplicate sessions. (Justin Simoni, Mark Stosberg)
* FIX: The default serializer now works correctly with certain data structures. (RT#?) (Matt LeBlanc)
* FIX: A documentation bug in find() was fixed (Matt LeBlanc)
* FIX: Documented how to declare a database handle to be used on demand, which was introduced
in 4.04. (Mark Stosberg)
* FIX: Connections made with SQLite now disconnect only when appropriate, instead of always.
This addresses a symptom seen as "attempt to prepare on inactive database handle"
(Jaldhar Vyas, Sherzod, Mark Stosberg)
* FIX: Args to the constructor for CGI::Session and the drivers are now always shallow
copied rather than used directly, to prevent modification.
(RT#21952, Franck Porcher, Sherzod, Mark Stosberg)
* FIX: The documentation for expire($param, $time) was made more explicit
(pjf, Mark Stosberg)
* NEW: Added recommended use of flush() to the Synopsis (Michael Renner, RT#22333)
* NEW: Added links to Japanese translations of the documentation (Makio Tsukamoto)
http://digit.que.ne.jp/work/index.cgi?Perldoc/ja
* INTERNAL: Update test to workaround YAML versions less than 0.58. (Matt LeBlanc)
* INTERNAL: param() code was refactored for clarity (Mark Stosberg, Ali ISIK, RT#21782)
* INTERNAL: new() and load() were refactored (Ali Isik)
* INTERNAL: renamed some environment variables used for testing (Ron Savage)
* INTERNAL: Multi key-value syntax of param() now always returns number of keys
successfully processed, 0 if no key/values were processed.
4.14 - Sunday, June 11, 2006
* NEW: The find() command now has better documentation. (Ron Savage, Matt LeBlanc)
* FIX: find() no longer changes the access or modified times (RT#18442) (Matt LeBlanc)
* FIX: param() called with two parameters now returns the value set, if any (RT#18912) (Matt LeBlanc)
* FIX: driver, serializer, and id generator names are now untainted (RT#18873) (Matt LeBlanc)
* INTERNAL: automatic flushing has been documented to be unreliable, although
it was recommended in the past. Automatic flushing can be affected adversely
in persistent environments and in some cases by third party software. There are
also some cases in which flushing happened automatically in 3.x, but quit working
with 4.x. See these tickets for details.
http://rt.cpan.org/Ticket/Display.html?id=17541
http://rt.cpan.org/Ticket/Display.html?id=17299
4.13 - Wednesday, April 12, 2006
* FIX: Applied patch to fix cookie method (RT#18493,Nobuaki ITO)
* FIX: Berkeley DB 1.x exhibits a bug when used in conjunction with O_NOFOLLOW. Because of this,
we've removed it from the db_file driver. It will still attempt to stop symlinks but the
open itself has dropped the flag. (Matt LeBlanc)
* FIX: json and yaml db_file tests now check for the presence of DB_File. (Matt LeBlanc)
4.12 - Friday, April 7, 2006
* SECURITY: Fix possible SQL injection attack. (RT#18578, DMUEY)
4.11 - Friday, March 31, 2006
* FIX: Since 4.10, using name() as a class method was broken. This has
been fixed, and regression tests for both uses have been added. (Matt LeBlanc)
4.10 - Tuesday, March 28, 2006
* SECURITY: Hopefully this settles all of the problems with symlinks. Both the file
and db_file drivers now use O_NOFOLLOW with open when the file should exist and
O_EXCL|O_CREAT when creating the file. Tests added for symlinks. (Matt LeBlanc)
* SECURITY: sqlite driver no longer attempts to use /tmp/sessions.sqlt when no
Handle or DataSource is specified. This was a mistake from a security standpoint
as anyone on the machine would then be able to create and therefore insert data
into your sessions. (Matt LeBlanc)
* NEW: name is now an instance method (RT#17979) (Matt LeBlanc)
4.09 - Friday, March 16th, 2006
* SECURITY: Applying security patch from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 (Julien Danjou)
4.08 - Thursday, March 15th, 2006
* FIX: DESTROY was sometimes wiping out exception handling. RT#18183, Matt LeBlanc.
* SECURITY: Resolve some issues in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
- db_file and file now check for symlinks either explicitly or by using O_EXCL on sysopen
- file creation umask defaults to 660
* NEW: db_file and file drivers now accepts a UMask option. (Matt LeBlanc)
* INTERNAL: test suite clean up (Tyler MacDonald)
|
|
|
|
security update for trac
Revisions pulled up:
- pkgsrc/www/trac/Makefile 1.24, 1.25
- pkgsrc/www/trac/distinfo 1.18
Module Name: pkgsrc
Committed By: wiz
Date: Thu Feb 22 19:01:28 UTC 2007
Modified Files:
pkgsrc/www/trac: Makefile
Log Message:
pkglint cleanup; update HOMEPAGE/MASTER_SITES.
>From Sergey Svishchev in private mail.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Mar 10 20:55:34 UTC 2007
Modified Files:
pkgsrc/www/trac: Makefile distinfo
Log Message:
Update to 0.10.3.1:
Trac 0.10.3.1 (March 8, 2007)
http://svn.edgewall.org/repos/trac/tags/trac-0.10.3.1
Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially
unsafe (user provided) content is available for download. This behaviour
can be altered using the "render_unsafe_content" option in the
"attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in combination with
Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.
|
|
|
|
security update for asterisk
Revisions pulled up:
- pkgsrc/comms/asterisk/Makefile 1.35
- pkgsrc/comms/asterisk/distinfo 1.23
Module Name: pkgsrc
Committed By: drochner
Date: Wed Mar 7 12:10:29 UTC 2007
Modified Files:
pkgsrc/comms/asterisk: Makefile distinfo
Log Message:
update to 1.2.16
changes:
1.2.15: This release contains a significant Astribank (XPP) driver update,
support for Digium's TE120P card, and various bug fixes.
1.2.16: This release contains a number of bug fixes, including a fix for
a recently discovered security vulnerability. All Asterisk 1.2 users are
urged to update to this release as soon as possible.
This is in response to PR pkg/35924 by David Wetzel. The PR suggests
to update to 1.4.1, but since I'm not using Asterisk myself I prefer
to do just the minor update (which also fixes the security vulnerability)
for now.
|
|
|
|
security update for gnupg
Revisions pulled up:
- pkgsrc/security/gnupg/Makefile 1.94
- pkgsrc/security/gnupg/PLIST 1.21
- pkgsrc/security/gnupg/distinfo 1.46
Module Name: pkgsrc
Committed By: drochner
Date: Wed Mar 7 11:31:24 UTC 2007
Modified Files:
pkgsrc/security/gnupg: Makefile PLIST distinfo
Log Message:
update to 1.4.7, from Christian Gall per PR pkg/35940
This fixes a security problem which is rather an application issue:
The user wasn't notified about additional text (not covered by the
signature) unless the --status-fd flag is used.
|
|
|
|
compatibility fix for cyrus-imapd
Revisions pulled up:
- pkgsrc/mail/cyrus-imapd/Makefile 1.70
- pkgsrc/mail/cyrus-imapd/distinfo 1.27
- pkgsrc/mail/cyrus-imapd/patches/patch-al 1.3
Module Name: pkgsrc
Committed By: obache
Date: Fri Mar 9 14:46:08 UTC 2007
Modified Files:
pkgsrc/mail/cyrus-imapd: Makefile distinfo
pkgsrc/mail/cyrus-imapd/patches: patch-al
Log Message:
compatibility fix for SASL 2.1.22.
Taken from:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imtest/imtest.c.diff?r1=1.107&r2=1.108
Bump PKGREVISION.
Reported by Jukka Salmi in PR 35959.
|
|
|
|
require GCC version 3.x for C99 functionality
Revisions pulled up:
- pkgsrc/mk/compiler/gcc.mk 1.89
Module Name: pkgsrc
Committed By: gavan
Date: Mon Jan 8 19:29:45 UTC 2007
Modified Files:
pkgsrc/mk/compiler: gcc.mk
Log Message:
gcc2 does not support -std=c99. If c99 is needed, require
at least gcc 3.0.
|
|
|
|
security update for silc-server
- pkgsrc/chat/silc-server/Makefile 1.53
- pkgsrc/chat/silc-server/distinfo 1.32
Module Name: pkgsrc
Committed By: salo
Date: Tue Mar 6 22:33:22 UTC 2007
Modified Files:
pkgsrc/chat/silc-server: Makefile distinfo
Log Message:
Security update to version 1.0.3
Changes:
- Fixed a denial of service vulnerability: If invalid hmac or cipher
was specified on joining a channel, server crashed.
Upgrading is recommended.
|
|
|
|
security update for php4
Revisions pulled up:
- pkgsrc/www/php4/Makefile 1.75
- pkgsrc/www/php4/Makefile.common 1.55
- pkgsrc/www/php4/PLIST 1.16
- pkgsrc/www/php4/distinfo 1.61
- pkgsrc/www/php4/patches/patch-au removed
- pkgsrc/www/php4/patches/patch-av removed
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Mar 3 13:19:53 UTC 2007
Modified Files:
pkgsrc/www/php4: Makefile Makefile.common PLIST distinfo
Removed Files:
pkgsrc/www/php4/patches: patch-au patch-av
Log Message:
Update to 4.4.6
* Updated PCRE to version 7.0.
* Fixed segfault in ext/session when register_globals=On.
* Fixed (segfault in cURL extension).
* Fixed (possible cURL memory error).
* Fixed (imagettftext() multithreading issue).
* Fixed (ext/interbase compile failure).
* Fixed (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when
parent is killed).
4.4.5
# Upgraded PEAR to 1.5.0.
# Updated PCRE to version 6.7.
# Moved extensions to PECL: ext/ovrimos
# Added a meta tag to phpinfo() output to prevent search engines from
indexing the page.
# Backported a fix in the configure tests to detect the "rounding fuzz".
# Backported fix for ext/imap compilation failure with recent c-client
versions.
# Fixed missing open_basedir check inside chdir() function.
# Fixed (Compile fails when using GCC 4.1.1/binutils 2.17).
# Fixed (pg_insert/pg_update do not allow now() to be used for timestamp
fields).
# Fixed (using autoconf 2.6x and --with-layout=GNU breaks PEAR install
path).
# Fixed (Using $this not in object context can cause segfaults).
# Fixed (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is
enabled).
# Fixed (ftp_put() does not change transfer mode to ASCII).
# Fixed (ftp_nlist() returns false on empty dirs).
# Fixed (Allow building of curl extension against libcurl 7.16.0).
# Fixed (curl_exec() with return transfer returns TRUE on empty files).
# Fixed (Fixed a possible open_basedir bypass in tempnam()).
# Fixed (ldap_connect causes segfault with newer versions of OpenLDAP).
# Fixed (parse_url() fails if passing '@' in passwd).
# Fixed (Calling undefined method prints insufficient error message).
# Fixed (segfault when calling setlocale() in userspace session handler).
# Fixed (constructor is not called for classes used in userspace stream
wrappers).
# Fixed (wddx_serialize_value() generates no wellformed xml).
# Fixed (aggregate_methods_by_list fails to take certain methods).
# Fixed (natcasesort() causes array_pop() to misbehave).
# Fixed (CURLOPT_HEADERFUNCTION, couldn't set the function in the class).
# Fixed (recursive array_walk causes segfault).
|
|
|
|
security update for searmonkey
Updated to 1.0.8 via patch.
Changes:
MFSA 2007-10 Potential integer overflow with text/enhanced mail
MFSA 2007-09 Privilege escalation by setting img.src to javascript: URI
MFSA 2007-08 onUnload + document.write() memory corruption
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.8/changelog.html
|
|
|
|
|
|
security update for thunderbird
Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.23
- pkgsrc/mail/thunderbird/PLIST patch
- pkgsrc/mail/thunderbird/distinfo patch
- pkgsrc/mail/thunderbird/patches/patch-ap patch
- pkgsrc/mail/thunderbird/patches/patch-ax patch
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.9
Module Name: pkgsrc
Committed By: ghen
Date: Fri Mar 2 14:12:25 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST
distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/mail/thunderbird/patches: patch-ap patch-ax
Log Message:
Update thunderbird and thunderbird-gtk1 to 1.5.0.10. Fixed in this version:
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.10.html
|
|
|
|
build/usability fixes for clamav
- pkgsrc/mail/clamav/Makefile 1.69 via patch
- pkgsrc/mail/clamav/options 1.1
- pkgsrc/mail/p5-Mail-ClamAV/Makefile 1.21
- pkgsrc/mail/p5-Mail-ClamAV/distinfo 1.7
Module Name: pkgsrc
Committed By: wiz
Date: Wed Feb 21 22:10:47 UTC 2007
Modified Files:
pkgsrc/mail/p5-Mail-ClamAV: Makefile distinfo
Log Message:
Update to 0.20:
- Updated for new clamav release 0.90
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Feb 28 20:42:05 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile
Added Files:
pkgsrc/mail/clamav: options.mk
Log Message:
Disable --enable-experimental by default, because it does not work
correctly with sparc64.
Make it an option: clamav-experimental.
Move all options into the options.mk file.
|
|
security fix for xine-ui
|
|
security update for xine-ui
- pkgsrc/multimedia/xine-ui/Makefile 1.30, 1.34 via patch
- pkgsrc/multimedia/xine-ui/distinfo 1.12, 1.14 via patch
- pkgsrc/multimedia/xine-ui/patches/patch-ai 1.2
- pkgsrc/multimedia/xine-ui/patches/patch-aq 1.2
- pkgsrc/multimedia/xine-ui/patches/patch-ar 1.2
- pkgsrc/multimedia/xine-ui/patches/patch-as 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-au 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-av 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-aw 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-ax 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-ay 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-az 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-ba 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-bb 1.1
- pkgsrc/multimedia/xine-ui/patches/patch-bc 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Jan 9 14:52:41 UTC 2007
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
pkgsrc/multimedia/xine-ui/patches: patch-ar
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-as
Log Message:
fix PR pkg/35375: xine-ui freezes konsole sessions from
Sergey Svishchev, patch from xine CVS
---
Module Name: pkgsrc
Committed By: salo
Date: Sat Feb 17 22:48:18 UTC 2007
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
pkgsrc/multimedia/xine-ui/patches: patch-ai patch-aq
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-au patch-av patch-aw patch-ax
patch-ay patch-az patch-ba patch-bb patch-bc
Log Message:
Security fixes for CVE-2007-0254 (and more):
"A vulnerability has been reported in xine-ui, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format string error within the
"errors_create_window()" function in errors.c. This may be exploited to
execute arbitrary code by e.g. tricking a user into opening a specially
crafted playlist file."
Patch from SUSE.
Bump PKGREVISION.
XXX: The sources are a real mess. My condolences to everyone using it.
And good luck, you'll need it!..
|
|
|
|
fails because darwin doesn't list it in its imake config
this fixes a problem with gimp not building its xpm plugin
and possibly other packages because x11-links wasn't
linking libXpm
XXX is there a way to force x11-links to rebuild and any
packages that depended on finding libXpm via x11-links ?
|
|
|
|
MASTER_SITES update for fprot-workstation-bin
Revisions pulled up:
- pkgsrc/security/fprot-workstation-bin/Makefile 1.37
Module Name: pkgsrc
Committed By: njoly
Date: Fri Mar 2 09:15:24 UTC 2007
Modified Files:
pkgsrc/security/fprot-workstation-bin: Makefile
Log Message:
Download URLs have moved, update MASTER_SITES. Fixes PR/35710.
|
|
|
