| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
rt3: security update
Revisions pulled up:
- devel/rt3/Makefile 1.40
- devel/rt3/Makefile.install 1.14
- devel/rt3/PLIST 1.16
- devel/rt3/distinfo 1.14
---
Module Name: pkgsrc
Committed By: spz
Date: Fri Dec 4 09:30:20 UTC 2009
Modified Files:
pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo
Log Message:
update of rt3 to next version (without the session hijacking vulnerability)
upstream changelog:
UPGRADING FROM 3.8.5 and earlier - Changes:
You can now forward an entire Ticket history (in addition to specific
transactions) but this requires a new Template called forward ticket.
This template will be added when you run.
/opt/rt3/sbin/rt-setup-database --dba root --prompt-for-dba-password --action
upgrade
Custom fields with categories can optionally be split out into
hierarchical custom fields. If you wish to convert your old
category-based custom fields, run:
perl etc/upgrade/split-out-cf-categories
It will prompt you for each custom field with categories that it
finds, and the name of the custom field to create to store the
categories.
If you were using the LocalizedDateTime RT::Date formatter from code
and passing a DateFormat or TimeFormat argument, you need to switch from
the strftime methods to the cldr methods (ie full_date_format becomes
date_format_full)
You may have done this from your RT_SiteConfig.pm by using
Set($DateTimeFormat, { Format => 'LocalizedDateTime', DateFormat =>
'medium_date_format' );
|
|
|
|
libvorbis: security patch
Revisions pulled up:
- audio/libvorbis/Makefile 1.49
- audio/libvorbis/distinfo 1.18
- audio/libvorbis/patches/patch-aa 1.5
- audio/libvorbis/patches/patch-ab 1.5
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Dec 2 12:41:25 UTC 2009
Modified Files:
pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
pkgsrc/audio/libvorbis/patches: patch-aa patch-ab
Log Message:
Apply some possible security fixes from upstream SVN.
Glanced from links in mozilla advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
and Fedora Core patches for 1.2.0.
Bump PKGREVISION.
|
|
pear-Mail: security update
Revisions pulled up:
- mail/pear-Mail/Makefile 1.10
- mail/pear-Mail/distinfo 1.3-1.4
- mail/pear-Mail/patches/patch-ab 1.1
- mail/pear-Mail/patches/patch-aa 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 30 06:16:56 UTC 2009
Modified Files:
pkgsrc/mail/pear-Mail: Makefile distinfo
Added Files:
pkgsrc/mail/pear-Mail/patches: patch-aa
Log Message:
Add a fix for http://secunia.com/advisories/37410/ refering
Debian's patch via http://secunia.com/advisories/37458/
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Dec 3 08:11:40 UTC 2009
Modified Files:
pkgsrc/mail/pear-Mail: distinfo
Added Files:
pkgsrc/mail/pear-Mail/patches: patch-ab
Log Message:
Try to fix build problem on amd64 (at least).
|
|
|
|
|
|
apr: security update
Revisions pulled up:
- devel/apr/Makefile 1.60
- devel/apr/distinfo 1.28
---
Module Name: pkgsrc
Committed By: fhajny
Date: Wed Dec 2 11:36:27 UTC 2009
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update to 1.3.9 (security fix).
Changes for APR 1.3.9
*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork
and event MPMs on that platform. PR 47645. [Jeff Trawick]
|
|
databases/ruby-activerecord: security update
devel/ruby-activesupport: security update
mail/ruby-actionmailer: security update
www/rails: security update
www/ruby-actionpack: security update
www/ruby-activeresource security update
Revisions pulled up:
- databases/ruby-activerecord/Makefile 1.17
- databases/ruby-activerecord/distinfo 1.17
- devel/ruby-activesupport/Makefile 1.20
- devel/ruby-activesupport/PLIST 1.16
- devel/ruby-activesupport/distinfo 1.17
- mail/ruby-actionmailer/Makefile 1.16
- mail/ruby-actionmailer/distinfo 1.17
- www/rails/Makefile 1.17
- www/rails/distinfo 1.13
- www/ruby-actionpack/Makefile 1.18
- www/ruby-actionpack/PLIST 1.18
- www/ruby-actionpack/distinfo 1.19
- www/ruby-activeresource/Makefile 1.7
- www/ruby-activeresource/distinfo 1.7
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Dec 1 23:24:24 UTC 2009
Modified Files:
pkgsrc/databases/ruby-activerecord: Makefile distinfo
pkgsrc/devel/ruby-activesupport: Makefile PLIST distinfo
pkgsrc/mail/ruby-actionmailer: Makefile distinfo
pkgsrc/www/rails: Makefile distinfo
pkgsrc/www/ruby-actionpack: Makefile PLIST distinfo
pkgsrc/www/ruby-activeresource: Makefile distinfo
Log Message:
Update rails packages to 2.3.5. This fixes a cross-site scripting
vulnerability in ruby-actionpack.
Major changes:
- Improved compatibility with Ruby 1.9
- RailsXss plugin availability
- Fixes for the Nokogiri backend for XmlMini
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/net/bind95/Makefile 1.13
- pkgsrc/net/bind95/PLIST 1.4
- pkgsrc/net/bind95/distinfo 1.11
- pkgsrc/net/bind95/patches/patch-ac 1.3
- pkgsrc/net/bind95/patches/patch-ad 1.3
- pkgsrc/net/bind95/patches/patch-ai 1.3
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Wed Nov 25 23:25:44 UTC 2009
Modified Files:
pkgsrc/net/bind95: Makefile distinfo
pkgsrc/net/bind95/patches: patch-ad patch-ai
Log Message:
Not MAKE_JOBS_SAFE. Prepare for libtool-2.2.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/distinfo
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind95/patches/patch-ad \
pkgsrc/net/bind95/patches/patch-ai
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Mon Nov 30 11:58:30 UTC 2009
Modified Files:
pkgsrc/net/bind95: Makefile PLIST distinfo
pkgsrc/net/bind95/patches: patch-ac patch-ad patch-ai
Log Message:
Update "bind95" package to version 9.5.2pl1. Changes since 9.5.1pl3:
- Security fix for CVE-2009-4022 (incorrect DNSSEC validation)
- Bug fixes
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind95/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind95/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind95/patches/patch-ac \
pkgsrc/net/bind95/patches/patch-ad pkgsrc/net/bind95/patches/patch-ai
|
|
|
|
php5: security patch
Revisions pulled up:
- lang/php5/Makefile 1.73-1.74
- lang/php5/distinfo 1.69-1.70
- lang/php5/patches/patch-ag 1.3
- lang/php5/patches/patch-ah 1.2
- lang/php5/patches/patch-ay 1.2
- lang/php5/patches/patch-az 1.1-1.2
- lang/php5/patches/patch-ba 1.1
- lang/php5/patches/patch-bb 1.1
- lang/php5/patches/patch-bc 1.1
- lang/php5/patches/patch-bd 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:49:06 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-az
Log Message:
Add patch to check byte sequence more strictly in htmlspecialchars().
http://bugs.php.net/bug.php?id=49785
These are patch refrects r289411, r289554, r289565, r289567 and r289605
in PHP svn repositry.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 30 06:14:08 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
pkgsrc/lang/php5/patches: patch-ag patch-ah patch-ay patch-az
Added Files:
pkgsrc/lang/php5/patches: patch-ba patch-bb patch-bc patch-bd
Log Message:
Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry.
1. CVE-2009-3292 is already fixed in 5.2.11.
2. CVE-2009-3558
http://svn.php.net/viewvc?view=revision&revision=288934
3. CVE-2009-3557
http://svn.php.net/viewvc?view=revision&revision=288945
http://svn.php.net/viewvc?view=revision&revision=288971
4. CVE-2009-4017
http://svn.php.net/viewvc?view=revision&revision=289990
http://svn.php.net/viewvc?view=revision&revision=290820
http://svn.php.net/viewvc?view=revision&revision=290885
Other pkgsrc changes:
* Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended.
* Add comments to some of patch files.
Bump PKGREVISION.
|
|
|
|
gtk2: portability fix
Revisions pulled up:
- x11/gtk2/Makefile 1.191 (via patch)
- x11/gtk2/distinfo 1.118 (via patch)
- x11/gtk2/patches/patch-af 1.16
---
Module Name: pkgsrc
Committed By: tnn
Date: Fri Nov 27 16:54:30 UTC 2009
Modified Files:
pkgsrc/x11/gtk2: Makefile distinfo
Added Files:
pkgsrc/x11/gtk2/patches: patch-af
Log Message:
Use ${COMPILER_RPATH_FLAG} instead of -R for X_LIBS in pkg-config files.
This fixes firefox run-time breakage with native X11 on netbsd-4 caused by
pkgsrc wrappers not dealing with -R.
Bump PKGREVISION.
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile 1.22
- pkgsrc/databases/mysql5-client/Makefile.common 1.36
- pkgsrc/databases/mysql5-client/PLIST 1.12
- pkgsrc/databases/mysql5-client/distinfo 1.27
- pkgsrc/databases/mysql5-server/Makefile 1.29
- pkgsrc/databases/mysql5-server/PLIST 1.15
- pkgsrc/databases/mysql5-server/distinfo 1.23
- pkgsrc/databases/mysql5-server/patches/patch-ab 1.6
- pkgsrc/databases/mysql5-server/patches/patch-al 1.4
- pkgsrc/databases/mysql5-server/patches/patch-an 1.6
Deleted files:
- pkgsrc/databases/mysql5-client/patches/patch-bh
- pkgsrc/databases/mysql5-client/patches/patch-bi
- pkgsrc/databases/mysql5-client/patches/patch-bj
- pkgsrc/databases/mysql5-server/patches/patch-ac
- pkgsrc/databases/mysql5-server/patches/patch-ad
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Nov 26 16:33:30 UTC 2009
Modified Files:
pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo
pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
pkgsrc/databases/mysql5-server/patches: patch-ab patch-al patch-an
Removed Files:
pkgsrc/databases/mysql5-client/patches: patch-bh patch-bi patch-bj
pkgsrc/databases/mysql5-server/patches: patch-ac patch-ad
Log Message:
Update "mysql5-client" and "mysql5-server" package to version 5.0.88.
This release fixes a large number of bugs and security vulnerabilities
including SA37372.
For detailed list of all the changes since 5.0.67 have a look here, please:
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/databases/mysql5-client/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/databases/mysql5-client/Makefile.common
cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/mysql5-client/PLIST
cvs rdiff -u -r1.26 -r1.27 pkgsrc/databases/mysql5-client/distinfo
cvs rdiff -u -r1.3 -r0 pkgsrc/databases/mysql5-client/patches/patch-bh
cvs rdiff -u -r1.1 -r0 pkgsrc/databases/mysql5-client/patches/patch-bi \
pkgsrc/databases/mysql5-client/patches/patch-bj
cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-server/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/mysql5-server/PLIST
cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/mysql5-server/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/mysql5-server/patches/patch-ab \
pkgsrc/databases/mysql5-server/patches/patch-an
cvs rdiff -u -r1.8 -r0 pkgsrc/databases/mysql5-server/patches/patch-ac
cvs rdiff -u -r1.4 -r0 pkgsrc/databases/mysql5-server/patches/patch-ad
cvs rdiff -u -r1.3 -r1.4 pkgsrc/databases/mysql5-server/patches/patch-al
|
|
|
|
scribus: build fix
Revisions pulled up:
- print/scribus/Makefile 1.64
- print/scribus/distinfo 1.22
- print/scribus/patches/patch-ai 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Sat Oct 24 13:41:05 UTC 2009
Modified Files:
pkgsrc/print/scribus: Makefile
Log Message:
Add INSTALLATION_DIRS of share/pixmap, that way we ensure that it doesn't
end up as a file instead of as a directory. Fixes old-style bulk builds
for subsequent packages which want to install in that directory.
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 28 00:53:56 UTC 2009
Modified Files:
pkgsrc/print/scribus: distinfo
pkgsrc/print/scribus/patches: patch-ai
Log Message:
We want to stinking lib64, thanks. Fixes packages on amd64 and other
64bit platforms.
|
|
|
|
bind96: security update
Revisions pulled up:
- net/bind96/Makefile 1.11
- net/bind96/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Nov 25 09:50:07 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update BIND 9.6.1-P2.
--- 9.6.1-P2 released ---
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
|
|
|
|
gnats: build fix
Revisions pulled up:
- databases/gnats/distinfo 1.10-1.11
- databases/gnats/patches/patch-ah 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Mon Nov 16 11:47:37 UTC 2009
Modified Files:
pkgsrc/databases/gnats: distinfo
Log Message:
Re-add missing distinfo entries, lost in the previous commit.
PR 42330.
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Nov 17 04:37:02 UTC 2009
Modified Files:
pkgsrc/databases/gnats: distinfo
pkgsrc/databases/gnats/patches: patch-ah
Log Message:
patch-ah was broken (wrong paths).
|
|
|
|
wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.6
- www/wordpress/PLIST 1.4
- www/wordpress/distinfo 1.5
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Nov 12 22:05:55 UTC 2009
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to 2.8.6
- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with
define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes
- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in
certain Apache configurations
|
|
selectwm: portability fix
Revisions pulled up:
- wm/selectwm/distinfo 1.4
- wm/selectwm/patches/patch-ad 1.1
---
Committed By: obache
Date: Thu Nov 12 04:34:45 UTC 2009
Modified Files:
pkgsrc/wm/selectwm: distinfo
Added Files:
pkgsrc/wm/selectwm/patches: patch-ad
Log Message:
Add a patch-ad to avoid conflict with getline(3) in IEEE Std 1003.1-2008.
PR 42292.
|
|
|
|
MASTER_SITES list update
Revisions pulled up:
- pkgsrc/www/apache22/Makefile patch 1.53 to 1.54
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Nov 11 22:28:51 UTC 2009
Modified Files:
pkgsrc/www/apache22: Makefile
Log Message:
Provide working URLs for fetching old Apache releases.
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/Makefile
|
|
|
|
acroread8: security update
Revisions pulled up:
- print/acroread8/Makefile 1.9-1.10
- print/acroread8/PLIST 1.3
- print/acroread8/PLIST.Linux 1.1
- print/acroread8/PLIST.SunOS 1.1
- print/acroread8/distinfo 1.7
- print/acroread8/files/acroread.diff 1.2
---
Module Name: pkgsrc
Committed By: tez
Date: Wed Nov 4 23:37:53 UTC 2009
Modified Files:
pkgsrc/print/acroread8: Makefile PLIST distinfo
pkgsrc/print/acroread8/files: acroread.diff
Added Files:
pkgsrc/print/acroread8: PLIST.Linux PLIST.SunOS
Log Message:
update to 8.1.7 for apsb09-15
add support for solaris-sparc - pr#40154
---
Module Name: pkgsrc
Committed By: tez
Date: Mon Nov 9 19:14:53 UTC 2009
Modified Files:
pkgsrc/print/acroread8: Makefile
Log Message:
Fix PLIST handling for linux emulation installs (pr#42278)
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/www/p5-HTML-Parser/Makefile 1.47
- pkgsrc/www/p5-HTML-Parser/distinfo 1.22
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sno
Date: Sat Oct 24 16:07:16 UTC 2009
Modified Files:
pkgsrc/www/p5-HTML-Parser: Makefile distinfo
Log Message:
Updating www/p5-HTML-Parser from 3.62 to 3.63
Upstream changes:
2009-10-22 Release 3.63
Gisle Aas (2):
Take more care to prepare the char range for encode_entities [RT#50170]
decode_entities confused by trailing incomplete entity
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/p5-HTML-Parser/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/p5-HTML-Parser/distinfo
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.38
- pkgsrc/net/wireshark/distinfo 1.25
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Oct 28 11:53:40 UTC 2009
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.2.3. Changes since version 1.2.2:
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The Paltalk dissector could crash on alignment-sensitive
processors. (Bug 3689)
Versions affected: 1.2.0 to 1.2.2
o The DCERPC/NT dissector could crash.
Versions affected: 0.10.10 to 1.2.2
o The SMB dissector could crash.
Versions affected: 1.2.0 to 1.2.2
- The following bugs have been fixed:
o Wireshark memory leak with each file open and/or display
filter change. (Bug 2375)
o DHCP Dissector displays negative lease time. (Bug 2733)
o Invalid advertised window line on tcptrace style graph. (Bug
3417)
o SMB get_dfs_referral referral entry is not dissected
correctly. (Bug 3542)
o Error dissecting eMule sourceOBFU message. (Bug 3848)
o Typos in Diameter XML files. (Bug 3878)
o RSL dissector for MS Power IE is broken. (Bug 4017)
o Manifest problem in 1.2.2 Win64 build. (Bug 4024)
o FIP dissector throws assertion. (Bug 4046)
o TCAP problem with indefinite length 'components' SEQ OF. (Bug
4053)
o GSM MAP: an-APDU not decoded. (Bug 4095)
o Add "Drag and Drop entries..." message on Columns preferences
page. (Bug 4099)
o Editcap -t and -w option parses fractional digits incorrectly.
(Bug 4162)
- Updated Protocol Support
DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP,
Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/wireshark/distinfo
|
|
|
|
clamav: bug fix update
Revisions pulled up:
- mail/clamav/Makefile 1.97
- mail/clamav/distinfo 1.61
- mail/clamav/patches/patch-ad 1.19
- mail/clamav/patches/patch-af 1.10
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Oct 29 07:06:09 UTC 2009
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
pkgsrc/mail/clamav/patches: patch-ad patch-af
Log Message:
Updated mail/clamav to 0.95.3
* bug fixes
|
|
|
|
mk/pkginstall/usergroup: portability fix
Revisions pulled up:
- mk/pkginstall/usergroup 1.3
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 29 20:19:28 UTC 2009
Modified Files:
pkgsrc/mk/pkginstall: usergroup
Log Message:
Make sure that MV is properly defined. From PR 42247.
|
|
|
|
|
|
xulrunner: security update
firefox: security update
Revisions pulled up:
- devel/xulrunner/Makefile 1.24-1.25
- devel/xulrunner/PLIST 1.17-1.18
- devel/xulrunner/distinfo 1.13-1.14
- devel/xulrunner/mozilla-common.mk 1.2
- devel/xulrunner/patches/patch-aa 1.2
- devel/xulrunner/patches/patch-aq 1.3
- devel/xulrunner/patches/patch-ay 1.1
- devel/xulrunner/patches/patch-mf 1.2
- devel/xulrunner/patches/patch-mn 1.2
- devel/xulrunner/patches/patch-nb delete
- devel/xulrunner/patches/patch-nc delete
- devel/xulrunner/patches/patch-pd 1.2
- devel/xulrunner/patches/patch-ra 1.1
- devel/xulrunner/patches/patch-rb 1.1
- devel/xulrunner/patches/patch-rc 1.1
- www/firefox/Makefile 1.60-1.61
- www/firefox/PLIST 1.39
- www/firefox/distinfo delete
- www/firefox/patches/patch-aa delete
- www/firefox/patches/patch-ao delete
- www/firefox/patches/patch-ma delete
- www/firefox/patches/patch-mi delete
- www/firefox/patches/patch-mk delete
- www/firefox/patches/patch-mm delete
- www/firefox/patches/patch-ra delete
- www/firefox/patches/patch-rb delete
- www/firefox/patches/patch-rc delete
---
Module Name: pkgsrc
Committed By: tnn
Date: Sun Oct 11 10:49:57 UTC 2009
Modified Files:
pkgsrc/devel/xulrunner: Makefile PLIST distinfo
pkgsrc/devel/xulrunner/patches: patch-aa
pkgsrc/www/firefox: Makefile
Added Files:
pkgsrc/devel/xulrunner/patches: patch-ay patch-ra patch-rb
patch-rc Removed Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-aa patch-ao patch-ma patch-mi
patch-mk patch-mm patch-ra patch-rb patch-rc
Log Message:
- allow firefox and xulrunner to share some infrastructure
- install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin)
- bump revision for both packages
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Oct 28 11:36:36 UTC 2009
Modified Files:
pkgsrc/devel/xulrunner: Makefile PLIST distinfo
mozilla-common.mk pkgsrc/devel/xulrunner/patches: patch-aq patch-mf
patch-mn patch-pd pkgsrc/www/firefox: Makefile PLIST
Removed Files:
pkgsrc/devel/xulrunner/patches: patch-nb patch-nc
Log Message:
Security and bugfix update of firefox (to 3.5.4) and xulrunner (to
1.9.1.4) Also fix broken DESTDIR support.
Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/
1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS
() MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
|
|
pkg_install: bug fix
Revisions pulled up:
- pkgtools/pkg_install/files/lib/pkgdb.c 1.36
- pkgtools/pkg_install/files/lib/version.h 1.142
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 22 22:51:29 UTC 2009
Modified Files:
pkgsrc/pkgtools/pkg_install/files/lib: pkgdb.c version.h
Log Message:
pkg_install-20091009:
Do not overwrite a string with itself using snprintf. This breaks
setting the pkgdb directory internally on Linux. Explicitly check
if the string is the same and otherwise just use xstrdup.
|
|
|
|
typo3: security update
Revisions pulled up:
- www/typo3/Makefile 1.16
- www/typo3/PLIST 1.8
- www/typo3/distinfo 1.10
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:53:09 UTC 2009
Modified Files:
pkgsrc/www/typo3: Makefile PLIST distinfo
Log Message:
Update www/typo3 package to 4.2.10. It fixes multiple security issues
found in TYPO3 core.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
2009-10-22 Oliver Hader <oliver@typo3.org>
* Release of TYPO3 4.2.10
2009-10-22 Ernesto Baschny <ernst@cron-it.de>
* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)
2009-10-21 Rupert Germann <rupi@gmx.li>
* Fixed bug #12280: Error Message while creating empty Folders (thanks to Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for keyboard input in CLI scripts
2009-10-21 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)
2009-10-15 Rupert Germann <rupi@gmx.li>
* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in functions which depend on an existing resultset (thanks to Felix Oertel)
2009-10-11 Rupert Germann <rupi@gmx.li>
* Fixed bug #10971: Fatal error in impexp module: Call to a member function includeLLFile() on a non-object (thanks to Andre Steiling)
2009-10-10 Rupert Germann <rupi@gmx.li>
* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with activated output compression (thanks to Steffen Gebert)
2009-09-29 Oliver Hader <oliver@typo3.org>
* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)
|
|
|
|
gd: security patch
Revisions pulled up:
- graphics/gd/Makefile 1.81
- graphics/gd/distinfo 1.30-1.31
- graphics/gd/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:39:55 UTC 2009
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-ad
Log Message:
Fix gd library security problem refering PHP's SVN repositry.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
Bump PKGREVISION.
(This fix is for php5 only and I don't know about php4.)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 15:20:53 UTC 2009
Modified Files:
pkgsrc/graphics/gd: distinfo
Log Message:
Oops, update distinfo.
|
|
php-gd: security patch
Revisions pulled up:
- graphics/php-gd/Makefile 1.20
- lang/php5/distinfo 1.68
- lang/php5/patches/patch-ay 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:37:47 UTC 2009
Modified Files:
pkgsrc/graphics/php-gd: Makefile
pkgsrc/lang/php5: distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-ay
Log Message:
Add a patch from PHP's SVN repositry to fix gd library security problem.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546>
|
|
|
|
parrot: build fix
Revisions pulled up:
- lang/parrot/Makefile 1.23
- lang/parrot/PLIST.Darwin 1.1
- lang/parrot/PLIST.shared 1.1
- lang/parrot/distinfo 1.17-1.18
- lang/parrot/patches/patch-af 1.3
- lang/parrot/patches/patch-ag 1.3
- lang/parrot/patches/patch-ai 1.1
- lang/parrot/patches/patch-aj 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Wed Oct 21 14:23:14 UTC 2009
Modified Files:
pkgsrc/lang/parrot: Makefile distinfo
Added Files:
pkgsrc/lang/parrot/patches: patch-af patch-ag patch-ai patch-aj
Log Message:
Update parrot from version 1.6.0 to 1.6.0nb1.
Pkgsrc changes:
o Enable shared libraries for NetBSD, and deal with the resulting
fallout: tests which are written in C need to point their run-path
to the build version of the shared libraries.
o The default is shared libs with .so, except for on Darwin, where
shared libs are named differently. The Darwin part is untested.
---
Module Name: pkgsrc
Committed By: he
Date: Thu Oct 22 11:31:44 UTC 2009
Modified Files:
pkgsrc/lang/parrot: distinfo
Log Message:
I'm terribly sorry, patch-ai had the incorrect checksum.
This update fixes it.
---
Module Name: pkgsrc
Committed By: he
Date: Thu Oct 22 12:59:58 UTC 2009
Added Files:
pkgsrc/lang/parrot: PLIST.Darwin PLIST.shared
Log Message:
Sorry once again, these two files should have been committed
as part of the 1.6.0nb1 update.
|
|
|
