Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security patch
Revisions pulled up:
- pkgsrc/www/w3m/Makefile 1.58
- pkgsrc/www/w3m/distinfo 1.21
- pkgsrc/www/w3m-img/Makefile 1.20
Files added:
pkgsrc/www/w3m/patches/patch-ac
pkgsrc/www/w3m/patches/patch-ad
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Jul 1 18:50:15 UTC 2010
Modified Files:
pkgsrc/www/w3m: Makefile distinfo
pkgsrc/www/w3m-img: Makefile
Added Files:
pkgsrc/www/w3m/patches: patch-ac patch-ad
Log Message:
Add patch by Ludwig Nussel to fix the certificate spoofing vulnerability
reported in CVE-2010-2074.
To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 pkgsrc/www/w3m/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/w3m/distinfo
cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/w3m-img/Makefile
cvs rdiff -u -r0 -r1.14 pkgsrc/www/w3m/patches/patch-ac
cvs rdiff -u -r0 -r1.8 pkgsrc/www/w3m/patches/patch-ad
|
|
|
|
security patch
Revisions pulled up:
- pkgsrc/lang/python26/Makefile via patch
- pkgsrc/lang/python26/distinfo via patch
- pkgsrc/lang/python26/patches/patch-af via patch
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Jun 29 08:15:42 UTC 2010
Modified Files:
pkgsrc/lang/python26: Makefile distinfo
Added Files:
pkgsrc/lang/python26/patches: patch-af
Log Message:
Add fix for CVE-2010-2089 taken from Red Hat's Bugzilla database.
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/lang/python26/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/lang/python26/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/python26/patches/patch-af
|
|
|
|
lang/perl5: security patch
Revisions pulled up:
- lang/perl5/Makefile 1.159
- lang/perl5/distinfo 1.65
- lang/perl5/patches/patch-fa 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Jun 27 13:38:39 UTC 2010
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-fa
Log Message:
fix CVE-2010-1168 and CVE-2010-1447 by updating Safe.pm to the current,
not-affected version
|
|
|
|
net/samba: security patch
Revisions pulled up:
- net/samba/Makefile 1.201
- net/samba/Makefile.mirrors 1.7
- net/samba/distinfo 1.74
- net/samba/patches/patch-ee 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 19 14:08:56 UTC 2010
Modified Files:
pkgsrc/net/samba: Makefile Makefile.mirrors distinfo
Added Files:
pkgsrc/net/samba/patches: patch-ee
Log Message:
Add a patch to fix CVE-2010-2063.
Bump PKGREVISION.
|
|
|
|
graphics/tiff: security update
Revisions pulled up:
- graphics/tiff/Makefile 1.96
- graphics/tiff/distinfo 1.48
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Jun 16 13:56:41 UTC 2010
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Log Message:
update to 3.9.4
changes:
-Complete the fixes for CVE-2009-2347.
-Tiffcrop now supports custom page sizes.
+minor bugfixes
|
|
|
|
net/samba33: security update
Revisions pulled up:
- net/samba33/Makefile 1.10
- net/samba33/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 16 14:34:35 UTC 2010
Modified Files:
pkgsrc/net/samba33: Makefile distinfo
Log Message:
Update samba33 package to 3.3.13.
Changes since 3.3.12
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 7494: Fix for CVE-2010-2063.
|
|
misc/openoffice3-bin: security update
Revisions pulled up:
- misc/openoffice3-bin/Makefile 1.7
- misc/openoffice3-bin/distinfo 1.4
---
Module Name: pkgsrc
Committed By: bad
Date: Tue Jun 15 16:48:19 UTC 2010
Modified Files:
pkgsrc/misc/openoffice3-bin: Makefile distinfo
Log Message:
Update openoffice3-bin to 3.2.1.
Bugfixes only. Including fixes for
CVE-2010-0395: A security vulnerability in OpenOffice.org, related to python
scripting, may lead to unexpected code execution.
CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL
Renegotiation Issue in 3rd Party Libraries.
The release notes at http://development.openoffice.org/releases/3.2.1.html
are not extremely difficult to summarize sensibly.
|
|
|
|
graphics/tiff: security update
Revisions pulled up:
- graphics/tiff/Makefile 1.95
- graphics/tiff/distinfo 1.47
---
Module Name: pkgsrc
Committed By: dholland
Date: Tue Jun 15 05:57:45 UTC 2010
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Log Message:
Update to 3.9.3, fixing CVE-2010-1411. Other changes are minor bug fixes;
gory details at http://www.remotesensing.org/libtiff/v3.9.3.html.
|
|
|
|
security fix
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.59
- pkgsrc/www/apache22/distinfo 1.33
- pkgsrc/www/apache22/patches/patch-af 1.3
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jun 12 10:40:27 UTC 2010
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-af
Log Message:
Add patch provided by the Apache foundation to close the privacy leak
reported in CVE-2010-2068.
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/www/apache22/patches/patch-af
|
|
security update
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.46
- pkgsrc/net/wireshark/distinfo 1.32
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Jun 10 18:24:40 UTC 2010
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.2.9. Changes since version 1.2.8:
- Bug Fixes
- The following vulnerabilities have been fixed.
- The SMB dissector could dereference a NULL pointer. (Bug 4734)
- J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack.
- The SMB PIPE dissector could dereference a NULL pointer on some
platforms.
- The SigComp Universal Decompressor Virtual Machine could go into an
infinite loop. (Bug 4826)
- The SigComp Universal Decompressor Virtual Machine could overrun
a buffer. (Bug 4837)
- The following bugs have been fixed:
- Cannot open file with File -> Open. (Bug 1791)
- Application crash when changing real-time option. (Bug 4035)
- Crash in filter autocompletion. (Bug 4306)
- The XML dissector doesn't allow dots (".") in tags. (Bug 4405)
- Live capture stops when using zlib 1.2.5. (Bug 4708)
- Want to be able to apply decode as to Data Portion of Lan Trace.
(Bug 4721)
- SABP short pdu (packet_per.c). (Bug 4743)
- Kerberos pre-auth type constants - MS extensions are wrong. (Bug 4752)
- Check HTTP Content-Length parsing for overflow. (Bug 4758)
- Wrong variable used for proto_tree_add_text() in ptp dissector.
(Bug 4773)
- Crash when close window frame of gtk file chooser. (Bug 4778)
- Wrong decoding for BGP ORF. (Bug 4782)
- Crash when Ctrl-Backspacing the display filter. (Bug 4797)
- Acker AFI field incorrect size in PGM dissector. (Bug 4798)
- Fedora 13: wireshark fails to build (linking problem). (Bug 4815)
- The NFS FH hash (nfs.fh.hash) incorrectly matches multiple filehandles.
(Bug 4839)
- AES-CTR decoding not working, (dissectors/packet_ipsec.c using gcrypt).
(Bug 4838)
- Updated Protocol Support
ASN.1 BER, BGP, HTTP, IGMP, IPsec, Kerberos, NFS, PGM, PTP, SABP, SigComp,
SMB, TCAP, XML,
- Updated Capture File Support
ERF, PacketLogger.
To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.31 -r1.32 pkgsrc/net/wireshark/distinfo
|
|
|
|
www/typolight28-translations: build fix
Revisions pulled up:
- www/typolight28-translations/Makefile 1.19-1.28
- www/typolight28-translations/PLIST.es 1.2
- www/typolight28-translations/PLIST.fa 1.2
- www/typolight28-translations/PLIST.hu 1.2
- www/typolight28-translations/PLIST.lt 1.3
- www/typolight28-translations/PLIST.sr 1.2
- www/typolight28-translations/PLIST.tr 1.2
- www/typolight28-translations/PLIST.uk 1.2
- www/typolight28-translations/distinfo 1.19-1.28
- www/typolight28-translations/options.mk 1.19-1.28
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 13 15:58:56 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations package to 20100413.
Update Czech and Japanese translation files are updated to support
TYPOlight 2.8.2.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Apr 16 15:37:50 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile PLIST.lt distinfo
options.mk
Log Message:
Update typolight28-translations pacakge to 20100415.
Update Czech, French, Italian, Lithuanian and Swedish language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Apr 20 23:20:38 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations package to 20100420.
Update Latvian and Russian language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 4 15:18:50 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations package to 20100504.
Update Japanese and Russian langage files.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 16 09:41:57 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile PLIST.fa PLIST.hu
PLIST.sr PLIST.tr PLIST.uk distinfo options.mk
Log Message:
Update typolight28-translations package to 20100514.
Update Croatian, Hungarian, Persian, Russian, Serbian, Turkish
and Ukrainian language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 17 15:41:16 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations pacakge to 20100516.
Update Danish language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 26 16:18:42 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations package to 20100523.
Update Czech language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 2 13:37:34 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations package to 20100527.
Update Dutch language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 5 15:19:37 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile distinfo options.mk
Log Message:
Update typolight28-translations package to 20100603.
Update Czech language files.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jun 7 11:30:07 UTC 2010
Modified Files:
pkgsrc/www/typolight28-translations: Makefile PLIST.es distinfo
options.mk
Log Message:
Update typolight28-translations package to 20100606.
* Update Spanish, Swedish and Turkish language files.
* Update HOMEPAGE and MASTER_SITES since www.TYPOlight.org migrated to
www.contao.org.
|
|
|
|
print/dvipsk: security patch
Revisions pulled up:
- print/dvipsk/Makefile 1.6
- print/dvipsk/distinfo 1.5
- print/dvipsk/patches/patch-ab 1.4
---
Module Name: pkgsrc
Committed By: minskim
Date: Tue Jun 8 15:17:05 UTC 2010
Modified Files:
pkgsrc/print/dvipsk: Makefile distinfo
pkgsrc/print/dvipsk/patches: patch-ab
Log Message:
Fix CVE-2010-1440. Patch from TeX Live repository.
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
Live 2009 and earlier, and teTeX, allow remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via a special command in a DVI file, related to the (1)
predospecial and (2) bbdospecial functions, a different
vulnerability than CVE-2010-0739.
|
|
|
|
www/typolight27-translations: build fix
Revisions pulled up:
- www/typolight27-translations/Makefile 1.42
- www/typolight27-translations/options.mk 1.40
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jun 7 11:24:30 UTC 2010
Modified Files:
pkgsrc/www/typolight27-translations: Makefile options.mk
Log Message:
Update HOMEPAGE and MASTER_SITES since www.TYPOlight.org migrated to
www.contao.org.
|
|
net/bftpd: security update
Revisions pulled up:
- net/bftpd/Makefile 1.11-1.12
- net/bftpd/distinfo 1.5-1.6
- net/bftpd/patches/patch-aa 1.4
- net/bftpd/patches/patch-ab delete
- net/bftpd/patches/patch-ac 1.1
---
Module Name: pkgsrc
Committed By: obache
Date: Thu May 27 14:14:30 UTC 2010
Modified Files:
pkgsrc/net/bftpd: Makefile distinfo
pkgsrc/net/bftpd/patches: patch-aa
Added Files:
pkgsrc/net/bftpd/patches: patch-ac
Removed Files:
pkgsrc/net/bftpd/patches: patch-ab
Log Message:
Update bftpd to 2.8
Based on PR#43352 by Wen Heping.
pkgsrc changes:
* set LICENSE=gnu-gpl-v2
* simplify patch-aa.
* remove patch-ab, replace with SUBST instead, and also replace /etc in manpage.
* add patch-ac for fixes standalone mode. XXX: IPv4 only
* cosmetics fixes.
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jun 4 04:30:45 UTC 2010
Modified Files:
pkgsrc/net/bftpd: Makefile distinfo
Log Message:
Update bftpd to 2.9.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 2.9
- Bftpdwill attempt to create it's utmp directory
if that directory does not exist. Fixes issue on
Ubuntu where the direcotry is wiped out at each
reboot.
- The ROOTDIR option now works properly for
anonymous users.
Thanks to Paul for reporting this bug.
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile.common 1.39
- pkgsrc/databases/mysql5-client/buildlink3.mk 1.16
- pkgsrc/databases/mysql5-client/distinfo 1.29
- pkgsrc/databases/mysql5-server/distinfo 1.25
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 2 13:34:45 UTC 2010
Modified Files:
pkgsrc/databases/mysql5-client: Makefile.common buildlink3.mk distinfo
pkgsrc/databases/mysql5-server: distinfo
Log Message:
Update mysql5-{client,server} package to 5.0.91.
For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.
Here is security related changes.
* Security Fix: The server failed to check the table name argument of
a COM_FIELD_LIST command packet for validity and compliance to
acceptable table name standards. This could be exploited to bypass
almost all forms of checks for privileges and table-level grants by
providing a specially crafted table name argument to COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions of
any table in all other databases and potentially of other MySQL
instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated user
with DELETE or SELECT privileges on one table could delete or read
content from any other table in all databases on this server, and
potentially of other MySQL instances accessible from the server's
file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow attack
due to a failure to perform bounds checking on the table name
argument of a COM_FIELD_LIST command packet. By sending long data
for the table name, a buffer is overflown, which could be exploited
by an authenticated user to inject malicious code. (Bug#53237,
CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum size of
one packet. (Bug#50974, CVE-2010-1849)
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/databases/mysql5-client/Makefile.common
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mysql5-client/buildlink3.mk
cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-client/distinfo
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mysql5-server/distinfo
|
|
|
|
bugfix update
Revisions pulled up:
- pkgsrc/shells/mksh/Makefile 1.15
- pkgsrc/shells/mksh/distinfo 1.14
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: is
Date: Fri May 28 12:26:49 UTC 2010
Modified Files:
pkgsrc/shells/mksh: Makefile distinfo
Log Message:
Update to mksh-39c on suggestion from Thorsten Glaser.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/shells/mksh/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/shells/mksh/distinfo
|
|
|
|
functionality fix
Revisions pulled up:
- pkgsrc/mail/mimedefang/Makefile 1.45
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: pettai
Date: Thu Jun 3 09:37:51 UTC 2010
Modified Files:
pkgsrc/mail/mimedefang: Makefile
Log Message:
part of PR pkg/43380 that didn't make it the first commit
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 pkgsrc/mail/mimedefang/Makefile
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: pettai
Date: Fri Jun 4 21:00:07 UTC 2010
Modified Files:
pkgsrc/mail/mimedefang: Makefile
Log Message:
Bump PKGREVISION for the bulkbuild
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/mail/mimedefang/Makefile
|
|
security update
Revisions pulled up:
- pkgsrc/security/sudo/Makefile 1.121
- pkgsrc/security/sudo/distinfo 1.63
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jun 3 14:53:14 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
Update security/sudo package to 1.7.2p7.
For more detail: http://www.sudo.ws/sudo/alerts/secure_path.html
Summary:
Sudo "secure path" feature works by replacing the PATH environment
variable with a value specified in the sudoers file, or at
compile time if the --with-secure-path configure option is used.
The flaw is that sudo only replaces the first instance of PATH
in the environment. If the program being run through sudo uses
the last instance of PATH in the environment, an attacker may
be able to avoid the "secure path" restrictions.
Sudo versions affected:
Sudo 1.3.1 through 1.6.9p22 and Sudo 1.7.0 through 1.7.2p6.
To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/sudo/distinfo
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/chat/p5-POE-Component-IRC/Makefile 1.10
- pkgsrc/chat/p5-POE-Component-IRC/distinfo 1.5
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: kefren
Date: Thu Jun 3 09:12:50 UTC 2010
Modified Files:
pkgsrc/chat/p5-POE-Component-IRC: Makefile distinfo
Log Message:
Security update to 6.32
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/chat/p5-POE-Component-IRC/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/chat/p5-POE-Component-IRC/distinfo
|
|
|
|
security update
Revisions pulled up:
- pkgsrc/security/openssl/Makefile 1.149
- pkgsrc/security/openssl/distinfo 1.75
Files removed:
pkgsrc/security/openssl/patches/patch-bc
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 12 14:19:17 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-bc
Log Message:
Update openssl package from 0.9.8m to 0.9.8n.
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
protection is active. (CVE-2010-0740)
[Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
[Tomas Hoger <thoger@redhat.com>]
To generate a diff of this commit:
cvs rdiff -u -r1.146 -r1.147 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/security/openssl/patches/patch-bc
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sat May 8 06:33:41 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
Set correct architecture on Darwin
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 pkgsrc/security/openssl/Makefile
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 2 13:30:11 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Log Message:
Update security/openssl package to 0.9.8o.
OpenSSL CHANGES
_______________
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
*) VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
[Steven M. Schweda" <sms@antinode.info>]
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.74 -r1.75 pkgsrc/security/openssl/distinfo
|
|
build fix
Revisions pulled up:
- pkgsrc/security/py-smbpasswd/Makefile 1.6
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Tue Jun 1 21:30:25 UTC 2010
Modified Files:
pkgsrc/security/py-smbpasswd: Makefile
Log Message:
Works fine with python2.6 too.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/py-smbpasswd/Makefile
|
|
functionality fix
Revisions pulled up:
- pkgsrc/mail/mimedefang/Makefile 1.43
- pkgsrc/mail/mimedefang/distinfo 1.20
Files added:
pkgsrc/mail/mimedefang/patches/patch-ad
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: pettai
Date: Mon May 31 10:08:22 UTC 2010
Modified Files:
pkgsrc/mail/mimedefang: Makefile distinfo
Added Files:
pkgsrc/mail/mimedefang/patches: patch-ad
Log Message:
Fix for PR pkg/43380
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/mail/mimedefang/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/mail/mimedefang/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/mimedefang/patches/patch-ad
|
|
build fix
Revisions pulled up:
- pkgsrc/databases/postgresql82-client/Makefile 1.16
- pkgsrc/databases/postgresql82-client/PLIST 1.21
- pkgsrc/databases/postgresql83-client/Makefile 1.16
- pkgsrc/databases/postgresql83-client/PLIST 1.13
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Sun May 30 11:51:19 UTC 2010
Modified Files:
pkgsrc/databases/postgresql82-client: Makefile PLIST
pkgsrc/databases/postgresql83-client: Makefile PLIST
Log Message:
Fix PLIST. Bump revision.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/postgresql82-client/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/postgresql82-client/PLIST
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/postgresql83-client/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/postgresql83-client/PLIST
-------------------------------------------------------------------------
the PLIST update from:
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 23 15:41:50 UTC 2010
Modified Files:
pkgsrc/databases/postgresql82-client: Makefile PLIST
Log Message:
PLIST fix
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/postgresql82-client/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/postgresql82-client/PLIST
|
|
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.12
- www/mediawiki/distinfo 1.8
---
Module Name: pkgsrc
Committed By: martti
Date: Fri May 28 08:11:32 UTC 2010
Modified Files:
pkgsrc/www/mediawiki: Makefile distinfo
Log Message:
Updated www/mediawiki to 1.15.4
This is a security and bugfix release of MediaWiki 1.15.4.
Two security vulnerabilities were discovered.
Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It
affects Internet Explorer clients only. The issue is presumed to
affect all recent versions of IE, it has been confirmed on IE 6 and 8.
Noncompliant CSS parsing behaviour in Internet Explorer allows
attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. Full details can be found at:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23687
A CSRF vulnerability was discovered in our login interface. Although
regular logins are protected as of 1.15.3, it was discovered that the
account creation and password reset features were not protected from
CSRF. This could lead to unauthorised access to private wikis. See
https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details.
These vulnerabilities are serious and all users are advised to
upgrade. Remember that CSRF and XSS vulnerabilities can be used even
against firewall-protected intranet installations, as long as the
attacker can guess the URL.
|
|
|
|
databases/mysql51-client: security update
databases/mysql51-server: security update
Revisions pulled up:
- databases/mysql51-client/Makefile.common 1.6-1.8
- databases/mysql51-client/distinfo 1.3-1.4
- databases/mysql51-server/Makefile 1.5
- databases/mysql51-server/PLIST 1.4-1.5
- databases/mysql51-server/distinfo 1.4-1.6
- databases/mysql51-server/patches/patch-av delete
- databases/mysql51-server/patches/patch-ay 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 24 15:59:24 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile.common distinfo
pkgsrc/databases/mysql51-server: Makefile PLIST distinfo
Removed Files:
pkgsrc/databases/mysql51-server/patches: patch-av
Log Message:
Update mysql51-client/mysql51-server package to 5.1.46.
This is maintainous release and please refer for full changes:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Apr 30 06:03:36 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile.common
Log Message:
Interix GNU cc doesn't support `-fPIC'.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 26 01:52:22 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile.common distinfo
pkgsrc/databases/mysql51-server: PLIST distinfo
Added Files:
pkgsrc/databases/mysql51-server/patches: patch-ay
Log Message:
Update mysql51-{client,server} package to 5.1.47.
For full changes, see http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html.
Here is important changes:
InnoDB Plugin Notes:
* InnoDB Plugin has been upgraded to version 1.0.8. This version
is considered of General Availability (GA) quality. InnoDB
Plugin Change History, may contain information in addition to
those changes reported here.
In this release, the InnoDB Plugin is included in source and
binary distributions, except RHEL3, RHEL4, SuSE 9 (x86, x86_64,
ia64), and generic Linux RPM packages. It also does not work for
FreeBSD 6 and HP-UX or for Linux on generic ia64.
Functionality added or changed:
* InnoDB stores redo log records in a hash table during
recovery. On 64-bit systems, this hash table was 1/8 of the
buffer pool size. To reduce memory usage, the dimension of the
hash table was reduced to 1/64 of the buffer pool size (or 1/128
on 32-bit systems). (Bug#53122)
Security fixed:
* Security Fix: The server failed to check the table name argument
of a COM_FIELD_LIST command packet for validity and compliance
to acceptable table name standards. This could be exploited to
bypass almost all forms of checks for privileges and table-level
grants by providing a specially crafted table name argument to
COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions
of any table in all other databases and potentially of other
MySQL instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated
user with DELETE or SELECT privileges on one table could delete or
read content from any other table in all databases on this server,
and potentially of other MySQL instances accessible from the
server's file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow
attack due to a failure to perform bounds checking on the table
name argument of a COM_FIELD_LIST command packet. By sending
long data for the table name, a buffer is overflown, which could
be exploited by an authenticated user to inject malicious
code. (Bug#53237, CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum
size of one packet. (Bug#50974, CVE-2010-1849)
|
|
|
|
databases/postgresql82: security update
databases/postgresql82-adminpack: security update
databases/postgresql82-client: security update
databases/postgresql82-plperl: security update
databases/postgresql82-plpython: security update
databases/postgresql82-pltcl: security update
databases/postgresql82-server: security update
databases/postgresql82-tsearch2: security update
Revisions pulled up:
- databases/postgresql82-client/Makefile 1.15
- databases/postgresql82-client/PLIST 1.20
- databases/postgresql82-client/buildlink3.mk 1.7
- databases/postgresql82-server/PLIST 1.13
- databases/postgresql82/Makefile.common 1.21
- databases/postgresql82/distinfo 1.20
- databases/postgresql82/patches/patch-ad 1.4
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 20 12:36:15 UTC 2010
Modified Files:
pkgsrc/databases/postgresql82: Makefile.common distinfo
pkgsrc/databases/postgresql82-client: Makefile PLIST buildlink3.mk
pkgsrc/databases/postgresql82-server: PLIST
Added Files:
pkgsrc/databases/postgresql82/patches: patch-ad
Log Message:
Changes 8.2.17:
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
|
|
databases/postgresql83: security update
databases/postgresql83-adminpack: security update
databases/postgresql83-client: security update
databases/postgresql83-plperl: security update
databases/postgresql83-plpython: security update
databases/postgresql83-pltcl: security update
databases/postgresql83-server: security update
Revisions pulled up:
- databases/postgresql83-client/Makefile 1.15
- databases/postgresql83-client/buildlink3.mk 1.4
- databases/postgresql83-server/PLIST 1.11
- databases/postgresql83/Makefile.common 1.12
- databases/postgresql83/distinfo 1.12
- databases/postgresql83/patches/patch-ad 1.4
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 20 12:36:28 UTC 2010
Modified Files:
pkgsrc/databases/postgresql83: Makefile.common distinfo
pkgsrc/databases/postgresql83-client: Makefile buildlink3.mk
pkgsrc/databases/postgresql83-server: PLIST
Added Files:
pkgsrc/databases/postgresql83/patches: patch-ad
Log Message:
Changes 8.3.11:
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Apply per-function GUC settings while running the language
validator for the function
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Ensure the archiver process responds to changes in archive_command
as soon as possible
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using "contrib/intarray" operators
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
|
|
databases/postgresql84-client: security update
databases/postgresql84-plperl: security update
databases/postgresql84-plpython: security update
databases/postgresql84-pltcl: security update
databases/postgresql84-server: security update
databases/postgresql84: security update
Revisions pulled up:
- databases/postgresql84-client/Makefile 1.8
- databases/postgresql84-client/PLIST 1.6
- databases/postgresql84-client/buildlink3.mk 1.3
- databases/postgresql84-plperl/PLIST 1.3
- databases/postgresql84-plpython/PLIST 1.3
- databases/postgresql84-pltcl/PLIST 1.3
- databases/postgresql84-server/PLIST 1.5
- databases/postgresql84/Makefile.common 1.6
- databases/postgresql84/distinfo 1.5
- databases/postgresql84/patches/patch-ad 1.3
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 20 12:36:39 UTC 2010
Modified Files:
pkgsrc/databases/postgresql84: Makefile.common distinfo
pkgsrc/databases/postgresql84-client: Makefile PLIST
buildlink3.mk
pkgsrc/databases/postgresql84-plperl: PLIST
pkgsrc/databases/postgresql84-plpython: PLIST
pkgsrc/databases/postgresql84-pltcl: PLIST
pkgsrc/databases/postgresql84-server: PLIST
Added Files:
pkgsrc/databases/postgresql84/patches: patch-ad
Log Message:
Changes 8.4.4:
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix data corruption during WAL replay of ALTER ... SET TABLESPACE
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Apply per-function GUC settings while running the language
validator for the function
* Do constraint exclusion for inherited "UPDATE" and "DELETE" target
tables when constraint_exclusion = partition
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Fix erroneous handling of %r parameter in recovery_end_command
* Ensure the archiver process responds to changes in archive_command
as soon as possible
* Fix pl/pgsql's CASE statement to not fail when the case expression
is a query that returns no rows
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Handle empty-string connect parameters properly in ecpg
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Avoid formatting failure in psql when running in a locale context
that doesn't match the client_encoding
* Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using "contrib/intarray" operators
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
|
|
security/mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.49
- security/mit-krb5/distinfo 1.25
- security/mit-krb5/patches/patch-bx 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Thu May 20 14:21:23 UTC 2010
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bx
Log Message:
fix CVE-2010-1321 (MITKRB5-SA-2010-005) and take maintainership
|
|
|
|
mail/clamav: bug fix update
Revisions pulled up:
- mail/clamav/Makefile 1.103
- mail/clamav/PLIST 1.25
- mail/clamav/distinfo 1.64
- mail/clamav/patches/patch-aa 1.21
- mail/clamav/patches/patch-ac 1.8
- mail/clamav/patches/patch-ad 1.21
- mail/clamav/patches/patch-af 1.12
- mail/clamav/patches/patch-ag 1.5
---
Module Name: pkgsrc
Committed By: martti
Date: Thu May 20 07:47:45 UTC 2010
Modified Files:
pkgsrc/mail/clamav: Makefile PLIST distinfo
pkgsrc/mail/clamav/patches: patch-aa patch-ac patch-ad patch-af
patch-ag
Log Message:
Updated mail/clamav to 0.96.1
* Lots of bug fixes
|