| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security fix
Revisions pulled up:
- pkgsrc/devel/libsmi/Makefile 1.17
- pkgsrc/devel/libsmi/distinfo 1.6
Files added:
pkgsrc/devel/libsmi/patches/patch-ae
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 23 11:30:50 UTC 2010
Modified Files:
pkgsrc/devel/libsmi: Makefile distinfo
Added Files:
pkgsrc/devel/libsmi/patches: patch-ae
Log Message:
Add fix for CVE-2010-2891 taken from Debian's GIT repository.
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/libsmi/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/libsmi/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libsmi/patches/patch-ae
|
|
security fixes
Revisions pulled up:
- pkgsrc/net/wget/Makefile 1.102
- pkgsrc/net/wget/distinfo 1.36
Files added:
pkgsrc/net/wget/patches/patch-aa
pkgsrc/net/wget/patches/patch-ab
pkgsrc/net/wget/patches/patch-ac
pkgsrc/net/wget/patches/patch-ad
pkgsrc/net/wget/patches/patch-ae
pkgsrc/net/wget/patches/patch-af
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Nov 23 08:22:47 UTC 2010
Modified Files:
pkgsrc/net/wget: Makefile distinfo
Added Files:
pkgsrc/net/wget/patches: patch-aa patch-ab patch-ac patch-ad patch-ae
patch-af
Log Message:
Add Debian's "wget" 1.12 backport of the fix for CVE-2010-2252.
To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 pkgsrc/net/wget/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/wget/distinfo
cvs rdiff -u -r0 -r1.11 pkgsrc/net/wget/patches/patch-aa \
pkgsrc/net/wget/patches/patch-ac
cvs rdiff -u -r0 -r1.9 pkgsrc/net/wget/patches/patch-ab
cvs rdiff -u -r0 -r1.10 pkgsrc/net/wget/patches/patch-ad
cvs rdiff -u -r0 -r1.8 pkgsrc/net/wget/patches/patch-ae
cvs rdiff -u -r0 -r1.6 pkgsrc/net/wget/patches/patch-af
|
|
security update
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.55
- pkgsrc/net/wireshark/distinfo 1.37
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Nov 21 22:54:55 UTC 2010
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.4.2. Changes since version 1.4.1:
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- Nephi Johnson of BreakingPoint discovered that the LDSS
dissector could overflow a buffer. (Bug 5318)
Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1.
- The ZigBee ZCL dissector could go into an infinite loop. (Bug 5303)
Versions affected: 1.4.0 to 1.4.1.
- The following bugs have been fixed:
- File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
- Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the
end of the line" if click on last PDU. (Bug 5285)
- GTK-ERROR can occur in packets when there are multiple
Netbios/SMB headers in a single frame. (Bug 5289)
- "Tshark -G values" crashes on Windows. (Bug 5296)
- PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
- PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
- [lua] Dumper:close() will cause a segfault due later GC of the
Dumper. (Bug 5320)
- Network Instruments' trace files sometimes cannot be read with
an error message of "Observer: bad record: Invalid magic
number". (Bug 5330)
- IO Graph Time of Day times incorrect for filtered data. (Bug
5340)
- Wireshark tools do not detect and read some ERF files
correctly. (Bug 5344)
- "editcap -h" sends some lines to stderr and others to stdout.
(Bug 5353)
- IP Timestamp Option: "flag=3D3" variant (prespecified) not
displayed correctly. (Bug 5357)
- AgentX PDU Header 'hex field highlighting' incorrectly spans
extra bytes. (Bug 5364)
- AgentX dissector cannot handle null OID in Open-PDU. (Bug
5368)
- Crash with "Gtk-ERROR **: Byte index 6 is off the end of the
line". (Bug 5374)
- ANCP Portmanagment TLV wrong decoded. (Bug 5388)
- Crash during startup because of Python SyntaxError in
wspy_libws.py. (Bug 5389)
- Updated Protocol Support
AgentX, ANCP, DIAMETER, HTTP, IP, LDSS, MIME, NBNS, PROFINET, SIP,
TCP, Telnet, ZigBee
- New and Updated Capture File Support
Endace ERF, Network Instruments Observer.
To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/net/wireshark/distinfo
|
|
|
|
www/ap2-fcgid: security update
Revisions pulled up:
- www/ap2-fcgid/Makefile 1.7
- www/ap2-fcgid/distinfo 1.4
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Nov 23 11:55:16 UTC 2010
Modified Files:
pkgsrc/www/ap2-fcgid: Makefile distinfo
Log Message:
Update ap2-fcgid to 2.3.6.
Changes with mod_fcgid 2.3.6
*) SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite. Diagnosed by the reporter.
P R 49406. [Edgar Frank <ef-lists email.de>]
*) Change the default for FcgidMaxRequestLen from 1GB to 128K.
Administrators should change this to an appropriate value based on
site requirements. [Jeff Trawick]
*) Allow FastCGI apps more time to exit at shutdown before being
forcefully killed. [Jeff Trawick]
*) Correct a problem that resulted in FcgidMaxProcesses being ignored
in some situations. P R 48981. [<rkosolapov gmail.com>]
*) Fix the search for processes with the proper vhost config when
ServerName isn't set in every vhost or a module updates
r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
or a module updates r->server dynamically (e.g., mod_vhost_ldap).
[Jeff Trawick]
*) FcgidPassHeader now maps header names to environment variable names
in the usual manner: The header name is converted to upper case and
is prefixed with HTTP_. An additional environment variable is
created with the legacy name. P R 48964. [Jeff Trawick]
*) Allow processes to be reused within multiple phases of a request
by releasing them into the free list as soon as possible.
[Chris Darroch]
*) Fix lookup of process command lines when using FcgidWrapper or
access control directives, including within .htaccess files.
[Chris Darroch]
*) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
ownership of mutex files was incorrect, resulting in a startup failure.
P R 48651. [Jeff Trawick, <pservit gmail.com>]
*) Return 500 instead of segfaulting when the application returns no output.
[Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]
*) In FCGI_AUTHORIZER role, avoid spawning a new process for every
different HTTP request. [Chris Darroch]
|
|
|
|
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.152
- security/openssl/distinfo 1.78
- security/openssl/patches/patch-bd delete
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Nov 17 00:52:26 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-bd
Log Message:
Update security/openssl package to 0.9.8p.
OpenSSL version 0.9.8p released
===============================
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8p of our open source toolkit for SSL/TLS. This new
OpenSSL version is a security and bugfix release which addresses
CVE-2010-3864. For a complete list of changes,
please see http://www.openssl.org/source/exp/CHANGES.
|
|
|
|
filesystems/fuse: portability fix
Revisions pulled up:
- mk/fuse.buildlink3.mk 1.11
---
Module Name: pkgsrc
Committed By: dholland
Date: Mon Nov 15 04:51:33 UTC 2010
Modified Files:
pkgsrc/mk: fuse.buildlink3.mk
Log Message:
Use an include guard symbol name that doesn't conflict with
filesystems/fuse/buildlink3.mk.
|
|
|
|
net/p5-Net-SNMP: bug fix patch
Revisions pulled up:
- net/p5-Net-SNMP/Makefile 1.26
- net/p5-Net-SNMP/distinfo 1.9
- net/p5-Net-SNMP/patches/patch-aa 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Nov 13 17:06:05 UTC 2010
Modified Files:
pkgsrc/net/p5-Net-SNMP: Makefile distinfo
Added Files:
pkgsrc/net/p5-Net-SNMP/patches: patch-aa
Log Message:
Bring in change from 6.0.1:
Removed all occurrences of the "locked" attribute that was
deprecated in Perl 5.12.0.
I didn't upgrade the package to 6.0.1 because it causes incompatibilities
with net/mrtg
PKGREVISON++
|
|
|
|
print/cups: security patch
Revisions pulled up:
- print/cups/Makefile 1.170
- print/cups/distinfo 1.76
- print/cups/patches/patch-aq 1.4
- print/cups/patches/patch-ar 1.4
---
Module Name: pkgsrc
Committed By: sbd
Date: Fri Nov 12 08:24:32 UTC 2010
Modified Files:
pkgsrc/print/cups: Makefile distinfo
Added Files:
pkgsrc/print/cups/patches: patch-aq patch-ar
Log Message:
Add str3648.patch by Mike Sweet to address CVE-2010-2941.
Obtained from https://bugzilla.redhat.com/show_bug.cgi?id=624438
as Cups STR#3648 (http://www.cups.org/str.php?L3648) is not public yet!
|
|
|
|
lang/ruby: fix build of GEM packages under Solaris
Revisions p
- lang/ruby/gem.mk 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Nov 10 10:57:41 UTC 2010
Modified Files:
pkgsrc/lang/ruby: gem.mk
Log Message:
Exactly set TZ=UTC, or not worked as expected on Solaris (time-zone difference = 0).
Fixes PR#44037.
|
|
|
|
security fix
Revisions pulled up:
- pkgsrc/finance/gnucash/Makefile 1.145
- pkgsrc/finance/gnucash/PLIST 1.38
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sun Nov 7 23:27:53 UTC 2010
Modified Files:
pkgsrc/finance/gnucash: Makefile PLIST
Log Message:
Do not install gnc-test-env. This file got CVE-2010-3999 attached to it
and it's not needed except for testing. Bump PKGREVISION.
While here, include desktopdb.mk.
To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 pkgsrc/finance/gnucash/Makefile
cvs rdiff -u -r1.37 -r1.38 pkgsrc/finance/gnucash/PLIST
|
|
security update
Revisions pulled up:
- pkgsrc/net/proftpd/Makefile 1.59
- pkgsrc/net/proftpd/PLIST 1.22
- pkgsrc/net/proftpd/distinfo 1.34
- pkgsrc/net/proftpd/options.mk 1.9
- pkgsrc/net/proftpd/patches/patch-aa 1.13
- pkgsrc/net/proftpd/patches/patch-ac 1.13
- pkgsrc/net/proftpd/patches/patch-ab 1.12
Files deleted:
pkgsrc/net/proftpd/patches/patch-ae
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: obache
Date: Sun Nov 7 12:21:10 UTC 2010
Modified Files:
pkgsrc/net/proftpd: Makefile PLIST distinfo options.mk
pkgsrc/net/proftpd/patches: patch-aa patch-ab patch-ac
Removed Files:
pkgsrc/net/proftpd/patches: patch-ae
Log Message:
Update proftpd to 1.3.3c.
pksrc changes:
* Instead of patch&subst to change layout of statedir, pass it to configure
instead (and subst for manpages are fixed).
* Convert custom mod_wrap library modification to SUBST.
* Need to buildlink with security/tcp_wappers for mod_wrap.
NEWS:
1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.
1.3.3b - Released 09-Sep-2010
--------------------------------
- Bug 3481 - Problem with SFTP directory listings.
- Bug 3483 - NULL pointer dereference handling SITE command in mod_quotatab.
- Bug 3485 - Disabling IPv6 via -4 or --ipv4 command-line options does not work.
- Bug 3487 - Null pointer dereference with EPRT/EPSV/PASV/PORT command during
data transfer.
- Bug 3482 - ProFTPD corrupts utmpx log files on FreeBSD 9.0/HEAD.
- Bug 3491 - Directory pattern not matching as expected.
- Bug 3492 - Null pointer dereference during data transfer due to RNFR/RNTO.
- Bug 3494 - Null pointer dereference for IPv6-enabled proftpd when no
DefaultServer configured.
- Bug 3501 - <Anonymous> logins with "AuthAliasOnly on" still handled as
anonymous logins.
1.3.3a - Released 01-Jul-2010
--------------------------------
- Bug 3400 - Add Japanese translation.
- Bug 3401 - mod_sftp does not compile with pre-0.9.7 OpenSSL.
- Bug 3402 - mod_tls does not compile with pre-0.9.7 OpenSSL due to Bug#3349.
- Bug 3403 - File upload followed by MLSD leads to wrong file size entries in
TransferLog.
- Bug 3405 - Multiple SFTPAuthorizedUserKeys stores causes segfault on 64-bit
platforms.
- Bug 3354 - Renaming a file across mount points to a full disk does not fail
as expected.
- Bug 3408 - Use <termios.h> instead of <sys/termios.h> where possible.
- Bug 3412 - Include files not included after restart due to permissions.
- Bug 3409 - Build failure on newer FreeBSD due to utmp/utmpx system changes.
- Bug 3417 - Unsafe use of pointer when scanning config for ScoreboardFile.
- Bug 3418 - %U sometimes showing up as "(none)" in ExtendedLog.
- Bug 3421 - RewriteHome does not work properly for SFTP connections.
- Bug 3419 - SSL_shutdown() errors with openssl-0.9.8m.
- Bug 3423 - Last line of multiline DisplayLogin file improperly handled.
- Bug 3426 - mod_sftp does not log to TransferLog by default.
- Bug 3425 - Improperly constructed destination paths for SCP uploads.
- Bug 3427 - mod_sftp does not handle recursive SCP uploads properly.
- Bug 3432 - ExecBeforeCommand does not interpolate the %F/%f variables
properly.
- Bug 3434 - TraceLog contains messages even with "Trace DEFAULT:0" configured.
- Bug 3435 - Encoding/decoding conversion can cause CPU spike.
- Bug 3436 - Support build-time option to disable use of nonblocking open of
log files. Use --disable-nonblocking-log-open to get the pre-1.3.3 behavior
of opening log files.
- Bug 3437 - UseImplicitSSL TLSOption causes PBSZ/PROT commands to fail.
- Bug 3439 - Encoding fails if an NLS-enabled proftpd starts in a UTF8 locale.
- Bug 3446 - .ftpaccess ignored in some cases.
- Bug 3447 - mod_sftp can become confused during large recursive SCP uploads.
- Bug 3448 - Ensure that STAT/LSTAT/FSTAT SFTP requests do not use cached/stale
data.
- Bug 3449 - mod_sftp does not properly handle the O_TRUNC flag in a SFTP OPEN
request.
- Bug 3450 - mod_sftp does not properly handle the O_APPEND flag in a SFTP OPEN
request.
- Bug 3451 - WinSCP can't upload files using protocol version 5 with mod_sftp.
- Bug 3452 - mod_sftp does not advertise its supported SFTP extensions for
protocol version 5.
- Bug 3454 - msgfmt(1) options used for generating NLS files are not compatible
with Solaris' msgfmt.
- Bug 3456 - Problem attempting to recursively download a directory via SCP.
- Bug 3458 - mod_sftp incorrectly performs OpenSSL cleanup.
- Bug 3459 - mod_radius segfaults during incorrect login due to stale data.
- Bug 3460 - REALPATH SFTP request can cause improperly cached directory
configuration.
- Bug 3462 - ftpasswd script's --delete-user option does not work.
- Bug 3463 - ftpasswd script's --delete-group option does not work.
- Bug 3465 - SIGSEGV at LIST after CCC.
- Bug 3470 - Deferred resolution <Directory> paths not handled properly by
mod_sftp.
- Bug 3469 - ExtendedLog's %f variable not properly expanded for DELE if path
begins with tilde ('~').
- Bug 3467 - mod_ifsession does not merge <Directory> blocks properly.
- Bug 3471 - Null values in allow/deny rules causes mod_wrap2 to segfault.
- Bug 3472 - mod_sftp publickey authentication fails for large keys.
- Bug 3424 - Bad LDAP lookup can cause mod_ldap segfault under some conditions.
- Bug 3476 - LIST/NLST of path starting with "-" fails.
- Bug 3475 - Add new 'noGetgrouplist' AuthUnixOption to work around buggy
libc code.
- Bug 3474 - Using SQLite database and SQLLog directive can lead to problems
under load.
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/net/proftpd/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/proftpd/PLIST
cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/proftpd/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/proftpd/options.mk
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/proftpd/patches/patch-aa \
pkgsrc/net/proftpd/patches/patch-ac
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/proftpd/patches/patch-ab
cvs rdiff -u -r1.7 -r0 pkgsrc/net/proftpd/patches/patch-ae
|
|
security update
Revisions pulled up:
- pkgsrc/databases/mysql51-client/Makefile.common 1.13
- pkgsrc/databases/mysql51-client/distinfo 1.10
- pkgsrc/databases/mysql51-server/PLIST 1.10
- pkgsrc/databases/mysql51-server/distinfo 1.12
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 4 15:57:07 UTC 2010
Modified Files:
pkgsrc/databases/mysql51-client: Makefile.common distinfo
pkgsrc/databases/mysql51-server: PLIST distinfo
Log Message:
Update mysql51-{client,server} package from 5.1.51 to 5.1.52.
This is maintainous release and pleare refer in detail:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
One note from the changes:
* Security Fix: In prepared-statement mode, EXPLAIN for a SELECT from
a derived table caused a server crash. (Bug#54488)
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/databases/mysql51-client/Makefile.common
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/mysql51-client/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/mysql51-server/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/mysql51-server/distinfo
|
|
|
|
fix for alpha
Revisions pulled up:
- pkgsrc/lang/perl5/hacks.mk 1.4
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Nov 2 07:54:31 UTC 2010
Modified Files:
pkgsrc/lang/perl5: hacks.mk
Log Message:
Remove alpha hack. Not needed any longer; per Staffan Thom�
<duck@shangtai.net> on tech-pkg.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/perl5/hacks.mk
|
|
security update
Revisions pulled up:
- pkgsrc/www/webkit-gtk/Makefile 1.28
- pkgsrc/www/webkit-gtk/distinfo 1.21
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Sat Oct 16 13:46:30 UTC 2010
Modified Files:
pkgsrc/www/webkit-gtk: Makefile distinfo
Log Message:
Changes 1.2.5:
Bug fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/www/webkit-gtk/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/webkit-gtk/distinfo
|
|
|
|
build and portability fix
Revisions pulled up:
- pkgsrc/print/a2ps/Makefile 1.70
- pkgsrc/print/a2ps/distinfo 1.12
Files added:
pkgsrc/print/a2ps/patches/patch-ac
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Oct 28 23:21:53 UTC 2010
Modified Files:
pkgsrc/print/a2ps: Makefile distinfo
Added Files:
pkgsrc/print/a2ps/patches: patch-ac
Log Message:
Fix two problem under Mac OS X:
1.) stpcpy() is a macro under at least Mac OS 10.6. Avoid build failures
by not defining a dodgy prototype for it.
2.) Don't strip installed binaries to allow the dynamic linker to find
symbols required by the shared library but defined by the application.
This fixes PR pkg/41827 by Christopher M. Fuhrman.
Bump package revision as the package built fine under Mac OS 10.5 before
but didn't work.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/print/a2ps/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/print/a2ps/distinfo
cvs rdiff -u -r0 -r1.7 pkgsrc/print/a2ps/patches/patch-ac
|
|
security update
Revisions pulled up:
- pkgsrc/devel/xulrunner/dist.mk 1.16
- pkgsrc/devel/xulrunner/distinfo 1.38
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Oct 28 21:33:59 UTC 2010
Modified Files:
pkgsrc/devel/xulrunner: dist.mk distinfo
Log Message:
Update the following package:
- devel/nspr from 4.8.6.11 to 4.8.6.12
- devel/xulrunner from 1.9.2.11 to 1.9.2.12
- www/firefox from 3.6.11 to 3.6.12
Security issues fixed since previous versions:
MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/xulrunner/dist.mk
cvs rdiff -u -r1.37 -r1.38 pkgsrc/devel/xulrunner/distinfo
|
|
|
|
mail/clamav: bug fix
Revisions pulled up:
- mail/clamav/Makefile 1.107
- mail/clamav/distinfo 1.69
- mail/clamav/patches/patch-ah 1.19
---
Module Name: pkgsrc
Committed By: bouyer
Date: Thu Oct 28 20:11:18 UTC 2010
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Added Files:
pkgsrc/mail/clamav/patches: patch-ah
Log Message:
backport 2 fixes from the git repository. Without it, clamav would
fail to parse some PDF files. Bump PKGREVISION.
|
|
|
|
audio/mpg123: security update
Revisions pulled up:
- audio/mpg123/Makefile.common 1.35
- audio/mpg123/distinfo 1.32
---
Module Name: pkgsrc
Committed By: zafer
Date: Tue Oct 26 21:06:44 UTC 2010
Modified Files:
pkgsrc/audio/mpg123: Makefile.common distinfo
Log Message:
Update mpg123 to 1.12.5
Changelog:
Version 1.12.5:
This release fixes a buffer overflow issue in the mpg123 frontend
application when printing ID3 data in non-UTF-8 environments. It has
been introduced in version 1.12.4 and Jakub Bogusz was so kind to bump
my head into this. Please upgrade. Thanks.
Version 1.12.4:
This is a little bugfix release that improves printout of metadata (ID3)
in UTF-8 terminals, fixing one of those distro bug reports that I am
getting aware of late... Get it from the usual places.
Version 1.12.3:
The newest release fixes bug 3022850, a long-standing bug that managed
to break http streaming with ICY metadata in a non-obvious manner. It's
a little change with big impact... for those who listen to web radio,
that is.
Version 1.12.2:
The fresh maintenance release mainly fixes bug 2996045, invalid memory
access prompted by addresses in the upper half of the address space. I
introduced that one with a bad alignment algorithm, sorry.
Along with this go several other fixes/improvements:
* Various build and portability fixes (including making some exotic
configure switches work (again)).
* Add dump_seekindex example
* Sync mpg123_clr (.NET wrapper) to 1.12 feature set, patch provided
by Malcolm Boczek -- and actually include it in release tarball!
* Rework mpg123.h logic for large file stuff a bit, clients can
control it by defining MPG123_NO_LARGENAME or MPG123_LARGESUFFIX.
* Include dumb wrappers to provide names suffixed with _64 on 64 bit
machines and _32 on 32 bit machines, respectively, to help clients that
insist on defining _FILE_OFFSET_BITS where it is not needed (or with a
non-large value).
* Tuning of the internal buffer code for feeder mode to minimize its
performance impact (works in 4K blocks now).
* Workaround for compiler bugs in Open64/PathScale/SunStudio (bug
3004396, suggestion by Doug Gilmore).
Note that Sun Studio is still a tricky fellow, at least when it
comes to our preprocessed assembly (generic build works). Also,
x86-Open64 recently produced another segfault in layer3.c on my box...
GNU and intel compilers are what one can use as something stable.
* Make mpg123_getformat() return more error codes (like
MPG123_NEED_MORE).
* Fix handle I/O for clients with small file offset (32 bit when
libmpg123 has 64 bit).
* Fix 3DNow(Ext) standalone builds.
|
|
|
|
graphics/kdegraphics3: security patch
Revisions pulled up:
- graphics/kdegraphics3/Makefile 1.88
- graphics/kdegraphics3/distinfo 1.52
- graphics/kdegraphics3/patches/patch-ad 1.8
- graphics/kdegraphics3/patches/patch-ae 1.3
---
Module Name: pkgsrc
Committed By: markd
Date: Mon Oct 25 19:30:05 UTC 2010
Modified Files:
pkgsrc/graphics/kdegraphics3: Makefile distinfo
Added Files:
pkgsrc/graphics/kdegraphics3/patches: patch-ad patch-ae
Log Message:
Fixes for CVE-2010-3702 and CVE-2010-3704 via the patches for xpdf.
|
|
|
|
www/seamonkey: security update
Revisions pulled up:
- www/seamonkey/Makefile 1.41
- www/seamonkey/distinfo 1.56
- www/seamonkey/patches/patch-ag 1.4
- www/seamonkey/patches/patch-al delete
- www/seamonkey/patches/patch-mn 1.2
---
Module Name: pkgsrc
Committed By: tnn
Date: Fri Oct 22 10:08:15 UTC 2010
Modified Files:
pkgsrc/www/seamonkey: Makefile distinfo
pkgsrc/www/seamonkey/patches: patch-ag patch-mn
Removed Files:
pkgsrc/www/seamonkey/patches: patch-al
Log Message:
Security and stability update of seamonkey to 2.0.9.
MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
|
|
Revisions pulled up:
- mail/thunderbird/Makefile 1.60
- mail/thunderbird/PLIST 1.32
- mail/thunderbird/distinfo 1.75
- mail/thunderbird/patches/patch-mc delete
---
odule Name: pkgsrc
Committed By: tnn
Date: Thu Oct 21 16:02:37 UTC 2010
Modified Files:
pkgsrc/mail/thunderbird: Makefile PLIST distinfo
Removed Files:
pkgsrc/mail/thunderbird/patches: patch-mc
Log Message:
Update to thunderbird-3.1.5.
* Several fixes to improve stability and security
* Several fixes to the user interface.
MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
|
|
devel/nss: security update
Revisions pulled up:
- devel/nss/Makefile 1.39
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Oct 21 10:31:00 UTC 2010
Modified Files:
pkgsrc/devel/nss: Makefile
Log Message:
Update to nss-3.12.8 (catch up w/ firefox)
Various bug fixes, including a security fix:
578697: (CVE-2010-3170) Browser Wildcard Certificate Validation Issue
|
|
|
|
devel/xulrunner: security update
www/firefox: security update
Revisions pulled up:
- devel/xulrunner/Makefile 1.42
- devel/xulrunner/dist.mk 1.15
- devel/xulrunner/distinfo 1.37
- devel/xulrunner/patches/patch-be 1.2
- devel/xulrunner/patches/patch-mc delete
- www/firefox/Makefile 1.77
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Oct 21 10:27:21 UTC 2010
Modified Files:
pkgsrc/devel/xulrunner: Makefile dist.mk distinfo
pkgsrc/devel/xulrunner/patches: patch-be
pkgsrc/www/firefox: Makefile
Removed Files:
pkgsrc/devel/xulrunner/patches: patch-mc
Log Message:
Security & stability update to firefox-3.6.11 (xulrunner-1.9.2.11)
MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
|
|
|
|
lang/sun-jdk6: security update
lang/sun-jre6: security update
Revisions pulled up:
- lang/sun-jdk6/Makefile 1.20
- lang/sun-jdk6/PLIST 1.10
- lang/sun-jdk6/distinfo 1.11
- lang/sun-jdk6/files/common 1.2
- lang/sun-jre6/Makefile 1.26-1.27
- lang/sun-jre6/Makefile.common 1.14
- lang/sun-jre6/PLIST.linux-i386 1.19-1.20
- lang/sun-jre6/distinfo 1.14
- lang/sun-jre6/sfiles-i386.mk 1.3
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Oct 16 04:41:19 UTC 2010
Modified Files:
pkgsrc/lang/sun-jdk6: Makefile PLIST distinfo
pkgsrc/lang/sun-jdk6/files: common
pkgsrc/lang/sun-jre6: Makefile Makefile.common PLIST.linux-i386
distinfo sfiles-i386.mk
Log Message:
Update Sun Java SE 6 to 1.6.0_22, a.k.a. 6.0.22.
[Changes in 1.6.0_22 (6u22)]
http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
* OlsonData 2010l
* Root Certificates
Added new Entrust Root CA-G2 and updated Entrust.net CA (2048) root
certificates. (Refer to 6959911.)
* Bug Fixes
This release contains fixes for security vulnerabilities. For more
information, please see Oracle Java SE and Java for Business Critical Patch
Update advisory.
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
[Changes in 1.6.0_21 (6u21)]
http://www.oracle.com/technetwork/java/javase/6u21-156341.html
* OlsonData 2010i
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Oct 23 12:26:33 UTC 2010
Modified Files:
pkgsrc/lang/sun-jre6: Makefile PLIST.linux-i386
Log Message:
Remove a file from PLIST, it will be regenerated in POST-INSTALL.
Bump PKGREVISION.
|
|
|
|
editors/emacs: build fix
Revisions pulled up:
- editors/emacs/Makefile 1.132
- editors/emacs/distinfo 1.47
- editors/emacs/patches/patch-bf 1.8
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Oct 21 12:05:49 UTC 2010
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
Added Files:
pkgsrc/editors/emacs/patches: patch-bf
Log Message:
Fixes build on NetBSD with X11_TYPE=native.
* honor PREFIX
* reorder rpath so that additional libraries will be prefered than builtin X.
|
|
|
|
build fix
Revisions pulled up:
- pkgsrc/mail/pear-Mail_Mime/Makefile 1.15
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Oct 17 01:06:14 UTC 2010
Modified Files:
pkgsrc/mail/pear-Mail_Mime: Makefile
Log Message:
Fix incomplete installation by patching "scripts/phail.php" after the
installation which otherwise fails due to an MD5 checksum of the
above file. Bump package revision as the binary package changed.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/pear-Mail_Mime/Makefile
|
|
|
|
graphics/libgdiplus: security patch
Revisions pulled up:
- graphics/libgdiplus/Makefile patch
- graphics/libgdiplus/distinfo patch
- graphics/libgdiplus/patches/patch-aa new file
- graphics/libgdiplus/patches/patch-ab new file
- graphics/libgdiplus/patches/patch-ac new file
---
Apply patch to fix the security vulnerability reported in CVE-2010-1526
(execution of code via crafted TIFF, JPEG or BMP files.)
|
|
|
|
|
|
Rhaeto-Romance language files are updated.
|
|
setup.py doing it at build time. Switch to the new distfile name.
|
|
OK wiz@
|
