Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
security update for net/bind96
Revisions pulled up:
- net/bind96/Makefile 1.19
- net/bind96/distinfo 1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 5 14:28:06 UTC 2011
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release.
The package name was selected as:
- Make sure to greater version from bind-9.6.3.
- Include "ESV" (Extended Support Version) string.
Since changes from BIND 9.6.3 are too may, please refer changes in detail:
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
|
|
security update for net/bind97
Revisions pulled up:
- net/bind97/Makefile 1.8
- net/bind97/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 5 13:56:35 UTC 2011
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
Update bind97 package to bind-9.7.3pl3 (9.7.3-P3), security release.
--- 9.7.3-P3 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.7.3-P2 released (withdrawn) ---
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
|
|
security update for net/bind98
Revisions pulled up:
- net/bind98/Makefile 1.4
- net/bind98/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 5 13:35:29 UTC 2011
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
Update bind98 package to 9.8.0pl4 (9.8.0-P4), security release.
Introduction
BIND 9.8.0-P4 is security patch for BIND 9.8.0.
Please see the CHANGES file in the source code release for a complete
list of all changes.
--- 9.8.0-P4 released ---
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
used in actual DNS packets. [RT #24777]
--- 9.8.0-P3 released (withdrawn) ---
3126. [security] Using DNAME record to generate replacements caused
RPZ to exit with a assertion failure. [RT #23766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
3115. [bug] Named could fail to return requested data when
following a CNAME that points into the same zone.
[RT #2445]
|
|
|
|
sysutils/dbus security update
Revisions pulled up:
- sysutils/dbus/Makefile 1.52
- sysutils/dbus/distinfo 1.37
- sysutils/dbus/patches/patch-CVE-2011-2200 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Mon Jun 13 22:06:39 UTC 2011
Modified Files:
pkgsrc/sysutils/dbus: Makefile distinfo
Added Files:
pkgsrc/sysutils/dbus/patches: patch-CVE-2011-2200
Log Message:
Add patch for CVE-2011-2200 (SA44896) from
http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
|
|
|
|
x11/vte: security patch
Revisions pulled up:
- x11/vte/Makefile 1.85
- x11/vte/distinfo 1.48
- x11/vte/patches/patch-aj 1.3
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Jun 10 17:07:16 UTC 2011
Modified Files:
pkgsrc/x11/vte: Makefile distinfo
Added Files:
pkgsrc/x11/vte/patches: patch-aj
Log Message:
add a patch from Gnome bugzille to fix a bug where the terminal could
be sent into an endless loop allocating memory by a simple escape sequence
bump PKGREV
|
|
|
|
graphics/tiff: security update
Revisions pulled up:
- graphics/tiff/Makefile 1.101
- graphics/tiff/distinfo 1.52
- graphics/tiff/patches/patch-CVE-2011-1167 deleted
- graphics/tiff/patches/patch-SA43593 deleted
- graphics/tiff/patches/patch-aa deleted
- graphics/tiff/patches/patch-ab deleted
- graphics/tiff/patches/patch-ac deleted
- graphics/tiff/patches/patch-ad deleted
- graphics/tiff/patches/patch-ae deleted
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 12 08:57:57 UTC 2011
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Removed Files:
pkgsrc/graphics/tiff/patches: patch-CVE-2011-1167 patch-SA43593
patch-aa patch-ab patch-ac patch-ad patch-ae
Log Message:
Update to 3.9.5:
Many bugs and security issues are resolved in this stable release.
|
|
|
|
mail/fetchmail security update
Revisions pulled up:
- mail/fetchmail/Makefile 1.176
- mail/fetchmail/distinfo 1.44
- mail/fetchmail/patches/patch-aa removed
- mail/fetchmailconf/Makefile 1.80
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Jun 9 11:52:34 UTC 2011
Modified Files:
pkgsrc/mail/fetchmail: Makefile distinfo
pkgsrc/mail/fetchmailconf: Makefile
Removed Files:
pkgsrc/mail/fetchmail/patches: patch-aa
Log Message:
Update fetchmail to 6.3.20.
Requested by PR#45030.
fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):
# SECURITY BUG FIXES
* CVE-2011-1947:
STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
set timeout (default five minutes) now. This was reported missing, with
observed fetchmail freezes beyond a week, by Thomas Jarosch.
SSL-wrapped connections were unaffected by this timeout, so users of older
versions can force ssl-wrapped connections -- if supported by the server --
with the --ssl command line or ssl rcfile option.
See fetchmail-SA-2011-01.txt for further details.
# BUG FIXES
* IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few
new messages and most of the range searches result in nothing. Instead, split
the long response to make the IMAP driver think that there are multiple lines
of response. (Sunil Shetye)
* Do not print "skipping message" for old messages even in verbose mode. If
there are too many old messages, the logs just get filled without any real
activity. (Sunil Shetye) (suggested by Yunfan Jiang)
* Build: fetchmail now always uses its own MD5 implementation rather than trying
to find a system library with matched header. The library and header variants
found on systems are too diverse, and the code size saving is not worth any
more wasted user or programmer time.
# CHANGES
* Call strlen() only once when removing CRLF from a line. (Sunil Shetye)
* fetchmail sets Internet domain sockets to "keepalive" mode now. Note that
there is no portable way to configure actual timeouts for this mode, and some
systems only support a system-wide timeout setting. fetchmail does not
attempt to tune the time spans of keepalive mode.
# TRANSLATION UPDATES
[cs] Chech (Petr Pisar)
[nl] Dutch (Erwin Poeze)
[fr] French (Frédéric Marchal)
[de] German (Matthias Andree)
[ja] Japanese (Takeshi Hamasaki)
[pl] Polish (Jakub Bogusz)
[sk] Slovak (Marcel Telka)
# KNOWN BUGS AND WORKAROUNDS
(this section floats upwards through the NEWS file so it stays with the
current release information - however, it was stuck with 6.3.8 for a while)
* fetchmail does not handle messages without Message-ID header well
(See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
so compiling 32-bit SPARC code should not cause any difficulties.
* fetchmail does not track pending deletes over crashes.
* the command line interface is sometimes a bit stubborn, for instance,
fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
no or no global IPv6 addresses are configured.
(No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
messages. This will not be fixed, because the maintainer has no Kerberos 5
server to test against. Use GSSAPI.
fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):
# ERRATUM NOTICE ISSUED
* fetchmail 6.3.18 contains several bug fixes that were considered sufficiently
grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.
# BUG FIXES
* When specifying multiple local multidrop lists, do not lose wildcard flag.
(Affects "user foo is bar baz * is joe here")
* In multidrop configurations, an asterisk can now appear anywhere in the list
of local users, not just at the end.
* In multidrop mode, header parsing is now more verbose in -vv mode, so that it
becomes possible to see which header is used.
* Make --antispam work from command line (these used to work in rcfiles).
Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye)
* Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML
documents. Skip validating Mailbox-Names-UTF7.html. Several systems have
broken XHTML 1.1 DTD installations that jeopardize the build.
Reported by Mihail Nechkin against FreeBSD port.
Workaround for 6.3.18: build in a separate directory, i. e:
mkdir build && cd build && ../configure --options-go-here
* Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
* Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R.
and Derek Simkowiak via the fetchmail-users@ mailing list.
* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the
server capabilities do not show support for upgradation to TLS.
To use this, configure --sslproto tls1. (Sunil Shetye)
* IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by
Yasin Malli to fetchmail-users@ 2010-12-10.
Note that fetchmail continues to expect literals as FETCH response for now.
# DOCUMENTATION
* The manual page now links to IANA for GSSAPI service names.
# TRANSLATION UPDATES
[cs] Czech (Petr Pisar)
[fr] French (Frédéric Marchal)
[de] German
[it] Italian (Vincenzo Campanella)
[pl] Polish (Jakub Bogusz)
fetchmail-6.3.18 (released 2010-10-09, 25936 LoC):
# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
* Fetchmail now only accepts wildcard certificate common names and subject
alternative names if they start with "*.". Previous versions would accept
wildcards even if no period followed immediately.
* Fetchmail now disallows wildcards in certificates to match domain literals
(such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
The test is overly picky and triggers if the pattern (after skipping the
initial wildcard "*") or domain consists solely of digits and dots, and thus
matches more than needed.
* Fetchmail now disallows wildcarding top-level domains.
# CRITICAL BUG FIXES AND REGRESSION FIXES
* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
functions, as an effect of an undocumented Solaris MD5 fix.
This caused all MD5-related functions to malfunction if, for instance,
libmd5.so was installed on other operating systems as part of libwww on
machines where long isn't 32-bits, i. e. usually on 64-bit computers.
Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian.
Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
* Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching
--sslfingerprint was specified. This is an omission from an SSL usability
change made in 6.3.17.
Fixes Debian Bug#580796 reported by Roland Stigge.
* Fetchmail will now apply timeouts to the authentication stage.
This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
Reported missing by Thomas Jarosch.
* Fetchmail now cancels GSSAPI authentication properly when encountering GSS
errors, such as no or unsuitable credentials.
It now sends an asterisk on a line by its own, as required in SASL.
This fixes protocol synchronization issues that cause Authentication
failures, often observed with kerberized MS Exchange servers.
Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the
fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart.
# BUG FIXES
* Fetchmail will no longer print connection attempts and errors for one host
in "silent" and "normal" logging modes, unless all connections fail. This
should reduce irritation around refused-connection logging if services are
only on an IPv4 socket if the host also supports IPv6. Often observed as
connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
then - silently - succeeds. Fetchmail, unless in verbose mode, will collect
all connect errors and only report them if all of them fail.
* Fetchmail will not try GSSAPI authentication automatically, unless it has GSS
credentials. However, if GSSAPI authentication is requested explicitly,
fetchmail will always try it.
* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
* The manual page clearly states that --principal is for Kerberos 4 only, not
for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.
# CHANGES
* When encountering incorrect headers, fetchmail will refer to the bad-header
option in the manpage.
Fixes BerliOS Bug #17272, change suggested by Björn Voigt.
* Fetchmail now decodes and reports GSSAPI status codes upon errors.
* Fetchmail now autoprobes NTLM also for POP3.
* The Fetchmail FAQ has a new item #R15 on authentication failures.
# INTERNAL CHANGES
* The common NTLM authentication code was factored out from pop3.c and imap.c.
# TRANSLATION UPDATES
[zh_CN] Chinese/simplified (Ji Zheng-Yu)
[cs] Czech (Petr Pisar)
[nl] Dutch (Erwin Poeze)
[fr] French (Frédéric Marchal)
[de] German
[it] Italian (Vincenzo Campanella)
[ja] Japanese (Takeshi Hamasaki)
[pl] Polish (Jakub Bogusz)
[sk] Slovak (Marcel Telka)
|
|
|
|
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/subversion: security update
devel/subversion-base: security update
www/ap2-subversion: security update
Revisions pulled up:
- devel/java-subversion/Makefile 1.11 via patch
- devel/p5-subversion/Makefile 1.51 via patch
- devel/py-subversion/Makefile 1.40 via patch
- devel/ruby-subversion/Makefile 1.31 via patch
- devel/subversion-base/Makefile 1.72 via patch
- devel/subversion/Makefile 1.44 via patch
- devel/subversion/Makefile.version 1.58
- devel/subversion/distinfo 1.79
- www/ap2-subversion/Makefile 1.44 via patch
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jun 3 13:26:50 UTC 2011
Modified Files:
pkgsrc/devel/java-subversion: Makefile
pkgsrc/devel/p5-subversion: Makefile
pkgsrc/devel/py-subversion: Makefile
pkgsrc/devel/ruby-subversion: Makefile
pkgsrc/devel/subversion: Makefile Makefile.version distinfo
pkgsrc/devel/subversion-base: Makefile
pkgsrc/www/ap2-subversion: Makefile
Log Message:
Update subversion pacakges to 1.6.17.
Version 1.6.17
(01 Jun 2011, from /branches/1.6.x)
http://svn.apache.org/repos/asf/subversion/tags/1.6.17
User-visible changes:
* improve checkout speed on Windows (issue #3719)
* make 'blame -g' more efficient on with large mergeinfo (r1094692)
* avoid some invalid handle exceptions on Windows (r1095654)
* preserve log message with a non-zero editor exit (r1072084)
* fix FSFS cache performance on 64-bit platforms (r1103665)
* make svn cleanup tolerate obstructed directories (r1091881)
* fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
* detect very occasional corruption and abort commit (issue #3845)
* fixed: file externals cause non-inheritable mergeinfo (issue #3843)
* fixed: file externals cause mixed-revision working copies (issue #3816)
* fix crash in mod_dav_svn with GETs of baselined resources (r1104126)
See CVE-2011-1752, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
* fixed: write-through proxy could direcly commit to slave (r917523)
* detect a particular corruption condition in FSFS (r1100213)
* improve error message when clients refer to unkown revisions (r939000)
* bugfixes and optimizations to the DAV mirroring code (r878607)
* fixed: locked and deleted file causes tree conflict (issue #3525)
* fixed: update touches locked file with svn:keywords property (issue #3471)
* fix svnsync handling of directory copyfrom (issue #3641)
* fix 'log -g' excessive duplicate output (issue #3650)
* fix svnsync copyfrom handling bug with BDB (r1036429)
* server-side validation of svn:mergeinfo syntax during commit (issue #3895)
* fix remotely triggerable mod_dav_svn DoS
See CVE-2011-1783, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
* fix potential leak of authz-protected file contents
See CVE-2011-1921, and descriptive advisory at
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
Developer-visible changes:
* fix reporting FS-level post-commit processing errors (r1104098)
* fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
* allow building on Windows with recent Expat (r1074572)
|
|
|
|
devel/automake14 security update
Revisions pulled up:
- devel/automake14/Makefile 1.19
- devel/automake14/distinfo 1.5
- devel/automake14/patches/patch-ab 1.4
- devel/automake14/patches/patch-ac 1.1
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Jun 10 09:43:41 UTC 2011
Modified Files:
pkgsrc/devel/automake14: Makefile distinfo
pkgsrc/devel/automake14/patches: patch-ab
Added Files:
pkgsrc/devel/automake14/patches: patch-ac
Log Message:
Add fix for the vulnerability reported in CVE-2009-4029 taken from the
automake GIT repository.
|
|
textproc/libxml2 security update
Revisions pulled up:
- textproc/libxml2/Makefile 1.109
- textproc/libxml2/distinfo 1.83
- textproc/libxml2/patches/patch-ak 1.2
- textproc/libxml2/patches/patch-al 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Mon Jun 6 12:09:01 UTC 2011
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
pkgsrc/textproc/libxml2/patches: patch-ak
Added Files:
pkgsrc/textproc/libxml2/patches: patch-al
Log Message:
addmore patches from upstream:
-fix more potential problems on reallocation failures (CVE-2011-1944)
-Fix memory corruption
also replace an error handling which doesn't recover from
integer overflow
bump PKGREV
|
|
mail/dovecot2 security update
Revisions pulled up:
- mail/dovecot2/Makefile 1.9,1.11
- mail/dovecot2/PLIST 1.6-1.7
- mail/dovecot2/buildlink3.mk 1.4
- mail/dovecot2/distinfo 1.9-1.10
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 15 13:34:28 UTC 2011
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.0.12:
* doveadm: Added "move" command for moving mails between mailboxes.
* virtual: Added support for "+mailbox" entries that clear \Recent
flag from messages (default is to preserve them).
* dbox: Fixes to handling external attachments
* dsync: More fixes to avoid hanging with remote syncs
* dsync: Many other syncing/correctness fixes
* doveconf: v2.0.10 and v2.0.11 didn't output plugin {} section right
---
Module Name: pkgsrc
Committed By: adam
Date: Fri May 13 07:36:39 UTC 2011
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST buildlink3.mk distinfo
Log Message:
Changes 2.0.13:
* Added "doveadm index" command to add unindexed messages into
index/cache. If full text search is enabled, it also adds unindexed
messages to the fts database.
* added "doveadm director dump" command.
* pop3: Added support for showing messages in "POP3 order", which can
be different from IMAP message order. This can be useful for
migrations from other servers. Implemented it for Maildir as 'O'
field in dovecot-uidlist.
* doveconf: Fixed a wrong "subsection has ssl=yes" warning.
* mdbox purge: Fixed wrong warning about corrupted extrefs.
* sdbox: INBOX GUID changed when INBOX was autocreated, leading to
trouble with dsync.
* script-login binary wasn't actually dropping privileges to the
user/group/chroot specified by its service settings.
* Fixed potential crashes and other problems when parsing header names
that contained NUL characters.
|
|
|
|
lang/sun-jdk6: security update
lang/sun-jre6: security update
Revisions pulled up:
- lang/sun-jdk6/Makefile 1.22
- lang/sun-jdk6/PLIST 1.12
- lang/sun-jdk6/distinfo 1.13
- lang/sun-jdk6/files/common 1.3
- lang/sun-jre6/Makefile 1.29
- lang/sun-jre6/PLIST.linux-i386 1.22
- lang/sun-jre6/distinfo 1.16
- lang/sun-jre6/sfiles-i386.mk 1.5
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Jun 9 09:08:18 UTC 2011
Modified Files:
pkgsrc/lang/sun-jdk6: Makefile PLIST distinfo
pkgsrc/lang/sun-jdk6/files: common
pkgsrc/lang/sun-jre6: Makefile PLIST.linux-i386 distinfo sfiles-i386.mk
Log Message:
Update sun-{jre,jdk}6 to 6.0.26, aka 6u26.
Java SE 6 Update 26
* Olson Data 2011g
* Bug fixes
This release contains fixes for security vulnerabilities. For more
information, please see Oracle Java SE Critical Patch Update advisory:
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
Java SE 6 Update 25
* Olson Data 2011b
* Java Hotspot VM 20
* Performance Improvement to BigDecimal
* Performance Improvement to java.util.logging.LogRecord
* Bug Fixes
|
|
|
|
graphics/png security update.
Revisions pulled up:
- graphics/png/Makefile 1.132-1.137
- graphics/png/distinfo 1.78-1.84
- graphics/png/patches/patch-pngconf.h 0
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 5 12:47:56 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Removed Files:
pkgsrc/graphics/png/patches: patch-pngconf.h
Log Message:
Update to 1.5.2:
Version 1.5.2beta01 [February 13, 2011]
More -Wshadow fixes for older gcc compilers. Older gcc versions apparently
check formal parameters names in function declarations (as well as
definitions) to see if they match a name in the global namespace.
Revised PNG_EXPORTA macro to not use an empty parameter, to accommodate the
old VisualC++ preprocessor.
Turned on interlace handling in png_read_png().
Fixed gcc pendantic warnings.
Handle longjmp in Cygwin.
Fixed png_get_current_row_number() in the interlaced case.
Cleaned up ALPHA flags and transformations.
Implemented expansion to 16 bits.
Version 1.5.2beta02 [February 19, 2011]
Fixed mistake in the descriptions of user read_transform and write_transform
function prototypes in the manual. The row_info struct is png_row_infop.
Reverted png_get_current_row_number() to previous (1.5.2beta01) behavior.
Corrected png_get_current_row_number documentation
Fixed the read/write row callback documentation.
This documents the current behavior, where the callback is called after
every row with information pertaining to the next row.
Version 1.5.2beta03 [March 3, 2011]
Fixed scripts/makefile.vcwin32
Updated contrib/pngsuite/README to add the word "modify".
Define PNG_ALLOCATED to blank when _MSC_VER<1300.
Version 1.5.2rc01 [March 19, 2011]
Define remaining attributes to blank when MSC_VER<1300.
ifdef out mask arrays in pngread.c when interlacing is not supported.
Version 1.5.2rc02 [March 22, 2011]
Added a hint to try CPP=/bin/cpp if "cpp -E" fails in scripts/pnglibconf.mak
and in contrib/pngminim/*/makefile, eg., on SunOS 5.10, and removed "strip"
from the makefiles.
Fixed a bug (present since libpng-1.0.7) that makes png_handle_sPLT() fail
to compile when PNG_NO_POINTER_INDEXING is defined (Chubanov Kirill)
Version 1.5.2rc03 [March 24, 2011]
Don't include standard header files in png.h while building the symbol table,
to avoid cpp failure on SunOS (introduced PNG_BUILDING_SYMBOL_TABLE macro).
Version 1.5.2 [March 31, 2011]
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue May 3 09:07:35 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update to 1.5.3beta04 to fix a regression reported on tech-pkg (see beta03,
last entry).
Version 1.5.3beta01 [April 1, 2011]
Re-initialize the zlib compressor before compressing non-IDAT chunks.
Added API functions to set parameters for zlib compression of non-IDAT
chunks.
Version 1.5.3beta02 [April 3, 2011]
Updated scripts/symbols.def with new API functions.
Only compile the new zlib re-initializing code when text or iCCP is
supported, using PNG_WRITE_COMPRESSED_TEXT_SUPPORTED macro.
Improved the optimization of the zlib CMF byte (see libpng-1.2.6beta03).
Optimize the zlib CMF byte in non-IDAT compressed chunks
Version 1.5.3beta03 [April 16, 2011]
Fixed gcc -ansi -pedantic compile. A strict ANSI system does not have
snprintf, and the "__STRICT_ANSI__" detects that condition more reliably
than __STDC__ (John Bowler).
Removed the PNG_PTR_NORETURN attribute because it too dangerous. It tells
the compiler that a user supplied callback (the error handler) does not
return, yet there is no guarantee in practice that the application code
will correctly implement the error handler because the compiler only
issues a warning if there is a mistake (John Bowler).
Removed the no-longer-used PNG_DEPSTRUCT macro.
Updated the zlib version to 1.2.5 in the VStudio project.
Fixed 64-bit builds where png_uint_32 is smaller than png_size_t in
pngwutil.c (John Bowler).
Fixed bug with stripping the filler or alpha channel when writing, that
was introduced in libpng-1.5.2beta01 (bug report by Andrew Church).
Version 1.5.3beta04 [April 27, 2011]
Updated pngtest.png with the new zlib CMF optimization.
Cleaned up conditional compilation code and of background/gamma handling
Internal changes only except a new option to avoid compiling the
png_build_grayscale_palette API (which is not used at all internally.)
The main change is to move the transform tests (READ_TRANSFORMS,
WRITE_TRANSFORMS) up one level to the caller of the APIs. This avoids
calls to spurious functions if all transforms are disabled and slightly
simplifies those functions. Pngvalid modified to handle this.
A minor change is to stop the strip_16 and expand_16 interfaces from
disabling each other; this allows the future alpha premultiplication
code to use 16-bit intermediate values while still producing 8-bit output.
png_do_background and png_do_gamma have been simplified to take a single
pointer to the png_struct rather than pointers to every item required
from the png_struct. This makes no practical difference to the internal
code.
A serious bug in the pngvalid internal routine 'standard_display_init' has
been fixed - this failed to initialize the red channel and accidentally
initialized the alpha channel twice.
Changed png_struct jmp_buf member name from png_jmpbuf to tmp_jmpbuf to
avoid a clash with the png_jmpbuf macro on some platforms.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri May 6 07:19:23 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Changes 1.5.3beta05:
* Added the "_POSIX_SOURCE" feature test macro to ensure libpng sees the
correct API. _POSIX_SOURCE is defined in pngpriv.h, pngtest.c and
pngvalid.c to ensure that POSIX conformant systems disable non-POSIX APIs.
* Removed png_snprintf and added formatted warning messages. This change adds
internal APIs to allow png_warning messages to have parameters without
requiring the host OS to implement snprintf. As a side effect the
dependency of the tIME-supporting RFC1132 code on stdio is removed and
PNG_NO_WARNINGS does actually work now.
* Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte
optimization configureable.
* IDAT compression failed if preceded by a compressed text chunk (bug
introduced in libpng-1.5.3beta01-02). This was because the attempt to
reset the zlib stream in png_write_IDAT happened after the first IDAT
chunk had been deflated - much too late. In this change internal
functions were added to claim/release the z_stream and, hopefully, make
the code more robust. Also deflateEnd checking is added - previously
libpng would ignore an error at the end of the stream.
---
Module Name: pkgsrc
Committed By: obache
Date: Sun May 8 06:02:43 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Switch to use default EXTRACT_SUFX for distfile, .tar.gz is the only long term
provided archive for libpng beta release.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun May 8 09:09:20 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update to 1.5.3beta06:
Version 1.5.3beta06 [May 8, 2011]
Removed the -D_ALL_SOURCE from definitions for AIX in CMakeLists.txt
Implemented premultiplied alpha support: png_set_alpha_mode API
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun May 8 09:11:08 UTC 2011
Modified Files:
pkgsrc/graphics/png: distinfo
Log Message:
regen for targz change
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jun 8 06:58:59 UTC 2011
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update to 1.5.3rc02 for a security fix.
Version 1.5.3beta07 [May 11, 2011]
Added expand_16 support to the high level interface.
Added named value and 'flag' gamma support to png_set_gamma. Made a minor
change from the previous (unreleased) ABI/API to hide the exact value used
for Macs - it's not a good idea to embed this in the ABI!
Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
from pngpriv.h to png.h because they must be visible to applications
that call png_set_unknown_chunks().
Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
before IDAT.
Version 1.5.3beta08 [May 16, 2011]
Improved "pngvalid --speed" to exclude more of pngvalid from the time.
Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
parameters are supplied by the caller), while in the absence of cHRM
sRGB/Rec 709 values are still used.
The bKGD chunk no longer overwrites the background value set by
png_set_background(), allowing the latter to be used before the file
header is read. It never performed any useful function to override
the default anyway.
Added memory overwrite and palette image checks to pngvalid.c
Previously palette image code was poorly checked. Since the transformation
code has a special palette path in most cases this was a severe weakness.
Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
expanding an indexed image, always expand to RGBA if transparency is
present.
Version 1.5.3beta09 [May 17, 2011]
Reversed earlier 1.5.3 change of transformation order; move png_expand_16
back where it was. The change doesn't work because it requires 16-bit
gamma tables when the code only generates 8-bit ones. This fails
silently; the libpng code just doesn't do any gamma correction. Moving
the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
these are clearly better than none!
Version 1.5.3beta10 [May 20, 2011]
png_set_background() and png_expand_16() did not work together correctly.
This problem is present in 1.5.2; if png_set_background is called with
need_expand false and the matching 16 bit color libpng erroneously just
treats it as an 8-bit color because of where png_do_expand_16 is in the
transform list. This simple fix reduces the supplied colour to 8-bits,
so it gets smashed, but this is better than the current behavior.
Added tests for expand16, more fixes for palette image tests to pngvalid.
Corrects the code for palette image tests and disables attempts to
validate palette colors.
Version 1.5.3rc01 [June 3, 2011]
No changes.
Version 1.5.3rc02 [June 7, 2011]
Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
report by Frank Busse, related to CVE-2004-0421).
|
|
|
|
textproc/lua-expat: security update
chat/prosody: security update
Revisions pulled up:
- chat/prosody/Makefile 1.3 via patch
- chat/prosody/PLIST 1.2
- chat/prosody/distinfo 1.2
- chat/prosody/patches/patch-aa 1.2
- chat/prosody/patches/patch-ab 1.2
- chat/prosody/patches/patch-ac deleted
- chat/prosody/patches/patch-ad 1.2
- textproc/lua-expat/Makefile 1.16
- textproc/lua-expat/distinfo 1.5
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Sat Jun 4 23:13:40 UTC 2011
Modified Files:
pkgsrc/textproc/lua-expat: Makefile distinfo
Log Message:
Update textproc/lua-expat to 1.2.0.
Required for updating chat/prosody to 0.8.1, which helps handle the
"billion laughs" exploits on XML parsers and XMPP servers.
Change log as recorded in the README:
Version 1.2.0 [02/Jun/2011]
* support for the StartDoctypeDecl handler
* add parser:stop() to abort parsing inside a callback
---
Module Name: pkgsrc
Committed By: schnoebe
Date: Mon Jun 6 14:41:48 UTC 2011
Modified Files:
pkgsrc/chat/prosody: Makefile PLIST distinfo
pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
Removed Files:
pkgsrc/chat/prosody/patches: patch-ac
Log Message:
Update to prosody 0.8.1.
A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
|
|
|
|
security/openssl security fix
Revisions pulled up:
- security/openssl/Makefile 1.156
- security/openssl/distinfo 1.81
- security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue May 31 17:18:42 UTC 2011
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-crypto_ecdsa_ecs__ossl.c
Log Message:
Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]
(patch confirmed in upstream cvs)
|
|
|
|
net/wireshark security update
Revisions pulled up:
- net/wireshark/Makefile 1.64
- net/wireshark/distinfo 1.45
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Jun 1 07:21:53 UTC 2011
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.4.7. Changes since version 1.4.6:
- Bug Fixes
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o Large/infinite loop in the DICOM dissector. (Bug 5876)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Diameter dictionary file could
crash Wireshark.
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted snoop file could crash Wireshark.
(Bug 5912)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o David Maciejak of Fortinet's FortiGuard Labs discovered that
malformed compressed capture data could crash Wireshark. (Bug
5908)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
o Huzaifa Sidhpurwala of the Red Hat Security Response Team
discovered that a corrupted Visual Networks file could crash
Wireshark. (Bug 5934)
Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
- The following bugs have been fixed:
o AIM dissector has some endian issues. (Bug 5464)
o Telephony?MTP3?MSUS doesn't display window. (Bug 5605)
o Support for MS NetMon 3.x traces containing raw IPv6 ("Type
7") packets. (Bug 5817)
o Service Indicator in M3UA protocol data. (Bug 5834)
o IEC60870-5-104 protocol, incorrect decoding of timestamp type
CP56Time2a. (Bug 5889)
o DNP3 dissector incorrect constants AL_OBJ_FCTR_16NF
_FDCTR_32NF _FDCTR_16NF. (Bug 5920)
o 3GPP QoS: Traffic class is not decoded properly. (Bug 5928)
o Wireshark crashes when creating ProtoField.framenum in Lua.
(Bug 5930)
o Fix a wrong mask to extract FMID from DECT packets dissector.
(Bug 5947)
o Incorrect DHCPv6 remote identifier option parsing. (Bug 5962)
- Updated Protocol Support
DICOM, IEC104, M3UA, TCP,
- New and Updated Capture File Support
Network Monitor.
|
|
|
|
lang/ruby18-base security update
Revisions pulled up:
- lang/ruby18-base/Makefile 1.60-1.61
- lang/ruby18-base/distinfo 1.49
- lang/ruby18-base/patches/patch-ext_bigdecimal_bigdecimal.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 29 01:36:24 UTC 2011
Modified Files:
pkgsrc/lang/ruby18-base: Makefile
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ext_bigdecimal_bigdecimal.c
Log Message:
Add a patch for CVE-2011-0188 from repository as ruby19-base.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 30 04:21:38 UTC 2011
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Log Message:
It seems that I forgot update distinfo file.
Since it cause creating binary package which isn't up to date,
bump PKGREVISION, again.
|
|
|
|
www/drupal6: security update
Revisions pulled up:
- www/drupal6/Makefile 1.27
- www/drupal6/distinfo 1.20
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 28 11:45:51 UTC 2011
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update drupal6 pacakge to 6.21.
Drupal 6.21, 2011-05-25
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
http://drupal.org/node/1168756
|
|
|
|
www/wordpress security update
Revisions pulled up:
- www/wordpress/Makefile 1.19
- www/wordpress/distinfo 1.15
---
Module Name: pkgsrc
Committed By: morr
Date: Thu May 26 22:59:38 UTC 2011
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Security update to 3.1.3.
* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical
redirects. Props Verónica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of
Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security
settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce "clickjacking" protection in modern browsers on admin and
login pages.
|
|
net/bind97 security update
Revisions pulled up:
- net/bind97/Makefile 1.7
- net/bind97/distinfo 1.7
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 27 06:46:26 UTC 2011
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
Update bind97 package to 9.7.3pl1 (9.7.3-P1).
--- 9.7.3-P1 released ---
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
|
|
net/bind98 security update
Revisions pulled up:
- net/bind98/Makefile 1.3
- net/bind98/distinfo 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 27 06:45:31 UTC 2011
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
Update bind98 package to 9.8.0pl2(9.8.0-P2)
--- 9.8.0-P2 released ---
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
|
|
|
|
net/tinyfugue: build fix
Revisions pulled up:
- net/tinyfugue/distinfo 1.11
- net/tinyfugue/patches/patch-ab 1.7
---
Module Name: pkgsrc
Committed By: mspo
Date: Tue May 24 23:54:59 UTC 2011
Modified Files:
pkgsrc/net/tinyfugue: distinfo
pkgsrc/net/tinyfugue/patches: patch-ab
Log Message:
fix issue with double dollar-sign in patch-ab
|
|
|
|
|
|
devel/apr: security patch
Revisions pulled up:
- devel/apr/Makefile 1.63
- devel/apr/distinfo 1.31
- devel/apr/patches/patch-aa 1.5
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri May 20 09:23:16 UTC 2011
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Added Files:
pkgsrc/devel/apr/patches: patch-aa
Log Message:
add patch from upstream tp fix a regression in the last release
which could cause hangs
bump PKGREV
|
|
|
|
security/openssh: bug fix update
Revisions pulled up:
- security/openssh/Makefile 1.201-1.202
- security/openssh/files/sshd.sh 1.12-1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 16 05:06:49 UTC 2011
Modified Files:
pkgsrc/security/openssh: Makefile
pkgsrc/security/openssh/files: sshd.sh
Log Message:
Maintenance of openssh pacakge:
1. Add support for check and create ECDSA host key for SSH protocol
version 2.
2. Disable use of strnvis(3) on NetBSD. NetBSD current after 2011/03/12
has strnvis(3), but it has different argument from OpenBSD (and other
system).
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 17 03:26:52 UTC 2011
Modified Files:
pkgsrc/security/openssh: Makefile
pkgsrc/security/openssh/files: sshd.sh
Log Message:
Don't always try to create ecdsa key which depends on OpenSSL's version.
Bump PKGREVISION.
|
|
|
|
net/isc-dhcp4 build fix
Revisions pulled up:
- net/isc-dhcp4/Makefile.common 1.10
---
Module Name: pkgsrc
Committed By: bouyer
Date: Tue May 17 15:12:29 UTC 2011
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile.common
Log Message:
isc-dhcp*4 wants gmake to build; add it to USE_TOOLS
|
|
|
|
lang/pear security update
Revisions pulled up:
- lang/pear/Makefile 1.17
- lang/pear/distinfo 1.9
- lang/pear/patches/patch-PEAR_REST.php 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 16 13:05:01 UTC 2011
Modified Files:
pkgsrc/lang/pear: Makefile distinfo
Added Files:
pkgsrc/lang/pear/patches: patch-PEAR_REST.php
Log Message:
Add a patch to fix CVE-2011-1144 (and a few bug fixes).
Bump PKGREVISION.
|
|
lang/php53 security update
Revisions pulled up:
- lang/php53/Makefile 1.9
- lang/php53/distinfo 1.14
- lang/php53/patches/patch-ext_standard_string.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 16 13:08:45 UTC 2011
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-ext_standard_string.c
Log Message:
Add a patch to fix for CVE-2011-1148 (and more bugfix) from PHP's repository.
Bump PKGREVISION.
|
|
|
|
security/openssh security update
Revisions pulled up:
- security/openssh/Makefile 1.200
- security/openssh/distinfo 1.80
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 15 04:17:15 UTC 2011
Modified Files:
pkgsrc/security/openssh: Makefile distinfo
Log Message:
Update openssh package to 5.8.2 (5.8p2).
20110403
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Prepare for 5.8p2 release.
- (djm) [version.h] crank version
- Release 5.8p2
20110329
- (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
noticed by tmraz AT redhat.com
20110221
- (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
Cygwin-specific service installer script ssh-host-config. The actual
functionality is the same, the revisited version is just more
exact when it comes to check for problems which disallow to run
certain aspects of the script. So, part of this script and the also
rearranged service helper script library "csih" is to check if all
the tools required to run the script are available on the system.
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
20110206
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
selinux code. Patch from Leonardo Chiquitto
- (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
generation and simplify. Patch from Corinna Vinschen.
|