summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-10-28Pullup ticket #4249 - requested by tacatron3-10/+10
mail/roundcube: security update Revisions pulled up: - mail/roundcube/Makefile 1.60 - mail/roundcube/distinfo 1.34 - mail/roundcube/patches/patch-aa 1.11 --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 22 03:21:45 UTC 2013 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo pkgsrc/mail/roundcube/patches: patch-aa Log Message: Update roundcube to 0.9.5. This release contains fix for CVE-2013-6172. RELEASE 0.9.5 ------------- - Fix failing vCard import when email address field contains spaces (#1489386) - Fix default spell-check configuration after Google suspended their spell service - Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) - Fix iframe onload for upload errors handling (#1489379) - Fix address matching in Return-Path header on identity selection (#1489374) - Fix text wrapping issue with long unwrappable lines (#1489371) - Fixed mispelling: occured -> occurred (#1489366) - Fixed issues where HTML comments inside style tag would hang Internet Explorer - Fix setting domain in virtualmin password driver (#1489332) - Hide Delivery Status Notification option when smtp_server is unset (#1489336) - Display full attachment name using title attribute when name is too long to display (#1489320) - Fix attachment icon issue when rare font/language is used (#1489326) - Fix expanded thread root message styling after refreshing messages list (#1489327) - Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) - Fix error_reporting directive check (#1489323) - Fix de_DE localization of "About" label in Help plugin (#1489325)
2013-10-20Pullup ticket #4247.tron1-1/+3
2013-10-20Pullup ticket #4247 - requested by bsiegerttron4-25/+43
lang/gawk: build fix Revisions pulled up: - lang/gawk/Makefile 1.57 - lang/gawk/PLIST 1.20 - lang/gawk/distinfo 1.25 - lang/gawk/patches/patch-extension_configure 1.1 --- Module Name: pkgsrc Committed By: bsiegert Date: Sat Oct 19 19:47:39 UTC 2013 Modified Files: pkgsrc/lang/gawk: Makefile PLIST distinfo Added Files: pkgsrc/lang/gawk/patches: patch-extension_configure Log Message: Fix build on MirBSD. The gawk developers added code to skip building the extensions on MirBSD but inserted a syntax error. Also skip the extensions in the PLIST on MirBSD.
2013-10-16Pullup tickets #4245 #4246.tron1-1/+5
2013-10-16Pullup ticket #4246 - requested by joergtron1-2/+2
lang/python27: build fix Revisions pulled up: - lang/python27/Makefile 1.30 --- Module Name: pkgsrc Committed By: joerg Date: Tue Oct 15 20:46:41 UTC 2013 Modified Files: pkgsrc/lang/python27: Makefile Log Message: PowerPC64 is a 64bit platform.
2013-10-16Pullup ticket #4245 - requested by joergtron1-6/+10
devel/bmake: build fix Revisions pulled up: - devel/bmake/files/util.c 1.12 --- Module Name: pkgsrc Committed By: joerg Date: Mon Oct 14 23:19:10 UTC 2013 Modified Files: pkgsrc/devel/bmake/files: util.c Log Message: Workaround for bad Linux headers.
2013-10-12Pullup tickets #4242, #4243 and #4244.tron1-1/+7
2013-10-12Pullup ticket #4244 - requested by obachetron2-6/+6
www/py-genshi: security update Revisions pulled up: - www/py-genshi/Makefile 1.8 - www/py-genshi/distinfo 1.3 --- Module Name: pkgsrc Committed By: obache Date: Fri Oct 11 10:54:15 UTC 2013 Modified Files: pkgsrc/www/py-genshi: Makefile distinfo Log Message: Update genshi to 0.6.1. Version 0.6.1 http://svn.edgewall.org/repos/genshi/tags/0.6.1/ (Jan 27 2013, from branches/stable/0.6.x) * Security fix to enhance sanitizing of CSS in style attributes. Genshi's `HTMLSanitizer` disallows style attributes by default (this remains unchanged) and warns against such attacks in its documentation, but the provided CSS santizing is now less lacking (see #455). * Fix for error in how `HTMLFormFiller` would handle `textarea` elements if no value was not supplied form them. * The `HTMLFormFiller` now correctly handles check boxes and radio buttons with an empty `value` attribute. * Template `Context` objects now have a `.copy` method. * Added a simple `tox.ini` file for using tox to test against multiple verions of Python. * Fix for bug in `QName` comparison (see #413). * Fix for bug in handling of trailing events in match template matches (see #399). * Fix i18n namespace declaration in documentation (see #400). * Fix for bug in caching of events in serializers by no longer caching `(TEXT, Markup)` events (see #429). * Fix handling of `None` by `Markup.escape` in `_speedups.c` (see #439). * Fix handling of internal state by match templates (relevant when multiple templates match the same part of the stream, see #370). * Fix handling of multiple events between or on either side of start and end tags in translated messages (see #404). * Fix test failures caused by changes in HTMLParser in Python 2.7 (see #501). * Fix infinite loop in interplotation lexing that was introduced by a change in Python 2.7's tokenizer (see #540). * Fix handling of processing instructions without data (see #368). * Updated MANIFEST.in so as not to rely on build from Subersion 1.6.
2013-10-12Pullup ticket #4243 - requested by hetron2-6/+6
graphics/png: build fix Revisions pulled up: - graphics/png/Makefile 1.163 - graphics/png/distinfo 1.108 --- Module Name: pkgsrc Committed By: wiz Date: Mon Sep 30 18:17:03 UTC 2013 Modified Files: pkgsrc/graphics/png: Makefile distinfo Log Message: Update to 1.6.6: Version 1.6.6 [September 16, 2013] Removed two stray lines of code from arm/arm_init.c, again.
2013-10-12Pullup ticket #4242 - requested by tacatron2-6/+5
sysutils/ruby-rb-appscript: build fix Revisions pulled up: - sysutils/ruby-rb-appscript/Makefile 1.4 - sysutils/ruby-rb-appscript/PLIST 1.5 --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 1 15:24:02 UTC 2013 Modified Files: pkgsrc/sysutils/ruby-rb-appscript: Makefile PLIST Log Message: Fix build problem and clean up PLIST. Bump PKGREVISION.
2013-10-09Pullup ticket #4241.tron1-1/+3
2013-10-09Pullup ticket #4241 - requested by teztron3-3/+170
graphics/librsvg: security patch Revisions pulled up: - graphics/librsvg/Makefile 1.74 - graphics/librsvg/distinfo 1.26 - graphics/librsvg/patches/patch-CVE-2013-1881 1.1 --- Module Name: pkgsrc Committed By: tez Date: Thu Oct 3 13:39:13 UTC 2013 Modified Files: pkgsrc/graphics/librsvg: Makefile distinfo Added Files: pkgsrc/graphics/librsvg/patches: patch-CVE-2013-1881 Log Message: Fix for CVE-2013-1881 (SA55088) Modified (for portability) from https://git.gnome.org/browse/librsvg/patch/?id=f01aded72c38f0e18bc7ff67dee800e380251c8e
2013-10-09pullup 4240spz1-2/+3
2013-10-09Pullup ticket #4240 - requested by wizspz3-4/+78
x11/modular-xorg-server: security fix Revisions pulled up: - x11/modular-xorg-server/Makefile 1.81 - x11/modular-xorg-server/distinfo 1.52 - x11/modular-xorg-server/patches/patch-dix_dixfonts.c 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Tue Oct 8 20:33:54 UTC 2013 Modified Files: pkgsrc/x11/modular-xorg-server: Makefile distinfo Added Files: pkgsrc/x11/modular-xorg-server/patches: patch-dix_dixfonts.c Log Message: Fix CVE-2013-4396. From a4d9bf1259ad28f54b6d59a480b2009cc89ca623 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Mon, 16 Sep 2013 21:47:16 -0700 Subject: [PATCH] Avoid use-after-free in dix/dixfonts.c: doImageText() Save a pointer to the passed in closure structure before copying it and overwriting the *c pointer to point to our copy instead of the original. If we hit an error, once we free(c), reset c to point to the original structure before jumping to the cleanup code that references *c. Since one of the errors being checked for is whether the server was able to malloc(c->nChars * itemSize), the client can potentially pass a number of characters chosen to cause the malloc to fail and the error path to be taken, resulting in the read from freed memory. Since the memory is accessed almost immediately afterwards, and the X server is mostly single threaded, the odds of the free memory having invalid contents are low with most malloc implementations when not using memory debugging features, but some allocators will definitely overwrite the memory there, leading to a likely crash. Reported-by: Pedro Ribeiro <pedrib@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.80 -r1.81 pkgsrc/x11/modular-xorg-server/Makefile cvs rdiff -u -r1.51 -r1.52 pkgsrc/x11/modular-xorg-server/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/x11/modular-xorg-server/patches/patch-dix_dixfonts.c
2013-10-05pullup 4237spz1-1/+3
2013-10-05Pullup ticket #4237 - requested by obachespz2-5/+6
www/ap2-subversion: functionality fix Revisions pulled up: - www/ap2-subversion/Makefile 1.60 - www/ap2-subversion/PLIST 1.6 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: obache Date: Sat Oct 5 12:41:57 UTC 2013 Modified Files: pkgsrc/www/ap2-subversion: Makefile PLIST Log Message: Let to install modules into apache libexecdir, same as 1.7.x. fixes PR pkg/48273 Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/ap2-subversion/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/ap2-subversion/PLIST
2013-10-05pullups 4238 and 4239spz1-1/+6
2013-10-05Pullup ticket #4239 - requested by wizspz2-6/+6
security/gnupg2: security update Revisions pulled up: - security/gnupg2/Makefile 1.48 - security/gnupg2/distinfo 1.29 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Oct 5 13:20:03 UTC 2013 Modified Files: pkgsrc/security/gnupg2: Makefile distinfo Log Message: Update to 2.0.22: Noteworthy changes in version 2.0.22 (2013-10-04) ------------------------------------------------- * Fixed possible infinite recursion in the compressed packet parser. [CVE-2013-4402] * Improved support for some card readers. * Prepared building with the forthcoming Libgcrypt 1.6. * Protect against rogue keyservers sending secret keys. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 pkgsrc/security/gnupg2/Makefile cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/gnupg2/distinfo
2013-10-05Pullup ticket #4238 - requested by wizspz2-6/+6
security/gnupg: security update Revisions pulled up: - security/gnupg/Makefile 1.121 - security/gnupg/distinfo 1.62 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Oct 5 13:19:51 UTC 2013 Modified Files: pkgsrc/security/gnupg: Makefile distinfo Log Message: Update to 1.4.15: Noteworthy changes in version 1.4.15 (2013-10-04) ------------------------------------------------- * Fixed possible infinite recursion in the compressed packet parser. [CVE-2013-4402] * Protect against rogue keyservers sending secret keys. * Use 2048 bit also as default for batch key generation. * Minor bug fixes. To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 pkgsrc/security/gnupg/Makefile cvs rdiff -u -r1.61 -r1.62 pkgsrc/security/gnupg/distinfo
2013-09-30Add CHANGES file for branch.wiz1-0/+7
2013-09-30Fix build problem on Mac OS X.taca1-1/+8
No PKGREVISION bump since this fixes simply PLIST problem on Mac OS X.
2013-09-30Note comment and add link to upstream fix.obache2-3/+6
2013-09-30Updated security/cyrus-saslauthd to 2.1.26nb2obache1-1/+2
2013-09-30Take patch for CVE-2013-4122 from upstream git repo.obache3-4/+11
Bump PKGREVISION of cyrus-saslauthd.
2013-09-30Add missing entry of pixmaps icon *.png file. I am afraid this problemmef1-1/+2
can not be detected by pbulk packaging. The PATH for the icon may not be correct, but this is where upstream places it (please correct me if unappropriate, thanks).
2013-09-30sync the fix with upstream.obache2-11/+20
2013-09-30Updated lang/openjdk7 to 1.7.25nb2ryoon1-1/+2
2013-09-30Bump PKGREVISION.ryoon3-16/+3
* Revert previous (PR pkg/48246), it breaks wip/libreoffice4 build. It measn something goes wrong. More investigation is needed.
2013-09-30Note update of these packages to fix CVE-2013-4363.taca1-1/+4
misc/rubygems 2.0.10 lang/ruby193-base 1.9.3p448nb5 lang/ruby200-base 2.0.0p247nb2
2013-09-30Update a patch for CVE-2013-4363 (previous CVE-2013-4287).taca6-16/+20
Bump PKGREVISION.
2013-09-30Update rubygems package to 2.0.10. This is security fix for CVE-2013-4363.taca2-6/+6
=== 2.0.10 / 2013-09-24 Security fixes: * RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4363 for full details including vulnerable APIs. Fixed versions include 2.1.5, 2.0.10, 1.8.27 and 1.8.23.2 (for Ruby 1.9.3). === 2.0.9 / 2013-09-13 Bug fixes: * Gem fetch now fetches the newest (not oldest) gem when --version is given. Issue #643 by Brian Shirai. * Fixed credential creation for `gem push` when `--host` is not given. Pull request #622 by Arthur Nogueira Neves
2013-09-29Be explicit about whether std or boost exception is meant, assume thejoerg6-1/+152
former.
2013-09-29Avoid conflicts with complex functions.joerg3-1/+27
2013-09-29Continue on unused constants for Clang.joerg1-2/+2
2013-09-29Fix install stage error observed on SmartOS.ryoon2-5/+8
2013-09-29Note update of www/contao31 package to 3.1.2nb1.taca1-1/+2
2013-09-29Add a patch for serious problem with updater.taca4-7/+25
Bump PKGREVISION.
2013-09-28Updated devel/jenkins to 1.509.3ryoon1-1/+2
2013-09-28Update to 1.509.3ryoon2-6/+6
Changelog: What's new in 1.509.3 (2013/09/09) Standalone install does not work with Apache + mod_proxy_ajp + SSL (issue 5753) Reload configuration from disk no longer works after upgrade to Jenkins 1.512. (issue 17977) Build Now link on MultiJob page doesn't work (issue 16974) Add descriptions for custom tools (issue 18771) Lazy loading causes massive delays after a period of inactivity when loading dashboard (issue 16023) NPE running matrix job (issue 18024) LastSuccessful and LastStable symlinks are invalid under Windows (issue 17681) IllegalStateException from MavenProject.getParent can break MavenFingerprinter.recordParents (issue 17775) NPE (isEmpty) from main.groovy (issue 15309) DependencyClassLoader#getTransitiveDependencies returns disabled plugins (issue 18654) parameter description don't use MarkupFormatter (issue 18427) Incompatible signature change in 1.489: AbstractProject.doBuild (issue 18356) Display Name is not shown (issue 17715) Fingerprint throws exceptions on 1.518 (issue 18337) FingerprintAction deserialization leads to NPE (issue 17125) update view via REST API doesn't work (issue 17302) MavenModuleSetBuild.getResult is expensive (issue 18895) Builds disappear from jobs - hudson.util.IOException2: Invalid directory name - java.text.ParseException: Unparseable date: "39" (issue 15587) Outdated JRuby libs (issue 14351) Fingerprint performance (issue 16301) 10,000+ jobs tied to a label make Node index page unusably unresponsive (issue 18660) "Delete Project" link fails with 403 Exception: No valid crumb was included in the request (issue 18032) Manually uploaded plugins are incorrectly unpacked (issue 4543) Decorated Launcher Does Not Maintain "isUnix" for RemoteLauncher (issue 18368) Test harness packs copies of Maven into plugin archive (issue 18918) All Maven 2 builds fail with java.lang.NoSuchMethodError DigestUtils.md5Hex (issue 18178)
2013-09-28Updated www/seamonkey-l10n to 2.21ryoon1-1/+2
2013-09-28Update to 2.21ryoon3-136/+136
* Sync with seamonkey-2.21
2013-09-28Updated www/seamonkey to 2.21ryoon1-1/+2
2013-09-28Update to 2.21ryoon105-2247/+1479
Changelog: SeaMonkey-specific changes Implemented an option to thread messages received by date. Allowed deletion of news posts by default. Implemented optional taskbar preview-per-tab. Added support (permission prompt) for desktop notifications. Added Isn't operator for searching by Priority. See the changes page for a more complete overview. Mozilla platform changes Support for new scrollbar style on Mac OS X 10.7 and newer. Accessibility related improvements on using pinned tabs (bug 577727). Major SVG rendering improvements around Image tiling and scaling (bug 600207). Removed support for sherlock files that are loaded from application or profile directory. Support for W3C touch events disabled (bug 888304). Fixed several stability issues. Fixed in SeaMonkey 2.21 MFSA 2013-92 GC hazard with default compartments and frame chain restoration MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object MFSA 2013-90 Memory corruption involving scrolling MFSA 2013-89 Buffer overflow with multi-column, lists, and floats MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes MFSA 2013-85 Uninitialized data in IonMonkey MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption MFSA 2013-81 Use-after-free with select element MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
2013-09-28Follow default mysql version change.ryoon1-2/+2
2013-09-28Updated net/mikutter to 0.2.2.1373obache1-1/+2
2013-09-28Update mikutter to 0.2.2.1373.obache3-7/+8
* Prevent to show "Retweet" command for protected account * Change permanent link for tweets in Activity tab. * Add icon for Activity.
2013-09-28Note update of the "phpmyadmin" package to version 4.0.7.tron1-1/+2
2013-09-28Update "phpmyadmin" package to version 4.0.7. Changes since 4.0.6:tron2-6/+6
- bug #3993 Sorting in database overview with statistics doesn't work - bug Handle the situation where PHP_SELF is not set - bug #4080 Overwrite existing file not obeyed - bug #3929 Database-specific privileges are not copied when cloning user - bug #3997 Error handling in case MySQL extension is missing - bug #4089 Moving Columns will alter column definition - bug #4091 Insert ignore option does not work - bug #4090 Downloading BLOB downloads page template - bug #4092 Clicking on table name in view of information_schema redirects to wrong page - bug #4079 Copy Table Add AUTO_INCREMENT value checkbox not working - bug #4088 MySQL server version at index.php incorrect w/ controlhost - bug #4001 Import error: Class 'ImportOds' not found - bug #3986 Missing DROP VIEW button Approved by Thomas Klausner.
2013-09-28disable maintainer mode for internal glib2, same as devel/glib2.obache1-1/+2
2013-09-28Updated www/firefox17-l10n to 17.0.9ryoon1-1/+2