| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
mail/spamassassin: bug fix
Revisions pulled up:
- mail/spamassassin/Makefile 1.115
- mail/spamassassin/distinfo 1.63
- mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Oct 1 11:37:31 UTC 2014
Modified Files:
pkgsrc/mail/spamassassin: Makefile distinfo
Added Files:
pkgsrc/mail/spamassassin/patches:
patch-lib_Mail_SpamAssassin_DnsResolver.pm
Log Message:
Make the DNSRBL based plug-ins work with version 0.76 or newer of the
"p5-Net-DNS" package. Patch taken from the SVN repository.
To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 pkgsrc/mail/spamassassin/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/mail/spamassassin/distinfo
cvs rdiff -u -r0 -r1.3 \
pkgsrc/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm
|
|
|
|
lang/perl5: security patch
Revisions pulled up:
- lang/perl5/Makefile 1.230
- lang/perl5/distinfo 1.123
- lang/perl5/patches/patch-dist_Data-Dumper_Dumper.pm 1.1
- lang/perl5/patches/patch-dist_Data-Dumper_Dumper.xs 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Mon Sep 29 11:36:02 UTC 2014
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-dist_Data-Dumper_Dumper.pm
patch-dist_Data-Dumper_Dumper.xs
Log Message:
Minimally invasive fix for CVE-2014-4330, also known as
https://www.lsexperts.de/advisories/lse-2014-06-10.txt,
a stack overflow vulnerability in Data::Dumper
Patches taken from
http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304,
to be removed when updating to 5.20.1 (or later).
perl-5.20.0nb2 is fit for pkg_add -u replacement of perl-5.20.0nb1
|
|
|
|
sysutils/xenkernel42: security patch
Revisions pulled up:
- sysutils/xenkernel42/Makefile 1.8
- sysutils/xenkernel42/distinfo 1.6
- sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1
- sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1
- sysutils/xentools42/Makefile 1.23
- sysutils/xentools42/distinfo 1.12
---
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Sep 26 10:39:32 UTC 2014
Modified Files:
pkgsrc/sysutils/xenkernel42: Makefile distinfo
pkgsrc/sysutils/xentools42: distinfo
Added Files:
pkgsrc/sysutils/xenkernel42/patches:
patch-xen_arch_x86_mm_shadow_common.c
patch-xen_arch_x86_x86_emulate_x86_emulate.c
Log Message:
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
---
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Sep 26 10:40:45 UTC 2014
Modified Files:
pkgsrc/sysutils/xentools42: Makefile
Log Message:
Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
|
|
sysutils/xenkernel41: security patch
Revisions pulled up:
- sysutils/xenkernel41/Makefile 1.39
- sysutils/xenkernel41/distinfo 1.30
- sysutils/xenkernel41/patches/patch-CVE-2014-7154 1.1
- sysutils/xenkernel41/patches/patch-CVE-2014-7155 1.1
- sysutils/xenkernel41/patches/patch-CVE-2014-7156 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Fri Sep 26 10:45:00 UTC 2014
Modified Files:
pkgsrc/sysutils/xenkernel41: Makefile distinfo
Added Files:
pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2014-7154
patch-CVE-2014-7155 patch-CVE-2014-7156
Log Message:
Add patch for:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
of software interrupts
bump PKGREVISION
|
|
|
|
shells/bash: security patch
Revisions pulled up:
- shells/bash/Makefile 1.65
- shells/bash/distinfo 1.32
- shells/bash/patches/patch-parse.y 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Sep 25 14:02:34 UTC 2014
Modified Files:
pkgsrc/shells/bash: Makefile distinfo
Added Files:
pkgsrc/shells/bash/patches: patch-parse.y
Log Message:
Add fix for CVE-2014-7169.
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 pkgsrc/shells/bash/Makefile
cvs rdiff -u -r1.31 -r1.32 pkgsrc/shells/bash/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/shells/bash/patches/patch-parse.y
|
|
|
|
databases/phpmyadmin: security update
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.134
- databases/phpmyadmin/PLIST 1.39
- databases/phpmyadmin/distinfo 1.91
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue Sep 23 13:47:31 UTC 2014
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update "phpmyadmin" package to version 4.2.9.
The following bugs have been fixed since version 4.2.7.1:
- bug ajax.js responseHandler: cannot read property of null
- bug sql.js: str is undefined
- bug #4524 Allow for direct selection of "0" on the "user overview" page
- bug #4529 Undefined index: pos
- bug #4523 tbl_change.js: insert as new row submit type on multiple
selected records does not set all AUTO_INCREMENTs to 0 value
- bug ajax.js responseHandler: another "cannot read property"
- bug tbl_structure.js "cannot read property"
- bug #4530 [security] DOM based XSS that results to a CSRF that creates a
ROOT account in certain conditions
- bug #4516 Odd export behavior
- bug #4519 Uncaught TypeError: Cannot read property 'success' of null
- bug #4520 sql.js: cannot read property
- bug #4521 Initially allowed chart types do not match selected data
- bug #4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT ignored
- bug #4522 Duplicate column names while assigning index
- bug #4487 Export of partitioned table does not import
- bug server_privileges.js: cannot read property
- bug #4527 Importing ODS files with column names having trailing spaces fa=
ils
- bug #4413 Navigation Error in Nav Tree for Search Results Past the First =
Page
- bug functions.js: Cannot read property 'replace' of undefined
To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/databases/phpmyadmin/PLIST
cvs rdiff -u -r1.90 -r1.91 pkgsrc/databases/phpmyadmin/distinfo
|
|
shells/bash: security update
NOTE: this version is still vulnerable to CVE-2014-7169
Revisions pulled up:
- shells/bash/Makefile 1.64
- shells/bash/distinfo 1.31
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Sep 24 15:24:35 UTC 2014
Modified Files:
pkgsrc/shells/bash: Makefile distinfo
Log Message:
Add all current upstream bash patches including 025, which fixes
a security issue. Version number bumped in the usual way.
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 pkgsrc/shells/bash/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/shells/bash/distinfo
|
|
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.125
- net/wireshark/distinfo 1.77
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Sep 17 22:32:18 UTC 2014
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.10.10. Changes since 1.10.9:
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-12
RTP dissector crash. (Bug 9920) CVE-2014-6421
CVE-2014-6422
* wnpa-sec-2014-13
MEGACO dissector infinite loop. (Bug 10333)
CVE-2014-6423
* wnpa-sec-2014-14
Netflow dissector crash. (Bug 10370) CVE-2014-6424
* wnpa-sec-2014-17
RTSP dissector crash. (Bug 10381) CVE-2014-6427
* wnpa-sec-2014-18
SES dissector crash. (Bug 10454) CVE-2014-6428
* wnpa-sec-2014-19
Sniffer file parser crash. (Bug 10461)
CVE-2014-6429 CVE-2014-6430 CVE-2014-6431
CVE-2014-6432
- The following bugs have been fixed:
* Wireshark can crash during remote capture (rpcap)
configuration. (Bug 3554, Bug 6922,
ws-buglink:7021)
* MIPv6 Service Selection Identifier parse error. (Bug
10323)
* 802.11 BA sequence number decode is broken. (Bug 10334)
* TRILL NLPID 0xc0 unknown to Wireshark. (Bug 10382)
* Wrong decoding of RPKI RTR End of Data PDU. (Bug 10411)
* Misparsed NTP control assignments with empty values.
(Bug 10417)
* 6LoWPAN multicast address decompression problems. (Bug
10426)
* GUI Hangs when Selecting Path to GeoIP Files. (Bug
10434)
* 6LoWPAN context handling not working. (Bug 10443)
* SIP: When export to a CSV, Info is changed to differ.
(Bug 10453)
* Typo in packet-netflow.c. (Bug 10458)
* UCP dissector bug of operation 30 - data not decoded.
(Bug 10464)
- Updated Protocol Support
6LoWPAN, DVB-CI, IEEE 802.11, MEGACO, MIPv6, Netflow, NTP, OSI,
RPKI RTR, RTP, RTSP, SES, SIP, and UCP
- New and Updated Capture File Support
DOS Sniffer, and NetScaler
To generate a diff of this commit:
cvs rdiff -u -r1.124 -r1.125 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.76 -r1.77 pkgsrc/net/wireshark/distinfo
|
|
|
|
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.102
- www/apache22/distinfo 1.60
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Sep 9 08:11:48 UTC 2014
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Log Message:
Changes 2.4.10
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
with a threaded MPM.
*) SECURITY: CVE-2014-3523 (cve.mitre.org)
Fix a memory consumption denial of service in the WinNT MPM (used in all Windows
installations). Workaround: AcceptFilter <protocol> {none|connect}
*) SECURITY: CVE-2014-0226 (cve.mitre.org)
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow.
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst.
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
*) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077).
*) mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer").
*) mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port.
*) core: Include any error notes set by modules in the canned error
response for 403 errors.
*) mod_ssl: Set an error note for requests rejected due to
SSLStrictSNIVHostCheck.
*) mod_ssl: Fix issue with redirects to error documents when handling
SNI errors.
*) mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys.
*) mod_dav: Fix improper encoding in PROPFIND responses.
*) WinNT MPM: Improve error handling for termination events in child.
*) mod_proxy: When ping/pong is configured for a worker, don't send or
forward "100 Continue" (interim) response to the client if it does
not expect one.
*) mod_ldap: Be more conservative with the last-used time for
LDAPConnectionPoolTTL.
*) mod_ldap: LDAP connections used for authn were not respecting
LDAPConnectionPoolTTL.
*) mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.
*) event MPM: Fix possible crashes (third-party modules accessing c->sbh)
or occasional missed mod_status updates under load.
*) mod_authnz_ldap: Support primitive LDAP servers do not accept
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
filter "none" to be specified in AuthLDAPURL.
*) mod_deflate: Fix inflation of files larger than 4GB.
*) mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks.
*) mod_proxy: Allow reverse-proxy to be set via explicit handler.
*) ab: support custom HTTP method with -m argument.
*) mod_proxy_balancer: Correctly encode user provided data in management
interface.
*) mod_proxy_fcgi: Support iobuffersize parameter.
*) mod_auth_form: Add a debug message when the fields on a form are not
recognised.
*) mod_cache: Preserve non-cacheable headers forwarded from an origin 304
response.
*) mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:"
scheme.
*) mod_socache_shmcb: Correct counting of expirations for status display.
Expirations happening during retrieval were not counted.
*) mod_cache: Retry unconditional request with the full URL (including the
query-string) when the origin server's 304 response does not match the
conditions used to revalidate the stale entry.
*) mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment
variables as a result of AliasMatch.
*) mod_cache: Don't add cached/revalidated entity headers to a 304 response.
*) mod_proxy_scgi: Support Unix sockets. ap_proxy_port_of_scheme():
Support default SCGI port (4000).
*) mod_cache: Fix AH00784 errors on Windows when the the CacheLock directive
is enabled.
*) mod_expires: don't add Expires header to error responses (4xx/5xx),
be they generated or forwarded.
*) mod_proxy_fcgi: Don't segfault when failing to connect to the backend.
(regression in 2.4.9 release)
*) mod_authn_socache: Fix crash at startup in certain configurations.
*) mod_ssl: restore argument structure for "exec"-type SSLPassPhraseDialog
programs to the form used in releases up to 2.4.7, and emulate
a backwards-compatible behavior for existing setups.
*) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
OCSP requests should use a nonce to be checked against the responder's
one.
*) mod_ssl: "SSLEngine off" will now override a Listen-based default
and does disable mod_ssl for the vhost.
*) mod_lua: Enforce the max post size allowed via r:parsebody()
*) mod_lua: Use binary comparison to find boundaries for multipart
objects, as to not terminate our search prematurely when hitting
a NULL byte.
*) mod_ssl: add workaround for SSLCertificateFile when using OpenSSL
versions before 0.9.8h and not specifying an SSLCertificateChainFile
(regression introduced with 2.4.8).
*) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts,
and limit startup warnings to cases where an OpenSSL version
without TLS extension support is used.
*) mod_proxy_html: Avoid some possible memory access violation in case of
specially crafted files, when the ProxyHTMLMeta directive is turned on.
*) mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified.
*) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
(and logging garbled file names).
*) mod_ssl: fix merging of global and vhost-level settings with the
SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
directives.
*) mod_headers: Allow the "value" parameter of Header and RequestHeader to
contain an ap_expr expression if prefixed with "expr=".
*) rotatelogs: Avoid creation of zombie processes when -p is used on
Unix platforms.
*) mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.
*) mod_proxy: Do not try to parse the regular expressions passed by
ProxyPassMatch as URL as they do not follow their syntax.
*) mod_reqtimeout: Resolve unexpected timeouts on keepalive requests
under the Event MPM.
*) mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters.
*) mod_proxy_html: Do not delete the wrong data from HTML code when a
"http-equiv" meta tag specifies a Content-Type behind any other
"http-equiv" meta tag.
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs.
*) Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes. (Should be implemented
for any third-party async MPMs.)
*) mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
hangups from websockets origin servers.
*) mod_proxy_wstunnel: Don't pool backend websockets connections,
because we need to handshake every time.
*) mod_lua: Redesign how request record table access behaves,
in order to utilize the request record from within these tables.
*) mod_lua: Add r:wspeek for peeking at WebSocket frames.
*) mod_lua: Log an error when the initial parsing of a Lua file fails.
*) mod_lua: Reformat and escape script error output.
*) mod_lua: URL-escape cookie keys/values to prevent tainted cookie data
from causing response splitting.
*) mod_lua: Disallow newlines in table values inside the request_rec,
to prevent HTTP Response Splitting via tainted headers.
*) mod_lua: Remove the non-working early/late arguments for
LuaHookCheckUserID.
*) mod_lua: Change IVM storage to use shm
*) mod_lua: More verbose error logging when a handler function cannot be
found.
|
|
net/socat: security update
Revisions pulled up:
- net/socat/Makefile 1.32
- net/socat/distinfo 1.20
- net/socat/patches/patch-aa deleted
- net/socat/patches/patch-configure 1.2
- net/socat/patches/patch-mytypes.h 1.2
---
Module Name: pkgsrc
Committed By: rodent
Date: Sun Sep 7 23:24:56 UTC 2014
Modified Files:
pkgsrc/net/socat: Makefile distinfo
pkgsrc/net/socat/patches: patch-configure patch-mytypes.h
Removed Files:
pkgsrc/net/socat/patches: patch-aa
Log Message:
Update to latest stable, 1.7.2.4, which is supposed to resolve CVE-2014-0019.
patches/patch-aa seems to have been committed upstream. Passing readline
location to configure and fixing CCOPTS in Makefile.in seems to not be
necessary anymore. From CHANGES:
####################### V 1.7.2.4:
corrections:
LISTEN based addresses applied some address options, e.g. so-keepalive,
to the listening file descriptor instead of the connected file
descriptor
make failed after configure with non gcc compiler due to missing
include.
configure checked for --disable-rawsocket but printed
--disable-genericsocket in the help text.
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
Probably no impact.
procan could not cleanly format ulimit values longer than 16 decimal
digits. Thanks to Frank Dana for providing a patch that increases field
width to 24 digits.
OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
"Invalid argument"
Changed some variable definitions to make gcc -O2 aliasing checker happy
On big endian platforms with type long >32bit the range option applied a
bad base address.
Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Red Hat issue 1022063: out-of-range shifts on net mask bits
Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
uses
Red Hat issue 1021958: fixed a bug with faulty buffer/data length
calculation in xio-ascii.c:_xiodump()
Red Hat issue 1021972: fixed a missing NUL termination in return string
of sysutils.c:sockaddr_info() for the AF_UNIX case
fixed some typos and minor issues, including:
Red Hat issue 1021967: formatting error in manual page
UNIX-LISTEN with fork option did not remove the socket file system entry
when exiting. Other file system based passive address types had similar
issues or failed to apply options umask, user e.a.
porting:
Red Hat issue 1020203: configure checks fail with some compilers.
Use case: clang
Performed changes for Fedora release 19
Adapted, improved test.sh script
Red Hat issue 1021429: getgroupent fails with large number of groups;
use getgrouplist() when available instead of sequence of calls to
getgrent()
Red Hat issue 1021948: snprintf API change;
Implemented xio_snprintf() function as wrapper that tries to emulate C99
behaviour on old glibc systems, and adapted all affected calls
appropriately
Mike Frysinger provided a patch that supports long long for time_t,
socklen_t and a few other libc types.
Artem Mygaiev extended Cedril Priscals Android build script with pty code
The check for fips.h required stddef.h
Check for linux/errqueue.h failed on some systems due to lack of
linux/types.h inclusion.
autoconf now prefers configure.ac over configure.in
type of struct cmsghdr.cmsg is system dependend, determine it with
configure; some more print format corrections
docu:
libwrap always logs to syslog
added actual text version of GPLv2
####################### V 1.7.2.3:
security:
CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
overflow with data from command line (see socat-secadv5.txt)
|
|
net/haproxy: security update
Revisions pulled up:
- net/haproxy/Makefile 1.13-1.15
- net/haproxy/PLIST 1.5
- net/haproxy/distinfo 1.9-1.11
- net/haproxy/options.mk 1.1
- net/haproxy/patches/patch-aa 1.5
- net/haproxy/patches/patch-ab deleted
- net/haproxy/patches/patch-standard_h 1.1
---
Module Name: pkgsrc
Committed By: fhajny
Date: Mon Jul 14 15:30:10 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile PLIST distinfo
pkgsrc/net/haproxy/patches: patch-aa
Added Files:
pkgsrc/net/haproxy: options.mk
pkgsrc/net/haproxy/patches: patch-standard_h
Removed Files:
pkgsrc/net/haproxy/patches: patch-ab
Log Message:
Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib.
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
---
Module Name: pkgsrc
Committed By: fhajny
Date: Sun Jul 27 16:33:36 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update haproxy to 1.5.3.
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
---
Module Name: pkgsrc
Committed By: morr
Date: Fri Sep 12 21:37:38 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update to version 1.5.4.
Changes:
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
|
|
|
|
|
|
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.33
- multimedia/adobe-flash-plugin11/distinfo 1.31
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Sep 10 09:51:25 UTC 2014
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.406 fo APSB14-21.
|
|
|
|
devel/p5-subversion: security update
Revisions pulled up:
- devel/p5-subversion/Makefile 1.81
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Aug 13 09:09:57 UTC 2014
Modified Files:
pkgsrc/devel/p5-subversion: Makefile
Log Message:
Changes 1.8.10:
This release addresses two security issues:
CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
CVE-2014-3528: credentials cached with svn may be sent to wrong server.
|
|
emulators/suse131_base: security update
Revisions pulled up:
- emulators/suse131_base/Makefile 1.9 via patch
- emulators/suse131_base/distinfo 1.7
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Sep 11 09:28:51 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_base: Makefile distinfo
Log Message:
Bump suse131_base to nb5.
openSUSE Security Update: glibc
___________________________________________________________________________
___
Announcement ID: openSUSE-SU-2014:1115-1
Rating: important
References: #887022 #892073 #894553
Cross-References: CVE-2014-0475 CVE-2014-5119 CVE-2014-6040
Affected Products:
openSUSE 13.1
openSUSE 12.3
___________________________________________________________________________
___
An update that fixes three vulnerabilities is now available.
Description:
glibc was updated to fix three security issues:
- A directory traversal in locale environment handling was fixed
(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)
- Disable gconv transliteration module loading which could be used for
code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
bnc#894553, BZ #17325)
|
|
devel/java-subversion: security update
devel/p5-subversion: security update
devel/py-subversion: security update
devel/ruby-subversion: security update
devel/subversion-base: security update
www/ap2-subversion: security update
Revisions pulled up:
- devel/subversion-base/options.mk 1.14
- devel/subversion/Makefile 1.57
- devel/subversion/Makefile.version 1.70
- devel/subversion/distinfo 1.93
- devel/subversion/files/build-outputs.mk 1.24
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Aug 13 09:08:55 UTC 2014
Modified Files:
pkgsrc/devel/subversion: Makefile Makefile.version distinfo
pkgsrc/devel/subversion-base: options.mk
pkgsrc/devel/subversion/files: build-outputs.mk
Log Message:
Changes 1.8.10:
This release addresses two security issues:
CVE-2014-3522: ra_serf improper validation of wildcards in SSL certs.
CVE-2014-3528: credentials cached with svn may be sent to wrong server.
|
|
|
|
www/squid3: security update
Revisions pulled up:
- www/squid3/Makefile 1.34-1.36
- www/squid3/distinfo 1.22-1.23
- www/squid3/files/squid.sh 1.2
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 2 08:48:27 UTC 2014
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.4.6:
Docs: external_acl_type documentation lies for cache=n option
Non https connectiona on SSL-bump enabled port may stuck
Do not leak implicit ACLs during reconfigure.
Assure that when LruMap::memLimit_ is set to 0 no entries stored on LruMap
Portability: use 64-bit for X-Cache-Age header
Windows: fix various libip build issues
Windows: rename TcpLogger::connect
Windows: rename ConnOpener::connect
Change order of BSD-specific network includes so that they are properly picked up
Do not leak ex_data for SSL state that survived reconfigure.
Do not register the same Cache Manager action more than once
Fix leaked TcpAcceptor job on reconfiguration
Fix leak of ACLs related to adaptation access rules
Bug 4056: assertion MemPools[type] from netdbExchangeStart()
Bug 4065: round-robin neighbor selection with unequal weights
Bug 4050: Segfault in CommSelectEngine::checkEvents on helper response
Fix segfault setting up server SSL connnection
Regression: segfault logging with %tg format specifier
SourceFormat Enforcement
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Aug 28 16:52:02 UTC 2014
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log Message:
Changes 3.4.7:
kerberos_ldap_group: Fix 'error during setup of Kerberos credential cache'
Ignore Range headers with unidentifiable byte-range values
Use v3 for fake certificate if we add _any_ certificate extension.
Fix regression in rev.13156
Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
Enable compile-time override for MAXTCPLISTENPORTS
ntlm_sspi_auth: fix various build errors
negotiate_wrapper: vfork is not portable
Windows: fix iphlpapi.h include case-sensitivity
Windows: correct libsspwin32 API for SSP_LogonUser()
negotiate_sspi_auth: Portability fixes for MinGW
ext_lm_group_acl: portability fixes for MinGW
SourceFormat Enforcement
Bug 4080: worker hangs when client identd is not responding
Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC.
Reduce cache_effective_user was leaking $HOME memory
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Aug 29 11:13:46 UTC 2014
Modified Files:
pkgsrc/www/squid3: Makefile
pkgsrc/www/squid3/files: squid.sh
Log Message:
Get "/etc/rc.d/squid status" and "/etc/rc.d/squid restart" to work again
under NetBSD (and other platforms using "/etc/rc.subr"?).
Bump package revision because of this fix.
|
|
|
|
databases/phpmyadmin: security update
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.132-1.133
- databases/phpmyadmin/PLIST 1.38
- databases/phpmyadmin/distinfo 1.89-1.90
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 6 20:23:10 UTC 2014
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo
Log Message:
Update "phpmyadmin" package to version 4.2.7.
The following bugs have been fixed since version 4.2.6:
- bug Broken links on home page
- bug #4494 Overlap in navigation panel
- bug #4427 Action icons not in horizontal order
- bug #4493 s_attention.png is missing
- bug #4499 Uncaught TypeError: Cannot call method 'substr' of undefined
- bug #4498 PMA 4.2.x and HHVM
- bug #4500 mysql_doc_template is not defined
To generate a diff of this commit:
cvs rdiff -u -r1.131 -r1.132 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.37 -r1.38 pkgsrc/databases/phpmyadmin/PLIST
cvs rdiff -u -r1.88 -r1.89 pkgsrc/databases/phpmyadmin/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 27 21:25:44 UTC 2014
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 4.2.7.1.
The following bugs have been fixed since version 4.2.7:
- bug #4501 [security] XSS in table browse page
- bug #4502 [security] Self-XSS in enum value editor
- bug #4503 [security] Self-XSSes in monitor
- bug #4504 [security] Self-XSS in query charts
- bug #4505 [security] XSS in view operations page
- bug #4517 [security] XSS in relation view
To generate a diff of this commit:
cvs rdiff -u -r1.132 -r1.133 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.89 -r1.90 pkgsrc/databases/phpmyadmin/distinfo
|
|
|
|
|
|
lang/ruby21-base: security patch
Revisions pulled up:
- lang/ruby21-base/Makefile 1.6
- lang/ruby21-base/distinfo 1.7
- lang/ruby21-base/patches/patch-pack.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 25 03:28:25 UTC 2014
Modified Files:
pkgsrc/lang/ruby21-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby21-base/patches: patch-pack.c
Log Message:
Add fix for CVS-2014-4975.
Bump PKGREVISION.
|
|
lang/ruby200-base: security patch
Revisions pulled up:
- lang/ruby200-base/Makefile 1.12
- lang/ruby200-base/distinfo 1.15
- lang/ruby200-base/patches/patch-pack.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 25 03:27:37 UTC 2014
Modified Files:
pkgsrc/lang/ruby200-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby200-base/patches: patch-pack.c
Log Message:
Add fix for CVS-2014-4975.
Bump PKGREVISION.
|
|
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk patch
- lang/php55/Makefile 1.16
- lang/php55/distinfo 1.27-1.28
- lang/php55/patches/patch-aclocal.m4 1.2
- lang/php55/patches/patch-build_libtool.m4 1.2
- lang/php55/patches/patch-configure 1.8
- lang/php55/patches/patch-ext_gd_libgd_gdxpm.c deleted
- lang/php55/patches/patch-ext_spl_spl__array.c deleted
- lang/php55/patches/patch-ext_spl_spl__dllist.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 26 00:11:55 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
pkgsrc/lang/php55/patches: patch-aclocal.m4 patch-build_libtool.m4
patch-configure
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_spl_spl__array.c
patch-ext_spl_spl__dllist.c
Log Message:
Update php55 to 5.5.15.
24 Jul 2014, PHP 5.5.15
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67497 (eval with parse error causes segmentation fault in
generator). (Nikita)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- OPCache:
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
happen) (Dmitry, Laruence)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 23 16:09:21 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c
Log Message:
Update php55 to 5.5.16 (PHP 5.5.16).
21 Aug 2014, PHP 5.5.16
- COM:
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- FPM:
. Fixed bug #67635 (php links to systemd libraries without using pkg-config).
(pacho@gentoo.org, Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
|
|
lang/php54: security update
Revisions pulled up:
- lang/php/phpversion.mk patch
- lang/php54/Makefile 1.25
- lang/php54/distinfo 1.45-1.46
- lang/php54/patches/patch-aclocal.m4 1.2
- lang/php54/patches/patch-build_libtool.m4 1.2
- lang/php54/patches/patch-configure 1.9
- lang/php54/patches/patch-ext_gd_libgd_gdxpm.c deleted
- lang/php54/patches/patch-ext_spl_spl__array.c deleted
- lang/php54/patches/patch-ext_spl_spl__dllist.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 26 00:12:54 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile distinfo
pkgsrc/lang/php54/patches: patch-aclocal.m4 patch-build_libtool.m4
patch-configure
Log Message:
Update php54 to 5.4.31.
24 Jul 2014, PHP 5.4.31
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 23 16:07:24 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: distinfo
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
patch-ext_spl_spl__array.c patch-ext_spl_spl__dllist.c
Log Message:
Update php54 to 5.4.32 (PHP 5.4.32).
07 Aug 2014, PHP 5.4.32
- Core:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- COM:
. Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas)
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- Readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
- Zlib:
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
|
|
lang/perl5: build fix
Revisions pulled up:
- lang/perl5/distinfo 1.122
- lang/perl5/patches/patch-hints_netbsd.sh 1.9
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: mrg
Date: Tue Aug 12 05:41:39 UTC 2014
Modified Files:
pkgsrc/lang/perl5: distinfo
pkgsrc/lang/perl5/patches: patch-hints_netbsd.sh
Log Message:
adjust a pattern to match 0.8 vs everything else.
fixes build on netbsd-7, which was matching "not everything else"
To generate a diff of this commit:
cvs rdiff -u -r1.121 -r1.122 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/perl5/patches/patch-hints_netbsd.sh
|
|
mk/platform/Darwin.mk: build fix
Revisions pulled up:
- mk/platform/Darwin.mk 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Aug 17 08:32:32 UTC 2014
Modified Files:
pkgsrc/mk/platform: Darwin.mk
Log Message:
Don't use "/bin/ksh" as wrapper shell under Mac OS X Mavericks.
It frequently crashes, at least if you use parallel builds.
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/mk/platform/Darwin.mk
|
|
|
|
emulators/suse131_krb5: security update
Revisions pulled up:
- emulators/suse131_krb5/Makefile 1.2
- emulators/suse131_krb5/distinfo 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 22 09:01:56 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_krb5: Makefile distinfo
Log Message:
openSUSE Security Update: krb5
___________________________________________________________________________
___
Announcement ID: openSUSE-SU-2014:0977-1
Rating: low
References: #886016 #888697
Cross-References: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343
CVE-2014-4344
Affected Products:
openSUSE 13.1
openSUSE 12.3
___________________________________________________________________________
___
An update that fixes four vulnerabilities is now available.
Description:
The following security isses are fixed in this update:
CVE-2014-4341 CVE-2014-4342: denial of service flaws when handling RFC
1964 tokens (bnc#886016)
CVE-2014-4343 CVE-2014-4344: multiple flaws in SPNEGO (bnc#888697)
|
|
emulators/suse131_libtiff: security update
Revisions pulled up:
- emulators/suse131_libtiff/Makefile 1.2
- emulators/suse131_libtiff/distinfo 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 22 08:54:08 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_libtiff: Makefile distinfo
Log Message:
openSUSE Security Update: update for jbigkit
___________________________________________________________________________
___
Announcement ID: openSUSE-SU-2014:0978-1
Rating: moderate
References: #870855
Cross-References: CVE-2013-6369
Affected Products:
openSUSE 13.1
openSUSE 12.3
___________________________________________________________________________
___
An update that fixes one vulnerability is now available.
Description:
The following security issue is fixed in this update
- [bnc#870855] - CVE-2013-6369: jbigkit buffer overflow
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.32
- multimedia/adobe-flash-plugin11/distinfo 1.30
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 22 08:46:10 UTC 2014
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adoble-flash-plugin11 to 11.2.202.400 for APSB14-18.
|
|
emulators/suse131_openssl: security update
Revisions pulled up:
- emulators/suse131_openssl/Makefile 1.10
- emulators/suse131_openssl/distinfo 1.10
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 22 08:43:09 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl: Makefile distinfo
Log Message:
openSUSE Security Update: update for openssl
___________________________________________________________________________
___
Announcement ID: openSUSE-SU-2014:1052-1
Rating: moderate
References: #890764 #890765 #890766 #890767 #890768 #890769
#890770 #890771 #890772
Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507
CVE-2014-3508 CVE-2014-3509 CVE-2014-3510
CVE-2014-3511 CVE-2014-3512 CVE-2014-5139
Affected Products:
openSUSE 13.1
openSUSE 12.3
___________________________________________________________________________
___
An update that fixes 9 vulnerabilities is now available.
Description:
This openssl update fixes the following security issues:
- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)
|
|
graphics/py-Pillow: security update
Revisions pulled up:
- graphics/py-Pillow/Makefile 1.10-1.13
- graphics/py-Pillow/PLIST 1.5
- graphics/py-Pillow/distinfo 1.6-1.8
- graphics/py-Pillow/patches/patch-setup.py 1.3
---
Module Name: pkgsrc
Committed By: obache
Date: Sun Jul 6 12:15:53 UTC 2014
Modified Files:
pkgsrc/graphics/py-Pillow: Makefile PLIST distinfo
pkgsrc/graphics/py-Pillow/patches: patch-setup.py
Log Message:
Update Pillow to 2.5.0.
2.5.0 (2014-07-01)
------------------
- Imagedraw rewrite
[terseus, wiredfool]
- Add support for multithreaded test execution
[wiredfool]
- Prevent shell injection #748
[mbrown1413, wiredfool]
- Support for Resolution in BMP files #734
[gcq]
- Fix error in setup.py for Python 3
[matthew-brett]
- Pyroma fix and add Python 3.4 to setup metadata #742
[wirefool]
- Top level flake8 fixes #741
[aclark]
- Remove obsolete Animated Raster Graphics (ARG) support
[hugovk]
- Fix test_imagedraw failures #727
[cgohlke]
- Fix AttributeError: class Image has no attribute 'DEBUG' #726
[cgohlke]
- Fix msvc warning: 'inline' : macro redefinition #725
[cgohlke]
- Cleanup #654
[dvska, hugovk, wiredfool]
- 16-bit monochrome support for JPEG2000
[videan42]
- Fixed ImagePalette.save
[brightpisces]
- Support JPEG qtables
[csinchok]
- Add binary morphology addon
[dov, wiredfool]
- Decompression bomb protection
[hugovk]
- Put images in a single directory
[hugovk]
- Support OpenJpeg 2.1
[al45tair]
- Remove unistd.h #include for all platforms
[wiredfool]
- Use unittest for tests
[hugovk]
- ImageCms fixes
[hugovk]
- Added more ImageDraw tests
[hugovk]
- Added tests for Spider files
[hugovk]
- Use libtiff to write any compressed tiff files
[wiredfool]
- Support for pickling Image objects
[hugovk]
- Fixed resolution handling for EPS thumbnails
[eliempje]
- Fixed rendering of some binary EPS files (Issue #302)
[eliempje]
- Rename variables not to use built-in function names
[hugovk]
- Ignore junk JPEG markers
[hugovk]
- Change default interpolation for Image.thumbnail to Image.ANTIALIAS
[hugovk]
- Add tests and fixes for saving PDFs
[hugovk]
- Remove transparency resource after P->RGBA conversion
[hugovk]
- Clean up preprocessor cruft for Windows
[CounterPillow]
- Adjust Homebrew freetype detection logic
[jacknagel]
- Added Image.close, context manager support.
[wiredfool]
- Added support for 16 bit PGM files.
[wiredfool]
- Updated OleFileIO to version 0.30 from upstream
[hugovk]
- Added support for additional TIFF floating point format
[Hijackal]
- Have the tempfile use a suffix with a dot
[wiredfool]
- Fix variable name used for transparency manipulations
[nijel]
---
Module Name: pkgsrc
Committed By: obache
Date: Sun Jul 6 12:18:39 UTC 2014
Modified Files:
pkgsrc/graphics/py-Pillow: Makefile
Log Message:
Update HOMEPAGE url.
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 8 12:09:28 UTC 2014
Modified Files:
pkgsrc/graphics/py-Pillow: Makefile distinfo
Log Message:
Update Pillow to 2.5.1.
2.5.1 (2014-07-10)
------------------
- Fixed install issue if Multiprocessing.Pool is not available
[wiredfool]
- 32bit mult overflow fix #782
[wiredfool]
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Aug 21 10:00:32 UTC 2014
Modified Files:
pkgsrc/graphics/py-Pillow: Makefile distinfo
Log Message:
Update Pillow to 2.5.3.
2.5.3 (2014-08-18)
------------------
- Fixed CVE-2014-3598, a DOS in the Jpeg2KImagePlugin
[Andrew Drake]
2.5.2 (2014-08-13)
------------------
- Fixed CVE-2014-3589, a DOS in the IcnsImagePlugin
[Andrew Drake]
|
|
security/gpgme: security update
Revisions pulled up:
- security/gpgme/Makefile 1.73
- security/gpgme/distinfo 1.32
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 21 20:40:58 UTC 2014
Modified Files:
pkgsrc/security/gpgme: Makefile distinfo
Log Message:
Update to 1.4.4. Remove obsolete configure args.
Noteworthy changes in version 1.4.4 (2014-07-30) [C22/A11/R1]
-------------------------------------------------------------
Backported from 1.5.1:
* Fixed possible overflow in gpgsm and uiserver engines.
[CVE-2014-3564]
* Fixed possibled segv in gpgme_op_card_edit.
* Fixed minor memleaks and possible zombie processes.
* Fixed prototype inconsistencies and void pointer arithmetic.
Noteworthy changes in version 1.4.3 (2013-08-12) [C22/A11/R0]
-------------------------------------------------------------
* The default engine names are now taken from the output of gpgconf.
If gpgconf is not found the use of gpg 1 is assumed.
* Under Windows the default engines names are first searched in the
installation directory of the gpgme DLL.
* New function gpgme_data_identify to detect the type of a message.
* Interface changes relative to the 1.4.2 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_signers_count NEW.
gpgme_data_type_t NEW.
gpgme_data_identify NEW.
Noteworthy changes in version 1.4.2 (2013-05-28)
------------------------------------------------
* Allow symmetric encryption with gpgme_op_encrypt_sign.
* Fixed mismatching off_t definitions on Windows.
* Interface changes relative to the 1.4.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_off_t NEW.
gpgme_size_t NEW.
GPGME_PROTOCOL_OPENPGP NEW alias.
|
|
x11/gnome-desktop3: build fix
Revisions pulled up:
- x11/gnome-desktop3/distinfo 1.6
- x11/gnome-desktop3/patches/patch-libgnome-desktop_libgsystem_gsystem-file-utils.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 21 10:37:48 UTC 2014
Modified Files:
pkgsrc/x11/gnome-desktop3: distinfo
Added Files:
pkgsrc/x11/gnome-desktop3/patches:
patch-libgnome-desktop_libgsystem_gsystem-file-utils.c
Log Message:
Add fcntl.h for openat(). Might help build on NetBSD-6.
|
|
|
|
www/drupal6; security update
Revisions pulled up:
- www/drupal6/Makefile 1.49
- www/drupal6/distinfo 1.32
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 8 15:54:21 UTC 2014
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update drupal6 to 6.33.
Drupal 6.33, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.28
- www/drupal7/PLIST 1.10
- www/drupal7/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 8 15:53:33 UTC 2014
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update drupal7 to 7.31.
Drupal 7.31, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.
Drupal 7.30, 2014-07-24
-----------------------
- Fixed a regression introduced in Drupal 7.29 that caused files or images
attached to taxonomy terms to be deleted when the taxonomy term was edited
and resaved (and other related bugs with contributed and custom modules).
- Added a warning on the permissions page to recommend restricting access to
the "View site reports" permission to trusted administrators. See
DRUPAL-PSA-2014-002.
- Numerous API documentation improvements.
- Additional automated test coverage.
|
|
on ticket #4475.
|
