| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
2011-02-08
- Python 3.1 support.
|
|
|
|
2.2
---
* migration to https://github.com/collective/icalendar using svn2git preserving
tags, branches and authors.
[garbas]
* using tox for testing on python 2.4, 2.5, 2.6, 2.6.
[garbas]
* fixed tests so they pass also under python 2.7.
[garbas]
* running tests on https://jenkins.plone.org/job/icalendar (only 2.6 for now)
with some other metrics (pylint, clonedigger, coverage).
[garbas]
* review and merge changes from https://github.com/cozi/icalendar fork.
[garbas]
* created sphinx documentation and started documenting development and goals.
[garbas]
* hook out github repository to http://readthedocs.org service so sphinx
documentation is generated on each commit (for master). Documentation can be
visible on: http://readthedocs.org/docs/icalendar/en/latest/
[garbas]
|
|
|
|
|
|
libgsf 1.14.22
Damien Lespiau:
* Fix thumbnailer manual install problem.
Morten:
* Fix error messages on win32.
* Fix resource limiting in thumbnailer.
* Ensure GsfOutput::name and GsfInput::name notifications.
* Cleanup old code.
* Drop support for gnome-vfs and bonobo.
* Fix ole2 entry sorting based on patch from Junping Zhang. [#665712]
Vincent Untz:
* New installation method for thumbnailer. [#651187]
|
|
|
|
|
|
* change installation location to same as other NS plugins, PR pkg/45835.
Bump PKGREVISION.
|
|
|
|
|
|
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
|
|
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
|
|
|
|
|
|
|
|
lang/php53 5.3.9nb1
security/php-suhosin 0.9.33
|
|
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
Buffer Overflow
Release Date: 2012/01/19
Last Modified: 2012/01/19
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Suhosin Extension <= 0.9.32.1
Severity: A possible stack buffer overflow in Suhosin extension's
transparent cookie encryption that can only be triggered
in an uncommon and weakened Suhosin configuration can lead
to arbitrary remote code execution, if the FORTIFY_SOURCE
compile option was not used when Suhosin was compiled.
Risk: Medium
Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
vulnerability
Reference: http://www.suhosin.org/
https://github.com/stefanesser/suhosin
|
|
for PHP5.3.7.
Bump PKGREVISION.
|
|
|
|
affects editors/emacs-nox11 also
|
|
|
|
Fixes since v1.7.7.2
--------------------
* Adjust the "quick-install-doc" procedures as preformatted
html/manpage are no longer in the source repository.
* The logic to optimize the locality of the data in a pack introduced in
1.7.7 was grossly inefficient.
* The logic to filter out forked projects in the project list in
"gitweb" was broken for some time.
* "git branch -m/-M" advertised to update RENAME_REF ref in the
commit log message that introduced the feature but not anywhere in
the documentation, and never did update such a ref anyway. This
undocumented misfeature that did not exist has been excised.
Fixes since v1.7.7.3
--------------------
* A few header dependencies were missing from the Makefile.
* Some newer parts of the code used C99 __VA_ARGS__ while we still
try to cater to older compilers.
* "git name-rev --all" tried to name all _objects_, naturally failing to
describe many blobs and trees, instead of showing only commits as
advertised in its documentation.
Fixes since v1.7.7.4
--------------------
* After fetching from a remote that has very long refname, the reporting
output could have corrupted by overrunning a static buffer.
* "git checkout" and "git merge" treated in-tree .gitignore and exclude
file in $GIT_DIR/info/ directory inconsistently when deciding which
untracked files are ignored and expendable.
Fixes since v1.7.7.5
--------------------
* The code to look up attributes for paths reused entries from a wrong
directory when two paths in question are in adjacent directories and
the name of the one directory is a prefix of the other.
* A wildcard that matches deeper hierarchy given to the "diff-index" command,
e.g. "git diff-index HEAD -- '*.txt'", incorrectly reported additions of
matching files even when there is no change.
* When producing a "thin pack" (primarily used in bundles and smart
HTTP transfers) out of a fully packed repository, we unnecessarily
avoided sending recent objects as a delta against objects we know
the other side has.
|
|
PR 45766, patch from there.
|
|
changes:
-Fix numerous bugs in the FreeBSD backend
-Split off OpenBSD code in its own backend, and fixes
-Updated translations
|
|
|
|
changes:
-minor fixes
-translation updates
|
|
changes:
-bugfixes
-minor feature additions
|
|
changes:
-handle more attributes
-added support of clipPath element
-added support of visibility style property
-fixed handling of aspect ratio of video
|
|
changes: many fixes and feature improvements
|
|
changes: minor bugfixes
|
|
|
|
|
|
fixes CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027.
|
|
|
|
gdkinputprivate.h:38:35: error: X11/extensions/XInput.h: No such file or directory
(header got switched to different package)
|
|
configure error was:
Requested 'gstreamer-plugins-base-0.10 >= 0.10.30' but version of
GStreamer Base Plugins Libraries is 0.10.26
|
|
|
|
* This release contains security fix.
See http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
Changelog:
* Viewing large console logs with timestamper plugin cause Jenkins
to crash (issue 9349)
* Maven3 parallel build fails with java.util.ConcurrentModificationException
in Jenkins (issue 11256)
* Jenkins PID changes after restart (issue 11742)
* Running Jenkins with the bundeled Winstone is succeptible to the hash table
attack http://www.ocert.org/advisories/ocert-2011-003.html (SECURITY-22)
|
|
|
|
on NetBSD/arm -current with gcc-4.5.3. PR pkg/45834
Bump PKGREVISION.
|
|
|
|
* Only warn about non-tackled IPv6 packets once
* add missing break between "case IPv4" and "case IPv6"
* bump tap driver version from 9.8 to 9.9
* log error message and exit for "win32, tun mode, tap driver version 9.8"
* Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch
|
|
|
|
|
|
This release is mainly a stabilization of the R14B03 release (but as
usual there are some new functionality as well).
One pkgsrc change: add flex to USE_TOOLS, so that megaco_flex_scanner_drv
gets built on all SunOS flavors.
Read full announcement at
http://www.erlang.org/download/otp_src_R14B04.readme
|
|
Problem and fixes are reported in PR pkg/45821.
|
|
|
