Age | Commit message (Collapse) | Author | Files | Lines |
|
ruby18-base: security patch
Revisions pulled up:
- lang/ruby18-base/Makefile 1.47
- lang/ruby18-base/distinfo 1.34
- lang/ruby18-base/patches/patch-dg 1.5
- lang/ruby18-base/patches/patch-dh 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 14 05:17:18 UTC 2008
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh
Log Message:
Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
from ruby_1_8 branch.
Bump PKGREVISION.
|
|
mono: security patch
Revisions pulled up:
- lang/mono/Makefile 1.70-1.71
- lang/mono/PLIST 1.25
- lang/mono/distinfo 1.37
- lang/mono/patches/patch-cl 1.1
- lang/mono/patches/patch-cm 1.1
---
Module Name: pkgsrc
Committed By: tron
Date: Sun Aug 10 16:19:33 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile PLIST
Log Message:
Remove directory "include/mono-1.0/mono" on deinstallation.
Bump package revision because of a package list fix.
---
Module Name: pkgsrc
Committed By: kefren
Date: Mon Sep 1 09:28:54 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cl patch-cm
Log Message:
Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
"HTTP header injection" attacks
|
|
python25: update for security fixes
revisions pulled up:
pkgsrc/lang/python25/Makefile 1.7,1.8
pkgsrc/lang/python25/distinfo 1.6
pkgsrc/lang/python25/patches/patch-at 1.2
pkgsrc/lang/python25/patches/patch-ba 1.1
pkgsrc/lang/python25/patches/patch-bb 1.1
pkgsrc/lang/python25/patches/patch-bc 1.1
pkgsrc/lang/python25/patches/patch-bd 1.1
pkgsrc/lang/python25/patches/patch-be 1.1
pkgsrc/lang/python25/patches/patch-bf 1.1
pkgsrc/lang/python25/patches/patch-bg 1.1
pkgsrc/lang/python25/patches/patch-bh 1.1
pkgsrc/lang/python25/patches/patch-bi 1.1
pkgsrc/lang/python25/patches/patch-bj 1.1
pkgsrc/lang/python25/patches/patch-bk 1.1
pkgsrc/lang/python25/patches/patch-ca 1.1
pkgsrc/lang/python25/patches/patch-cb 1.1
pkgsrc/lang/python25/patches/patch-cc 1.1
pkgsrc/lang/python25/patches/patch-cd 1.1
pkgsrc/lang/python25/patches/patch-ce 1.1
pkgsrc/lang/python25/patches/patch-da 1.1
pkgsrc/lang/python25/patches/patch-db 1.1
pkgsrc/lang/python25/patches/patch-ea 1.1
Module Name: pkgsrc
Committed By: joerg
Date: Mon Jul 14 14:42:51 UTC 2008
Modified Files:
pkgsrc/lang/python25: Makefile
Log Message:
Always build depend on readline, so that devel/py-readline can pick up
the right config. Bump revision.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Aug 30 10:02:33 UTC 2008
Modified Files:
pkgsrc/lang/python25: Makefile distinfo
pkgsrc/lang/python25/patches: patch-at
Added Files:
pkgsrc/lang/python25/patches: patch-ba patch-bb patch-bc patch-bd
patch-be patch-bf patch-bg patch-bh patch-bi patch-bj patch-bk
patch-ca patch-cb patch-cc patch-cd patch-ce patch-da patch-db
patch-ea
Log Message:
Add security patches for CVE-2008-2315, CVE-2008-2316, CVE-2008-3142 and
CVE-2008-3144 (this one shouldn't affect platforms supported by pkgsrc)
all taken from Gentoo. Bump package revision.
|
|
sun-jdk15: security update
sun-jre15: security update
Revisions pulled up:
- lang/sun-jdk15/Makefile 1.32
- lang/sun-jdk15/distinfo 1.19
- lang/sun-jre15/Makefile 1.55
- lang/sun-jre15/PLIST.linux-i386 1.8
- lang/sun-jre15/PLIST.linux-x86_64 1.6
- lang/sun-jre15/distinfo 1.20
---
Module Name: pkgsrc
Committed By: he
Date: Fri Aug 15 15:06:36 UTC 2008
Modified Files:
pkgsrc/lang/sun-jdk15: Makefile distinfo
pkgsrc/lang/sun-jre15: Makefile PLIST.linux-i386 PLIST.linux-x86_64
distinfo
Log Message:
Update to Java 5.0 Update 16. Fixes a number of security vulnerabilities.
Also updates some root certificates and imports tzdata2008b.
Sun's release notes are at
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_16
|
|
ruby-curses, ruby, ruby18-base, ruby-tk: security fix
revisions pulled up
pkgsrc/lang/ruby/rubyversion.mk 1.44
pkgsrc/lang/ruby18-base/distinfo 1.17
pkgsrc/devel/ruby-curses/distinfo 1.33
pkgsrc/x11/ruby-tk/distinfo 1.20
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 06:58:33 UTC 2008
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby18-base: distinfo
Log Message:
Update ruby18-base to 1.8.7.72 (Ruby 1.8.7-p72).
These packages are implicitly updated with distfile update only.
databases/ruby-gdbm
devel/ruby-readline
lang/ruby
lang/ruby18
Here's quote from release announce:
Sorry for a fuss, but it turned out that taintness check of dl in last
releases I made was incomplete. Here are fixes for that.
And relevant changes:
Mon Aug 11 09:37:17 2008 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/dl/dl.c (rb_str_to_ptr): should propagate taint to dlptr.
* ext/dl/dl.c (rb_ary_to_ptr): ditto.
* ext/dl/sym.c (rb_dlsym_call): should check taint of DLPtrData as
well.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 06:59:40 UTC 2008
Modified Files:
pkgsrc/devel/ruby-curses: distinfo
Log Message:
Update ruby-curses package to 1.8.7.72.
It is distfile change only.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 06:59:55 UTC 2008
Modified Files:
pkgsrc/x11/ruby-tk: distinfo
Log Message:
Update ruby-curses package to 1.8.7.72.
It is distfile change only.
|
|
Security patches for python24
Revisions pulled up:
- lang/python24/Makefile 1.44-1.45
- lang/python24/distinfo 1.29-1.31
- lang/python24/patches/patch-ba 1.1
- lang/python24/patches/patch-bb 1.1
- lang/python24/patches/patch-bc 1.1
- lang/python24/patches/patch-bd 1.1
- lang/python24/patches/patch-be 1.1
- lang/python24/patches/patch-bf 1.1
- lang/python24/patches/patch-bg 1.1
- lang/python24/patches/patch-bh 1.1
- lang/python24/patches/patch-bi 1.1
- lang/python24/patches/patch-bj 1.1
- lang/python24/patches/patch-bk 1.1
- lang/python24/patches/patch-bl 1.1
- lang/python24/patches/patch-bm 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Mon Jul 14 14:42:51 UTC 2008
Modified Files:
pkgsrc/lang/python24: Makefile
Log Message:
Always build depend on readline, so that devel/py-readline can pick up
the right config. Bump revision.
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 5 10:13:34 UTC 2008
Modified Files:
pkgsrc/lang/python24: Makefile distinfo
Added Files:
pkgsrc/lang/python24/patches: patch-ba patch-bb patch-bc patch-bd
patch-be patch-bf patch-bg
Log Message:
add patches from upstream svn rev.65333, fix integer overflows in
memory allocation (CVE-2008-2315)
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 5 10:45:46 UTC 2008
Modified Files:
pkgsrc/lang/python24: distinfo
Added Files:
pkgsrc/lang/python24/patches: patch-bh patch-bi patch-bj patch-bk
patch-bl
Log Message:
also apply upstream svn rev.65262, fixes overflow checks in memory
allocation (CVE-2008-3142), ride on PKGREVISION bump some minutes ago
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 7 11:20:18 UTC 2008
Modified Files:
pkgsrc/lang/python24: distinfo
Added Files:
pkgsrc/lang/python24/patches: patch-bm
Log Message:
Add a patch from the upstream 2.5 branch (svn rev.63883) to fix an
integer overflow in the vsnprintf replacement function.
This is likely not a real problem, and the patch wasn't pulled to
the upstream 2.4 branch, but so we can formally declare our 2.4
as not vulnerable now.
|
|
Security patch for mono
Revisions pulled up:
- lang/mono/Makefile 1.69
- lang/mono/distinfo 1.36
- lang/mono/patches/patch-cf 1.1
- lang/mono/patches/patch-cg 1.1
- lang/mono/patches/patch-ch 1.1
- lang/mono/patches/patch-ci 1.1
- lang/mono/patches/patch-cj 1.1
- lang/mono/patches/patch-ck 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Sat Aug 9 19:57:51 UTC 2008
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-cf patch-cg patch-ch patch-ci patch-cj
patch-ck
Log Message:
fix an cross site scripting vulnerability
bump PKGREVISION
|
|
security update for ruby
- pkgsrc/devel/ruby-curses/distinfo 1.16
- pkgsrc/lang/ruby/rubyversion.mk 1.43
- pkgsrc/lang/ruby18-base/Makefile 1.46
- pkgsrc/lang/ruby18-base/distinfo 1.32
- pkgsrc/lang/ruby18-base/patches/patch-ad removed
- pkgsrc/x11/ruby-tk/distinfo 1.19
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 8 12:38:59 UTC 2008
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
Start update of Ruby 1.8.7 patchlevel 71.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 8 12:42:44 UTC 2008
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Removed Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Update ruby18-base to 1.8.7.71.
pkgsrc change:
Apply fix for sunpro compilre, provided by PR pkg/37771 from
Naoto Morishima.
This release includes fix for multiple vulnerabilities.
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
* Several vulnerabilities in safe level
* DoS vulnerability in WEBrick
* Lack of taintness check in dl
* DNS spoofing vulnerability in resolv.rb
Full changes are too many, please refer ChangeLog file.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 8 12:43:51 UTC 2008
Modified Files:
pkgsrc/devel/ruby-curses: distinfo
Log Message:
Update ruby-curses package to 1.8.7.71.
This is version update only, no functional change in this ruby extention.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 8 12:44:51 UTC 2008
Modified Files:
pkgsrc/x11/ruby-tk: distinfo
Log Message:
Update ruby-tk package to 1.8.7.71.
This is version update only, no functional change in this ruby extention.
|
|
Noticed by Zafer Aydogan via private mail.
|
|
Fixes PR 39081
PKGREVISION++
|
|
Solves PR pkg/38510.
Bump PKGREVISION.
|
|
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
|
|
PLIST of ap22-py25-python and similar packages (removes additional
egg-info file) From tnn@. Passed via packages@ without objection
|
|
Closes PR pkg/39051.
|
|
patch-al: Remove hunk that shouldn't ever appear in patches (as pkglint
warns).
distinfo: regen
|
|
Tested under Leopard and NetBSD-i386 4.0_STABLE.
This fixes PR pkg/39042 by myself.
|
|
Patch provided by MAINTAINER Aleksej Saushev in PR 39054.
|
|
Noticed by Chavdar Ivanov in PR 39039.
|
|
Changes since previous (2.44.1) release:
User visible changes
--------------------
* Experimental Just-In-Time Compilation of byte-compiled closures is now
done using GNU lightning (this is a configure-time option).
Thanks to Yann Dauphin <yann-nicolas.dauphin@polymtl.ca>.
* New command-line option -lp adds directories to *LOAD-PATHS*.
See <http://clisp.cons.org/impnotes/clisp.html#opt-load-paths> for details.
* New function FFI:OPEN-FOREIGN-LIBRARY allows pre-opening of shared libraries.
See <http://clisp.cons.org/impnotes/dffi.html#dffi-open-lib> for details.
* New macro EXT:COMPILE-TIME-VALUE allows computing values at file compilation.
See <http://clisp.podval.org/impnotes/macros3.html#compile-time-value>
for details.
* New function FFI:FOREIGN-POINTER-INFO allows some introspection.
See <http://clisp.cons.org/impnotes/dffi.html#fptr-info> for details.
* Versioned library symbols are now accessible via the :VERSION argument of
DEF-CALL-OUT and DEF-C-VAR.
Thanks to Kaz Kylheku <kkylheku@gmail.com>.
See <http://clisp.cons.org/impnotes/dffi.html#def-call-out> for details.
* New functions GRAY:STREAM-READ-SEQUENCE and GRAY:STREAM-WRITE-SEQUENCE have
been added for portability reasons.
Suggested by Anton Vodonosov <avodonosov@yandex.ru>.
See <http://clisp.cons.org/impnotes/gray.html#st-rd-seq> for details.
* New user variable CUSTOM:*SUPPRESS-SIMILAR-CONSTANT-REDEFINITION-WARNING*
controls whether the redefinition warning is issues when the new
constant value is visually similar to the old one.
See <http://clisp.cons.org/impnotes/defconstant.html#defconstant-similar>
for details.
* REPL commands can now accept arguments.
See <http://clisp.cons.org/impnotes/repl.html> for details.
* Updated the postgresql module to PostgreSQL 8.3.
See <http://clisp.cons.org/impnotes/postgresql.html> for details.
* Module syscalls now interfaces to <stdio.h> (for the sake of FFI modules).
See <http://clisp.cons.org/impnotes/syscalls.html#stdio> for details.
There are others additions there also, but they are too numerous to
be enumerated here.
* Bug fixes:
+ Fix handling of quoted objects by READ-PRESERVING-WHITESPACE. [ 1890854 ]
+ Fix rectangle count in NEW-CLX XLIB:SET-GCONTEXT-CLIP-MASK. [ 1918017 ]
+ Fix argument handling in NEW-CLX XLIB:QUERY-COLORS. [ 1931101 ]
+ Fix compilation on systems not supporting returning void. [ 1924506 ]
+ Fix TANH floating point overflow for large floats. [ 1683394 ]
+ Avoid extra aggressive bignum overflow reporting in READ. [ 1928735 ]
+ Improved floating point number formatting. [ 1790496, 1928759 ]
+ COMPILE no longer discards MACRO doc strings. [ 1936255 ]
+ Improved accuracy of LOG on complex numbers. [ 1934968 ]
+ Fix COERCE for compound float result-types. [ 1942246 ]
+ Fix $http_proxy parsing. [ 1959436 ]
+ Fix LISTEN on buffered streams when the last character was CRLF. [ 1961475 ]
+ Cross-compilation process has been restored to its former glory,
|
|
http://redmine.ruby-lang.org/issues/show/193
This may break some ruby modules that require pthread, but it is better
than not having a ruby binary at all.
|
|
be build on amd64 and avoids text relocations elsewhere.
Apply build fix for FreeBSD from PR 38984.
Bump revision.
|
|
|
|
Changes:
* [05 Jun 08] Changed all '#!/bin/bash" in shells scripts into '#!/bin/sh'
and changed all $(...) into `...` because there are compatibilities
problems according to Unix versions.
* [31 Mar 08] Fixed bug: "let f ~_x () = ()" generated syntax error.
* [31 Mar 08] Fixed bug: "x $ y" generated syntax error (normal syntax).
* [02 Jan 08] Added compatibility with OCaml 3.10.3.
|
|
|
|
This is security fix:
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
Fri Jun 20 18:25:18 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* string.c (rb_str_buf_append): should infect.
Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
behavior at integer overflow.
* string.c (str_buf_cat): ditto.
Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org>
* array.c (ary_new, rb_ary_initialize, rb_ary_store,
rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
Tue Jun 17 15:09:46 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (file_expand_path): no need to expand root path which has no
short file name. [ruby-dev:35095]
Sun Jun 15 19:27:40 2008 Akinori MUSHA <knu@iDaemons.org>
* configure.in: Fix $LOAD_PATH. Properly expand vendor_ruby
directories; submitted by Takahiro Kambe <taca at
back-street.net> in [ruby-dev:35099].
|
|
Update RUBY18_PATCHLEVEL to 22.
|
|
|
|
|
|
bulk builds.
|
|
|
|
|
|
Since chanes are too much to write here, please refer
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/NEWS
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_17/ChangeLog
|
|
* Update RUBY18_VERSION to 1.8.7 and RUBY18_PATCHLEVEL to 17.
* Use vendor_ruby instead for site_ruby.
* Introduce macros for relative path and use them instead of old absolete
path.
RUBY_LIB lib/ruby/${RUBY_VER_DIR}
RUBY_ARCHLIB ${RUBY_LIB}/${RUBY_ARCH}
RUBY_SITELIB_BASE lib/ruby/site_ruby
RUBY_SITELIB ${RUBY_SITELIB_BASE}/${RUBY_VER_DIR}
RUBY_SITEARCHLIB ${RUBY_SITELIB}/${RUBY_ARCH}
RUBY_VENDORLIB_BASE lib/ruby/vendor_ruby
RUBY_VENDORLIB ${RUBY_VENDORLIB_BASE}/${RUBY_VER_DIR}
RUBY_VENDORARCHLIB ${RUBY_VENDORLIB}/${RUBY_ARCH}
RUBY_DOC share/doc/${RUBY_NAME}
RUBY_EG share/examples/${RUBY_NAME}
Old these macros are removed after 2008Q2 branch.
RUBY_LIBDIR
RUBY_ARCHLIBDIR
RUBY_SITELIBDIR
RUBY_SITEARCHLIBDIR
RUBY_VENDORLIBDIR
RUBY_VENDORARCHLIBDIR
RUBY_DOCDIR
RUBY_EXAMPLESDIR
* update PRINT_PLIST_AWK macro to reality and move some of them from
ruby/modules.mk to ruby/rubyversion.mk.
|
|
|
|
bsd.prefs.mk. Reported by Steven M. Bellovin for xorg packages.
|
|
|
|
and the PEAR package itself must be reviewed to not include those files.
The patch doesn't work for dependencies right now.
|
|
|
|
|
|
|
|
|
|
|
|
by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927.
Patch fetched from
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
which, according to comments, is from upstream change 27688.
Revision bumped to nb8.
|
|
changes:
-new module: `(srfi srfi-88)'
-New `postfix' read option, for SRFI-88 keyword syntax
-Some I/O primitives have been inlined, which improves I/O performance
-New object-based traps infrastructure
-New support for working on Guile code from within Emacs
-bugfixes
pkgsrc note: added a patch which affects builds without thread
support only (fixes crash on termination)
approved by gdt
|
|
|
|
needed to build gtk-sharp and gnome-sharp, and possibly other mono packages
with a readonly home dir. Discussed with wiz@ and kefren@
|
|
build the newer version. This should allow the package to be
included in bulk builds, and eliminate the troubles with other
Common Lisp systems being fragile WRT building this system.
Update to 1.0.16
|
|
|
|
|
|
|