Age | Commit message (Collapse) | Author | Files | Lines |
|
net/freeradius2: security patch
Revisions pulled up:
- net/freeradius2/Makefile 1.24
- net/freeradius2/distinfo 1.13
- net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Sep 12 18:37:10 UTC 2012
Modified Files:
pkgsrc/net/freeradius2: Makefile distinfo
Added Files:
pkgsrc/net/freeradius2/patches:
patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c
Log Message:
Add patch from the freeradius git repository, fixing CVE-2012-3547.
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/net/freeradius2/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/freeradius2/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c
|
|
net/{isc-dhcp4,isc-dhcpd4,isc-dhclient4,isc-dhcrelay} security fix
Revisions pulled up:
- net/isc-dhcp4/Makefile.common 1.17
- net/isc-dhcp4/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:38:58 UTC 2012
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile.common distinfo
Log Message:
Update ISC DHCP package to 4.2.4p2 (ISC DHCP 4.2.4-P2).
Changes since 4.2.4-P1
! An issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
[ISC-Bugs #30281]
CVE: CVE-2012-3955
|
|
net/bind?? CVE-2012-4244 security fix
Revisions pulled up:
- net/bind96/DESCR 1.2
- net/bind96/Makefile 1.29-1.30
- net/bind96/distinfo 1.20
- net/bind97/DESCR 1.2
- net/bind97/Makefile 1.18-1.19
- net/bind97/distinfo 1.16
- net/bind98/DESCR 1.2
- net/bind98/Makefile 1.15-1.16
- net/bind98/distinfo 1.14
- net/bind99/DESCR 1.2
- net/bind99/Makefile 1.10-1.11
- net/bind99/distinfo 1.8
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 26 14:23:49 UTC 2012
Modified Files:
pkgsrc/net/bind96: DESCR Makefile
pkgsrc/net/bind97: DESCR Makefile
pkgsrc/net/bind98: DESCR Makefile
pkgsrc/net/bind99: DESCR Makefile
Log Message:
Make it clearer which package contains exactly which bind version.
Patch from Bug Hunting.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:32:55 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3).
--- 9.6-ESV-R7-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
3358 [bug] Fix declaration of fatal in bin/named/server.c
and bin/nsupdate/main.c. [RT #30522]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:33:40 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
Update bind97 to bind-9.7.6pl3.
--- 9.7.6-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:35:18 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
Update bind98 to 9.8.3pl3 (BIND 9.8.3-P3).
--- 9.8.3-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:35:56 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3).
--- 9.9.1-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
|
|
net/wireshark: security patch
Revisions pulled up:
- distinfo patch
- Makefile patch
- patches/patch-CVE-2012-3548 created by patch
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.81
- net/wireshark/distinfo 1.57
- net/wireshark/options.mk 1.6-1.7
- net/wireshark/patches/patch-ca 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 16 14:52:27 UTC 2012
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo options.mk
Added Files:
pkgsrc/net/wireshark/patches: patch-ca
Log Message:
update to 1.6.10
changes:
-security fixes for dissectors: DCP ETSI, XTP, AFP, RTPS2, GSM RLC MAC,
CIP. STUN, EtherCAT Mailbox, CTDB
(CVE-2012-4285, CVE-2012-4288, CVE-2012-4289..4293, CVE-2012-4296,
CVE-2012-4297)
-minor fixes
pkgsrc change: fix build with gnutls3
approved by the maintainer
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 16 15:11:49 UTC 2012
Modified Files:
pkgsrc/net/wireshark: options.mk
Log Message:
back out change I didn't want to commit
|
|
net/tor: security update
Revisions pulled up:
- net/tor/Makefile 1.88
- net/tor/distinfo 1.55
---
Module Name: pkgsrc
Committed By: drochner
Date: Mon Aug 13 17:13:45 UTC 2012
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
update to 0.2.2.38
Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
fixes a remotely triggerable crash bug; and fixes a timing attack that
could in theory leak path information.
|
|
net/Transmission: security update
net/Transmission-gui: security update
Revisions pulled up:
- net/Transmission-gui/Makefile 1.4-1.5
- net/Transmission-gui/PLIST 1.2-1.3
- net/Transmission/Makefile 1.79
- net/Transmission/Makefile.common 1.2-1.4
- net/Transmission/PLIST 1.11-1.12
- net/Transmission/distinfo 1.58-1.60
- net/Transmission/patches/patch-aa 1.11
- net/Transmission/patches/patch-ad deleted
- net/Transmission/patches/patch-ae 1.11
- net/Transmission/patches/patch-af deleted
- net/Transmission/patches/patch-qt_qtr.pro 1.1
- net/Transmission/patches/patch-third-party_miniupnp_miniupnp.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 12 18:29:46 UTC 2012
Modified Files:
pkgsrc/net/Transmission: Makefile Makefile.common PLIST distinfo
pkgsrc/net/Transmission-gui: Makefile PLIST distinfo
pkgsrc/net/Transmission/patches: patch-aa patch-ae
Added Files:
pkgsrc/net/Transmission/patches: patch-qt_qtr.pro
Removed Files:
pkgsrc/net/Transmission/patches: patch-ad patch-af
Log Message:
Update Transmission* to 2.60, inspired by PR 46695 by Ken Wong.
Transmission 2.60 (2012/07/05)
Fix issues when adding magnet links
Improved scraping behavior for certain trackers
Fix bug where cleared statistics might not save
Updated versions of miniupnpc and libuTP
Fixed compilation issues with Solaris and FreeBSD
Other minor fixes
Web Client
Notification of downloading and seeding completion (requires browser support of notifications)
Re-add select all and deselect all buttons to the file inspector tab
Qt
Add Basque translation
Transmission 2.52 (2012/05/19)
Fix bug with zero termination of multiscrape strings
Update the bundled libnatpmp and miniupnp port forwarding libraries
GTK+
Fix minor bug in Ubuntu app indicator support
Transmission 2.51 (2012/04/08)
Update the bundled libnatpmp and miniupnp port forwarding libraries
Add environment variable options to have libcurl verify SSL certs
Support user-specified CXX environment variables during compile time
GTK+
Fix crash when adding torrents on systems without G_USER_DIRECTORY_DOWNLOAD
Honor the notification sound setting
Add a tooltip to files in the torrents' file list
Fix broken handling of the Cancel button in the "Open URL" dialog
Improve support for Gnome Shell and Unity
Catch SIGTERM instead of SIGKILL
Qt
Progress bar colors are now similar to the Mac and Web clients'
Improve the "Open Folder" behavior
Web Client
Fix global seed ratio progress bars
Fix sometimes-incorrect ratio being displayed in the inspector
If multiple torrents are selected, show the aggregate info in the inspector
Upgrade to jQuery 1.7.2
Daemon
Show magnet link information in transmission-remote -i
Transmission 2.50 (2012/02/14)
Fix crash when adding some magnet links
Improved support for downloading webseeds with large files
Gracefully handle incorrectly-compressed data from webseed downloads
Fairer bandwidth distribution across connected peers
Use less CPU when calculating undownloaded portions of large torrents
Use the Selection Algorithm, rather than sorting, to select peer candidates
Use base-10 units when displaying bandwidth speed and disk space
If the OS has its own copy of natpmp, prefer it over our bundled version
Fix Fails-To-Build error on Solaris 10 from use of mkdtemp()
Fix Fails-To-Build error on FreeBSD from use of alloca()
Fix Fails-To-Build error when building without a C++ compiler for libuTP
GTK+
Fix regression that broke the "--minimized" command-line argument
Instead of notify-send, use the org.freedesktop.Notifications DBus API
Fix a handful of small memory leaks
Qt
Fix FTB when building without libuTP support on Debian
Web Client
Filtering by state and tracker
Sorting by size
Larger, easier-to-press toolbar buttons
Fix the torrent size and time remaining in the inspector's details tab
Bundle jQuery and the stylesheets to avoid third-party CDNs
Upgrade to jQuery 1.7.1
Fix runtime errors in IE 8, IE 9, and Opera
Revise CSS stylesheets to use SASS
Minor interface tweaks
Daemon
Fix corrupted status string in transmission-remote
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 12 18:35:30 UTC 2012
Modified Files:
pkgsrc/net/Transmission: PLIST
Log Message:
Sort.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 12 18:35:42 UTC 2012
Modified Files:
pkgsrc/net/Transmission: Makefile.common
Removed Files:
pkgsrc/net/Transmission-gui: distinfo
Log Message:
Share distinfo between Transmission packages.
---
Module Name: pkgsrc
Committed By: marino
Date: Wed Jul 18 17:50:22 UTC 2012
Modified Files:
pkgsrc/net/Transmission: distinfo
Added Files:
pkgsrc/net/Transmission/patches: patch-third-party_miniupnp_miniupnp.c
Log Message:
net/Transmission: Disable IP Multicast interface for DragonFly
The only BSD to support the IP Multicast interface is FreeBSD. NetBSD,
OpenBSD, and even MacOS have this turned off, so DragonFly gets added
to the OS macro list to fix the build.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 28 15:13:42 UTC 2012
Modified Files:
pkgsrc/net/Transmission: Makefile.common distinfo
pkgsrc/net/Transmission-gui: Makefile PLIST
Log Message:
Update to 2.61:
=== Transmission 2.61 (2012/07/23) ===
[http://trac.transmissionbt.com/query?milestone=2.61&group=component&order=severity All tickets closed by this release]
==== All Platforms ====
==== Mac ====
* Fix crash when creating a torrent file on Lion or newer
==== GTK+ ====
* Support startup notification
* Require GTK+ 3
==== Qt ====
* Fix bug when opening the web client via the Preferences dialog
* Better opening of magnet links
* The Torrent File list now handles very long lists faster
* Fix i18n problem introduced in 2.60
==== Web Client ====
* Close potential cross-scripting vulnerability from malicious torrent files
==== Utils ====
* Add magnet link generation to the transmission-show command line tool
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.80 via patch
- net/wireshark/distinfo 1.56
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Jul 24 17:24:55 UTC 2012
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
update to 1.6.9
changes:
-security fixes:
-The PPP dissector could crash (CVE-2012-4048)
-The NFS dissector could use excessive amounts of CPU (CVE-2012-4049)
-more bugfixes, see
http://www.wireshark.org/lists/wireshark-announce/201207/msg00002.html
for details
approved by The Maintainer
|
|
net/bind96 security update
Revisions pulled up:
- net/bind96/Makefile 1.28
- net/bind96/distinfo 1.19
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 21:14:20 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
patch version fixing CVE-2012-3817:
--- 9.6-ESV-R7-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3343. [bug] Relax isc_random_jitter() REQUIRE tests. [RT #29821]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/bind97 security update
Revisions pulled up:
- net/bind97/Makefile 1.17
- net/bind97/distinfo 1.15
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 21:01:11 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
patch release with fix for CVE-2012-3817:
--- 9.7.6-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/bind99 security update
Revisions pulled up:
- net/bind99/Makefile 1.9
- net/bind99/distinfo 1.7
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 20:40:12 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
patch version fixing CVE-2012-3817 and CVE-2012-3868:
--- 9.9.1-P2 released ---
3349. [bug] Change #3345 was incomplete. [RT #30233]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3345. [bug] Addressed race condition when removing the last item
or inserting the first item in an ISC_QUEUE.
[RT #29539]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/bind98 security update
Revisions pulled up:
- net/bind98/Makefile 1.14
- net/bind98/distinfo 1.13
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Jul 24 20:16:21 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
patch update for CVE-2012-3817:
--- 9.8.3-P2 released ---
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
|
|
net/isc-dhcp4: security update
Revisions pulled up:
- net/isc-dhcp4/Makefile.common 1.16
- net/isc-dhcp4/distinfo 1.12
- net/isc-dhcp4/patches/patch-includes_Makefile.in 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 25 00:56:53 UTC 2012
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile.common distinfo
pkgsrc/net/isc-dhcp4/patches: patch-includes_Makefile.in
Log Message:
Update isc-dhcp4 package to 4.2.4p1 (ISC DHCP 4.2.4-P1).
Fixes security problems.
Changes since 4.2.4
! Previously the server code was relaxed to allow packets with zero
length client ids to be processed. Under some situations use of
zero length client ids can cause the server to go into an infinite
loop. As such ids are not valid according to RFC 2132 section 9.14
the server no longer accepts them. Client ids with a length of 1
are also invalid but the server still accepts them in order to
minimize disruption. The restriction will likely be tightened in
the future to disallow ids with a length of 1.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29851]
CVE: CVE-2012-3571
! When attempting to convert a DUID from a client id option
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852]
CVE: CVE-2012-3570
! A pair of memory leaks were found and fixed. Thanks to
Glen Eustace of Massey University, New Zealand for finding
this issue.
[ISC-Bugs #30024]
CVE: CVE-2012-3954
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/isc-dhcp4/Makefile.common
cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/isc-dhcp4/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/net/isc-dhcp4/patches/patch-includes_Makefile.in
|
|
archivers/php-bz2: security update
archivers/php-zip: security update
archivers/php-zlib: security update
converters/php-iconv: security update
converters/php-mbstring: security update
databases/php-dba: security update
databases/php-ldap: security update
databases/php-mssql: security update
databases/php-mysql: security update
databases/php-mysqli: security update
databases/php-pdo: security update
databases/php-pdo_dblib: security update
databases/php-pdo_mysql: security update
databases/php-pdo_pgsql: security update
databases/php-pdo_sqlite: security update
databases/php-pgsql: security update
databases/php-sqlite: security update
devel/php-gettext: security update
devel/php-gmp: security update
devel/php-pcntl: security update
devel/php-posix: security update
devel/php-shmop: security update
devel/php-sysvmsg: security update
devel/php-sysvsem: security update
devel/php-sysvshm: security update
graphics/php-exif: security update
graphics/php-gd: security update
lang/php53: security update
lang/php54: security update
mail/php-imap: security update
math/php-bcmath: security update
net/php-ftp: security update
net/php-snmp: security update
net/php-soap: security update
net/php-sockets: security update
net/php-xmlrpc: security update
security/php-mcrypt: security update
textproc/php-dom: security update
textproc/php-enchant: security update
textproc/php-intl: security update
textproc/php-json: security update
textproc/php-pspell: security update
textproc/php-wddx: security update
textproc/php-xsl: security update
time/php-calendar: security update
www/ap-php: security update
www/php-curl: security update
www/php-fpm: security update
www/php-tidy: security update
Revisions pulled up:
- archivers/php-zip/Makefile 1.15
- databases/php-dba/Makefile 1.15
- databases/php-mssql/Makefile 1.14
- databases/php-pdo_dblib/Makefile 1.15
- databases/php-pdo_sqlite/Makefile 1.12
- databases/php-sqlite/Makefile 1.16
- devel/php-gettext/Makefile 1.11
- devel/php-shmop/Makefile 1.11
- graphics/php-exif/Makefile 1.11
- graphics/php-gd/Makefile 1.28
- lang/php53/Makefile.common 1.15
- lang/php53/Makefile.php 1.19
- lang/php53/distinfo 1.46
- lang/php53/patches/patch-aj 1.2
- lang/php54/Makefile.common 1.2
- lang/php54/distinfo 1.2
- lang/php54/patches/patch-run-tests.php 1.2
- net/php-soap/Makefile 1.4
- net/php-xmlrpc/Makefile 1.15
- textproc/php-dom/Makefile 1.4
- textproc/php-intl/Makefile 1.13
- textproc/php-pspell/Makefile 1.13
- textproc/php-wddx/Makefile 1.17
- textproc/php-xsl/Makefile 1.5
- www/ap-php/Makefile 1.27
- www/php-curl/Makefile 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:28:18 UTC 2012
Modified Files:
pkgsrc/lang/php53: Makefile.common Makefile.php distinfo
pkgsrc/lang/php53/patches: patch-aj
Log Message:
Update php53 pacakge to 5.3.15 (PHP 5.3.15).
19-July-2012
o Zend Engine
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
o COM
* Fixed bug #62146 com_dotnet cannot be built shared
o Core
* Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
o Fileinfo
* Fixed magic file regex support
o FPM
* Fixed bug #61045 (fpm don't send error log to fastcgi clients)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user' for
non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances
can be launched without errors)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr))
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
o JSON
* Reverted fix for bug #61537
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o SPL
* Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
o SQLite
* Fixed open_basedir bypass, CVE-2012-3365
o XML Write
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:29:05 UTC 2012
Modified Files:
pkgsrc/lang/php54: Makefile.common distinfo
pkgsrc/lang/php54/patches: patch-run-tests.php
Log Message:
Update php54 package to 5.4.5 (PHP 5.4.5).
19-July-2012
o Core
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62373 (serialize() generates wrong reference to the
object).
* Fixed bug #62357 (compile failure: (S) Arguments missing for
built-in function __memcmp)
* Fixed bug #61998 (Using traits with method aliases appears to result
in crash during execution)
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
* Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)
o EXIF
* Fixed information leak in ext exi
o FPM
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user'
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #61045 (fpm don't send error log to fastcgi clients).
(fat) for non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address).
(fat) can be launched without errors)
o Iconv
* Fixed bug #55042 (Erealloc in iconv.c unsafe)
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
* ResourceBundle constructor now accepts NULL for the first two arguments
o JSON
* Fixed bug #61359 (json_encode() calls too many reallocs)
o libxml
* Fixed bug #62266 (Custom extension segfaults during xmlParseFile
with FPM SAPI)
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Readline
* Fixed bug #62186 (readline fails to compile - void function should
not return a value)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o Sockets
* Fixed bug #62025 (__ss_family was changed on AIX 5.3)
o SPL
* Fixed bug #62433 (Inconsistent behavior of
RecursiveDirectoryIterator to dot files)
* Fixed bug #62262 (RecursiveArrayIterator does not implement
Countable)
o XML Writer
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10.
{
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:30:38 UTC 2012
Modified Files:
pkgsrc/archivers/php-zip: Makefile
pkgsrc/databases/php-dba: Makefile
pkgsrc/databases/php-mssql: Makefile
pkgsrc/databases/php-pdo_dblib: Makefile
pkgsrc/databases/php-pdo_sqlite: Makefile
pkgsrc/databases/php-sqlite: Makefile
pkgsrc/devel/php-gettext: Makefile
pkgsrc/devel/php-shmop: Makefile
pkgsrc/graphics/php-exif: Makefile
pkgsrc/graphics/php-gd: Makefile
pkgsrc/net/php-soap: Makefile
pkgsrc/net/php-xmlrpc: Makefile
pkgsrc/textproc/php-dom: Makefile
pkgsrc/textproc/php-intl: Makefile
pkgsrc/textproc/php-pspell: Makefile
pkgsrc/textproc/php-wddx: Makefile
pkgsrc/textproc/php-xsl: Makefile
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php-curl: Makefile
Log Message:
- Reset PKG_REVISION by both php53 and php54 are updated.
- Remove supporting php5 (PHP 5.2.x) supporting codes.
|
|
net/nsd: security update
Revisions pulled up:
- net/nsd/Makefile 1.56
- net/nsd/distinfo 1.34
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jul 20 16:28:49 UTC 2012
Modified Files:
pkgsrc/net/nsd: Makefile distinfo
Log Message:
Update to 3.2.12, prompted by Lloyd Parkes in PR 46727.
NSD 3.2.12
Bugfixes
Fix for VU#624931 CVE-2012-2978: NSD denial of service
vulnerability from non-standard DNS packet from any host on
the internet.
NSD 3.2.11
Features
Fallback to AXFR if IXFR is unknown at the primary. NSD considers
IXFR unknown at the primary if there is a negative response
for the IXFR RRtype. This does not override the value for
'allow-axfr-fallback'.
Allow for reading in new DNSKEY algorithm mnemonics (RFC5155,
RFC5702, RFC5933, and RFC6605 (ECDSA)).
Zone statistics, enable with --enable-zone-stats. This stores
the BIND8 stats per zone in a configurable statistics file.
This option does not scale and should therefore not be enabled
when serving many zones.
Support for TLSA RRtype (DANE).
Bugfixes
Fix for qtype ANY for a wildcard domain in NSEC signed zone:
Don't add the wildcard domain NSEC into the answer section.
Instead, put the wildcard expanded NSEC into the answer section
and keep the wildcard domain NSEC in the authority section.
Fix for accept spinning reported by OpenBSD.
Fix restart failed due to bad ixfr packet because of zone
removed from nsd.conf.
Bugfix #453: typo in nsdc man page.
Operational notes
NSD uses the query name for dname compression again (Fix #235
had as side effect that this didn't happen anymore and is hereby
undone).
|
|
net/libtorrent build fix
Revisions pulled up:
- net/libtorrent/Makefile 1.45
---
Module Name: pkgsrc
Committed By: tron
Date: Mon Jul 2 07:01:52 UTC 2012
Modified Files:
pkgsrc/net/libtorrent: Makefile
Log Message:
Compile with GCC option "-march=i486" on x86 systems to make the required
function "__sync_bool_compare_and_swap_4" available. This fixes the build
of the "rtorrent" package under NetBSD/i386 5.1_STABLE.
|
|
|
|
|
|
configure test, which might arbitrarily fail if chrooted.
|
|
|
|
|
|
|
|
in heir.c so manpages get installed in the right place.
|
|
|
|
|
|
time?)
|
|
|
|
|
|
* Add support of image preview from some web services.
* Fix image preview from gyazo
* Fix rare `retweet error' shown at close profile tab.
* Fix issue that debug mode cannot be enabled on certain processing in debug mode.
|
|
|
|
|
|
Changes in version 0.2.2.37 - 2012-06-06
Tor 0.2.2.37 introduces a workaround for a critical renegotiation
bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
currently).
o Major bugfixes:
- Work around a bug in OpenSSL that broke renegotiation with TLS
1.1 and TLS 1.2. Without this workaround, all attempts to speak
the v2 Tor connection protocol when both sides were using OpenSSL
1.0.1 would fail. Resolves ticket 6033.
- When waiting for a client to renegotiate, don't allow it to add
any bytes to the input buffer. This fixes a potential DoS issue.
Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
- Fix an edge case where if we fetch or publish a hidden service
descriptor, we might build a 4-hop circuit and then use that circuit
for exiting afterwards -- even if the new last hop doesn't obey our
ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
o Minor bugfixes:
- Fix a build warning with Clang 3.1 related to our use of vasprintf.
Fixes bug 5969. Bugfix on 0.2.2.11-alpha.
o Minor features:
- Tell GCC and Clang to check for any errors in format strings passed
to the tor_v*(print|scan)f functions.
Patch submitted by Christian Sturm, fixes PR pkg/46609.
|
|
Bug fixes.
|
|
|
|
|
|
|
|
update the package.
Patch from Blair Sadewitz, submitted in PR pkg/46598.
|
|
|
|
Almost certainly no one is using them, and it's been years since
they've been deprecated.
|
|
|
|
PR 46597.
XXX: please update the condition if it is not adapted to your platforms.
|
|
|
|
|
|
Stop a silent dependency on LDAP if such is found.
|
|
* rfc2045mkboundary.c was broken in 0.68
Changes 0.68:
* rfc2045/rfc2045mkboundary.c (rfc2045_mk_boundary): truncate
the hostname portion of the boundary to 30 chars.
* courier/doc/courier.sgml: Remove descriptions of some configuration
files that were moved to the courier-authlib package a while ago.
They don't belong here any more.
* courier/submit.C: Use the authenticated address, instead of the
return address, for domain-based virtual configuration.
* courier/libs/cfilename.c (config_has_vhost): Checks whether
vhost.[ip] exists.
* courier/module.esmtp/courieresmtpd.c (main): Only set a message's
virtual host if vhost.[ip] exists.
* courier/module.esmtp/esmtpclient.c (get_sourceaddr): Make sure the
input buffer is null-terminated.
* courier/submit.C (getrcpts): If there's no vhost setting from the
sender's IP address (this includes local mail!) if vhost.domain exists,
use [domain] as the virtual host.
* Remove config_search(), which simply called config_localfilename().
Change all current callers to call config_localfilename().
* courier/libs/cfilename.c (config_set_local_vhost): saves a string
that gets appended as a suffix, by config_localfilename(), and if that
filename exists, that's returned as the filename, otherwise it's the
original string without the suffix. config_get_local_vhost() returns
the suffix string.
to config_set_local_vhost().
* courier/libs/comsubmitclient.c (submit_fork): If
config_get_local_vhost(), add a -vhost parameter to submit().
* courier/submit.C (cppmain): -vhost sets config_set_local_vhost().
* courier/submit2.C (closectl): New COMCTLFILE_VHOST parameter in the
config file, taken from the vhost setting.
* courier/libs/comctlfile.c (ctlfile_setvhost): If COMCTLFILE_VHOST is
set, call ctlfile_setvhost(), return an indication if the vhost has
changed. Absence of a COMCTLFILE_VHOST treated as a discrete "(null)"
setting.
* courier/module.esmtp/esmtpclient.c (esmtpchild): If ctlfile_setvhost()
then disconnect the current socket, if one is open.
* courier/module.esmtp/esmtpclient.c (get_sourceaddr): The IP address
specified in ipout or ip6out overrides SOURCE_ADDRESS and
SOURCE_ADDRESS_IPV6 environment variable.
* courier/module.local/localmail.c (main): Call ctlfile_setvhost().
* courier/module.uucp/uucp.c (uux): Call ctlfile_setvhost().
* courier/module.dsn/dsn.c (main): Call ctlfile_setvhost().
* liblock/mail.c (dotlock_exists): Quell a compiler warning.
* courier/courierd.dist.in SOURCE_ADDRESS: Add a note that this setting
is deprecated.
|
|
bug fixes.
|
|
Features:
* unbound-control forward_add, forward_remove, stub_add, stub_remove can modify stubs and forwards for running unbound they can also add and remove domain-insecure for the zone. This is to support reconfiguration of a DNSSEC validator on a computer that changes networks and has to enable new network config for the new location.
* new approach to NS fetches for DS lookup that works with cornercases, and is more robust and considers forwarders.
* contrib/validation-reporter follows rotated log file
* Applied patch for rrset-roundrobin and minimal-responses features (new options, enable in unbound.conf to use).
* ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older openssl.
* Patch for access to full DNS packet data in unbound python module
* forward-first option. Tries without forward if a query fails. Also stub-first option that is similar.
Bug Fixes:
* Fix possible uninitialised variable in windows pipe implementation.
* Fix alignment problem in util/random on sparc64/freebsd.
* Fix for accept spinning reported by OpenBSD.
* Fix validation of nodata for DS query in NSEC zones
* [bugzilla: 444 ] Fix that setusercontext was called too late
* [bugzilla: 443 ] Fix --with-chroot-dir not honoured by configure.
* [bugzilla: 442 ] Fix that Makefile depends on pythonmod headers even using --without-pythonmodule.
* Fix to locate nameservers for DS lookup with NS fetches.
* Applied line-buffer patch from Augie Schwer to validation.reporter.sh.
* flush_infra cleans timeouted servers from the cache too.
* Fix from code review, if EINPROGRESS not defined chain if statement differently.
* [bugzilla: 434 ] Fix windows port to check registry for config file location for unbound-control.exe, and unbound-checkconf.exe.
* Fix to squelch 'network unreachable' errors from tcp connect in logs, high verbosity will show them.
* Fix prefetch and sticky NS ghost domain. It picks nameservers that 'would be valid in the future', and if this makes the NS timeout, it updates that NS by asking delegation from the parent again. If child NS has longer TTL, that TTL does not get refreshed from the lookup to the child nameserver.
* RT#2955 Fix for cygwin compilation.
* Slightly smaller critical region in one case in infra cache.
* Fix timeouts to keep track of query type, A, AAAA and other, if another has caused timeout blacklist, different type can still probe.
unit test fix for nomem_cnametopos.rpl race condition.
* fix memory leak in errorcase for DSA signatures.
* workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
* fix for windows, rename() is not posix compliant on windows.
* iana portlist updated
|
|
|
|
quagga installs man pages for several programs only if the programs
are built. This commit just moves some man pages to PLIST.v6 and
PLIST.opaquelsa.
No revbump because the package, if it built before, will be unchanged.
But now building with non-default options should work.
|
|
* Changes in Quagga 0.99.21
- [bgpd] BGP multipath support has been merged
- [bgpd] SAFI (Multicast topology) support has been extended to propagate
the topology to zebra.
- [bgpd] AS path limit functionality has been removed
- [babeld] a new routing daemon implementing the BABEL ad-hoc mesh routing
protocol has been merged.
- [isisd] a major overhaul has been picked up. Please note that isisd is
STILL NOT SUITABLE FOR PRODUCTION USE.
- [*] a lot of bugs have been fixed, please refer to the git log
|