| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
net/nasd: build fix
Revisions pulled up:
- net/nasd/distinfo 1.2
- net/nasd/patches/patch-al 1.2
- net/nasd/patches/patch-ay 1.2
- net/nasd/patches/patch-common_i386_Imakefile 1.1
- net/nasd/patches/patch-include_nasd_nasd__timer_h 1.1
- net/nasd/patches/patch-kernel__generate_dux_other_Makefile 1.1
- net/nasd/patches/patch-kernel__generate_dux_other_nasd_Makefile 1.1
---
Module Name: pkgsrc
Committed By: dholland
Date: Sat Jun 2 23:34:56 UTC 2012
Modified Files:
pkgsrc/net/nasd: distinfo
pkgsrc/net/nasd/patches: patch-al patch-ay
Added Files:
pkgsrc/net/nasd/patches: patch-common_i386_Imakefile
patch-include_nasd_nasd__timer_h
patch-kernel__generate_dux_other_Makefile
patch-kernel__generate_dux_other_nasd_Makefile
Log Message:
Fix broken build.
(1) With gcc 4.5, cpp does not fold lines separated by a escaped
newline in the output. Therefore when nasd_rpcgen runs its rpc
definitions through cpp, what comes out contains syntax errors. The
parser then reports these with SIGSEGV. First fix the cpp plumbing to
use the cpp tool wrapper during build, and then have it use -traditional.
(2) On amd64, roughly half the build thinks it's actually i386. Patch
the other half to agree. This may not turn out to work, but it does
build instead of dumping out bizarre compile errors.
|
|
net/bind96 security update
Revisions pulled up:
- net/bind96/Makefile 1.26
- net/bind96/distinfo 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jun 4 13:29:19 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update bind96 to 9.6.3.1.ESV.7pl1 (BIND 9.6-ESV-R7-P1).
Security release for CVE-2012-1667.
--- 9.6-ESV-R7-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
net/bind97 security update
Revisions pulled up:
- net/bind97/Makefile 1.15
- net/bind97/distinfo 1.14
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jun 4 13:27:32 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
Update bind97 to 9.7.6pl1 (BIND 9.7.6-P1).
Security release for CVE-2012-1667.
--- 9.7.6-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
net/bind98 security update
Revisions pulled up:
- net/bind98/Makefile 1.12
- net/bind98/distinfo 1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jun 4 13:25:56 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
Update bind98 to 9.8.3pl1 (BIND 9.8.3-P1).
Security release for CVE-2012-1667.
--- 9.8.3-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
net/bind99 security update
Revisions pulled up:
- net/bind99/Makefile 1.5
- net/bind99/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jun 4 13:24:28 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.1pl1 (BIND 9.9.1-P1).
Security release for CVE-2012-1667.
--- 9.9.1-P1 released ---
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
|
|
net/haproxy: security update
Revisions pulled up:
- net/haproxy/Makefile 1.4
- net/haproxy/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: morr
Date: Fri May 25 08:19:47 UTC 2012
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update for net/haproxy to 1.4.21.
ChangeLog:
2012/05/21 : 1.4.21
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
2012/03/10 : 1.4.20
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUILD: fix build error on FreeBSD
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
- DOC: enumerate valid status codes for "observe layer7"
- BUILD: make it possible to look for pcre in the default system paths
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/haproxy/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/haproxy/distinfo
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.78
- net/wireshark/distinfo 1.55
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Tue May 22 22:42:17 UTC 2012
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.6.8. Changes since 1.6.7:
- The following vulnerabilities have been fixed:
o wnpa-sec-2012-08
Infinite and large loops in the ANSI MAP, ASF, BACapp,
Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors
have been fixed. Discovered by Laurent Butti. (Bugs 6805,
7118, 7119, 7120, 7121, 7122, 7124, 7125)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-09
The DIAMETER dissector could try to allocate memory improperly
and crash. (Bug 7138)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
o wnpa-sec-2012-10
Wireshark could crash on SPARC processors due to misaligned
memory. Discovered by Klaus Heckelmann. (Bug 7221)
Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.
- The following bugs have been fixed:
o User-Password - PAP decoding passwords longer than 16 bytes.
(Bug 6779)
o The MSISDN is not seen correctly in GTP packet. (Bug 7042)
o Wireshark doesn't calculate the right IPv4 destination using
source routing options when bad options precede them. (Bug
7043)
o BOOTP dissector issue with DHCP option 82 - suboption 9. (Bug
7047)
o MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW
packets. (Bug 7089)
o ANSI MAP infinite loop. (Bug 7119)
o HCIEVT infinite loop. (Bug 7122)
o Wireshark doesn't decode NFSv4.1 operations. (Bug 7127)
o LTP infinite loop. (Bug 7124)
o Wrong values in DNS CERT RR. (Bug 7130)
o Megaco parser problem with LF in header. (Bug 7198)
o OPC UA bytestring node id decoding is wrong. (Bug 7226)
- Updated Protocol Support
ANSI MAP, ASF, BACapp, Bluetooth HCI, DHCP, DIAMETER, DNS, GTP,
IEEE 802.11, IEEE 802.3, IPv4, LTP, Megaco, MPLS, NFS, OPC UA,
RADIUS
- New and Updated Capture File Support
5View, CSIDS, pcap, pcap-ng
To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.54 -r1.55 pkgsrc/net/wireshark/distinfo
|
|
net/bind96: security update
Revisions pulled up:
- net/bind96/Makefile 1.25
- net/bind96/distinfo 1.17
- net/bind96/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:34:32 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Removed Files:
pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c
Log Message:
Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7).
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
|
|
net/bind97: security update
Revisions pulled up:
- net/bind97/Makefile 1.14
- net/bind97/distinfo 1.13
- net/bind97/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:33:28 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Removed Files:
pkgsrc/net/bind97/patches: patch-lib_dns_resolver.c
Log Message:
Update bind97 package to 9.7.6.
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
|
|
net/bind98: security update
Revisions pulled up:
- net/bind98/Makefile 1.10-1.11
- net/bind98/distinfo 1.10-1.11
- net/bind98/files/named9.sh 1.2
- net/bind98/patches/patch-bin_tests_system_Makefile.in 1.1-1.2
- net/bind98/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 13:22:40 UTC 2012
Modified Files:
pkgsrc/net/bind98: distinfo
Added Files:
pkgsrc/net/bind98/patches: patch-bin_tests_system_Makefile.in
Log Message:
net/bind98: Fix undefined reference to 'main'
Bind98 needs the same fix bind99 received on 23 Mar 2012 to fix the
linking of driver.so
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 09:10:44 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile
pkgsrc/net/bind98/files: named9.sh
Log Message:
PR#45780 net/bind98: Fix chroot operation
Implemented per PR.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:32:31 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
pkgsrc/net/bind98/patches: patch-bin_tests_system_Makefile.in
Removed Files:
pkgsrc/net/bind98/patches: patch-lib_dns_resolver.c
Log Message:
Update bind98 to 9.8.3.
pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.
Changes from release announce:
Security Fixes
* Windows binary packages distributed by ISC are now built and linked
against OpenSSL 1.0.0i
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* named-checkconf now correctly validates dns64 clients acl
definitions. [RT #27631]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Improves DNS64 reverse zone performance. [RT #28563]
* Adds wire format lookup method to sdb. [RT #28563]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
|
|
net/bind99/: security update
Revisions pulled up:
- net/bind99/Makefile 1.3-1.4
- net/bind99/PLIST 1.2
- net/bind99/distinfo 1.4
- net/bind99/files/named9.sh 1.2
- net/bind99/patches/patch-bin_tests_system_Makefile.in 1.2
- net/bind99/patches/patch-lib_dns_resolver.c deleted
---
Module Name: pkgsrc
Committed By: marino
Date: Sun May 20 12:00:15 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile
pkgsrc/net/bind99/files: named9.sh
Log Message:
PR#45780 net/bind99: Fix chroot operation
DNSSEC related, bind99 needs same fix as bind98
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 22 03:31:07 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile PLIST distinfo
pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
Removed Files:
pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c
Log Message:
Update biind99 package to 9.9.1.
pkgsrc change: add an comment to patches/patch-bin_tests_system_Makefile.in.
Changes from release announce:
Security Fixes
* Windows binary packages distributed by ISC are now built and linked
against OpenSSL 1.0.0i
New Features
* None
Feature Changes
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* A note will be added to the README in future releases to explain
that the improved scalability provided by using multiple threads
to listen for and process queries (change 3137, RT #22992) does
not provide any performance benefit when running BIND on versions
of the linux kernel that do not include the 'lockless UDP transmit
path' changes that were incorporated in 2.6.39. (Some linux
distributors may have provided this functionality under their
own version numbering systems).
Bug Fixes
* The locking strategy around the handling of iterative queries
has been tuned to reduce unnecessary contention in a multi-threaded
environment. (Note that this may not provide a measurable
improvement over previous versions of BIND, but it corrects the
performance impact of change 3309 / RT #27995) [RT #29239]
* Addresses a race condition that can cause named to to crash when
the masters list for a zone is updated via rndc reload/reconfig
[RT #26732]
* named-checkconf now correctly validates dns64 clients acl
definitions. [RT #27631]
* Fixes a race condition in zone.c that can cause named to crash
during the processing of rndc delzone [RT #29028]
* Prevents a named segfault from resolver.c due to procedure
fctx_finddone() not being thread-safe. [RT #27995]
* Improves DNS64 reverse zone performance. [RT #28563]
* Adds wire format lookup method to sdb. [RT #28563]
* Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
an assertion when flushing cache data. [RT #28571]
* Prevents intermittent named crashes following an rndc reload [RT
#28606]
* Resolves inconsistencies in locating DNSSEC keys where zone names
contain characters that require special mappings [RT #28600]
* A new flag -R has been added to queryperf for running tests
using non-recursive queries. It also now builds correctly on
MacOS version 10.7 (darwin) [RT #28565]
* Named no longer crashes if gssapi is enabled in named.conf but
was not compiled into the binary [RT #28338]
* SDB now handles unexpected errors from back-end database drivers
gracefully instead of exiting on an assert. [RT #28534]
* Prevents named crashes as a result of dereferencing a NULL pointer
in zmgr_start_xfrin_ifquota if the zone was being removed while
there were zone transfers still pending [RT #28419]
* Corrects a parser bug that could cause named to crash while
reading a malformed zone file. [RT #28467]
* Ensures that when a client recurses its status fields are
consistently set so that named doesn't fail on an INSIST in
client.c:exit_check. [RT #28346]
* Fixed a problem preventing proper use of 64 bit time values in
libbind. [RT # 26542]
* isccc/cc.c:table_fromwire could fail to free an allocated object
on error, leading to a possible memory leak condition. [RT #28265]
* Fixed a build error on systems without ENOTSUP. [RT #28200]
* The header file isc/hmacsha.h is now installed when building
BIND. [RT #28169]
* AAAA responses will no longer be returned in the additional
section when filter-aaaa-on-v4 is in use. (Prior to this change,
they would be returned for some query types). [RT #27292]
|
|
net/netatalk: quota support fix
Revisions pulled up:
- net/netatalk/Makefile 1.83
- net/netatalk/distinfo 1.45
- net/netatalk/patches/patch-aa 1.24
- net/netatalk/patches/patch-etc_afpd_quota_c 1.2
- net/netatalk/patches/patch-macros_quota-check.m4 1.2
---
Module Name: pkgsrc
Committed By: dholland
Date: Sat May 12 21:53:20 UTC 2012
Modified Files:
pkgsrc/net/netatalk: Makefile distinfo
pkgsrc/net/netatalk/patches: patch-aa patch-etc_afpd_quota_c
patch-macros_quota-check.m4
Log Message:
PR 46072: netatalk broken with netbsd-6 quotas
Add support for the new libquota. Drop support for the proplib
libquota; it's not worth the configure-time hassle.
Fix some moderately serious bugs in the original/previous libquota
patches; it's clear for example they were never tested with group
quotas.
|
|
net/samba35: security update
Revisions pulled up:
- net/samba35/Makefile 1.20
- net/samba35/distinfo 1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 2 14:50:19 UTC 2012
Modified Files:
pkgsrc/net/samba35: Makefile distinfo
Log Message:
Update samba35 package to 3.5.15.
==============================
Release Notes for Samba 3.5.15
April 30, 2012
==============================
This is a security release in order to address
CVE-2012-2111 (Incorrect permission checks when granting/removing
privileges can compromise file server security).
o CVE-2012-2111:
Samba 3.4.x to 3.6.4 are affected by a
vulnerability that allows arbitrary users
to modify privileges on a file server.
|
|
net/samba: security update
Revisions pulled up:
- net/samba/Makefile 1.219
- net/samba/distinfo 1.85
---
Module Name: pkgsrc
Committed By: taca
Date: Wed May 2 14:48:00 UTC 2012
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Log Message:
Update samba to 3.6.5.
=============================
Release Notes for Samba 3.6.5
April 30, 2012
=============================
This is a security release in order to address
CVE-2012-2111 (Incorrect permission checks when granting/removing
privileges can compromise file server security).
o CVE-2012-2111:
Samba 3.4.x to 3.6.4 are affected by a
vulnerability that allows arbitrary users
to modify privileges on a file server.
|
|
net/bind96: security patch
Revisions pulled up:
- net/bind96/Makefile 1.24
- net/bind96/distinfo 1.16
- net/bind96/patches/patch-lib_dns_resolver.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 1 02:49:27 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Added Files:
pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c
Log Message:
Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.
Bump PKGREVISION.
|
|
net/bind97: security patch
Revisions pulled up:
- net/bind97/Makefile 1.13
- net/bind97/distinfo 1.12
- net/bind97/patches/patch-lib_dns_resolver.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 1 02:48:58 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Added Files:
pkgsrc/net/bind97/patches: patch-lib_dns_resolver.c
Log Message:
Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.
Bump PKGREVISION.
|
|
net/bind98: security patch
Revisions pulled up:
- net/bind98/Makefile 1.9
- net/bind98/distinfo 1.9
- net/bind98/patches/patch-lib_dns_resolver.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 1 02:48:20 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Added Files:
pkgsrc/net/bind98/patches: patch-lib_dns_resolver.c
Log Message:
Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.
Bump PKGREVISION.
|
|
net/bind99: security patch
Revisions pulled up:
- net/bind99/Makefile 1.2
- net/bind99/distinfo 1.3
- net/bind99/patches/patch-lib_dns_resolver.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 1 02:47:52 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Added Files:
pkgsrc/net/bind99/patches: patch-lib_dns_resolver.c
Log Message:
Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.
Bump PKGREVISION.
|
|
net/netatalk: build fix
Revisions pulled up:
- net/netatalk/Makefile 1.82
---
Module Name: pkgsrc
Committed By: hauke
Date: Tue Apr 17 16:14:54 UTC 2012
Modified Files:
pkgsrc/net/netatalk: Makefile
Log Message:
As a workaround to PR pkg/46072, build Netatalk explicitely without
quota support for NetBSD 5.99.62 and newer, until we have patches
supporting the new quota interface.
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.77
- net/wireshark/distinfo 1.54
---
Module Name: pkgsrc
Committed By: drochner
Date: Sat Apr 14 13:31:28 UTC 2012
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
update to 1.6.7
changes:
The following bugs have been fixed:
-showing Malformed Packets H263-1996 (RFC2190).
-Wireshark could crash while trying to open an rpcap: URL.
Updated Protocol Support: H.263
|
|
net/samba33: security fix
Revisions pulled up:
- net/samba33/Makefile 1.21
- net/samba33/distinfo 1.10
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: asau
Date: Wed Apr 11 10:10:58 UTC 2012
Modified Files:
pkgsrc/net/samba33: Makefile distinfo
Log Message:
Apply official patch to address CVE-2012-1182 ("root" credential remote code
execution).
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/samba33/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/samba33/distinfo
|
|
net/samba30: security fix
Revisions pulled up:
- net/samba30/Makefile 1.5
- net/samba30/Makefile.patches 1.2
- net/samba30/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: asau
Date: Wed Apr 11 10:03:37 UTC 2012
Modified Files:
pkgsrc/net/samba30: Makefile Makefile.patches distinfo
Log Message:
Apply official patch to address CVE-2012-1182 ("root" credential remote code
execution).
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/samba30/Makefile
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/samba30/Makefile.patches
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/samba30/distinfo
|
|
net/samba: security update
net/samba35: security update
Revisions pulled up:
- net/samba/Makefile 1.218
- net/samba/distinfo 1.84
- net/samba35/Makefile 1.19
- net/samba35/distinfo 1.11
---
Module Name: pkgsrc
Committed By: asau
Date: Wed Apr 11 09:36:21 UTC 2012
Modified Files:
pkgsrc/net/samba35: Makefile distinfo
Log Message:
Update to Samba 3.5.14
This is a security release in order to address
CVE-2012-1182 ("root" credential remote code execution).
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes since 3.5.13:
---------------------
o Stefan Metzmacher <metze%samba.org@localhost>
*BUG 8815: PIDL based autogenerated code allows overwriting beyond of
allocated array (CVE-2012-1182).
---
Module Name: pkgsrc
Committed By: asau
Date: Wed Apr 11 09:30:09 UTC 2012
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Log Message:
Update to Samba 3.6.4
This is a security release in order to address
CVE-2012-1182 ("root" credential remote code execution).
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes since 3.6.3:
--------------------
o Stefan Metzmacher <metze%samba.org@localhost>
*BUG 8815: PIDL based autogenerated code allows overwriting beyond of
allocated array (CVE-2012-1182).
|
|
net/wu-ftpd: build fix
Revisions pulled up:
- net/wu-ftpd/distinfo 1.18-1.20
- net/wu-ftpd/patches/patch-ai 1.11
- net/wu-ftpd/patches/patch-aj 1.8
- net/wu-ftpd/patches/patch-ao 1.2-1.3
- net/wu-ftpd/patches/patch-ap 1.2-1.3
- net/wu-ftpd/patches/patch-configure_in 1.1-1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 8 04:43:51 UTC 2012
Modified Files:
pkgsrc/net/wu-ftpd: distinfo
pkgsrc/net/wu-ftpd/patches: patch-ai patch-ao patch-ap
Added Files:
pkgsrc/net/wu-ftpd/patches: patch-configure_in
Log Message:
Fix quota handling on NetBSD. If the new <quota.h> exists, use it. If
all that exists is the 5.99 proplib quotas, disable quota support.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/wu-ftpd/distinfo
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/wu-ftpd/patches/patch-ai
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/wu-ftpd/patches/patch-ao \
pkgsrc/net/wu-ftpd/patches/patch-ap
cvs rdiff -u -r0 -r1.1 pkgsrc/net/wu-ftpd/patches/patch-configure_in
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 8 04:49:57 UTC 2012
Modified Files:
pkgsrc/net/wu-ftpd: distinfo
pkgsrc/net/wu-ftpd/patches: patch-aj
Log Message:
whoops, forgot one
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/wu-ftpd/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/wu-ftpd/patches/patch-aj
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Apr 8 05:11:13 UTC 2012
Modified Files:
pkgsrc/net/wu-ftpd: distinfo
pkgsrc/net/wu-ftpd/patches: patch-ao patch-ap patch-configure_in
Log Message:
Third time's the charm. I hope. autoconf can bite me.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/wu-ftpd/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/wu-ftpd/patches/patch-ao \
pkgsrc/net/wu-ftpd/patches/patch-ap
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/wu-ftpd/patches/patch-configure_in
|
|
|
|
* let to exactly use system libpcap (fixes build with newer system libpcap).
Bump PKGREVISION.
|
|
Security Fixes
+ BIND 9 nameservers performing recursive queries could cache an
invalid record and subsequent queries for that record could
crash the resolvers with an assertion failure. [RT #26590]
[CVE-2011-4313]
Feature Changes
+ Improves initial start-up and server reload time by increasing
the default size of the hash table the configuration parser
uses to keep track of loaded zones and allowing it to grow
dynamically to better handle systems with large numbers of
zones. [RT #26523]
+ --enable-developer, a new composite argument to the configure
script, enables a set of build options normally disabled but
frequently selected in test or development builds, specifically:
enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
Darwin, also enable_exportlib) [RT #27103]
|
|
Security Fixes
+ BIND 9 nameservers performing recursive queries could cache an
invalid record and subsequent queries for that record could
crash the resolvers with an assertion failure. [RT #26590]
[CVE-2011-4313]
Feature Changes
+ It is now possible to explicitly disable DLV in named.conf by
specifying "dnssec-lookaside no;". This is the default, but the
ability to configure it makes it clearly visible to administrators.
[RT #24858]
+ --enable-developer, a new composite argument to the configure
script, enables a set of build options normally disabled but
frequently selected in test or development builds, specifically:
enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
Darwin, also enable_exportlib) [RT #27103]
|
|
Security Fixes
+ BIND 9 nameservers performing recursive queries could cache an
invalid record and subsequent queries for that record could
crash the resolvers with an assertion failure. [RT #26590]
[CVE-2011-4313]
Feature Changes
+ RPZ implementation now conforms to version 3 of the specification.
[RT #27316]
+ It is now possible to explicitly disable DLV in named.conf by
specifying "dnssec-lookaside no;". This is the default, but the
ability to configure it makes it clearly visible to administrators.
[RT #24858]
+ --enable-developer, a new composite argument to the configure
script, enables a set of build options normally disabled but
frequently selected in test or development builds, specifically:
enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
Darwin, also enable_exportlib) [RT #27103]
|
|
PR 46085.
|
|
* no need to take care PKGSYSCONFDIR manulally, or it may result in broken
behavior if PKG_SYSCONFBASE != ${PREFIX}/etc.
ride on last bump.
|
|
|
|
|
|
This package does a lot of storing of ints in pointers and thus
generates a lot of cast warnings; I believe the others are harmless.
|
|
on NetBSD current or probably -6 because of bpf issues, but now stands
a chance of being able to run on LP64 platforms and/or at all when that's
fixed.
|
|
|
|
|
|
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-04
The ANSI A dissector could dereference a NULL pointer and
crash. (Bug 6823)
Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
o wnpa-sec-2012-05
The IEEE 802.11 dissector could go into an infinite loop. (Bug
6809)
Versions affected: 1.6.0 to 1.6.5.
o wnpa-sec-2012-06
The pcap and pcap-ng file parsers could crash trying to read
ERF data. (Bug 6804)
Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
o wnpa-sec-2012-07
The MP2T dissector could try to allocate too much memory and
crash. (Bug 6804)
Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
o The Windows installers now include GnuTLS 1.12.18, which fixes
several vulnerabilities.
The following bugs have been fixed:
o ISO SSAP: ActivityStart: Invalid decoding the activity
parameter as a BER Integer. (Bug 2873)
o Forward slashes in URI need to be converted to backslashes if
WIN32. (Bug 5237)
o Character echo pauses in Capture Filter field in Capture
Options. (Bug 5356)
o Some PGM options are not parsed correctly. (Bug 5687)
o dumpcap crashes when capturing from pipe to a pcap-ng file
(e.g., when passing data from CACE Pilot to Wireshark). (Bug
5939)
o Unable to rearrange columns in preferences on Windows. (Bug
6077) (Note: this bug still affects the 64-bit package)
o No error for UDP/IPv6 packet with zero checksum. (Bug 6232)
o Wireshark installer doesn't add access_bpf in 10.5.8. (Bug
6526)
o Corrupted Diameter dictionary file that crashes Wireshark.
(Bug 6664)
o packetBB dissector bug: More than 1000000 items in the tree --
possible infinite loop. (Bug 6687)
o ZEP dissector: Timestamp not always displayed correctly.
Fractional seconds never displayed. (Bug 6703)
o GOOSE Messages don't use the length field to perform the
dissection. (Bug 6734)
o Ethernet traces in K12 text format sometimes give bogus
"malformed frame" errors and other problems. (Bug 6735)
o max_ul_ext isn't printed/decoded to the packet details log in
GTP protocol packet. (Bug 6761)
o non-IPP packets to or from port 631 are dissected as IPP. (Bug
6765)
o lua proto registration fails for uppercase proto /
g_ascii_strdown problem. (Bug 6766)
o no menu item Fle->Export->SSL Session Keys in GTK. (Bug 6813)
o IAX2 dissector reads past end of packet for unknown IEs. (Bug
6815)
o TShark 1.6.5 immediately crashes on SSL decryption (every
time). (Bug 6817)
o USB: unknown GET DESCRIPTOR response triggers assert failure.
(Bug 6826)
o IEEE1588 PTPv2 over IPv6. (Bug 6836)
o Patch to fix DTLS decryption. (Bug 6847)
o Expression... dialog crash. (Bug 6891)
o display filter "gtp.msisdn" not working. (Bug 6947)
o Multiprotocol Label Switching Echo - Return Code: Reserved
(5). (Bug 6951)
o ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972)
o Adding a Custom HTTP Header Field with a trailing colon causes
wireshark to immediately crash (and crash upon restart). (Bug
6982)
o Radiotap dissector lists a bogus "DBM TX Attenuation" bit.
(Bug 7000)
o MySQL dissector assertion. (Ask 8649)
o Radiotap header format data rate alignment issues. (Ask 8649)
- Updated Protocol Support
ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP,
IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP,
PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP
- New and Updated Capture File Support
Endace ERF, Pcap-NG, Tektronix K12
|
|
|
|
Represents a DHCP packet as specified in RFC 1533, RFC 2132.
|
|
* yylineno is present in all scanners by flex>=2.5.20.
fixes PR 46194.
|
|
* no need to move escape.rb, include one will be picked up.
Bump PKGREVISION.
|
|
bug fixes.
|
|
DragonFly build was broken during the linking of driver.so
----
libtool: link: cc -o driver.so .libs/driver.o -L/wrkobjdir/net/bind99/work/.buildlink/lib
/usr/lib/crt1.o: In function `_start':
crt1.c:(.text+0x149): undefined reference to `main'
*** Error code 1
----
This has been seen on other platforms:
Fedora: http://lists.fedoraproject.org/pipermail/scm-commits/2011-November/683368.html
Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=406399
Not building dlzexternal is the solution the worked in the above reports.
It works for DragonFly as well, and the PLIST is not affected.
|
|
|
|
per PR 46236 by David Howland.
while here, set LICENSE=modified-bsd.
2012/03/19:
Fix ipfilter support (thanks dhowland https://github.com/dhowland)
2012/03/14:
Changes to miniupnpd.init.d.script by Shawn Landden
2012/03/05:
fixed reload_from_lease_file().
2012/02/15:
Change parselanaddr() function to allow 192.168.1.1/255.255.255.0 in
configuration file.
Change read_permission_line() to allow 192.168.1.1/255.255.255.0 in
permission line (in configuration file).
2012/02/12:
More syntax checks in upnppermissions.c
2012/02/11:
Fix ipfw/Mac OS X specific source files to compile ok with -ansi flag
2012/02/09:
Make HTTP listen socket non blocking (so accept() can't block)
Make SSDP receive sockets non blocking
use sockaddr_to_string() in SendSSDPAnnonce2 to handle IPv6 addresses
2012/02/06:
Make HTTP (SOAP) sockets non blocking.
2012/02/05:
Compile ok with -ansi flag.
Save a few bytes in options.c using a string repository, instead of a fixed size
buffer for each option value.
2012/02/04:
Added friendly_name= option to config file
2012/02/03:
Anchor name (PF) is now configurable through the config file with anchor=
Added test of presence of /lib/libip4tc.so and /lib/libip6tc.so files in
Makefile.linux in order to add -lip4tc and -lip6tc to LIBS accordingly.
2012/02/01:
always handle EAGAIN, EWOULDBLOCK and EINTR after recv()/recvfrom() calls
2012/01/20:
Always #include <netinet/in.h> before #include <arpa/inet.h> (for OpenBSD)
.onrdomain field was added in pf with OpenBSD 5.0. Add PFRULE_HAS_ONRDOMAIN
2012/01/02:
Fixing netfilter/iptables_*.sh scripts for new ifconfig output format.
getifaddr.c: added additional checks on structure returned by getifaddrs()
Fixing Mac OS X makefile for installation
2011/11/18:
avoid infinite loop in SendResp_upnphttp() in case of error
Replaced SendResp_upnphttp() + CloseSocket_upnphttp() by
SendRespAndClose_upnphttp()
Tomato specifics in genconfig.sh
2011/07/30:
netfilter : Added a tiny_nf_nat.h file to compile with iptables
installed headers.
include xtables.h instead of iptables.h
VERSION 1.6 : released the 2011/07/25
A lot of work on IPv6 support and IGDv2. Support of lease duration, etc.
VERSION 1.5 : released the 2011/01/01
bugfixed and is now compatible with OpenBSD >= 4.7. It includes preliminary support for the version 2 of the UPnP Internet Gateway specification.
|
|
per maintainer updater request by PR 46241.
v3.0.715 (January 2012)
- Compatibility fixes for Hurd and Solaris.
- Use link-time optimization and automake-like silent rules.
- Support systems without ifaddrs.h again.
- Continuing fixes for IPv6 support.
- Only update lastseen time for sender, not recipient.
- Implement --local-only: accounting for hosts on the local net.
- Make failure to bind() a socket non-fatal.
- Make failure to get local IP non-fatal.
- Fall back to gethostbyaddr() if getnameinfo() fails.
- Fix detection of IPv4 multicast addresses.
- Fix decoding on OpenBSD DLT_NULL interfaces (e.g. gif(4))
|
|
Changes in 2.8.0:
* Dead lettering
* Internal flow control
|
|
Both of these directories are referred to by the default radiusd.conf
and so should be provided to allow radiusd to run after installation.
|
|
default radiusd.conf file refers to this by trying to include files from
there. As a result, the example configuration is incomplete without this.
|
