Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for seamonkey
Revisions pulled up:
- pkgsrc/www/seamonkey/Makefile 1.24
- pkgsrc/www/seamonkey/Makefile-seamonkey.common 1.13
- pkgsrc/www/seamonkey/distinfo 1.25
- pkgsrc/www/seamonkey/patches/patch-ac 1.4
- pkgsrc/www/seamonkey-gtk1/Makefile 1.17
- pkgsrc/www/seamonkey-bin/Makefile 1.17
- pkgsrc/www/seamonkey-bin/distinfo 1.14
Module Name: pkgsrc
Committed By: ghen
Date: Mon Oct 22 08:04:08 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile Makefile-seamonkey.common distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
pkgsrc/www/seamonkey-gtk1: Makefile
pkgsrc/www/seamonkey/patches: patch-ac
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to SeaMonkey 1.1.5.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.49
- pkgsrc/www/firefox/distinfo 1.70
- pkgsrc/www/firefox/patches/patch-ac 1.10
- pkgsrc/www/firefox-bin/Makefile 1.35
- pkgsrc/www/firefox-bin/distinfo 1.33, 1.34, 1.35
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 08:59:56 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox/patches: patch-ac
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.8.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 19:47:43 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Add distinfo entries for Solaris {8,10}/{i386,sparc} as well.
Noted by dmcmahill.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Oct 20 10:42:37 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Remove empty lines to get rid of warnings in weekly pkgsrc checks on babylon5.
Suggested by veego.
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.24
- pkgsrc/www/drupal/distinfo 1.17
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Oct 18 13:01:36 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.3
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment
Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no
admin links for the module
See http://drupal.org/node/184395 for all the details
|
|
|
|
|
|
This fixes a long standing build failure on SunOS-5.9/sparc and does
not seem to break things on NetBSD.
|
|
|
|
and x86
for each of those).
|
|
close PR pkg/37071
reviewd by xtraeme@
|
|
|
|
|
|
|
|
Okay'd during freeze by wiz.
This was noticed in my own builds and also shown in
recent DragonFly bulk build.
|
|
systems.
|
|
option to the install script for where to install the man page.
|
|
amount of configuration (ie, set the data directory).
Added the supplied sample files to the pkgsrc package.
This should solve PR pkg/31460 by Stefan Schumacher.
While here, added support for installation to DESTDIR and marked the
package as a pure Perl package (no compiler necessary).
|
|
of some executable skripts (lwp-*) tell MakeMaker to use the default answers
provided in Makefile.PL.
This should solve PR pkg/30737 from Joern Clausen.
|
|
|
|
|
|
work again and enables a successful run of the "test" target.
|
|
eperl_proto.h:56: error: array type has incomplete element type
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cairo versions that conflict with Mozilla's included version.
Reported via PR#37006 and fixed with input from Vincent on tech-pkg@netbsd.org.
Bump PKGREVISION.
|
|
cairo versions that conflict with Mozilla's included version.
Reported via PR#37006 and fixed with input from Vincent on tech-pkg@netbsd.org.
Bump PKGREVISION.
|
|
Also enable p5-PerlMagick for the img plugin (included in the
goodstuff bundle).
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Add p5-Text-Markdown to dependencies, since the Makefile complains about it.
Add two dependencies that were marked as "optional" in the pkgsrc Makefile.
XXX: A few dependencies should be checked, if they are really needed here.
Don't bump PKGREVISION because the update was a very short time ago.
|
|
Changes since 1.32:
ikiwiki (2.5) unstable; urgency=low
In this version the rst plugin allows raw html to be embedded in rst files.
As long as the htmlscrubber is enabled, this should be safe. If you are
using the rst plugin without the htmlscrubber in a publically writable wiki,
you should turn on the htmlscrubber.
-- Joey Hess <joeyh@debian.org> Sun, 29 Jul 2007 18:37:22 -0400
ikiwiki (2.5) unstable; urgency=low
Due to some config changes in this version, wrappers need to be rebuilt on
upgrade. If you listed your wiki in /etc/ikiwiki/wikilist this will be
one automatically when the Debian package is upgraded.
-- Joey Hess <joeyh@debian.org> Sun, 29 Jul 2007 17:54:40 -0400
ikiwiki (2.1) unstable; urgency=low
Some wikis need to be rebuilt on upgrade to this version, due to changes to
page templates and the style sheet. If you listed your wiki in
/etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Thu, 26 Apr 2007 15:50:36 -0400
ikiwiki (2.00) unstable; urgency=low
With the 2.0 release of ikiwiki, some major changes have been made to the
default configuration:
* The 'usedirs' setting is enabled by default. This *will* break all URLs
to wikis that did not have 'usedirs' turned on before, unless you follow
the procedure described at <http://ikiwiki.info/tips/switching_to_usedirs>,
or edit your setup file to turn usedirs off:
usedirs => 0,
* OpenID logins are now enabled by default, if the Net::OpenID::Consumer
perl module is available. Password logins are also still enabled
by default. If you like, you can turn either OpenID or password logins
off via the 'disable_plugins' setting.
-- Joey Hess <joeyh@debian.org> Sun, 29 Apr 2007 19:00:43 -0400
ikiwiki (1.51) unstable; urgency=low
Some wikis need to be rebuilt on upgrade to this version, due to changes to
page layout and the style sheet. If you listed your wiki in
/etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Thu, 26 Apr 2007 15:50:36 -0400
ikiwiki (1.50) unstable; urgency=low
Permalinks and guids in rss and atom feeds for wikis using the usedirs
options will change in this release. If you have already enabled usedirs,
you may need to take steps to avoid flooding aggregators.
-- Joey Hess <joeyh@debian.org> Sat, 14 Apr 2007 16:08:46 -0400
ikiwiki (1.49) unstable; urgency=low
Third-party plugins that use htmlpage() or abs2rel() to generate links
may need changes to support the new "usedirs" option.
-- Joey Hess <joeyh@debian.org> Sun, 01 Apr 2007 16:20:09 -0400
ikiwiki (1.47) unstable; urgency=low
Due to a security fix, wikis that have the htmlscrubber enabled can no
longer use the meta plugin to insert html link and meta tags.
Some special case methods have been added for safely including stylesheets,
and for doing openid delegation. See the meta plugin docs for details.
-- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:18:40 -0400
ikiwiki (1.45) unstable; urgency=low
Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
in /etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 23:02:52 -0500
ikiwiki (1.44) unstable; urgency=low
The htmllink() function has changed slightly and plugins that use it may
need to change how they call it. This function's first three parameters
are unchanged, but additional options are now passed using named
parameters. If you used htmllink with more than 3 parameters, you will
need to change it. The plugin interface version has been increased to 1.02
to reflect this change.
-- Joey Hess <joeyh@debian.org> Mon, 19 Feb 2007 21:10:12 -0500
ikiwiki (1.42) unstable; urgency=low
The anonok setting in config files has been removed. To enable
httpauth support on your wiki, you should now enable the anonok plugin,
instead.
Third-party plugins that use pagespec_match() should be updated to pass
the new third parameter (from) to that function. This is needed for the
new relative glob matching to work.
-- Joey Hess <joeyh@debian.org> Thu, 1 Feb 2007 16:57:59 -0500
ikiwiki (1.34) unstable; urgency=low
The httpauth setting in config files has been removed. To enable
httpauth support on your wiki, you should now enable the httpauth plugin,
instead.
This release includes OpenID support that is enabled through the openid
plugin. I recommend turning this on to make it easier for users to sign
in to your wiki.
-- Joey Hess <joeyh@debian.org> Sun, 19 Nov 2006 20:53:05 -0500
|
|
This version only fixes a Windows-specific security issue, but update
nevertheless so we start the freeze with the latest available version.
(People will start asking about this update anyway?)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.7/releasenotes/
|
|
|
|
|
|
(PKG_DEBUG) that had been here since 2003.
|
|
|
|
Changes:
* support for OS/400 Secure Sockets Layer library
* curl_easy_setopt() now allocates strings passed to it
* SCP and SFTP support now requires libssh2 0.16 or later
* LDAP libraries are now linked "regularly" and not with dlopen
* HTTP transfers have the download size info "available" earlier
* FTP transfers have the download size info "available" earlier
* builds and runs on OS/400
* several error codes and options were marked as obsolete and subject to future removal (set CURL_NO_OLDIES to see if your application is using them)
* SFTP errors can return more specific error codes
Bugfixes:
* test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
* problem with closed proxy connection during HTTP CONNECT auth negotiation
* transfer-encoding skipping didn't ignore the 407 response bodies properly
* CURLOPT_SSL_VERIFYHOST set to 1
* CONNECT endless loop
* krb5 support builds with Heimdal
* added returned error string for connection refused case
* re-use of dead FTP control connections
* login to FTP servers that don't require (nor understand) PASS after the USER command
* bad free of memory from libssh2
* the SFTP PWD command works
* HTTP Digest auth on a re-used connection
* FTPS data connection close
* AIX 4 and 5 get to use non-blocking sockets
* small POST with NTLM
* resumed file:// transfers
* CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
* memory leak when handling compressed data streams from broken servers
* no NTLM unicode response
* resume HTTP PUT using Digest authentication
* FTP NOBODY requests on directories sent "SIZE (null)"
* FTP NOBODY request on file crash
* excessively long FTP server responses and response lines
* file:// upload then FTP:// upload crash
* TFTP error 0 is no longer treated as success
* uploading empty file over FTP on re-used connection
* superfluous CWD command on re-used FTP connections without subdirs used
|
|
on at least DragonFly.
|
|
|
|
pkglint cleanup while here.
|
|
Pointed out by Geert Hendrickx in private e-mail.
|
|
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
--> fixed FastCGI header overrun in mod_fastcgi
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* added dir-listing.set-footer in mod_dirlisting (#1277)
* added sending UID and PID for SIGTERM and SIGINT to the logs
* fixed compression of files < 128 bytes by disabling compression (#1241)
* fixed mysql server reconnects (#518)
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
* fixed crash on mixed EOL sequences in mod_cgi
* fixed key compare (#1287)
* fixed invalid char in header values (#1286)
* fixed invalid "304 Not Modified" on broken timestamps
--> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
--> fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals (#41)
--> fixed possible overflow in unix-socket path checks on BSD (#713)
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
* fixed handling of duplicate If-Modified-Since to return 304
* fixed extracting status code from NPH scripts (#1125)
* removed config-check if passwd files exist (#1188)
* fixed crash when etags are disabled but the client sends one (#1322)
* fixed crash when freeing the config in mod_alias
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
* fixed entering 404-handler from dynamic content (#948)
* added more debug infos for FAM based stat-cache
The highlighted changes are security vulnerabilities that are fixed in
this release.
|
|
[2007/08/26] nspluginwrapper 0.9.91.5
Fix a memory leak in NPP_Destroy()
Fix DiamondX XEmbed example plugin
Fix focus problems (Debian bug #435912)
Add support for 64-bit plugins (Martin Stransky)
Add support for newer NPAPI 0.17 functions and variables
Add support for broken 64-bit Konqueror versions (run-time detect)
[2007/04/03] nspluginwrapper 0.9.91.4
Dont try to wrap native plugins
Fix build on NetBSD (David Brownlee)
Fix build on DragonFlyBSD (Steve OHara-Smith)
Fix build on Linux systems with SSP enabled by default (Kristian Hermansen)
|
|
|
|
* None of the source files seems to reference any function in libutil, so
remove it from the libraries linked into mini_httpd and mhtpasswd.
* Make this work on Solaris by linking mini_httpd with the usual
"-lnsl -lsocket" dance.
Bump PKGREVISION to 4 due to changed library linkage in the installed
binaries.
|
|
|
|
|
|
exist later had been embedded in config_vars.mk. PKGREVISION++
|