Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for squid
- pkgsrc/www/squid/Makefile 1.197-1.199
- pkgsrc/www/squid/distinfo 1.135
- pkgsrc/www/squid/patches/patch-av removed
Module Name: pkgsrc
Committed By: wiz
Date: Mon Nov 12 00:15:00 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove ftp.leo.org from MASTER_SITES, doesn't resolve.
From Zafer Aydogan in PR 37341.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Dec 2 11:46:11 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile
Log Message:
Remove Ex-MASTER_SITE. From Zafer Aydogan.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 2 14:47:08 UTC 2007
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Removed Files:
pkgsrc/www/squid/patches: patch-av
Log Message:
Update squid package to 2.6.17 (2.6.STABLE17).
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.25
- pkgsrc/www/drupal/distinfo 1.18
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Dec 5 23:16:19 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
This release fixes a security vulnerability. Sites are urged to upgrade
immediately. For more details, please see the security announcement:
* SA-2007-031 - Drupal core - SQL Injection possible when certain
contributed modules are enabled
In addition to this security vulnerability, the following bugs have been
fixed since the 5.2 release:
* 178478 by scor: typo in text displyed when the DB is installed but not
accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order
comments by cid (ie. original submission order) instead of timestamp
(ie. last editing time order) to avoid comments jumping around when
being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap()
not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft
carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in
install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited
accounts so they are exempt from the spam protection we have for
accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no
taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
|
|
security update for apache-tomcat
- pkgsrc/www/apache-tomcat55/Makefile 1.12
- pkgsrc/www/apache-tomcat55/PLIST 1.4
- pkgsrc/www/apache-tomcat55/distinfo 1.5
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Nov 20 22:13:30 UTC 2007
Modified Files:
pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
Log Message:
Update to 5.5.25
Fix install permissions to silence checkperms
In brief:
Fix WebDAV Servlet so it works correctly with MS clients. (markt)
Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
Manager. Reported by Daiki Fukumori. (markt)
Fix NPE when a ResourceLink in context.xml tries to override an
env-entry in web.xml. (markt)
Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
Reported by Toshiharu Sugiyama. (markt)
Add some additional mime-type mappings. (markt)
Ensure JARs in webapps are scanned for TLDs when the Tomcat installation
path contains spaces. (markt)
Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
For all the details see:
http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
|
|
security update for seamonkey
Revisions pulled up:
- pkgsrc/www/seamonkey/Makefile 1.24
- pkgsrc/www/seamonkey/Makefile-seamonkey.common 1.13
- pkgsrc/www/seamonkey/distinfo 1.25
- pkgsrc/www/seamonkey/patches/patch-ac 1.4
- pkgsrc/www/seamonkey-gtk1/Makefile 1.17
- pkgsrc/www/seamonkey-bin/Makefile 1.17
- pkgsrc/www/seamonkey-bin/distinfo 1.14
Module Name: pkgsrc
Committed By: ghen
Date: Mon Oct 22 08:04:08 UTC 2007
Modified Files:
pkgsrc/www/seamonkey: Makefile Makefile-seamonkey.common distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
pkgsrc/www/seamonkey-gtk1: Makefile
pkgsrc/www/seamonkey/patches: patch-ac
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to SeaMonkey 1.1.5.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
MFSA 2007-28 Code execution via QuickTime Media-link files
For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.5/
|
|
security update for firefox
Revisions pulled up:
- pkgsrc/www/firefox/Makefile-firefox.common 1.49
- pkgsrc/www/firefox/distinfo 1.70
- pkgsrc/www/firefox/patches/patch-ac 1.10
- pkgsrc/www/firefox-bin/Makefile 1.35
- pkgsrc/www/firefox-bin/distinfo 1.33, 1.34, 1.35
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 08:59:56 UTC 2007
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox/patches: patch-ac
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.8.
Security fixes in this version:
MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Oct 19 19:47:43 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Add distinfo entries for Solaris {8,10}/{i386,sparc} as well.
Noted by dmcmahill.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Oct 20 10:42:37 UTC 2007
Modified Files:
pkgsrc/www/firefox-bin: distinfo
Log Message:
Remove empty lines to get rid of warnings in weekly pkgsrc checks on babylon5.
Suggested by veego.
|
|
security update for drupal
- pkgsrc/www/drupal/Makefile 1.24
- pkgsrc/www/drupal/distinfo 1.17
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Oct 18 13:01:36 UTC 2007
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.3
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment
Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no
admin links for the module
See http://drupal.org/node/184395 for all the details
|
|
|
|
|
|
This fixes a long standing build failure on SunOS-5.9/sparc and does
not seem to break things on NetBSD.
|
|
|
|
and x86
for each of those).
|
|
close PR pkg/37071
reviewd by xtraeme@
|
|
|
|
|
|
|
|
Okay'd during freeze by wiz.
This was noticed in my own builds and also shown in
recent DragonFly bulk build.
|
|
systems.
|
|
option to the install script for where to install the man page.
|
|
amount of configuration (ie, set the data directory).
Added the supplied sample files to the pkgsrc package.
This should solve PR pkg/31460 by Stefan Schumacher.
While here, added support for installation to DESTDIR and marked the
package as a pure Perl package (no compiler necessary).
|
|
of some executable skripts (lwp-*) tell MakeMaker to use the default answers
provided in Makefile.PL.
This should solve PR pkg/30737 from Joern Clausen.
|
|
|
|
|
|
work again and enables a successful run of the "test" target.
|
|
eperl_proto.h:56: error: array type has incomplete element type
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cairo versions that conflict with Mozilla's included version.
Reported via PR#37006 and fixed with input from Vincent on tech-pkg@netbsd.org.
Bump PKGREVISION.
|
|
cairo versions that conflict with Mozilla's included version.
Reported via PR#37006 and fixed with input from Vincent on tech-pkg@netbsd.org.
Bump PKGREVISION.
|
|
Also enable p5-PerlMagick for the img plugin (included in the
goodstuff bundle).
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
Add p5-Text-Markdown to dependencies, since the Makefile complains about it.
Add two dependencies that were marked as "optional" in the pkgsrc Makefile.
XXX: A few dependencies should be checked, if they are really needed here.
Don't bump PKGREVISION because the update was a very short time ago.
|
|
Changes since 1.32:
ikiwiki (2.5) unstable; urgency=low
In this version the rst plugin allows raw html to be embedded in rst files.
As long as the htmlscrubber is enabled, this should be safe. If you are
using the rst plugin without the htmlscrubber in a publically writable wiki,
you should turn on the htmlscrubber.
-- Joey Hess <joeyh@debian.org> Sun, 29 Jul 2007 18:37:22 -0400
ikiwiki (2.5) unstable; urgency=low
Due to some config changes in this version, wrappers need to be rebuilt on
upgrade. If you listed your wiki in /etc/ikiwiki/wikilist this will be
one automatically when the Debian package is upgraded.
-- Joey Hess <joeyh@debian.org> Sun, 29 Jul 2007 17:54:40 -0400
ikiwiki (2.1) unstable; urgency=low
Some wikis need to be rebuilt on upgrade to this version, due to changes to
page templates and the style sheet. If you listed your wiki in
/etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Thu, 26 Apr 2007 15:50:36 -0400
ikiwiki (2.00) unstable; urgency=low
With the 2.0 release of ikiwiki, some major changes have been made to the
default configuration:
* The 'usedirs' setting is enabled by default. This *will* break all URLs
to wikis that did not have 'usedirs' turned on before, unless you follow
the procedure described at <http://ikiwiki.info/tips/switching_to_usedirs>,
or edit your setup file to turn usedirs off:
usedirs => 0,
* OpenID logins are now enabled by default, if the Net::OpenID::Consumer
perl module is available. Password logins are also still enabled
by default. If you like, you can turn either OpenID or password logins
off via the 'disable_plugins' setting.
-- Joey Hess <joeyh@debian.org> Sun, 29 Apr 2007 19:00:43 -0400
ikiwiki (1.51) unstable; urgency=low
Some wikis need to be rebuilt on upgrade to this version, due to changes to
page layout and the style sheet. If you listed your wiki in
/etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Thu, 26 Apr 2007 15:50:36 -0400
ikiwiki (1.50) unstable; urgency=low
Permalinks and guids in rss and atom feeds for wikis using the usedirs
options will change in this release. If you have already enabled usedirs,
you may need to take steps to avoid flooding aggregators.
-- Joey Hess <joeyh@debian.org> Sat, 14 Apr 2007 16:08:46 -0400
ikiwiki (1.49) unstable; urgency=low
Third-party plugins that use htmlpage() or abs2rel() to generate links
may need changes to support the new "usedirs" option.
-- Joey Hess <joeyh@debian.org> Sun, 01 Apr 2007 16:20:09 -0400
ikiwiki (1.47) unstable; urgency=low
Due to a security fix, wikis that have the htmlscrubber enabled can no
longer use the meta plugin to insert html link and meta tags.
Some special case methods have been added for safely including stylesheets,
and for doing openid delegation. See the meta plugin docs for details.
-- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:18:40 -0400
ikiwiki (1.45) unstable; urgency=low
Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
in /etc/ikiwiki/wikilist this will be done automatically when the Debian
package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild.
-- Joey Hess <joeyh@debian.org> Wed, 7 Mar 2007 23:02:52 -0500
ikiwiki (1.44) unstable; urgency=low
The htmllink() function has changed slightly and plugins that use it may
need to change how they call it. This function's first three parameters
are unchanged, but additional options are now passed using named
parameters. If you used htmllink with more than 3 parameters, you will
need to change it. The plugin interface version has been increased to 1.02
to reflect this change.
-- Joey Hess <joeyh@debian.org> Mon, 19 Feb 2007 21:10:12 -0500
ikiwiki (1.42) unstable; urgency=low
The anonok setting in config files has been removed. To enable
httpauth support on your wiki, you should now enable the anonok plugin,
instead.
Third-party plugins that use pagespec_match() should be updated to pass
the new third parameter (from) to that function. This is needed for the
new relative glob matching to work.
-- Joey Hess <joeyh@debian.org> Thu, 1 Feb 2007 16:57:59 -0500
ikiwiki (1.34) unstable; urgency=low
The httpauth setting in config files has been removed. To enable
httpauth support on your wiki, you should now enable the httpauth plugin,
instead.
This release includes OpenID support that is enabled through the openid
plugin. I recommend turning this on to make it easier for users to sign
in to your wiki.
-- Joey Hess <joeyh@debian.org> Sun, 19 Nov 2006 20:53:05 -0500
|
|
This version only fixes a Windows-specific security issue, but update
nevertheless so we start the freeze with the latest available version.
(People will start asking about this update anyway?)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.7/releasenotes/
|
|
|
|
|
|
(PKG_DEBUG) that had been here since 2003.
|
|
|
|
Changes:
* support for OS/400 Secure Sockets Layer library
* curl_easy_setopt() now allocates strings passed to it
* SCP and SFTP support now requires libssh2 0.16 or later
* LDAP libraries are now linked "regularly" and not with dlopen
* HTTP transfers have the download size info "available" earlier
* FTP transfers have the download size info "available" earlier
* builds and runs on OS/400
* several error codes and options were marked as obsolete and subject to future removal (set CURL_NO_OLDIES to see if your application is using them)
* SFTP errors can return more specific error codes
Bugfixes:
* test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
* problem with closed proxy connection during HTTP CONNECT auth negotiation
* transfer-encoding skipping didn't ignore the 407 response bodies properly
* CURLOPT_SSL_VERIFYHOST set to 1
* CONNECT endless loop
* krb5 support builds with Heimdal
* added returned error string for connection refused case
* re-use of dead FTP control connections
* login to FTP servers that don't require (nor understand) PASS after the USER command
* bad free of memory from libssh2
* the SFTP PWD command works
* HTTP Digest auth on a re-used connection
* FTPS data connection close
* AIX 4 and 5 get to use non-blocking sockets
* small POST with NTLM
* resumed file:// transfers
* CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
* memory leak when handling compressed data streams from broken servers
* no NTLM unicode response
* resume HTTP PUT using Digest authentication
* FTP NOBODY requests on directories sent "SIZE (null)"
* FTP NOBODY request on file crash
* excessively long FTP server responses and response lines
* file:// upload then FTP:// upload crash
* TFTP error 0 is no longer treated as success
* uploading empty file over FTP on re-used connection
* superfluous CWD command on re-used FTP connections without subdirs used
|
|
on at least DragonFly.
|
|
|
|
pkglint cleanup while here.
|
|
Pointed out by Geert Hendrickx in private e-mail.
|
|
* fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
--> fixed FastCGI header overrun in mod_fastcgi
* fixed hanging redirects with keep-alive due to missing
"Content-Length: 0" headers
* fixed crashing when using undefined environment variables in the config
* added dir-listing.set-footer in mod_dirlisting (#1277)
* added sending UID and PID for SIGTERM and SIGINT to the logs
* fixed compression of files < 128 bytes by disabling compression (#1241)
* fixed mysql server reconnects (#518)
* fixed disabled keep-alive for dynamic content with HTTP/1.0 (#1166)
* fixed crash on mixed EOL sequences in mod_cgi
* fixed key compare (#1287)
* fixed invalid char in header values (#1286)
* fixed invalid "304 Not Modified" on broken timestamps
--> fixed endless loop on shrinked files with sendfile() on BSD (#1289)
--> fixed counter overrun in ?auto in mod_status (#909)
* fixed too aggresive caching of nested conditionals (#41)
--> fixed possible overflow in unix-socket path checks on BSD (#713)
* fixed extra Content-Length header on 1xx, 204 and 304 (#1002)
* fixed handling of duplicate If-Modified-Since to return 304
* fixed extracting status code from NPH scripts (#1125)
* removed config-check if passwd files exist (#1188)
* fixed crash when etags are disabled but the client sends one (#1322)
* fixed crash when freeing the config in mod_alias
* fixed server.error-handler-404 breakage from 1.4.16 (#1270)
* fixed entering 404-handler from dynamic content (#948)
* added more debug infos for FAM based stat-cache
The highlighted changes are security vulnerabilities that are fixed in
this release.
|
|
[2007/08/26] nspluginwrapper 0.9.91.5
Fix a memory leak in NPP_Destroy()
Fix DiamondX XEmbed example plugin
Fix focus problems (Debian bug #435912)
Add support for 64-bit plugins (Martin Stransky)
Add support for newer NPAPI 0.17 functions and variables
Add support for broken 64-bit Konqueror versions (run-time detect)
[2007/04/03] nspluginwrapper 0.9.91.4
Dont try to wrap native plugins
Fix build on NetBSD (David Brownlee)
Fix build on DragonFlyBSD (Steve OHara-Smith)
Fix build on Linux systems with SSP enabled by default (Kristian Hermansen)
|
|
|
|
* None of the source files seems to reference any function in libutil, so
remove it from the libraries linked into mini_httpd and mhtpasswd.
* Make this work on Solaris by linking mini_httpd with the usual
"-lnsl -lsocket" dance.
Bump PKGREVISION to 4 due to changed library linkage in the installed
binaries.
|