Age | Commit message (Collapse) | Author | Files | Lines |
|
x11/libXi: security update
Revisions pulled up:
- x11/libXi/Makefile 1.24
- x11/libXi/distinfo 1.20
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jul 3 06:27:03 UTC 2013
Modified Files:
pkgsrc/x11/libXi: Makefile distinfo
Log Message:
Update to 1.7.2.
Changes in 1.7.2:
Only one minor change since the RC. Again, this release contains the fixes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995 so you're encouraged to
update.
Peter Hutterer (1):
libXi 1.7.2
Thomas Klausner (1):
Remove check that can never be true.
Changses in 1.7.1.901:
First and likely only RC for libXi 1.7.2. This one has a bunch of changes
for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various
integer overflows and other corruption that happens if we trust the server
a bit too much on the data we're being sent.
On top of those fixes, the sequence number in XI2 events is now set
propertly too (#64687).
Please test, if you find any issues let me know.
Alan Coopersmith (14):
Expand comment on the memory vs. reply ordering in XIGetSelectedEvents()
Use _XEatDataWords to avoid overflow of rep.length bit shifting
Stack buffer overflow in XGetDeviceButtonMapping() [CVE-2013-1998 1/3]
memory corruption in _XIPassiveGrabDevice() [CVE-2013-1998 2/3]
unvalidated lengths in XQueryDeviceState() [CVE-2013-1998 3/3]
integer overflow in XGetDeviceControl() [CVE-2013-1984 1/8]
integer overflow in XGetFeedbackControl() [CVE-2013-1984 2/8]
integer overflow in XGetDeviceDontPropagateList() [CVE-2013-1984 3/8]
integer overflow in XGetDeviceMotionEvents() [CVE-2013-1984 4/8]
integer overflow in XIGetProperty() [CVE-2013-1984 5/8]
integer overflow in XIGetSelectedEvents() [CVE-2013-1984 6/8]
Avoid integer overflow in XGetDeviceProperties() [CVE-2013-1984 7/8]
Avoid integer overflow in XListInputDevices() [CVE-2013-1984 8/8]
sign extension issue in XListInputDevices() [CVE-2013-1995]
Peter Hutterer (7):
Copy the sequence number into the target event too (#64687)
Don't overwrite the cookies serial number
Fix potential corruption in mask_len handling
Change size += to size = in XGetDeviceControl
If the XGetDeviceDontPropagateList reply has an invalid length, return 0
Include limits.h to prevent build error: missing INT_MAX
libXi 1.7.1.901
|
|
Also pull post-3.2.1 patches for configure scripts.
pkgsrc changes:
- remove obsolete post-3.2.0 patches
- adjust for etc/font-fb changes
- update PLIST for new framebuffer software keyboard files
Changes from doc/en/ReleaseNote:
ver 3.2.1
* Support framebuffer on OpenBSD.
* Support software keyboard on framebuffer.
(Double-click Button1 at the right bottom corner of the screen to show it.)
* Support USB keyboard with iBus on NetBSD/OpenBSD framebuffer.
* Support CSI ? 69 h, CSI ? 69 l (DECLRMM) and CSI pl;pr s (DECSLRM).
* Support CSI 3 m and CSI 23 m which set/unset italic attribute.
* Prefer JISX0208 to JISX0213 all the time in converting Unicode to other cs.
* If DEFAULT=-foo-bar-medium-r-*--%d-*- is specified in ~/.mlterm/font,
-foo-bar-bold-r-*--%d-*-, -foo-bar-medium-i-*--%d-*- or -foo-bar-bold-i-*--%d-*-
are automatically searched for a bold, italic or bold italic font.
* Bug fixes:
SF Bug #3614142 (Thanks to Ahmed El-Mahmoudy)
SF Bug #3614192 (Thanks to Ahmed El-Mahmoudy)
Fix the bug which caused segmentation fault in using a font whose width doesn't
match the usascii font on 24 or 32 bpp framebuffer.
Fix the bug which caused segmentation fault in closing input method status window.
Fix the bug which caused segmentation fault in loading illegal pcf fonts.
Resize the window in attaching a new pty. (enbugged at 3.2.0)
Fix the bug which disabled mlconfig and mlterm-menu. (enbugged at 3.2.0)
Fix the error message in the failure of loading US-ASCII font.
Fix the bug which lets parcellite reset the selected region.
Report relative-origin position of the cursor to CPR sequence.
|
|
|
|
https://bitbucket.org/arakiken/mlterm/commits/c8814173cb051b32ce1d1b440b4033bd0
bba567d#chg-xwindow/fb/x_display.c
> fb/x_display.c: get_ps2_kcode() is added to convert usb keycode
> to ps2 keycode for iBus on NetBSD/OpenBSD framebuffer.
This makes ibus inputmethod usable with USB keyboard on mlterm-fb.
Bump PKGREVISION.
|
|
|
|
|
|
This quick fix release corrects an issue with the security fix from 1.0.8,
in which, if the size checks did determine the response from the X server
was too large to fit in the buffer it had allocated, XvQueryPortAttributes
could return a pointer to the caller that pointed to uninitialized memory
where the caller expected a nil-terminated string.
Alan Coopersmith (2):
XvQueryPortAttributes: add a comment explaining memory strategy
libXv 1.0.9
Daphne Pfister (1):
Bug 65252: Ensure final name is nil-terminated & none point to uninitialized memory.
|
|
|
|
http://mlterm.sf.net/mlterm-3.2.0-fixes.patch
- Fix the bug which caused segmentation fault in closing input method
status window.
- Fix the error message in the failure of loading US-ASCII font.
- Resize the window in attaching a new pty. (enbugged at 3.2.0)
- Fix the bug which lets parcellite reset the selected region.
- Fix the bug which disabled mlconfig and mlterm-menu. (enbugged at 3.2.0)
- SF Bug #3614192
Bump PKGREVISION.
|
|
|
|
Reported by Mayuresh on pkgsrc-users@:
http://mail-index.netbsd.org/pkgsrc-users/2013/06/22/msg018231.html
|
|
|
|
PKG_DEVELOPER check, and avoid non-portable dirent ops for SunOS.
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
does not have 'gdb' in PATH.
|
|
|
|
|
|
|
|
Still for PR 47935.
|
|
|
|
This is the video driver for ATI Radeon cards for the modular Xorg
server.
This package contains the major version 6 of the driver, before
DRI1/UMS/etc removal.
This package is added in a try to address PR 47935.
If it doesn't help, I'll remove it again.
|
|
The latter contains the unstable version 3 of mono, which breaks many mono
packages.
Bump dependencies and PKGREVISIONs.
Ok during freeze: gdt@
|
|
|
|
|
|
|
|
libraries and enlightenment 0.17.3 itself.
Upstream changes of Eina (to get an impression):
Eina 1.7.7
Changes since Eina 1.7.6:
-------------------------
No changes, just updating to keep in sync with last release.
Changes since Eina 1.7.5:
-------------------------
Improvements:
* Honor tile size in Eina_Tiler.
Fixes:
* Prevent denial of service on Eina_Hash function.
* Fix map leak in Eina_File infrastructure.
* Fix portability issue on 64bits system for Eina_CList.
* Fix magic failure in eina_value_array_count when array has not been allocated
Changes since Eina 1.7.4:
-------------------------
No changes, just updating to keep in sync with last release.
Changes since Eina 1.7.3:
-------------------------
Fixes:
* Fix EINA_INLIST_FOREACH_SAFE macro
* Add XML output to doc
* Add installation rule for doc
* Fix build for Windows platforms.
Changes since Eina 1.7.2:
-------------------------
* Fix Solaris build.
* Don't leak fd after exec.
Changes since Eina 1.7.1:
-------------------------
No changes, just updating to keep in sync with last release.
|
|
clang build. PKGREVISION -> 6.
Caution: while it builds, it does not build cleanly -- adding function
prototypes turned up some systemic issues.
If anyone uses this package it would be helpful to try building it
with -Wall and look in to how to fix things properly.
|
|
|
|
while here, revive minimal pert of patches lost during update to 1.8.1,
for WSMouse support of NetBSD.
[ANNOUNCE] xf86-input-mouse 1.9.0
No big changes, but since we removed maintainer mode we might as well bump
the minor version.
Adam Jackson (1):
configure: Drop AM_MAINTAINER_MODE
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Peter Hutterer (3):
Fix compilation error with EXTMOUSEDEBUG on
Use signal-safe logging if available
mouse 1.9.0
|
|
- new "player" applet
- more portable Makefiles
- improved XDG support
- fixes to the notification helper
|
|
|
|
- API update for the inter-process notification framework (fixes bugs)
- more portable Makefiles
|
|
(whth addition of cairo-gobject, webkit-gtk and webkit-gtk2 binding packages)
== Ruby-GNOME2 2.0.2: 2013-05-26
Windows XP re-supportted release!
=== Changes
==== Ruby/GLib2
* Improvements
* Added rbgutil_key_equal() convenient function.
It is used for comparing key that may be String or Symbol.
==== Ruby/Pango
* Improvements
* [windows] Forced to disable uniscribe backend of HarfBuzz.
[ruby-list:49412] [Reported by Masafumi Yokoyama]
* Don't define Pango::CairoFcFontMap and Pango::CairoWin32FontMap
because they may cause crash on OS X.
[shocker-ja:1119] [Reported by znz]
* Updated samples.
[GitHub#164] [Patch by Kentaro Fukuchi]
* Fixes
* Fixed wrong index access in Pango::GlyphString#glyphs.
[ruby-gnome2-devel-ja] [Reported by Kentaro Fukuchi]
=== Thanks
* Kentaro Fukuchi
* Masafumi Yokoyama
* znz
== Ruby-GNOME2 2.0.1: 2013-05-25
Ruby 1.8 support is dropped release!
=== Changes
==== All
* Improvements
* Dropped Ruby 1.8 support.
* Updated bundled binaries versions for Windows.
==== Ruby/Pango
* Improvements
* Added Pango::CairoFontMap.set_default.
* Enabled fontconfig font on Windows.
* Defined Pango::CairoFcFontMap on init if it is available.
* Defined Pango::CairoWin32FontMap on init if it is available.
==== Ruby/GTK3
* Improvements
* Added Gtk::Image#set_from_icon_set.
[GitHub#150] [Patch by Detlef Reichl]
* Added Gtk::Image#set_from_stock.
[GitHub#150] [Patch by Detlef Reichl]
* Added Gtk::Image#set_from_gicon.
[GitHub#150] [Patch by Detlef Reichl]
* Updated samples.
[GitHUb#151] [Patch by Detlef Reichl]
* Fixes
* Fixed a GC related crash bug.
[ruby-gnome2-devel-en] [Reported by Detlef Reichl]
==== Ruby/GObjectIntrospection
* Improvements
* Supported ownership transfer for some input argument types.
(Struct and Object)
* Supported "(out caller-allocates)" for boxed object.
[ruby-gnome2-devel-ja] [Reported by Kentaro Fukuchi]
* Supported gpointer in/out.
[ruby-gnome2-devel-ja] [Reported by NAKAJIMA Takashi]
* Fixes
* Fixed missing argument.
[GitHub#154] [Reported by Masafumi Yokoyama]
==== RubyGStreamer
* Improvements
* Supported methods that call callback
[ruby-gnome2-devel-ja] [Reported by NAKAJIMA Takashi]
* Updated samples.
[GitHub#156][GitHub#159][GitHub#160][GitHub#161]
[Patch by NAKAJIMA Takashi]
* Supported Gst::Bus#set_handler.
[ruby-gnome2-devel-ja] [Reported by NAKAJIMA Takashi]
* Supported Gst::Controller
[ruby-gnome2-devel-ja] [Suggested by NAKAJIMA Takashi]
* Stopped to require Gst.init.
* Fixes
* Fixed out of index access bug.
==== Ruby/GooCanvas
* Improvements
* Migrated to Ruby/GObjectIntrospection based bindings.
* Stopped to require Goo.init.
* Fixes
* Updated samples.
[GitHub#152][GitHub#153][GitHub#155][GitHub#157]
[Patch by Masafumi Yokoyama]
==== Ruby/Clutter
* Improvements
* Stopped to require Clutter.init.
* Fixes
* Fixed broken samples.
[ruby-gnome2-devel-ja] [Patch by Kentaro Fukuchi]
==== Ruby/ClutterGtk
* Improvements
* Stopped to require ClutterGtk.init.
==== Ruby/ClutterGStreamer
* Added.
==== Ruby/WebKitGtk
* Improvements
* Stopped to require WebKitGtk.init.
==== Ruby/WebKitGtk2
* Improvements
* Stopped to require WebKitGtk2.init.
=== Thanks
* Detlef Reichl
* NAKAJIMA Takashi
* Masafumi Yokoyama
* Kentaro Fukuchi
|
|
* Remove absolete patches for security bug.
Noticed by wiz@. Thank you.
|
|
|
|
Changelog:
2.8.12:
-------
All:
- Fixed a bug in UNC path testing.
- Improved command line parser usage help.
- Fixed race condition bugs in wxCondition.
- Added wxT_2() for forward compatibility with wxWidgets 3. Use it in
initialization of wxCmdLineEntryDesc struct elements and (very few) other
places where wxT() is required currently but won't be allowed in v3.
- Fixed crash on exit caused by deleting old logger in wxLogChain dtor.
All (GUI):
- wxRTC: fixed style selection resetting after editing a style.
- wxRTC: can now edit line spacing in .1 increments from 1 to 2.
- wxRTC: fixed wrong line spacing and space after paragraph calculations.
- wxRTC: GetStyleMergedWithBase now detects loops.
- wxRTC: wxRichTextCtrl::ApplyStyle now applies a paragraph style at the
cursor without needing a selection, and setting the default style now
avoids duplicating character attributes in subsequently typed text when
they exist in the paragraph style.
- wxRTC: fixed IsPositionVisible to scroll a position into view correctly.
- wxRTC: fixed a problem with paste resetting the content paragraph style.
- wxRTC: style list box now copes with names duplicated across style types.
Also fixed wxRichTextStyleDefinition::GetStyleMergeWithBase similarly.
- wxRTC: fixed very poor performance for XML loading on wxGTK.
- Fixed error in generic tree control CalculatePositions.
- Added wxFD_FILE_MUST_EXIST to wxFileSelector function.
- Added wxDataViewCtrl Get/SetValueByRow functions for forward compatibility
with 2.9.
- Right-clicking is now supported in any kind of wxAuiToolBar button.
- Fixed a bug in wxAcceleratorEntry::IsOk.
- wxGraphicsContext::DrawBitmap: x and y coordinates no longer affected by
stretch factor.
- Fixed an assert in wxGrid on wxEVT_MOUSE_CAPTURE_LOST.
- Fixed bug in generic wxTreeCtrl where SelectItem toggles the selection if
the item is already in the desired state.
- Fixed bug in wxSizer::Replace(size_t, wxSizerItem *) whereby SetContainingSizer
is not called.
- Fixed compilation with libpng 1.5 and above.
- Removed ugly black (simple) border around wxHTML help window.
wxMSW:
- wxOwnerDrawnComboBox and wxComboCtrl with wxCB_READONLY window style now
have more native-like focus indicator rendering.
- Fixed wxOwnerDrawnComboBox keyboard handling: drop-down is no longer
displayed when arrow key is pressed (without Alt).
- In some rare cases wxOwnerDrawnComboBox drop-down animation could display
as garbage. This has now been greatly reduced (mcben).
- Fixed OLE date conversion bug.
- Added check for double window handle creation.
- Fixed WIN64 crash in wxStyledTextCtrl.
- Fixed Watcom compilation when omitting threads.
- Fixed wxFileName::IsFileReadable on Windows 98.
- Fixed bug whereby clicking anywhere inside wxListBox generates
wxEVT_COMMAND_LISTBOX_SELECTED event. You need to set wxUSE_LISTBOX_SELECTION_FIX
to 1 in include/wx/msw/listbox.h to enable this binary-incompatible fix.
wxGTK:
- Fix for --disable-radiobtn compilation.
- Fixed a bug on GTK+ only whereby wxGrid scrolls back to the previous edit position
when another cell is edited.
- Fix for missing menubar problem under some window managers where menu bar height is
reported as 0 when the menu hasn't fully realized yet. Now updates the height during
idle time if it is 0, otherwise no menu is shown.
- Improved list control and tree control selection text theme compatibility by adding
wxSYS_COLOUR_LISTBOXHIGHLIGHTTEXT colour index.
- wxComboCtrl and wxOwnerDrawnComboBox had wrong background colours under some
themes (Marcin Wojdyr).
- Added thread-safe fixes to socket code.
wxUniv:
- Fixed assertion in tree control sample due to colour index not being supported.
|
|
This bug fix release provides the fixes for the recently announced security
issues CVE-2013-1990 & CVE-2013-1999, and the fixes for the bugs introduced
in the initial set of patches for those security issues.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (6):
Use _XEatDataWords to avoid overflow of rep.length shifting
integer overflow in XvMCListSurfaceTypes() [CVE-2013-1990 1/2]
integer overflow in XvMCListSubpictureTypes() [CVE-2013-1990 2/2]
integer overflow in _xvmc_create_*()
Multiple unvalidated assumptions in XvMCGetDRInfo() [CVE-2013-1999]
libXvMC 1.0.8
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Dave Airlie (1):
Multiple unvalidated patches in CVE-2013-1999
Julien Cristau (1):
avoid overflowing by making nameLen and busIDLen addition overflow
|
|
This bugfix release delivers the fixes for the recently announced security
issue CVE-2013-1987.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (5):
Use _XEatDataWords to avoid overflow of rep.length bit shifting
integer overflow in XRenderQueryFilters() [CVE-2013-1987 1/3]
integer overflow in XRenderQueryFormats() [CVE-2013-1987 2/3]
integer overflow in XRenderQueryPictIndexValues() [CVE-2013-1987 3/3]
libXrender 0.9.8
Colin Walters (1):
autogen.sh: Implement GNOME Build API
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
* Update MASTER_SITES.
Changelog:
CHANGES IN FLTK 1.3.2
- Removed unnecessary drawing calls (STR #2898)
- Fixed regression in FLTK 1.3.1 for unbundled Mac OS FLTK applications that
did not appear in dock nor have a menu bar (STR #2890).
- Fl_Table::clear() now calls table->clear() for consistency. (STR #2889)
- Fixed Fl_Scroll widget that fails under Mac OS X 10.8 and retina display (STR #2887).
- Prevents scrollbars from drawing when widget is sized too small to be visible (STR #2886).
- Documented how to make a Mac OS X FLTK application launchable by dropping files on its icon.
- Fixed a Mac-specific issue appeared with OS 10.8 (Mountain Lion): long delay before
opening when the application is started by dragging a file on the application icon.
- Fixed use of PNG image from im-memory data (STR #2884).
- Added static Fl_RGB_Image::max_size(size_t) to limit the maximum memory size allowed to
RGB images (STR #2881).
|
|
|
|
works with native xorg.
|
|
general solution I checked in in bsd.buildlink3.mk.
|
|
* libfontconfig should be linked too.
|