ghen [Tue, 3 Jun 2008 11:21:55 +0000 (11:21 +0000)]
Ticket #2411.
ghen [Tue, 3 Jun 2008 11:21:04 +0000 (11:21 +0000)]
Pullup ticket 2411 - requested by drochner
security fix for imlib2
- pkgsrc/graphics/imlib2/Makefile 1.46
- pkgsrc/graphics/imlib2/distinfo 1.21
- pkgsrc/graphics/imlib2/patches/patch-cf 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Mon Jun 2 10:05:50 UTC 2008
Modified Files:
pkgsrc/graphics/imlib2: Makefile distinfo
Added Files:
pkgsrc/graphics/imlib2/patches: patch-cf
Log Message:
add a patch from redhat bugzilla (#449073) to fix the xpm half
of CVE-2008-2426, the pnm half was fixed in pkgsrc in 2006
bump PKGREVISION
tron [Mon, 2 Jun 2008 11:55:21 +0000 (11:55 +0000)]
Pullup ticket #2407.
tron [Mon, 2 Jun 2008 11:54:40 +0000 (11:54 +0000)]
Pullup ticket #2407 - requested by dholland
Security patch for uudeview
Revisions pulled up:
- converters/uudeview/Makefile 1.28
- converters/uudeview/distinfo 1.8
- converters/uudeview/patches/patch-ac 1.5
---
Module Name: pkgsrc
Committed By: dholland
Date: Sun Jun 1 21:49:56 UTC 2008
Modified Files:
pkgsrc/converters/uudeview: Makefile distinfo
Added Files:
pkgsrc/converters/uudeview/patches: patch-ac
Log Message:
Fix insecure-temporary-files, as reported in Debian bug 480972.
PKGREVISION++.
tron [Mon, 2 Jun 2008 09:42:11 +0000 (09:42 +0000)]
Pullup ticket #2406.
tron [Mon, 2 Jun 2008 09:40:37 +0000 (09:40 +0000)]
Pullup ticket #2406 - requested by dholland
Security patch for uulib
Revisions pulled up:
- converters/uulib/Makefile 1.42
- converters/uulib/distinfo 1.10
- converters/uulib/patches/patch-ab 1.3
- converters/uulib/patches/patch-ac 1.1
---
Module Name: pkgsrc
Committed By: dholland
Date: Sun Jun 1 21:46:37 UTC 2008
Modified Files:
pkgsrc/converters/uulib: Makefile distinfo
Added Files:
pkgsrc/converters/uulib/patches: patch-ab patch-ac
Log Message:
Fix insecure-temporary-files, as reported in Debian bug 480972.
PKGREVISION++.
tron [Mon, 2 Jun 2008 09:17:39 +0000 (09:17 +0000)]
Pullup ticket #2408.
tron [Mon, 2 Jun 2008 09:15:44 +0000 (09:15 +0000)]
Pullup ticket #2408 - requested by he
Security patch for perl
Revisions pulled up:
- lang/perl5/Makefile 1.137
- lang/perl5/distinfo 1.48
- lang/perl5/patches/patch-ad 1.11
- lang/perl5/patches/patch-af 1.13
- lang/perl5/patches/patch-ag 1.11
- lang/perl5/patches/patch-ai 1.5
- lang/perl5/patches/patch-aj 1.9
- lang/perl5/patches/patch-ak 1.3
- lang/perl5/patches/patch-da 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Sun Jun 1 22:04:07 UTC 2008
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
pkgsrc/lang/perl5/patches: patch-da
Added Files:
pkgsrc/lang/perl5/patches: patch-ad patch-af patch-ag patch-ai patch-aj
patch-ak
Log Message:
Apply a patch from Debian to fix the security vulnerability identified
by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927.
Patch fetched from
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
which, according to comments, is from upstream change 27688.
Revision bumped to nb8.
spz [Sun, 1 Jun 2008 09:37:29 +0000 (09:37 +0000)]
ticket #2401
spz [Sun, 1 Jun 2008 09:35:54 +0000 (09:35 +0000)]
Pullup ticket 2401 - requested by tonnerre
fix security problem in aterm
Revisions pulled up:
- pkgsrc/x11/aterm/patches/patch-aa 1.5
- pkgsrc/x11/aterm/distinfo 1.13
- pkgsrc/x11/aterm/Makefile 1.35
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue May 27 21:46:53 UTC 2008
Modified Files:
pkgsrc/x11/aterm: Makefile distinfo
pkgsrc/x11/aterm/patches: patch-aa
Log Message:
Don't make any assumptions about default displays in aterm.
Fixes CVE-2008-1142.
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/x11/aterm/Makefile
cvs rdiff -r1.12 -r1.13 pkgsrc/x11/aterm/distinfo
cvs rdiff -r1.4 -r1.5 pkgsrc/x11/aterm/patches/patch-aa
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
spz [Fri, 30 May 2008 17:54:41 +0000 (17:54 +0000)]
ticket 2402
spz [Fri, 30 May 2008 17:53:02 +0000 (17:53 +0000)]
Pullup ticket 2402 - requested by tonnerre
fix build problem on MacOS X
Revisions pulled up:
- pkgsrc/print/teTeX3-bin/patches/patch-at 1.3
- pkgsrc/print/teTeX3-bin/distinfo 1.10
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 25 17:10:29 UTC 2008
Modified Files:
pkgsrc/print/teTeX3-bin: distinfo
pkgsrc/print/teTeX3-bin/patches: patch-at
Log Message:
Fix build of teTeX3-bin on MacOS X as described in PR 38635. Patch
tested by me and Matthias Kretschmer.
PKGREVISION not bumped because there is no change at all to the content.
To generate a diff of this commit:
cvs rdiff -r1.9 -r1.10 pkgsrc/print/teTeX3-bin/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/print/teTeX3-bin/patches/patch-at
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
spz [Fri, 30 May 2008 17:15:29 +0000 (17:15 +0000)]
ticket #2405
spz [Fri, 30 May 2008 17:13:43 +0000 (17:13 +0000)]
Pullup ticket 2405 - requested by mishka
fix build problem on NetBSD-current
Revisions pulled up:
- pkgsrc/lang/perl5/patches/patch-ae 1.11
- pkgsrc/lang/perl5/distinfo 1.47
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 28 22:24:22 UTC 2008
Modified Files:
pkgsrc/lang/perl5: distinfo
pkgsrc/lang/perl5/patches: patch-ae
Log Message:
Add missing single quote. Fixes build on -current.
To generate a diff of this commit:
cvs rdiff -r1.46 -r1.47 pkgsrc/lang/perl5/distinfo
cvs rdiff -r1.10 -r1.11 pkgsrc/lang/perl5/patches/patch-ae
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
tron [Thu, 29 May 2008 14:17:13 +0000 (14:17 +0000)]
Pullup ticket #2403.
tron [Thu, 29 May 2008 14:14:53 +0000 (14:14 +0000)]
Pullup ticket #2403 - requested by drochner
Security patch for samba
Revisions pulled up:
- net/samba/Makefile 1.182
- net/samba/distinfo 1.62
- net/samba/patches/patch-ea 1.1
- net/samba/patches/patch-eb 1.1
- net/samba/patches/patch-ec 1.1
- net/samba/patches/patch-ed 1.1
- net/samba/patches/patch-ee 1.1
- net/samba/patches/patch-ef 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 28 15:39:55 UTC 2008
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Added Files:
pkgsrc/net/samba/patches: patch-ea patch-eb patch-ec patch-ed patch-ee
patch-ef
Log Message:
add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
(heap buffer overflow in client code)
bump PKGREVISION
rtr [Tue, 27 May 2008 13:29:33 +0000 (13:29 +0000)]
ticket #2400
rtr [Tue, 27 May 2008 13:29:03 +0000 (13:29 +0000)]
pullup ticket #2400 - requested by tnn
stunnel: update package due to security issue
revisions pulled up:
- pkgsrc/security/stunnel/MESSAGE 1.1
- pkgsrc/security/stunnel/Makefile 1.62
- pkgsrc/security/stunnel/PLIST 1.10
- pkgsrc/security/stunnel/distinfo 1.24
- pkgsrc/security/stunnel/files/stunnel.sh 1.2
- pkgsrc/security/stunnel/patches/patch-aa 1.20
- pkgsrc/security/stunnel/patches/patch-ac r0
Module Name: pkgsrc
Committed By: tnn
Date: Tue May 27 11:51:32 UTC 2008
Modified Files:
pkgsrc/security/stunnel: Makefile PLIST distinfo
pkgsrc/security/stunnel/files: stunnel.sh
pkgsrc/security/stunnel/patches: patch-aa
Added Files:
pkgsrc/security/stunnel: MESSAGE
Removed Files:
pkgsrc/security/stunnel/patches: patch-ac
Log Message:
Update to stunnel-4.24.
4.24: fix security problem (properly reject revoked certs)
4.23: WinNT bugfix
4.22:
- A new global option to control logging to syslog.
Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size.
- Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
- A few bugs fixed the in the new libwrap support code.
- TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
4.21:
- Initial FIPS 140-2 support (see INSTALL.FIPS for details).
- Experimental fast support for non-MT-safe libwrap is provided
with pre-spawned processes.
- Stunnel binary moved from /usr/local/sbin to /usr/local/bin
in order to meet FHS and LSB requirements.
- Added code to disallow compiling stunnel with pthreads when
OpenSSL is compiled without threads support.
- Minor manual update.
- TODO file updated.
- Dynamic locking callbacks added (needed by some engines to work).
- AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments.
- On some systems libwrap requires yp_get_default_domain from libnsl,
additional checking for libnsl was added to the ./configure script.
- Sending a list of trusted CAs for the client to choose the right
certificate restored.
- Some compatibility issues with NTLM authentication fixed.
spz [Tue, 27 May 2008 09:31:33 +0000 (09:31 +0000)]
ticket #2371
spz [Tue, 27 May 2008 09:29:41 +0000 (09:29 +0000)]
Pullup ticket 2371 - requested by tonnerre
security fix for mplayer and gmplayer
Revisions pulled up:
- pkgsrc/multimedia/mplayer-share/distinfo 1.50
- pkgsrc/multimedia/mplayer-share/patches/patch-al 1.3
- pkgsrc/multimedia/mplayer/Makefile 1.59
- pkgsrc/multimedia/gmplayer/Makefile 1.70
- pkgsrc/multimedia/gmplayer/distinfo 1.56
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 11 03:46:24 UTC 2008
Modified Files:
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-al
Log Message:
Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow
in the RealRTSP SDP code which can be exploited to execute arbitrary
code remotely.
To generate a diff of this commit:
cvs rdiff -r1.58 -r1.59 pkgsrc/multimedia/mplayer/Makefile
cvs rdiff -r1.49 -r1.50 pkgsrc/multimedia/mplayer-share/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/multimedia/mplayer-share/patches/patch-al
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Mon May 19 20:55:51 UTC 2008
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
Log Message:
Add patches for CVE-2008-1558 for gmplayer
To generate a diff of this commit:
cvs rdiff -r1.69 -r1.70 pkgsrc/multimedia/gmplayer/Makefile
cvs rdiff -r1.55 -r1.56 pkgsrc/multimedia/gmplayer/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
rtr [Mon, 26 May 2008 07:51:21 +0000 (07:51 +0000)]
ticket #2398
rtr [Mon, 26 May 2008 07:50:33 +0000 (07:50 +0000)]
pullup ticket #2398 - requested by adrianp
snort: update for fixes & security vulnerability
revisions pulled up:
- pkgsrc/net/snort/Makefile 1.37
- pkgsrc/net/snort/PLIST 1.27
- pkgsrc/net/snort/distinfo 1.43
Module Name: pkgsrc
Committed By: adrianp
Date: Sun May 25 23:49:07 UTC 2008
Modified Files:
pkgsrc/net/snort: Makefile PLIST distinfo
Log Message:
Update to 2.8.1
Includes fix for CVE-2008-1804
[*] New Additions
* Target-Based support to allow rules to use an attribute table
describing services running on various hosts on the network.
Eliminates reliance on port-based rules.
* Support for GRE encapsulation for both IPv4 & IPv6.
* Support for IP over IP tunneling for both IPv4 & IPv6.
* SSL preprocessor to allow ability to not inspect encrypted traffic.
* Ability to read mulitple PCAPs from the command line.
* Support for new CVS rule detection options.
[*] Improvements
* Update to HTTP Inspect to identify overly long HTTP header fields.
* Updates to IPv6 support, including changes to avoid namespace
conflicts for certain Operating systems.
* Updates to address issues seen on various Sparc platforms.
* Stricter enforcement of shared object versions to avoid API
conflicts.
rtr [Fri, 23 May 2008 11:40:13 +0000 (11:40 +0000)]
ticket #2397
rtr [Fri, 23 May 2008 11:39:51 +0000 (11:39 +0000)]
pullup ticket #2397 - requested by tnn
gnutls: update for security fixes
revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.69
- pkgsrc/security/gnutls/distinfo 1.44
Module Name: pkgsrc
Committed By: tnn
Date: Thu May 22 13:18:52 UTC 2008
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to gnutls-2.2.5.
* Version 2.2.5 (released 2008-05-19)
Fix flaw in fix for GNUTLS-SA-2008-1-3.
* Version 2.2.4 (released 2008-05-19)
Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
[GNUTLS-SA-2008-1-1]
libgnutls: Fix crash when sending invalid server name.
[GNUTLS-SA-2008-1-2]
libgnutls: Fix crash when sending repeated client hellos.
[GNUTLS-SA-2008-1-3]
libgnutls: Fix crash in cipher padding decoding for invalid record
lengths.
* Version 2.2.3 (released 2008-05-06)
Increase default handshake packet size limit to 48kb.
Fix compilation error related to __FUNCTION__ on some systems.
Documented the --priority option to gnutls-cli and gnutls-serv.
Fix fopen file descriptor leak in PSK server code.
Build Guile code with -fgnu89-inline only when supported.
Make Camellia encryption work.
rtr [Fri, 23 May 2008 11:16:19 +0000 (11:16 +0000)]
ticket #2396
rtr [Fri, 23 May 2008 11:15:58 +0000 (11:15 +0000)]
pullup ticket #2396 - requested by tron
wterm: security fix
revisions pulled up:
- pkgsrc/x11/wterm/Makefile 1.35
- pkgsrc/x11/wterm/distinfo 1.11
- pkgsrc/x11/wterm/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: tron
Date: Thu May 22 12:30:44 UTC 2008
Modified Files:
pkgsrc/x11/wterm: Makefile distinfo
Added Files:
pkgsrc/x11/wterm/patches: patch-af
Log Message:
Don't try to use the X11 display ":0" if the display not defined because
":0" might not belong to current user. This fixes CVE-2008-1142.
rtr [Fri, 23 May 2008 10:26:16 +0000 (10:26 +0000)]
ticket #2392
rtr [Fri, 23 May 2008 10:25:50 +0000 (10:25 +0000)]
pullup ticket #2392 - requested by simonb, tron
libid3tag: fix end of string check
revisions pulled up:
- pkgsrc/audio/libid3tag/Makefile 1.22
- pkgsrc/audio/libid3tag/distinfo 1.4,1.5
- pkgsrc/audio/libid3tag/patches/patch-ab 1.1,1.2
Module Name: pkgsrc
Committed By: simonb
Date: Tue May 20 13:31:39 UTC 2008
Modified Files:
pkgsrc/audio/libid3tag: Makefile distinfo
Added Files:
pkgsrc/audio/libid3tag/patches: patch-ab
Log Message:
Check for end-of-string when parsing a stringlist field.
Problem and fix originally reported by Kentaro Oda to the mad-dev
mailing list.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109
for some more info.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed May 21 09:42:13 UTC 2008
Modified Files:
pkgsrc/audio/libid3tag: distinfo
pkgsrc/audio/libid3tag/patches: patch-ab
Log Message:
Fix broken URL and correct incorrect patch checksum.
ghen [Thu, 22 May 2008 14:02:26 +0000 (14:02 +0000)]
Tickets #2390, 2393, 2395.
ghen [Thu, 22 May 2008 14:01:10 +0000 (14:01 +0000)]
Pullup ticket 2395 - requested by tron
security fix for mtr
- pkgsrc/net/mtr/Makefile 1.49
- pkgsrc/net/mtr/distinfo 1.23
- pkgsrc/net/mtr/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: tron
Date: Thu May 22 12:10:49 UTC 2008
Modified Files:
pkgsrc/net/mtr: Makefile distinfo
Added Files:
pkgsrc/net/mtr/patches: patch-ac
Log Message:
Implement a fix for the security vulnerability reported in
<http://seclists.org/fulldisclosure/2008/May/0488.html>.
ghen [Thu, 22 May 2008 13:54:10 +0000 (13:54 +0000)]
Pullup ticket 2393 - requested by drochner
security fixes for libvorbis
- pkgsrc/audio/libvorbis/Makefile 1.47
- pkgsrc/audio/libvorbis/distinfo 1.15
- pkgsrc/audio/libvorbis/patches/patch-aa 1.3
- pkgsrc/audio/libvorbis/patches/patch-ab 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 14 16:36:18 UTC 2008
Modified Files:
pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
pkgsrc/audio/libvorbis/patches: patch-aa patch-ab
Log Message:
pull some patches from upstream CVS to fix integer overflows /
buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423),
bump PKGREVISION
ghen [Thu, 22 May 2008 13:46:34 +0000 (13:46 +0000)]
Pullup ticket 2390 - requested by joerg
security fix for py-django
- pkgsrc/www/py-django/Makefile 1.11
- pkgsrc/www/py-django/distinfo 1.6
- pkgsrc/www/py-django/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Tue May 20 13:46:49 UTC 2008
Modified Files:
pkgsrc/www/py-django: Makefile distinfo
Added Files:
pkgsrc/www/py-django/patches: patch-aa
Log Message:
Fix a CSS issue in the login page of the admin module. Bump revision.
tron [Wed, 21 May 2008 16:20:51 +0000 (16:20 +0000)]
Pullup ticket #2394.
tron [Wed, 21 May 2008 16:20:33 +0000 (16:20 +0000)]
Pullup ticket 2394 - requested by ghen
Security update for thunderbird and thunderbird-gtk1
- mail/thunderbird-gtk1/Makefile 1.17
- mail/thunderbird/Makefile-thunderbird.common 1.35
- mail/thunderbird/distinfo 1.45
Module Name: pkgsrc
Committed By: ghen
Date: Tue May 20 11:51:55 UTC 2008
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo
Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.14 (2.0.0.13 was skipped to
stay on par with Firefox version numbering?)
Security fixes in this version:
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.14/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue May 20 11:52:50 UTC 2008
Modified Files:
pkgsrc/mail/thunderbird-gtk1: Makefile
Log Message:
Unbump PKGREVISION for 2.0.0.14 update.
tron [Wed, 21 May 2008 13:02:17 +0000 (13:02 +0000)]
Pullup ticket #2391.
tron [Wed, 21 May 2008 13:01:02 +0000 (13:01 +0000)]
Pullup ticket 2391 - requested by joerg
Security fix for lighttpd
Revisions pulled up:
- www/lighttpd/Makefile 1.21
- www/lighttpd/distinfo 1.14
- www/lighttpd/patches/patch-aa 1.9
- www/lighttpd/patches/patch-ac 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Fri Apr 25 19:58:17 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ac
Log Message:
Fix a potential DOS when using SSL. Bump revision.
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue May 20 14:22:50 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: Makefile
Log Message:
Belatedly bump revision for CVE-2008-1531 fix.
tron [Mon, 19 May 2008 17:39:20 +0000 (17:39 +0000)]
Pullup ticket #2386.
tron [Mon, 19 May 2008 17:35:17 +0000 (17:35 +0000)]
Pullup ticket 2386 - requested by tonnerre
security update for blender
Revisions pulled up:
- graphics/blender/Makefile 1.61
- graphics/blender/patches/patch-ae 1.7
- graphics/blender/distinfo 1.24
- graphics/blender/patches/patch-af 1.6
- graphics/blender/patches/patch-ag 1.6
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat May 17 10:33:15 UTC 2008
Modified Files:
pkgsrc/graphics/blender: Makefile distinfo
Added Files:
pkgsrc/graphics/blender/patches: patch-ae patch-af patch-ag
Log Message:
Fix CVEs CVE-2008-1102 and CVE-2008-1102 for blender:
- Fix arbitrary code execution vulnerability in .bend files which
contain a crafted RGBE file (CVE-2008-1102).
- Create various temporary files in safer paths (CVE-2008-1103).
spz [Sun, 18 May 2008 15:47:32 +0000 (15:47 +0000)]
pullup tickets #2388 and #2389
spz [Sun, 18 May 2008 15:46:13 +0000 (15:46 +0000)]
Pullup ticket 2389 - requested by tron
security update for tk
Revisions pulled up:
- pkgsrc/x11/tk/Makefile.version 1.8
- pkgsrc/x11/tk/PLIST 1.10
- pkgsrc/x11/tk/distinfo 1.32
Module Name: pkgsrc
Committed By: bjs
Date: Mon Apr 7 15:14:10 UTC 2008
Modified Files:
pkgsrc/x11/tk: Makefile.version PLIST distinfo
Log Message:
Update to version 8.4.18. Way too many changes to list here--please
see ChangeLog. Insofar as I can tell, all of the changes are bug fixes
(and some backports from HEAD for Darwin).
To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/x11/tk/Makefile.version
cvs rdiff -r1.9 -r1.10 pkgsrc/x11/tk/PLIST
cvs rdiff -r1.31 -r1.32 pkgsrc/x11/tk/distinfo
spz [Sun, 18 May 2008 15:34:59 +0000 (15:34 +0000)]
Pullup ticket 2388 - requested by tron
security update for tcl
Revisions pulled up:
- pkgsrc/lang/tcl/Makefile.version 1.8
- pkgsrc/lang/tcl/distinfo 1.42
Module Name: pkgsrc
Committed By: bjs
Date: Mon Apr 7 15:16:40 UTC 2008
Modified Files:
pkgsrc/lang/tcl: Makefile.version distinfo
Log Message:
Update to version 8.4.18. Distilled list of non-Windows changes:
* generic/tclInterp.c (Tcl_GetAlias): fix for [Bug 1882373]
* generic/regguts.h, generic/regc_color.c, generic/regc_nfa.c:
Fixes for problems created when processing regular expressions that
generate very large automata. An enormous number of thanks to Will
Drewry <wad@google.com>, Tavis Ormandy <taviso@google.com>, and Tom
Lane <tgl@sss.pgh.pa.us> from the Postgresql crowd for their help in
tracking these problems down. [Bug 1810264]
* unix/tclUnixCompat.c (TclpGetHostByName): Really applied
the change noted on 2007-11-13 by dkf below.
* generic/tclIOUtil.c (TclGetOpenMode): Only set the O_APPEND flag
* tests/ioUtil.test (ioUtil-4.1): on a channel for the 'a'
mode and not for 'a+'. [Bug 1773127] (backport from HEAD)
* generic/tclCmdIL.c (Tcl_LsearchObjCmd): Prevent shimmering crash
when -exact and -integer/-real are mixed. [Bug 1844789]
* generic/tclThread.c: Back-port locking changes from Tcl8.5
in Tcl_Mutex/ConditionFinlize. Now we properly master-lock
the finalization of sync primitives.
* generic/regc_nfa.c: Fixed infinite loop in the regexp compiler
* generic/regcomp.c: [Bug 1810038]. Corrected looping logic in
* tests/regexp.test: fixempties() to avoid wasting time walking a
list of dead states [Bug 1832612]. Convert optst() from expensive
no-op to a cheap no-op. Improve newline usage in debug output.
* unix/tclUnixCompat.c (TclpGetHostByName): The six-argument form of
getaddressbyname_r() uses the fifth argument to indicate whether the
lookup succeeded or not on at least one platform. [Bug 1618235]
* generic/regc_lex.c (lexescape): Ensure that backreference numbers
can't overflow a signed int in a way that breaks things. [Bug 1810264]
* generic/tclParse.c (Tcl_ParseBraces): fix for possible read
after the end of buffer, [Bug 1813528] (Joe Mistachkin).
* generic/tclObj.c (Tcl_FindCommandFromObj): fix finding a deleted
command; cannot trigger this from Tcl itself, but crash reported
on xotcl. This check is new to 8.4 but exists in 8.5, so this is a
backport or something. Thanks Gustaf Neumann.
* generic/tcl.h (Tcl_DecrRefCount): Update change from 2006-05-29
to make macro more warning-robust in unbraced if code.
To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/lang/tcl/Makefile.version
cvs rdiff -r1.41 -r1.42 pkgsrc/lang/tcl/distinfo
spz [Sun, 18 May 2008 15:12:48 +0000 (15:12 +0000)]
pullup ticket #2387
spz [Sun, 18 May 2008 15:12:05 +0000 (15:12 +0000)]
Pullup ticket 2387 - requested by tron
security update for net-snmp
Revisions pulled up:
- pkgsrc/net/net-snmp/Makefile 1.68
- pkgsrc/net/net-snmp/distinfo 1.43
- pkgsrc/net/net-snmp/patches/patch-ad 1.5
Module Name: pkgsrc
Committed By: tron
Date: Sun May 18 11:59:54 UTC 2008
Modified Files:
pkgsrc/net/net-snmp: Makefile distinfo
Added Files:
pkgsrc/net/net-snmp/patches: patch-ad
Log Message:
Add patch from the Net-SNMP SVN repository to fix a buffer overflow in
the Perl SNMP module reported in SA30187.
To generate a diff of this commit:
cvs rdiff -r1.67 -r1.68 pkgsrc/net/net-snmp/Makefile
cvs rdiff -r1.42 -r1.43 pkgsrc/net/net-snmp/distinfo
cvs rdiff -r0 -r1.5 pkgsrc/net/net-snmp/patches/patch-ad
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
rtr [Sat, 17 May 2008 03:10:36 +0000 (03:10 +0000)]
ticket #2385
rtr [Sat, 17 May 2008 03:10:13 +0000 (03:10 +0000)]
pullup ticket #2385 - requested by obache
ap2-suphp: update package for fixes
revisions pulled up:
- pkgsrc/www/ap2-suphp/Makefile 1.14
- pkgsrc/www/ap2-suphp/distinfo 1.4
- pkgsrc/www/ap2-suphp/patches/patch-aa 1.3
- pkgsrc/www/ap2-suphp/patches/patch-ab r0
Module Name: pkgsrc
Committed By: obache
Date: Sat May 17 02:37:25 UTC 2008
Modified Files:
pkgsrc/www/ap2-suphp: Makefile distinfo
pkgsrc/www/ap2-suphp/patches: patch-aa
Removed Files:
pkgsrc/www/ap2-suphp/patches: patch-ab
Log Message:
Update ap2-suphp to 0.6.3.
While here, add DESTDIR support and more adapt sample config file to default settings.
* Version 0.6.3 (30 March 2008)
- Fixed a possible race condition concerning the check for the
right symlink owner.
- Added checks for the owner of the parent directories were added.
* Version 0.6.2 (19 November 2006)
- Made mod_suphp compatible with Apache 2.2
- Modified SmartPtr implementation (hopefully) fixing
double free problem
- Fixed problem that caused the process to block
when more than 4096 were written to stderr
- Implemented userdir support
- Fixed problem with PATH_INFO and PHP scripts
* Version 0.6.1 (26 November 2005)
- Changed usage of STL to gain better compatibility with old GCC versions
(credits to Jeremy Chadwick for finding the relevant code)
- Fixed typos in mod_suphp.c (Apache 1.3)
(credits to Johan Ekenberg for finding these typos)
- Fixed potential buffer overflow in function suphp_bucket_read() in
src/apache2/mod_suphp.c
- Fix problems with scripts sending "Last-Modified" headers
- Extended autoconf script to look for an installation of APR
and to use its includedir when building mod_suphp for Apache 2
- Added support for chroot() call before execution of script
rtr [Fri, 16 May 2008 13:53:51 +0000 (13:53 +0000)]
ticket #2384
rtr [Fri, 16 May 2008 13:53:20 +0000 (13:53 +0000)]
pullup ticket #2384 - requested by obache
liblive: update package fixes & security vulnerabilities
revisions pulled up:
- pkgsrc/net/liblive/Makefile
- pkgsrc/net/liblive/PLIST
- pkgsrc/net/liblive/distinfo
Module Name: pkgsrc
Committed By: obache
Date: Sat Apr 26 11:38:43 UTC 2008
Modified Files:
pkgsrc/net/liblive: Makefile PLIST distinfo
Log Message:
Update liblive to 2008.04.09.
draw upon a patch to update for 2007.01.17 in PR 38038
While here, add DESTDIR support and fix permission of installed libraries.
2008.04.09:
- Corrected a type-related bug in "RTPInterface::handleRead()". (Thanks to Brain Lai for noting this.)
- Fixed a bug in "RTSPClient" that would prevent RTCP "RR" reports from being sent to
the correct multicast address when we are receiving a multicast stream. (Thanks to Changjin Liu for noticing this.)
2008.04.03:
- Fixed a bug that was introduced in the "2007.12.27" release. The "timeout" parameter to the call to
"readSocket" in "SocketDescriptor::tcpReadHandler()" in "RTPInterface.cpp" needed to be initialized
(to zero) first. (Thanks to Lodewijk Loos for alerting us to this problem.)
- Added a new config file "config.bfin-linux-uclibc", and renamed "config.bfin_uclinux" as "config.bfin-uclinux".
(Thanks to Mike Frysinger.)
2008.02.08:
- Added a hack (suggested by "Romain") to "MPEG2TransportStreamFramer" to (perhaps)
produce more accurate per-transport-packet duration estimates for wildly VBR streams.
- Updated "MPEG2TransportStreamMultiplexor" to support the addition of MPEG-4 Audio or Video Elementary Streams.
- Updated "RTSPOverHTTPServer.cpp" (a work in progress) so that it complies properly for some versions of
Visual Studio on Windows. (Thanks to Eric Flickner for noting this.)
2008.01.19:
- Corrected the "getNormalPlayTime()" function - introduced in the previous release - to allow for 'trick play'
scale factors other than 1.
2008.01.18:
- Added a new member function
float MediaSubsession::getNormalPlayTime()
which - given a stream's current presentation time - returns the "Normal Play Time".
This function is useful for RTSP streams.
- Added support for a "a=control:" URL specified in the SDP description at the session level.
2008.01.04:
- Changed the "RTSPClient" timeout - introduced in the previous release - from
5s to 30s.
- Added support for setting and returning the RTSP session start time (as well as the end time).
(This eliminates the need for the "live-starttime.patch" file that VLC was using.)
- Updated some of the system-specific configuration files, to eliminate the need for many of the patches that
the VLC developers added to their code.
2007.12.27:
- Added a 5s timeout to the "RTSPClient" code that checks for RTSP responses.
This mirrors a change that was already being done to VLC's copy of the code.
(This is still a short-term fix, until the "RTSPClient" code is rewritten to
properly use asynchronous I/O, using the event loop.)
- Added a timeout to the "readSocket()" call in "SocketDescriptor::tcpReadHandler()" in "RTPInterface.cpp",
to handle reading RTP-over-TCP data. This allows for the possibility of non-cooperative RTSP clients.
(Thanks to Peter Leese for this suggestion.) This is probably not a complete solution;
more thought is needed...
2007.12.07:
- Fixed "H2633plusVideoFileServerMediaSubsession" to properly use a dynamic RTP payload type, rather than the
static type 34 (which is reserved for the now-obsolete old "video/H263" RTP payload format).
2007.12.06:
- Updated "JPEGVideoRTPSource" to take optional 'default width' and 'default height' parameters.
These parameters can be set by fields in the SDP description, and can be used to specifiy unusually
large frame widths and/or heights. (Thanks to Andrey Filippov.)
2007.11.18:
- Fixed a couple of memory leaks in "DarwinInjector". (Thanks to Eyal Beit-Halachmi for noting these.)
- Removed old 'backwards compatibility' stuff from "FramedSource". (Noone should be relying upon this any more.)
- Fixed a bounds-checking error in "parseRTSPRequestString()" caused by an int vs. unsigned problem.
(Thanks to Luigi Auriemma for noting this.)
- In "RTSPClient.cpp", fixed a couple of "unsigned" vs. "int" nits. (Thanks for Brain Lai for noting this.)
2007.11.01:
- Several of the options to "openRTSP" have now been changed, with two new options added:
-s <initial-seek-time>
-z <scale>
See the "openRTSP" documentation <http://www.live555.com/openRTSP/> for details.
- Fixed a bug in the way that "MPEG4VideoStreamDiscreteFramer" parses 'config' information (for inclusion in
the stream's SDP description). (Thanks to Nicola Bova for helping to identify this bug.)
- Eliminated a potential memory (and socket) leak when allocating server RTP,RTCP socket pairs.
(Thanks to David Pan for reporting this.)
- Updated "ByteStreamFileSource" to treat a 0-byte file read the same as EOF.
- Ensure that we have reasonable OS buffering for writes on non-blocking sockets.
2007.08.03a:
- Removed a debugging printf() that had been left in by mistake. (Thanks to Massimo Zito for noticing this.)
2007.08.03:
- Updated the "RTSPServer" implementation to work better on systems with more than one IP address.
The server will now include - in its RTSP responses - the IP address on which the corresponding incoming request
was received.
2007.07.25:
- Added some sanity checks to various "MediaSink" subclasses, in case "fSource" is NULL.
(Thanks to Andrey Kaminsky for noting one of these.)
2007.07.10:
- Made sure that "MPEG2TransportStreamFramer"s estimate of the average duration of each Transport Packet
gets updated correctly after each 'seek' operation. (Thanks to Massimo Zito for suggesting this.)
- Fixed a bug in "MPEG2TransportStreamFromESSource" that was causing presentation
timestamps to not be generated correctly. (Thanks to Massimo Zito for noticing this.)
2007.07.01:
- Fixed a bug in "RTSPServer" and "RTSPClient" that would cause problems when streaming
files whose names have spaces in them.
- Fixed a bug in "OnDemandServerMediaSubsession::deleteStream". (Thanks to Igor Bukanov.)
- Make the sockets for "RTPSource", "RTCPInstance" and "BasicUDPSource" non-blocking, even though they will be read
from only asynchronously, when packets arrive. The reason for this is that, in some OSs, reads on a blocking
socket can (allegedly) sometimes block, even if the socket was previously reported (e.g., by "select()") as
having data available. (This can supposedly happen if the UDP checksum fails, for example.)
(Thanks to Marc Neuberger for pointing this out.)
- Fixed a bug in "MPEG2TransportFileServerMediaSubsession.cpp" that was causing 2x
fast-forward to fail. (Some debugging code had been left in by mistake.)
2007.05.24:
- Modified "setupDatagramSocket()" to better handle setting "ReceivingInterfaceAddr" when creating a socket
to be used to send/receive multicast.
- Made a couple of minor changes to overcome some compilation errors that some people were apparently seeing.
2007.05.23:
- The RTSP server now includes the "source=" parameter in the response to a RTSP "SETUP" command.
This works around a bug in QuickTime Player that would cause it to not send RTCP "RR" packets
(when playing a unicast stream, and running on Mac OS X). (Thanks to Dave Singer et al at Apple for tracking
down this problem.)
- The RTSP server implementation no longer terminates the session if it returns 400 or 405 errors.
2007.04.24a:
- Fixed a problem in the new "RTSPOverHTTPServer" code that was causing some people compilation problems.
2007.04.24:
- Fixed a typo in "testOnDemandRTSPServer.cpp". (Thanks to Nils Grundback for noticing this.)
- Modified the signature of "RTSPServer::specialClientAccessCheck()" (defined in the previous revision) to add
a new "clientAddr" parameter (a "struct sockaddr_in"), to allow special access checking based on clients' IP
address.
- Make sure that the locale is set to "POSIX" when calling "toupper()" or "tolower()" on human-supplied strings.
(Thanks to Ismail Doenmez for noting this.)
2007.04.20:
- Modified "MPEG2TransportStreamMultiplexor" to set the "discontinuity_indicator" flag for the first
"adaptation_field" in the output Transport Stream.
- Changed "AMRAudioRTPSource" to more accurately report whether/when an interleaved frame's timestamp has
been synchronized using RTCP.
(Thanks to David Bertrand for this patch.)
- Made to a small fix to the previous revision's support for multicast streaming of raw UDP (nonstandard)
- Added a virtual function to "OnDemandServerMediaSubsession" for closing the stream source.
Subclasses can redefine this, if they wish, to do something smarter. (Thanks to Igor Bukanov for this patch.)
- Added support to "RTSPServer" for optionally performing special per-client access control, beyond the
standard Digest Authentication method. (Thanks to Igor Bukanov for this patch.)
- Made a minor optimization to "Groupsock.cpp". (Thanks to Maxim Petrov for this suggestion.)
- Added an initial implementation of RTSP-over-HTTP at the server level (it was already supported at the client level).
(Note: This code has not yet been completed, and doesn yet work, so don't try to use it.)
2007.02.20:
- Updated "RTSPServer" to support multicast streaming of raw UDP streams (nonstandard).
(Thanks to Aesmund Grammeltvedt for this modification.)
- Made "RTSPClient" a little more robust in case the TCP connection fails.
- Made "RTPSink::rtpmapLine()" virtual (as requested by Andrew Voznytsa).
- Removed an archaic (no longer used) declaration in "groupsock/include/Groupsock.hh".
- Added an optional "allowKasennaProtocol" parameter to "RTSPClient::describeWithPassword()"
(similar to "RTSPClient::describeURL()"). (Thanks to Igor Bukanov for this suggestion.)s
2007.01.17:
- Fixed a bug that would cause the "MPEG2TransportStreamIndexer" application to fail when run on a big-endian
architecture.
- Added a new cl "H264VideoFileSink", that prepends each incoming H.264 NAL unit with the prefix 0x000001,
before writing it to the file. Also updated the "openRTSP" code to use this, when receiving H.264/RTP streams.
(Thanks to Chris Kuiper for contributing this.)
- Added a temporary #ifdef to "GroupsockHelper.cpp" to work around a compliation problem when building
for Cygwin.
2007.01.11:
- Improved the "MPEG2IndexFromTransportStream" class to recogize Transport Stream
PAT and PMT (tables). This in turn makes the "MPEG2TransportStreamIndexer"
utility more robust.
- Fixed a minor bug in "MPEG2TransportStreamFromESSource".
2007.01.09:
- Added RTSP server support for 'trick play' operations on MPEG-2 Transport Stream
files. This requires the presence of a ".tsx" indexle for each ".ts" file.
(This functionality will shortly be documented on the LIVE555 web site,
and announced on the "live-devel" mailing list.)
- Improved the performance of asynchronous file reading in "ByteStreamFileSource".
(Thanks to Aesmund Grammeltvedt for this suggestion.)
- Added "-D_FILE_OFFSET_BITS=64" to the "COMPILE_OPTS" line for each of the Linux config files, in order to
alleviate possible problems with I/O on large files.
2006.12.31:
- We now implement "ByteStreamFileSource" on Windows using synchronous file reads,
by default. I had thought that Windows XP had fixed the problem - present in
earlier versions of Windows - whereby open files are not treated as select()able
sockets. But apparently the problem is still there.
- Added code that will - probably in the next release, very soon - support server
'trick mode' operations on MPEG-2 Transport Stream files. At present, we have two
new applications - in the "testProgs" directory - that help support this:
"MPEG2TransportStreamIndexer" create a special index file for a Transport Stream
file), and "testMPEG2TransportStreamTrickPlay" (to generate a new Transport Stream
file that simulates a 'trick play' operation performed on the original Transport
Stream file). See my forthcoming post to the "live-devel" mailing list for more
details.
- Fixed a bug in the Base64 encoding routine. (Thanks to Sebastian Gracias for reporting this.)
2006.12.08:
- Made sure that each TCP socket used by a "RTSPserver" is non-blocking, so that a slow or hanging client
cannot hang a server. (Thanks to "jers (at) inwind.it" for this suggestion.)
rtr [Fri, 16 May 2008 12:12:45 +0000 (12:12 +0000)]
ticket #2383
rtr [Fri, 16 May 2008 12:12:14 +0000 (12:12 +0000)]
pullup ticket #2383 - requested by obache
centerim: update package bug & security fixes
revisions pulled up:
- pkgsrc/chat/centerim/Makefile 1.7
- pkgsrc/chat/centerim/PLIST 1.3
- pkgsrc/chat/centerim/distinfo 1.3
- pkgsrc/chat/centerim/patches/patch-aa 1.2
- pkgsrc/chat/centerim/patches/patch-ac 1.2
- pkgsrc/chat/centerim/patches/patch-an 1.2
- pkgsrc/chat/centerim/patches/patch-av 1.2
- pkgsrc/chat/centerim/patches/patch-au r0
- pkgsrc/chat/centerim/patches/patch-aw r0
- pkgsrc/chat/centerim/patches/patch-ax r0
- pkgsrc/chat/centerim/patches/patch-ay r0
- pkgsrc/chat/centerim/patches/patch-az r0
- pkgsrc/chat/centerim/patches/patch-ba r0
- pkgsrc/chat/centerim/patches/patch-bb 1.1
Module Name: pkgsrc
Committed By: obache
Date: Tue May 13 15:15:51 UTC 2008
Modified Files:
pkgsrc/chat/centerim: Makefile PLIST distinfo
pkgsrc/chat/centerim/patches: patch-aa patch-ac patch-an patch-av
Added Files:
pkgsrc/chat/centerim/patches: patch-bb
Removed Files:
pkgsrc/chat/centerim/patches: patch-au patch-aw patch-ax patch-ay
patch-az patch-ba
Log Message:
Update centerim to 4.22.5.
Based on patch provided in PR 38624.
'cicqconv' command is renamed for 'cimconv', conflict with centericq is gone away.
2008-04-08 New version (4.22.5) released.
This release fixes various segfaults in the Yahoo protocol. It also introduces a
bar which displays all open chats nicely.
2008-03-29 New version (4.22.4) released.
This release fixes the possible url exploit described in CVE-2008-1467. It also
makes CenterIM ready for the Yahoo protocol change kicking in on 2nd april 2008.
2008-03-11 New version (4.22.3) released.
This version fixes the various ICQ contact list issues (e.g adding contacts
should now work).
2007-12-08 New version (4.22.2) released.
More than 90 fixes/improvements have been added to centerim since our last
release in June. The main fixes included are:
* Fixed bug in msn login when the server sent a NOT message
* Fixed bug in ICQ protocol which prevented others from seeing your presence
(partial)
* New version tracking/updating (Thanks to David Riebenbauer for this helpful
feature)
* Added an "Out for Lunch" state
rtr [Thu, 15 May 2008 11:13:49 +0000 (11:13 +0000)]
ticket #2382
rtr [Thu, 15 May 2008 11:13:26 +0000 (11:13 +0000)]
pullup ticket #2382 - requested by adrianp
mantis: update for bug and security fixes
revisions pulled up:
- pkgsrc/devel/mantis/Makefile 1.30
- pkgsrc/devel/mantis/PLIST 1.11
- pkgsrc/devel/mantis/distinfo 1.11
Module Name: pkgsrc
Committed By: adrianp
Date: Wed May 14 21:43:06 UTC 2008
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Mantis 1.1.1 Released
This is a maintenance release for the 1.1.x branch. It includes a fix for PHP 4 support (#8681 stripos), several fixes for SOAP API, a security fix, and other minor bug fixes.
Mantis 1.1.0 Released
After 4 alpha releases, 3 release candidates and over 400 features and bug fixes, Mantis 1.1.0 gold is finally released. The highlights of the Mantis 1.1.0 release include:
1. Inclusion of MantisConnect (SOAP API) out of the box
2. Wiki integration (dokuwiki, mediawiki, xwiki),
3. Email queuing,
4. Gravatar integration,
5. DB2 support,
6. Tagging,
7. Filtering perma links,
8. Time tracking,
9. Twitter integration,
10. UTF8 support,
11. Generic configuration page,
12. Show last visited issues,
13. XHTML compliance,
14. Authenticated RSS
rtr [Thu, 15 May 2008 10:48:44 +0000 (10:48 +0000)]
ticket #2381
rtr [Thu, 15 May 2008 10:48:21 +0000 (10:48 +0000)]
pullup ticket #2381 - requested by adrianp
bugzilla3: bug fixes, cross-site scripting fixes
revisions pulled up:
- pkgsrc/devel/bugzilla3/Makefile 1.5
- pkgsrc/devel/bugzilla3/PLIST 1.2
- pkgsrc/devel/bugzilla3/distinfo 1.3
Module Name: pkgsrc
Committed By: adrianp
Date: Tue May 6 19:45:54 UTC 2008
Modified Files:
pkgsrc/devel/bugzilla3: Makefile PLIST distinfo
Log Message:
3.0.4
* Bugzilla administrators were not being correctly notified about new releases. (Bug 414726)
* There could be extra whitespace in email subject lines. (Bug 411544)
* The priority, severity, OS, and platform fields were always required by the Bug.create WebService function, even if they had defaults specified. (Bug 384009)
* Better threading of bugmail in some email clients. (Bug 376453)
* There were many fixes to the Inbound Email Interface (email_in.pl). (Bug 92274, Bug 377025, Bug 412943, Bug 413672, and Bug 431721)
* checksetup.pl now handles UTF-8 conversion more reliably during upgrades. (Bug 374951)
* Comments written in CJK languages are now correctly word-wrapped. (Bug 388723)
* All emails will now be sent in the correct language, when the user has chosen a language for emails. (Bug 405946)
* On Windows, temporary files created when uploading attachments are now correctly deleted when the upload is complete. (Bug 414002)
* checksetup.pl now prints correct installation instructions for Windows users using Perl 5.10. (Bug 414430)
3.0.3
* mod_perl no longer compiles Bugzilla's code for each Apache process individually. It now compiles code only once and shares it among each Apache process. This greatly improves performance and highly decreases the memory footprint. (Bug 398241)
* You can now search for '---' (without quotes) in versions and milestones. (Bug 362436)
* Bugzilla should no longer break lines unnecessarily in email subjects. This was causing trouble with some email clients. (Bug 374424)
* If you had selected "I'm added to or removed from this capacity" option for the "CC" role in your email preferences, you wouldn't get mail when more than one person was added to the CC list at once. (Bug 394796)
* Deleting a user account no longer deletes whines from another user who has the deleted account as addressee. The schedule is simply removed, but the whine itself is left intact. (Bug 395924)
* contrib/merge-users.pl now correctly merges all required fields when merging two user accounts. (Bug 400160)
* Bugzilla no longer requires Apache::DBI to run under mod_perl. It caused troubles such as lost connections with the DB and didn't give any important performance gain. (Bug 408766)
Security Fixes:
Unauthorized Bug Change
Cross-Site Scripting
Account Impersonation (Minor)
rtr [Thu, 15 May 2008 10:33:25 +0000 (10:33 +0000)]
ticket #2380
rtr [Thu, 15 May 2008 10:33:01 +0000 (10:33 +0000)]
pullup ticket #2380 - requested by adrianp
bugzilla: update for cross-site scripting vulnerability
revisions pulled up:
- pkgsrc/devel/bugzilla/Makefile
- pkgsrc/devel/bugzilla/PLIST
- pkgsrc/devel/bugzilla/distinfo
Module Name: pkgsrc
Committed By: adrianp
Date: Tue May 6 19:36:39 UTC 2008
Modified Files:
pkgsrc/devel/bugzilla: Makefile PLIST distinfo
Log Message:
2.22.4
Class: Cross-Site Scripting
Versions: 2.17.2 and higher
Description: When using the "Format for Printing" view of a bug (or
the "Long Format" of a bug list, which is the same thing),
there was a cross-site scripting hole--arbitrary text
from a particular URL parameter could be injected into the
page without filtering.
rtr [Thu, 15 May 2008 10:06:10 +0000 (10:06 +0000)]
ticket #2379
rtr [Thu, 15 May 2008 10:05:42 +0000 (10:05 +0000)]
pullup ticket #2379 - requested by adrianp
mt-daapd: security updates for dos vulnerabilities
revisions pulled up:
- pkgsrc/audio/mt-daapd/Makefile
- pkgsrc/audio/mt-daapd/distinfo
- pkgsrc/audio/mt-daapd/patches/patch-ac
Module Name: pkgsrc
Committed By: adrianp
Date: Wed May 14 21:12:12 UTC 2008
Modified Files:
pkgsrc/audio/mt-daapd: Makefile distinfo
pkgsrc/audio/mt-daapd/patches: patch-ac
Log Message:
0.2.4.2
Small bug fixes for port order on mdns advertisement on intel macs, playlists based on bitrate. Primarly, though, this release is to apply fix for CVE-2008-1771. Thanks to Nico Golde for bringing it to light.
0.2.4.1
Security updates for two DOS and one format string vulnerability.
rtr [Thu, 15 May 2008 09:56:58 +0000 (09:56 +0000)]
ticket #2378
rtr [Thu, 15 May 2008 09:56:31 +0000 (09:56 +0000)]
pullup ticket #2378 - requested by adrianp
php5: many security fixes
revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.64
- pkgsrc/lang/php5/Makefile.common 1.29
- pkgsrc/lang/php5/distinfo 1.52
Module Name: pkgsrc
Committed By: adrianp
Date: Sun May 4 16:50:44 UTC 2008
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Log Message:
Security Enhancements and Fixes in PHP 5.2.6:
Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
Upgraded bundled PCRE to version 7.6
Key enhancements in PHP 5.2.6 include:
* Fixed two possible crashes inside the posix extension.
* Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=)
* Fixed bug 44141 (private parent constructor callable through static function).
* Fixed bug 43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call).
* Fixed bug 43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
* Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class).
* Fixed bug 42736 (xmlrpc_server_call_method() crashes).
* Fixed bug 42369 (Implicit conversion to string leaks memory).
* Fixed bug 41562 (SimpleXML memory issue).
* Over 120 bug fixes.
rtr [Thu, 15 May 2008 09:39:47 +0000 (09:39 +0000)]
ticket #2377
rtr [Thu, 15 May 2008 09:39:14 +0000 (09:39 +0000)]
pullup ticket #2377 - requested by taca
plone3, plone: resolves security vulberability
revisions pulled up:
- pkgsrc/www/plone/ploneversion.mk 1.4
- pkgsrc/www/plone3/MESSAGE 1.2
- pkgsrc/www/plone3/Makefile 1.4
- pkgsrc/www/plone3/PLIST 1.4
- pkgsrc/www/plone3/PLIST.common_end 1.3
- pkgsrc/www/plone3/distinfo 1.4
- pkgsrc/www/plone3/patches/patch-ab 1.1
- pkgsrc/www/plone3/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: taca
Date: Sat May 10 09:05:35 UTC 2008
Modified Files:
pkgsrc/www/plone: ploneversion.mk
Log Message:
Make PLONE3_VERSION to 3.1.1.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat May 10 09:06:00 UTC 2008
Modified Files:
pkgsrc/www/plone3: MESSAGE Makefile PLIST PLIST.common_end distinfo
Added Files:
pkgsrc/www/plone3/patches: patch-ab patch-ac
Log Message:
Update plone3 package to Plone 3.1.1. Changes from 3.0.6 is too many,
please refer http://plone.org/products/plone/releases and related links.
This release is full compatible with Plone 3.0.
rtr [Thu, 15 May 2008 08:45:24 +0000 (08:45 +0000)]
ticket #2376
rtr [Thu, 15 May 2008 08:44:57 +0000 (08:44 +0000)]
pullup ticket #2376 - requested by tonnerre
quagga: fixes denial of service
revisions pulled up:
- pkgsrc/net/quagga/Makefile 1.31
- pkgsrc/net/quagga/distinfo 1.10
- pkgsrc/net/quagga/patches/patch-ab 1.3
- pkgsrc/net/quagga/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue May 13 22:30:47 UTC 2008
Modified Files:
pkgsrc/net/quagga: Makefile distinfo
Added Files:
pkgsrc/net/quagga/patches: patch-ab patch-ac
Log Message:
Add patch for CVE-2007-1995 for stable quagga (NLRI attributes denial of
service).
rtr [Tue, 13 May 2008 12:56:00 +0000 (12:56 +0000)]
ticket #2375
rtr [Tue, 13 May 2008 12:55:30 +0000 (12:55 +0000)]
pullup ticket #2375 - requested by dholland
curl: fix broken build on netbsd 3
revisions pulled up:
- pkgsrc/www/curl/Makefile 1.82
- pkgsrc/www/curl/distinfo 1.55
- pkgsrc/www/curl/patches/patch-aa 1.12
Module Name: pkgsrc
Committed By: dholland
Date: Mon May 12 20:37:06 UTC 2008
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Added Files:
pkgsrc/www/curl/patches: patch-aa
Log Message:
Add explicit -lkrb5 with -lgssapi, when enabled. Fixes broken build
on NetBSD 3.x. PR pkg/38331. PKGREVISION++.
Ok: joerg
rtr [Tue, 13 May 2008 12:35:44 +0000 (12:35 +0000)]
ticket #2374
rtr [Tue, 13 May 2008 12:35:13 +0000 (12:35 +0000)]
pullup ticket #2374 - requested by tonnerre
netperf: fix for symlink vulnerability
revisions pulled up:
- pkgsrc/benchmarks/netperf/Makefile 1.5
- pkgsrc/benchmarks/netperf/distinfo 1.3
- pkgsrc/benchmarks/netperf/patches/patch-ah 1.1
- pkgsrc/benchmarks/netperf/patches/patch-ai 1.1
- pkgsrc/benchmarks/netperf/patches/patch-ak 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Mon May 12 15:49:31 UTC 2008
Modified Files:
pkgsrc/benchmarks/netperf: Makefile distinfo
Added Files:
pkgsrc/benchmarks/netperf/patches: patch-ah patch-ai patch-ak
Log Message:
Use mkstemp in netperf code to open the debug log in order to avoid
a symlink vulnerability. This fixes CVE-2007-1444.
rtr [Mon, 12 May 2008 10:57:19 +0000 (10:57 +0000)]
ticket #2373
rtr [Mon, 12 May 2008 10:56:49 +0000 (10:56 +0000)]
pullup ticket #2373 - requested by joerg
digest: bug fix, version bump
revisions pulled up:
- pkgsrc/pkgtools/digest/files/configure 1.14,1.15
- pkgsrc/pkgtools/digest/files/configure.ac 1.15
Module Name: pkgsrc
Committed By: joerg
Date: Sun May 11 18:38:15 UTC 2008
Modified Files:
pkgsrc/pkgtools/digest/files: configure
Log Message:
As workaround for PR 38625, rebuild with autoconf 2.61.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Sun May 11 18:39:21 UTC 2008
Modified Files:
pkgsrc/pkgtools/digest/files: configure configure.ac
Log Message:
Bump version to
20080510.
rtr [Mon, 12 May 2008 10:48:27 +0000 (10:48 +0000)]
ticket #2372
rtr [Mon, 12 May 2008 10:47:37 +0000 (10:47 +0000)]
pullup ticket #2372 - requested by tonnerre
licq-core: fix for DoS vulnerability
revisions pulled up:
- pkgsrc/chat/licq-core/Makefile 1.11
- pkgsrc/chat/licq-core/distinfo 1.13
- pkgsrc/chat/licq-core/patches/patch-aa 1.2
- pkgsrc/chat/licq-core/patches/patch-ab 1.3
- pkgsrc/chat/licq-core/patches/patch-ac 1.3
- pkgsrc/chat/licq-core/patches/patch-ag 1.5
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 11 04:12:34 UTC 2008
Modified Files:
pkgsrc/chat/licq-core: Makefile distinfo
pkgsrc/chat/licq-core/patches: patch-aa
Added Files:
pkgsrc/chat/licq-core/patches: patch-ab patch-ac patch-ag
Log Message:
Fix multiple connection handling Denial of Service vulnerability in licq
(CVE-2008-1996). Before this, the application would crash if too many
TCP connections are opened.
ghen [Sun, 11 May 2008 09:44:20 +0000 (09:44 +0000)]
Tickets #2368-2370.
ghen [Sun, 11 May 2008 09:42:59 +0000 (09:42 +0000)]
Pullup ticket 2370 - requested by tonnerre
security fix for bind 9
- pkgsrc/net/bind9/Makefile 1.97
- pkgsrc/net/bind9/distinfo 1.35
- pkgsrc/net/bind9/patches/patch-ap 1.3
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 11 00:00:59 UTC 2008
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
Added Files:
pkgsrc/net/bind9/patches: patch-ap
Log Message:
Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced
boundary check can be abused for implementation specific exploitation:
depending on the use of libbind, this can result in denial of service
or even remote code execution.
ghen [Sun, 11 May 2008 09:33:42 +0000 (09:33 +0000)]
Pullup ticket 2369 - requested by tonnerre
security fix for bind 8
- pkgsrc/net/bind8/Makefile 1.40
- pkgsrc/net/bind8/distinfo 1.22
- pkgsrc/net/bind8/patches/patch-ao 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 11 00:00:57 UTC 2008
Modified Files:
pkgsrc/net/bind8: Makefile distinfo
Added Files:
pkgsrc/net/bind8/patches: patch-ao
Log Message:
Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced
boundary check can be abused for implementation specific exploitation:
depending on the use of libbind, this can result in denial of service
or even remote code execution.
ghen [Sun, 11 May 2008 09:25:19 +0000 (09:25 +0000)]
Pullup ticket 2368 - requested by tonnerre
security fix for rdesktop
- pkgsrc/net/rdesktop/Makefile 1.34
- pkgsrc/net/rdesktop/distinfo 1.18
- pkgsrc/net/rdesktop/patches/patch-ac 1.5
- pkgsrc/net/rdesktop/patches/patch-ad 1.1
- pkgsrc/net/rdesktop/patches/patch-ae 1.1
- pkgsrc/net/rdesktop/patches/patch-af 1.1
- pkgsrc/net/rdesktop/patches/patch-ag 1.1
- pkgsrc/net/rdesktop/patches/patch-ah 1.1
- pkgsrc/net/rdesktop/patches/patch-ai 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat May 10 15:28:04 UTC 2008
Modified Files:
pkgsrc/net/rdesktop: Makefile distinfo
Added Files:
pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
patch-ag patch-ah patch-ai
Log Message:
Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.
1) An integer underflow error in iso.c when processing RDP requests can
be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
to cause a heap-based buffer overflow.
rtr [Sat, 10 May 2008 00:53:41 +0000 (00:53 +0000)]
ticket #2367
rtr [Sat, 10 May 2008 00:53:12 +0000 (00:53 +0000)]
pullup ticket #2367 - requested by joerg
digest: bug fixes for tiger & sha512
revisions pulled up:
- pkgsrc/pkgtools/digest/files/configure 1.13
- pkgsrc/pkgtools/digest/files/configure.ac 1.14
- pkgsrc/pkgtools/digest/files/sha2.c 1.9
- pkgsrc/pkgtools/digest/files/tiger.c 1.6
- pkgsrc/pkgtools/digest/files/tiger.h 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Fri May 9 15:00:32 UTC 2008
Modified Files:
pkgsrc/pkgtools/digest/files: configure configure.ac tiger.c tiger.h
Log Message:
digest-
20080509:
The tiger hash needs to run at least once through the update function,
even for empty input. The fix is different from the patch in PR 36565.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Fri May 9 16:19:57 UTC 2008
Modified Files:
pkgsrc/pkgtools/digest/files: sha2.c
Log Message:
Fix a bug in the SHA512 implementation that would be triggered if the
last block has exactly the length of a short fragment. This happened
incidently with two files in the NetBSD 4.0 release.
rtr [Fri, 9 May 2008 11:21:52 +0000 (11:21 +0000)]
ticket #2366
rtr [Fri, 9 May 2008 11:21:27 +0000 (11:21 +0000)]
pullup ticket #2366 - requested by obache
GraphicsMagick: security & bug fixes
revisions pulled up:
- pkgsrc/graphics/GraphicsMagick/Makefile
- pkgsrc/graphics/GraphicsMagick/PLIST
- pkgsrc/graphics/GraphicsMagick/buildlink3.mk
- pkgsrc/graphics/GraphicsMagick/distinfo
Module Name: pkgsrc
Committed By: obache
Date: Tue Apr 29 04:56:24 UTC 2008
Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile PLIST buildlink3.mk distinfo
Log Message:
Update GraphicsMagick to 1.1.12.
Significant changes associated with GraphicsMagick 1.1.12 (released April 28, 2008)
Security Fixes:
o Do not access X11 or invoke convenience or stealth delegate
programs based on the file extension. In particular, these file
extensions are rejected for consideration as a format specifier:
'autotrace', 'browse', 'dcraw', 'edit', 'gs-color',
'gs-color+alpha', 'gs-gray', 'gs-mono', 'launch', 'mpeg-encode',
'print', 'scan', 'show', 'win', 'xc', and 'x'.
Bugs Fixed:
o magick/effect.c: Should now compile for ARM CPU.
o TIFF: Don't request Kodak private tags since these cause some
versions of libtiff to misbehave.
o When performing string expansion of image attribute identifiers, skip
those which require access to image pixels if image pixels are not
present.
o CropImageToHBITMAP(), ImageToHBITMAP(): Fix leak of bitmap handle.
rtr [Fri, 9 May 2008 10:21:41 +0000 (10:21 +0000)]
ticket #2364
rtr [Fri, 9 May 2008 10:21:15 +0000 (10:21 +0000)]
pullup ticket #2364 - requested by joerg
py-moin: update to 1.6.3 for bug fix
revisions pulled up:
- pkgsrc/www/py-moin/Makefile 1.8
- pkgsrc/www/py-moin/PLIST 1.3
- pkgsrc/www/py-moin/distinfo 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 7 10:02:44 UTC 2008
Modified Files:
pkgsrc/www/py-moin: Makefile PLIST distinfo
Log Message:
Update to moin 1.6.3. This fixes bugs in the ACL parser for all entries
but Known: and All:, hierarchical ACL processing and the use of include
in rst files. Many other updates included as well.
rtr [Thu, 8 May 2008 14:22:33 +0000 (14:22 +0000)]
ticket #2362
rtr [Thu, 8 May 2008 14:21:48 +0000 (14:21 +0000)]
pullup ticket #2362 - requested by tonnerre
teTeX3-bin: fixes security vulnerability
revisions pulled up:
- pkgsrc/print/teTeX3-bin/Makefile 1.27
- pkgsrc/print/teTeX3-bin/distinfo 1.8,1.9
- pkgsrc/print/teTeX3-bin/patches/patch-am 1.1
- pkgsrc/print/teTeX3-bin/patches/patch-an 1.1
- pkgsrc/print/teTeX3-bin/patches/patch-at 1.1,1.2
- pkgsrc/print/teTeX3-bin/patches/patch-au 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Mon May 5 22:48:22 UTC 2008
Modified Files:
dule Name: pkgsrc
Committed By: tonnerre
Date: Tue May 6 09:24:20 UTC 2008
Modified Files:
pkgsrc/print/teTeX3-bin: distinfo
pkgsrc/print/teTeX3-bin/patches: patch-at
Log Message:
Remove RCSID from patch-at so it applies again
pkgsrc/print/teTeX3-bin: Makefile distinfo
Added Files:
pkgsrc/print/teTeX3-bin/patches: patch-am patch-an patch-at
patch-au
Log Message:
Fix various buffer overflow vulnerabilities in dvips and dviljk, and an
insecure temp file creation vulnerability in dvips. Fixes CVE-2007-5935,
CVE-2007-5936 and CVE-2007-5937. Bump PKGREVISION.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue May 6 09:24:20 UTC 2008
Modified Files:
pkgsrc/print/teTeX3-bin: distinfo
pkgsrc/print/teTeX3-bin/patches: patch-at
Log Message:
Remove RCSID from patch-at so it applies again
spz [Tue, 6 May 2008 19:57:07 +0000 (19:57 +0000)]
add lines for #2361 and #2363
spz [Tue, 6 May 2008 19:54:41 +0000 (19:54 +0000)]
Pullup ticket 2363 - requested by tron
security update for rsync
Applied patches supplied by tron for:
- pkgsrc/net/rsync/Makefile
- pkgsrc/net/rsync/distfile
Head uses a different version that is not affected by the vulnerability
fixed here.
spz [Mon, 5 May 2008 18:20:22 +0000 (18:20 +0000)]
Pullup ticket 2361 - requested by markd
security update for emacs
Revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.109,1.110
Module Name: pkgsrc
Committed By: markd
Date: Sun May 4 12:09:33 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile
Log Message:
Compile the file patched in the previous security update so that it is
actually used. Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -r1.108 -r1.109 pkgsrc/editors/emacs/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
---
Module Name: pkgsrc
Committed By: markd
Date: Mon May 5 00:13:59 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile
Log Message:
Sigh, and the bit I missed out in the last commit. (Touch a couple of
files so doesn't try to rebuild a bunch of stuff after the compile of
the lisp file)
To generate a diff of this commit:
cvs rdiff -r1.109 -r1.110 pkgsrc/editors/emacs/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
rtr [Thu, 1 May 2008 13:42:10 +0000 (13:42 +0000)]
ticket #2359
rtr [Thu, 1 May 2008 13:41:33 +0000 (13:41 +0000)]
pullup ticket #2359 - requested by tonnerre
emacs, emacs-nox11: fix for security issue
revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.107,1.108
- pkgsrc/editors/emacs/Makefile.common r0
- pkgsrc/editors/emacs/distinfo 1.36
- pkgsrc/editors/emacs/options.mk 1.7
- pkgsrc/editors/emacs/patches/patch-ac 1.16
- pkgsrc/editors/emacs/patches/patch-af 1.11
- pkgsrc/editors/emacs-nox11/DESCR r0
- pkgsrc/editors/emacs-nox11/Makefile 1.28
Module Name: pkgsrc
Committed By: jlam
Date: Fri Apr 25 16:35:32 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile options.mk
pkgsrc/editors/emacs-nox11: Makefile
Removed Files:
pkgsrc/editors/emacs: Makefile.common
pkgsrc/editors/emacs-nox11: DESCR
Log Message:
Make emacs and emacs-nox11 look more like xemacs and xemacs-nox11 in
terms of file structure. Also add DESTDIR support.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Apr 29 12:54:56 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
Added Files:
pkgsrc/editors/emacs/patches: patch-ac patch-af
Log Message:
Fix two emacs vulnerabilities:
- Fix unsafe handling of local variables iin hack-local-variables
(CVE-2007-5795).
- Prevent symlink attack on arbitrary files using the temp files vcdiff
generates (CVE-2008-1694).
rtr [Wed, 30 Apr 2008 12:48:30 +0000 (12:48 +0000)]
ticket #2358
rtr [Wed, 30 Apr 2008 12:48:06 +0000 (12:48 +0000)]
pullup ticket #2358 - requested by cube
p5-Module-Versions-Report: update package to 1.03
revisions pulled up:
- pkgsrc/devel/p5-Module-Versions-Report/Makefile 1.7
- pkgsrc/devel/p5-Module-Versions-Report/distinfo 1.3
Module Name: pkgsrc
Committed By: cube
Date: Wed Apr 30 10:05:51 UTC 2008
Modified Files:
pkgsrc/devel/p5-Module-Versions-Report: Makefile distinfo
Log Message:
Update to 1.03 (actually needed by devel/rt3).
2007-05-21 Ruslan U. Zakirov <ruz@bestpractical.com>
* count modules instead of records in tables
* update docs
rtr [Wed, 30 Apr 2008 12:28:48 +0000 (12:28 +0000)]
ticket #2357
rtr [Wed, 30 Apr 2008 12:28:17 +0000 (12:28 +0000)]
pullup ticket #2357 - requested by cube
rt: fix up dependencies
revisions pulled up:
- pkgsrc/devel/rt3/Makefile 1.31
Module Name: pkgsrc
Committed By: cube
Date: Wed Apr 30 10:13:37 UTC 2008
Modified Files:
pkgsrc/devel/rt3: Makefile
Log Message:
Make dependencies match reality (notably for the minimal version of
critical packages such as DBIx::SearchBuilder), including removing no
longer needed ones.
Bump PKGREVISION.
rtr [Wed, 30 Apr 2008 11:26:09 +0000 (11:26 +0000)]
ticket #2356
rtr [Wed, 30 Apr 2008 11:25:39 +0000 (11:25 +0000)]
pullup ticket #2356 - requested by cube
p5-DBIx-SearchBuilder: update package
revisions pulled up:
- pkgsrc/database/p5-DBIx-SearchBuilder/Makefile 1.33
- pkgsrc/database/p5-DBIx-SearchBuilder/distinfo 1.23
Module Name: pkgsrc
Committed By: wiz
Date: Wed Apr 23 20:20:34 UTC 2008
Modified Files:
pkgsrc/databases/p5-DBIx-SearchBuilder: Makefile distinfo
Log Message:
Update to 1.53:
1.53 Tue Apr 2 03:06:56 UTC 2008
* Fix mysql version check in DistinctQuery function
* Fix order by outer column on Oracle
* Improve tests
1.52 Tue Apr 1 00:48:56 UTC 2008
* Fix order by outer column on SQLite, mysql, adjust Pg. Add test that
cover this.
1.51 Tue Jan 15 22:53:56 UTC 2008
* Fix CountAll method when paging is enabled and data is in memory already
1.50 Fri Nov 23 23:24:00 UTC 2007
* Oracle: Don't DISTINCT query when there is a group by clause
* Fix a problem when we have more then two collections in a union
and some of them are empty
1.49 Sat Jul 7 18:45:41 EDT 2007
* Fix a CPAN signature issue
rtr [Wed, 30 Apr 2008 10:54:15 +0000 (10:54 +0000)]
ticket #2355
rtr [Wed, 30 Apr 2008 10:53:45 +0000 (10:53 +0000)]
pullup ticket #2355 - requested by tron
win32-codecs: update package
revisions pulled up:
- pkgsrc/multimedia/win32-codecs/Makefile 1.31
- pkgsrc/multimedia/win32-codecs/PLIST 1.13
- pkgsrc/multimedia/win32-codecs/distinfo 1.18
Module Name: pkgsrc
Committed By: tron
Date: Wed Apr 30 06:40:06 UTC 2008
Modified Files:
pkgsrc/multimedia/win32-codecs: Makefile PLIST distinfo
Log Message:
Update "win32-codecs" package to version 071007:
- Use latest version of the "windows-all" archive.
- Drop "qtextras" archive because the include QuickTime codecs have
various security vulnerabilities. This fixes the security
vulnerability reported in GLSA 200803-08.
rtr [Wed, 30 Apr 2008 10:42:21 +0000 (10:42 +0000)]
ticket #2354
rtr [Wed, 30 Apr 2008 10:41:52 +0000 (10:41 +0000)]
pullup ticket #2354 - requested by wiz
speex: update package to address security issue
revisions pulled up:
- pkgsrc/audio/speex/Makefile 1.26
- pkgsrc/audio/speex/distinfo 1.11
- pkgsrc/audio/speex/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 29 20:22:43 UTC 2008
Modified Files:
pkgsrc/audio/speex: Makefile distinfo
Added Files:
pkgsrc/audio/speex/patches: patch-ac
Log Message:
Add patch from upstream against CVE-2008-1686.
Bump PKGREVISION.
rtr [Wed, 30 Apr 2008 09:24:09 +0000 (09:24 +0000)]
ticket #2353
rtr [Wed, 30 Apr 2008 09:23:27 +0000 (09:23 +0000)]
pullup ticket #2353 - requested by wiz
vorbis-tools: resolves security issue
revisions pulled up:
- pkgsrc/audio/vorbis-tools/Makefile 1.50
- pkgsrc/audio/vorbis-tools/distinfo 1.21
- pkgsrc/audio/vorbis-tools/patches/patch-ad 1.3
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 29 05:51:10 UTC 2008
Modified Files:
pkgsrc/audio/vorbis-tools: Makefile distinfo
Added Files:
pkgsrc/audio/vorbis-tools/patches: patch-ad
Log Message:
Add upstream patch fixing
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Bump PKGREVISION.