tron [Fri, 12 Jun 2009 10:41:40 +0000 (10:41 +0000)]
Pullup ticket #2793.
tron [Fri, 12 Jun 2009 10:39:56 +0000 (10:39 +0000)]
Pullup ticket #2793 - requested by martti
clamav: bug fix update
Revisions pulled up:
- mail/clamav/Makefile 1.95
- mail/clamav/distinfo 1.60
- mail/clamav/patches/patch-aa 1.19
---
odule Name: pkgsrc
Committed By: martti
Date: Thu Jun 11 04:38:19 UTC 2009
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
pkgsrc/mail/clamav/patches: patch-aa
Log Message:
Updated mail/clamav to 0.95.2
* Lots of bug fixes (see the ChangeLog for details)
tron [Thu, 11 Jun 2009 22:22:31 +0000 (22:22 +0000)]
Pullup ticket #2792.
tron [Thu, 11 Jun 2009 22:21:58 +0000 (22:21 +0000)]
Pullup ticket #2792 - requested by taca
ruby-curses: security update
ruby-readline: security update
lang/ruby18-base: security update
ruby-tk: security update
Revisions pulled up:
- devel/ruby-curses/distinfo 1.19
- devel/ruby-readline/Makefile 1.26-1.27
- lang/ruby/rubyversion.mk 1.46
- lang/ruby18-base/PLIST 1.15
- lang/ruby18-base/distinfo 1.38
- lang/ruby18-base/patches/patch-bi delete
- x11/ruby-tk/distinfo 1.22
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed May 20 00:58:30 UTC 2009
Modified Files:
pkgsrc/devel/ruby-readline: Makefile
Log Message:
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.
Reported by Robert Elz in PR 41345.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 10 12:45:34 UTC 2009
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
Start update of Ruby programming language packages to 1.8.7.173 (1.8.7-p173).
- Add LICENSE.
- Update RUBY18_PATCHLEVEL to 173.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 10 12:46:47 UTC 2009
Modified Files:
pkgsrc/lang/ruby18-base: PLIST distinfo
Removed Files:
pkgsrc/lang/ruby18-base/patches: patch-bi
Log Message:
Update ruby18-base package to 1.8.7.173 (Ruby 1.8.7-p173).
Mon Jun 8 10:58:41 2009 NAKAMURA Usaku <usa@ruby-lang.org>
* eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check
with another method.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid
segmentation fault caused by (insanely) long decimal values.
backported from 1.9. CVE-2009-1904
* ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i,
BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split,
BigDecimal_inspect): ditto.
Mon Jun 8 08:15:36 2009 Yukihiro Matsumoto <matz@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if
exp is bigger than DBL_MANT_DIG.
Wed Jun 3 21:16:30 2009 Tanaka Akira <akr@fsij.org>
* file.c: include fcntl.h for O_RDONLY on Solaris.
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (rv_strdup): macro to duplicate nul-terminated string.
[ruby-core:22852]
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:09:56 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
overrun. a patch from Charlie Savage at [ruby-core:22604].
Wed Jun 3 21:05:44 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out.
[ruby-core:22600]
Wed Jun 3 20:54:23 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c (rb_eval): needs to guard intermediate string objects.
based on a patch from Brent Roman <brent AT mbari.org> a
[ruby-core:22584].
Tue May 26 21:24:01 2009 URABE Shyouhei <shyouhei@ruby-lang.org>
* Makefile.in (update-rubyspec, test-rubyspec): Catch up to
rubyspec merge. A patch by Brian Ford at [ruby-core:21032]
Tue May 26 21:21:49 2009 Akinori MUSHA <knu@iDaemons.org>
* lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal
method name typo. [Bug #1173]
Tue May 26 21:16:55 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* file.c (rb_file_s_extname): fix for spaces before extention.
[ruby-dev:38044]
Tue May 26 21:09:21 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* win32/win32.c (_CrtDbgReportW): prevent from false positive
assertions in msvcrtd. [ruby-core:22116]
Tue May 26 21:02:13 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen.
[ruby-talk:328195], [ruby-core:22142]
Tue May 26 21:00:08 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
* lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check.
Patch by Kornelius Kalnbach. [ruby-core:20992].
* test/ostruct/test_ostruct.rb: test for inspect.
Patch by Kornelius Kalnbach. [ruby-core:20992].
Tue May 26 20:50:32 2009 Tanaka Akira <akr@fsij.org>
* eval.c (rb_thread_schedule): handle EBADF of select as well.
[ruby-core:21264]
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 10 12:47:36 UTC 2009
Modified Files:
pkgsrc/devel/ruby-curses: distinfo
Log Message:
Update ruby-curses pakcage to 1.8.7.173 (1.8.7-p173).
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 10 12:48:07 UTC 2009
Modified Files:
pkgsrc/devel/ruby-readline: Makefile
Log Message:
Update ruby-readline package to 1.8.7.173 (1.8.7-p173).
Reset PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 10 12:48:38 UTC 2009
Modified Files:
pkgsrc/x11/ruby-tk: distinfo
Log Message:
Update ruby-tk package to packages to 1.8.7.173 (1.8.7-p173).
tron [Mon, 8 Jun 2009 21:32:26 +0000 (21:32 +0000)]
Pullup ticket #2789.
tron [Mon, 8 Jun 2009 21:31:11 +0000 (21:31 +0000)]
Pullup ticket #2789 - requested by adrianp
apache-tomcat6: security update
Revisions pulled up:
- www/apache-tomcat6/Makefile 1.2
- www/apache-tomcat6/PLIST 1.2
- www/apache-tomcat6/distinfo 1.2
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jun 6 17:34:08 UTC 2009
Modified Files:
pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo
Log Message:
Update from .18->.20
In brief:
46933: Update StringManager to use Java 5 features. Patch provided by
Jens Kapitza. (markt)
46990: Fix synchronization issues reported by FindBugs. Patch provided
by Sebb. (markt)
Allow huge request body packets for AJP13. (rjung)
Manager application prints FAIL if application was deployed but failed
to start (fhanik)
When shutdown port is disabled, print user friendly message and not a
stack trace. (fhanik)
The invoker servlet has been deprecated and will be removed in Tomcat 7
onwards. (markt)
45154 Implement SEND_FILE behavior for SSL connections using NIO (fhanik)
For full details see:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
spz [Mon, 8 Jun 2009 21:06:34 +0000 (21:06 +0000)]
pullup #2790
spz [Mon, 8 Jun 2009 21:05:22 +0000 (21:05 +0000)]
Pullup ticket 2790 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/audio/libsndfile/Makefile 1.52
- pkgsrc/audio/libsndfile/distinfo 1.29
- pkgsrc/audio/libsndfile/options.mk 1.7
Files added:
pkgsrc/audio/libsndfile/patches/patch-aa 1.15
pkgsrc/audio/libsndfile/patches/patch-ab 1.9
pkgsrc/audio/libsndfile/patches/patch-ac 1.11
pkgsrc/audio/libsndfile/patches/patch-ad 1.12
pkgsrc/audio/libsndfile/patches/patch-ae 1.7
pkgsrc/audio/libsndfile/patches/patch-af 1.7
Module Name: pkgsrc
Committed By: wiz
Date: Sat May 2 17:24:15 UTC 2009
Modified Files:
pkgsrc/audio/libsndfile: options.mk
Log Message:
Add octave option, based on PR 41307 by Rumko.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/audio/libsndfile/options.mk
---------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Thu May 14 12:58:27 UTC 2009
Modified Files:
pkgsrc/audio/libsndfile: Makefile distinfo options.mk
Log Message:
Changes 1.0.20:
* Fix potential heap overflow in VOC file parser.
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/audio/libsndfile/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/audio/libsndfile/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/audio/libsndfile/options.mk
---------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Mon Jun 8 09:30:17 UTC 2009
Modified Files:
pkgsrc/audio/libsndfile: Makefile distinfo
Added Files:
pkgsrc/audio/libsndfile/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae patch-af
Log Message:
Add upstream patch (taken from Debian bug report) to fix crashes
caused by bad audio files.
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 pkgsrc/audio/libsndfile/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/audio/libsndfile/distinfo
cvs rdiff -u -r0 -r1.15 pkgsrc/audio/libsndfile/patches/patch-aa
cvs rdiff -u -r0 -r1.9 pkgsrc/audio/libsndfile/patches/patch-ab
cvs rdiff -u -r0 -r1.11 pkgsrc/audio/libsndfile/patches/patch-ac
cvs rdiff -u -r0 -r1.12 pkgsrc/audio/libsndfile/patches/patch-ad
cvs rdiff -u -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-ae \
pkgsrc/audio/libsndfile/patches/patch-af
spz [Mon, 8 Jun 2009 20:28:51 +0000 (20:28 +0000)]
pullup #2791
spz [Mon, 8 Jun 2009 20:27:49 +0000 (20:27 +0000)]
Pullup ticket 2791 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.10
- pkgsrc/devel/apr-util/distinfo 1.6
Module Name: pkgsrc
Committed By: tron
Date: Mon Jun 8 13:19:20 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Update "apr-util" package to version 1.3.7. Changes since version 1.3.4:
- SECURITY:
Fix a denial of service attack against the apr_xml_* interface
using the "billion laughs" entity expansion technique.
- SECURITY: CVE-2009-0023 (cve.mitre.org)
Fix underflow in apr_strmatch_precompile.
- Minor build and bug fixes.
- SECURITY: CVE-2009-0023 (cve.mitre.org)
Fix underflow in apr_strmatch_precompile.
- Fix off by one overflow in apr_brigade_vprintf.
- APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and
LDAP_NO_LIMIT/0) it is not safe to use a literal -1.
Bug 23356
- Clean up ODBC types. Warnings seen when compiling packages for
Fedora 11.
- Use of my_init() requires my_global.h and my_sys.h.
- Fix apr_memcache_multgetp memory corruption and incorrect error
handling. Bug 46588
- Fix memcache memory leak with persistent connections.
Bug 46482
- Add Oracle 11 support.
- apr_dbd_freetds: Avoid segfault when process is NULL.
Do no print diagnostics to stderr. Never allow driver to exit
process.
- apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h
or sybdb.h.
- LDAP detection improvements: --with-ldap now supports library names
containing non-alphanumeric characters, such as libldap-2.4.so. New
option --with-lber can be used to override the default liblber name.
Fix a problem reporting the lber library from apu-N-config.
- Suppress pgsql column-out-of-range warning.
- Fix a buffer overrun and password matching for SHA passwords.
- Introduce DSO handling of the db, gdbm and ndbm drivers, so these are
loaded as .so's on first demand, unless --disable-util-dso is configured.
- Fix a segfault in the DBD testcase when the DBD modules were not present.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo
tron [Sun, 7 Jun 2009 10:16:17 +0000 (10:16 +0000)]
Pullup ticket #2787.
tron [Sun, 7 Jun 2009 10:15:56 +0000 (10:15 +0000)]
Pullup ticket #2787 - requested by adrianp
base: security update
Revisions pulled up:
- security/base/Makefile 1.24
- security/base/PLIST 1.9
- security/base/distinfo 1.11
- security/base/patches/patch-aa 1.3
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jun 6 11:26:19 UTC 2009
Modified Files:
pkgsrc/security/base: Makefile PLIST distinfo
pkgsrc/security/base/patches: patch-aa
Log Message:
4/03/2009 1.4.2 (chandy)
- EmThreats_link opens now in separate browser window -- Juergen Leising
for Micah Gersten
- A new reference "[rule]" points now to base_local_rules.php,
which displays a particular rule for a given rules id (sid).
Prerequisite for this is that "local_rules_dir" in base_conf.php
points to an actually existing and readable/searchable directory which
contains the snort rules. Please note, that a web server
is usually NOT allowed to access any files outside of its
document root. Feature request by Chris Ryan, cf.
https://sourceforge.net/forum/message.php?msg_id=5310420
https://sourceforge.net/forum/message.php?msg_id=5311517
-- Juergen Leising
- Update of base.spec; works with fedora 10 -- Juergen Leising
- I have applied two patches submitted by asavenkov
with regard to the oci8 driver (oracle 10), cf.
https://sourceforge.net/forum/message.php?msg_id=5795641
https://sourceforge.net/forum/message.php?msg_id=5796556
-- Juergen Leising
- The "email-the-alerts"-variables were defined twice at different
locations in base_conf.php. Fixed this. -- Juergen Leising
- Emails from BASE containing one or more alerts include now a
"To:"-header, as well. Bug report no. 2234733 -- Juergen Leising
- $sort_order, once it has been chosen, survives now a possible "action",
even in base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php.
Bug no. 2234745. -- Juergen Leising
- The refresh-problem, when an "action" has been taken, is now fixed in
base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php, as well.
Bug no. 1681012. -- Juergen Leising
- I have corrected the way ICMP redirect messages are displayed
by BASE, inspired by Bruno G. San Alejo. -- Juergen Leising
- Several preprocessor events that did not get stored in the acid_event
table, so far, are now processed and displayed by BASE. This affects
all those preprocessors which have sig names that do NOT start with
a "spp_" prefix. -- Juergen Leising
- Fixed bug with archiving IP options. -- Juergen Leising
5/14/09 1.4.3 (gabi)
- XSS Flaws fixed in alert groups -- Kevin Johnson
- Possible SQL injection flaw fixed in AG -- Kevin Johnson
- XSS Flaws fixed in base_qry files -- Kevin Johnson
- Multiple XSS flaws fixed in citems -- Kevin Johnson
5/30/09 1.4.3.1 (zig)
- Multiple XSS flaws fixed in User and Role management -- Kevin Johnson
spz [Sun, 7 Jun 2009 08:08:58 +0000 (08:08 +0000)]
Pullup ticket 2788 second part - requested by wiz
Security update
Revisions pulled up:
- pkgsrc/graphics/png/Makefile 1.114
- pkgsrc/graphics/png/distinfo 1.58
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jun 6 20:56:16 UTC 2009
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
Log Message:
Update to 1.2.37:
version 1.2.37beta01 [May 14, 2009]
Fixed inconsistency in pngrutil.c, introduced in libpng-1.2.36. The
memset() was using "png_ptr->rowbytes" instead of "row_bytes", which
the corresponding png_malloc() uses (Joe Drew).
Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri)
Updated some of the makefiles in the scripts directory (merged with
those in libpng-1.4.0beta57).
version 1.2.37beta02 [May 19, 2009]
Fixed typo in libpng documentation (FILTER_AVE should be FILTER_AVG)
Relocated misplaced #endif in pngwrite.c, sCAL chunk handler.
Conditionally compile png_read_finish_row() which is not used by
progressive readers.
Added contrib/pngminim/preader to demonstrate building minimal progressive
decoder, based on contrib/gregbook with embedded libpng and zlib.
version 1.2.37beta03 [May 20, 2009]
In contrib/pngminim/*, renamed "makefile.std" to "makefile", since there
is only one makefile in those directories, and revised the README files
accordingly.
Reformated sources in libpng style (3-space indentation, comment format)
version 1.2.37rc01 [May 27, 2009]
No changes.
versions 1.2.37 and 1.0.45 [June 4, 2009]
Reformatted several remaining "else statement;" and "if () statment;" into
two lines.
Added "#define PNG_NO_WRITE_SWAP" to contrib/pngminim/encoder/pngusr.h
and "define PNG_NO_READ_SWAP" to decoder/pngusr.h and preader/pngusr.h
Added sections about the git repository and our coding style to the
documentation (merged from libpng-1.4.0beta62)
Added a section about using png_get_io_ptr() in configure scripts to detect
the presence of libpng.
To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/graphics/png/distinfo
spz [Sun, 7 Jun 2009 08:00:42 +0000 (08:00 +0000)]
pullup 2788
spz [Sun, 7 Jun 2009 07:59:25 +0000 (07:59 +0000)]
Pullup ticket 2788 - requested by wiz
Security update
Revisions pulled up:
- pkgsrc/graphics/png/Makefile 1.113
- pkgsrc/graphics/png/distinfo 1.57
- pkgsrc/graphics/png/patches/patch-ae 1.9
Module Name: pkgsrc
Committed By: wiz
Date: Wed May 13 09:56:05 UTC 2009
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
pkgsrc/graphics/png/patches: patch-ae
Log Message:
Update to 1.2.36:
version 1.2.36beta01 [February 28, 2009]
Revised comments in png_set_read_fn() and png_set_write_fn().
Revised order of #ifdef's and indentation in png_debug definitions of png.h
bug introduced in libpng-1.2.34.
version 1.2.36beta02 [March 21, 2009]
Use png_memset() after png_malloc() of big_row_buf when reading an
interlaced file, to avoid a possible UMR.
Undid recent revision of PNG_NO_STDIO version of png_write_flush(). Users
having trouble with fflush() can build with PNG_NO_WRITE_FLUSH defined.
Revised libpng*.txt documentation about use of png_write_flush().
Removed fflush() from pngtest.c.
Added "#define PNG_NO_WRITE_FLUSH" to contrib/pngminim/encoder/pngusr.h
version 1.2.36beta03 [March 27, 2009]
Relocated misplaced PNG_1_0_X define in png.h that caused the prototype
for png_set_strip_error_numbers() to be omitted from PNG_NO_ASSEMBLER_CODE
builds. This bug was introduced in libpng-1.2.15beta4.
Added a section on differences between 1.0.x and 1.2.x to libpng.3/libpng.txt
version 1.2.36beta04 [April 5, 2009]
Fixed potential memory leak of "new_name" in png_write_iCCP() (Ralph Giles)
version 1.2.36beta05 [April 24, 2009]
Added "ifndef PNG_SKIP_SETJMP_CHECK" block in pngconf.h to allow
application code writers to bypass the check for multiple inclusion
of setjmp.h when they know that it is safe to ignore the situation.
Made some cosmetic changes to whitespace in pngtest output.
Renamed "user_chunk_data" to "my_user_chunk_data" in pngtest.c to suppress
"shadowed declaration" warning from gcc-4.3.3.
Renamed "gamma" to "png_gamma" in pngset.c to avoid "shadowed declaration"
warning about a global "gamma" variable in math.h on some platforms.
version 1.2.36rc01 [April 30, 2009]
No changes.
version 1.0.44 and 1.2.36 [May 7, 2009]
No changes.
To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.56 -r1.57 pkgsrc/graphics/png/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/graphics/png/patches/patch-ae
tron [Fri, 5 Jun 2009 08:50:43 +0000 (08:50 +0000)]
Pullup ticket #2785.
tron [Fri, 5 Jun 2009 08:50:15 +0000 (08:50 +0000)]
Pullup ticket #2785 - requested by mishka
bochs: build fix
Revisisons pulled up:
- emulators/bochs/Makefile 1.58
- emulators/bochs/PLIST 1.13
---
Module Name: pkgsrc
Committed By: mishka
Date: Mon May 25 12:54:48 UTC 2009
Modified Files:
pkgsrc/emulators/bochs: Makefile PLIST
Log Message:
Fix package build caused by improper PLIST generation due to x11 options.
spz [Thu, 4 Jun 2009 20:42:50 +0000 (20:42 +0000)]
pullup #2786
spz [Thu, 4 Jun 2009 20:41:20 +0000 (20:41 +0000)]
Pullup ticket 2786 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.45
- pkgsrc/www/apache22/distinfo 1.19
Files added:
- pkgsrc/www/apache22/patches/patch-ba 1.1
- pkgsrc/www/apache22/patches/patch-bb 1.1
- pkgsrc/www/apache22/patches/patch-bc 1.1
- pkgsrc/www/apache22/patches/patch-bd 1.1
Module Name: pkgsrc
Committed By: tron
Date: Thu Jun 4 08:51:52 UTC 2009
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-ba patch-bb patch-bc patch-bd
Log Message:
Add patches from the Apache SVN repository to fix the security bypass
vulnerability reported in CVE-2009-1195.
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache22/patches/patch-ba \
pkgsrc/www/apache22/patches/patch-bb pkgsrc/www/apache22/patches/patch-bc \
pkgsrc/www/apache22/patches/patch-bd
tron [Thu, 4 Jun 2009 16:50:01 +0000 (16:50 +0000)]
Pullup ticket #2784.
tron [Thu, 4 Jun 2009 16:49:30 +0000 (16:49 +0000)]
Pullup ticket #2784 - requested by markd
kdegraphics3: security patch
Revisions pulled up:
- graphics/kdegraphics3/Makefile 1.81 via patch
- graphics/kdegraphics3/distinfo 1.51
- graphics/kdegraphics3/patches/patch-aa 1.14
- graphics/kdegraphics3/patches/patch-ab 1.11
- graphics/kdegraphics3/patches/patch-ac 1.8
---
Module Name: pkgsrc
Committed By: markd
Date: Wed Jun 3 12:29:43 UTC 2009
Modified Files:
pkgsrc/graphics/kdegraphics3: Makefile distinfo
Added Files:
pkgsrc/graphics/kdegraphics3/patches: patch-aa patch-ab patch-ac
Log Message:
Update kpdf to have the xpdf3.02pl patches for the vulnerabilities
reported in CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
CVE-2009-1182 and CVE-2009-1183.
also some patches from poppler for postscript output generation problems
seen here.
spz [Thu, 4 Jun 2009 08:57:21 +0000 (08:57 +0000)]
pullup #2780
spz [Thu, 4 Jun 2009 08:56:16 +0000 (08:56 +0000)]
Pullup ticket 2780 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/devel/cscope/Makefile 1.50
- pkgsrc/devel/cscope/distinfo 1.19
Files deleted:
- pkgsrc/devel/cscope/patches/patch-ae
- pkgsrc/devel/cscope/patches/patch-af
- pkgsrc/devel/cscope/patches/patch-ag
- pkgsrc/devel/cscope/patches/patch-ah
- pkgsrc/devel/cscope/patches/patch-ai
- pkgsrc/devel/cscope/patches/patch-aj
- pkgsrc/devel/cscope/patches/patch-ak
- pkgsrc/devel/cscope/patches/patch-al
- pkgsrc/devel/cscope/patches/patch-am
- pkgsrc/devel/cscope/patches/patch-an
- pkgsrc/devel/cscope/patches/patch-ao
- pkgsrc/devel/cscope/patches/patch-ap
Module Name: pkgsrc
Committed By: tron
Date: Sat May 23 09:04:02 UTC 2009
Modified Files:
pkgsrc/devel/cscope: Makefile distinfo
Removed Files:
pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah
patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao
patch-ap
Log Message:
Update "cscope" package to version 15.7a. This version fixes the
security vulnerability reported in CVE-2009-0148.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo
cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae
cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af
cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \
pkgsrc/devel/cscope/patches/patch-ai
cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah
cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj
cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \
pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap
cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \
pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao
tron [Sat, 30 May 2009 21:14:39 +0000 (21:14 +0000)]
Pullup tickets #2781, #2782 and #2783.
tron [Sat, 30 May 2009 21:14:02 +0000 (21:14 +0000)]
Pullup ticket #2782 - requested by taca
geeklog: security update
Revisions pulled up:
- www/geeklog/DEINSTALL 1.5
- www/geeklog/INSTALL 1.4
- www/geeklog/Makefile 1.22
- www/geeklog/Makefile.common 1.7
- www/geeklog/PLIST 1.8
- www/geeklog/distinfo 1.9
- www/geeklog/files/README 1.4
- www/geeklog/files/createdb.php delete
- www/geeklog/files/geeklog.conf 1.2
- www/geeklog/patches/patch-aa 1.3
- www/geeklog/patches/patch-ab delete
- www/geeklog/patches/patch-ac delete
- www/geeklog/patches/patch-ag delete
- www/geeklog/patches/patch-ah delete
- www/geeklog/patches/patch-ai delete
- www/geeklog/patches/patch-aj 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 26 14:19:29 UTC 2009
Modified Files:
pkgsrc/www/geeklog: DEINSTALL INSTALL Makefile Makefile.common PLIST
distinfo
pkgsrc/www/geeklog/files: README geeklog.conf
pkgsrc/www/geeklog/patches: patch-aa
Added Files:
pkgsrc/www/geeklog/patches: patch-aj
Removed Files:
pkgsrc/www/geeklog/files: createdb.php
pkgsrc/www/geeklog/patches: patch-ab patch-ac patch-ag patch-ah
patch-ai
Log Message:
Update geeklog package from 1.4.1nb4 to 1.5.2.4 (1.5.2sr4).
pkgsrc changes: overhaul this package.
* Add LICENSE.
* Clean up bmake's macros, such as addition of PRINT_PLIST_AWK.
Geeklog changes: too many chagnes to write here.
* New user-friendly installation.
* New Configuration GUI.
* New Webservice GUI.
* And more.
Please refer http://www.geeklog.net/docs/english/changes.html
for more information.
Fixed some security problems about SQL injection vulnerability.
tron [Sat, 30 May 2009 21:02:35 +0000 (21:02 +0000)]
Pullup ticket #2781 - requested by he
libffi: portability fix
Revisions pulled up:
- devel/libffi/Makefile 1.11 via patch
- devel/libffi/distinfo 1.12
- devel/libffi/patches/patch-aa 1.8
- devel/libffi/patches/patch-ae 1.1
- devel/libffi/patches/patch-af 1.1
- devel/libffi/patches/patch-ag 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Tue May 26 12:27:12 UTC 2009
Modified Files:
pkgsrc/devel/libffi: Makefile distinfo
pkgsrc/devel/libffi/patches: patch-aa
Added Files:
pkgsrc/devel/libffi/patches: patch-ae patch-af patch-ag
Log Message:
Update from version 3.0.8nb1 to 3.0.8nb2.
Pkgsrc changes:
o Add portability to the various mips-based NetBSD ports.
The self-tests even complete without any unexpected failures.
tron [Sat, 30 May 2009 20:55:24 +0000 (20:55 +0000)]
Pullup ticket #2783 - requested by joerg
mk/flavor/pkg: fix update of packages that need to be preserved
Revisions pulled up:
- mk/flavor/pkg/deinstall.mk 1.9
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat May 16 01:34:22 UTC 2009
Modified Files:
pkgsrc/mk/flavor/pkg: deinstall.mk
Log Message:
Remove preserve packages for make update with -N -f -f and therefore do
not depend on the behavior of older pkg_delete to allow the removal with
simple force.
spz [Sat, 23 May 2009 21:16:10 +0000 (21:16 +0000)]
pullup #2779
spz [Sat, 23 May 2009 21:15:12 +0000 (21:15 +0000)]
Pullup ticket 2779 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.32
- pkgsrc/net/wireshark/distinfo 1.21
Module Name: pkgsrc
Committed By: tron
Date: Sat May 23 08:12:08 UTC 2009
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshare" package to version 1.0.8. Changes since version 1.0.7:
- Bug Fixes:
- The PCNFSD dissector could crash. (wnpa-sec-2009-03)
- Lua integration could crash.
- The SCCP dissector could crash when loading more than one file in
a single session.
- The NDMP dissector could crash if reassembly was enabled.
- Updated Protocol Support:
All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/wireshark/distinfo
spz [Sat, 23 May 2009 13:31:52 +0000 (13:31 +0000)]
pullup #2778
spz [Sat, 23 May 2009 07:15:36 +0000 (07:15 +0000)]
Pullup ticket 2778 - requested by tron
Security fix
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.43
- pkgsrc/www/apache22/distinfo 1.18
- pkgsrc/www/apache22/patches/patch-ab 1.10
Module Name: pkgsrc
Committed By: tron
Date: Fri May 22 09:46:06 UTC 2009
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-ab
Log Message:
Add patch from the Apache SVN repository to fix the information leak
in the "mod_proxy_ajp" module reported in CVE-2009-1191.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r0 -r1.10 pkgsrc/www/apache22/patches/patch-ab
tron [Fri, 22 May 2009 11:56:18 +0000 (11:56 +0000)]
Pullup tickets #2775 and #2776.
tron [Fri, 22 May 2009 11:55:35 +0000 (11:55 +0000)]
Pullup ticket #2776 - requested by he
libffi: build fix
Revisions pulled up:
- devel/libffi/Makefile 1.10
- devel/libffi/distinfo 1.11
- devel/libffi/patches/patch-aa 1.7
---
Module Name: pkgsrc
Committed By: rh
Date: Fri Apr 17 22:45:52 UTC 2009
Modified Files:
pkgsrc/devel/libffi: Makefile distinfo
Added Files:
pkgsrc/devel/libffi/patches: patch-aa
Log Message:
Attempt to make this build on NetBSD/powerpc. While at it, correctly set
INFO_FILES to 'yes'. Bump PKGREVISION.
tron [Fri, 22 May 2009 11:48:39 +0000 (11:48 +0000)]
Pullup ticket #2775 - requested by joerg
nsd: security update
Revisions pulled up:
- net/nsd/Makefile 1.46
- net/nsd/distinfo 1.25
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed May 20 01:55:55 UTC 2009
Modified Files:
pkgsrc/net/nsd: Makefile distinfo
Log Message:
Update to NSD 3.2.2.
Allows nsd-patch to directly work on the database without intermediate
zonefile. Allow file rotation for nsd.log. Allow disabling AXFR
fallback.
Fix off-by-one during query processing.
tron [Fri, 22 May 2009 10:19:35 +0000 (10:19 +0000)]
Pullup ticket #2777.
tron [Fri, 22 May 2009 10:18:40 +0000 (10:18 +0000)]
Pullup ticket #2777 - requested by martti
squirrelmail: security update
Revisions pulled up:
- mail/squirrelmail/Makefile 1.106
- mail/squirrelmail/PLIST 1.30-1.31
- mail/squirrelmail/buildlink3.mk 1.22
- mail/squirrelmail/distinfo 1.53
- mail/squirrelmail/options.mk 1.12-1.13
---
Module Name: pkgsrc
Committed By: martti
Date: Fri May 22 07:04:13 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Updated squirrelmail to 1.4.19
The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We
also expierenced some regressions in the updated filter plugin. Both are
addressed in this new release 1.4.19 which contains a few other small fixes
aswell.
If you do not use map_yp_alias or the filters plugin there's no urgent need to
upgrade now if you already installed 1.4.18. If you are still on an older
release than 1.4.18 (or use the mentioned functionality) we do urge you to
upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important
security issues. Those using the development branch (1.5.x) should install a
recent SVN snapshot.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri May 22 07:05:14 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: buildlink3.mk
Log Message:
Updated
---
Module Name: pkgsrc
Committed By: martti
Date: Fri May 22 08:23:02 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: PLIST options.mk
Log Message:
Fixed PLIST issues.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 22 08:50:19 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Update Japanese patch.
Bump PKGREVISION.
tron [Sun, 17 May 2009 15:13:17 +0000 (15:13 +0000)]
Pullup tickets #2772, #2773 and #2774.
tron [Sun, 17 May 2009 15:11:14 +0000 (15:11 +0000)]
Pullup ticket #2774 - requested by obache
cyrus-imapd: bug fix and destdir support
Revisions pulled up:
- mail/cyrus-imapd/Makefile 1.79
- mail/cyrus-imapd/distinfo 1.29
- mail/cyrus-imapd/patches/patch-aq 1.4
---
Module Name: pkgsrc
Committed By: obache
Date: Fri May 15 23:29:02 UTC 2009
Modified Files:
pkgsrc/mail/cyrus-imapd: Makefile distinfo
pkgsrc/mail/cyrus-imapd/patches: patch-aq
Log Message:
Fixes `-n' option handling for fetchnews(1).
Patch provided by Jukka Salmi in PR 41432.
While here, add DESTDIR support.
tron [Sun, 17 May 2009 14:49:51 +0000 (14:49 +0000)]
Pullup ticket #2773 - requested by obache
security/cy2-anonymous: security update
security/cy2-crammd5: security update
security/cy2-digestmd5: security update
security/cy2-gssapi: security update
security/cy2-ldapdb: security update
security/cy2-login: security update
security/cy2-ntlm: security update
security/cy2-otp: security update
security/cy2-plain: security update
security/cy2-sql: security update
security/cyrus-sasl: security update
security/cyrus-saslauthd: security update
Revisions pulled up:
- security/cy2-digestmd5/Makefile 1.12
- security/cy2-gssapi/Makefile 1.14
- security/cy2-ldapdb/Makefile 1.4
- security/cy2-ntlm/Makefile 1.20
- security/cy2-otp/Makefile 1.12
- security/cyrus-sasl/Makefile.common 1.14
- security/cyrus-sasl/distinfo 1.18
- security/cyrus-sasl/patches/patch-ai 1.8
- security/cyrus-sasl/patches/patch-al 1.6
- security/cyrus-sasl/patches/patch-aq 1.6
- security/cyrus-saslauthd/Makefile 1.38
- security/cyrus-saslauthd/distinfo 1.10
- security/cyrus-saslauthd/patches/patch-ab 1.7
- security/cyrus-saslauthd/patches/patch-af 1.3
---
Module Name: pkgsrc
Committed By: obache
Date: Thu May 14 23:00:47 UTC 2009
Modified Files:
pkgsrc/security/cy2-digestmd5: Makefile
pkgsrc/security/cy2-gssapi: Makefile
pkgsrc/security/cy2-ldapdb: Makefile
pkgsrc/security/cy2-ntlm: Makefile
pkgsrc/security/cy2-otp: Makefile
pkgsrc/security/cyrus-sasl: Makefile.common distinfo
pkgsrc/security/cyrus-sasl/patches: patch-ai patch-al patch-aq
pkgsrc/security/cyrus-saslauthd: Makefile distinfo
pkgsrc/security/cyrus-saslauthd/patches: patch-ab patch-af
Log Message:
Update cyrus-sasl to 2.1.23.
New in 2.1.23
-------------
* Fixed CERT VU#238019 (make sure sasl_encode64() always NUL
terminates output or returns SASL_BUFOVER)
tron [Sun, 17 May 2009 14:33:22 +0000 (14:33 +0000)]
Pullup ticket #2772 - requested by taca
squirrelmail: Re-add Japanese language option
Revisions pulled up:
- mail/squirrelmail/Makefile 1.104-1.105
- mail/squirrelmail/distinfo 1.52
- mail/squirrelmail/options.mk 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Thu May 14 14:24:50 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Since iso_2022_jp.php isn't included in squirrelmail distribution,
remove extra pre-configure processing.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 15 13:01:00 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Enable squirrelmail-japanese option with Japanese patch:
squirrelmail-1.4.16-ja-
20081013-patch.
Bump PKGREVISION.
tron [Fri, 15 May 2009 12:15:27 +0000 (12:15 +0000)]
Pullup tickets #2766, #2768, #2769 and #2770.
tron [Fri, 15 May 2009 12:13:01 +0000 (12:13 +0000)]
Pullup ticket #2766 - requested by he
py-networkx: package list fix
Revisions pulled up:
- math/py-networkx/Makefile 1.3
- math/py-networkx/PLIST 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Thu May 14 13:22:34 UTC 2009
Modified Files:
pkgsrc/math/py-networkx: Makefile PLIST
Log Message:
Update from version 0.37 to 0.37nb1.
Pkgsrc changes:
o Change from using extension.mk to egg.mk, on hints from wiz@
o Adjust PLIST so that it matches what is then installed.
o Bump PKGREVISION
tron [Fri, 15 May 2009 11:36:43 +0000 (11:36 +0000)]
Pullup ticket #2770 - requested by adrianp
drupal6: security update
- www/drupal6/Makefile 1.14-1.15
- www/drupal6/distinfo 1.10-1.11
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri May 1 19:50:35 UTC 2009
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update to 6.11
This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-005 - Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 6.10 release:
* #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow
* #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
* #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output
* #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used
* #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
* #404244 by cwgordon7: minor code style fix in openid_help().
* #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice and did not pass a3 to the action when the action type was other then node
* #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser
* #408962 by brianV: improve phpdoc documentation for menu_tree_collect_node_links() and menu_tree_check_access().
* #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
* #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set by drupal_not_found() or drupal_access_denied() so that we can properly redirect from those pages.
* #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ location.hash).offset() does not alway return an object, which breaks all JavaScript on the page, so check for the return value before using it.
* #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch API compatible with drupal_execute(), so things like creating a CCK type or adding fields to it (by submitting forms programatically) are possible in update functions
* #365996 by sammys: the correct full name for the timestamp field in postgresql is timestamp without time zone; improve compatibility with PostgreSQL / schema module
* #279233 by Aren Cambre, jbomb: Message printed when email is not being possible to send was informal and had a grammar problem.
* - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
* - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
* - Patch #228477 by anuradha: corrected Sinhala language.
* - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() validators.
* #382096 by Arancaytar: clean up #maxlength use in the installer; remove arbitrary 45 character limits, put reasonable limits in place where it makes sense
* #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient
* #385602 by Damien Tournoud, desbeers: log messages were not remembered on node preview
* #437120 by mfb: avoid double escaping of taxonomy term names in feed links and channel titles
* #437930 by soxofaan: remove unnecessary tabindex attribute from login form; makes altering harder
* #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was matching on prefixes of node paths instead of the node paths themselves (and possible subtabs)
* #401304 by Darren Oh: make conditional in statistics_link() more explicit to catch node related invocations
* #363262 follow up by Dave Reid: fix phpdoc comments on update functions to properly mark update functions added after 6.0 was released
* #317775 by Starminder, pwolanin: do not store the menu router table serialized in cache, since it cases more performance problems then it solves
* #282852 by Arancaytar, will_in_wi: remove negative margin on .node in Garland, so nodes do no overlap the messages area on the page
* #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared
* #445600 by Rob Loach: allow for as few as 1 required word in submission of a node of a content type if the admin wants to set so
* #343415 by Damien Tournoud: the form cache is not automatically cleared on submit if the page cache is activated
* Rolling back #343415 given disputes around its change in Drupal 7.
* #229660 by Dave Reid: use theme('username', ...) to display usernames on the user contact page
* #447700 by dww: Earl Miles is not update.module maintainer anymore
* #431148 by pwolanin, dww: Make it easier to visually distinguish security updates on Updates report
* #396224 by pwolanin: Further harden template file name discovery
* #220592 by dww and pwolanin: Always use the database for caching in update module, so that drupal.org project data persists. Improves both local and drupal.org site performance.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu May 14 19:38:02 UTC 2009
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
6.12
The twelfth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-006 - Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 6.11 release:
* #353328 by catch, BrianV: When a new commment is added, the redirection path should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out the update status cache, just like the modules admin form does.
tron [Fri, 15 May 2009 11:30:51 +0000 (11:30 +0000)]
Pullup ticket #2769 - requested by adrianp
drupal: security update
Revisions pulled up:
- www/drupal/Makefile 1.38-1.39
- www/drupal/distinfo 1.29-1.30
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri May 1 19:49:42 UTC 2009
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.17
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-005 Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release:
* #150851 by pwolanin and chx: different radio buttons in the same set should have different HTML id values (XHTML validity fix). Backport #367689 by gollyg.
* #335741 by electricmonk. Do not recurse over non-objects.
* #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu items exist for a node.
* 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia.
* #112887 by ged3000. Adding Newfoundland DST
* #401494 by andypost. Correctly clear menu cache.
* #396224 by pwolanin: Further harden template file name discovery
* #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
* #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu May 14 19:37:02 UTC 2009
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
5.18
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-006 Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release:
* #396224 partial rollback of SA-CORE-2009-003 security hardening.
* #396224 adding missing documentation comment update. By dvessel and pwolanin.
* #267305 by brianV. Remove ?>.
* #305544 by jsenich. Add missing clear-block to admin by modules.
* #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient.
tron [Fri, 15 May 2009 10:43:35 +0000 (10:43 +0000)]
Pullup ticket #2768 - requested by kefren
qemu: security patch
Revisions pulled up:
- emulators/qemu/Makefile 1.56
- emulators/qemu/distinfo 1.42
- emulators/qemu/patches/patch-ac 1.11
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed May 13 19:02:18 UTC 2009
Modified Files:
pkgsrc/emulators/qemu: Makefile distinfo
pkgsrc/emulators/qemu/patches: patch-ac
Log Message:
Fix from upstream for CVE-2008-2004
PKGREVISION=1
tron [Thu, 14 May 2009 09:09:22 +0000 (09:09 +0000)]
Pullup ticket #2765.
tron [Thu, 14 May 2009 09:08:59 +0000 (09:08 +0000)]
Ticket #2765 - requested by martti
squirrelmail: security update
Revisions pulled up:
- mail/squirrelmail/Makefile 1.103
- mail/squirrelmail/PLIST 1.29
- mail/squirrelmail/distinfo 1.51
- mail/squirrelmail/options.mk 1.10
---
Module Name: pkgsrc
Committed By: martti
Date: Thu May 14 06:54:39 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo options.mk
Log Message:
Updated mail/squirrelmail to 1.4.18
The SquirrelMail Team is pleased to announce the release of
SquirrelMail version 1.4.18. The most notable changes for this
version are several security fixes, including a couple XSS exploits, a
session fixation issue, and an obscure but dangerous server-side code
execution hole. However, this version also includes three new
languages and more than a few enhancements to things such as the
filters plugin, the address book system and other things under the
hood. For more complete details, see the ReleaseNotes and ChangeLog
files included in this release (they have moved to the doc/
directory). We advise all users of SquirrelMail software to upgrade.
tron [Wed, 13 May 2009 12:19:44 +0000 (12:19 +0000)]
Pullup tickets #2763 and #2764.
tron [Wed, 13 May 2009 12:19:28 +0000 (12:19 +0000)]
Pullup ticket #2764 - requested by martti
postfix: bug fix update
Revisions pulled up:
- mail/postfix/Makefile 1.223
- mail/postfix/distinfo 1.124
---
Module Name: pkgsrc
Committed By: martti
Date: Wed May 13 10:32:23 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.5.7
- (low) The installation/upgrade procedure did not automatically
create the data_directory.
- (medium) In the "new queue manager", the _destination_rate_delay
code needed to postpone the job scheduler updates after delivery
completion, otherwise the scheduler could loop on blocked jobs.
- (low) The queue manager used <transport>_concurrency_failed_cohort_limit
instead of <transport>_destination_concurrency_failed_cohort_limit
as documented.
- (low) The SMTP client disabled MIME parsing despite non-empty
settings for smtp_header_checks, smtp_mime_header_checks,
smtp_nested_header_checks, or smtp_body_checks.
- (medium) The postsuper command re-enabled the SIGHUP signal when
it was set to "ignore". This could result in random "Postfix
integrity check failed" errors at boot time (POSIX SIGHUP death),
causing Postfix not to start automatically.
tron [Wed, 13 May 2009 12:14:15 +0000 (12:14 +0000)]
Pullup ticket #2763 - requested by hasso
quagga-devel: security update
Revisions pulled up:
- net/quagga-devel/Makefile 1.8
- net/quagga-devel/distinfo 1.8
---
Module Name: pkgsrc
Committed By: hasso
Date: Wed May 13 10:02:40 UTC 2009
Modified Files:
pkgsrc/net/quagga-devel: Makefile distinfo
Log Message:
Update to 0.99.12. Changes since 0.99.11:
bgpd:
Fix bgp ipv4/ipv6 accept handling
[bgpd] AS4 bugfix by Chris Caputo [SECURITY]
[bgpd] Add 'show bgp views' command
[bgpd] Allow accepted peers to progress even if realpeer is in Connect
ospfd:
[lib] Move type cast in Fletcher checksum
[lib] Switch Fletcher checksum back to old ospfd version
Justified OSPF cost function names and added support for:
ospf cost <1-65535> A.B.C.D
no ospf cost <1-65535>
library:
[lib] Fix timer precision.
[lib] fix missing sockunion_normalise_mapped
vtysh:
[vtysh] Add commands from zebra_routemap.c to vtysh
misc:
[build] tools/multiple-bgpd.sh should be in 'make dist'
tron [Mon, 11 May 2009 09:37:56 +0000 (09:37 +0000)]
Pullup ticket #2762.
tron [Mon, 11 May 2009 09:30:52 +0000 (09:30 +0000)]
Pullup ticket #2762 - requested by tnn
dovecot: bug fix
Revisions pulled up:
- mail/dovecot/Makefile 1.132 via patch
- mail/dovecot/distinfo 1.97 via patch
- mail/dovecot/patches/patch-ab 1.26
- mail/dovecot/patches/patch-ah 1.5
---
Module Name: pkgsrc
Committed By: tnn
Date: Mon May 11 08:54:49 UTC 2009
Modified Files:
pkgsrc/mail/dovecot/patches: patch-ab
Added Files:
pkgsrc/mail/dovecot/patches: patch-ah
Log Message:
Bump the default value of the login_process_size limit from 64 to 128.
Without this dovecot fails to start on NetBSD-current, as reported by
several people. Bump PKGREVISION.
tron [Sun, 10 May 2009 07:42:25 +0000 (07:42 +0000)]
Pullup ticket #2761.
tron [Sun, 10 May 2009 07:41:59 +0000 (07:41 +0000)]
Pullup ticket #2761 - requested by taca
ruby18-base: Solaris build fix
Revisions pulled up:
- lang/ruby18-base/distinfo 1.37
- lang/ruby18-base/patches/patch-bi 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 9 05:32:39 UTC 2009
Modified Files:
pkgsrc/lang/ruby18-base: distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-bi
Log Message:
Apply a patch to fix compile error on Solaris 10. The patch was supplied
by KAWAKUBO Hiroshi via PR pkg/41386.
tron [Fri, 8 May 2009 10:13:40 +0000 (10:13 +0000)]
Pullup ticket #2760.
tron [Fri, 8 May 2009 10:13:06 +0000 (10:13 +0000)]
Pullup ticket #2760 - requested by hasso
opensc: security update
Revisions pulled up:
- security/opensc/Makefile.common 1.3
- security/opensc/distinfo 1.3
---
Module Name: pkgsrc
Committed By: hasso
Date: Fri May 8 07:02:37 UTC 2009
Modified Files:
pkgsrc/security/opensc: Makefile.common distinfo
Log Message:
Update to 0.11.8. Fixes a security problem, for details see:
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
New in 0.11.8; 2009-05-07;
* Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1)
* fix compiling without openssl.
* updated and improve entersafe driver. FTCOS/PK-01C cards are supported
now, compatible with cards writen by Feitian's software on windows.
spz [Wed, 6 May 2009 09:35:56 +0000 (09:35 +0000)]
pullup 2756
spz [Wed, 6 May 2009 09:34:11 +0000 (09:34 +0000)]
Pullup ticket 2756 - requested by tnn
Security fix
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.80
- pkgsrc/security/gnutls/distinfo 1.54
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 20 13:11:57 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 2.6.5. Update commented out LICENSE (needs two).
* Version 2.6.5 (released 2009-04-11)
** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
specify the client hello message record version. Used to overcome buggy
TLS servers. Report by Martin von Gagern.
** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
Libtasn1 0.3.4 or later is required. This is to align with the
upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.52 -r1.53 pkgsrc/security/gnutls/distinfo
Module Name: pkgsrc
Committed By: zafer
Date: Fri May 1 13:49:07 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
replace non working mirrors with working ones.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/security/gnutls/Makefile
Module Name: pkgsrc
Committed By: tnn
Date: Sat May 2 20:04:33 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to gnutls-2.6.6.
* Version 2.6.6 (released 2009-04-30)
libgnutls: Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil. See the advisory
for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
libgnutls: Fix DSA key generation.
Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.53 -r1.54 pkgsrc/security/gnutls/distinfo
tron [Tue, 5 May 2009 09:39:28 +0000 (09:39 +0000)]
Pullup ticket #2757.
tron [Tue, 5 May 2009 09:38:32 +0000 (09:38 +0000)]
Pullup ticket #2757 - requested by tnn
libmodplug: security update
Revisions pulled up:
- audio/libmodplug/Makefile 1.10
- audio/libmodplug/distinfo 1.4
---
Module Name: pkgsrc
Committed By: tnn
Date: Sat May 2 19:26:58 UTC 2009
Modified Files:
pkgsrc/audio/libmodplug: Makefile distinfo
Log Message:
Update to libmodplug-0.8.7.
27 April 2009: libmodplug 0.8.7
Fixed a bug in the AMF decoder, patches from several downstream sources
including: Fix delete method in AMF, MDL (Fixing Novel Bug #443444)
Fixed instrument name size (possible buffer overflow)
Fixed 24/32 bit conversion routine (bit shifting bug)
Use tables.h in mod+s3m, Better MingW32 support.
20 April 2009: libmodplug 0.8.6
Release to fix integer boundary condition exploit, more clean up of
code 14 April 2009: libmodplug 0.8.5 [ tar.gz ]
Release to improve cross platform support (Windows, Mac OS X),
Bugs in ABC detection, small cleanups
spz [Sun, 3 May 2009 14:19:18 +0000 (14:19 +0000)]
pullup tickets 2755 and 2758
spz [Sun, 3 May 2009 14:16:41 +0000 (14:16 +0000)]
Pullup ticket 2755 and 2758 - requested by tnn
Security fix
Revisions pulled up:
- pkgsrc/graphics/freetype2/Makefile 1.69
- pkgsrc/graphics/freetype2/distinfo 1.31
- pkgsrc/graphics/freetype2/patches/patch-aa 1.17
- pkgsrc/graphics/freetype2/patches/patch-ab 1.12
- pkgsrc/graphics/freetype2/patches/patch-ac 1.4
- pkgsrc/graphics/freetype2/patches/patch-ad 1.2
Module Name: pkgsrc
Committed By: drochner
Date: Thu Apr 16 20:26:26 UTC 2009
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
Removed Files:
pkgsrc/graphics/freetype2/patches: patch-aa
Log Message:
update to 2.3.9
changes:
-important bugfixes
-improved CID support
There was an ABI breakage between 2.3.7 and 2.3.8 which was reverted
in 2.3.9. The public 'PS_FontInfoRec' structure was expanded and
then shrunk. Applications compiled against 2.3.8 should work fine
with 2.3.9. Applications compiled against the new 2.3.9 can
theoretically exhibit problems if run against a 2.3.8 binary, if
some PS_FontInfo stuff is used. See the freetype release notes
for details. I didn't find any suspects for now. If one is found,
it should be changed to require 2.3.9, and PKGREV bumped.
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/graphics/freetype2/distinfo
cvs rdiff -u -r1.15 -r0 pkgsrc/graphics/freetype2/patches/patch-aa
Date: Sat, 2 May 2009 19:44:51 +0000
From: Tobias Nygren <tnn@netbsd.org>
To: pkgsrc-changes@NetBSD.org
Subject: CVS commit: pkgsrc/graphics/freetype2
Module Name: pkgsrc
Committed By: tnn
Date: Sat May 2 19:44:51 UTC 2009
Modified Files:
pkgsrc/graphics/freetype2: Makefile distinfo
Added Files:
pkgsrc/graphics/freetype2/patches: patch-aa patch-ab patch-ac
patch-ad
Log Message:
patch-[a-d]: Upstream patches for CVE-2009-0946.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 pkgsrc/graphics/freetype2/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/freetype2/distinfo
cvs rdiff -u -r0 -r1.17 pkgsrc/graphics/freetype2/patches/patch-aa
cvs rdiff -u -r0 -r1.12 pkgsrc/graphics/freetype2/patches/patch-ab
cvs rdiff -u -r0 -r1.4 pkgsrc/graphics/freetype2/patches/patch-ac
cvs rdiff -u -r0 -r1.2 pkgsrc/graphics/freetype2/patches/patch-ad
spz [Sun, 3 May 2009 12:32:01 +0000 (12:32 +0000)]
Pullup ticket #2754
spz [Sun, 3 May 2009 12:29:53 +0000 (12:29 +0000)]
Pullup ticket 2754 - requested by tron
Build fix for Solaris
Revisions pulled up:
- pkgsrc/net/libtorrent/Makefile 1.30
- pkgsrc/net/libtorrent/distinfo 1.22
- pkgsrc/net/libtorrent/patches/patch-aa 1.8
- pkgsrc/net/rtorrent/Makefile 1.30
- pkgsrc/net/rtorrent/distinfo 1.21
- pkgsrc/net/rtorrent/patches/patch-aa 1.7
Module Name: pkgsrc
Committed By: tron
Date: Fri Apr 10 09:06:21 UTC 2009
Modified Files:
pkgsrc/net/libtorrent: Makefile distinfo
pkgsrc/net/rtorrent: Makefile distinfo
Added Files:
pkgsrc/net/libtorrent/patches: patch-aa
pkgsrc/net/rtorrent/patches: patch-aa
Log Message:
Add two patches taken from "xnet.fi" to fix the build under SunOS 5.11
(and eventually older versions). Problem reported by Tom Hensel in
private e-mail.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/libtorrent/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/libtorrent/distinfo
cvs rdiff -u -r0 -r1.8 pkgsrc/net/libtorrent/patches/patch-aa
cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/rtorrent/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/rtorrent/distinfo
cvs rdiff -u -r0 -r1.7 pkgsrc/net/rtorrent/patches/patch-aa
tron [Sun, 3 May 2009 08:42:17 +0000 (08:42 +0000)]
Pullup ticket #2753.
tron [Sun, 3 May 2009 08:41:49 +0000 (08:41 +0000)]
Pullup ticket #2753 - requested by taca
typolight: bug fix
Revisions pulled up:
- www/typolight26/MESSAGE 1.2 via patch
- www/typolight26/Makefile 1.2 via patch
- www/typolight26/distinfo 1.2 via patch
- www/typolight26/patches/patch-ac 1.1 via patch
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 30 13:12:41 UTC 2009
Modified Files:
pkgsrc/www/typolight26: MESSAGE Makefile distinfo
Added Files:
pkgsrc/www/typolight26/patches: patch-ac
Log Message:
* Correct path in MESSAGE.
* Remove conflict with typolight-2*.
* Add a patch to fix problem that cached pages are displayed twice.
Bump PKGREVISION.
tron [Fri, 1 May 2009 12:49:21 +0000 (12:49 +0000)]
Pullup ticket #2752.
tron [Fri, 1 May 2009 12:42:03 +0000 (12:42 +0000)]
Pullup ticket #2752 - requested by taca
ruby18-base: security update
ruby18-curses: security update
ruby18-tk: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.45
- lang/ruby18-base/Makefile 1.50
- lang/ruby18-base/distinfo 1.36
- lang/ruby18-base/patches/patch-dg delete
- lang/ruby18-base/patches/patch-dh delete
- lang/ruby18-base/patches/patch-dj delete
- devel/ruby-curses/distinfo 1.18
- x11/ruby-tk/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:10:17 UTC 2009
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
Log Message:
Bump Ruby 1.8.7's patch level to 160.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:11:12 UTC 2009
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Removed Files:
pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh patch-dj
Log Message:
Update ruby18-base-1.8.7.160 (1.8.7-p160).
This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7. Check the ChangeLog for more details.
Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:12:18 UTC 2009
Modified Files:
pkgsrc/devel/ruby-curses: distinfo
Log Message:
Update distinfo refelecting update to Ruby 1.8.7-p160.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 16 17:12:42 UTC 2009
Modified Files:
pkgsrc/x11/ruby-tk: distinfo
Log Message:
Update distinfo refelecting update to Ruby 1.8.7-p160.
tron [Wed, 29 Apr 2009 21:29:42 +0000 (21:29 +0000)]
Pullup ticket #2751.
tron [Wed, 29 Apr 2009 21:29:23 +0000 (21:29 +0000)]
Pullup ticket #2751 - requested by drochner
poppler: security update
Revisions pulled up:
- print/poppler-glib/Makefile 1.19-1.20
- print/poppler/Makefile 1.38-1.39
- print/poppler/Makefile.common 1.29
- print/poppler/distinfo 1.42-1.43
- print/poppler/patches/patch-ai 1.8
- print/poppler/patches/patch-al 1.3
- print/poppler/patches/patch-am 1.1
- print/poppler/patches/patch-bc delete
---
Module Name: pkgsrc
Committed By: drochner
Date: Mon Apr 6 09:29:27 UTC 2009
Modified Files:
pkgsrc/print/poppler: Makefile distinfo
Added Files:
pkgsrc/print/poppler/patches: patch-al patch-am
Log Message:
fix some problems with interactive forms:
-if a choice field defines both an "export value" and a "name", use the
latter as "value" if selected (according to the PDF spec) -- makes
that I can fill in my company's travel expenses form correctly
(there is still an issue with captions of check boxes / radio
buttons which looks like a font problem)
-where iconv() is called to fill in a text field, use "UTF-8" and
"UTF-16BE" as encoding names rather than the less portable
"UTF8" and "UTF16BE" -- this makes it work on NetBSD
bump PKGREVISION
---
Module Name: pkgsrc
Committed By: drochner
Date: Mon Apr 6 09:31:45 UTC 2009
Modified Files:
pkgsrc/print/poppler-glib: Makefile
Log Message:
bump PKGREVISION for font conversion patch added to the base pkg
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 17 16:08:18 UTC 2009
Modified Files:
pkgsrc/print/poppler: Makefile Makefile.common distinfo
pkgsrc/print/poppler/patches: patch-ai
Removed Files:
pkgsrc/print/poppler/patches: patch-bc
Log Message:
update to 0.10.6
changes:
* Fix problems that happen when parsing broken JBIG2 files.
CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180
CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188
* Fix parsing of incorrect border arrays. (was patched in pkgsrc)
* Fix clip test for fonts.
* Fix getGlyphAdvance to behave correctly on font size changes.
* Misc build fixes
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 17 16:08:54 UTC 2009
Modified Files:
pkgsrc/print/poppler-glib: Makefile
Log Message:
reset PKGREVISION for base pkg update
tron [Tue, 28 Apr 2009 11:16:31 +0000 (11:16 +0000)]
Pullup tickets #2748, #2749 and #2750.
tron [Tue, 28 Apr 2009 11:16:12 +0000 (11:16 +0000)]
Pullup ticket #2748 - requested by gdt
wireshark: build fix
Revisions pulled:
- net/wireshark/Makefile patch
---
Comment out the "LICENSE" line as tagging for Free licenses is not
supported in the pkgsrc-2009Q1 branch.
tron [Tue, 28 Apr 2009 10:47:59 +0000 (10:47 +0000)]
Pullup ticket #2750 - requested by tnn
firefox3: security update
Revisions pulled up:
- www/firefox3/Makefile 1.31
- www/firefox3/distinfo 1.24
---
Module Name: pkgsrc
Committed By: tnn
Date: Tue Apr 28 09:14:25 UTC 2009
Modified Files:
pkgsrc/www/firefox3: Makefile distinfo
Log Message:
Update to Firefox 3.0.10. Fixes a botched security fix from 3.0.9 which
may result in crashes if certain addons are installed. (mfsa2009-23)
tron [Tue, 28 Apr 2009 10:08:44 +0000 (10:08 +0000)]
Pullup ticket #2749 - requested by drochner
ghostscript: security patch
Revisions pulled up:
- print/ghostscript/Makefile 1.62
- print/ghostscript/distinfo 1.24
- print/ghostscript/patches/patch-aj 1.4
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Apr 17 15:05:31 UTC 2009
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
pkgsrc/print/ghostscript/patches: patch-aj
Log Message:
add a patch (from Redhat bugzilla #491853) to fix more integer
overflows in the icc code (CVE-2009-0792),
bump PKGREVISION
spz [Sat, 25 Apr 2009 16:36:20 +0000 (16:36 +0000)]
pullup #2743
spz [Sat, 25 Apr 2009 16:35:27 +0000 (16:35 +0000)]
Pullup ticket 2743 - requested by tron
Security update
Revisions pulled up:
- pkgsrc/print/xpdf/Makefile 1.66
- pkgsrc/print/xpdf/distinfo 1.34
Module Name: pkgsrc
Committed By: tron
Date: Fri Apr 17 12:09:35 UTC 2009
Modified Files:
pkgsrc/print/xpdf: Makefile distinfo
Log Message:
Update "xpdf" package to version 3.02pl3. This update fixes the
security vulnerabilities reported in CVE-2009-0146, CVE-2009-0147,
CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181, CVE-2009-1182 and CVE-2009-1183.
To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 pkgsrc/print/xpdf/Makefile
cvs rdiff -u -r1.33 -r1.34 pkgsrc/print/xpdf/distinfo
spz [Sat, 25 Apr 2009 16:08:37 +0000 (16:08 +0000)]
pullup #2741
spz [Sat, 25 Apr 2009 16:06:59 +0000 (16:06 +0000)]
Pullup ticket 2741 - requested by tron
Security fix
Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.79
- pkgsrc/databases/phpmyadmin/distinfo 1.41
Module Name: pkgsrc
Committed By: tron
Date: Fri Apr 17 09:40:13 UTC 2009
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.9.5. This fixes the remote
code execution vulnerability reported in PMASA-2009-3 / CVE-2009-1151.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.40 -r1.41 pkgsrc/databases/phpmyadmin/distinfo
tron [Thu, 23 Apr 2009 20:38:21 +0000 (20:38 +0000)]
Pullup ticket #2747.
tron [Thu, 23 Apr 2009 20:38:05 +0000 (20:38 +0000)]
Pullup ticket #2747 - requested by tez
mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.45
- security/mit-krb5/distinfo 1.22
- security/mit-krb5/patches/patch-bn 1.1
- security/mit-krb5/patches/patch-bo 1.1
- security/mit-krb5/patches/patch-bp 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Apr 21 18:58:18 UTC 2009
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bn patch-bo patch-bp
Log Message:
Add patches for CVE-2009-0846 & CVE-2009-0847
approved by agc
tron [Wed, 22 Apr 2009 22:09:11 +0000 (22:09 +0000)]
Pullup ticket #2746.
tron [Wed, 22 Apr 2009 22:08:42 +0000 (22:08 +0000)]
Pullup ticket #2746 - requested by tnn
firefox3: security update
Revisions pulled up:
- www/firefox3/Makefile 1.30
- www/firefox3/distinfo 1.23
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Apr 22 18:15:05 UTC 2009
Modified Files:
pkgsrc/www/firefox3: Makefile distinfo
Log Message:
Update to firefox3-3.0.9.
- Fixed several security issues:
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with
embedded frame
MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
MFSA 2009-19 Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via
view-source: scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header
on the inner URI
MFSA 2009-15 URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
- Fixed several stability issues.
- Many users experienced an issue where a corrupt local database caused
Firefox to "lose" its stored cookies. (bug 470578)
- Fixed an issue where, starting with Firefox 3.0.7, inline image
attachments on popular webmail services (like AOL and AIM) would not
display. (bug 482659)
- Large forms would sometimes take a long time to submit. (bug 426991)
- In certain cases, new windows would not have proper focus. (bug 446568)
tron [Tue, 21 Apr 2009 19:13:17 +0000 (19:13 +0000)]
Pullup tickets #2744 and #2745.
tron [Tue, 21 Apr 2009 19:12:01 +0000 (19:12 +0000)]
Pullup tickets #2744 and #2745 - requested by he
parrot: build fix
Revisions pulled up:
- lang/parrot/distinfo 1.9-1.11
- lang/parrot/patches/patch-ab 1.5-1.7
---
Module Name: pkgsrc
Committed By: he
Date: Fri Apr 17 19:54:39 UTC 2009
Modified Files:
pkgsrc/lang/parrot: distinfo
pkgsrc/lang/parrot/patches: patch-ab
Log Message:
Two minor changes to the adaptation for NetBSD/powerpc, resulting
in no code change and adding portability to NetBSD 3.x, so no
revision bump:
o Let the workaround for missing R_PPC_ADDR16{HI,LO} work for other
systems who also define R_PPC_16_{HI,LO} instead.
o Add portability to NetBSD/powerpc 3.x, which has a very minimalist
<powerpc/elf_machdep.h> file.
---
Module Name: pkgsrc
Committed By: he
Date: Fri Apr 17 22:08:44 UTC 2009
Modified Files:
pkgsrc/lang/parrot: distinfo
pkgsrc/lang/parrot/patches: patch-ab
Log Message:
For the NetBSD/powerpc 3.x case, use the enums out of <powerpc/reloc.h>
instead of literal integers. Again, this should not result in different
code, so no reason to bump revision.
---
Module Name: pkgsrc
Committed By: he
Date: Mon Apr 20 07:55:00 UTC 2009
Modified Files:
pkgsrc/lang/parrot: distinfo
pkgsrc/lang/parrot/patches: patch-ab
Log Message:
While the logic for handling NetBSD/powerpc (and OpenBSD/powerpc)
was correct, it was mis-placed in the file. It needs to include
<elf.h> or the moral equivalent of that before the symbols can be
tested. This now corresponds with what's committed upstream.
Again, since this is a build fix, no revision bump should be required.
spz [Fri, 17 Apr 2009 21:50:58 +0000 (21:50 +0000)]
pullup #2738
spz [Fri, 17 Apr 2009 21:43:51 +0000 (21:43 +0000)]
Pullup ticket 2738 - requested by tron
Security fix
Revisions pulled up:
- pkgsrc/graphics/ghostscript/Makefile 1.61
- pkgsrc/graphics/ghostscript/distinfo 1.23
- pkgsrc/graphics/ghostscript/patches/patch-aa 1.4
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 14 19:32:54 UTC 2009
Modified Files:
pkgsrc/print/ghostscript: Makefile distinfo
Added Files:
pkgsrc/print/ghostscript/patches: patch-aa
Log Message:
Add patch for the security vulnerability reported in CVE-2009-0196
taken from Redhat's Bugzilla.
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/print/ghostscript/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/print/ghostscript/distinfo
cvs rdiff -u -r0 -r1.4 pkgsrc/print/ghostscript/patches/patch-aa
tron [Fri, 17 Apr 2009 14:49:13 +0000 (14:49 +0000)]
Pullup ticket #2742.
tron [Fri, 17 Apr 2009 14:48:45 +0000 (14:48 +0000)]
Pullup ticket #2742 - requested by joerg
cdrtools: bug fix
Revision pulled up:
- sysutils/cdrtools/Makefile 1.54 (via patch)
- sysutils/cdrtools/distinfo 1.33 (via patch)
- sysutils/cdrtools/patches/patch-ac 1.4
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Apr 16 16:44:03 UTC 2009
Modified Files:
pkgsrc/sysutils/cdrtools: Makefile distinfo
Added Files:
pkgsrc/sysutils/cdrtools/patches: patch-ac
Log Message:
Fix broken caching of iconv handlers. Addresses PR 37643.
tron [Fri, 17 Apr 2009 12:23:42 +0000 (12:23 +0000)]
Note pullup of ticket #2740.
tron [Fri, 17 Apr 2009 12:23:28 +0000 (12:23 +0000)]
Pullup ticket #2740 - requested by tnn
openssl: build fix
Revisions pulled up:
- security/openssl/distinfo 1.67
- security/openssl/patches/patch-ac 1.35
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Apr 16 09:50:37 UTC 2009
Modified Files:
pkgsrc/security/openssl: distinfo
pkgsrc/security/openssl/patches: patch-ac
Log Message:
NetBSD/sparc64 build fix. Reported and fix tested by Michael C.
Vergallen.
spz [Fri, 17 Apr 2009 07:52:42 +0000 (07:52 +0000)]
Pullup #2737
spz [Fri, 17 Apr 2009 07:50:07 +0000 (07:50 +0000)]
Pullup ticket 2737 - requested by tron
Security fix
Revisions pulled up:
- pkgsrc/graphics/lcms/Makefile 1.29
- pkgsrc/graphics/lcms/distinfo 1.20
- pkgsrc/graphics/lcms/patches/patch-aa 1.10
Module Name: pkgsrc
Committed By: tron
Date: Tue Apr 14 18:54:38 UTC 2009
Modified Files:
pkgsrc/graphics/lcms: Makefile distinfo
Added Files:
pkgsrc/graphics/lcms/patches: patch-aa
Log Message:
Add patch for the security vulnerability reported in SA34634/CVE-2009-0793
taken from Redhat's Bugzilla.
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 pkgsrc/graphics/lcms/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/graphics/lcms/distinfo
cvs rdiff -u -r0 -r1.10 pkgsrc/graphics/lcms/patches/patch-aa
tron [Thu, 16 Apr 2009 21:56:37 +0000 (21:56 +0000)]
Pullup ticket #2739.
tron [Thu, 16 Apr 2009 21:56:14 +0000 (21:56 +0000)]
Pullup ticket #2739 - requested by he
parrot: build fix
Revisions pulled up:
- lang/parrot/distinfo 1.8
- lang/parrot/patches/patch-ad 1.3
- lang/parrot/patches/patch-ae 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Tue Apr 14 23:50:20 UTC 2009
Modified Files:
pkgsrc/lang/parrot: distinfo
Added Files:
pkgsrc/lang/parrot/patches: patch-ad patch-ae
Log Message:
Fix the detection and use of perldoc, so that this package can be
fully built and installed when the build is run as root. The reason
this is problematical is that perldoc changes uid if run as root, to
either 'nobody', 'nouser' or uid -2, for security reasons, and then
cannot write files owned by root or create files in directories owned
by root with 'normal' permissions.
No revision bump as this should purely be a build fix.
tron [Tue, 14 Apr 2009 21:18:59 +0000 (21:18 +0000)]
Pullup tickets #2734, #2735 and #2736.
tron [Tue, 14 Apr 2009 21:18:35 +0000 (21:18 +0000)]
Pullup ticket #2736 - requested by joerg
libnbcompat: portability fix
Revisions pulled up:
- pkgtools/libnbcompat/Makefile 1.71
- pkgtools/libnbcompat/files/configure 1.72
- pkgtools/libnbcompat/files/configure.ac 1.73
- pkgtools/libnbcompat/files/getopt_long.c 1.11
- pkgtools/libnbcompat/files/nbcompat.h 1.43
- pkgtools/libnbcompat/files/nbcompat/config.h.in 1.26
---
Module Name: pkgsrc
Committed By: joerg
Date: Mon Apr 13 11:30:46 UTC 2009
Modified Files:
pkgsrc/pkgtools/libnbcompat: Makefile
pkgsrc/pkgtools/libnbcompat/files: configure configure.ac nbcompat.h
pkgsrc/pkgtools/libnbcompat/files/nbcompat: config.h.in
Log Message:
libnbcompat-
20090409:
Resort and improve getopt_long detection. Should fix issues on Interix
reported by mishka@ and QNX problems reported by Sean Boudreau.
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Apr 14 17:34:42 UTC 2009
Modified Files:
pkgsrc/pkgtools/libnbcompat/files: getopt_long.c
Log Message:
Always declare optreset.
XXX optreset should be removed here, it can't be used correctly with a
GNU getopt_long implementation without touching the environment.
tron [Tue, 14 Apr 2009 21:12:04 +0000 (21:12 +0000)]
Pullup ticket #2735 - requested by adrianp:
unrealircd: security patch
Revisions pulled up:
- chat/unrealircd/Makefile 1.26
- chat/unrealircd/distinfo 1.11
- chat/unrealircd/patches/patch-ag 1.1
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Apr 13 16:20:52 UTC 2009
Modified Files:
pkgsrc/chat/unrealircd: Makefile distinfo
Added Files:
pkgsrc/chat/unrealircd/patches: patch-ag
Log Message:
Add patch for http://forums.unrealircd.com/viewtopic.php?t=6204
Update MASTER_SITES
PKGREVISION++
tron [Tue, 14 Apr 2009 20:51:17 +0000 (20:51 +0000)]
Pullup ticket #2734 - requested by cube
ptlib: package list fix
Revisions pulled up:
- devel/ptlib/Makefile 1.8
- devel/ptlib/PLIST 1.6
---
Module Name: pkgsrc
Committed By: cube
Date: Mon Apr 13 18:34:25 UTC 2009
Modified Files:
pkgsrc/devel/ptlib: Makefile PLIST
Log Message:
Fix PLIST, bump PKGREVISION. PR#41199 by Bernd Ernesti.
tron [Tue, 14 Apr 2009 19:12:50 +0000 (19:12 +0000)]
Pullup ticket #2730 - requested by martti
clamav: bug fix update
Revisions pulled up:
- mail/clamav/Makefile 1.93
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Apr 14 06:16:24 UTC 2009
Modified Files:
pkgsrc/mail/clamav: Makefile
Log Message:
PKGREVISION++ after the unrar fixes...
tron [Sun, 12 Apr 2009 23:17:12 +0000 (23:17 +0000)]
Restore entries which got removed accidentally by the last commit.
projects / pkgsrc.git / log