tron [Sun, 6 Sep 2009 14:31:35 +0000 (14:31 +0000)]
Pullup ticket #2882 - requested by jnemeth
asterisk: security update
Revisions pulled up:
- comms/asterisk/Makefile 1.68
- comms/asterisk/PLIST.common 1.17
- comms/asterisk/distinfo 1.44
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Sat Sep 5 01:44:19 UTC 2009
Modified Files:
pkgsrc/comms/asterisk: Makefile PLIST.common distinfo
Log Message:
update to asterisk 1.2.35 which fixes AST-2009-006 -- IAX2 DOS vulnerability
tron [Sun, 6 Sep 2009 13:47:20 +0000 (13:47 +0000)]
Pullup ticket #2881 - requested by joerg
pbulk-base: bug fix update
pbulk: bug fix update
Revisions pulled up:
- pkgtools/pbulk-base/Makefile 1.2
- pkgtools/pbulk/Makefile 1.55
- pkgtools/pbulk/files/pbulk/lib/event.c 1.6
- pkgtools/pbulk/files/pbulk/scripts/pkg-build 1.18
--
Module Name: pkgsrc
Committed By: joerg
Date: Sun Aug 23 18:02:04 UTC 2009
Modified Files:
pkgsrc/pkgtools/pbulk-base: Makefile
pkgsrc/pkgtools/pbulk/files/pbulk/lib: event.c
Log Message:
pbulk-base-0.39:
Fix ordering of event handler vs queue modification. This can result in
queue corruption or use after free when the master can't handle a
request before the next arrives. From Matt Dillon.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Sep 4 22:06:18 UTC 2009
Modified Files:
pkgsrc/pkgtools/pbulk: Makefile
pkgsrc/pkgtools/pbulk/files/pbulk/scripts: pkg-build
Log Message:
pbulk-0.41:
Create & chown work.log for destdir builds too, as the normal build is
run unprivileged.
spz [Sat, 5 Sep 2009 08:52:22 +0000 (08:52 +0000)]
should have been deleted with pullup #2844 already
tron [Tue, 1 Sep 2009 11:54:43 +0000 (11:54 +0000)]
Pullup tickets #2879 and #2880.
tron [Tue, 1 Sep 2009 11:54:26 +0000 (11:54 +0000)]
Pullup ticket #2880 - requested by tez
htmldoc: security patch
Revisions pulled up:
- www/htmldoc/Makefile 1.27 via patch
- www/htmldoc/distinfo 1.9
- www/htmldoc/patches/patch-ab 1.3
- www/htmldoc/patches/patch-ac 1.1
- www/htmldoc/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Thu Aug 27 21:51:37 UTC 2009
Modified Files:
pkgsrc/www/htmldoc: Makefile distinfo
Added Files:
pkgsrc/www/htmldoc/patches: patch-ab patch-ac patch-ad
Log Message:
Fix for Secunia Advisory: SA35780
from http://bugs.gentoo.org/attachment.cgi?id=199846
tron [Tue, 1 Sep 2009 11:48:42 +0000 (11:48 +0000)]
Pullup ticket #2879 - requested by martti
postfix: bug fix update
Revisions pulled up:
- mail/postfix/Makefile 1.229-1.230
- mail/postfix/distinfo 1.128
---
Module Name: pkgsrc
Committed By: heinz
Date: Sun Aug 9 21:15:31 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile
Log Message:
Enabled installation to DESTDIR. (OK by martti@).
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 31 09:37:35 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.6.5
The stable release Postfix 2.6.5 addresses the defects described
below (some already addressed with the not-announced Postfix 2.6.3
release). These defects are also addressed in the legacy releases
that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.
Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-
20090807, and
2.7-
20090807-nonprod. These contain a DNS workaround that causes
more trouble than it prevents. It is removed until further notice.
Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be
applied towards the next MAIL FROM transaction. This problem was
diagnosed with help from Alban Deniz.
Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix SMTP server would abort with an "unexpected lookup
table" error when an SMTPD policy server was mis-configured in a
particular way.
spz [Sat, 29 Aug 2009 13:03:16 +0000 (13:03 +0000)]
pullup #2875
spz [Sat, 29 Aug 2009 13:02:45 +0000 (13:02 +0000)]
Pullup ticket 2875 - requested by tron
security update
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.108
- pkgsrc/mail/squirrelmail/PLIST 1.33
- pkgsrc/mail/squirrelmail/distinfo 1.55
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 26 12:47:17 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Update "squirremail" package to version 1.4.20rc2. Changes since 1.4.19:
- Protect message deletion with security token system.
(Secunia Advisory SA346)
- Removed the shut down DSBL blocklists (#2796734).
- Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess
(#2798839).
- Updated INSTALL doc to remove possible bad system admin typos (#2827153).
- PHP 5.3 deprecates ereg functions (#2820952).
- Filters plugin uses badly formatted literals request (#2805201).
- Provide option for complete removal of usernames and user IP addresses
from message headers, and remove personal data from Message ID seed.
(#880029/847107)
- Implemented page referal verification mechanism.
(Secunia Advisory SA34627)
- Implemented security token system. (Secunia Advisory SA34627)
Approved by Martti Kuparinen.
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -u -r1.54 -r1.55 pkgsrc/mail/squirrelmail/distinfo
spz [Sat, 29 Aug 2009 09:49:54 +0000 (09:49 +0000)]
pullup #2874
spz [Sat, 29 Aug 2009 09:49:14 +0000 (09:49 +0000)]
Pullup ticket 2874 - requested by tron
security update
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.86
- pkgsrc/security/gnutls/PLIST 1.36
- pkgsrc/security/gnutls/distinfo 1.60
Files added:
pkgsrc/security/gnutls/patches/patch-ak 1.2
pkgsrc/security/gnutls/patches/patch-al 1.2
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 18 10:32:32 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 2.8.1:
* Version 2.8.1 (released 2009-06-10)
** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cyc=
le.
Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
<http://bugs.gentoo.org/272388>.
** libgnutls: Fix PKCS#12 decryption from password.
The encryption key derived from the password was incorrect for (on
average) 1 in every 128 input for random inputs. Reported by "Kukosa,
Tomas" <tomas.kukosa@siemens-enterprise.com> in
<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/security/gnutls/distinfo
----------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Jul 22 16:50:07 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-ak patch-al
Log Message:
disable the openssl compatibility library -- no pkg I know of needs
it, and it only has a potential to conflict with the real openssl
(bad things will happen if a program links or dlopen()s both)
bump PKGREVISION
(the bug fixed in the added patches is already fixed upstream, will
be in the next release)
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-ak \
pkgsrc/security/gnutls/patches/patch-al
----------------------------------------------------------------------
Module Name: pkgsrc
Committed By: snj
Date: Thu Aug 13 18:56:32 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
pkgsrc/security/gnutls/patches: patch-ak patch-al
Log Message:
Update to 2.8.3. Changes:
* Version 2.8.3 (released 2009-08-13)
** libgnutls: Fix patch for NUL in CN/SAN in last release.
Code intended to be removed would lead to an read-out-bound error in
some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE
code have been allocated for the vulnerability: [CVE-2009-2730].
** libgnutls: Fix rare failure in gnutls_x509_crt_import.
The function may fail incorrectly when an earlier certificate was
imported to the same gnutls_x509_crt_t structure.
** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build
error.
** tests: Made self-test mini-eagain take less time.
** doc: Typo fixes.
** API and ABI modifications:
No changes since last version.
* Version 2.8.2 (released 2009-08-10)
** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
into 1) not printing the entire CN/SAN field value when printing a
certificate and 2) cause incorrect positive matches when matching a
hostname against a certificate. Some CAs apparently have poor
checking of CN/SAN values and issue these (arguable invalid)
certificates. Combined, this can be used by attackers to become a
MITM on server-authenticated TLS sessions. The problem is mitigated
since attackers needs to get one certificate per site they want to
attack, and the attacker reveals his tracks by applying for a
certificate at the CA. It does not apply to client authenticated TLS
sessions. Research presented independently by Dan Kaminsky and Moxie
Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
for providing one part of the patch. [GNUTLS-SA-2009-4].
** libgnutls: Fix return value of gnutls_certificate_client_get_request_sta=
tus.
Before it always returned false. Reported by Peter Hendrickson
<pdh@wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
** libgnutls: Fix off-by-one size computation error in unknown DN printing.
The error resulted in truncated strings when printing unknown OIDs in
X.509 certificate DNs. Reported by Tim Kosse
<tim.kosse@filezilla-project.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
** libgnutls: Return correct bit lengths of some MPIs.
gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
gnutls_dh_get_peers_public_bits. Before the reported value was
overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
and
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
Before we required that the runtime library used the same (or more
recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
that the runtime usage is above the minimum required. Reported by
Marco d'Itri <md@linux.it> via Andreas Metzler
<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
** minitasn1: Internal copy updated to libtasn1 v2.3.
** tests: Fix failure in "chainverify" because a certificate have expired.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.86 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/gnutls/patches/patch-ak \
pkgsrc/security/gnutls/patches/patch-al
tron [Fri, 28 Aug 2009 22:18:52 +0000 (22:18 +0000)]
Pullup ticket #2878.
tron [Fri, 28 Aug 2009 22:15:55 +0000 (22:15 +0000)]
Pullup ticket #2878 - requested by hasso
openexr: security patch
Revisions pulled up:
- graphics/openexr/Makefile 1.22
- graphics/openexr/distinfo 1.13 via patch
- graphics/openexr/patches/patch-ae 1.1
- graphics/openexr/patches/patch-af 1.1
- graphics/openexr/patches/patch-ag 1.1
- graphics/openexr/patches/patch-ah 1.1
- graphics/openexr/patches/patch-ai 1.1
---
Module Name: pkgsrc
Committed By: hasso
Date: Fri Aug 28 21:33:08 UTC 2009
Modified Files:
pkgsrc/graphics/openexr: Makefile distinfo
Added Files:
pkgsrc/graphics/openexr/patches: patch-ae patch-af patch-ag
patch-ah
patch-ai
Log Message:
Add patches for CVE-2009-1720 (multiple integer overflows in OpenEXR) and
CVE-2009-1721 (denial of service (application crash) or possibly execute
arbitrary code in the Imf::hufUncompress function). Bump PKGREVISION.
tron [Fri, 28 Aug 2009 12:37:17 +0000 (12:37 +0000)]
Pullup ticket #2877.
tron [Fri, 28 Aug 2009 12:35:45 +0000 (12:35 +0000)]
Pullup ticket #2877 - requested by wiz
curl: security update
Revisions pulled up:
- www/curl/Makefile 1.91
- www/curl/distinfo 1.60
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 16 13:47:35 UTC 2009
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log Message:
Update to 7.19.6:
Version 7.19.6 (12 August 2009)
Daniel Stenberg (12 Aug 2009)
- Carsten Lange reported a bug and provided a patch for TFTP upload and the
sending of the TSIZE option. I don't like fixing bugs just hours before
a release, but since it was broken and the patch fixes this for him I decided
to get it in anyway.
Daniel Stenberg (11 Aug 2009)
- Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
verification of cert names etc. This made an error show up in the OpenSSL-
specific code where it would attempt to match the CN field even if a
subjectAltName exists that doesn't match. This is now fixed and verified
in test 311.
- Benbuck Nason posted the bug report #2835196
(http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler
warnings when mixing ints and bools.
Daniel Fandrich (10 Aug 2009)
- Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow.
Daniel Fandrich (9 Aug 2009)
- Fixed some memory leaks in the command-line tool that caused most of the
torture tests to fail.
Daniel Stenberg (2 Aug 2009)
- Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
option for SNI, or are we simply not using it?
Daniel Stenberg (1 Aug 2009)
- Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
verification flaw found and exploited by Moxie Marlinspike. The presentation
he did at Black Hat is available here:
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
Apparently at least one CA allowed a subjectAltName or CN that contain a
zero byte, and thus clients that assumed they would never have zero bytes
were exploited to OK a certificate that didn't actually match the site. Like
if the name in the cert was "example.com\0theatualsite.com", libcurl would
happily verify that cert for example.com.
libcurl now better uses the length of the extracted name, not using the zero
termination for getting the string length.
This fixing only made and needed in OpenSSL interfacing code.
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
agreed that moving it to the global_init() function is a decent way to deal
with this situation.
- Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if a proxy environment variable was set.
Daniel Stenberg (27 Jul 2009)
- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and
CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to
send when using FTP, as a sign that libcurl shall simply ignore the response
from the server instead of treating it as an error. Not treating a 400+ FTP
response code as an error means that failed commands will not abort the
chain of commands, nor will they cause the connection to get disconnected.
Daniel Stenberg (26 Jul 2009)
- Johan van Selst posted bug report #2825989
(http://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that
OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and
provided the solution too: to use OpenSSL_add_all_algorithms() in addition
to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
OpenSSL 0.9.5
Daniel Stenberg (23 Jul 2009)
- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.
They introduce known_host support for SSH keys to libcurl. See docs for
details. Note that this feature depends on a new enough libssh2 version, to
be supported in libssh2 1.2 and later (or current git repo at this time).
Michal Marek (22 Jul 2009)
- David Binderman found a memory and fd leak in lib/gtls.c:load_file()
(https://bugzilla.novell.com/523919). When looking at the code, I found that
also the ptr pointer can leak.
Kamil Dudka (20 Jul 2009)
- Claes Jakobsson improved the support for client certificates handling in
NSS-powered libcurl. Now the client certificates can be selected
automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
slots is no more performed. It used to cause problems with HW tokens.
- Fixed reference counting for NSS client certificates. Now the PEM reader
module should be always properly unloaded on Curl_nss_cleanup(). If the
unload fails though, libcurl will try to reuse the already loaded instance.
Daniel Fandrich (15 Jul 2009)
- Added nonblock.c to the non-automake makefiles (note that the dependencies
in the Watcom makefiles aren't quite correct).
Michal Marek (15 Jul 2009)
- Changed the description of CURLINFO_OS_ERRNO to make it clear that the
errno is not reset on success.
Guenter Knauf (14 Jul 2009)
- renamed generated config.h to curl_config.h to avoid any future clashes
with config.h from other projects.
Daniel Stenberg (9 Jul 2009)
- Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for
setting a file descriptor non-blocking. Used by the functionality Eric
himself brough on June 15th.
Daniel Stenberg (8 Jul 2009)
- Constantine Sapuntzakis posted bug report #2813123
(http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
problem:
Url A is accessed using auth. Url A redirects to Url B (on a different
server0. Url B reuses a persistent connection. Url B has auth, even though
it's on a different server.
Note: if Url B does not reuse a persistent connection, auth is not sent.
reason:
data->state.first_host is not initialized becuase Curl_http_connect is not
called when a connection is reused.
Solution:
move initialization of data->state.first_host to Curl_http. No code before
Curl_http uses data->state.first_host anyway.
Guenter Knauf (4 Jul 2009)
- Markus Koetter provided a patch to avoid getnameinfo() usage which broke a
couple of both IPv4 and IPv6 autobuilds.
Daniel Stenberg (29 Jun 2009)
- Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port
range if given colon-separated after the host name/address part. Like
"192.168.0.1:2000-10000"
- Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I
don't know how they got wrong in the first place, but using this output
format makes it possible to quite easily separate the string into an array
of multiple items.
Daniel Fandrich (16 June 2009)
- Added a few more compiler warning options for gcc.
Daniel Stenberg (16 Jun 2009)
- Reuven Wachtfogel made curl -o - properly produce a binary output on windows
(no newline translations). Use -B/--use-ascii if you rather get the ascii
approach.
Michal Marek (16 Jun 2009)
- When doing non-anonymous ftp via http proxies and the password is not
provided in the url, add it there (squid needs this).
Daniel Stenberg (15 Jun 2009)
- Eric Wong's patch:
This allows curl(1) to be used as a client-side tunnel for arbitrary stream
protocols by abusing chunked transfer encoding in both the HTTP request and
HTTP response. This requires server support for sending a response while a
request is still being read, of course.
If attempting to read from stdin returns EAGAIN, then we pause our sender.
This leaves curl to attempt to read from the socket while reading from stdin
(and thus sending) is paused.
This change was needed to allow successfully tunneling the git protocol over
HTTP (--no-buffer is needed, as well).
Patrick Monnerat (15 Jun 2009)
- Replaced use of standard C library rand()/srand() by our own pseudo-random
number generator.
Yang Tse (11 Jun 2009)
- I adapted testcurl script to allow building test harness programs when
cross-compiling for a *-*-mingw* host.
Daniel Stenberg (10 Jun 2009)
- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
Yang Tse (10 Jun 2009)
- I introduced configure script option --enable-curldebug which now allows
the decoupled enabling or disabling of the curl debug memory tracking
feature from the --enable-debug option which no longer controls this.
curl --version will list 'Debug' feature for debug enabled builds, and
will list 'TrackMemory' feature for curl debug memory tracking capable
builds. These features are independent and can be controlled when running
the configure script. When --enable-debug is given both features will be
enabled, unless some restriction prevents memory tracking from being used.
Internally, definition of preprocessor symbol DEBUGBUILD restricts code
which is only compiled for debug enabled builds. And symbol CURLDEBUG is
used to differentiate code which is _only_ used for memory tracking.
Yang Tse (9 Jun 2009)
- Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not
initializing the fread callback pointer and this triggered a compiler
warning, also provided a friendly suggestion on how to fix it.
Daniel Stenberg (8 Jun 2009)
- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount
issue with client certs that caused issues like segfaults.
http://curl.haxx.se/mail/lib-2009-05/0316.html
- Triggered by bug report #2798852 and the patch in there, I fixed configure
to detect gnutls build options with pkg-config only and not libgnutls-config
anymore since GnuTLS has stopped distributing that tool. If an explicit path
is given to configure, we will instead guess on how to link and use that
lib. I did not use the patch from the bug report.
Yang Tse (8 Jun 2009)
- Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers
included from Makefile.inc, and provided docs\INSTALL VxWorks section.
- I removed buildconf.bat from release and daily snapshot archives. This
file is only for CVS tree checkout builds.
Daniel Stenberg (8 Jun 2009)
- Eric Wong fixed --no-buffer to actually switch off output buffering. Been
broken since 7.19.0
Bill Hoffman (6 Jun 2009)
- Added some cmake docs and fixed socklen_t in the build.
Yang Tse (5 Jun 2009)
- John E. Malmberg provided VMS specific patch: "This fixes an existing bug
in urlglob.c where it was not converting the Curl Unix exit code to a VMS
DCL compatible exit code. This fix required the enhancement described next.
This also adds an enhancement to main.c so that when curl is run under a
Unix shell like Bash on VMS, it will return the standard Unix exit codes
and messages." And another patch for docs/examples.
I introduced os-specific.c and os-specific.h for use in curl tool code
and adjusted John E. Malmberg's patch placement to use these new files
as an effort to prevent main.c from growing ad infinitum. Code already
existing in main.c which is OS specific should be moved into these files.
Daniel Stenberg (4 June 2009)
- Setting the Content-Length: header from your app when you do a POST or PUT
is almost always a VERY BAD IDEA. Yet there are still apps out there doing
this, and now recently it triggered a bug/side-effect in libcurl as when
libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
knows it will just get a 401/407 back. If the app then replaced the
Content-Length header, it caused the server to wait for input that libcurl
wouldn't send. Aaron Oneal reported this problem in bug report #2799008
(http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.
Yang Tse (4 Jun 2009)
- Igor Novoseltsev provided patches and information, that after some
adjustments to better fit curl's way of doing things, have resulted
in the posibility of building libcurl for VxWorks.
Daniel Fandrich (2 June 2009)
- Checked in a Google Android make file. To use it, you must first
create a config.h file by running configure in the Android environment,
which doesn't seem to be easy to do. If no easy way can be found, a
static config-android.h may need to be created and checked in to the
libcurl source tree.
Daniel Stenberg (1 June 2009)
- Claes Jakobsson fixed the configure script to better find and use NSS
without pkg-config.
Yang Tse (1 Jun 2009)
- John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed
out that the configure script was failing to detect the timeval struct on
VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition
taking place in socket.h instead of time.h. I have adjusted configure
script to also include this header when checking struct timeval.
Daniel Stenberg (27 May 2009)
- Frank McGeough provided a small OpenSSL #include fix to make libcurl compile
fine with Nokia 5th edition 1.0 SDK for Symbian.
- Andre Guibert de Bruet found a call to a OpenSSL function that didn't check
for a failure properly.
- Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear
the auth credentials back in 7.19.0 and earlier while now you have to set ""
to get the same effect. His patch brings back the ability to use NULL.
- Claes Jakobsson fixed libcurl-NSS to build fine even without the
PK11_CreateGenericObject() function.
Daniel Stenberg (25 May 2009)
- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
received with domain, path etc set multiple times in the same header. While
such a cookie is questionable, they occur in the wild and libcurl no longer
leaks memory for them. I added such a header to test case 8.
Daniel Fandrich (22 May 2009)
- Removed some obsolete digest code that caused a valgrind error in test 551.
Daniel Fandrich (20 May 2009)
- Added "non-existing host" test keywords to make it easy to skip those
tests on machines that have broken DNS configurations (such as
those configured to use OpenDNS).
Daniel Stenberg (19 May 2009)
- Kamil Dudka brought the patch from the Redhat bug entry
https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing
a bad file descriptor when closing down the FTP data connection. Caolan
McNamara seems to be the original author of it.
tron [Fri, 28 Aug 2009 12:09:32 +0000 (12:09 +0000)]
Pullup ticket #2876.
tron [Fri, 28 Aug 2009 12:07:16 +0000 (12:07 +0000)]
Pullup ticket #2876 - requested by hasso
xerces-c: security patch
Revisions pulled up:
- textproc/xerces-c/Makefile 1.38
- textproc/xerces-c/distinfo 1.13
- textproc/xerces-c/patches/patch-ba 1.1
---
Module Name: pkgsrc
Committed By: hasso
Date: Fri Aug 28 05:24:34 UTC 2009
Modified Files:
pkgsrc/textproc/xerces-c: Makefile distinfo
Added Files:
pkgsrc/textproc/xerces-c/patches: patch-ba
Log Message:
Add the fix for CVE-2009-1885 - nested DTD structure XML parsing remote
denial of service vulnerability. While there fix MASTER_SITES as
recommended by pkglint. Bump PKGREVISION.
spz [Fri, 28 Aug 2009 07:45:35 +0000 (07:45 +0000)]
pullup #2873
spz [Fri, 28 Aug 2009 07:43:14 +0000 (07:43 +0000)]
Pullup ticket 2873 - requested by tron
security update
Revisions pulled up:
- pkgsrc/textproc/libxml2/Makefile 1.101
- pkgsrc/textproc/libxml2/distinfo 1.72
Files added:
pkgsrc/textproc/libxml2/patches/patch-af 1.5
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 26 10:20:57 UTC 2009
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-af
Log Message:
Add patch to fix the security vulnerabilites reported in CVE-2009-2414
and CVE-2009-2416.
The patch was taken from the latest Fedora 11 "libxml2" source RPM.
To generate a diff of this commit:
cvs rdiff -u -r1.100 -r1.101 pkgsrc/textproc/libxml2/Makefile
cvs rdiff -u -r1.71 -r1.72 pkgsrc/textproc/libxml2/distinfo
cvs rdiff -u -r0 -r1.5 pkgsrc/textproc/libxml2/patches/patch-af
tron [Thu, 27 Aug 2009 11:36:32 +0000 (11:36 +0000)]
Pullup ticket #2872.
tron [Thu, 27 Aug 2009 11:35:17 +0000 (11:35 +0000)]
Pullup ticket #2872 - requested by jnemeth
asterisk: security update
Revisions pulled up:
- comms/asterisk/Makefile 1.67
- comms/asterisk/distinfo 1.43
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Sun Aug 23 09:22:24 UTC 2009
Modified Files:
pkgsrc/comms/asterisk: Makefile distinfo
Log Message:
This update is just to fix a hypothetical security issue (AST-2009-005)
which is most likely not exploitable.
tron [Sun, 23 Aug 2009 10:34:56 +0000 (10:34 +0000)]
Pullup ticket #2871.
tron [Sun, 23 Aug 2009 10:33:57 +0000 (10:33 +0000)]
Pullup ticket #2871 - requested by wiz
libvorbis: security update
Revisions pulled up:
- audio/libvorbis/Makefile 1.48
- audio/libvorbis/PLIST 1.10
- audio/libvorbis/distinfo 1.17
- audio/libvorbis/patches/patch-aa delete
- audio/libvorbis/patches/patch-ab delete
- audio/libvorbis/patches/patch-ac delete
- audio/libvorbis/patches/patch-ad delete
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jul 17 20:28:21 UTC 2009
Modified Files:
pkgsrc/audio/libvorbis: Makefile PLIST distinfo
Removed Files:
pkgsrc/audio/libvorbis/patches: patch-aa patch-ab patch-ac patch-ad
Log Message:
Update to 1.2.3. Set LICENSE.
Two of the patches were from upstream CVS, the other two are not needed
any longer because the configure script was improved.
libvorbis 1.2.3 (2009-07-09) -- "Xiph.Org libVorbis I
20090709"
* correct a vorbisfile bug that prevented proper playback of
Vorbis files where all audio in a logical stream is in a
single page
* Additional decode setup hardening against malicious streams
* Add 'OV_EXCLUDE_STATIC_CALLBACKS' define for developers who
wish to avoid avoid unused symbol warnings from the static
callbacks defined in vorbisfile.h
libvorbis 1.2.2 (2009-06-24) -- "Xiph.Org libVorbis I
20090624"
* define VENDOR and ENCODER strings
* seek correctly in files bigger than 2 GB (Windows)
* fix regression from CVE-2008-1420; 1.0b1 files work again
* mark all tables as constant to reduce memory occupation
* additional decoder hardening against malicious streams
* substantially reduce amount of seeking performed by Vorbisfile
* Multichannel decode bugfix
* build system updates
* minor specification clarifications/fixes
libvorbis 1.2.1 (unreleased) -- "Xiph.Org libVorbis I
20080501"
* Improved robustness with corrupt streams.
* New ov_read_filter() vorbisfile call allows filtering decoded
audio as floats before converting to integer samples.
* Fix an encoder bug with multichannel streams.
* Replaced RTP payload format draft with RFC 5215.
* Bare bones self test under 'make check'.
* Fix a problem encoding some streams between 14 and 28 kHz.
* Fix a numerical instability in the edge extrapolation filter.
* Build system improvements.
* Specification correction.
tron [Fri, 21 Aug 2009 12:18:01 +0000 (12:18 +0000)]
Pullup ticket #2870.
tron [Fri, 21 Aug 2009 12:17:35 +0000 (12:17 +0000)]
Pullup ticket #2870 - requested by jnemeth
asterisk: build fix
Revisions pulled up:
- comms/asterisk/Makefile 1.64-1.66
- comms/asterisk/PLIST.common 1.16
- comms/asterisk/distinfo 1.41-1.42
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Thu Aug 20 22:31:41 UTC 2009
Modified Files:
pkgsrc/comms/asterisk: Makefile PLIST.common distinfo
Log Message:
Digium in its infinite wisdom changed the Music-On-Hold sound files in all
release tarballs. Update for that change.
While here, do some pkglint cleanup and add LICENSE=gplv2.
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Thu Aug 20 22:33:47 UTC 2009
Modified Files:
pkgsrc/comms/asterisk: Makefile
Log Message:
bump PKGREVISION for previous
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Fri Aug 21 08:34:25 UTC 2009
Modified Files:
pkgsrc/comms/asterisk: Makefile
Log Message:
Change DIST_SUBDIR to avoid people having to manually remove the old
distfile. Requested by wiz@.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Aug 21 08:46:16 UTC 2009
Modified Files:
pkgsrc/comms/asterisk: distinfo
Log Message:
regen (for DIST_SUBDIR change).
tron [Wed, 19 Aug 2009 09:13:42 +0000 (09:13 +0000)]
Pullup ticket #2866, #2867 and #2868.
tron [Wed, 19 Aug 2009 09:12:31 +0000 (09:12 +0000)]
Pullup ticket #2868 - requested by he
p5-Math-Pari: build fix
Revisions pulled up:
- math/p5-Math-Pari/Makefile 1.35
- math/p5-Math-Pari/distinfo 1.14
- math/p5-Math-Pari/patches/patch-ab 1.7
---
Module Name: pkgsrc
Committed By: he
Date: Sun Aug 16 13:33:07 UTC 2009
Modified Files:
pkgsrc/math/p5-Math-Pari: Makefile distinfo
pkgsrc/math/p5-Math-Pari/patches: patch-ab
Log Message:
Update from version 2.010801nb1 to 2.010801nb2.
Pkgsrc changes:
o Re-do patch-ab so that this package actually builds on hosts other
than arm and i386. ('eq' instead of '=' is the bug...)
tron [Wed, 19 Aug 2009 09:07:14 +0000 (09:07 +0000)]
Pullup ticket #2867 - requested by bouyer
sympa: build fix
Revisions pulled up:
- mail/sympa/Makefile 1.41
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Aug 12 22:39:17 UTC 2009
Modified Files:
pkgsrc/mail/sympa: Makefile
Log Message:
ALso needs p5-Template-Toolkit. Bump PKGREVISION.
tron [Wed, 19 Aug 2009 08:55:15 +0000 (08:55 +0000)]
Pullup ticket #2866 - requested by adrianp
viewvc: security update
Revisions pulled up:
- www/viewvc/Makefile 1.10
- www/viewvc/distinfo 1.7
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Aug 15 08:33:13 UTC 2009
Modified Files:
pkgsrc/www/viewvc: Makefile distinfo
Log Message:
Version 1.0.9 (released 11-Aug-2009)
* security fix: validate the 'view' parameter to avoid XSS attack
* security fix: avoid printing illegal parameter names and values
Version 1.0.8 (released 05-May-2009)
* fix directory view sorting UI
* tolerate malformed Accept-Language headers (issue #396)
* fix directory log views in revision-less Subversion repositories
* fix exception in rev-sorted remote Subversion directory views (issue #409)
salo [Fri, 14 Aug 2009 18:46:32 +0000 (18:46 +0000)]
Pullup ticket #2859
salo [Fri, 14 Aug 2009 18:45:44 +0000 (18:45 +0000)]
Pullup ticket #2859 - requested by tron
fetchmail: security update
fetchmailconf: security update
Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile 1.169
- pkgsrc/mail/fetchmail/PLIST 1.13
- pkgsrc/mail/fetchmail/distinfo 1.40
- pkgsrc/mail/fetchmail/patches/patch-aa removed
- pkgsrc/mail/fetchmail/patches/patch-aa removed
- pkgsrc/mail/fetchmailconf/Makefile 1.75
Module Name: pkgsrc
Committed By: tron
Date: Mon Aug 10 08:46:30 UTC 2009
Modified Files:
pkgsrc/mail/fetchmail: Makefile PLIST distinfo
pkgsrc/mail/fetchmailconf: Makefile
Removed Files:
pkgsrc/mail/fetchmail/patches: patch-aa patch-ab
Log Message:
Update "fetchmail" package to version 6.3.11. Changes since version 6.3.8:
- Security fixes for CVE-2009-2666, CVE-2007-4565 and CVE-2008-2711.
- Fetchmail no longer drops permanently undelivered messages by default,
to match historic documentation. It does this by adding a new
"softbounce" option.
- A lot bug fixes and improvements.
tron [Fri, 14 Aug 2009 15:57:16 +0000 (15:57 +0000)]
Pullup tickets #2681, #2862 and #2863.
tron [Fri, 14 Aug 2009 15:56:38 +0000 (15:56 +0000)]
Pullup ticket #2863 - requested by kefren
gmplayer: security patch
Revisions pulled up:
- multimedia/gmplayer/Makefile 1.77
- multimedia/gmplayer/distinfo 1.64
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 9 19:21:10 UTC 2009
Modified Files:
pkgsrc/multimedia/gmplayer: distinfo
Log Message:
Add patch-ar.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 9 19:24:25 UTC 2009
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile
Log Message:
Remove BROKEN_IN 2006Q4, builds fine for me. Bump PKGREVISION for patch-ar.
tron [Fri, 14 Aug 2009 15:39:36 +0000 (15:39 +0000)]
Pullup ticket #2862 - requested by kefren
mplayer: security patch
Revisions pulled up:
- multimedia/mplayer-share/distinfo 1.61-1.62
- multimedia/mplayer-share/patches/patch-ar 1.1-1.2
- multimedia/mplayer/Makefile 1.67
---
Module Name: pkgsrc
Committed By: kefren
Date: Sun Aug 9 12:56:11 UTC 2009
Modified Files:
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-ar
Log Message:
add fix for SA26157. Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 9 19:20:50 UTC 2009
Modified Files:
pkgsrc/multimedia/mplayer-share: distinfo
pkgsrc/multimedia/mplayer-share/patches: patch-ar
Log Message:
Add RCS Id and comment.
tron [Fri, 14 Aug 2009 15:24:05 +0000 (15:24 +0000)]
Pullup ticket #2861 - requested by kefren
vlc08: security patch
Revisions pulled up:
- multimedia/vlc08/Makefile 1.22
- multimedia/vlc08/distinfo 1.9
- multimedia/vlc08/patches/patch-ab 1.7
---
Module Name: pkgsrc
Committed By: kefren
Date: Sun Aug 9 12:33:14 UTC 2009
Modified Files:
pkgsrc/multimedia/vlc08: Makefile distinfo
Added Files:
pkgsrc/multimedia/vlc08/patches: patch-ab
Log Message:
add fix for SA36037, bump PKGREVISION. XXX: not tested
tron [Fri, 14 Aug 2009 14:02:37 +0000 (14:02 +0000)]
Pullup tickets #2860, #2864 and #2865.
tron [Fri, 14 Aug 2009 14:00:01 +0000 (14:00 +0000)]
Pullup ticket #2860 - requested by kefren
vlc: security patch
Revisions pulled up:
- multimedia/vlc/Makefile 1.80 via patch
- multimedia/vlc/distinfo 1.29 via patch
- multimedia/vlc/patches/patch-aa 1.7
---
Module Name: pkgsrc
Committed By: kefren
Date: Sun Aug 9 12:18:17 UTC 2009
Modified Files:
pkgsrc/multimedia/vlc: Makefile distinfo
Added Files:
pkgsrc/multimedia/vlc/patches: patch-aa
Log Message:
add fix for SA26156
Bump PKGREVISION
tron [Fri, 14 Aug 2009 10:18:20 +0000 (10:18 +0000)]
Pullup ticket #2865 - requested by taca
apr0: security patch
Revisions pulled up:
- devel/apr0/Makefile 1.6
- devel/apr0/distinfo 1.4
- devel/apr0/patches/patch-ab 1.1
- devel/apr0/patches/patch-ac 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 12 03:37:28 UTC 2009
Modified Files:
pkgsrc/devel/apr0: Makefile distinfo
Added Files:
pkgsrc/devel/apr0/patches: patch-ab patch-ac
Log Message:
Fix security problem of CVE-2009-2412 adding patches described in it.
Bump PKGREVISION.
tron [Fri, 14 Aug 2009 10:02:07 +0000 (10:02 +0000)]
Pullup ticket #2864 - requested by adrianp
wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.5
- www/wordpress/distinfo 1.4
---
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Aug 12 20:21:10 UTC 2009
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Update to 2.8.4 to fix security issue:
http://wordpress.org/development/2009/08/2-8-4-security-release/
tron [Mon, 10 Aug 2009 12:00:04 +0000 (12:00 +0000)]
Pullup ticket #2858 - requested by bouyer
py-smbpasswd: build fix
Revisions pulled up:
- security/py-smbpasswd/Makefile 1.4
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Aug 8 14:16:55 UTC 2009
Modified Files:
pkgsrc/security/py-smbpasswd: Makefile
Log Message:
This works fine with python 2.5
tron [Mon, 10 Aug 2009 11:59:23 +0000 (11:59 +0000)]
Pullup ticket #2858.
tron [Sat, 8 Aug 2009 22:55:47 +0000 (22:55 +0000)]
Pullup ticket #2857.
tron [Sat, 8 Aug 2009 22:54:54 +0000 (22:54 +0000)]
Pullup ticket #2857 - requested by obache
GraphicsMagick: security update
Revisions pulled up:
- graphics/GraphicsMagick/Makefile 1.22
- graphics/GraphicsMagick/distinfo 1.18
- graphics/GraphicsMagick/patches/patch-ab 1.1
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Aug 8 04:41:08 UTC 2009
Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/GraphicsMagick/patches: patch-ab
Log Message:
Add an patch to fixes CVE-2008-1097, taken from upstream repository.
Bump PKGREVISION.
salo [Sat, 8 Aug 2009 00:25:35 +0000 (00:25 +0000)]
Pullup ticket #2851
salo [Sat, 8 Aug 2009 00:23:26 +0000 (00:23 +0000)]
Pullup ticket 2851 - requested by tron
security update for squid31
Revisions pulled up:
- pkgsrc/www/squid31/Makefile 1.14
- pkgsrc/www/squid31/distinfo 1.12
- pkgsrc/www/squid31/patches/patch-ae 1.4
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 5 10:29:12 UTC 2009
Modified Files:
pkgsrc/www/squid31: Makefile distinfo
pkgsrc/www/squid31/patches: patch-ae
Log Message:
Update "squid31" package to version 3.1.0.13.
Changes since version 3.1.0.12:
- Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
- Fix one more internal profiler error
- Language Updates: Italian, Russian
- Language Updates: Add many more aliases
- Add Copyright document for errors/ content
- ... all bug fixes from 3.0.STABLE18
- ... and several code polishing cleanups
spz [Fri, 7 Aug 2009 21:34:01 +0000 (21:34 +0000)]
pullup #2852
spz [Fri, 7 Aug 2009 21:08:15 +0000 (21:08 +0000)]
Pullup ticket 2852 - requested by tron
bug fix update
Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.48
- pkgsrc/www/apache22/PLIST 1.13
- pkgsrc/www/apache22/distinfo 1.23
- pkgsrc/www/apache22/patches/patch-ba 1.4
- pkgsrc/www/apache22/patches/patch-bb 1.3
Files added:
pkgsrc/www/apache22/patches/patch-bb
Files deleted:
pkgsrc/www/apache22/patches/patch-ab
pkgsrc/www/apache22/patches/patch-af
pkgsrc/www/apache22/patches/patch-ah
pkgsrc/www/apache22/patches/patch-bc
pkgsrc/www/apache22/patches/patch-bd
Module Name: pkgsrc
Committed By: tron
Date: Thu Aug 6 07:07:23 UTC 2009
Modified Files:
pkgsrc/www/apache22: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/apache22/patches: patch-ab patch-af patch-ah patch-ba
patch-bc patch-bd
Log Message:
Update "apache22" package to version 2.2.12. Changes since version 2.2.11:
- SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. Bug 39605.
[Joe Orton, Ruediger Pluem]
- SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
Ruediger Pluem, Jeff Trawick]
- SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
- SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. Bug 46949 [Ruediger Pluem]
- SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
The bundled copy of the APR-util library has been updated, fixing three
different security issues which may affect particular configurations
and third-party modules.
- mod_include: fix potential segfault when handling back references
on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]
- mod_alias: check sanity in Redirect arguments.
Bug 44729 [S??nke Tesch <st kino-fahrplan.de>, Jim Jagielski]
- mod_proxy_http: fix Host: header for literal IPv6 addresses.
Bug 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
- mod_rewrite: Remove locking for writing to the rewritelog.
Bug 46942
- mod_alias: Ensure Redirect emits HTTP-compliant URLs.
Bug 44020
- mod_proxy_http: fix case sensitivity checking transfer encoding
Bug 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
- mod_rewrite: Fix the error string returned by RewriteRule.
RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
argument of RewriteRule was not started with "[" or not ended with "]".
Bug 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
- mod_proxy: Complete ProxyPassReverse to handle balancer URL's. Given;
BalancerMember balancer://alias http://example.com/foo
ProxyPassReverse /bash balancer://alias/bar
backend url http://example.com/foo/bar/that is now translated /bash/that
[William Rowe]
- New piped log syntax: Use "||process args" to launch the given process
without invoking the shell/command interpreter. Use "|$command line"
(the default behavior of "|command line" in 2.2) to invoke using shell,
consuming an additional shell process for the lifetime of the logging
pipe program but granting additional process invocation flexibility.
[William Rowe]
- mod_ssl: Add server name indication support (RFC 4366) and better
support for name based virtual hosts with SSL. Bug 34607
[Peter Sylvester <peter.sylvester edelweb.fr>,
Kaspar Brand <asfbugz velox.ch>, Guenter Knauf, Joe Orton,
Ruediger Pluem]
- mod_negotiation: Escape pathes of filenames in 406 responses to avoid
HTML injections and HTTP response splitting. Bug 46837.
[Geoff Keating <geoffk apple.com>]
- mod_include: Prevent a case of SSI timefmt-smashing with filter chains
including multiple INCLUDES filters. Bug 39369 [Joe Orton]
- mod_rewrite: When evaluating a proxy rule in directory context, do
escape the filename by default. Bug 46428 [Joe Orton]
- mod_proxy_ajp: Check more strictly that the backend follows the AJP
protocol. [Mladen Turk]
- mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
to enable stricter checking of remote server certificates.
[Ruediger Pluem]
- mod_substitute: Fix a memory leak. Bug 44948
[Dan Poirier <poirier pobox.com>]
- mod_proxy_ajp: Forward remote port information by default.
[Rainer Jung]
- mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders
directive to correctly remove headers before storing them.
[Lars Eilebrecht]
- mod_deflate: revert changes in 2.2.8 that caused an invalid
etag to be emitted for on-the-fly gzip content-encoding.
Bug 39727 will require larger fixes and this fix was far more
harmful than the original code. Bug 45023. [Roy T. Fielding]
- mod_disk_cache: The module now turns off sendfile support if
'EnableSendfile off' is defined globally. Bug 41218.
[Lars Eilebrecht, Issac Goldstand]
- prefork: Fix child process hang during graceful restart/stop in
configurations with multiple listening sockets. Bug 42829. [Joe Orton,
Jeff Trawick]
- mod_ssl: Add SSLRenegBufferSize directive to allow changing the
size of the buffer used for the request-body where necessary
during a per-dir renegotiation. Bug 39243. [Joe Orton]
- mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
way that per-directory rewrites append the previous notion of PATH_INFO
to each substitution before evaluating subsequent rules.
Bug 38642 [Eric Covener]
- mod_authnz_ldap: Reduce number of initialization debug messages and make
information more clear. Bug 46342 [Dan Poirier]
- mod_cache: Introduce 'no-cache' per-request environment variable
to prevent the saving of an otherwise cacheable response.
[Eric Covener]
- core: Translate the status line to ASCII on EBCDIC platforms in
ap_send_interim_response() and for locally generated "100 Continue"
responses. [Eric Covener]
- CGI: return 504 (Gateway timeout) rather than 500 when a script
times out before returning status line/headers.
Bug 42190 [Nick Kew]
- prefork: Log an error instead of segfaulting when child startup fails
due to pollset creation failures. Bug 46467. [Jeff Trawick]
- mod_ext_filter: fix error handling when the filter prog fails to start,
and introduce an onfail configuration option to abort
All the security problems mentioned above had already been fixed in
"pkgsrc" via patches. Thanks a lot to Adam Ciarcinski for letting me
know that new version had finally been released.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/apache22/PLIST
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r1.10 -r0 pkgsrc/www/apache22/patches/patch-ab
cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache22/patches/patch-af \
pkgsrc/www/apache22/patches/patch-ah
cvs rdiff -u -r1.2 -r0 pkgsrc/www/apache22/patches/patch-ba \
pkgsrc/www/apache22/patches/patch-bc pkgsrc/www/apache22/patches/patch-bd
-----
Module Name: pkgsrc
Committed By: tron
Date: Thu Aug 6 08:21:44 UTC 2009
Modified Files:
pkgsrc/www/apache22: distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-ba patch-bb
Log Message:
Add patches provided by Adam Ciarcinski to fix build with recent versions
of OpenSSL (e.g. the version in NetBSD-current).
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/apache22/distinfo
cvs rdiff -u -r0 -r1.4 pkgsrc/www/apache22/patches/patch-ba
cvs rdiff -u -r0 -r1.3 pkgsrc/www/apache22/patches/patch-bb
spz [Fri, 7 Aug 2009 18:45:31 +0000 (18:45 +0000)]
pullup #2856
spz [Fri, 7 Aug 2009 18:44:33 +0000 (18:44 +0000)]
Pullup ticket 2856 - requested by gdt
security update
Revisions pulled up:
- pkgsrc/devel/apr/Makefile 1.59
- pkgsrc/devel/apr/distinfo 1.27
Module Name: pkgsrc
Committed By: gdt
Date: Fri Aug 7 14:29:44 UTC 2009
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update to 1.3.8 (security fix).
Changes for APR 1.3.8
*) SECURITY: CVE-2009-2412 (cve.mitre.org)
Fix overflow in pools and rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
*) Make sure that "make check" is used in the RPM spec file, consistent
with apr-util. [Graham Leggett]
*) Pass default environment to testflock, testoc and testpipe children,
so that tests run when APR is compiled with Intel C Compiler.
[Bojan Smojver]
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/devel/apr/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/apr/distinfo
spz [Fri, 7 Aug 2009 12:24:24 +0000 (12:24 +0000)]
pullup #2854
spz [Fri, 7 Aug 2009 12:22:17 +0000 (12:22 +0000)]
Pullup ticket 2854 - requested by tron
security update
Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.14
- pkgsrc/devel/apr-util/Makefile 1.8
- pkgsrc/devel/apr/Makefile 1.58
- pkgsrc/devel/apr/distinfo 1.26
Module Name: pkgsrc
Committed By: schmonz
Date: Fri Jul 24 13:09:32 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile
Log Message:
Configure --without-sqlite2 in case it's unavoidably on the include path.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/apr-util/Makefile
-----
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Aug 4 10:09:35 UTC 2009
Modified Files:
pkgsrc/devel/apr: Makefile distinfo
Log Message:
Update to apr version 1.3.7, which, other than 1.3.5, is still downloadable.
Changes since 1.3.5:
- On Linux/hppa flock() returns EAGAIN instead of EWOULDBLOCK. This
causes proc mutex failures.
- Set CLOEXEC flags where appropriate. Either use new O_CLOEXEC flag and
associated functions, such as dup3(), accept4(), epoll_create1() etc.,
or simply set CLOEXEC flag using fcntl().
- More elaborate detection for dup3(), accept4() and epoll_create1().
To generate a diff of this commit:
cvs rdiff -u -r1.57 -r1.58 pkgsrc/devel/apr/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/devel/apr/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
-----
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Aug 4 10:13:04 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Upgrade apr-util to version 1.3.8, which, unlike 1.3.7, is still downloadab=
le.
Changes since 1.3.7:
- Use locally scoped variables in PostgreSQL driver to avoid stomping
on return codes.
- Fix race conditions in initialisation of DBD, DBM and DSO.
- Expose DBM libs in apu-1-config by default. To avoid that, use
apu-1-config --avoid-dbm --libs. To get just DBM libs, use
apu-1-config --dbm-libs.
- Make sure --without-ldap works.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apr-util/distinfo
-----
Module Name: pkgsrc
Committed By: tron
Date: Fri Aug 7 10:39:24 UTC 2009
Modified Files:
pkgsrc/devel/apr-util: Makefile distinfo
Log Message:
Update "apr-util" package to version 1.3.8. Changes since 1.3.9:
- SECURITY: CVE-2009-2412 (cve.mitre.org)
Fix overflow in rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]
- Make sure that "make check" is used in the RPM spec file, so that
the crypto, dbd and dbm tests pass. [Graham Leggett]
- Make sure the mysql version of dbd_mysql_get_entry() respects the
rule that if the column number exceeds the number of columns, we
return NULL. [Graham Leggett]
- Ensure the dbm module is packaged up correctly in the RPM.
[Graham Leggett]
- Clarify the error messages within the dbd tests. [Graham Leggett]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/apr-util/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/apr-util/distinfo
tron [Fri, 7 Aug 2009 11:10:13 +0000 (11:10 +0000)]
Pullup ticket #2853.
tron [Fri, 7 Aug 2009 11:09:47 +0000 (11:09 +0000)]
Pullup ticket #2853 - requested by gdt
ap22-subversion: security update
p5-subversion: security update
py25-subversion: security update
ruby18-subversion: security update
subversion-base: security update
subversion: security update
Revisions pulled up:
- devel/subversion/Makefile.common 1.33
- devel/subversion/Makefile.version 1.51
- devel/subversion/distinfo 1.72
---
Module Name: pkgsrc
Committed By: gdt
Date: Thu Aug 6 22:08:56 UTC 2009
Modified Files:
pkgsrc/devel/subversion: Makefile.common Makefile.version distinfo
Log Message:
Update to 1.6.4, a security release.
Version 1.6.4
(06 Aug 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.4
User-visible changes:
* fixed: heap overflow vulnerability on server and client
See CVE-2009-2411, and descriptive advisory at
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
Version 1.6.3
(22 Jun 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.3
User-visible changes:
* fix segfault in WC->URL copy (r37646, -56)
* let 'svnadmin load' tolerate mergeinfo with "\r\n" (r37768)
* make svnsync normalize svn:* props to LF line endings (issue #3404)
* better integration with external merge tools (r36178)
* return a friendly error message for 'svn diff' (r37735)
* update dsvn.el for 1.6 (r37774)
* don't allow setting of props on out-of-date dirs under neon (r37745)
* improve BASH completion (r36450, -52, -70, -79, -538)
* always show tree conflicts with 'svn st' (issue #3382)
* improve correctness of 'svn mergeinfo' (issue #3126)
* decrease the amount of memory needed for large commits (r37894, -6)
* work around an APR buffer overflow seen by svnsync (r37622)
* ra_svn clients now use TCP keep-alives if available (issue #3347)
* improve 'svn merge' perf by reducing server contact (r37491, -593, -618)
* stop propagating self-referential mergeinfo in reintegrate merges (r37931)
* fix NLS detection where -liconv is required for bindtextdomain() (r37827)
* don't delete unversioned files with 'rm --keep-local' (r38015, -17, -19)
* bump apr and apr-util versions included in deps to latest. (r37941)
* avoid temp file name collisions with ra_serf, ra_neon (r37972)
* fixed: potential segfault with noop file merges (r37779)
* fixed: incorrect output with 'svn blame -g' (r37719, -23, -41)
* fixed: bindings don't load FS libs when module search enabled (issue #3413)
* fixed: DAV RA layers not properly handling update/switch working copy
directory to revision/place in which it doesn't exist (issue #3414)
* fixed: potential abort() in the working copy library (r37857)
* fixed: memory leak in hash reading functions (r37868, -979)
Developer-visible changes:
* improve memory usage in file-to-stringbuf APIs (r37907)
* reduce memory usage for temp string manipulation (r38010)
tron [Wed, 5 Aug 2009 12:00:31 +0000 (12:00 +0000)]
Pullup tickets #2848, #2849 and #2850.
tron [Wed, 5 Aug 2009 11:57:40 +0000 (11:57 +0000)]
Pullup ticket #2850 - requested by taca
squid30: security update
Revisions pulled up:
- www/squid30/Makefile 1.15
- www/squid30/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 5 01:47:11 UTC 2009
Modified Files:
pkgsrc/www/squid30: Makefile distinfo
Log Message:
Update squid30 package to 3.0.18 (3.0.STABLE18).
It contains some critical problem of 3.0.17 and really fix security
problem according to updated SQUID-2009_2.txt.
Changes to squid-3.0.STABLE18 (04 Aug 2009):
- Bug 2728: regression: assertion failed: !eof
- Bug 2732: reply_body_max_size smaller than error page loops
infinitely until out of memory
- Bug 2725: pconn failure if domain or client_address are unset
- Bug 2648: reserved helpers not shut down after reconfigure/rotate
- Bug 2462: make check should tell when cppunit is missing
- Remove excess messages about headers < minimum size
- Support Libtool 2.2.6
tron [Wed, 5 Aug 2009 11:16:33 +0000 (11:16 +0000)]
Pullup ticket #2849 - requested by tnn
firefox3: security update
Revisions pulled up:
- www/firefox3/Makefile 1.35
- www/firefox3/PLIST 1.11
- www/firefox3/distinfo 1.27
- www/firefox3/patches/patch-dk 1.3
---
Module Name: pkgsrc
Committed By: tnn
Date: Tue Aug 4 21:28:42 UTC 2009
Modified Files:
pkgsrc/www/firefox3: Makefile PLIST distinfo
pkgsrc/www/firefox3/patches: patch-dk
Log Message:
Update to firefox3-3.0.13. Fixes the following advisories:
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open()
on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
tron [Wed, 5 Aug 2009 10:37:39 +0000 (10:37 +0000)]
Pullup ticket #2848 - requested by adrianp
wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.4
- www/wordpress/distinfo 1.3
---
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Aug 4 21:32:40 UTC 2009
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
WordPress 2.8.3 Security Release
Unfortunately, I missed some places when fixing the privilege escalation issues
for 2.8.1. Luckily, the entire WordPress community has our backs. Several
folks in the community dug deeper and discovered areas that were overlooked.
With their help, the remaining issues are fixed in 2.8.3. Since this is a
security release, upgrading is highly recommended.
tron [Tue, 4 Aug 2009 12:30:36 +0000 (12:30 +0000)]
Pullup ticket #2846.
tron [Tue, 4 Aug 2009 12:29:41 +0000 (12:29 +0000)]
Pullup ticket #2846 - requested by minskim
dvipng: portability fix
Revisions pulled up:
- graphics/dvipng/Makefile 1.5
---
Module Name: pkgsrc
Committed By: minskim
Date: Mon Aug 3 18:45:36 UTC 2009
Modified Files:
pkgsrc/graphics/dvipng: Makefile
Log Message:
Enable t1lib font rendering. This fixes PR 41773.
spz [Sun, 2 Aug 2009 13:19:47 +0000 (13:19 +0000)]
pullup #2840
spz [Sun, 2 Aug 2009 13:17:58 +0000 (13:17 +0000)]
Pullup ticket 2840 - requested by tron
security update
Revisions pulled up:
- pkgsrc/www/squid/Makefile.squid 1.14
- pkgsrc/www/squid31/DESCR 1.2
- pkgsrc/www/squid31/Makefile 1.13
- pkgsrc/www/squid31/PLIST 1.3
- pkgsrc/www/squid31/distinfo 1.11
- pkgsrc/www/squid31/patches/patch-ad 1.5
- pkgsrc/www/squid31/patches/patch-ae 1.3
Files deleted:
pkgsrc/www/squid31/patches/patch-aa
pkgsrc/www/squid31/patches/patch-ab
Module Name: pkgsrc
Committed By: tron
Date: Tue Jul 7 18:25:13 UTC 2009
Modified Files:
pkgsrc/www/squid31: Makefile distinfo
pkgsrc/www/squid31/patches: patch-ae
Log Message:
Update "squid31" package to version 3.1.0.9. Changes since version 3.1.0.8:
- Bug 2682: Add ftp_epsv control to disable EPSV support.
- Bug 2665: Detach automake system from using -I.
- Bug 2395: FTP auth errors not displayed
- ... also several changes and bugs closed in 3.0.STABLE16
- Port from 2.7: Show local address on listening sockets
- Add "tag" type acl matching tags set by external acl helpers.
- Adds Language alias linker/installer/upgrade scripts
- Support for GCC 4.4
- Fix false NAT lookup errors on Linux
- Fix many Windows port issues
- Fix squid_kerb_auth helepr install location
- Better detection of IPv6 stack types
- Updates Licensing information for Squid 3.1
- ... and many packaging portability build and install issues
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/squid31/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/squid31/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/squid31/patches/patch-ae
-----
Module Name: pkgsrc
Committed By: tron
Date: Wed Jul 8 15:02:01 UTC 2009
Modified Files:
pkgsrc/www/squid31: Makefile
Log Message:
Fix destdir build.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/squid31/Makefile
-----
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 12 09:45:02 UTC 2009
Modified Files:
pkgsrc/www/squid31: Makefile distinfo
Added Files:
pkgsrc/www/squid31/patches: patch-aa
Log Message:
Add fix for Squid bug 2707 to make anonymous FTP work again.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/squid31/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/squid31/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/www/squid31/patches/patch-aa
-----
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 19 23:05:38 UTC 2009
Modified Files:
pkgsrc/www/squid31: DESCR Makefile PLIST distinfo
pkgsrc/www/squid31/patches: patch-aa patch-ad patch-ae
Log Message:
Update "squid31" package to version 3.1.0.11.
Changes since version 3.1.0.9:
- Bug 2087: Support adaptation sets and chains
- Bug 2459: dns error message broken when error handling delayed
- Support ICAP Retry
- Support ICAP retries based on the ICAP responses status code
- Support logging ICAP
- Support logging total DNS wait time
- Support logging response times of adaptation transactions
- General logging enhancements
- Dynamically form chains based on ICAP X-Next-Services header
- Support cross-transactional ICAP header exchange
- Bug 2680: Regression Crash after rotate with no helpers running
- Bug 2695: Regression in WCCPv2 L2 mask assignment
- Bug 2707: Regression in FTP anonymous auth
- Bug 422, 2706: RFC 2616 Date header requirements
- Bug 1087: ESI processor not quoting attributes correctly.
- Bug 1338: File prefetches aborted despite range_offset
- Bug 2080: wbinfo_group.pl - false positive under certain conditions
- Bug 2092: select loop 32-bit call counter overflows
- Bug 2127: delay pools class 4 crashes with ntlm auth
- Bug 2611: document fast/slow acl types
- Bug 2614: Potential loss of adapted body data from eCAP adapters
- Bug 2658: Missing TextException copy constructor
- Bug 2659: String length overflows on append, leading to segfaults
- Bug 2699: Build failure NTLM smb_lm helper
- Bug 2709: TRANSLATIONS not installed
- Bug 2710: squid_kerb_auth non-terminated string
- Delay pools 64-bit buckets and IPv6-polish
- Break forwarding loops for "transparent" or "intercept" http_ports.
- Add --disable-translation option to detatch .po from error negotiation
- Add squidclient man(1) page
- Add localhost to default permitted networks
- http_port allow-direct option to allow direct forwarding in accelerator m=
ode
- ... and many testing infrastructure updates
- ... and much adaptation polish and improvements
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/www/squid31/DESCR
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/squid31/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/squid31/PLIST
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/squid31/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/squid31/patches/patch-aa
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/squid31/patches/patch-ad
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/squid31/patches/patch-ae
-----
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 19 23:28:04 UTC 2009
Modified Files:
pkgsrc/www/squid31: distinfo
pkgsrc/www/squid31/patches: patch-aa
Log Message:
Add Squid bug number.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/squid31/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/squid31/patches/patch-aa
-----
Module Name: pkgsrc
Committed By: tron
Date: Mon Jul 20 13:56:31 UTC 2009
Modified Files:
pkgsrc/www/squid31: Makefile distinfo
Added Files:
pkgsrc/www/squid31/patches: patch-ab
Log Message:
Add fix for Squid bug 2395 which makes FTP connection to e.g.
"ftp.fu-berlin.de" work again.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/squid31/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/squid31/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/www/squid31/patches/patch-ab
-----
Module Name: pkgsrc
Committed By: tron
Date: Mon Jul 27 16:35:55 UTC 2009
Modified Files:
pkgsrc/www/squid31: Makefile distinfo
Removed Files:
pkgsrc/www/squid31/patches: patch-aa patch-ab
Log Message:
Update "squid31" package to version 3.1.0.12.
Changes since version 3.1.0.11:
- Bug 2716: Chunked request Signed/Unsigned build error
- Bug 2674: Remove limit on HTTP headers read.
- Bug 2620: Invalid HTTP response codes causes segfault
- Fix FTP EPSV negotiation parser.
- Fix Via string when leak checking is enabled (valgrind etc)
- ... and several documentation and testing additions
This update also fixes the security vulnerabilites reported in
the SQUID-2009:2 advisory.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/squid31/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/squid31/distinfo
cvs rdiff -u -r1.6 -r0 pkgsrc/www/squid31/patches/patch-aa
cvs rdiff -u -r1.3 -r0 pkgsrc/www/squid31/patches/patch-ab
-----
Module Name: pkgsrc
Committed By: tron
Date: Tue Jul 7 15:01:12 UTC 2009
Modified Files:
pkgsrc/www/squid: Makefile.squid
Log Message:
General improvements:
1.) Allow individual "squid*" packages to register an extra target that
is run before the common "post-install" target.
2.) Use a much simpler logic to figure out what files get installed into
"share/squid/errors" and "share/squid/icons".
Tested with the "squid27" and the "squid31" package.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/squid/Makefile.squid
-----
Module Name: pkgsrc
Committed By: tron
Date: Tue Jul 7 15:21:37 UTC 2009
Modified Files:
pkgsrc/www/squid: Makefile.squid
Log Message:
Improve package list creation to work with symbolic links as well.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/squid/Makefile.squid
-----
Module Name: pkgsrc
Committed By: tron
Date: Tue Jul 7 18:44:28 UTC 2009
Modified Files:
pkgsrc/www/squid: Makefile.squid
Log Message:
Add mirror on "ftp.nluug.nl" to master site list.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/squid/Makefile.squid
-----
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 27 11:29:08 UTC 2009
Modified Files:
pkgsrc/www/squid: Makefile.squid
Log Message:
Make it DESTDIR careful.
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/squid/Makefile.squid
tron [Wed, 29 Jul 2009 20:38:29 +0000 (20:38 +0000)]
Pullup ticket #2845.
tron [Wed, 29 Jul 2009 20:36:04 +0000 (20:36 +0000)]
Pullup ticket #2845 - requested by joerg
py-django: security update
Revisions pulled up:
- www/py-django/Makefile 1.19
- www/py-django/PLIST 1.11
- www/py-django/distinfo 1.10
- www/py-django/patches/patch-aa delete
- www/py-django/patches/patch-ab 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jul 29 11:02:08 UTC 2009
Modified Files:
pkgsrc/www/py-django: Makefile PLIST distinfo
pkgsrc/www/py-django/patches: patch-ab
Removed Files:
pkgsrc/www/py-django/patches: patch-aa
Log Message:
Update to Django 1.0.3:
- various bugfix
- correctly validate file names for the admin media when using the
development server
spz [Wed, 29 Jul 2009 08:18:54 +0000 (08:18 +0000)]
pullup #2844
spz [Wed, 29 Jul 2009 07:59:53 +0000 (07:59 +0000)]
Pullup ticket 2844 - requested by reed
security update
last part of pullups for PR 41796
Revisions pulled up:
- pkgsrc/net/bind96/Makefile 1.7
- pkgsrc/net/bind96/PLIST 1.3
- pkgsrc/net/bind96/distinfo 1.4
- pkgsrc/net/bind96/options.mk 1.2
- pkgsrc/net/bind96/patches/patch-ab 1.2
- pkgsrc/net/bind96/patches/patch-ac 1.3
- pkgsrc/net/bind96/patches/patch-ad 1.2
- pkgsrc/net/bind96/patches/patch-ag 1.2
- pkgsrc/net/bind96/patches/patch-aj 1.1
Module Name: pkgsrc
Committed By: obache
Date: Fri Jul 24 12:30:00 UTC 2009
Modified Files:
pkgsrc/net/bind9: Makefile
pkgsrc/net/bind95: Makefile
pkgsrc/net/bind96: Makefile
Log Message:
Update HOMEPAGE url.
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/bind9/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/Makefile
Module Name: pkgsrc
Committed By: obache
Date: Sun Jul 26 09:07:58 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile PLIST distinfo options.mk
pkgsrc/net/bind96/patches: patch-ab patch-ac patch-ad patch-ag
Removed Files:
pkgsrc/net/bind96/patches: patch-aj
Log Message:
Update bind96 to 9.6.1.
Based on PR 41772 by Robert Elz.
Pkgsrc changes:
o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
o remove patch-aj, libbind has been removed from the BIND 9 distribution
since 9.6.0.
o add bind-dig-sigchase option. requested by PR 41751.
Changes since 9.6.0:
--- 9.6.1 released ---
2607. [bug] named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
[RT #19749]
2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717]
2605. [bug] Accept DS responses from delegation only zones.
[RT # 19296]
2603. [port] win32: handle .exe extension of named-checkzone and
named-comilezone argv[0] names under windows.
[RT #19767]
2602. [port] win32: fix debugging command line build of libisccfg.
[RT #19767]
--- 9.6.1rc1 released ---
2599. [bug] Address rapid memory growth when validation fails.
[RT #19654]
2597. [bug] Handle a validation failure with a insecure delegation
from a NSEC3 signed master/slave zone. [RT #19464]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
long, leading to inefficient memory usage or rejecting
newer cache entries in the worst case. [RT #19563]
2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2591. [bug] named could die when processing a update in
removed_orphaned_ds(). [RT #19507]
2588. [bug] SO_REUSEADDR could be set unconditionally after failure
of bind(2) call. This should be rare and mostly
harmless, but may cause interference with other
processes that happen to use the same port. [RT #19642]
2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
or SDB. [RT #19577]
2585. [bug] Uninitialized socket name could be referenced via a
statistics channel, triggering an assertion failure in
XML rendering. [RT #19427]
2584. [bug] alpha: gcc optimization could break atomic operations.
[RT #19227]
2583. [port] netbsd: provide a control to not add the compile
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existant journal. [RT #19516]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
2578. [bug] Changed default sig-signing-type to 65534, because
65535 turns out to be reserved. [RT #19477]
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
[RT #18837]
--- 9.6.1b1 released ---
2577. [doc] Clarified some statistics counters. [RT #19454]
2576. [bug] NSEC record were not being correctly signed when
a zone transitions from insecure to secure.
Handle such incorrectly signed zones. [RT #19114]
2574. [doc] Document nsupdate -g and -o. [RT #19351]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
dnssec-dsfromkey could miss write errors.
[RT #19360]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2562. [doc] ARM: miscellaneous improvements, reorganization,
and some new content.
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
error checks in the correct order resulting in the
wrong error code sometimes being returned. [RT #19249]
2554. [bug] Validation of uppercase queries from NSEC3 zones could
fail. [RT #19297]
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2548. [bug] Install iterated_hash.h. [RT #19335]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]
2537. [experimental] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearh and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2530. [bug] named failed to reject insecure to secure transitions
via UPDATE. [RT #19101]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/distinfo
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/options.mk
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/patches/patch-ab \
pkgsrc/net/bind96/patches/patch-ad pkgsrc/net/bind96/patches/patch-ag
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/patches/patch-ac
cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/net/bind96/patches/patch-aj
Module Name: pkgsrc
Committed By: reed
Date: Wed Jul 29 00:03:38 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update to 9.6.1-P1.
This is for PR pkg/41796: Security fix CVE-2009-0696
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind96/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/distinfo
Module Name: pkgsrc
Committed By: reed
Date: Wed Jul 29 00:16:33 UTC 2009
Modified Files:
pkgsrc/net/bind96: Makefile
Log Message:
Fix PKGNAME that I broke.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind96/Makefile
spz [Wed, 29 Jul 2009 07:43:16 +0000 (07:43 +0000)]
Pullup ticket 2844 - requested by reed
security update
second part of pullups for PR 41796
Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.109
- pkgsrc/net/bind9/distinfo 1.44
Module Name: pkgsrc
Committed By: reed
Date: Tue Jul 28 20:39:45 UTC 2009
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
Log Message:
Updated to 9.4.3-P3 for security issue:
https://www.isc.org/node/474
To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 pkgsrc/net/bind9/Makefile
cvs rdiff -u -r1.43 -r1.44 pkgsrc/net/bind9/distinfo
spz [Wed, 29 Jul 2009 07:30:48 +0000 (07:30 +0000)]
Pullup ticket 2844 - requested by reed
security update
first part of pullups for PR 41796
Revisions pulled up:
- pkgsrc/net/bind95/Makefile 1.11
- pkgsrc/net/bind95/distinfo 1.9
Module Name: pkgsrc
Committed By: reed
Date: Wed Jul 29 00:24:04 UTC 2009
Modified Files:
pkgsrc/net/bind95: Makefile distinfo
Log Message:
Update to 9.5.1-P3.
From CHANGES:
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind95/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/bind95/distinfo
tron [Tue, 28 Jul 2009 22:12:30 +0000 (22:12 +0000)]
Pullup ticket #2843.
tron [Tue, 28 Jul 2009 22:11:15 +0000 (22:11 +0000)]
Pullup ticket #2843 - requested by adrianp
wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.3
- www/wordpress/PLIST 1.3
- www/wordpress/distinfo 1.2
---
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jul 28 21:20:20 UTC 2009
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to 2.8.2
Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an
option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation
For all the details see: http://codex.wordpress.org/Version_2.8
tron [Tue, 28 Jul 2009 19:24:26 +0000 (19:24 +0000)]
Pullup ticket #2842.
tron [Tue, 28 Jul 2009 19:23:00 +0000 (19:23 +0000)]
Pullup ticket #2842 - requested by tnn
firefox3: security update
Revisions pulled up:
- www/firefox3/Makefile 1.34
- www/firefox3/distinfo 1.26
- www/firefox3/patches/patch-ba 1.2
- www/firefox3/patches/patch-bb 1.2
- www/firefox3/patches/patch-bo 1.2
---
Module Name: pkgsrc
Committed By: tnn
Date: Mon Jul 27 12:56:01 UTC 2009
Modified Files:
pkgsrc/www/firefox3: Makefile distinfo
pkgsrc/www/firefox3/patches: patch-ba patch-bb patch-bo
Log Message:
Update to firefox3-3.0.12.
Security and bugfix release, patches the following advisories:
MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__
on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-35 Crash and remote code execution during Flash player
unloading MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)
tron [Tue, 28 Jul 2009 10:01:18 +0000 (10:01 +0000)]
Pullup ticket #2839.
tron [Tue, 28 Jul 2009 10:01:03 +0000 (10:01 +0000)]
Pullup ticket #2839 - requested by taca
squid30: security update
Revisions pulled up:
- www/squid30/Makefile 1.14
- www/squid30/distinfo 1.12 via patch
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 27 16:13:26 UTC 2009
Modified Files:
pkgsrc/www/squid30: Makefile distinfo
Removed Files:
pkgsrc/www/squid30/patches: patch-aa
Log Message:
Update www/squid package to 3.0.17 (3.0.STABLE17).
Changes to squid-3.0.STABLE17 (27 Jul 2009):
- Bug 2680 regression: Crash after rotate with no helpers running
- Bug 2710: squid_kerb_auth non-terminated string
- Bug 2679: strsep and strtoll detection failure
- Bug 2674: Remove limit on HTTP headers read.
- Bug 2659: String length overflows on append, leading to segfaults
- Bug 2620: Invalid HTTP response codes causes segfault
- Bug 2080: wbinfo_group.pl - false positive under certain conditions
- Bug 1087: ESI processor not quoting attributes correctly.
- Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
- Several small build issues with previous release.
tron [Mon, 27 Jul 2009 09:38:43 +0000 (09:38 +0000)]
Pullup ticket #2838.
tron [Mon, 27 Jul 2009 09:37:35 +0000 (09:37 +0000)]
Pullup ticket #2838 - requested by minskim
xdvik: portability fix
Revisions pulled up:
- print/xdvik/Makefile 1.5
---
Module Name: pkgsrc
Committed By: minskim
Date: Mon Jul 27 08:59:36 UTC 2009
Modified Files:
pkgsrc/print/xdvik: Makefile
Log Message:
Remove an unused file, which caused a conflict on a case-insensitive
filesystem.
This fixed PR 41607.
tron [Sat, 25 Jul 2009 19:42:40 +0000 (19:42 +0000)]
Pullup tickets #2833, #2834, #2835 and #2836.
tron [Sat, 25 Jul 2009 19:40:54 +0000 (19:40 +0000)]
Pullup ticket #2835 - requested hasso
xml-security-c: security update
Revisions pulled up:
- security/xml-security-c/Makefile 1.3
- security/xml-security-c/PLIST 1.3
- security/xml-security-c/distinfo 1.2
---
Module Name: pkgsrc
Committed By: hasso
Date: Fri Jul 24 20:33:16 UTC 2009
Modified Files:
pkgsrc/security/xml-security-c: Makefile PLIST distinfo
Log Message:
Update to 1.5.1. No detailed changelog, but from announcements:
1.5.1 release provides some bug fixes and a fix for the recently announced
HMAC vulnerability in the XML Signature specification (CVE-2009-0217).
1.5.0 release provides more bug fixes, partial support for Inclusive
Canonicalization 1.1, and support for the Xerces 3.x official release and
32/64-bit portability APIs.
tron [Sat, 25 Jul 2009 19:26:40 +0000 (19:26 +0000)]
Pullup ticket #2833 - requested by joerg
nsd: portability fix
Revisions pulled up:
- net/nsd/Makefile 1.47
- net/nsd/distinfo 1.26
- net/nsd/patches/patch-ab 1.3
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jul 24 07:08:10 UTC 2009
Modified Files:
pkgsrc/net/nsd: Makefile distinfo
Added Files:
pkgsrc/net/nsd/patches: patch-ab
Log Message:
Redirecting stdout and stderr with &> is not portable, fix this.
Issue raised by Koh-ichi Ito on nsd-users.
tron [Sat, 25 Jul 2009 19:20:05 +0000 (19:20 +0000)]
Pullup ticket #2836 - requested by joerg
pkg_install: bug fix
Revisions pulled up:
- pkgtools/pkg_install/files/info/perform.c 1.58
- pkgtools/pkg_install/files/lib/license.c 1.7
- pkgtools/pkg_install/files/lib/pkg_install.conf.5.in 1.7
- pkgtools/pkg_install/files/lib/pkg_install.conf.cat5.in 1.7
- pkgtools/pkg_install/files/lib/version.h 1.132
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jul 24 19:06:45 UTC 2009
Modified Files:
pkgsrc/pkgtools/pkg_install/files/info: perform.c
pkgsrc/pkgtools/pkg_install/files/lib: license.c pkg_install.conf.5.in
pkg_install.conf.cat5.in version.h
Log Message:
pkg_install-
20070724:
- license handling: accept upper case letters. Keep license checks
case-sensitive as done in the older pkgsrc logic. Document this.
OK dillo@, schmonz@, wiz@
- pkg_info:
- fix handling of non-packages, that are valid archives
- invert order of pkg_info -r to better match the expectations of
make update.
tron [Sat, 25 Jul 2009 19:15:25 +0000 (19:15 +0000)]
Pullup ticket #2834 - requested by joerg
mk/flavor/pkg/metadata.mk: bug fix
Revisions pulled up:
- mk/flavor/pkg/metadata.mk 1.32
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jul 24 06:54:37 UTC 2009
Modified Files:
pkgsrc/mk/flavor/pkg: metadata.mk
Log Message:
Compute +SIZE_ALL as documented in pkg_info(1). Addresses PR 41767.
spz [Wed, 22 Jul 2009 06:58:30 +0000 (06:58 +0000)]
pullup #2832
spz [Wed, 22 Jul 2009 06:56:56 +0000 (06:56 +0000)]
Pullup ticket 2832 - requested by tron
security update
Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.35
- pkgsrc/net/wireshark/PLIST 1.14
- pkgsrc/net/wireshark/distinfo 1.23
- pkgsrc/net/wireshark/patches/patch-aa 1.10
- pkgsrc/net/wireshark/patches/patch-ad 1.4
Module Name: pkgsrc
Committed By: tron
Date: Tue Jul 21 20:39:41 UTC 2009
Modified Files:
pkgsrc/net/wireshark: Makefile PLIST distinfo
pkgsrc/net/wireshark/patches: patch-aa patch-ad
Log Message:
Update "wireshark" package to version 1.2.1. Changes since version 1.0.8:
New features:
- Wireshark has a spiffy new start page.
- Display filters now autocomplete.
- Support for the c-ares resolver library has been added. It has many
- advantages over ADNS.
- Many new protocol dissectors and capture file formats have been added.
- Macintosh OS X support has been improved.
- GeoIP database lookups.
- OpenStreetMap + GeoIP integration.
- Improved Postscript(R) print output.
- The preference handling code is now much smarter about changes.
- Support for Pcap-ng, the next-generation capture file format.
- Support for process information correlation via IPFIX.
- Column widths are now saved.
- The last used configuration profile is now saved.
- Protocol preferences are changeable from the packet details context menu.
- Support for IP packet comparison.
- Capinfos now shows the average packet rate.
Security fixes:
- The AFS dissector could crash.
- The Infiniband dissector could crash on some platforms.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/wireshark/PLIST
cvs rdiff -u -r1.22 -r1.23 pkgsrc/net/wireshark/distinfo
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/wireshark/patches/patch-aa
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/patches/patch-ad
tron [Tue, 21 Jul 2009 14:30:00 +0000 (14:30 +0000)]
Pullup tickets #2826, #2827, #2828, #2829, #2830 and #2831.
tron [Tue, 21 Jul 2009 14:28:22 +0000 (14:28 +0000)]
Pullup ticket #2831 - requested by kefren
mono-tools: keep in sync with mono
Revisions pulled up:
- devel/mono-tools/Makefile 1.15
- devel/mono-tools/PLIST 1.7
- devel/mono-tools/distinfo 1.5
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 15 12:12:37 UTC 2009
Modified Files:
pkgsrc/devel/mono-tools: Makefile PLIST distinfo
Log Message:
The continuing story of mono 2.4.2 update
tron [Tue, 21 Jul 2009 11:20:40 +0000 (11:20 +0000)]
Pullup ticket #2830 - requested by kefren
mono-basic: keep in sync with mono
Revisions pulled up:
- lang/mono-basic/Makefile 1.7
- lang/mono-basic/distinfo 1.4
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 15 11:42:31 UTC 2009
Modified Files:
pkgsrc/lang/mono-basic: Makefile distinfo
Log Message:
Update to mono 2.4.2
tron [Tue, 21 Jul 2009 11:17:25 +0000 (11:17 +0000)]
Pullup ticket #2829 - requested by kefren
mono-xsp: keep in sync with mono
Revisions pulled up:
- www/mono-xsp/Makefile 1.13
- www/mono-xsp/PLIST 1.8
- www/mono-xsp/distinfo 1.7
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 15 11:57:29 UTC 2009
Modified Files:
pkgsrc/www/mono-xsp: Makefile PLIST distinfo
Log Message:
Update to mono 2.4.2
tron [Tue, 21 Jul 2009 11:12:59 +0000 (11:12 +0000)]
Pullup ticket #2828 - requested by kefren
libgdiplus: keep in sync with mono
Revisions pulled up:
- graphics/libgdiplus/Makefile 1.38
- graphics/libgdiplus/distinfo 1.23
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 15 11:50:50 UTC 2009
Modified Files:
pkgsrc/graphics/libgdiplus: Makefile distinfo
Log Message:
Update to mono 2.4.2
tron [Tue, 21 Jul 2009 11:04:18 +0000 (11:04 +0000)]
Pullup ticket #2827 - requested by kefren
ap-mono: keep in sync with mono
Revisions pulled up:
- www/ap-mono/Makefile 1.8
- www/ap-mono/PLIST 1.3
- www/ap-mono/distinfo 1.5
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 15 12:02:44 UTC 2009
Modified Files:
pkgsrc/www/ap-mono: Makefile PLIST distinfo
Log Message:
Update to mono 2.4.2
tron [Tue, 21 Jul 2009 10:50:58 +0000 (10:50 +0000)]
Pullup ticket #2826 - requested by kefren
mono: security update
Revisions pulled up:
- lang/mono/Makefile 1.89-1.90
- lang/mono/PLIST.common 1.6
- lang/mono/buildlink3.mk 1.34
- lang/mono/distinfo 1.52-1.53
- lang/mono/patches/patch-dj 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 15 11:37:16 UTC 2009
Modified Files:
pkgsrc/lang/mono: Makefile PLIST.common buildlink3.mk distinfo
Log Message:
Update to 2.4.2.1
This version is the first version to integrate Microsoft's open source
ASP.NET MVC stack. More than 140 bug fixed. Check
http://www.mono-project.com/Release_Notes_Mono_2.4.2 for more changes.
---
Module Name: pkgsrc
Committed By: hasso
Date: Fri Jul 17 02:53:52 UTC 2009
Modified Files:
pkgsrc/lang/mono: distinfo
Added Files:
pkgsrc/lang/mono/patches: patch-dj
Log Message:
Make it build again on DragonFly.
---
Module Name: pkgsrc
Committed By: kefren
Date: Sun Jul 19 07:53:53 UTC 2009
Modified Files:
pkgsrc/lang/mono: Makefile distinfo
Log Message:
Update to 2.4.2.2 - Contains fixes for CVE-2009-0217
tron [Mon, 20 Jul 2009 09:59:10 +0000 (09:59 +0000)]
Pullup tickets #2822 and #2825.
tron [Mon, 20 Jul 2009 09:58:40 +0000 (09:58 +0000)]
Pullup ticket #2825 - requested by minskim
scmgit: security update
scmgit-base: security update
scmgit-docs: security update
Revisions pulled up:
- devel/scmgit-base/PLIST 1.14
- devel/scmgit-base/distinfo 1.18-1.19
- devel/scmgit-base/patches/patch-aa 1.8-1.9
- devel/scmgit-base/patches/patch-ad delete
- devel/scmgit-docs/PLIST 1.6
- devel/scmgit/Makefile.version 1.9
---
Module Name: pkgsrc
Committed By: minskim
Date: Sun Jul 19 01:29:33 UTC 2009
Modified Files:
pkgsrc/devel/scmgit: Makefile.version
pkgsrc/devel/scmgit-base: PLIST distinfo
pkgsrc/devel/scmgit-base/patches: patch-aa
pkgsrc/devel/scmgit-docs: PLIST
Removed Files:
pkgsrc/devel/scmgit-base/patches: patch-ad
Log Message:
Update scmgit to 1.6.3.3.
This version fixes the remote DoS problem in
http://secunia.com/advisories/35437/.
Major changes between 1.6.2 and 1.6.3:
* various git-svn updates.
* git-gui updates, including an update to Russian translation, and a
fix to an infinite loop when showing an empty diff.
* gitk updates, including an update to Russian translation and
improved Windows support.
* many uses of lstat(2) in the codepath for "git checkout" have been
optimized out.
* usuability improvements.
* bug fixes.
---
Module Name: pkgsrc
Committed By: hasso
Date: Mon Jul 20 03:43:07 UTC 2009
Modified Files:
pkgsrc/devel/scmgit-base: distinfo
pkgsrc/devel/scmgit-base/patches: patch-aa
Log Message:
Make it build on DragonFly again.
tron [Mon, 20 Jul 2009 09:22:07 +0000 (09:22 +0000)]
Pullup ticket #2822 - requested by adrianp
bugzilla3: security update
Revisions pulled up:
- devel/bugzilla3/Makefile 1.15
- devel/bugzilla3/distinfo 1.9
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Jul 17 17:04:56 UTC 2009
Modified Files:
pkgsrc/devel/bugzilla3: Makefile distinfo
Log Message:
* We now require a specific version of the Email::MIME::Encodings Perl module, to fix an issue where some emails would have too many newlines in them. (Bug 486206)
* Bugzilla's JavaScript and CSS should now be fully compatible with Internet Explorer 8. (Bug 483150)
* Running a saved search with a saved sort order will now no longer overwrite your default search order. (Bug 491679)
* You can now confirm a bug by popular vote even if there is no status called "NEW" in your Bugzilla. (Bug 500900)
* Displaying a bug with lots of comments should now be significantly faster. (Bug 498318)
This release also contains a security fix. See the Security Fixes Section for details.
spz [Sun, 19 Jul 2009 20:35:58 +0000 (20:35 +0000)]
pullup #2821
spz [Sun, 19 Jul 2009 20:32:51 +0000 (20:32 +0000)]
Pullup ticket 2821 - requested by adrianp
security update
Revisions pulled up:
- pkgsrc/net/isc-dhclient/distinfo 1.4
- pkgsrc/net/isc-dhcp/Makefile.common 1.5
- pkgsrc/net/isc-dhcp/distinfo 1.4
- pkgsrc/net/isc-dhcpd/distinfo 1.4
- pkgsrc/net/isc-dhcrelay/distinfo 1.4
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 16 18:29:49 UTC 2009
Modified Files:
pkgsrc/net/isc-dhclient: distinfo
pkgsrc/net/isc-dhcp: Makefile.common distinfo
pkgsrc/net/isc-dhcpd: distinfo
pkgsrc/net/isc-dhcrelay: distinfo
Log Message:
Bump to p1
* A stack overflow vulnerability was fixed in dhclient that could allow r=
emote attackers to execute arbitrary commands as root on the system, or s=
imply terminate the client, by providing an over-long subnet-mask option.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhclient/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/isc-dhcp/Makefile.common
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhcp/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhcpd/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhcrelay/distinfo
spz [Sun, 19 Jul 2009 20:04:49 +0000 (20:04 +0000)]
pullup #2824
spz [Sun, 19 Jul 2009 20:00:53 +0000 (20:00 +0000)]
Pullup ticket 2824 - requested by tron
security fix
Revisions pulled up:
- pkgsrc/databases/mysql5-server/Makefile 1.28
- pkgsrc/databases/mysql5-server/distinfo 1.22
Files added:
pkgsrc/databases/mysql5-server/patches/patch-ac 1.8
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 19 13:50:20 UTC 2009
Modified Files:
pkgsrc/databases/mysql5-server: Makefile distinfo
Added Files:
pkgsrc/databases/mysql5-server/patches: patch-ac
Log Message:
Add a patch for CVE-2009-2446 based on the description in the report.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/databases/mysql5-server/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/databases/mysql5-server/distinfo
cvs rdiff -u -r0 -r1.8 pkgsrc/databases/mysql5-server/patches/patch-ac
spz [Sun, 19 Jul 2009 19:32:45 +0000 (19:32 +0000)]
pullup #2823
spz [Sun, 19 Jul 2009 19:31:37 +0000 (19:31 +0000)]
Pullup ticket 2823 - requested by tron
security fix
Revisions pulled up:
- pkgsrc/graphics/tiff/Makefile 1.88
- pkgsrc/graphics/tiff/distinfo 1.43
Files added:
pkgsrc/graphics/tiff/patches/patch-ca 1.1
pkgsrc/graphics/tiff/patches/patch-cb 1.1
Module Name: pkgsrc
Committed By: tron
Date: Sun Jul 19 11:45:09 UTC 2009
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-ca patch-cb
Log Message:
Apply fix for integer overflows in various inter-color space conversion
tools taken from MapTools Bugzilla. This fixes CVE-2009-2347.
To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-ca \
pkgsrc/graphics/tiff/patches/patch-cb
tron [Fri, 17 Jul 2009 13:56:23 +0000 (13:56 +0000)]
Pullup tickets #2815, #2817, #2818 and #2819.
tron [Fri, 17 Jul 2009 13:54:28 +0000 (13:54 +0000)]
Pullup ticket #2819 - requested by adrianp
drupal: security update
Revisions pulled up:
- www/drupal/Makefile 1.40
- www/drupal/distinfo 1.31
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 16 18:11:07 UTC 2009
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-007 Drupal core - Multiple vulnerabilities
In addition to this security vulnerability, the following bugs have been fixed since the 5.18 release:
* #212285 by wrwrwr: hr should be treated as a block level tag. Backport by alexanderpas.
* #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
tron [Fri, 17 Jul 2009 13:51:09 +0000 (13:51 +0000)]
Pullup ticket #2818 - requested by adrianp
isc-dhcp4: security update
net/isc-dhcp4/Makefile.common 1.5
net/isc-dhcp4/distinfo 1.4
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 16 18:41:11 UTC 2009
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile.common distinfo
Log Message:
Bump to p1
* A stack overflow vulnerability was fixed in dhclient that could allow remote attackers to execute arbitrary commands as root on the system, or simply terminate the client, by providing an over-long subnet-mask option.