ghen [Fri, 11 Jul 2008 06:14:40 +0000 (06:14 +0000)]
Ticket #2447.
ghen [Fri, 11 Jul 2008 06:14:07 +0000 (06:14 +0000)]
Pullup ticket 2447 - requested by adrianp
security update for bind9
- pkgsrc/net/bind9/Makefile 1.100, 1.101
- pkgsrc/net/bind9/PLIST 1.22
- pkgsrc/net/bind9/distinfo 1.36, 1.37
- pkgsrc/net/bind9/patches/patch-ad 1.7, 1.8
- pkgsrc/net/bind9/patches/patch-ai 1.9
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jun 21 22:13:22 UTC 2008
Modified Files:
pkgsrc/net/bind9: Makefile distinfo
pkgsrc/net/bind9/patches: patch-ad patch-ai
Log Message:
Fix two typos: inclue => include
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 10 21:05:30 UTC 2008
Modified Files:
pkgsrc/net/bind9: Makefile PLIST distinfo
pkgsrc/net/bind9/patches: patch-ad
Log Message:
Update to 9.4.2-P1
Please see CHANGES for all the details but the driving factor of this update
is:
2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]
tron [Thu, 10 Jul 2008 13:01:01 +0000 (13:01 +0000)]
Pullup tickets #2443, #2444, #2445 and #2446.
tron [Thu, 10 Jul 2008 13:00:01 +0000 (13:00 +0000)]
Pullup ticket #2443 - requested by taca
Security patch for ruby18-base
Revisions pulled up:
- lang/ruby18-base/Makefile 1.45 via patch
- lang/ruby18-base/distinfo 1.31 via patch
- lang/ruby18-base/patches/patch-ad 1.9 via patch
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Thu Jul 3 21:06:10 UTC 2008
Modified Files:
pkgsrc/lang/ruby18-base: Makefile distinfo
Added Files:
pkgsrc/lang/ruby18-base/patches: patch-ad
Log Message:
Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8
which can be exploited to cause a denial of service through memory
exhaustion. (SN-2008-02)
tron [Thu, 10 Jul 2008 12:42:29 +0000 (12:42 +0000)]
Pullup ticket #2446 - requested by ghen
Security update for clamav
Revisions pulled up:
- mail/clamav/Makefile 1.86
- mail/clamav/distinfo 1.53
---
Module Name: pkgsrc
Committed By: ghen
Date: Wed Jul 9 08:40:13 UTC 2008
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Log Message:
Update to ClamAV 0.93.3 (security update during freeze, approved by agc).
* fix handling of .cld files
* libclamav/ole2_extract.c, sigtool: make sigtool compatible with the new
OLE2 scan scheme (bb#1086)
* libclamav/petite.c: fix another out of bounds memory read (bb#1000)
Reported by Secunia (CVE-2008-2713)
* clamd/others.c: add missing checks for recv() failures (bb#1079)
* libclamav/scanners.c: add missing check for file open failure (bb #1083).
* sigtool/sigtool.c: make use of the UNLINK command in cdiffs (bb#1080)
* sigtool/sigtool.c: verify MD5's in --run-cdiff
* libclamav/matcher-ac.c: fix handling of nodes which also match single
bytes (bb#1054)
* libclamav: faster loading of uncompressed .cld files, also fixes bb#1064
* merge r3816 from trunk (bb #947, AIX name collisions)
* freshclam/manager.c: add missing closesocket on error path (bb #1073)
tron [Thu, 10 Jul 2008 12:20:11 +0000 (12:20 +0000)]
Pullup ticket #2445 - requested by ghen
Security update for seamonkey
Security update for seamonkey-bin
Revisions pulled up:
- www/seamonkey-bin/Makefile 1.23
- www/seamonkey-bin/distinfo 1.19
- www/seamonkey/Makefile-seamonkey.common 1.18
- www/seamonkey/PLIST 1.15
- www/seamonkey/distinfo 1.31-1.32
- www/seamonkey/patches/patch-af 1.2
- www/seamonkey/patches/patch-ap 1.5
- www/seamonkey/patches/patch-de 1.2
- www/seamonkey/patches/patch-dy 1.1
- www/seamonkey/patches/patch-dz 1.1
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jul 5 12:04:38 UTC 2008
Modified Files:
pkgsrc/www/seamonkey: Makefile-seamonkey.common PLIST distinfo
pkgsrc/www/seamonkey-bin: Makefile distinfo
pkgsrc/www/seamonkey/patches: patch-af patch-ap patch-de
Log Message:
Update seamonkey, seamonkey-bin and seamonkey-gtk1 to Seamonkey 1.1.10.
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
MFSA 2008-20 Crash in JavaScript garbage collector
For more info, see http://www.seamonkey-project.org/releases/seamonkey1.1.10/
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Jul 6 06:46:05 UTC 2008
Modified Files:
pkgsrc/www/seamonkey: distinfo
Added Files:
pkgsrc/www/seamonkey/patches: patch-dy patch-dz
Log Message:
Fix build on DragonFly, similar fix as for Firefox from PR pkg/39096
tron [Thu, 10 Jul 2008 10:14:56 +0000 (10:14 +0000)]
Pullup ticket #2444 - requested by ghen
DragonFly build fix for firefox
Revisions pulled up:
- www/firefox/distinfo 1.79
- www/firefox/patches/patch-dx 1.3
- www/firefox/patches/patch-dy 1.1
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Jul 6 06:45:30 UTC 2008
Modified Files:
pkgsrc/www/firefox: distinfo
Added Files:
pkgsrc/www/firefox/patches: patch-dx patch-dy
Log Message:
Fix build on DragonFly, from PR pkg/39096.
tron [Thu, 3 Jul 2008 11:29:26 +0000 (11:29 +0000)]
Update entry for ticket #2436.
tron [Thu, 3 Jul 2008 11:29:10 +0000 (11:29 +0000)]
Pullup ticket #2436 - requested by taca
Security update for ruby packages
Apply patches to update Ruby to version 1.8.6 patchlevel 230 to fix
the security vulnerability reported in CVE-2008-2726.
tron [Wed, 2 Jul 2008 13:14:59 +0000 (13:14 +0000)]
Pullup ticket #2441.
tron [Wed, 2 Jul 2008 13:13:59 +0000 (13:13 +0000)]
Pullup ticket #2441 - requested by ghen
Security update for firefox, firefox-bin and firefox-gtk1
Revisions pulled up:
- www/firefox-bin/Makefile 1.43
- www/firefox-bin/distinfo 1.43
- www/firefox/Makefile-firefox.common 1.58
- www/firefox/PLIST 1.29
- www/firefox/distinfo 1.78
- www/firefox/patches/patch-af 1.6
- www/firefox/patches/patch-ap 1.9
- www/firefox/patches/patch-de 1.2
---
Module Name: pkgsrc
Committed By: ghen
Date: Wed Jul 2 09:03:35 UTC 2008
Modified Files:
pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-bin: Makefile distinfo
pkgsrc/www/firefox/patches: patch-af patch-ap patch-de
Log Message:
Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.15.
Part of patch-af has been fixed upstream.
Security fixes in this version:
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
rtr [Sun, 29 Jun 2008 11:40:02 +0000 (11:40 +0000)]
ticket #2438
rtr [Sun, 29 Jun 2008 11:39:39 +0000 (11:39 +0000)]
pullup ticket 2438 requested by taca
squid: fixes security problems
pkgsrc/www/squid/Makefile 1.206,1.207
pkgsrc/www/squid/distinfo 1.138,1.139
Module Name: pkgsrc
Committed By: taca
Date: Sat Jun 21 10:33:55 UTC 2008
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update squid package to 2.6.20 (2.6.STABLE20).
It would be last 2.6 stable release.
Changes to squid-2.6.STABLE20 (25 Apr 2008)
- Bug #2263: Custom log formats fail to log file sizes >2GB properly
on 32-bit platforms
- Fix stripping NT domain in squid_ldap_group
- Bug #2278: Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
- Bug #2283: Fails to parse chunked encoding using chunk extensions
- Bug #420: Deal properly with empty list HTTP header members
- Windows Server 2008 support
- Bug #1886: tcp_outgoing_address acl doesn't work with indirect
source address (follow-x-forwarded-for)
- Bug #2296: Stuck in 100% CPU when fetching an corrupt peer digest
- Add support for the resolv.conf domain directive, and also
automatically derived default domain
- minimum_icp_query_timeout directive
- Bug #2329: Range header ignored on HIT
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jun 29 01:02:09 UTC 2008
Modified Files:
pkgsrc/www/squid: Makefile distinfo
Log Message:
Update www/squid package to 2.6.21 (2.6.STABLE21) which contains
two security fixes:
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
Changes to squid-2.6.STABLE21 (27 June 2008)
- Bug #2350: Bugs in Linux kernel capabilities code
- Bug #2241: weights not applied properly in round-robin peer
selection
- Off by one error in DNS label decompression could cause valid DNS
messages to be rejected
- logformat docs contain extra whitespace
- Reject ridiculously large ASN.1 lengths
- Fix SNMP reporting of counters with a value > 0xFF80000
- Correct spelling of WCCPv2 dst_port_hash to match the source
- Plug some "squid -k reconfigure" memory leaks. Mostly SSL related.
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
- Bug #2376: Round-Robin becomes unbalanced when a peer dies and comes
back
- Bug #2387: The calculation of the number of hash buckets need to
account for the memory size, not only disk size
- Bug #2393: DNS requests retried indefinitely at full speed on failed
TCP connection
- Bug #2393: DNS retransmit queue could get hold up
- Correct socket syscalls statistics in commResetFD()
rtr [Sun, 29 Jun 2008 11:12:15 +0000 (11:12 +0000)]
ticket #2437
rtr [Sun, 29 Jun 2008 11:11:44 +0000 (11:11 +0000)]
pullup ticket 2437 requested by tron
phpmyadmin: bug fixes many
pkgsrc/databases/phpmyadmin/Makefile 1.71,1.72
pkgsrc/databases/phpmyadmin/distinfo 1.34,1.35
Module Name: pkgsrc
Committed By: tron
Date: Sun Jun 8 14:15:28 UTC 2008
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.6. Changes since 2.11.5.2:
- bug #1903724 [interface] Displaying of very large queries
in error message
- bug #1905711 [compatibility] Functions deprecated in PHP 5.3:
is_a() and get_magic_quotes_gpc()
- bug [lang] catalan wrong accented characters
- bug #1893034 [Export] SET NAMES for importing with command-line
client
+ [lang] Russian update
- bug #1910485 [core] Unsetting the whitelist during the loop
- bug #1906980 [Export] Import of VIEWs fails if temp table exists
- bug #1812763 [Copy] Table copy when server is in ANSI_QUOTES
sql_mode
- bug #1918531 [compatibility] Navigation isn't w3.org valid
- bug #1926357 [data] BIT defaults displayed incorrectly
- patch #1930057 [auth] colon in password prevents HTTP login
on CGI/IIS
- patch #1929553 [lang] Don't output BOM character in Swedish
language file
- patch #1895796 [lang] Typo in Japanese lang files
- bug #1935652 [auth] Access denied (show warning about mcrypt
on login page)
- bug #1906983 [export] Reimport of FUNCTION fails
- bug #1919808 [operations] Renaming a database fails to handle
functions
- bug #1934401 [core] Cannot force a language
- bug #1944077 [core] Config file containing a BOM
- bug #1947189 [scripts] Missing head tag in scripts/signon.php
+ [lang] Romanian update
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jun 28 11:11:15 UTC 2008
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Update "phpmyadmin" package to version 2.11.7. Changes since 2.11.6:
- bug #1908719 [interface] New field cannot be auto-increment and
primary key
- [dbi] Incorrect interpretation for some mysqli field flags
- bug #1910621 [display] part 1: do not display a TEXT utf8_bin
as BLOB (fixed for mysqli extension only)
- [interface] sanitize the after_field parameter,
thanks to Norman Hippert
- [structure] do not remove the BINARY attribute in drop-down
- bug #1955386 [session] Overriding session.hash_bits_per_character
- [interface] sanitize the table comments in table print view,
thanks to Norman Hippert
- bug #1939031 Auto_Increment selected for TimeStamp by Default
- patch #1957998 [display] No tilde for InnoDB row counter when
we know it for sure, thanks to Vladyslav Bakayev - dandy76
- bug #1955572 [display] alt text causes duplicated strings
- bug #1762029 [interface] Cannot upload BLOB into existing row
- bug #1981043 [export] HTML in exports getting corrupted,
thanks to Jason Judge - jasonjudge
- bug #1936761 [interface] BINARY not treated as BLOB:
update/delete issues
- protection against XSS when register_globals is on and .htaccess
has no effect, thanks to Tim Starling
- bug #1996943 [export] Firefox 3 and .sql.gz (corrupted);
detect Gecko 1.9, thanks to Juergen Wind
rtr [Sun, 29 Jun 2008 10:28:00 +0000 (10:28 +0000)]
ticket #2429
rtr [Sun, 29 Jun 2008 10:25:43 +0000 (10:25 +0000)]
pullup ticket #2429 - requested by tron
nasm: fixes bug in nasm which is a "possible" security issue
revisions pulled up:
pkgsrc/devel/nasm/Makefile 1.36
pkgsrc/devel/nasm/distinfo 1.16
pkgsrc/devel/nasm/patches/patch-ad 1.8
Module Name: pkgsrc
Committed By: tron
Date: Tue Jun 17 14:06:25 UTC 2008
Modified Files:
pkgsrc/devel/nasm: Makefile distinfo
Added Files:
pkgsrc/devel/nasm/patches: patch-ad
Log Message:
Add a patch from the "nasm" GIT repository to fix a crash triggered by
certain assembler files. This closes the security hole reported in SA30594
(which is IMHO highly debatable).
tron [Sat, 28 Jun 2008 12:02:32 +0000 (12:02 +0000)]
Pullup ticket #2436.
tron [Sat, 28 Jun 2008 11:59:46 +0000 (11:59 +0000)]
Pullup ticket #2436 - requested by taca
Security update for ruby packages
Apply patches to update Ruby to version 1.8.6 patchlevel 230 to fix
the security vulnerability reported in CVE-2008-2726.
tron [Sat, 28 Jun 2008 11:54:07 +0000 (11:54 +0000)]
Pullup ticket #2436 - requested by taca
Security update for ruby packages
Apply patches to update Ruby to version 1.8.6 patchlevel 230 to fix
the security vulnerability reported in CVE-2008-2726.
tron [Thu, 26 Jun 2008 19:45:34 +0000 (19:45 +0000)]
Pullup ticket #2435.
tron [Thu, 26 Jun 2008 19:44:35 +0000 (19:44 +0000)]
Pullup ticket #2435 - requested by adrianp
Security patch for horde
Manually add backport of the following fix:
- http://lists.horde.org/archives/announce/2008/000415.html
tron [Wed, 25 Jun 2008 12:09:43 +0000 (12:09 +0000)]
Pullup ticket #2434 - requested by he
Security patch for apache2
Revisions pulled up:
- devel/apr0/Makefile 1.5
- www/apache2/Makefile 1.124
- www/apache2/Makefile.common 1.26
---
Module Name: pkgsrc
Committed By: he
Date: Sun Jun 22 23:01:19 UTC 2008
Modified Files:
pkgsrc/devel/apr0: Makefile
pkgsrc/www/apache2: Makefile Makefile.common
Log Message:
As indicated by comments on pkgsrc-c, move PKGREVISION setting to
individual Makefile files and out of Makefile.common.
tron [Wed, 25 Jun 2008 10:36:40 +0000 (10:36 +0000)]
Pullup tickets #2433 and #2434.
tron [Wed, 25 Jun 2008 10:35:41 +0000 (10:35 +0000)]
Pullup ticket #2434 - requested by he
Security patch for apache2
Revisions pulled up:
- www/apache2/Makefile.common 1.25
- www/apache2/distinfo 1.53
- www/apache2/patches/patch-ap 1.5
---
Module Name: pkgsrc
Committed By: he
Date: Fri Jun 20 13:28:08 UTC 2008
Modified Files:
pkgsrc/www/apache2: Makefile.common distinfo
Added Files:
pkgsrc/www/apache2/patches: patch-ap
Log Message:
Apply the patch for CVE-2008-2364 from apache.
Bump pkg revision.
tron [Wed, 25 Jun 2008 10:20:58 +0000 (10:20 +0000)]
Pullup ticket #2433 - requested by joerg
Security patch for modular-xorg-server
Revisions pulled up:
- x11/modular-xorg-server/Makefile 1.30 via patch
- x11/modular-xorg-server/distinfo 1.21
- x11/modular-xorg-server/patches/patch-ac 1.3
- x11/modular-xorg-server/patches/patch-ae 1.5
- x11/modular-xorg-server/patches/patch-da delete
- x11/modular-xorg-server/patches/patch-ed 1.2
- x11/modular-xorg-server/patches/patch-ef 1.2
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jun 20 13:34:40 UTC 2008
Modified Files:
pkgsrc/x11/modular-xorg-server: Makefile distinfo
pkgsrc/x11/modular-xorg-server/patches: patch-ed patch-ef
Added Files:
pkgsrc/x11/modular-xorg-server/patches: patch-ac patch-ae
Removed Files:
pkgsrc/x11/modular-xorg-server/patches: patch-da
Log Message:
modular-xorg-server-1.3.0.0nb9:
Fix CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361 and
CVE-2008-2362 based on upstream patches.
tron [Tue, 24 Jun 2008 12:52:01 +0000 (12:52 +0000)]
Pullup ticket #2432.
tron [Tue, 24 Jun 2008 12:50:15 +0000 (12:50 +0000)]
Pullup ticket #2432 - requested by taca
Security patch for geeklog
Revisions pulled:
- www/geeklog/Makefile 1.17-1.18
- www/geeklog/Makefile.common 1.6
- www/geeklog/distinfo 1.7
- www/geeklog/patches/patch-ah 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Mon May 26 00:40:24 UTC 2008
Modified Files:
pkgsrc/www/geeklog: Makefile
Log Message:
Needs full pax dependency. Bump revision.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jun 19 14:08:42 UTC 2008
Modified Files:
pkgsrc/www/geeklog: Makefile Makefile.common distinfo
Added Files:
pkgsrc/www/geeklog/patches: patch-ah
Log Message:
Add a security fix for kses, HTML filter which isn't used with default
configuration: http://www.geeklog.net/article.php/kses.
Also fix one pkglint warning.
Bump PKGREVISION.
spz [Thu, 19 Jun 2008 20:13:18 +0000 (20:13 +0000)]
Pullup ticket 2428 - requested by tron
Security fix
Revisions pulled up:
- pkgsrc/misc/openoffice2-bin/Makefile 1.36
- pkgsrc/misc/openoffice2-bin/distinfo 1.15
Module Name: pkgsrc
Committed By: tron
Date: Sun Jun 15 12:22:52 UTC 2008
Modified Files:
pkgsrc/misc/openoffice2-bin: Makefile distinfo
Log Message:
Update "openoffice2-bin" package to version 2.4.1.
This version fixes various bugs including the security vulnerability
reported in CVE-2008-2152.
To generate a diff of this commit:
cvs rdiff -r1.35 -r1.36 pkgsrc/misc/openoffice2-bin/Makefile
cvs rdiff -r1.14 -r1.15 pkgsrc/misc/openoffice2-bin/distinfo
spz [Thu, 19 Jun 2008 19:10:30 +0000 (19:10 +0000)]
Pullup ticket 2427 - requested by hira
Security fix (fixes CVE-2008-2152)
Revisions pulled up:
- pkgsrc/misc/openoffice2/Makefile 1.47
- pkgsrc/misc/openoffice2/distinfo 1.40
Module Name: pkgsrc
Committed By: hira
Date: Fri Jun 13 11:20:15 UTC 2008
Modified Files:
pkgsrc/misc/openoffice2: Makefile distinfo
Log Message:
Update to 2.4.1. This release fixes CVE-2008-2152.
Release Notes:
http://development.openoffice.org/releases/2.4.1.html
To generate a diff of this commit:
cvs rdiff -r1.46 -r1.47 pkgsrc/misc/openoffice2/Makefile
cvs rdiff -r1.39 -r1.40 pkgsrc/misc/openoffice2/distinfo
ghen [Thu, 19 Jun 2008 16:46:06 +0000 (16:46 +0000)]
Ticket #2431.
ghen [Thu, 19 Jun 2008 16:45:15 +0000 (16:45 +0000)]
Pullup ticket 2431 - requested by obache
security fix for fetchmail
- pkgsrc/mail/fetchmail/Makefile 1.167
- pkgsrc/mail/fetchmail/distinfo 1.39
- pkgsrc/mail/fetchmail/patches/patch-ab 1.18
Module Name: pkgsrc
Committed By: obache
Date: Thu Jun 19 11:29:49 UTC 2008
Modified Files:
pkgsrc/mail/fetchmail: Makefile distinfo
Added Files:
pkgsrc/mail/fetchmail/patches: patch-ab
Log Message:
Add patch for CVE-2008-2711.
Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt
Bump PKGREVISION.
ghen [Thu, 19 Jun 2008 09:15:24 +0000 (09:15 +0000)]
Ticket #2430.
ghen [Thu, 19 Jun 2008 09:14:57 +0000 (09:14 +0000)]
Pullup ticket 2430 - requested by martti
security update for vim
- pkgsrc/editors/vim-share/Makefile.common 1.107-1.109
- pkgsrc/editors/vim-share/distinfo 1.96-1.98
- pkgsrc/editors/vim-share/version.mk 1.51-1.53
Module Name: pkgsrc
Committed By: martti
Date: Fri May 9 09:47:21 UTC 2008
Modified Files:
pkgsrc/editors/vim-share: Makefile.common distinfo version.mk
Log Message:
Updated editors/vim-share to 7.1.297
2258 7.1.284 compiler warnings for functions without prototype
5787 7.1.285 (extra) Mac: dialog hotkeys don't work
2045 7.1.286 (after 7.1.103) "w" at end of buffer moves cursor too far
1859 7.1.287 crash when reversing a list after using it
3182 7.1.288 (after 7.1.281) cscope leaves behind temp files with gvim
1979 7.1.289 when EXITFREE is defined and 'acd' is set freed memory is used
2146 7.1.290 reading unwritten bytes when spell checking with large indent
1940 7.1.291 compiler warning for int-long conversion
6698 7.1.292 when using a pattern with "\@<=" the submatches can be wrong
3087 7.1.293 spell checking considers super/subscript chars as word chars
2336 7.1.294 leaking memory when executing a shell command
6102 7.1.295 vimtutor only works with vim, not gvim
9374 7.1.296 SELinux is not supported
1855 7.1.297 wrong parenmatch highlighting after search/replace dialog
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Jun 2 11:19:53 UTC 2008
Modified Files:
pkgsrc/editors/vim-share: Makefile.common distinfo version.mk
Log Message:
Updated editors/vim-share to 7.1.305
1558 7.1.298 src/gvimtutor is not distributed
9490 7.1.299 filetype detection fails for file name with special characters
1959 7.1.300 value of asmsyntax argument isn't checked for valid characters
1673 7.1.301 "File/Save" menu in Insert mode doesn't update tab page label
1485 7.1.302 (after 7.1.299) compilation error on MS-Windows
12135 7.1.304 shortpath_for_invalid_fname() is too complex and wrong
4735 7.1.305 can't edit compressed file with special characters in the name
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Jun 19 05:55:44 UTC 2008
Modified Files:
pkgsrc/editors/vim-share: Makefile.common distinfo version.mk
Log Message:
Updated editors/vim-share to 7.1.315
2153 7.1.306 some Unicode symbol chars are handled like word chars
23714 7.1.307 many warnings when compiling with Python 2.5
2673 7.1.308 when in readonly mode ":options" produces an error
3989 7.1.309 installing and testing with a shadow directory doesn't work
8024 7.1.310 incomplete utf-8 byte sequence at end of the file not detected
2547 7.1.311 compiler warning for missing sentinel in X code
2346 7.1.312 there is no check for error number mistakes in .po files
3425 7.1.313 status and tile not updated when using netbeans setModified
1915 7.1.314 'pastetoggle' is written to the session file without escaping
3287 7.1.315 crash with specific search pattern using look-behind match
tron [Tue, 17 Jun 2008 17:38:57 +0000 (17:38 +0000)]
Pullup tickets #2421 and #2423.
tron [Tue, 17 Jun 2008 17:36:45 +0000 (17:36 +0000)]
Pullup ticket #2423 - requested by drochner
Security patch for evolution
Revisions pulled up (via patch):
- mail/evolution/Makefile 1.134
- mail/evolution/distinfo 1.58
- mail/evolution/patches/patch-ac 1.18
- mail/evolution/patches/patch-ad 1.10
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Jun 5 11:08:08 UTC 2008
Modified Files:
pkgsrc/mail/evolution: Makefile distinfo
Added Files:
pkgsrc/mail/evolution/patches: patch-ac patch-ad
Log Message:
fix two buffer overflows in iCalendar code (CVE-2008-1108, CVE-2008-1109),
patches from upstream CVS, bump PKGREVISION
tron [Tue, 17 Jun 2008 14:58:14 +0000 (14:58 +0000)]
Pullup ticket #2421 - requested by he
Fix old-style bulk builds
Revisions pulled up:
- mk/bulk/build 1.104
- pkgtools/pkg_install/Makefile 1.154
---
Module Name: pkgsrc
Committed By: he
Date: Sun Jun 8 21:04:30 UTC 2008
Modified Files:
pkgsrc/mk/bulk: build
pkgsrc/pkgtools/pkg_install: Makefile
Log Message:
Commit two fixes which at least for me appear to be required when
doing an old-style bulk build on 4.0 or older systems:
- in mk/bulk/build, do "make update" instead of "make install + clean"
when installing a new pkg_install
- in pkgtools/pkg_install/Makefile, don't try to use our own
executables (${WORKDIR}/pkg_add/pkg_add etc.) if they don't exist
Discussed with joerg, and even though he's not entirely happy
with the latter change, he didn't appear to have a better suggestion.
This, and putting /usr/pkg/sbin earlier than /usr/sbin in the $PATH
appears to be required to get an old-style bulk build going.
ghen [Mon, 16 Jun 2008 09:08:45 +0000 (09:08 +0000)]
Tickets #2424-2426.
ghen [Mon, 16 Jun 2008 09:07:34 +0000 (09:07 +0000)]
Pullup ticket 2426 - requested by kefren
security update for freetype2
- pkgsrc/graphics/freetype2/Makefile 1.64
- pkgsrc/graphics/freetype2/PLIST 1.15
- pkgsrc/graphics/freetype2/distinfo 1.26
Module Name: pkgsrc
Committed By: drochner
Date: Wed Jun 11 10:35:21 UTC 2008
Modified Files:
pkgsrc/graphics/freetype2: Makefile PLIST distinfo
Log Message:
update to 2.3.6
This fixes some integer overflow/memory corruption/heap overflow
security problems: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
other changes:
-new function `FT_Get_CID_Registry_Ordering_Supplement' gives
access to those fields in a CID-keyed font
-code to validate the new `MATH' OpenType table
-API for cmap 14 support
-A new face flag FT_FACE_FLAG_CID_KEYED
-misc bugfixes and other improvements
ghen [Mon, 16 Jun 2008 09:00:02 +0000 (09:00 +0000)]
Pullup ticket 2425 - requested by tron
security patch for apache22
- pkgsrc/www/apache22/Makefile 1.26
- pkgsrc/www/apache22/distinfo 1.10
- pkgsrc/www/apache22/patches/patch-ab 1.6
Module Name: pkgsrc
Committed By: tron
Date: Thu Jun 12 14:12:19 UTC 2008
Modified Files:
pkgsrc/www/apache22: Makefile distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-ab
Log Message:
Add patch for CVE-2008-2364 from the Apache SVN repository.
ghen [Mon, 16 Jun 2008 08:51:43 +0000 (08:51 +0000)]
Pullup ticket 2424 - requested by tron
security patch + build fixes for net-snmp
- pkgsrc/net/net-snmp/Makefile 1.69-1.70
- pkgsrc/net/net-snmp/distinfo 1.44-1.46
- pkgsrc/net/net-snmp/files/cpu_dragonfly.c 1.3
- pkgsrc/net/net-snmp/patches/patch-ai 1.4-1.5
- pkgsrc/net/net-snmp/patches/patch-aj 1.5
- pkgsrc/net/net-snmp/patches/patch-ak 1.4
- pkgsrc/net/net-snmp/patches/patch-am 1.7
- pkgsrc/net/net-snmp/patches/patch-de 1.5
- pkgsrc/net/net-snmp/patches/patch-dk removed
- pkgsrc/net/net-snmp/patches/patch-ep 1.3
Module Name: pkgsrc
Committed By: christos
Date: Thu Jun 5 19:09:41 UTC 2008
Modified Files:
pkgsrc/net/net-snmp: Makefile distinfo
pkgsrc/net/net-snmp/files: cpu_dragonfly.c
pkgsrc/net/net-snmp/patches: patch-am patch-de
Added Files:
pkgsrc/net/net-snmp/patches: patch-ai patch-aj patch-ak
Log Message:
PR/36978: Hasso Tepper: Make net-snmp work on dragonfly.
While I am here make it run again on NetBSD (hi clown boy)
---
Module Name: pkgsrc
Committed By: tron
Date: Fri Jun 6 16:18:04 UTC 2008
Modified Files:
pkgsrc/net/net-snmp: distinfo
pkgsrc/net/net-snmp/patches: patch-ai
Removed Files:
pkgsrc/net/net-snmp/patches: patch-dk
Log Message:
Combine the to patches for "agent/mibgroup/mibII/ip.c" to make this
actually build.
---
Module Name: pkgsrc
Committed By: tron
Date: Thu Jun 12 13:32:24 UTC 2008
Modified Files:
pkgsrc/net/net-snmp: Makefile distinfo
pkgsrc/net/net-snmp/patches: patch-ep
Log Message:
Add patch for CVE-2008-0960 from the Net-SNMP project page on Sourceforge.
ghen [Fri, 13 Jun 2008 13:58:06 +0000 (13:58 +0000)]
Ticket #2422.
ghen [Fri, 13 Jun 2008 13:57:36 +0000 (13:57 +0000)]
Pullup ticket 2422 - requested by martti
latest update for clamav
- pkgsrc/mail/clamav/Makefile 1.84
- pkgsrc/mail/clamav/distinfo 1.52
- pkgsrc/mail/clamav/patches/patch-ah 1.15
- pkgsrc/mail/clamav/patches/patch-ba 1.3
Module Name: pkgsrc
Committed By: martti
Date: Tue Jun 10 08:23:54 UTC 2008
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
pkgsrc/mail/clamav/patches: patch-ah patch-ba
Log Message:
Updated mail/clamav to 0.93.1
* libclamav/petite.c: fix possible invalid memory access (bb#1000)
Reported by Damian Put
* clamdscan/clamdscan.c: don't show scan summary when clamd cannot be
contacted (bb#1041)
* libclamav/hashtab.[ch], scanners.c: avoid using C99 flexible array members
(bb #1039)
* libclamav/unzip.c: correct the previous fix
* libclamav/unzip.c: check for unprefixed bz2 - bb#1038
* libclamav/ole2_extract.c: revert last commit
* libclamav/ole2_extract.c: use cli_unlink
* libclamav/ole2_extract.c: partial scan of broken ole files
* contrib/init/RedHat: check for already running clamav-milter (bb #823)
* libclamav/regex: avoid name collisions on AIX (bb #947)
sync with libc: minor cleanups
* doc/clamdoc.tex: add a note about forking daemons (bb#906)
* libclamav/Makefile.am: link .la files first, this
should avoid linking to old libclamav as in bb #931
* libclamav/readdb.h: read daily.cfg stored inside .cld containers (bb#1006)
* libclamav/mbox.c, shared/network.c: prevent uninitialized use of hostent
structure (bb #1003).
* libclamav/mspack.c: downgrade some error messages (bb#911)
* clamav-milter: retrieve db version from daily.cld (bb#942)
* libclamav/scanners.c: don't return CL_EMAX* error codes to
applications (bb#1001)
* clamscan/manager.c: print information about clean files when the RAR
code is not compiled-in (bb#999)
* libclamav/unzip.c: remove detection of Suspect.Zip and
Exploit.Zip.ModifiedHeaders (bb#997)
* libclamav: scan for embedded PEs inside OLE2 files (bb#914)
* libclamav/cvd.c: add work-around for zlib issues with mixed data (bb#932)
* libclamav/others.h: explicitely cast some constants (bb#936)
* sigtool/sigtool.c: bb#938 (sigtool --list-sigs not working with .cld files)
* libclamav/dconf.h: fix flag code assignment (bb #952)
* libclamav/iana_tld.h, libclamav/phishcheck.c: update TLD list (bb #925)
tron [Sun, 8 Jun 2008 12:48:24 +0000 (12:48 +0000)]
Pullup tickets #2416, #2417, #2418 and #2420.
tron [Sun, 8 Jun 2008 12:46:49 +0000 (12:46 +0000)]
Pullup ticket #2420 - requested by tonnerre
Security patch for star
Revisions pulled up:
- archivers/star/Makefile 1.22
- archivers/star/distinfo 1.9
- archivers/star/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun Jun 8 02:40:38 UTC 2008
Modified Files:
pkgsrc/archivers/star: Makefile distinfo
Added Files:
pkgsrc/archivers/star/patches: patch-ad
Log Message:
Fix directory traversal vulnerability (CVE-2007-4134) in star.
tron [Sun, 8 Jun 2008 12:38:12 +0000 (12:38 +0000)]
Pullup ticket #2418 - requested by gdt
Security patch for exiv2
Revisions pulled up:
- graphics/exiv2/Makefile 1.18
- graphics/exiv2/distinfo 1.11
- graphics/exiv2/patches/patch-aa 1.1
---
Module Name: pkgsrc
Committed By: gdt
Date: Sat Jun 7 23:01:28 UTC 2008
Modified Files:
pkgsrc/graphics/exiv2: Makefile distinfo
Added Files:
pkgsrc/graphics/exiv2/patches: patch-aa
Log Message:
Add patch:
From upstream SVN, svn diff -r 1388:1399.
Fixes http://dev.robotbattle.com/bugs/view.php?id=0000546.
PKGREVISION++.
tron [Sun, 8 Jun 2008 12:25:43 +0000 (12:25 +0000)]
Pullup ticket #2416 - requested by obache
Security update for GraphicsMagick
Apply patch to update the package to version 1.1.14:
Significant changes associated with GraphicsMagick 1.1.14:
Bugs Fixed:
o Noise generation was not working correctly for anything but a Q8
build.
o Poisson noise generator was extremely slow. Now it is reasonably
fast.
o PDF reader now computes bounding box for rotated PDFs correctly.
Security Fixes:
o Cineon reader: Fixed crash with broken file from Sami Liedes.
o PICT reader: Fixed crash with broken files from Sami Liedes.
o XCF reader: Fixed crash with broken files from Sami Liedes.
Security Issue Not Fixed:
o JP2/JPC reader: Several JPEG-2000 files from Sami Liedes broken
collection cause crashes in Jasper. This is not GraphicsMagick's
fault.
Significant changes associated with GraphicsMagick 1.1.13:
Bugs Fixed:
o Documentation is now installed according to the conventions
established by the configure script. This results in documentation
being installed under /usr/local/share/doc/GraphicsMagick by default.
o HWB colorspace now works correctly.
o Composition with CopyOpacity now produces an image with
transparency (as expected).
o Composition now preserves the canvas colorspace.
o Composition with a displacement map (-displace) no longer leaks an
image.
o Alpha composition now works as expected when both pixels involved
include transparency.
o -gamma multiple channel syntax now works as documented.
o Now compiles with Visual C++ 2008.
tron [Sun, 8 Jun 2008 12:00:23 +0000 (12:00 +0000)]
Pullup ticket #2417 - requested by tonnerre
Security patches for mit-krb5
Revisions pulled up:
- security/mit-krb5/Makefile 1.43
- security/mit-krb5/distinfo 1.20
- security/mit-krb5/patches/patch-at 1.2
- security/mit-krb5/patches/patch-bh 1.1
- security/mit-krb5/patches/patch-bi 1.1
- security/mit-krb5/patches/patch-bj 1.1
- security/mit-krb5/patches/patch-bk 1.1
- security/mit-krb5/patches/patch-bl 1.1
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat Jun 7 23:58:11 UTC 2008
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
pkgsrc/security/mit-krb5/patches: patch-at
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bh patch-bi patch-bj
patch-bk patch-bl
Log Message:
Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
tron [Sun, 8 Jun 2008 11:47:13 +0000 (11:47 +0000)]
Pullup ticket #2417 - requested by tonnerre
Security patches for mit-krb5
Revisions pulled up:
- security/mit-krb5/Makefile 1.42
- security/mit-krb5/distinfo 1.17-1.19
- security/mit-krb5/patches/patch-ai 1.3-1.4
- security/mit-krb5/patches/patch-au 1.1-1.2
- security/mit-krb5/patches/patch-av 1.1-1.2
- security/mit-krb5/patches/patch-aw 1.1-1.2
- security/mit-krb5/patches/patch-ax 1.1-1.2
- security/mit-krb5/patches/patch-ay 1.1-1.2
- security/mit-krb5/patches/patch-az 1.1-1.2
- security/mit-krb5/patches/patch-ba 1.1-1.3
- security/mit-krb5/patches/patch-bb 1.1-1.2
- security/mit-krb5/patches/patch-bc 1.1-1.2
- security/mit-krb5/patches/patch-bd 1.1-1.2
- security/mit-krb5/patches/patch-be 1.1-1.2
- security/mit-krb5/patches/patch-bf 1.1
- security/mit-krb5/patches/patch-bg 1.1
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat Jun 7 18:36:07 UTC 2008
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av
patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd
patch-be
Log Message:
Add security patches for 3 Kerberos vulnerabilities:
- telnetd username and environment sanitizing vulnerabilities ("-f
root") as described in MIT Kerberos advisory 2007-001.
- krb5_klog_syslog() problems with overly long log strings as described
in MIT Kerberos advisory 2007-002.
- GSS API kg_unseal_v1() double free vulnerability as described in the
MIT Kerberos advisory 2007-003.
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat Jun 7 20:22:18 UTC 2008
Modified Files:
pkgsrc/security/mit-krb5: distinfo
pkgsrc/security/mit-krb5/patches: patch-ai patch-au patch-av
patch-aw patch-ax patch-ay patch-az patch-ba patch-bb patch-bc patch-bd
patch-be
Log Message:
Remove parts of a different security patch which slipped in but are not
supported yet. Don't bump revision as the package didn't build before.
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat Jun 7 22:26:10 UTC 2008
Modified Files:
pkgsrc/security/mit-krb5: distinfo
pkgsrc/security/mit-krb5/patches: patch-ba
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bf patch-bg
Log Message:
Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION
will be bumped again once some other patches are in.
rtr [Thu, 5 Jun 2008 12:26:10 +0000 (12:26 +0000)]
ticket #2414
rtr [Thu, 5 Jun 2008 12:25:24 +0000 (12:25 +0000)]
lost in previous
rtr [Thu, 5 Jun 2008 12:24:00 +0000 (12:24 +0000)]
pullup ticket #2414 - requested by tonnerre
openssl: DoS and double free fixes
revisions pulled up:
- pkgsrc/security/openssl/Makefile 1.132
- pkgsrc/security/openssl/distinfo 1.60
- pkgsrc/security/openssl/patches/patch-ab 1.12
- pkgsrc/security/openssl/patches/patch-ah 1.8
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue Jun 3 21:39:40 UTC 2008
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-ab patch-ah
Log Message:
Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g:
- Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a silent crash.
- Fix double free in TLS server name extensions which could lead to a
remote crash.
Patches from upstream.
rtr [Thu, 5 Jun 2008 12:04:59 +0000 (12:04 +0000)]
ticket #2413
rtr [Thu, 5 Jun 2008 12:04:37 +0000 (12:04 +0000)]
pullup ticket #2413 - requested by markd
emacs21: Fix for CVE-2008-2142
revisions pulled up:
- pkgsrc/editors/emacs21/Makefile 1.9
- pkgsrc/editors/emacs21/Makefile.common 1.5
- pkgsrc/editors/emacs21/distinfo 1.6
- pkgsrc/editors/emacs21/patches/patch-aw 1.1
- pkgsrc/editors/emacs21/patches/patch-ay 1.1
Module Name: pkgsrc
Committed By: markd
Date: Tue Jun 3 22:17:00 UTC 2008
Modified Files:
pkgsrc/editors/emacs21: Makefile Makefile.common distinfo
Added Files:
pkgsrc/editors/emacs21/patches: patch-aw patch-ay
Log Message:
Fix for CVE-2008-2142, automatically loading and executing .flc files.
rtr [Thu, 5 Jun 2008 11:58:17 +0000 (11:58 +0000)]
ticket #2399
rtr [Thu, 5 Jun 2008 11:57:46 +0000 (11:57 +0000)]
pullup ticket #2399 - requested by minskim
bootstrap script: --binary-macpkg option fix
revisions pulled up:
- pkgsrc/bootstrap/bootstrap 1.122,1.123
Module Name: pkgsrc
Committed By: minskim
Date: Tue Apr 29 22:03:19 UTC 2008
Modified Files:
pkgsrc/bootstrap: bootstrap
Log Message:
Make the --binary-macpkg option compatible with the other binary-kit options.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: minskim
Date: Wed Apr 30 03:14:55 UTC 2008
Modified Files:
pkgsrc/bootstrap: bootstrap
Log Message:
Set packagemaker so that the .pkg is built on Darwin.
This functionality disappeared when mkbinarykit was merged into bootstrap.
Still need to revive support for universal binary.
rtr [Thu, 5 Jun 2008 11:51:00 +0000 (11:51 +0000)]
ticket #2412
rtr [Thu, 5 Jun 2008 11:49:47 +0000 (11:49 +0000)]
pullup ticket #2412 - requested by markd
emacs: Fix for CVE-2008-2142
revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.113
- pkgsrc/editors/emacs/distinfo 1.37
- pkgsrc/editors/emacs/patches/patch-aw 1.4
Module Name: pkgsrc
Committed By: markd
Date: Mon Jun 2 21:09:48 UTC 2008
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
Added Files:
pkgsrc/editors/emacs/patches: patch-aw
Log Message:
Fix for CVE-2008-2142, automatically loading and executing .flc files.
ghen [Tue, 3 Jun 2008 11:21:55 +0000 (11:21 +0000)]
Ticket #2411.
ghen [Tue, 3 Jun 2008 11:21:04 +0000 (11:21 +0000)]
Pullup ticket 2411 - requested by drochner
security fix for imlib2
- pkgsrc/graphics/imlib2/Makefile 1.46
- pkgsrc/graphics/imlib2/distinfo 1.21
- pkgsrc/graphics/imlib2/patches/patch-cf 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Mon Jun 2 10:05:50 UTC 2008
Modified Files:
pkgsrc/graphics/imlib2: Makefile distinfo
Added Files:
pkgsrc/graphics/imlib2/patches: patch-cf
Log Message:
add a patch from redhat bugzilla (#449073) to fix the xpm half
of CVE-2008-2426, the pnm half was fixed in pkgsrc in 2006
bump PKGREVISION
tron [Mon, 2 Jun 2008 11:55:21 +0000 (11:55 +0000)]
Pullup ticket #2407.
tron [Mon, 2 Jun 2008 11:54:40 +0000 (11:54 +0000)]
Pullup ticket #2407 - requested by dholland
Security patch for uudeview
Revisions pulled up:
- converters/uudeview/Makefile 1.28
- converters/uudeview/distinfo 1.8
- converters/uudeview/patches/patch-ac 1.5
---
Module Name: pkgsrc
Committed By: dholland
Date: Sun Jun 1 21:49:56 UTC 2008
Modified Files:
pkgsrc/converters/uudeview: Makefile distinfo
Added Files:
pkgsrc/converters/uudeview/patches: patch-ac
Log Message:
Fix insecure-temporary-files, as reported in Debian bug 480972.
PKGREVISION++.
tron [Mon, 2 Jun 2008 09:42:11 +0000 (09:42 +0000)]
Pullup ticket #2406.
tron [Mon, 2 Jun 2008 09:40:37 +0000 (09:40 +0000)]
Pullup ticket #2406 - requested by dholland
Security patch for uulib
Revisions pulled up:
- converters/uulib/Makefile 1.42
- converters/uulib/distinfo 1.10
- converters/uulib/patches/patch-ab 1.3
- converters/uulib/patches/patch-ac 1.1
---
Module Name: pkgsrc
Committed By: dholland
Date: Sun Jun 1 21:46:37 UTC 2008
Modified Files:
pkgsrc/converters/uulib: Makefile distinfo
Added Files:
pkgsrc/converters/uulib/patches: patch-ab patch-ac
Log Message:
Fix insecure-temporary-files, as reported in Debian bug 480972.
PKGREVISION++.
tron [Mon, 2 Jun 2008 09:17:39 +0000 (09:17 +0000)]
Pullup ticket #2408.
tron [Mon, 2 Jun 2008 09:15:44 +0000 (09:15 +0000)]
Pullup ticket #2408 - requested by he
Security patch for perl
Revisions pulled up:
- lang/perl5/Makefile 1.137
- lang/perl5/distinfo 1.48
- lang/perl5/patches/patch-ad 1.11
- lang/perl5/patches/patch-af 1.13
- lang/perl5/patches/patch-ag 1.11
- lang/perl5/patches/patch-ai 1.5
- lang/perl5/patches/patch-aj 1.9
- lang/perl5/patches/patch-ak 1.3
- lang/perl5/patches/patch-da 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Sun Jun 1 22:04:07 UTC 2008
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
pkgsrc/lang/perl5/patches: patch-da
Added Files:
pkgsrc/lang/perl5/patches: patch-ad patch-af patch-ag patch-ai patch-aj
patch-ak
Log Message:
Apply a patch from Debian to fix the security vulnerability identified
by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927.
Patch fetched from
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
which, according to comments, is from upstream change 27688.
Revision bumped to nb8.
spz [Sun, 1 Jun 2008 09:37:29 +0000 (09:37 +0000)]
ticket #2401
spz [Sun, 1 Jun 2008 09:35:54 +0000 (09:35 +0000)]
Pullup ticket 2401 - requested by tonnerre
fix security problem in aterm
Revisions pulled up:
- pkgsrc/x11/aterm/patches/patch-aa 1.5
- pkgsrc/x11/aterm/distinfo 1.13
- pkgsrc/x11/aterm/Makefile 1.35
Module Name: pkgsrc
Committed By: tonnerre
Date: Tue May 27 21:46:53 UTC 2008
Modified Files:
pkgsrc/x11/aterm: Makefile distinfo
pkgsrc/x11/aterm/patches: patch-aa
Log Message:
Don't make any assumptions about default displays in aterm.
Fixes CVE-2008-1142.
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/x11/aterm/Makefile
cvs rdiff -r1.12 -r1.13 pkgsrc/x11/aterm/distinfo
cvs rdiff -r1.4 -r1.5 pkgsrc/x11/aterm/patches/patch-aa
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
spz [Fri, 30 May 2008 17:54:41 +0000 (17:54 +0000)]
ticket 2402
spz [Fri, 30 May 2008 17:53:02 +0000 (17:53 +0000)]
Pullup ticket 2402 - requested by tonnerre
fix build problem on MacOS X
Revisions pulled up:
- pkgsrc/print/teTeX3-bin/patches/patch-at 1.3
- pkgsrc/print/teTeX3-bin/distinfo 1.10
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 25 17:10:29 UTC 2008
Modified Files:
pkgsrc/print/teTeX3-bin: distinfo
pkgsrc/print/teTeX3-bin/patches: patch-at
Log Message:
Fix build of teTeX3-bin on MacOS X as described in PR 38635. Patch
tested by me and Matthias Kretschmer.
PKGREVISION not bumped because there is no change at all to the content.
To generate a diff of this commit:
cvs rdiff -r1.9 -r1.10 pkgsrc/print/teTeX3-bin/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/print/teTeX3-bin/patches/patch-at
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
spz [Fri, 30 May 2008 17:15:29 +0000 (17:15 +0000)]
ticket #2405
spz [Fri, 30 May 2008 17:13:43 +0000 (17:13 +0000)]
Pullup ticket 2405 - requested by mishka
fix build problem on NetBSD-current
Revisions pulled up:
- pkgsrc/lang/perl5/patches/patch-ae 1.11
- pkgsrc/lang/perl5/distinfo 1.47
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 28 22:24:22 UTC 2008
Modified Files:
pkgsrc/lang/perl5: distinfo
pkgsrc/lang/perl5/patches: patch-ae
Log Message:
Add missing single quote. Fixes build on -current.
To generate a diff of this commit:
cvs rdiff -r1.46 -r1.47 pkgsrc/lang/perl5/distinfo
cvs rdiff -r1.10 -r1.11 pkgsrc/lang/perl5/patches/patch-ae
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
tron [Thu, 29 May 2008 14:17:13 +0000 (14:17 +0000)]
Pullup ticket #2403.
tron [Thu, 29 May 2008 14:14:53 +0000 (14:14 +0000)]
Pullup ticket #2403 - requested by drochner
Security patch for samba
Revisions pulled up:
- net/samba/Makefile 1.182
- net/samba/distinfo 1.62
- net/samba/patches/patch-ea 1.1
- net/samba/patches/patch-eb 1.1
- net/samba/patches/patch-ec 1.1
- net/samba/patches/patch-ed 1.1
- net/samba/patches/patch-ee 1.1
- net/samba/patches/patch-ef 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 28 15:39:55 UTC 2008
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Added Files:
pkgsrc/net/samba/patches: patch-ea patch-eb patch-ec patch-ed patch-ee
patch-ef
Log Message:
add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
(heap buffer overflow in client code)
bump PKGREVISION
rtr [Tue, 27 May 2008 13:29:33 +0000 (13:29 +0000)]
ticket #2400
rtr [Tue, 27 May 2008 13:29:03 +0000 (13:29 +0000)]
pullup ticket #2400 - requested by tnn
stunnel: update package due to security issue
revisions pulled up:
- pkgsrc/security/stunnel/MESSAGE 1.1
- pkgsrc/security/stunnel/Makefile 1.62
- pkgsrc/security/stunnel/PLIST 1.10
- pkgsrc/security/stunnel/distinfo 1.24
- pkgsrc/security/stunnel/files/stunnel.sh 1.2
- pkgsrc/security/stunnel/patches/patch-aa 1.20
- pkgsrc/security/stunnel/patches/patch-ac r0
Module Name: pkgsrc
Committed By: tnn
Date: Tue May 27 11:51:32 UTC 2008
Modified Files:
pkgsrc/security/stunnel: Makefile PLIST distinfo
pkgsrc/security/stunnel/files: stunnel.sh
pkgsrc/security/stunnel/patches: patch-aa
Added Files:
pkgsrc/security/stunnel: MESSAGE
Removed Files:
pkgsrc/security/stunnel/patches: patch-ac
Log Message:
Update to stunnel-4.24.
4.24: fix security problem (properly reject revoked certs)
4.23: WinNT bugfix
4.22:
- A new global option to control logging to syslog.
Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size.
- Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
- A few bugs fixed the in the new libwrap support code.
- TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
4.21:
- Initial FIPS 140-2 support (see INSTALL.FIPS for details).
- Experimental fast support for non-MT-safe libwrap is provided
with pre-spawned processes.
- Stunnel binary moved from /usr/local/sbin to /usr/local/bin
in order to meet FHS and LSB requirements.
- Added code to disallow compiling stunnel with pthreads when
OpenSSL is compiled without threads support.
- Minor manual update.
- TODO file updated.
- Dynamic locking callbacks added (needed by some engines to work).
- AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments.
- On some systems libwrap requires yp_get_default_domain from libnsl,
additional checking for libnsl was added to the ./configure script.
- Sending a list of trusted CAs for the client to choose the right
certificate restored.
- Some compatibility issues with NTLM authentication fixed.
spz [Tue, 27 May 2008 09:31:33 +0000 (09:31 +0000)]
ticket #2371
spz [Tue, 27 May 2008 09:29:41 +0000 (09:29 +0000)]
Pullup ticket 2371 - requested by tonnerre
security fix for mplayer and gmplayer
Revisions pulled up:
- pkgsrc/multimedia/mplayer-share/distinfo 1.50
- pkgsrc/multimedia/mplayer-share/patches/patch-al 1.3
- pkgsrc/multimedia/mplayer/Makefile 1.59
- pkgsrc/multimedia/gmplayer/Makefile 1.70
- pkgsrc/multimedia/gmplayer/distinfo 1.56
Module Name: pkgsrc
Committed By: tonnerre
Date: Sun May 11 03:46:24 UTC 2008
Modified Files:
pkgsrc/multimedia/mplayer: Makefile
pkgsrc/multimedia/mplayer-share: distinfo
Added Files:
pkgsrc/multimedia/mplayer-share/patches: patch-al
Log Message:
Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow
in the RealRTSP SDP code which can be exploited to execute arbitrary
code remotely.
To generate a diff of this commit:
cvs rdiff -r1.58 -r1.59 pkgsrc/multimedia/mplayer/Makefile
cvs rdiff -r1.49 -r1.50 pkgsrc/multimedia/mplayer-share/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/multimedia/mplayer-share/patches/patch-al
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Mon May 19 20:55:51 UTC 2008
Modified Files:
pkgsrc/multimedia/gmplayer: Makefile distinfo
Log Message:
Add patches for CVE-2008-1558 for gmplayer
To generate a diff of this commit:
cvs rdiff -r1.69 -r1.70 pkgsrc/multimedia/gmplayer/Makefile
cvs rdiff -r1.55 -r1.56 pkgsrc/multimedia/gmplayer/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
rtr [Mon, 26 May 2008 07:51:21 +0000 (07:51 +0000)]
ticket #2398
rtr [Mon, 26 May 2008 07:50:33 +0000 (07:50 +0000)]
pullup ticket #2398 - requested by adrianp
snort: update for fixes & security vulnerability
revisions pulled up:
- pkgsrc/net/snort/Makefile 1.37
- pkgsrc/net/snort/PLIST 1.27
- pkgsrc/net/snort/distinfo 1.43
Module Name: pkgsrc
Committed By: adrianp
Date: Sun May 25 23:49:07 UTC 2008
Modified Files:
pkgsrc/net/snort: Makefile PLIST distinfo
Log Message:
Update to 2.8.1
Includes fix for CVE-2008-1804
[*] New Additions
* Target-Based support to allow rules to use an attribute table
describing services running on various hosts on the network.
Eliminates reliance on port-based rules.
* Support for GRE encapsulation for both IPv4 & IPv6.
* Support for IP over IP tunneling for both IPv4 & IPv6.
* SSL preprocessor to allow ability to not inspect encrypted traffic.
* Ability to read mulitple PCAPs from the command line.
* Support for new CVS rule detection options.
[*] Improvements
* Update to HTTP Inspect to identify overly long HTTP header fields.
* Updates to IPv6 support, including changes to avoid namespace
conflicts for certain Operating systems.
* Updates to address issues seen on various Sparc platforms.
* Stricter enforcement of shared object versions to avoid API
conflicts.
rtr [Fri, 23 May 2008 11:40:13 +0000 (11:40 +0000)]
ticket #2397
rtr [Fri, 23 May 2008 11:39:51 +0000 (11:39 +0000)]
pullup ticket #2397 - requested by tnn
gnutls: update for security fixes
revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.69
- pkgsrc/security/gnutls/distinfo 1.44
Module Name: pkgsrc
Committed By: tnn
Date: Thu May 22 13:18:52 UTC 2008
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to gnutls-2.2.5.
* Version 2.2.5 (released 2008-05-19)
Fix flaw in fix for GNUTLS-SA-2008-1-3.
* Version 2.2.4 (released 2008-05-19)
Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
[GNUTLS-SA-2008-1-1]
libgnutls: Fix crash when sending invalid server name.
[GNUTLS-SA-2008-1-2]
libgnutls: Fix crash when sending repeated client hellos.
[GNUTLS-SA-2008-1-3]
libgnutls: Fix crash in cipher padding decoding for invalid record
lengths.
* Version 2.2.3 (released 2008-05-06)
Increase default handshake packet size limit to 48kb.
Fix compilation error related to __FUNCTION__ on some systems.
Documented the --priority option to gnutls-cli and gnutls-serv.
Fix fopen file descriptor leak in PSK server code.
Build Guile code with -fgnu89-inline only when supported.
Make Camellia encryption work.
rtr [Fri, 23 May 2008 11:16:19 +0000 (11:16 +0000)]
ticket #2396
rtr [Fri, 23 May 2008 11:15:58 +0000 (11:15 +0000)]
pullup ticket #2396 - requested by tron
wterm: security fix
revisions pulled up:
- pkgsrc/x11/wterm/Makefile 1.35
- pkgsrc/x11/wterm/distinfo 1.11
- pkgsrc/x11/wterm/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: tron
Date: Thu May 22 12:30:44 UTC 2008
Modified Files:
pkgsrc/x11/wterm: Makefile distinfo
Added Files:
pkgsrc/x11/wterm/patches: patch-af
Log Message:
Don't try to use the X11 display ":0" if the display not defined because
":0" might not belong to current user. This fixes CVE-2008-1142.
rtr [Fri, 23 May 2008 10:26:16 +0000 (10:26 +0000)]
ticket #2392
rtr [Fri, 23 May 2008 10:25:50 +0000 (10:25 +0000)]
pullup ticket #2392 - requested by simonb, tron
libid3tag: fix end of string check
revisions pulled up:
- pkgsrc/audio/libid3tag/Makefile 1.22
- pkgsrc/audio/libid3tag/distinfo 1.4,1.5
- pkgsrc/audio/libid3tag/patches/patch-ab 1.1,1.2
Module Name: pkgsrc
Committed By: simonb
Date: Tue May 20 13:31:39 UTC 2008
Modified Files:
pkgsrc/audio/libid3tag: Makefile distinfo
Added Files:
pkgsrc/audio/libid3tag/patches: patch-ab
Log Message:
Check for end-of-string when parsing a stringlist field.
Problem and fix originally reported by Kentaro Oda to the mad-dev
mailing list.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109
for some more info.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed May 21 09:42:13 UTC 2008
Modified Files:
pkgsrc/audio/libid3tag: distinfo
pkgsrc/audio/libid3tag/patches: patch-ab
Log Message:
Fix broken URL and correct incorrect patch checksum.
ghen [Thu, 22 May 2008 14:02:26 +0000 (14:02 +0000)]
Tickets #2390, 2393, 2395.
ghen [Thu, 22 May 2008 14:01:10 +0000 (14:01 +0000)]
Pullup ticket 2395 - requested by tron
security fix for mtr
- pkgsrc/net/mtr/Makefile 1.49
- pkgsrc/net/mtr/distinfo 1.23
- pkgsrc/net/mtr/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: tron
Date: Thu May 22 12:10:49 UTC 2008
Modified Files:
pkgsrc/net/mtr: Makefile distinfo
Added Files:
pkgsrc/net/mtr/patches: patch-ac
Log Message:
Implement a fix for the security vulnerability reported in
<http://seclists.org/fulldisclosure/2008/May/0488.html>.
ghen [Thu, 22 May 2008 13:54:10 +0000 (13:54 +0000)]
Pullup ticket 2393 - requested by drochner
security fixes for libvorbis
- pkgsrc/audio/libvorbis/Makefile 1.47
- pkgsrc/audio/libvorbis/distinfo 1.15
- pkgsrc/audio/libvorbis/patches/patch-aa 1.3
- pkgsrc/audio/libvorbis/patches/patch-ab 1.3
Module Name: pkgsrc
Committed By: drochner
Date: Wed May 14 16:36:18 UTC 2008
Modified Files:
pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
pkgsrc/audio/libvorbis/patches: patch-aa patch-ab
Log Message:
pull some patches from upstream CVS to fix integer overflows /
buffer overflows (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423),
bump PKGREVISION
ghen [Thu, 22 May 2008 13:46:34 +0000 (13:46 +0000)]
Pullup ticket 2390 - requested by joerg
security fix for py-django
- pkgsrc/www/py-django/Makefile 1.11
- pkgsrc/www/py-django/distinfo 1.6
- pkgsrc/www/py-django/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Tue May 20 13:46:49 UTC 2008
Modified Files:
pkgsrc/www/py-django: Makefile distinfo
Added Files:
pkgsrc/www/py-django/patches: patch-aa
Log Message:
Fix a CSS issue in the login page of the admin module. Bump revision.
tron [Wed, 21 May 2008 16:20:51 +0000 (16:20 +0000)]
Pullup ticket #2394.
tron [Wed, 21 May 2008 16:20:33 +0000 (16:20 +0000)]
Pullup ticket 2394 - requested by ghen
Security update for thunderbird and thunderbird-gtk1
- mail/thunderbird-gtk1/Makefile 1.17
- mail/thunderbird/Makefile-thunderbird.common 1.35
- mail/thunderbird/distinfo 1.45
Module Name: pkgsrc
Committed By: ghen
Date: Tue May 20 11:51:55 UTC 2008
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo
Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.14 (2.0.0.13 was skipped to
stay on par with Firefox version numbering?)
Security fixes in this version:
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.14/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue May 20 11:52:50 UTC 2008
Modified Files:
pkgsrc/mail/thunderbird-gtk1: Makefile
Log Message:
Unbump PKGREVISION for 2.0.0.14 update.
tron [Wed, 21 May 2008 13:02:17 +0000 (13:02 +0000)]
Pullup ticket #2391.
tron [Wed, 21 May 2008 13:01:02 +0000 (13:01 +0000)]
Pullup ticket 2391 - requested by joerg
Security fix for lighttpd
Revisions pulled up:
- www/lighttpd/Makefile 1.21
- www/lighttpd/distinfo 1.14
- www/lighttpd/patches/patch-aa 1.9
- www/lighttpd/patches/patch-ac 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Fri Apr 25 19:58:17 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa patch-ac
Log Message:
Fix a potential DOS when using SSL. Bump revision.
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue May 20 14:22:50 UTC 2008
Modified Files:
pkgsrc/www/lighttpd: Makefile
Log Message:
Belatedly bump revision for CVE-2008-1531 fix.
tron [Mon, 19 May 2008 17:39:20 +0000 (17:39 +0000)]
Pullup ticket #2386.
tron [Mon, 19 May 2008 17:35:17 +0000 (17:35 +0000)]
Pullup ticket 2386 - requested by tonnerre
security update for blender
Revisions pulled up:
- graphics/blender/Makefile 1.61
- graphics/blender/patches/patch-ae 1.7
- graphics/blender/distinfo 1.24
- graphics/blender/patches/patch-af 1.6
- graphics/blender/patches/patch-ag 1.6
Module Name: pkgsrc
Committed By: tonnerre
Date: Sat May 17 10:33:15 UTC 2008
Modified Files:
pkgsrc/graphics/blender: Makefile distinfo
Added Files:
pkgsrc/graphics/blender/patches: patch-ae patch-af patch-ag
Log Message:
Fix CVEs CVE-2008-1102 and CVE-2008-1102 for blender:
- Fix arbitrary code execution vulnerability in .bend files which
contain a crafted RGBE file (CVE-2008-1102).
- Create various temporary files in safer paths (CVE-2008-1103).
spz [Sun, 18 May 2008 15:47:32 +0000 (15:47 +0000)]
pullup tickets #2388 and #2389
spz [Sun, 18 May 2008 15:46:13 +0000 (15:46 +0000)]
Pullup ticket 2389 - requested by tron
security update for tk
Revisions pulled up:
- pkgsrc/x11/tk/Makefile.version 1.8
- pkgsrc/x11/tk/PLIST 1.10
- pkgsrc/x11/tk/distinfo 1.32
Module Name: pkgsrc
Committed By: bjs
Date: Mon Apr 7 15:14:10 UTC 2008
Modified Files:
pkgsrc/x11/tk: Makefile.version PLIST distinfo
Log Message:
Update to version 8.4.18. Way too many changes to list here--please
see ChangeLog. Insofar as I can tell, all of the changes are bug fixes
(and some backports from HEAD for Darwin).
To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/x11/tk/Makefile.version
cvs rdiff -r1.9 -r1.10 pkgsrc/x11/tk/PLIST
cvs rdiff -r1.31 -r1.32 pkgsrc/x11/tk/distinfo
spz [Sun, 18 May 2008 15:34:59 +0000 (15:34 +0000)]
Pullup ticket 2388 - requested by tron
security update for tcl
Revisions pulled up:
- pkgsrc/lang/tcl/Makefile.version 1.8
- pkgsrc/lang/tcl/distinfo 1.42
Module Name: pkgsrc
Committed By: bjs
Date: Mon Apr 7 15:16:40 UTC 2008
Modified Files:
pkgsrc/lang/tcl: Makefile.version distinfo
Log Message:
Update to version 8.4.18. Distilled list of non-Windows changes:
* generic/tclInterp.c (Tcl_GetAlias): fix for [Bug 1882373]
* generic/regguts.h, generic/regc_color.c, generic/regc_nfa.c:
Fixes for problems created when processing regular expressions that
generate very large automata. An enormous number of thanks to Will
Drewry <wad@google.com>, Tavis Ormandy <taviso@google.com>, and Tom
Lane <tgl@sss.pgh.pa.us> from the Postgresql crowd for their help in
tracking these problems down. [Bug 1810264]
* unix/tclUnixCompat.c (TclpGetHostByName): Really applied
the change noted on 2007-11-13 by dkf below.
* generic/tclIOUtil.c (TclGetOpenMode): Only set the O_APPEND flag
* tests/ioUtil.test (ioUtil-4.1): on a channel for the 'a'
mode and not for 'a+'. [Bug 1773127] (backport from HEAD)
* generic/tclCmdIL.c (Tcl_LsearchObjCmd): Prevent shimmering crash
when -exact and -integer/-real are mixed. [Bug 1844789]
* generic/tclThread.c: Back-port locking changes from Tcl8.5
in Tcl_Mutex/ConditionFinlize. Now we properly master-lock
the finalization of sync primitives.
* generic/regc_nfa.c: Fixed infinite loop in the regexp compiler
* generic/regcomp.c: [Bug 1810038]. Corrected looping logic in
* tests/regexp.test: fixempties() to avoid wasting time walking a
list of dead states [Bug 1832612]. Convert optst() from expensive
no-op to a cheap no-op. Improve newline usage in debug output.
* unix/tclUnixCompat.c (TclpGetHostByName): The six-argument form of
getaddressbyname_r() uses the fifth argument to indicate whether the
lookup succeeded or not on at least one platform. [Bug 1618235]
* generic/regc_lex.c (lexescape): Ensure that backreference numbers
can't overflow a signed int in a way that breaks things. [Bug 1810264]
* generic/tclParse.c (Tcl_ParseBraces): fix for possible read
after the end of buffer, [Bug 1813528] (Joe Mistachkin).
* generic/tclObj.c (Tcl_FindCommandFromObj): fix finding a deleted
command; cannot trigger this from Tcl itself, but crash reported
on xotcl. This check is new to 8.4 but exists in 8.5, so this is a
backport or something. Thanks Gustaf Neumann.
* generic/tcl.h (Tcl_DecrRefCount): Update change from 2006-05-29
to make macro more warning-robust in unbraced if code.
To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/lang/tcl/Makefile.version
cvs rdiff -r1.41 -r1.42 pkgsrc/lang/tcl/distinfo
spz [Sun, 18 May 2008 15:12:48 +0000 (15:12 +0000)]
pullup ticket #2387