gitweb.dragonflybsd.org Git

Pullup ticket #2726.

Pullup ticket #2726 - requested by tnn
firefox3: security update

Revisions pulled up:
- www/firefox3/Makefile 1.26
- www/firefox3/distinfo 1.18
---
Module Name: pkgsrc
Committed By: tnn
Date: Sat Mar 28 16:51:45 UTC 2009

Modified Files:
pkgsrc/www/firefox3: Makefile distinfo

Log Message:
Update to firefox3-3.0.8.
Security update for MFSA2009-12 and MFSA2009-13.

Pullup ticket #2725.

Pullup ticket #2725 - requested by kefren
weechat: security update

Revisions pulled up:
- chat/weechat/Makefile 1.21
- chat/weechat/distinfo 1.14
---
Module Name: pkgsrc
Committed By: tonio
Date: Sun Mar 22 10:32:41 UTC 2009

Modified Files:
pkgsrc/chat/weechat: Makefile distinfo

Log Message:
Update chat/weechat to 0.2.6.1

This version fixes a major bug: crash with some special chars in IRC
messages.

Pullup tickets #2723 and #2724.

Pullup ticket #2724 - requested by martti
ejabberd: security update

Revisions pulled up:
chat/ejabberd/Makefile 1.8-1.9
chat/ejabberd/PLIST 1.5
chat/ejabberd/distinfo 1.6-1.7
chat/ejabberd/patches/patch-aa 1.4
chat/ejabberd/patches/patch-ac 1.4
chat/ejabberd/patches/patch-ad 1.3
chat/ejabberd/patches/patch-ah 1.2
chat/ejabberd/patches/patch-ai 1.2
---
Module Name:    pkgsrc
Committed By:   joerg
Date:           Mon Feb  9 23:05:02 UTC 2009

Modified Files:
         pkgsrc/chat/ejabberd: Makefile distinfo
         pkgsrc/chat/ejabberd/patches: patch-aa

Log Message:
Don't create /var/spool/... at install time, the scripts will take care
of it. Mark as user-destdir after that.
---
Module Name: pkgsrc
Committed By: martti
Date: Sun Mar 22 10:39:44 UTC 2009

Modified Files:
pkgsrc/chat/ejabberd: Makefile PLIST distinfo
pkgsrc/chat/ejabberd/patches: patch-ac patch-ad patch-ah patch-ai

Log Message:
Updated chat/ejabberd to 2.0.4

This version is a maintenance release containing 20 bugfixes and improvements.

http://secunia.com/advisories/34340/

Pullup ticket #2723 - requested by rafal
cheese: bug fix

Revisions pulled up:
- graphics/cheese/Makefile 1.11 via patch
- graphics/cheese/distinfo 1.9
- graphics/cheese/patches/patch-ab 1.6
---
Module Name:    pkgsrc
Committed By:   jmorse
Date:           Fri Feb  6 17:01:49 UTC 2009

Modified Files:
        pkgsrc/doc: CHANGES-2009
        pkgsrc/graphics/cheese: distinfo
        pkgsrc/graphics/cheese/patches: patch-ab

Log Message:
Updated graphics/cheese to 2.24.3nb1, fixes detection of webcams through hal.
---
Module Name:    pkgsrc
Committed By:   jmorse
Date:           Fri Feb  6 17:46:02 UTC 2009

Modified Files:
        pkgsrc/graphics/cheese: Makefile

Log Message:
Bump cheese PKGREVISION

Pullup ticket #2721.

Pullup ticket #2721 - requested by adrianp
php5: security update

Revisions pulled up:
- lang/php5/MESSAGE.suhosin 1.1 via patch
- lang/php5/Makefile 1.71 via patch
- lang/php5/Makefile.common 1.35
- lang/php5/Makefile.php 1.33-1.34
- lang/php5/PLIST 1.21
- lang/php5/distinfo 1.61-1.62
- lang/php5/patches/patch-an patch
- lang/php5/patches/patch-ar patch
- lang/php5/patches/patch-as delete
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Mar  2 22:52:17 UTC 2009

Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common Makefile.php PLIST distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-as

Log Message:
The PHP development team would like to announce the immediate availability of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.9:

    * Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
    * Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
    * Fixed explode() behavior with empty string to respect negative limit. (Shire)
    * Fixed a segfault when malformed string is passed to json_decode(). (Scott)

Key enhancements in PHP 5.2.9 include:

    * Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
    * Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
    * A number of fixes in the mbstring extension (Moriyoshi)
    * Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
    * Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
    * Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)
    * Fixed bug #46889 (Memory leak in strtotime()). (Derick)
    * Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)
    * Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
    * Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
    * Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
    * Over 50 bug fixes.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Mar  5 23:22:24 UTC 2009

Modified Files:
pkgsrc/lang/php5: Makefile.php distinfo

Log Message:
Add back suhosin patch as a new one for 5.2.9 is out

Pullup ticket #2722.

Pullup ticket 2722 - requested by bouyer
curl: build fix

Revisions pulled up:
- www/curl/Makefile patch
- www/curl/distinfo patch
- www/curl/patches/patch-ab patch
- www/curl/patches/patch-ac patch
- www/curl/patches/patch-ad patch
- www/curl/patches/patch-ae patch
- www/curl/patches/patch-af patch
---
The security patch for CVE-2009-0037 has changed on the master site which
changed the checksum and size of "curl-7.18.1-CVE-2009-0037.patch".
Update to the latest version and integrate it directly to avoid further
build breaks.

ticket #2718

pullup ticket #2718 - requested by tron
firefox3: update package

revisions pulled up:
pkgsrc/www/firefox3/Makefile 1.24
pkgsrc/www/firefox3/distinfo 1.17

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Thu Mar  5 15:44:02 UTC 2009

   Modified Files:
           pkgsrc/www/firefox3: Makefile distinfo

   Log Message:
   Update "firefox" package to version 3.0.7. Changes since version 3.0.6:
   - Fixed several security issues.
   - Fixed several stability issues.
   - Official releases for the Estonian, Kannada and Telugu languages are
     now available.
   - Items in the "File" menu show as inactive after using the "Print" item
     from that menu - switching to a new tab restores them (bug 425844).
     This issue has been fixed.
   - For some users, cookies would appear to go ???missing??? after a few days
     (bug 444600).
   - Mac users of the Flashblock add-on, experienced an issue where sound
     from the Flash plug-in would continue to play for a short time after
     closing a tab or window (bug 474022).
   - Fixed several issues related to accessibility features.

ticket #2716

pullup ticket #2716 - requested by tron
curl: fix for security vulnerability

revisions pulled up:
pkgsrc/www/curl/Makefile patch provided
pkgsrc/www/curl/distinfo patch provided

http://curl.haxx.se/docs/adv_20090303.html

Pullup ticket #2719.

Pullup ticket #2719 - requested by tnn
ns-flash: security update

Revisions pulled up:
- multimedia/ns-flash/Makefile 1.32
- multimedia/ns-flash/distinfo 1.18
---
Module Name: pkgsrc
Committed By: tnn
Date: Fri Mar 6 19:10:52 UTC 2009

Modified Files:
pkgsrc/multimedia/ns-flash: Makefile distinfo

Log Message:
distfile changed on master site, so welcome to ns-flash-9.0.159.
Changes unknown but this is probably an update for CVE-2009-0520.

Pullup ticket #2713.

Pullup ticket #2713 - requested by jmcneill
hal: bug fixes

Revisions pulled up:
- sysutils/hal/Makefile 1.31-1.38
- sysutils/hal/PLIST 1.4
- sysutils/hal/distinfo 1.12
- sysutils/hal/files/hald-netbsd/devinfo_optical.c 1.4
- sysutils/hal/files/hald-netbsd/envsys.c 1.5
- sysutils/hal/patches/patch-aq 1.1
---
Module Name:    pkgsrc
Committed By:   jmcneill
Date:           Sun Jan 18 13:53:33 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile
        pkgsrc/sysutils/hal/files/hald-netbsd: devinfo_optical.c

Log Message:
Optical media handling needs block.storage_device too; add this to
improve KDE4 compatibility. Bump PKGREVISION.
---
Module Name:    pkgsrc
Committed By:   sketch
Date:           Fri Jan 23 11:13:38 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile distinfo
Added Files:
        pkgsrc/sysutils/hal/patches: patch-aq

Log Message:
Couple of hacks to get Sun Studio compile working.
---
Module Name:    pkgsrc
Committed By:   tron
Date:           Sun Jan 25 16:20:37 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile PLIST

Log Message:
Fix (de-)installation if "PKG_SYSCONFBASE" is set. Bump package revision
because of this package list change.

Reviewed by Jared McNeill.
---
Module Name:    pkgsrc
Committed By:   ahoka
Date:           Sat Feb 28 14:00:23 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile
Added Files:
        pkgsrc/sysutils/hal: INSTALL

Log Message:
Create /media automatically, so hald mount actually works
without manual labour. Bump revision.
---
Module Name:    pkgsrc
Committed By:   ahoka
Date:           Sat Feb 28 14:54:23 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile
Removed Files:
        pkgsrc/sysutils/hal: INSTALL

Log Message:
Use MAKE_DIRS and OWN_DIRS instead of INSTALL as suggested by Joerg.
---
Module Name:    pkgsrc
Committed By:   ahoka
Date:           Sat Feb 28 15:54:29 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile

Log Message:
The OWN_DIRS shouldnt be there.
Thanks goes again to Joerg.
---
Module Name:    pkgsrc
Committed By:   jmcneill
Date:           Sun Mar  1 18:22:31 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile
        pkgsrc/sysutils/hal/files/hald-netbsd: envsys.c

Log Message:
Plug a memory leak in envsys_timeout; the caller of prop_dictionary_all_keys
is responsible for freeing allocated memory. Bump PKGREVISION.
---
Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Mar  2 11:36:33 UTC 2009

Modified Files:
        pkgsrc/sysutils/hal: Makefile

Log Message:
Actually substitute "PKG_SYSCONFBASE" in the package list. Bump package
revisions as this affects the binary package.

Pullup tickets #2715 and #2717.

Pullup ticket #2717 - requested by tnn
libsndfile: security patch

Add patch to fix the vulnerability reported in CVE-2009-0186.

Pullup ticket #2715 - requested by sborrill
samba: bug fix

Revisions pulled up:
- net/samba/Makefile 1.188
- net/samba/distinfo 1.66
- net/samba/patches/patch-at 1.11
- net/samba/patches/patch-au 1.10
---
Module Name: pkgsrc
Committed By: sborrill
Date: Tue Mar 3 17:50:49 UTC 2009

Modified Files:
pkgsrc/net/samba: Makefile distinfo
pkgsrc/net/samba/patches: patch-at patch-au

Log Message:
Rework detection of getifaddrs() code so that it precedes the AIX method as
AIX method was being chosen in preference (on NetBSD 5.0 at least). This
broke net and rpcclient, etc. as they failed to enumerate interfaces
correctly.

Pullup ticket #2714.

Pullup ticket #2714 - requested by kefren
optipng: security patch

Revisions pulled up:
- graphics/optipng/Makefile 1.17
- graphics/optipng/distinfo 1.13
- graphics/optipng/patches/patch-ab 1.5
- graphics/optipng/patches/patch-ad 1.3
- graphics/optipng/patches/patch-ae 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Mon Mar  2 06:20:34 UTC 2009

Modified Files:
pkgsrc/graphics/optipng: Makefile distinfo
Added Files:
pkgsrc/graphics/optipng/patches: patch-ab patch-ad patch-ae

Log Message:
Add patches from upstream in order to update to 0.6.2.1

Changes:

   * Fix SA34035: Use after free error that can be used to execute arbitrary
     code via a specially crafted GIF image

Pullup ticket #2712.

Pullup ticket 2712 - requested by wiz
gnome-power-manager: bug fix update

Revisions pulled up;
- sysutils/gnome-power-manager/Makefile 1.3-1.5
- sysutils/gnome-power-manager/distinfo 1.2-1.3
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Jan 6 18:44:03 UTC 2009

Modified Files:
pkgsrc/sysutils/gnome-power-manager: Makefile

Log Message:
avoid pichink up docbook2man on build
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jan 17 12:53:26 UTC 2009

Modified Files:
pkgsrc/sysutils/gnome-power-manager: Makefile distinfo

Log Message:
Update to 2.24.3:

==============
Version 2.24.3
==============

- Fixed #562836, GPM OSD does not popup on machines that support keys in HW but not in xrandr (Mario Limonciello)
- Fixed #562900, gnome power manager keeps using xrandr backend after failed calls (Mario Limonciello)
- Reset the event time after we resume so the duplicate key detection code works correctly (Adel Gadllah)

Translations:
- Updated et: Ivar Smolin
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Feb 24 15:14:01 UTC 2009

Modified Files:
pkgsrc/sysutils/gnome-power-manager: Makefile distinfo

Log Message:
Update to 2.24.4, convert to user-destdir.

==============
Version 2.24.4
==============

- Fixed #562576, Battery profile is not saved correctly (Stephen Gildea and Joe)
- Fixed #566115, Fails to build on sparc (Josselin Mouette)
- Fixed #569100, When brightness is to 0, pressing one more brightness causes hang (Fortunato Ventre)
- Fixed #566095, Don't step through each brightness state when we fade modes (Richard Hughes)

ticket #2711

pullup ticket #2711 - requested by drochner
privoxy: update for security fix

revisions pulled up:
pkgsrc/www/privoxy/Makefile 1.35,1.36
pkgsrc/www/privoxy/files/privoxy.sh 1.4,1.5
pkgsrc/www/privoxy/distinfo 1.9
pkgsrc/www/privoxy/patches/patch-af 1.1

   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Mon Feb  2 20:00:41 UTC 2009

   Modified Files:
           pkgsrc/www/privoxy: Makefile
           pkgsrc/www/privoxy/files: privoxy.sh

   Log Message:
   PR/40532 - Cem Kayali -- group permissions too broad
   Just fixing security issue, will leave pkg update for MAINTAINER for now.

------------------------------------------------------------------------
   Module Name:   pkgsrc
   Committed By:  drochner
   Date:          Wed Feb  4 21:20:39 UTC 2009

   Modified Files:
          pkgsrc/www/privoxy: Makefile distinfo
          pkgsrc/www/privoxy/files: privoxy.sh
   Added Files:
          pkgsrc/www/privoxy/patches: patch-af

   Log Message:
   give up supplementary group memberships on uid/gid switch, fixes
   unexpected privileges reported in PR pkg/40532 by Cem Kayali,
   the issue is being discussed with upstream,
   thanks to Cem for detailed reports,
   also back out explicit passing of PRIVOXY_GROUP to the program --
   while it does not hurt it is redundant because PRIVOXY_GROUP is already
   the primary group of PRIVOXY_USER

ticket #2710

pullup ticket #2710 - requested by wiz
pan: update package for fixes

revisions pulled up:
pkgsrc/news/pan/Makefile 1.54
pkgsrc/news/pan/PLIST 1.10
pkgsrc/news/pan/distinfo 1.18
pkgsrc/news/pan/patches/patch-aa r0

   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Tue Feb 24 12:24:48 UTC 2009

   Modified Files:
           pkgsrc/news/pan: Makefile PLIST distinfo
   Removed Files:
           pkgsrc/news/pan/patches: patch-aa

   Log Message:
   Update to 0.133:

   0.133 "House of Butterflies"
    535413 fix heap overflow in pan when parsing .nzb files (Pavel Polischouk)
    467446 image viewer truncates image (Aaron Von Gauss)
    540798 handle NNTP server '203 Streaming OK' responses (Mark Beach)
    524620 compile fails on glib 2.16: g_assert moved to gtestutils.h (Duncan)
    527852 use po/LINGUAS (Gilles Dartiguelongue)
    482140 get last N days' headers fails when no headers in N days (Anonymous)
    514167 'post' window doesn't fit on 800x480 display (Alexey Zakhlestin)
    541704 pan uses deprecated `hash_set' class (Charles)
    527853 unit test 'scorefile-test' fails on sparc (Ferris McCormick)

Pullup tickets #2708 and #2709.

Pullup ticket #2708 - requested by:
mldonkey: security update
mldonkey-gui: security update

Revisions pulled up:
- net/mldonkey/Makefile 1.46-1.48
- net/mldonkey/Makefile.common 1.34-1.36
- net/mldonkey/distinfo 1.46-1.48
- net/mldonkey-gui/Makefile 1.27
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jan 24 12:59:28 UTC 2009

Modified Files:
pkgsrc/net/mldonkey: Makefile.common distinfo

Log Message:
Update to 2.9.7:

2009/01/20: version 2.9.7 = tag release-2-9-7
6727: Web_infos: Replace old GeoIP URL with new one
- old code added the new URL, even if GeoIP was not present in web_infos

2009/01/04
6714: BT: Fix bug when computing limits for max_bt_uploaders
6713: GeoIP: New web_infos URL for country list (thx to Choby)
- old URLs are updated to:
http://www.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

2008/12/13
6689: Allow compilation with Ocaml 3.11.0

2008/09/01
6629: Mail: Move hostname from subject to body (eydaimon)
Updated Mozilla protocol handler to version 2.5
- original source from http://www.informatik.uni-oldenburg.de/~dyna/mldonkey
6628: IP discover: Use http://whatismyip.org, old URL is not working anymore
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Feb 16 13:11:41 UTC 2009

Modified Files:
pkgsrc/net/mldonkey: Makefile Makefile.common
pkgsrc/net/mldonkey-gui: Makefile

Log Message:
Convert to user-destdir.
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Feb 24 22:50:45 UTC 2009

Modified Files:
pkgsrc/net/mldonkey: Makefile distinfo
Added Files:
pkgsrc/net/mldonkey/patches: patch-aa

Log Message:
Add patch fixing security problem from upstream.

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Feb 25 23:39:37 UTC 2009

Modified Files:
pkgsrc/net/mldonkey: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/net/mldonkey/patches: patch-aa

Log Message:
Update to 3.0.0:

2009/02/24: version 3.0.0 = tag release-3-0-0
6754: Fix local file access bug in internal http server
- this is an urgent security related bug-fix and effects
all MLDonkey versions >= 2.8.4
6752: Optimized implementation of the ip_set module (cbah)
6736: Add/fix some copyright texts

Pullup ticket #2709 - requested by sborrill
php-imap: bug fix

Revisions pulled up:
- lang/php5/distinfo 1.60 (via patch)
- lang/php5/patches/patch-as 1.4
- mail/php-imap/Makefile 1.18
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Feb 25 08:59:47 UTC 2009

Modified Files:
pkgsrc/lang/php5: distinfo
pkgsrc/mail/php-imap: Makefile
Added Files:
pkgsrc/lang/php5/patches: patch-as

Log Message:
Fix memory leak and pullup bug fix for http://bugs.php.net/bug.php?id=46918

Remove this patch when PHP >= 5.2.9 is released as it will contain these
changes

Bump PKGREVISION of php-imap

Pullup ticket #2706 and #2707.

Pullup ticket #2707 - requested by martti
mediawiki: bug fix update

Revisions pulled up:
- www/mediawiki/Makefile 1.5
- www/mediawiki/distinfo 1.4
---
Module Name: pkgsrc
Committed By: martti
Date: Sun Feb 22 11:58:57 UTC 2009

Modified Files:
pkgsrc/www/mediawiki: Makefile distinfo

Log Message:
Updated www/mediawiki to 1.13.5

This is a maintenance release which corrects some bugs in the installer,
introduced during the hasty security release of 1.13.4. It is not
necessary to upgrade if you do not intend on using the installer.

Pullup ticket #2706 - requested by adrianp
pdksh: bug fix

Revisions pulled up:
- shells/pdksh/Makefile 1.18
- shells/pdksh/files/c_ulimit.c 1.4
- shells/pdksh/files/lex.c 1.4
---
Module Name: pkgsrc
Committed By: tnn
Date: Sat Feb 21 20:06:30 UTC 2009

Modified Files:
pkgsrc/shells/pdksh: Makefile
pkgsrc/shells/pdksh/files: c_ulimit.c lex.c

Log Message:
Merge the following revisions from NetBSD src:
c_ulimit.c 1.9: avoid sign extension problem
lex.c 1.13: bugfix related to nested quotes
Bump PKGREVISION.

Note pullup of ticket #2702.

Pullup ticket #2702 - requested by martti
dovecot: bug fix update

Revisions pulled up:
- mail/dovecot/Makefile 1.128
- mail/dovecot/distinfo 1.93
---
Module Name:    pkgsrc
Committed By:   ghen
Date:           Wed Feb  4 18:36:54 UTC 2009

Modified Files:
         pkgsrc/mail/dovecot: Makefile distinfo

Log Message:
Update to Dovecot 1.1.11.

- IMAP: PERMANENTFLAGS list didn't contain \*, causing some clients
   not to save keywords.
- dbox: INTERNALDATE and save date was returned wrong for converted
   maildir files.
- auth: Using "username" or "domain" passdb fields caused problems
   with cache and blocking passdbs in v1.1.8 .. v1.1.10.
- userdb prefetch + blocking passdbs was broken with non-plaintext
   auth in v1.1.8 .. v1.1.10.
- If mail_chroot is set, don't fail at startup in dump-capability.

Pullup ticket #2705.

Pullup ticket #2705 - requested by he
emacs: build fix

Revisions pulled up:
- editors/emacs/hacks.mk 1.3
---
Module Name: pkgsrc
Committed By: markd
Date: Wed Jan 28 11:36:34 UTC 2009

Modified Files:
pkgsrc/editors/emacs: hacks.mk

Log Message:
Seems the hack is needed for 4.0/x86_64 as well. See Manuel Bouyer's
bulk builds.

Pullup ticket #2704.

Pullup ticket #2704 - requested by he
liboil: build fix

Revisions pulled up:
- devel/liboil/Makefile 1.20
- devel/liboil/distinfo 1.16
- devel/liboil/patches/patch-ad 1.4
---
Module Name: pkgsrc
Committed By: he
Date: Sat Feb 21 14:39:03 UTC 2009

Modified Files:
pkgsrc/devel/liboil: Makefile distinfo
Added Files:
pkgsrc/devel/liboil/patches: patch-ad

Log Message:
Upgrade from version 0.3.15 to 0.3.15nb1.

Pkgsrc changes:
o Provide proper detection of altivec on NetBSD powerpc ports.
As an added bonus, this now builds on NetBSD/macppc 3.1 where
it didn't earlier.

Pullup ticket #2703.

Pullup ticket #2703 - requested by wiz
png: security update

Revisions pulled up:
- graphics/png/Makefile 1.111-1.112
- graphics/png/distinfo 1.55-1.56
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan  5 20:22:26 UTC 2009

Modified Files:
pkgsrc/graphics/png: Makefile distinfo

Log Message:
Update to 1.2.34:

version 1.2.34beta01 [November 27, 2008]
  Revised png_warning() to write its message on standard output by default
    when warning_fn is NULL. This was the behavior prior to libpng-1.2.9beta9.
  Fixed string vs pointer-to-string error in png_check_keyword().
  Added png_check_cHRM_fixed() in png.c and moved checking from pngget.c,
    pngrutil.c, and pngwrite.c, and eliminated floating point cHRM checking.
  Added check for zero-area RGB cHRM triangle in png_check_cHRM_fixed().
  In png_check_cHRM_fixed(), ensure white_y is > 0, and removed redundant
    check for all-zero coordinates that is detected by the triangle check.
  Revised png_warning() to write its message on standard output by default
    when warning_fn is NULL.

version 1.2.34beta02 [November 28, 2008]
  Corrected off-by-one error in bKGD validity check in png_write_bKGD()
    and in png_handle_bKGD().

version 1.2.34beta03 [December 1, 2008]
  Revised bKGD validity check to use >= x instead of > x + 1
  Merged with png_debug from libpng-1.4.0 to remove newlines.

version 1.2.34beta04 [December 2, 2008]
  More merging with png_debug from libpng-1.4.0 to remove newlines.

version 1.2.34beta05 [December 5, 2008]
  Removed redundant check for key==NULL before calling png_check_keyword()
    to ensure that new_key gets initialized and removed extra warning
    (Arvan Pritchard).

version 1.2.34beta06 [December 9, 2008]
  In png_write_png(), respect the placement of the filler bytes in an earlier
    call to png_set_filler() (Jim Barry).

version 1.2.34beta07 [December 9, 2008]
  Undid previous change and added PNG_TRANSFORM_STRIP_FILLER_BEFORE and
    PNG_TRANSFORM_STRIP_FILLER_AFTER conditionals and deprecated
    PNG_TRANSFORM_STRIP_FILLER (Jim Barry).

version 1.0.42rc01, 1.2.34rc01 [December 11, 2008]
  No changes.

version 1.0.42, 1.2.34 [December 18, 2008]
  No changes.
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Feb 19 13:13:53 UTC 2009

Modified Files:
pkgsrc/graphics/png: Makefile distinfo

Log Message:
update to 1.2.35
change: fix pointer initialization (SA33970)

ticket #2697, #2700

pullup ticket #2700 - requested by tron
net-snmp: security fix

revisions pulled up:
pkgsrc/net/net-snmp/Makefile 1.76
pkgsrc/net/net-snmp/distinfo 1.52
pkgsrc/net/net-snmp/patches/patch-ad 1.7

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Sun Feb 15 11:31:51 UTC 2009

   Modified Files:
           pkgsrc/net/net-snmp: Makefile distinfo
   Added Files:
           pkgsrc/net/net-snmp/patches: patch-ad

   Log Message:
   Add a patch from the "net-snmp" repository to close the vulnerability
   reported in SA33884/CVE-2008-6123.

pullup ticket #2697 - requested by tron
wireshark: update package for security fix

revisions pulled up:
pkgsrc/net/wireshark/Makefile 1.29
pkgsrc/net/wireshark/PLIST 1.12
pkgsrc/net/wireshark/distinfo 1.19
pkgsrc/net/wireshark/patches/patch-ad r0

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Fri Feb 13 09:41:11 UTC 2009

   Modified Files:
           pkgsrc/net/wireshark: Makefile PLIST distinfo
   Removed Files:
           pkgsrc/net/wireshark/patches: patch-ad

   Log Message:
   Update "wireshark" package to version 1.0.6.

   Changes between 1.0.5 and 1.0.6.:
   - The following vulnerabilities have been fixed:
     * On non-Windows systems, Wireshark could crash if the HOME environment
       variable contained sprintf-style string formatting characters.
     * Wireshark could crash while reading a malformed NetScreen snoop file.
     * Wireshark could crash while reading a Tektronix K12 text capture file.
   - The following bugs have been fixed:
     * Crash when loading capture file and Preferences: NO Info column
     * Some Lua scripts may lead to corruption via out of bounds stack
     * Build with GLib 1.2 fails with error: 'G_MININT32' undeclared
     * Wrong decoding IMSI with GSM MAP protocol
     * Segmentation fault for "Follow TCP stream" (Bug 3119)
     * SMPP optional parameter 'network_error_code' incorrectly decoded
     * DHCPv6 dissector doesn't handle malformed FQDN
     * WCCP overrides CFLOW as decoded protocol (Bug 3175)
     * Improper decoding of MPLS echo reply IPv4 Interface and Label Stack Object
     * ANSI MAP fix for TRN digits/SMS and OTA subdissection (Bug 3214)
   - Updated Protocol Support
     * AFS, ATM, DHCPv6, DIS, E.212, RTP, UDP, USB, WCCP, WPS
   - New and Updated Capture File Support
     * NetScreen snoop

   Changes between version 1.0.4 and 1.0.5:
   - The following vulnerabilities have been fixed. See the security advisory
     for details and a workaround.
     * The SMTP dissector could consume excessive amounts of CPU and memory.
     * The WLCCP dissector could go into an infinte loop.
   - The following bugs have been fixed:
     * Missing CRLF during HTTP POST in the "packet details" window
     * Memory assertion in time_secs_to_str_buf() when compiled with GCC 4.2.3
     * Diameter dissector fails RFC 4005 compliance
     * LDP vendor private TLV type is not correctly shown
     * Wireshark on MacOS does not run when there are spaces in its path
     * Compilation broke when compiling without zlib
     * Memory leak: saved_repoid
     * Memory leak: follow_info
     * Memory leak: follow_info
     * Memory leak: tacplus_data
     * Memory leak: col_arrows
     * Memory leak: col_arrows
     * Incorrect address structure assigned for find_conversation() in WSP
     * Memory leak with unistim in voip_calls
     * Error parsing the BSSGP protocol
     * Assertion thrown in fvalue_get_uinteger when decoding TIPC
     * LUA script : Wireshark crashes after closing and opening again a window
       used by a listener.draw() function.
   - Updated Protocol Support
     * ANSI MAP, BSSGP, CIP, Diameter, ENIP, GIOP, H.263, H.264, HTTP, MPEG PES
     * PostgreSQL, PPI, PTP, Rsync, RTP, SMTP, SNMP, STANAG 5066, TACACS, TIPC
     * WLCCP, WSP

   The package update was provided by Matthias Drochner in private e-mail.

Pullup ticket #2671.

Pullup ticket #2671 - requested by dholland
mpack: security update

Revisions pulled up:
- converters/mpack/Makefile 1.19
- converters/mpack/PLIST 1.2
- converters/mpack/distinfo 1.8
- converters/mpack/patches/patch-aa delete
- converters/mpack/patches/patch-ab 1.7
- converters/mpack/patches/patch-ae 1.2
- converters/mpack/patches/patch-af 1.2
---
Module Name: pkgsrc
Committed By: dholland
Date: Sun Feb 15 20:12:18 UTC 2009

Modified Files:
pkgsrc/converters/mpack: Makefile PLIST distinfo
pkgsrc/converters/mpack/patches: patch-ab patch-ae patch-af
Removed Files:
pkgsrc/converters/mpack/patches: patch-aa

Log Message:
Update to 1.6.

pkgsrc changes:

- Destdir support.
- Include fixes for implicit function declarations probably broken on LP64.
- Fix for 64-bit time_t world in netbsd-current.
- Fix some pkglint.
- Suppress warning about mktemp() on NetBSD; usage checked.

Upstream changes:

1.6 -- Jul 21 2003
Use automake and a little bit of autoconf

convert K&R declarations/definitions to ANSI

Fixed buffer overflow in getParam and getDispositionFilename (debian patch)
Fixed possible crash in ParseContent (debian patch)

fix typo in getDispositionFilename (from Steve Friedl)

use system strcasecmp and getopt where possible.

use O_EXCL where available when creating files.

Pullup tickets #2698 and #2699.

Pullup ticket #2699 - requested by obache
tor: security update

Revisions pulled up:
- net/tor/Makefile 1.62
- net/tor/distinfo 1.34
- net/tor/patches/patch-ac delete
---
Module Name: pkgsrc
Committed By: obache
Date: Sun Feb 15 07:59:02 UTC 2009

Modified Files:
pkgsrc/net/tor: Makefile distinfo
Removed Files:
pkgsrc/net/tor/patches: patch-ac

Log Message:
Update tor to 0.2.0.34.
Patch provided by Christian Sturm and back to maintainer.

Changes in version 0.2.0.34 - 2009-02-08
  o Security fixes:
    - Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on 0.2.0.8-alpha.
    - Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
    - Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

  o Minor bugfixes:
    - Fix compilation on systems where time_t is a 64-bit integer.
      Patch from Matthias Drochner.
    - Don't consider expiring already-closed client connections. Fixes
      bug 893. Bugfix on 0.0.2pre20.

Pullup ticket #2698 - requested by minskim
bison: portability fix

Revisions pulled up:
- devel/bison/Makefile 1.69
- mk/tools/tools.Darwin.mk 1.39
---
Module Name:    pkgsrc
Committed By:   schwarz
Date:           Thu Jan 22 20:14:05 UTC 2009

Modified Files:
         pkgsrc/mk/tools: tools.Darwin.mk

Log Message:
Do not use GNU m4 shipped with the OS on systems prior to Mac OS 10.5.
10.4 shipped with gm4 1.4.2, 10.3 came with 1.4.
This is not recent enough for some packages (specifically devel/
autoconf),
so use pkgsrc's gm4 instead.
Fixes PR#40329.
---
Module Name:    pkgsrc
Committed By:   minskim
Date:           Thu Feb 12 18:43:21 UTC 2009

Modified Files:
         pkgsrc/devel/bison: Makefile

Log Message:
Bump PKGREVISION because the path to m4 was changed on Darwin<9.

The tools framework changed m4 on Darwin<9 from the native one to the
pkgsrc version last month.  bison needs a PKGREVISION bump because it
embeds the path to m4 in its binary.

ticket #2969

pullup ticket #2969 - requested by he
see: add patch for ppc ports

revisions pulled up:
pkgsrc/lang/see/Makefile pkgsrc/lang/see/distinfo 1.2
pkgsrc/lang/see/patches/patch-aa 1.1

   Module Name:    pkgsrc
   Committed By:   he
   Date:           Thu Feb 12 15:24:14 UTC 2009

   Modified Files:
           pkgsrc/lang/see: Makefile distinfo
   Added Files:
           pkgsrc/lang/see/patches: patch-aa

   Log Message:
   Update from version 3.0.1376 to 3.0.1376nb1.

   Pkgsrc changes:
    o Add a patch so that our PowerPC-based ports are properly detected
      by the dtoa configuration logic, by also recognizing __powerpc__
      to indicate big-endian float format.
      This should fix PR#40624.

Pullup tickets #2694 and #2695.

Pullup ticket #2695 - requested by he
p5-Readonly-XS: build fix

Revisions pulled up:
- devel/p5-Readonly-XS/Makefile 1.5
- devel/p5-Readonly-XS/distinfo 1.3
- devel/p5-Readonly-XS/patches/patch-aa 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Tue Feb 10 19:46:51 UTC 2009

Modified Files:
pkgsrc/devel/p5-Readonly-XS: Makefile distinfo
pkgsrc/devel/p5-Readonly-XS/patches: patch-aa

Log Message:
Update from version 1.04nb2 to 1.04nb3.

Pkgsrc changes:
o Fix the broken patch-aa patch, which should have fixed
   PR#39740 but didn't, and instead left the package in an
   unbuildable state.  With this in place, "make test"
   completes, fixing the problem in the CPAN report at
   http://rt.cpan.org/Public/Bug/Display.html?id=29778

Pullup ticket #2694 - requested by taca
typo3: security update

Revisions pulled up:
- www/typo3/MESSAGE 1.2
- www/typo3/Makefile 1.11-1.12
- www/typo3/distinfo 1.6-1.7
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jan 25 05:00:14 UTC 2009

Modified Files:
pkgsrc/www/typo3: MESSAGE Makefile distinfo

Log Message:
Update www/typo3 package to 4.2.5.

All versions are maintenance releases and contain only bugfixes.

IMPORTANT: These versions contain important fixes of regressions from
the earlier versions released 20 January 2009, but they do not contain
additional security fixes.

ChangeLog:

2009-01-24  Ingmar Schlecht  <ingmar@typo3.org>

* Release of TYPO3 4.2.5

2009-01-24  Ingmar Schlecht  <ingmar@typo3.org>

* Fixed bug #10205: DB session record is only created when user is authenticated (thanks also to Michael Stucki)

2009-01-20  Steffen Kamper  <info@sk-typo3.de>

* Fixed bug #9345: Bug: CSV export includes _CLIPBOARD_ in header row (thanks to Christian Kuhn)
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Feb 10 09:35:40 UTC 2009

Modified Files:
pkgsrc/www/typo3: Makefile distinfo

Log Message:
Update www/typo3 package to 4.2.6.

Quote from release announce is here and see ChangeLog for detail.

All versions are maintenance releases and contain bugfixes
and security fixes.

IMPORTANT: These versions include an important security fix
to the TYPO3 core. A security announcement has just been
released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/

Pullup tickets #2692 and #2693.

Pullup ticket #2692 - requested by cube
xtide: bug fix

Revisions pulled up:
- misc/xtide/Makefile 1.23
- misc/xtide/distinfo 1.8
- misc/xtide/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: cube
Date: Sun Feb 8 00:01:35 UTC 2009

Modified Files:
pkgsrc/misc/xtide: Makefile distinfo
Added Files:
pkgsrc/misc/xtide/patches: patch-ad

Log Message:
Add a patch to configure so that xtide can compile correctly with a X11
distribution in /usr/X11R7. Bump PKGREVISION.

Pullup ticket #2693 - requested by kim
proftpd: security update

Revisions pulled up:
- net/proftpd/Makefile 1.53-1.54
- net/proftpd/PLIST 1.15-1.16
- net/proftpd/distinfo 1.30
- net/proftpd/files/proftpd.sh 1.3
---
Module Name: pkgsrc
Committed By: shattered
Date: Sun Jan 11 22:47:54 UTC 2009

Modified Files:
pkgsrc/net/proftpd: Makefile PLIST
pkgsrc/net/proftpd/files: proftpd.sh

Log Message:
- rc.d script: replace interpreter, add 'reload' command
- install 'ftpasswd' script from contrib

OK by kim@.
---
Module Name:    pkgsrc
Committed By:   kim
Date:           Sun Feb  8 07:28:44 UTC 2009

Modified Files:
        pkgsrc/net/proftpd: Makefile PLIST distinfo

Log Message:
Upgrade proftpd to 1.3.2

Pullup tickets #2685, #2690 and #2691.

Pullup ticket #2691 - requested by joerg
xorp: build fixe

Revisions pulled up:
- net/xorp/distinfo 1.15
- net/xorp/patches/patch-ab 1.8
---
Module Name: pkgsrc
Committed By: joerg
Date: Sat Feb 7 18:39:20 UTC 2009

Modified Files:
pkgsrc/net/xorp: distinfo
pkgsrc/net/xorp/patches: patch-ab

Log Message:
Fix patch to actually work by using the right name of the version macro.
Fixes build on NetBSD 4.99.24+.

Pullup ticket #2690 - requested by martti
mediawiki: security update

Revisions pulled up:
- www/mediawiki/Makefile 1.4
- www/mediawiki/PLIST 1.3
- www/mediawiki/distinfo 1.3
---
Module Name: pkgsrc
Committed By: martti
Date: Sat Feb 7 11:09:37 UTC 2009

Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo

Log Message:
Updated www/mediawiki to 1.13.4

A number of cross-site scripting (XSS) security vulnerabilities were
discovered in the web-based installer (config/index.php). These
vulnerabilities all require a live installer -- once the installer has been
used to install a wiki, it is deactivated.

Note that cross-site scripting vulnerabilities can be used to attack any
website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used
to attack the active service. If you are hosting an old copy of MediaWiki
that you have never installed, we advise you to remove it from the web.

Pullup ticket #2685 - requested by he
mysql5-server: bug fixes

Revisions pulled up:
- databases/mysql5-server/Makefile 1.26
- databases/mysql5-server/files/mysqld.sh 1.3
---
Module Name: pkgsrc
Committed By: he
Date: Wed Feb  4 21:17:45 UTC 2009

Modified Files:
pkgsrc/databases/mysql5-server: Makefile
pkgsrc/databases/mysql5-server/files: mysqld.sh

Log Message:
Upgrade from version 5.0.67 to 5.0.67nb1.

Two changes to the rc.d script:
1) Move the setting of pidfile to a place so that setting mysqld_datadir
    in rc.conf will actually work; otherwise, if you use a non-default
    mysqld_datadir, mysqld will not start.
2) ad@ pointed me to http://bugs.mysql.com/bug.php?id=18526, and said
    that --skip-thread-priority should not be used on NetBSD, and the
    PR spoke about Darwin / OS/X.  I'm guessing that this might work
    if the host platform is Linux or SunOS (the latter is unconfirmed).
    So add that option to the startup in all other cases.

Pullup ticket #2689.

Pullup ticket #2689 - requested by tnn
firefox3: security update

Revisions pulled up:
- www/firefox3/Makefile 1.20
- www/firefox3/distinfo 1.15
- www/firefox3/patches/patch-wf delete
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Feb  5 21:22:06 UTC 2009

Modified Files:
pkgsrc/www/firefox3: Makefile distinfo
Removed Files:
pkgsrc/www/firefox3/patches: patch-wf

Log Message:
update to firefox3-3.0.6.
Firefox 3.0.6 fixes several issues found in Firefox 3.0.5:
* Fixed several security issues.
* Fixed several stability issues.
* In previous versions of Firefox, some users experienced a problem
  where parts of the screen were not properly displaying after
  Firefox was open for long periods of time.
* Improved the ability for scripted commands (including those
  included in popular extensions like Adblock Plus) to work properly
  with plugins. (bug 438830)
* Removed the client user ID from crash reports.
* Fixed issues with the display of some Indic scripts.

Pullup tickets #2686, #2687 and #2688.

Pullup ticket #2686 - requested by taca
squid30: security update

Revisions pulled up:
- www/squid30/Makefile 1.6-1.7
- www/squid30/distinfo 1.5-1.6
- www/squid30/patches/patch-aa 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 22 17:23:47 UTC 2009

Modified Files:
pkgsrc/www/squid30: Makefile distinfo
pkgsrc/www/squid30/patches: patch-aa

Log Message:
Update www/squid pacakge to 3.0.12(3.0.STABLE12).

Changes to squid-3.0.STABLE12 (21 Jan 2009):

- Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
- Bug 2542: ICAP filters break download resume
- Bug 2556: HTCP fails without icp_port
- Bug 2564: logformat '%tl' field not working as advertised
- Port from 3.1: TestBed basic build consistency checks
- Policy: Change half_closed_clients default to off
- Policy: Removed -V command line option, deprecated by 2.6
- ... and several other minor code cleanups
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 4 12:21:27 UTC 2009

Modified Files:
pkgsrc/www/squid30: Makefile distinfo

Log Message:
Update squid30 package to 3.0.13 (3.0.STABLE13).

Changes to squid-3.0.STABLE13 (03 Feb 2009):

- Fix several issues in request parsing
- Fix memory leak from logformat parsing
- Fix various ESI build errors
- ... and some documentation updates

Pullup ticket #2687 - requested by taca
squid27: security update

Revisions pulled up:
- www/squid27/Makefile 1.5
- www/squid27/distinfo 1.4
- www/squid27/patches/patch-ab 1.2
- www/squid27/patches/patch-ac 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 5 13:43:06 UTC 2009

Modified Files:
pkgsrc/www/squid27: Makefile distinfo
pkgsrc/www/squid27/patches: patch-ab patch-ac

Log Message:
Update www/squid27 package to 2.7.6(2.7.STABLE6).

Changes to squid-2.7.STABLE6 (4 February 2009)
- Bug #2494: Fix tproxy url in configure
- Correct latency measurements
- Correct upgrade_http0.9 example
- Correct parsing of invalid http version numbers
- Crossreference authenticate_ip_shortcircuit_access and
authenticate_ip_shortcircuit_ttl
- Add in some better documentation for override-expire.

Pullup ticket #2688 - requested by taca
sudo: security update

Revisions pulled up:
- security/sudo/Makefile 1.114
- security/sudo/PLIST 1.3
- security/sudo/distinfo 1.57
- security/sudo/options.mk 1.16
- security/sudo/patches/patch-aa 1.20
- security/sudo/patches/patch-af 1.21
- security/sudo/patches/patch-ag 1.13
- security/sudo/patches/patch-ai delete
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb  5 13:48:12 UTC 2009

Modified Files:
pkgsrc/security/sudo: Makefile PLIST distinfo options.mk
pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
Removed Files:
pkgsrc/security/sudo/patches: patch-ai

Log Message:
Update security/sudo package to 1.7.0.

* pkgsrc change: relax restriction to kerberos package.

What's new in Sudo 1.7.0?

* Rewritten parser that converts sudoers into a set of data structures.
   This eliminates a number of ordering issues and makes it possible to
   apply sudoers Defaults entries before searching for the command.
   It also adds support for per-command Defaults specifications.

* Sudoers now supports a #include facility to allow the inclusion of other
   sudoers-format files.

* Sudo's -l (list) flag has been enhanced:
    o applicable Defaults options are now listed
    o a command argument can be specified for testing whether a user
      may run a specific command.
    o a new -U flag can be used in conjunction with "sudo -l" to allow
      root (or a user with "sudo ALL") list another user's privileges.

* A new -g flag has been added to allow the user to specify a
   primary group to run the command as.  The sudoers syntax has been
   extended to include a group section in the Runas specification.

* A uid may now be used anywhere a username is valid.

* The "secure_path" run-time Defaults option has been restored.

* Password and group data is now cached for fast lookups.

* The file descriptor at which sudo starts closing all open files is now
   configurable via sudoers and, optionally, the command line.

* Visudo will now warn about aliases that are defined but not used.

* The -i and -s command line flags now take an optional command
   to be run via the shell.  Previously, the argument was passed
   to the shell as a script to run.

* Improved LDAP support.  SASL authentication may now be used in
   conjunction when connecting to an LDAP server.  The krb5_ccname
   parameter in ldap.conf may be used to enable Kerberos.

* Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
   to specify the sudoers order.  E.g.:
sudoers: ldap files
   to check LDAP, then /etc/sudoers.  The default is "files", even
   when LDAP support is compiled in.  This differs from sudo 1.6
   where LDAP was always consulted first.

* Support for /etc/environment on AIX and Linux.  If sudo is run
   with the -i flag, the contents of /etc/environment are used to
   populate the new environment that is passed to the command being
   run.

* If no terminal is available or if the new -A flag is specified,
   sudo will use a helper program to read the password if one is
   configured.  Typically, this is a graphical password prompter
   such as ssh-askpass.

* A new Defaults option, "mailfrom" that sets the value of the
   "From:" field in the warning/error mail.  If unspecified, the
   login name of the invoking user is used.

* A new Defaults option, "env_file" that refers to a file containing
   environment variables to be set in the command being run.

* A new flag, -n, may be used to indicate that sudo should not
   prompt the user for a password and, instead, exit with an error
   if authentication is required.

* If sudo needs to prompt for a password and it is unable to disable
   echo (and no askpass program is defined), it will refuse to run
   unless the "visiblepw" Defaults option has been specified.

* Prior to version 1.7.0, hitting enter/return at the Password: prompt
   would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
   an empty password.  To exit sudo, the user must press ^C or ^D
   at the prompt.

* visudo will now check the sudoers file owner and mode in -c (check)
   mode when the -s (strict) flag is specified.

ticket #2681

pullup ticket #2681 - requested by adrianp
bugzilla: bug fix

revisions pulled up:
pkgsrc/devel/bugzilla/Makefile 1.34
pkgsrc/devel/bugzilla/PLIST 1.16
pkgsrc/devel/bugzilla/distinfo 1.18

   Module Name:    pkgsrc
   Committed By:   adrianp
   Date:           Tue Feb  3 23:05:28 UTC 2009

   Modified Files:
           pkgsrc/devel/bugzilla: Makefile PLIST distinfo

   Log Message:
   Update to 2.22.7
   + Saving changes to parameters would sometimes fail silently. Bugzilla
     will now throw an error instead of failing silently. (bug 347707)
   Security fixes for: http://www.bugzilla.org/security/2.22.6/

Pullup tickets #2682, #2683 and #2684.

Pullup ticket #2684 - requested by adrianp
imp: security update

Revisions pulled up:
- mail/imp/Makefile 1.52
- mail/imp/distinfo 1.23
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Jan 30 22:23:09 UTC 2009

Modified Files:
pkgsrc/mail/imp: Makefile distinfo

Log Message:
The major changes compared to IMP version H3 (4.3.2) are:
* SECURITY: Escape output in message.php, pgp.php and smime.php
* Several bugfixes and minor improvements

The full list of changes (from version 4.3.2) can be viewed here:

http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.367&r2=1.699.2.376&ty=h

Pullup ticket #2683 - requested by adrianp
horde: security update

Revisions pulled up:
- www/horde/Makefile 1.62
- www/horde/PLIST 1.21
- www/horde/distinfo 1.26
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Jan 30 22:22:26 UTC 2009

Modified Files:
pkgsrc/www/horde: Makefile PLIST distinfo

Log Message:
The major changes compared to Horde version 3.3.2 are:
    * SECURITY: Fix unescaped output in the tag cloud block
    * SECURITY: Fix unvalidated Horde_Image driver name
    * Restore backwards compatibility with older Kronolith and Whups
      releases
    * Fix problems with SQL Shares and PostgreSQL
    * Support Mozilla Sunbird snooze properties

The full list of changes (from version 3.3.2) can be viewed here:

http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.492&r2=1.515.2.503&ty=h

Pullup ticket #2682 - requested by adrianp
bugzilla3: security update

Revisions pulled up:
- devel/bugzilla3/Makefile patch
- devel/bugzilla3/PLIST patch
- devel/bugzilla3/distinfo patch
---
Update "bugzilla3" package to version 3.0.8 via patch:

3.0.8
*  This release fixes one bug that is critical for installations running
3.0.7 under mod_perl. See the Security Advisory  for details.

Security Fix: http://www.bugzilla.org/security/3.0.7/

3.0.7
*  Saving changes to parameters would sometimes fail silently
(particularly on Windows when the web server didn't have the right
permissions to update the params file). Bugzilla will now throw an error
in this case, telling you what is wrong. (Bug 347707)
* Some versions of the SOAP::Lite Perl module had a bug that caused
Bugzilla's XML-RPC service to break. checksetup.pl now checks for these
bad versions and will reject them. (Bug 468009)

Security Fix: http://www.bugzilla.org/security/2.22.6/

ticket #2680

pullup ticket #2680 - requested by martti
ejabberd: update package

revisions pulled up:
pkgsrc/chat/ejabberd/Makefile 1.7
pkgsrc/chat/ejabberd/PLIST 1.4
pkgsrc/chat/ejabberd/distinfo 1.5
pkgsrc/chat/ejabberd/patches/patch-ab r0
pkgsrc/chat/ejabberd/patches/patch-ac 1.3
pkgsrc/chat/ejabberd/patches/patch-ag 1.2

   Module Name:    pkgsrc
   Committed By:   martti
   Date:           Tue Feb  3 12:07:26 UTC 2009

   Modified Files:
           pkgsrc/chat/ejabberd: Makefile PLIST distinfo
           pkgsrc/chat/ejabberd/patches: patch-ac patch-ag
   Removed Files:
           pkgsrc/chat/ejabberd/patches: patch-ab

   Log Message:
   Updated chat/ejabberd to 2.0.3

   * Do not ask certificate for client (c2s)
   * Check digest-uri in SASL digest authentication
   * Use send timeout to avoid locking on gen_tcp:send
   * Fix ejabberd reconnection to database
   * HTTP-Bind: handle wrong order of packets
   * MUC: Improved traffic regulation management
   * PubSub: Several bugfixes and improvements for best coverage of XEP-0060 v1.12
   * Shared Roster Groups: push immediately membership changes
   * Rotate also sasl.log on "reopen-log" command

ticket #2677

pullup ticket #2677 - requested by hira
openoffice2: destdir and time_t fixes

revisions pulled up:
pkgsrc/misc/openoffice2/Makefile 1.61
pkgsrc/misc/openoffice2/PLIST 1.9
pkgsrc/misc/openoffice2/distinfo 1.51
pkgsrc/misc/openoffice2/patches/patch-ei 1.1
pkgsrc/misc/openoffice2/patches/patch-ej 1.1

   Module Name:    pkgsrc
   Committed By:   hira
   Date:           Mon Jan 26 15:39:06 UTC 2009

   Modified Files:
           pkgsrc/misc/openoffice2: Makefile PLIST distinfo
   Added Files:
           pkgsrc/misc/openoffice2/patches: patch-ei patch-ej

   Log Message:
    - Fix DESTDIR installation.
    - Fix charmap names for NetBSD.
    - Use time_t instead of long on NetBSD.

   Bump PKGREVISION.

Pullup ticket #2679.

Pullup ticket #2679 - requested by rafal
gst-plugins0.10-bad: build fix

Revisions pulled up:
- multimedia/gst-plugins0.10-bad/distinfo 1.10
- multimedia/gst-plugins0.10-bad/patches/patch-ab 1.4
---
Module Name:    pkgsrc
Committed By:   drochner
Date:           Fri Jan  9 16:43:42 UTC 2009

Modified Files:
        pkgsrc/multimedia/gst-plugins0.10-bad: distinfo
        pkgsrc/multimedia/gst-plugins0.10-bad/patches: patch-ab

Log Message:
pull in a patch from upstream CVS, to adapt to an API change in recent
x264 libs, see Gnome bugzilla#555238
should fix PR pkg/40351 by Robert Elz

Pullup ticket #2676.

Pullup ticket #2676 - requested by hira
openoffice3: bug fixes

Revisions pulled up:
- misc/openoffice3/Makefile 1.20-1.21
- misc/openoffice3/PLIST 1.7
- misc/openoffice3/distinfo 1.17
- misc/openoffice3/patches/patch-ei 1.1
- misc/openoffice3/patches/patch-ej 1.1
---
Module Name: pkgsrc
Committed By: hira
Date: Tue Jan 20 09:52:12 UTC 2009

Modified Files:
pkgsrc/misc/openoffice3: Makefile distinfo
Added Files:
pkgsrc/misc/openoffice3/patches: patch-ei patch-ej

Log Message:
- Fix charmap names for NetBSD (patch-ei).
- Use time_t instead of long on NetBSD (patch-ej).

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: hira
Date: Tue Jan 20 10:19:30 UTC 2009

Modified Files:
pkgsrc/misc/openoffice3: Makefile PLIST

Log Message:
- Add missing entries to INSTALLATION_DIRS.
- Remove entries which are generated from openoffice.org.xml from PLIST.

This should fix installation with USE_DESTDIR=Full.
Reported by abs@ in private e-mail.

Pullup ticket #2675 - requested by ghen
dovecot: bug fixes

Revisions pulled up:
- mail/dovecot/Makefile 1.125-1.127
- mail/dovecot/PLIST 1.23
- mail/dovecot/distinfo 1.90-1.92
- mail/dovecot/patches/patch-ab 1.24-1.25
- mail/dovecot/patches/patch-ac 1.10
---
Module Name: pkgsrc
Committed By: abs
Date: Thu Jan  8 00:02:44 UTC 2009

Modified Files:
pkgsrc/mail/dovecot: Makefile PLIST distinfo
pkgsrc/mail/dovecot/patches: patch-ab patch-ac

Log Message:
Updated mail/dovecot to 1.1.8

Most importantly mbox bugfixes. v1.1 should finally be as stable with
mboxes as it was with v1.0. Hopefully we'll also soon have the first
v1.2 beta release and the final v1.2.0 somewhat soon after that.

- mbox: Several bugfixes. Fixes "next message unexpectedly lost"
          errors and perhaps some other problems as well.
- deliver: It wasn't possible to override boolean settings in
  lda section by setting them to "no".
- Maildir++ quota didn't correctly check if maildirs had changed
  during recalculation.
- kqueue notify: Fixed assert-crash in some situations
- dbox: Several fixes to handling Maildir migrations
- Logging/error message improvements
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jan 24 10:51:35 UTC 2009

Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
pkgsrc/mail/dovecot/patches: patch-ab

Log Message:
Update to Dovecot 1.1.9.  From the release announcement mail:

Lots of small dbox fixes, hopefully migrations from Maildir are now working
correctly.

+ Sending SIGUSR2 to dovecot-auth now also logs statistics about cache inserts.
  This could help figuring out auth cache size.
+ deliver: Added rejection_subject setting, which is used for rejected mails.
+ pop3: Prevent clients from looping forever trying to fetch an expunged
  message.
+ If login process crashes, log the IP address that (maybe) caused it.
+ If core dump limit is 0, add "core dumps disabled" to startup log line.
+ Log better messages for "Permission denied" errors
- mbox: Fixed assert-crash with pop3_lock_session=3Dyes
- dbox: Fixes to handling maildir-converted files.
- Auth cache wasn't working correctly for all fields (e.g. allow_nets) with
  blocking passdbs (e.g. mysql).
- pgsql: Handle reconnecting to server without failing auth lookups.
- Berkeley DB memory/resource leak fixes.
- maildir: Fixes to handling over 26 keywords.
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue Jan 27 08:29:31 UTC 2009

Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo

Log Message:
Update to Dovecot 1.1.10.

- Maildir: Keyword handling was somewhat broken in v1.1.9
- userdb prefetch was broken with blocking passdbs in v1.1.9
- dict process didn't always die with the rest of Dovecot
- dict quota was somewhat broken with pgsql

Pullup tickets #2675 and #2678.

Pullup ticket #2678 - requested by cube
glut: build fix for systems with native X.org

Revisions pulled up:
- graphics/glut/builtin.mk 1.2
---
Module Name: pkgsrc
Committed By: cube
Date: Sun Feb 1 16:22:54 UTC 2009

Modified Files:
pkgsrc/graphics/glut: builtin.mk

Log Message:
Restore the value of BUILTIN_PKG after checking for the rest of Mesa, so
that the logic x11.builtin.mk doesn't set variables for the wrong package.

Noted by Obata-san.

ticket #2672

pullup ticket #2672 - requested by tron
ffmpeg: fix buffer overflow

revisions pulled up:
pkgsrc/multimedia/ffmpeg/Makefile 1.47
pkgsrc/multimedia/ffmpeg/distinfo 1.22
pkgsrc/multimedia/ffmpeg/patches/patch-4xm 1.1

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Thu Jan 29 15:02:13 UTC 2009

   Modified Files:
           pkgsrc/multimedia/ffmpeg: Makefile distinfo
   Added Files:
           pkgsrc/multimedia/ffmpeg/patches: patch-4xm

   Log Message:
   Add fix for buffer overflow in 4xm movie format decoder based on a
   patch from "ffmpeg" SVN.

Pullup ticket #2674.

Pullup ticket #2674 - requested by taca
awstats: security update

Revisions pulled up:
- www/awstats/Makefile 1.40
- www/awstats/PLIST 1.14
- www/awstats/distinfo 1.23
- www/awstats/options.mk 1.2
- www/awstats/patches/patch-aa 1.9
- www/awstats/patches/patch-ab 1.6
- www/awstats/patches/patch-ac delete
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Jan 15 12:12:04 UTC 2009

Modified Files:
pkgsrc/www/awstats: Makefile PLIST distinfo options.mk
pkgsrc/www/awstats/patches: patch-aa patch-ab

Log Message:
Changes 6.9:
* With postfix that support DSN (Delivery Status Notifications) we exclude
  some lines to avoid counting mails twice in maillogconvert.pl script.
* Logresolvemerge.pl support FreeRADIUS logs or anything else using
  (the fixed length!) ctime format timestamp.
* Add option stoponfirsteof in logresolvemerge tool.
* Add patch to support host_proxy tag in LogFormat (for Apache LogFormat
  containing %{X-Forwarded-For}i)
* Renamed Add to favourites on "Hit on favicon".
* Increase robots, search engines database (Added Google Chrome browser,
  better Vista, WII, detection, ...)
* Update languages files.
* Added a lot of patch from sourceforge.
* Bug fixes.
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Jan 15 12:12:20 UTC 2009

Removed Files:
pkgsrc/www/awstats/patches: patch-ac

Log Message:
Changes 6.9:
* With postfix that support DSN (Delivery Status Notifications) we exclude
  some lines to avoid counting mails twice in maillogconvert.pl script.
* Logresolvemerge.pl support FreeRADIUS logs or anything else using
  (the fixed length!) ctime format timestamp.
* Add option stoponfirsteof in logresolvemerge tool.
* Add patch to support host_proxy tag in LogFormat (for Apache LogFormat
  containing %{X-Forwarded-For}i)
* Renamed Add to favourites on "Hit on favicon".
* Increase robots, search engines database (Added Google Chrome browser,
  better Vista, WII, detection, ...)
* Update languages files.
* Added a lot of patch from sourceforge.
* Bug fixes.

Pullup ticket #2670.

Pullup ticket #2670 - requested by obache
GraphicsMagick: security update

Revisions pulled up:
- graphics/GraphicsMagick/distinfo 1.16-1.17
- graphics/GraphicsMagick/Makefile 1.20-1.21
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jan 16 04:17:38 UTC 2009

Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile distinfo

Log Message:
Update GraphicsMagick to 1.3.4.

1.3.4 (January 13, 2009)
=========================

Security Fixes:

  * None.

Bug fixes:

  * Now runs under Windows Vista (as a 32-bit application).

  * Fix for colorspace transform math overflow in Q32 build.

New Features:

  * Windows build supports OpenMP and requires Windows 2000 or later
    (source code still supports Windows '98).

  * Support large files under Windows.

  * Support reading/writing 16 and 24 bit float TIFF files.

  * Support reading/writing 64 bit integer TIFF files.

  * Added "Log", "Max", "Min", and "Pow" options to -operator.

Feature improvements:

  * Debug logging now properly prints 64-bit offset values.

Performance Improvements:

  * Improve resource estimation for Microsoft Windows systems.
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Jan 27 04:38:44 UTC 2009

Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile distinfo

Log Message:
Update GraphicsMagick to 1.3.5.

1.3.5 (January 26, 2009)
=========================

Security Fixes:

  * BMP and DIB formats were throwing an assertion for negative height
    values.  This caused the process to crash.

Bug fixes:

  * Don't install Magick++ headers if C++ is disabled.

  * Linux RPM SPEC file needs to always install the loadable module
    .la files or else the modules won't load.

  * Windows runtime DLLs were for the wrong compiler version,
    resulting in failure to execute if the correct runtime DLLs are
    not available.

New Features:

  * None

Feature improvements:

  * FITS: Parsing is more robust.

Performance Improvements:

  * None

Pullup tickets #2669 and #2671.

Pullup ticket #2671 - requested by sborrill
vlc08: build fix

Revisions pulled up:
- multimedia/vlc08/distinfo 1.7
- multimedia/vlc08/patches/patch-x264.c 1.1
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Jan 28 17:53:37 UTC 2009

Modified Files:
pkgsrc/multimedia/vlc08: distinfo
Added Files:
pkgsrc/multimedia/vlc08/patches: patch-x264.c

Log Message:
Fix build failure in x264.c with the version of x264-devel now in pkgsrc

Pullup ticket #2669 - requested by sborrill
vlc08: build fix

Revisions pulled up:
- multimedia/vlc08/Makefile 1.14
---
Module Name: pkgsrc
Committed By: sborrill
Date: Thu Jan 29 11:32:05 UTC 2009

Modified Files:
pkgsrc/multimedia/vlc08: Makefile

Log Message:
Force a new version of libcdio for API compatibility (otherwise building
the cdda module fails).

Pullup ticket #2667.

Pullup ticket #2667 - requested by joerg
py-django: package list fix

Revisions pulled up:
- www/py-django/Makefile 1.15
- www/py-django/PLIST 1.8-1.9
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Jan 29 09:35:54 UTC 2009

Modified Files:
pkgsrc/www/py-django: Makefile PLIST

Log Message:
Fix PLIST. No idea how that slipped through testing.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 30 13:59:57 UTC 2009

Modified Files:
pkgsrc/www/py-django: PLIST

Log Message:
Also remove some more directories on deinstall.