salo [Wed, 29 Mar 2006 14:22:02 +0000 (14:22 +0000)]
#1269
salo [Wed, 29 Mar 2006 14:21:22 +0000 (14:21 +0000)]
Pullup ticket 1269 - requested by Matthias Scheler
security update for mysqladmin
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: tron
Date: Sun Mar 26 17:55:28 UTC 2006
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Added Files:
pkgsrc/databases/phpmyadmin/patches: patch-aa
Log Message:
Update "phpmyadmin" package to version 2.8.0.2.
Changes since version 2.8.0.1:
- XSS vulnerability (set_theme)
- mysqli problems with zend.ze1_compatibility_mode enabled
- setup script did not save the mysql/mysqli extension
Package source related changes:
- incooperate fix for phpMyAdmin bug #1436279 to make the package usable
with Safari under Mac OS X again
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Mar 29 14:04:48 UTC 2006
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile
Log Message:
Remove ".orig" files from work directory before installation so they
don't get installed. This fixes a package list problem reported by
Lubomir Sedlacik in private e-mail. Bump package revision.
branch-fixup [Sun, 26 Mar 2006 17:55:28 +0000 (17:55 +0000)]
Add files from parent branch HEAD:
databases/phpmyadmin/patches/patch-aa
salo [Fri, 24 Mar 2006 16:12:57 +0000 (16:12 +0000)]
#1254, #1255
salo [Fri, 24 Mar 2006 16:12:18 +0000 (16:12 +0000)]
Pullup ticket 1255 - requested by Todd Vierling
security fix for sendmail
Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile 1.84
- pkgsrc/mail/sendmail/Makefile.common 1.32
- pkgsrc/mail/sendmail/distinfo 1.27
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Mar 22 19:56:37 UTC 2006
Modified Files:
pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
Log Message:
Update sendmail to address the current security issue
Bump to nb2
This will change the internal version of sendmail to 8.13.5.
20060308
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
salo [Fri, 24 Mar 2006 16:11:16 +0000 (16:11 +0000)]
Pullup ticket 1254 - requested by Todd Vierling
security fix for sendmail812
Revisions pulled up:
- pkgsrc/mail/sendmail812/Makefile 1.8
- pkgsrc/mail/sendmail812/Makefile.common 1.10
- pkgsrc/mail/sendmail812/distinfo 1.4
Module Name: pkgsrc
Committed By: tv
Date: Wed Mar 22 21:19:06 UTC 2006
Modified Files:
pkgsrc/mail/sendmail812: Makefile Makefile.common distinfo
Log Message:
Update sendmail (with vendor patch) to address the current security issue:
http://www.kb.cert.org/vuls/id/834865
Bump to nb2.
This will change the internal version of sendmail to 8.12.11.
20060308.
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
salo [Fri, 24 Mar 2006 15:52:49 +0000 (15:52 +0000)]
#1250
salo [Fri, 24 Mar 2006 15:52:28 +0000 (15:52 +0000)]
Pullup ticket 1250 - requested by Marc Recht
security update for curl
Revisions pulled up:
- pkgsrc/www/curl/Makefile 1.62, 1.63
- pkgsrc/www/curl/PLIST 1.19
- pkgsrc/www/curl/distinfo 1.43, 1.44
- pkgsrc/www/curl/patches/patch-aa removed
- pkgsrc/www/curl/patches/patch-ac removed
Module Name: pkgsrc
Committed By: wiz
Date: Fri Mar 3 22:26:08 UTC 2006
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-aa
Log Message:
Update to 7.15.2:
Version 7.15.2 (27 February 2005)
Daniel (22 February 2006)
- Lots of work and analysis by "xbx___" in bug #1431750
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
different but related bugs:
1) Removing an easy handle from a multi handle before the transfer is done
could leave a connection in the connection cache for that handle that is
in a state that isn't suitable for re-use. A subsequent re-use could then
read from a NULL pointer and segfault.
2) When an easy handle was removed from the multi handle, there could be an
outstanding c-ares DNS name resolve request. When the response arrived,
it caused havoc since the connection struct it "belonged" to could've
been freed already.
Now Curl_done() is called when an easy handle is removed from a multi handle
pre-maturely (that is, before the transfer was complteted). Curl_done() also
makes sure to cancel all (if any) outstanding c-ares requests.
Daniel (21 February 2006)
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
type to the already provided type CURLPROXY_SOCKS4.
I added a --socks4 option that works like the current --socks5 option but
instead use the socks4 protocol.
Daniel (20 February 2006)
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
content when libcurl didn't honor the internal ignorebody flag.
Daniel (18 February 2006)
- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
code. It should however not be the cause of any troubles. He also fixed a
few similar problems in the HTTP test server code.
Daniel (17 February 2006)
- Shmulik Regev provided a fix for the DNS cache when using short life times,
as previously it could be holding on to old cached entries longer than
requested.
Daniel (11 February 2006)
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
that an app can use to let libcurl only connect to a remote host and then
extract the socket from libcurl. libcurl will then not attempt to do any
transfer at all after the connect is done.
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
instead of LDFLAGS.
Daniel (8 February 2006)
- Philippe Vaucher provided a brilliant piece of test code that show a problem
with re-used FTP connections. If the second request on the same connection
was set not to fetch a "body", libcurl could get confused and consider it an
attempt to use a dead connection and would go acting mighty strange.
Daniel (2 February 2006)
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
change done in November 2005.
Daniel (30 January 2006)
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
curl tool with --local-port. Plain and simply set the range of ports to bind
the local end of connections to. Implemented on to popular demand.
- Based on an error report by Philippe Vaucher, we no longer count a retried
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
connection is re-setup and 2) it does make the max-redirs counter behave
wrong.
Daniel (24 January 2006)
- Michal Marek provided a patch for FTP that makes libcurl continue to try
PASV even after EPSV returned a positive response code, if libcurl failed to
connect to the port number the EPSV response said. Obviously some people are
going through protocol-sensitive firewalls (or similar) that don't
understand EPSV and then they don't allow the second connection unless PASV
was used. This also called for a minor fix of test case 238.
Daniel (20 January 2006)
- Duane Cathey was one of our friends who reported that curl -P [IP]
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
"native" IP while it works fine for ipv6-disabled builds!
In the process of fixing this, I removed the support for LPRT since I can't
think of many reasons to keep doing it and asking on the mailing list didn't
reveal anyone else that could either. The code that sends EPRT and PORT is
now also a lot simpler than before (IMHO).
Daniel (19 January 2006)
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
(built ipv4-only) didn't work.
Daniel (18 January 2006)
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
the configure script complained about a missing "missing" script if you ran
configure within a path whose name included one or more spaces. This is due
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
be used instead of the one automake ships with. This kludge needs to be
removed once we get an automake version with this problem corrected.
Possibly we'll then need to convert this into a kludge depending on what
automake version that is used and that is gonna be painful and I don't even
want to think about that now...!
Daniel (17 January 2006)
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
the latest features and protocols that libcurl supports and has a minor fix
to better deal with the obscure case where someone has more than one libcurl
installed at the same time.
Daniel (16 January 2006)
- David Shaw finally removed all traces of Gopher and we are now officially
not supporting it. It hasn't been functioning for years anyway, so this is
just finally stating what already was true. And a cleanup at the same time.
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
into a counter, and thus you can now do multiple curl_global_init() and you
are then supposed to dot of calls to curl_global_cleanup().
Bryan has also updated the docs accordingly.
Daniel (13 January 2006)
- Andrew Benham fixed a race condition in the test suite that could cause the
ript to kill all processes in the current process group!
Daniel (12 January 2006)
- Michael Jahn:
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
HTTP proxh a proxy. It would
previously overwrite internal memory and cause unpredicted behaviour!
Daniel (11 January 2006)
- I decided to document the "secret option" here now, as I've receivedts from November 2005:
I'm looking for feedback and comments. I added some experimental code the
other day, that allows a libcurl user to select what method libcurl should
use to reality is available in CVS code and in recent daily snapshots.
Let me explain...
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
the command line tool) andt do this:
1 multicwd - like today, curl will do a single CWD operation for each path
part in the given URL. For deep hierarchies this means very many
commands. This is how RFC1738 says it should be done. This is the
- no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
a full path to the server.
3 singlecwd - make one CWD with the full target directory and then operate
on the file "normally".
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
one of "multicwd", "nocwd" or "singlecwd".)
What feedback I'm interested in:vers where one of these don't work?
2 - What would proper names for the option and its arguments be, if we
consider this feature good enough to get included and documented in
ses?
3 - Should we make libcurl able to "walk through" these options in case of
(path related) failures, or should it fail and let the user redo any
possible retries?
(Thi any man page just yet since I'm not sure
these names will be used or if the functionality will end up exactly like
this. And for the same reasons we have no test cases for these yet.)
Daniel (10 January 2006)
- When using a bad path over FTP, asinto all
given subdirs, libcurl would still "remember" the full path as if it is the
current directory libcurl is in so that the next curl_easy_perform() would
get really confused if
---
Module Name: pkgsrc
Committed By: recht
Date: Tue Mar 21 21:49:47 UTC 2006
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-ac
Log Message:
update to curl 7.15.3
Fixes a TFTP packet buffer overflow vulnerability.
See http://curl.haxx.se/docs/adv_20060320.html for details.
Changes:
- added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
Bugfixes:
- TFTP Packet Buffer Overflow Vulnerability
- properly detecting problems with sending the FTP command USER
- wrong error message shown when certificate verification failed
- multi-part formpost with multi interface crash
- the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
- "SSL: couldn't set callback" is now treated as a less serious problem
- Interix build fix
- fixed curl "hang" when out of file handles at start
- prevent FTP uploads to URLs with trailing slash
salo [Wed, 22 Mar 2006 14:54:49 +0000 (14:54 +0000)]
#1244
salo [Wed, 22 Mar 2006 14:54:13 +0000 (14:54 +0000)]
Pullup ticket 1244 - requested by Takahiro Kambe
fix namazu2 dependency on File::MMagic
Revisions pulled up:
- pkgsrc/textproc/namazu2/Makefile 1.30
Module Name: pkgsrc
Committed By: wiz
Date: Sat Mar 18 22:22:31 UTC 2006
Modified Files:
pkgsrc/textproc/namazu2: Makefile
Log Message:
Depend on p5-File-MMagic>=1.25, from ISIHARA Takanori in PR 33099.
No PKGREVISION bump since older versions broke configure (-> no binary pkg).
salo [Fri, 17 Mar 2006 12:04:17 +0000 (12:04 +0000)]
#1226
salo [Fri, 17 Mar 2006 12:03:46 +0000 (12:03 +0000)]
Pullup ticket 1226 - requested by Takahiro Kambe
security update for namazu2
Revisions pulled up:
- pkgsrc/textproc/namazu2/Makefile 1.27, 1.29
- pkgsrc/textproc/namazu2/PLIST 1.11
- pkgsrc/textproc/namazu2/distinfo 1.8, 1.9
- pkgsrc/textproc/namazu2/patches/patch-ac removed
- pkgsrc/textproc/namazu2/patches/patch-ad removed
- pkgsrc/textproc/namazu2/patches/patch-ae removed
- pkgsrc/textproc/namazu2/patches/patch-af removed
- pkgsrc/textproc/namazu2/patches/patch-ag removed
- pkgsrc/textproc/namazu2/patches/patch-ah removed
- pkgsrc/textproc/namazu2/patches/patch-ai removed
- pkgsrc/textproc/namazu2/patches/patch-aj removed
- pkgsrc/textproc/namazu2/patches/patch-ak removed
Module Name: pkgsrc
Committed By: taca
Date: Thu Mar 2 16:02:37 UTC 2006
Modified Files:
pkgsrc/textproc/namazu2: Makefile PLIST distinfo
Removed Files:
pkgsrc/textproc/namazu2/patches: patch-ac patch-ad patch-ae patch-af
patch-ag patch-ah patch-ai patch-aj patch-ak
Log Message:
Update namazu2 pacakge to 2.0.15.
Overview of Changes in Namazu 2.0.15 - Jan. 29, 2006
* The mistake of the document concerning ISO-8859-* is corrected.
* RedHat software namazu.spec was taken in.
The unnecessary patch was deleted.
* Include File::MMagic 1.25.
* Support MeCab.
* Add -b and --use-mecab options for mknmz.
* Add --norc option for mknmz and namazu.
* Add --decode-base64 option for mknmz.
* Add new filters (Gnumeric, Koffice, Mainman/Pipermail, Zip, Visio).
* Add new directives for mknmzrc (MECAB, DENY_DDN).
To skip when filename is DDN.
* Add sorting function by date of field.
* Added new files (nmzcat, nmzegrep).
* Adapt new filter programs (wvWare 1.0.3, xlhtml 0.5.1, xpdf 3.01).
* For Windows of filter (msword.pl, excel.pl, powerpoint.pl,
postscript.pl, etc...).
* Ole control filter renewal.
* ';' can have been used for the delimiter of QUERY_STRING.
* Add the Perl version test program (pltests).
* Fix some bugs.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Mar 12 14:36:54 UTC 2006
Modified Files:
pkgsrc/textproc/namazu2: Makefile distinfo
Log Message:
Update namazu to 2.0.16.
Overview of Changes in Namazu 2.0.16 - Mar 12, 2006
* Directory traversal problem by lang and result of CGI parameter
is corrected.
* Substitution of "-r" that doesn't correspond to ACL of NTFS.
* It corresponds to the file name including space.
* For MeCab-perl-0.90rc10.
salo [Fri, 17 Mar 2006 11:25:28 +0000 (11:25 +0000)]
#1225
salo [Fri, 17 Mar 2006 11:25:04 +0000 (11:25 +0000)]
Pullup ticket 1225 - requested by Joerg Sonnenberger
security update for libextractor
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adam
Date: Sun Mar 5 22:06:38 UTC 2006
Modified Files:
pkgsrc/devel/libextractor: Makefile PLIST buildlink3.mk distinfo
pkgsrc/devel/libextractor/patches: patch-ab patch-ac
Removed Files:
pkgsrc/devel/libextractor/patches: patch-aa patch-ad patch-ae
Log Message:
Changes 0.5.10:
* Yet another round of XPDF-related security fixes.
* Mis-detection of man pages as part of TAR archives fixed.
* More Mime-types for the OLE2 extractor. Also ignore (harmless)
libc errors in plugins when extracting.
* More TAR improvements: keywords 'date' and 'format' are
extracted. More checksums variants were added. Long filenames
as produced by GNU and Schilling tar (possibly Solaris pax also)
are extracted.
Changes 0.5.9:
* Made TAR extractor parsing more robust.
* Fixing crash in MIME-extractor due to typo in the code.
* Fixed security problems in PDF extractor
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Mar 16 14:04:58 UTC 2006
Modified Files:
pkgsrc/devel/libextractor: distinfo
Added Files:
pkgsrc/devel/libextractor/patches: patch-aa
Log Message:
Stupid code using zlib's prototype header. Patch away.
salo [Thu, 16 Mar 2006 12:37:44 +0000 (12:37 +0000)]
#1223
salo [Thu, 16 Mar 2006 12:37:12 +0000 (12:37 +0000)]
Add missing patches for #1223
salo [Thu, 16 Mar 2006 12:36:33 +0000 (12:36 +0000)]
Pullup ticket 1223 - requested by Quentin Garnier
security update for php4
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: cube
Date: Fri Mar 3 07:11:34 UTC 2006
Modified Files:
pkgsrc/www/php4: Makefile Makefile.common PLIST distinfo
Added Files:
pkgsrc/www/php4/patches: patch-ao patch-ap
Removed Files:
pkgsrc/www/php4/patches: patch-ab patch-am patch-an
Log Message:
Update to version 4.4.2. Ok'd by jdolecek@.
This is a bug fix release, which addresses some security problems too.
The major points that this release corrects are:
* Prevent header injection by limiting each header to a single line.
* Possible XSS inside error reporting functionality.
* Missing safe_mode/open_basedir checks into cURL extension.
* Apache 2 regression with sub-request handling on non-Linux systems.
* key() and current() regression related to references.
This release also fixes about 30 other defects.
---
Module Name: pkgsrc
Committed By: cube
Date: Mon Mar 6 15:57:58 UTC 2006
Modified Files:
pkgsrc/www/php4: distinfo
pkgsrc/www/php4/patches: patch-ao
Log Message:
Increase memory limit when installing PEAR packages. This allows the
installation to go through on NetBSD/sparc64 (well, at least mine).
Failure reported by Joel Carnat.
salo [Wed, 15 Mar 2006 14:45:12 +0000 (14:45 +0000)]
#1215
salo [Wed, 15 Mar 2006 14:44:48 +0000 (14:44 +0000)]
Pullup ticket 1215 - requested by Adrian Portelli
security update for bugzilla
Revisions pulled up:
- pkgsrc/devel/bugzilla/Makefile 1.17
- pkgsrc/devel/bugzilla/PLIST 1.8
- pkgsrc/devel/bugzilla/distinfo 1.10
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Feb 21 16:48:55 UTC 2006
Modified Files:
pkgsrc/devel/bugzilla: Makefile PLIST distinfo
Log Message:
Update to 2.20.1
Make pkglint happer
This also fixes a number of security issues:
http://www.securityfocus.com/archive/1/425584/30/0/threaded
> Version 2.20.1
> --------------
>
> + Many PostgreSQL fixes, including fixing whine.pl on Pg 8
> (bug 301062) and fixing the --regenerate option of collectstats.pl
> for all versions of Pg (bug 316971). However, users who want full
> PostgreSQL support are encouraged to use the 2.22 series, as
> certain PostgreSQL bugs were discovered that will not be fixed
> in 2.20 (their fixes were too complex).
>
> + In Bugzilla 2.20, the "administrator" user created by checksetup.pl
> would not ever be sent email, because their email preferences were
> left blank. This has been fixed for 2.20.1. However, if you created
> this administrative user with Bugzilla 2.20, make sure to go back
> and enable their Email Preferences. (bug 317489)
>
> + The bzdbcopy.pl script mentioned in these release notes
> has now actually been checked-in to the 2.20 branch, and so
> it's included in this release. (bug 291776)
>
> + When there's only one Classification, you now won't be required
> to pick a Classification on bug entry. (bug 311489)
>
> + You can no longer add dependencies on bugs you can't see.
> (bug 141593)
>
> + The CC list is included in "New" bug emails, again. (bug 313661)
>
> + In the original 2.20, certain scripts were not correctly using
> the "shadow database," if it was specified. This has been fixed
> in 2.20.1. (bug 313695)
>
> + "Saved Searches" that were saved before Bugzilla 2.20, would throw
> an error if they contained "Days Since Bug Changed." as part of their
> criteria. This has been fixed in Bugzilla 2.20.1. (bug 302599)
>
> + You can now successfully delete a product even when Target Milestones
> are turned off. (bug 317025)
>
> + checksetup.pl now correctly pre-compiles templates for languages other
> than English. (bug 304417)
>
> + The "All Closed" chart that is created by default in New Charts
> now actually represents all closed bugs, and not all bugs in the
> product. (bug 300473)
>
> + CSV bug lists with more than 1000 dates now work properly. (bug 257813)
>
> + Various bugs with upgrading from previous versions of Bugzilla
> have been fixed. (bug 307662, bug 311047, bug 310108)
>
> + Many, many other bug fixes. See
> http://www.bugzilla.org/status/changes.html
> for details on what was fixed between 2.20 and 2.20.1.
salo [Wed, 15 Mar 2006 14:34:32 +0000 (14:34 +0000)]
#1214
salo [Wed, 15 Mar 2006 14:34:10 +0000 (14:34 +0000)]
Pullup ticket 1214 - requested by Julio M. Merino Vidal
security update for monotone
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: jmmv
Date: Thu Mar 9 20:30:16 UTC 2006
Modified Files:
pkgsrc/devel/monotone: Makefile distinfo
Log Message:
Update to 0.25.2:
0.25.2 release. Important security fix for Windows and OS X
users.
With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc". When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.
The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.
All users on Windows and OS X, or otherwise checking out
versioned source on a case-insensitive filesystem, are
recommended to upgrade immediately. Binaries used only for
serving, or only on case-insensitive filesystems (i.e., most
Unix users), are not affected.
(0.25.1 was never released in source form. The original
0.25 build for Windows was found to have problems on NT 4, and
0.25.1 was Windows-only rebuild with NT 4 compatible
libraries.)
salo [Wed, 15 Mar 2006 13:29:05 +0000 (13:29 +0000)]
#1207
salo [Wed, 15 Mar 2006 13:27:25 +0000 (13:27 +0000)]
Pullup ticket 1207 - requested by Thomas Klausner
security update for sun-j{re,dk}14
Revisions pulled up:
- pkgsrc/lang/sun-jdk14/Makefile 1.30, 1.31, 1.32
- pkgsrc/lang/sun-jdk14/PLIST 1.10
- pkgsrc/lang/sun-jdk14/buildlink3.mk 1.4, 1.5
- pkgsrc/lang/sun-jdk14/distinfo 1.16
- pkgsrc/lang/sun-jdk14/files/common 1.3
- pkgsrc/lang/sun-jre14/Makefile 1.35
- pkgsrc/lang/sun-jre14/PLIST 1.17
- pkgsrc/lang/sun-jre14/buildlink3.mk 1.4
- pkgsrc/lang/sun-jre14/distinfo 1.20
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 2 21:37:01 UTC 2006
Modified Files:
pkgsrc/lang/sun-jdk14: Makefile PLIST
pkgsrc/lang/sun-jdk14/files: common
Log Message:
Fix PLIST. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Mar 2 21:37:31 UTC 2006
Modified Files:
pkgsrc/lang/sun-jdk14: Makefile buildlink3.mk
Log Message:
pkgdelint.
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 7 03:22:31 UTC 2006
Modified Files:
pkgsrc/lang/sun-jdk14: Makefile distinfo
pkgsrc/lang/sun-jre14: Makefile PLIST distinfo
Log Message:
Update sun-j{re,dk}14 to 1.4.11:
Changes in 1.4.2_11
Exception message's size is more than doubled everytime an exception is thrown
CMS: assert during mark-word restoration
returning out of memory when -XX:+UseConcMarkSweepGC is used.
Concurrently memory allocation and JNI CS provoke OOM
Gc tests crashes on linux-ia64 at concurrentMarkSweepGeneration.cpp with -Xcongc
RFE: Stall allocation requests while heap is full and GC locker is held
Reduce default code cache sizes on 64-bit platforms
Intel IA64(Montecito) failed with 1.4.2_09
VM uselessly traps SIGCHLD on Linux (cleanup)
Linux build does not optimize AWT and other essential libraries
REGRESSION: ClassCastException in JISAutoDetect.java on 1.4.2_10
decodeText() doesn't convert from iso-2022-jp to Unicode for some Japanese chars
Increase compiler optimisation level for libfontmanager to improve runtime performance
Mouse Cursor should be the default cursor when ALT key is pressed, on win32
PIT: Default cursor is shown but changing when ALT key is down, on win32
RE 1.5.0_04 copy and paste fails in Modal JDialog
REGRESSION: 6 JCK14a api/java_lang/StrictMath tests fail on tiger
java.net.Socket checks for old-style impls
InetAddress never caches hostnames with upper case characters
(coll) Exception thrown while deserializing HashMap
(coll) The writeObject() specification in HashMap.java was changed in 1.4.2_11
Correction to the new Azerbaijani currency
(tz) Regression test java/util/TimeZone/SolarisTZVM.sh is failing on Solaris 10
GregorianCalendar doesn't work in non-lenient due to timezone bounds checking
(tz) Support tzdata2005n
(tz) java/util/TimeZone/WinTZVM.sh fails on amd64
New Azerbaijani currency
Cannot deserialize a Calendar with Security on
(tz) Incorrect default timezone for Santiago, Chile on Win32.
REGRESSION: serious performance degradation as GZIPInputStream is slower
Problem with jre 1.4.2_08 install/unistall script
The official version number is not correct in release notes
Java Process terminates abnormally, related to Attach/detatch operation in jni.cpp
realloc should not be used in cjavajni.cpp
Socket timeouts for SSLSockets causes data corruption
Changes in 1.4.2_10
hotspot crashes when c1 compiler thread is running in 6.0b26
hotspot crashes(SIGSEGV) when many local variables are used in one java program
JVM 1.4.2_06 crash in C2 compiler at IdealLoopTree::policy_do_remove_empty_loop
HotSpot compiler error (Error ID :
4F530E43505002EF 01) uploading large files
Full GC causes core
Hotspot problem with loop-variables of type long on jdk1.4.2/Itanium
CMS: perm gen expansion without explicit GC, but with concurrent cycle initiation.
CMS: more helpful message for concurrent mode failures
JVM crash in "instanceof" codelet, array of secondary supertypes at end of heap.
deadlock at VM startup when JVMPI / JDWP both enabled
Performance problems with com.sun.corba.se.impl packages in 5.0
1.4.2xx only: org.omg.CORBA.OBJECT_NOT_EXIST errors when using -Dcom.sun.CORBA.ORBServerPort
1.4.2xx only - Sun ORB Hang
Memory Leak in Class Loaders with RMI-IIOP
Worse performance of isSupported for JISAutoDetect (1.4.X)
ArrayIndexOutOfBoundsException when opening PrintDialog with HP LaserJet 1300
nsk/regression/
b4305163 test dumps core on solx86
Font.equals in 1.4.2 needs tightening to include the native font pointer.
NPE thrown when opening PrintDialog with HP LaserJet 8000N
java.awt.color.ICC_Profile should define serialVersionUID
Color Management code is not thread safe in HT/SMP machine
Component.removeNotify() should always deactivate InputContext
problem with DefaultPersistenceDelegate use of reflection
JRE 1.4.2_07 lacks support for Japanese on RHEL-4
(fs) FileChannelImpl.c: off64_t should be used for flock64 (F_SETLK64) in 1.4.2_07 (lnx)
(so) client does not see (NIO-created) socket close with SO_TIMEOUT
REGRESSION: Lock.java is failing with 1.4.2_10-b01 and passing with 1.4.2_09-b05
(se) DevPollSelectorProvider stops being the default on Solaris 10
Cannot Ctrl-Shift-Click to create disjoint selection interval in list
gif files not found error message displayed at console
Problem with applet interaction with system selection clipboard
New currencies for Afghanistan and East Timor
(rb) Update javadoc for java.util.ListResourceBundle class
ListResourceBundle subclasses should have protected getContents() returning Object[][] copy
GZipOutputStream/InputStream goes critical(calls JNI_Get*Critical) and causes slowness
GZipOutputStream/InputStream goes critical(calls JNI_Get*Critical) and causes slowness
GZipOutputStream/InputStream goes critical(calls JNI_Get*Critical) and causes slowness
Auto regression test 5098318 was failing with 142_10-b01
Auto regression test case 6282891 was failing with 142_10-b01(Compilation failed)
Auto regression test case 6232446 was failing with 142_10-b01 on Sol10-sparc
Manual regression testcase 4902977 scripts(runTest.ksh) has to be modified to support Suse9.3
Manual regression Testcase (4861802) is failing on Solaris10-sparc with 5.0u6_b02 and 1.4.2-10_b01
Manual Regression test 4974531 instructions need modification
TESTBUG: 6291034 testcase is failing with exit code1
SubClasses of ListResourceBundle should fix getContents()
Subclasses of ListResourceBundle should fix getContents()
FileCacheImageInputStream and FileCacheImageOutputStream should avoid File.deleteOnExit
JAR verification causes significant footprint increases
1.4.2_10 nightly build failed
creating JVM via C program "steals" space from main thread stack rendering JNI useless
Auto regression testcases(sun/tools/jps/jps-*.sh) is failing.
java launcher should define -Dsun.java.launcher
IFrame in Applet flickers
Applet will not reauthenticate user when returning from another applet
java web start cannot start on linux with newer glibc
SubClasses of ListResourceBundle should fix getContents()
Testcase TestMaliciousSigObj.java in JCE workspace has an extra closing brace
Cached Jar file should be released on appl. exit even that is opended by Cipher
intermittent "RSA PreMasterSecret error" during ssl handshake
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 7 04:36:21 UTC 2006
Modified Files:
pkgsrc/lang/sun-jre14: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED for security fix.
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 7 04:39:19 UTC 2006
Modified Files:
pkgsrc/lang/sun-jdk14: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED for security fix.
salo [Wed, 15 Mar 2006 12:08:25 +0000 (12:08 +0000)]
#1186
salo [Wed, 15 Mar 2006 12:07:55 +0000 (12:07 +0000)]
Pullup ticket 1186 - requested by Martti Kuparinen
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.65, 1.66, 1.68, 1.69
- pkgsrc/mail/squirrelmail/PLIST 1.17
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.6, 1.7
- pkgsrc/mail/squirrelmail/distinfo 1.30
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
- pkgsrc/mail/squirrelmail/patches/patch-ad removed
- pkgsrc/mail/squirrelmail/patches/patch-ae removed
- pkgsrc/mail/squirrelmail/patches/patch-af removed
- pkgsrc/mail/squirrelmail/patches/patch-ag removed
- pkgsrc/mail/squirrelmail/patches/patch-ah removed
- pkgsrc/mail/squirrelmail/plugin.mk 1.3
- pkgsrc/mail/squirrelmail-decode/Makefile 1.3
- pkgsrc/mail/squirrelmail-locales/Makefile 1.11, 1.12, 1.13, 1.14
- pkgsrc/mail/squirrelmail-locales/PLIST 1.5, 1.6, 1.7
- pkgsrc/mail/squirrelmail-locales/distinfo 1.4
- pkgsrc/mail/ja-squirrelmail/Makefile 1.23, 1.24, 1.26
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:56:59 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use SUBST framework. Replace some "find foo | xargs bar" with
"find foo -exec bar {} \;" while here, the former is faster, but can't
cope with all quoting issues and is also more likely to hit argument
length limits. CONFLICT to ja-squirrelmail.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:57:26 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:17 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:44 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 17 07:04:25 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk
pkgsrc/mail/squirrelmail-locales: Makefile
Log Message:
Fixed warnings found by pkglint -Wall.
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:12:14 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae
patch-af patch-ag patch-ah
Log Message:
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:13:00 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo
Log Message:
Updated squirrelmail-locales to 1.4.6
* sync with squirrelmail 1.4.6
---
Module Name: pkgsrc
Committed By: cube
Date: Wed Mar 1 06:39:52 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Mar 2 07:41:44 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-decode: Makefile
Log Message:
Fix pkglint -Wall warnings.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Mar 15 11:48:29 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST. (hi cube and martti!)
snj [Sat, 11 Mar 2006 04:49:20 +0000 (04:49 +0000)]
1206
snj [Sat, 11 Mar 2006 04:47:51 +0000 (04:47 +0000)]
Pullup ticket 1206 - requested by Joerg Sonnenberger
security updates for sun-j{re,dk}13
Revisions pulled up:
- pkgsrc/lang/sun-jre13/Makefile 1.43
- pkgsrc/lang/sun-jre13/distinfo 1.16
- pkgsrc/lang/sun-jdk13/Makefile 1.38
- pkgsrc/lang/sun-jdk13/distinfo 1.18
Module Name: pkgsrc
Committed By: abs
Date: Wed Dec 28 09:21:57 UTC 2005
Modified Files:
pkgsrc/lang/sun-jre13: Makefile distinfo
Log Message:
Update lang/sun-jre13 to sun-jre13-1.0.17.
Changes since sun-jre13-1.0.16
- REGRESSION: hotspot c2 crash running rmi JCK tests
- server VM crashes with -Xcomp in 1.4.2_05
- Crashes at Function name=JVM_GetCPFieldSignatureUTF in jdk 1.3.1_13
- Exception message's size is more than doubled everytime an
exception is thrown
- RFE: Stall allocation requests while heap is full and GC locker
is held
- VolanoTest OOM with mustang b14
- JVMPI obj_frees come before method_exits
- improve the performance of GC_locker
- JRE/Browser crash during repaint - IE/XP on MP or HT systems.
- GregorianCalendar returns bad WEEK_OF_YEAR
- Escalation: broken for time zone issue with date on windows
- Memory leak due to unreferenced Objects created via 1.3.1 ActiveX
bridge
- Possible regression in ActiveX Bridge 1.3.1_13 and higher
- Beans extending JPanel class are not released when created via
1.3.1 ActiveX bridge
---
Module Name: pkgsrc
Committed By: abs
Date: Wed Dec 28 09:22:31 UTC 2005
Modified Files:
pkgsrc/lang/sun-jdk13: Makefile distinfo
Log Message:
Update lang/sun-jdk13 to sun-jre13-1.0.17.
Changes since sun-jdk13-1.0.16
- REGRESSION: hotspot c2 crash running rmi JCK tests
- server VM crashes with -Xcomp in 1.4.2_05
- Crashes at Function name=JVM_GetCPFieldSignatureUTF in jdk 1.3.1_13
- Exception message's size is more than doubled everytime an
exception is thrown
- RFE: Stall allocation requests while heap is full and GC locker
is held
- VolanoTest OOM with mustang b14
- JVMPI obj_frees come before method_exits
- improve the performance of GC_locker
- JRE/Browser crash during repaint - IE/XP on MP or HT systems.
- GregorianCalendar returns bad WEEK_OF_YEAR
- Escalation: broken for time zone issue with date on windows
- Memory leak due to unreferenced Objects created via 1.3.1 ActiveX
bridge
- Possible regression in ActiveX Bridge 1.3.1_13 and higher
- Beans extending JPanel class are not released when created via
1.3.1 ActiveX bridge
snj [Sat, 11 Mar 2006 04:18:08 +0000 (04:18 +0000)]
1205
snj [Sat, 11 Mar 2006 04:17:55 +0000 (04:17 +0000)]
Pullup ticket 1205 - requested by Joerg Sonnenberger
security fix for libast
Revisions pulled up:
- pkgsrc/devel/libast/Makefile 1.20
- pkgsrc/devel/libast/distinfo 1.4
- pkgsrc/devel/libast/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Tue Mar 7 02:30:41 UTC 2006
Modified Files:
pkgsrc/devel/libast: Makefile distinfo
Added Files:
pkgsrc/devel/libast/patches: patch-aa
Log Message:
Backport fix for CVE-
20060224.
snj [Sat, 11 Mar 2006 04:10:40 +0000 (04:10 +0000)]
1204
snj [Sat, 11 Mar 2006 04:10:27 +0000 (04:10 +0000)]
Pullup ticket 1204 - requested by Joerg Sonnenberger
security fix for exim3
Revisions pulled up:
- pkgsrc/mail/exim3/Makefile 1.31
- pkgsrc/mail/exim3/distinfo 1.9
- pkgsrc/mail/exim3/patches/patch-ao 1.1
- pkgsrc/mail/exim3/patches/patch-ap 1.1
Module Name: pkgsrc
Committed By: joerg
Date: Mon Mar 6 22:49:16 UTC 2006
Modified Files:
pkgsrc/mail/exim3: Makefile distinfo
Added Files:
pkgsrc/mail/exim3/patches: patch-ao patch-ap
Log Message:
Fix parsing of IPv6 address possibly result in privilege escalation.
snj [Sat, 11 Mar 2006 03:48:16 +0000 (03:48 +0000)]
1203
snj [Sat, 11 Mar 2006 03:48:05 +0000 (03:48 +0000)]
Pullup ticket 1203 - requested by Joerg Sonnenberger
security fix for tuxpaint
Revisions pulled up:
- pkgsrc/graphics/tuxpaint/Makefile 1.35
- pkgsrc/graphics/tuxpaint/distinfo 1.18
- pkgsrc/graphics/tuxpaint/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jan 17 22:48:57 UTC 2006
Modified Files:
pkgsrc/graphics/tuxpaint: Makefile distinfo
Added Files:
pkgsrc/graphics/tuxpaint/patches: patch-ac
Log Message:
Add a patch via Debain to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be
exploited via symlink attacks to create or overwrite arbitrary files with
the privileges of the user running the affected script."
Bump to nb6.
snj [Sat, 11 Mar 2006 03:36:17 +0000 (03:36 +0000)]
1212
snj [Sat, 11 Mar 2006 03:35:58 +0000 (03:35 +0000)]
Pullup ticket 1212 - requested by Adrian Portelli
security update for snort
Revisions pulled up:
- pkgsrc/net/snort/distinfo 1.33, 1.34
- pkgsrc/net/snort/patches/patch-aa 1.13
- pkgsrc/net/snort/Makefile.common 1.32
Module Name: pkgsrc
Committed By: joerg
Date: Thu Feb 16 20:45:52 UTC 2006
Modified Files:
pkgsrc/net/snort: distinfo
pkgsrc/net/snort/patches: patch-aa
Log Message:
Fix errno.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Mar 9 09:37:44 UTC 2006
Modified Files:
pkgsrc/net/snort: Makefile.common distinfo
Log Message:
Update to 2.4.4
This includes the fix for:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0839
> +2006-02-20 Steven Sturges <ssturges@sourcefire.com>
> + * src/preprocessors/spp_frag3.c:
> + * configure.in:
> + Fix ip options handling. Thanks to Vyacheslav Burdjanadze for
> + finding the issue.
> +
> +2006-01-09 Steven Sturges <ssturges@sourcefire.com>
> + * src/sfutil/mwm.c:
> + Fixed bug with multiple recurring patterns in Wu-Manbher
> + implementation.
> + Thanks to Evan Stawnyczy for pointing it out an Marc Norton for
> + the fix.
> + * src/parser/IpAddrSet.c:
> + Fixed problem with parsing conf file and rules when DNS is not
> + working.
> + Thanks Martin Olsson for mentioning this and testing the fix.
> + * src/preprocessors/spp_perfmonitor.c:
> + * src/preprocessors/perf-base.c:
> + Handle wrapping on 64-bit platforms
> +
> +2005-11-17 Andrew Mullican <amullican@sourcefire.com>
> + * src/sfutil/sfxhash.c:
> + * src/preprocessors/portscan.c:
> + Add tracker without using bogus data, to avoid internal buffer
> + overrun.
> + Thanks Sandro Poppi for the find.
> +
> +2005-11-11 Steven Sturges <ssturges@sourcefire.com>
> + * src/snort.c:
> + Allow value of 0 to be used with -G flag
> + * src/preprocessors/spp_bo.c:
> + Code Cleanup
> + * src/preprocessors/spp_frag3.c:
> + Fix memory leak and mishandling of IP Options. Thanks Yin
> + Zhaohui for the find.
snj [Sat, 11 Mar 2006 03:22:01 +0000 (03:22 +0000)]
1218
snj [Sat, 11 Mar 2006 03:21:36 +0000 (03:21 +0000)]
Pullup ticket 1218 - requested by Geert Hendrickx
security update for gnupg
Changes:
- pkgsrc/security/gnupg/Makefile 1.82
- pkgsrc/security/gnupg/distinfo 1.38
Module Name: pkgsrc
Committed By: ghen
Date: Fri Mar 10 15:10:08 UTC 2006
Modified Files:
pkgsrc/security/gnupg: Makefile distinfo
Log Message:
Update gnupg to 1.4.2.2, fixing another vulnerability:
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
seb [Wed, 8 Mar 2006 22:43:12 +0000 (22:43 +0000)]
#1164
seb [Wed, 8 Mar 2006 22:41:43 +0000 (22:41 +0000)]
Pullup ticket 1164 - requested by Joerg Sonnenberger
mostly sync databases/postgresql73{,-client,-docs,-lib,-plperl,-pltcl,-server}, databases/{tcl,tk}-postgresql73 with HEAD, via patch, including security fix.
branch-fixup [Mon, 6 Mar 2006 22:49:16 +0000 (22:49 +0000)]
Add files from parent branch HEAD:
mail/exim3/patches/patch-ao
mail/exim3/patches/patch-ap
branch-fixup [Mon, 6 Mar 2006 15:57:58 +0000 (15:57 +0000)]
Add files from parent branch HEAD:
www/php4/patches/patch-ao
branch-fixup [Fri, 3 Mar 2006 07:11:34 +0000 (07:11 +0000)]
Add files from parent branch HEAD:
www/php4/patches/patch-ap
seb [Thu, 2 Mar 2006 00:33:20 +0000 (00:33 +0000)]
whitespace and style fix for ticket #1163 entry
seb [Thu, 2 Mar 2006 00:31:41 +0000 (00:31 +0000)]
#1165
seb [Thu, 2 Mar 2006 00:30:16 +0000 (00:30 +0000)]
Pullup ticket 1165 - requested by Joerg Sonnenberger
mostly sync databases/postgresql80{,-client,-plperl,-plpython,-pltcl,-server} with HEAD, via patch, including security fix.
seb [Sun, 26 Feb 2006 22:09:47 +0000 (22:09 +0000)]
#1163
seb [Sun, 26 Feb 2006 22:01:11 +0000 (22:01 +0000)]
Pullup ticket 1163 - requested by Joerg Sonnenberger
mostly sync databases/postgresql74, databases/tcl-postgresql74, and databases/postgresql74-{client,contrib,docs,lib,plperl,plpython,server} with HEAD, via patch, including security fix.
salo [Sat, 25 Feb 2006 01:26:38 +0000 (01:26 +0000)]
#1153
salo [Sat, 25 Feb 2006 01:25:46 +0000 (01:25 +0000)]
Pullup ticket 1153 - requested by Martti Kuparinen
PLIST fix for xfce4-print
Revisions pulled up:
- pkgsrc/print/xfce4-print/Makefile 1.16
- pkgsrc/print/xfce4-print/PLIST 1.13
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 20 08:17:09 UTC 2006
Modified Files:
pkgsrc/print/xfce4-print: Makefile PLIST
Log Message:
Fix build problems on Solaris (pkg/32875).
This change does not affect other platforms and as it was not building
correctly on Solaris I see no reason for PKGREVISION bump.
salo [Fri, 24 Feb 2006 15:44:43 +0000 (15:44 +0000)]
#1158
salo [Fri, 24 Feb 2006 15:44:23 +0000 (15:44 +0000)]
Pullup ticket 1158 - requested by Thomas Klausner
security fix for bomberclone
Revisions pulled up:
- pkgsrc/games/bomberclone/Makefile 1.20
- pkgsrc/games/bomberclone/distinfo 1.10
- pkgsrc/games/bomberclone/patches/patch-ac 1.1
- pkgsrc/games/bomberclone/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Tue Feb 21 22:44:53 UTC 2006
Modified Files:
pkgsrc/games/bomberclone: Makefile distinfo
Added Files:
pkgsrc/games/bomberclone/patches: patch-ac patch-ad
Log Message:
Add patches for fixing
http://www.gentoo.org/security/en/glsa/glsa-200602-09.xml
from Gentoo.
branch-fixup [Tue, 21 Feb 2006 22:44:53 +0000 (22:44 +0000)]
Add files from parent branch HEAD:
games/bomberclone/patches/patch-ac
games/bomberclone/patches/patch-ad
salo [Tue, 21 Feb 2006 15:23:13 +0000 (15:23 +0000)]
#1155
salo [Tue, 21 Feb 2006 15:22:51 +0000 (15:22 +0000)]
Pullup ticket 1155 - requested by Geert Hendrickx
security update for opera
Revisions pulled up:
- pkgsrc/www/opera/Makefile 1.53, 1.54
- pkgsrc/www/opera/distinfo 1.13
Module Name: pkgsrc
Committed By: ghen
Date: Tue Feb 21 10:13:43 UTC 2006
Modified Files:
pkgsrc/www/opera: Makefile distinfo
Log Message:
Update to Opera 8.52.
This release is a recommended security upgrade.
Changes since 8.51:
Display
* Fixed drop-down list problem affecting Bloglines subscription
sorting.
Security
* Replaced expired certificates from TrustCenter.
* Solved status bar issue described in Secunia Advisory 17571.
* Implemented stricter handling of the Online Certificate Status
Protocol (OCSP).
Miscellaneous
* Fixed problem with missing keypresses when switching between
applications.
* Fixed GDI leak issue with favicons causing slowdowns and crashes.
* Fixed Gmail loading problem.
---
Module Name: pkgsrc
Committed By: ghen
Date: Tue Feb 21 10:31:22 UTC 2006
Modified Files:
pkgsrc/www/opera: Makefile
Log Message:
Static and shared builds are in separate download directories now,
so update OPERA_DIR.
salo [Mon, 20 Feb 2006 14:01:43 +0000 (14:01 +0000)]
#1150
salo [Mon, 20 Feb 2006 14:01:23 +0000 (14:01 +0000)]
Pullup ticket 1150 - requested by Adrian Portelli
security fix for honeyd
Patch provided by the submitter.
http://www.honeyd.org/adv.2006-01
salo [Mon, 20 Feb 2006 13:37:46 +0000 (13:37 +0000)]
#1143
salo [Mon, 20 Feb 2006 13:37:13 +0000 (13:37 +0000)]
Pullup ticket 1143 - requested by Thomas Klausner
security update for tin
Revisions pulled up:
- pkgsrc/news/tin/Makefile 1.23, 1.25
- pkgsrc/news/tin/PLIST 1.4, 1.5
- pkgsrc/news/tin/distinfo 1.10, 1.11
- pkgsrc/news/tin/options.mk 1.1, 1.2, 1.3, 1.4
- pkgsrc/news/tin/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 1 16:10:29 UTC 2006
Modified Files:
pkgsrc/news/tin: Makefile PLIST distinfo
pkgsrc/news/tin/patches: patch-aa
Added Files:
pkgsrc/news/tin: options.mk
Log Message:
Update to 1.8.0.
Convert to options framework.
Prefer package version to internal version of pcre.
Add curses and inet6 options.
New features and changes since tin-1.6.0
Changes
-------
. interactive mailer can now be fed with headers. The old use_mailreader_i
config variable is obsolete and superseded by the new interactive_mailer
variable that can have three values:
0 no interactive mailreader (old use_mailreader_i=OFF)
1 interactive mailreader with headers
2 interactive mailreader without headers (old use_mailreader_i=ON)
New features
------------
. You can now specify a mailbox folder to save your sent mails (fcc=) so
you possibly don't need auto_cc or auto_bcc anymore. See tin(5).
. x_headers can take a command which generates the header(s). See tin(5).
. mime_forward (message/rfc822) attributes option
. single line scrolling in all levels
. minimalistic BiDi support (render_bidi)
. minimalistic IDNA decoding support
. display non-printable characters as octals in raw-mode
. user defined date_format
. support non-ascii key-bindings
. 'percentage match' threading
Retired Features
----------------
. AmigaOS support
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 1 16:10:52 UTC 2006
Modified Files:
pkgsrc/news/tin: options.mk
Log Message:
Mention when to remove PKG_OPTIONS_LEGACY_VARS line.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 1 18:52:27 UTC 2006
Modified Files:
pkgsrc/news/tin: options.mk
Log Message:
Fix comment.
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 3 00:06:49 UTC 2006
Modified Files:
pkgsrc/news/tin: options.mk
Log Message:
Add icu option, default off.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Feb 16 18:01:06 UTC 2006
Modified Files:
pkgsrc/news/tin: Makefile PLIST distinfo
Log Message:
Update to 1.8.1:
-- 1.8.1 release
20060215 "Mealasta" --
U062) Aleksey Salow
BUG. possible buffer overflow
FIX. mail.c
U061) Daniel Nylander
ADD. initial swedish translation
FIX. sv.po
U060) Chung-chieh Shan
BUG. bogus '/' in MAILDIR_NEW
FIX. misc.c
U059) Thomas E. Dickey
Urs Janssen
BUG. build problem on Mac OS X
FIX. tin.h, header.c, nntplib.c
U058) Urs Janssen
ADD. config.guess, config.sub update
FIX. config.guess, config.sub
U057) Andrey Simonenko
ADD. updated russian translation
FIX. ru.po
salo [Thu, 16 Feb 2006 15:00:42 +0000 (15:00 +0000)]
#1141
salo [Thu, 16 Feb 2006 15:00:21 +0000 (15:00 +0000)]
Pullup ticket 1141 - requested by Matthias Drochner
security update for gnupg
Revisions pulled up:
- pkgsrc/security/gnupg/Makefile 1.81
- pkgsrc/security/gnupg/distinfo 1.36, 1.37
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 15 19:10:20 UTC 2006
Modified Files:
pkgsrc/security/gnupg: Makefile distinfo
Log Message:
update to 1.4.2.1
this fixes a false positive signature verification if only the exit
code of "gpgv" or "gpg --verify" is used
---
Module Name: pkgsrc
Committed By: tron
Date: Wed Feb 15 22:26:46 UTC 2006
Modified Files:
pkgsrc/security/gnupg: distinfo
Log Message:
Readd checksum for "idea.c.gz" which got lost during the last update.
salo [Thu, 16 Feb 2006 14:48:09 +0000 (14:48 +0000)]
#1138
salo [Thu, 16 Feb 2006 14:47:48 +0000 (14:47 +0000)]
Pullup ticket 1138 - requested by Joerg Sonnenberger
security update for lighttpd
Revisions pulled up:
- pkgsrc/www/lighttpd/Makefile 1.8, 1.9
- pkgsrc/www/lighttpd/PLIST 1.3
- pkgsrc/www/lighttpd/distinfo 1.5
- pkgsrc/www/lighttpd/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Wed Feb 15 16:46:32 UTC 2006
Modified Files:
pkgsrc/www/lighttpd: Makefile distinfo
Added Files:
pkgsrc/www/lighttpd/patches: patch-aa
Log Message:
Update lighttpd to 1.4.10.
From NEWS:
1.4.10 - 2005-02-08
* added docs for mod_dirlisting
* added fastcgi.map-extensions to mod_fastcgi
* fixed load balancing for mod_fastcgi
* fixed extra newline for syslog() in mod_accesslog
* fixed user-track cookie for IE in mod_usertrack
* fixed crash in digest handling in mod_auth
* fixed handling of 301 response-bodies from a mod_proxy backend
* fixed loading of base modules if server.modules is not set
* fixed broken cgi if mod_scgi is loaded
1.4.9 - 2006-01-14
* added server.core-files option (sandy <sandy@meebo.com>)
* added docs for mod_status
* added mod_evasive to limit the number of connections by IP
(<w1zzard@techpowerup.com>)
* added the power-magnet to mod_cml
* added internal statistics to mod_fastcgi
* added server.statistics-url to get internal statistics from
mod_status
* added support for conditional range-requests through If-Range
* added static building via scons
* fixed 100% cpu loops in mod_cgi ("sandy" <sjen@cs.stanford.edu>)
* fixed handling for secure-download.timeout (jamis@37signals.com)
* fixed IE bug in content-charset in the output of mod_dirlisting
(sniper@php.net)
* fixed typos and language in the docs (ryan-2005@ryandesign.com)
* fixed assertion in mod_cgi on HEAD request is Content-Length
(<sandy@meebo.com>)
* fixed handling if equal but duplicate If-Modified-Since request
headers
* fixed endless loops in mod_fastcgi if backend is dead
* fixed Depth: 1 handling in PROPFIND requests on empty dirs
* fixed encoding of UTF8 encoded dirlistings (Jani Taskinen
<sniper@iki.fi>)
* fixed initial bind to a unix-domain socket through server.bind
* fixed handling of lowercase filesystems
* fixed duplicate request headers cause by mod_setenv
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Feb 15 21:15:45 UTC 2006
Modified Files:
pkgsrc/www/lighttpd: Makefile PLIST
Log Message:
Add mod_evasive to PLIST. Bump revision.
salo [Thu, 16 Feb 2006 00:26:00 +0000 (00:26 +0000)]
#1139
salo [Thu, 16 Feb 2006 00:25:30 +0000 (00:25 +0000)]
Pullup ticket 1139 - requested by Joerg Sonnenberger
security fix for cups
Revisions pulled up:
- pkgsrc/print/cups/Makefile patch
- pkgsrc/print/cups/distinfo 1.37
- pkgsrc/print/cups/patches/patch-ap 1.6
- pkgsrc/print/cups/patches/patch-be 1.2
Module Name: pkgsrc
Committed By: joerg
Date: Wed Feb 15 19:06:13 UTC 2006
Modified Files:
pkgsrc/print/cups: distinfo
pkgsrc/print/cups/patches: patch-be
Added Files:
pkgsrc/print/cups/patches: patch-ap
Log Message:
Port the security fixes for SA18303 from print/xpdf to print/cups.
salo [Wed, 15 Feb 2006 15:50:38 +0000 (15:50 +0000)]
#1137
salo [Wed, 15 Feb 2006 15:50:11 +0000 (15:50 +0000)]
Pullup ticket 1137 - requested by Joerg Sonnenberger
remove xmysqladmin
Module Name: pkgsrc
Committed By: joerg
Date: Wed Feb 15 15:07:46 UTC 2006
Removed Files:
pkgsrc/databases/xmysqladmin: DESCR Makefile PLIST distinfo
pkgsrc/databases/xmysqladmin/patches: patch-aa
Log Message:
Remove xmysqladmin. Upstream seemingly abandoned it years ago, the
maintainer hasn't used it for ages and the code has serious
security issues.
salo [Wed, 15 Feb 2006 15:45:43 +0000 (15:45 +0000)]
#1133
salo [Wed, 15 Feb 2006 15:45:17 +0000 (15:45 +0000)]
Pullup ticket 1133 - requested by Joerg Sonnenberger
fix race condition in xorg's Xsession
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: joerg
Date: Tue Feb 14 16:10:40 UTC 2006
Modified Files:
pkgsrc/x11/xorg-clients: Makefile
pkgsrc/x11/xorg-libs: distinfo
pkgsrc/x11/xorg-libs/patches: patch-ax
Log Message:
Fix race condition in xdm's Xsession. From PR 32804.
salo [Wed, 15 Feb 2006 14:12:42 +0000 (14:12 +0000)]
#1136
salo [Wed, 15 Feb 2006 14:12:20 +0000 (14:12 +0000)]
Pullup ticket 1136 - requested by Martti Kuparinen
security update for php5
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.24, 1.25, 1.27
- pkgsrc/lang/php5/Makefile.common 1.14, 1.15
- pkgsrc/lang/php5/PLIST 1.9, 1.10
- pkgsrc/lang/php5/buildlink3.mk 1.10
- pkgsrc/lang/php5/distinfo 1.14
- pkgsrc/lang/php5/patches/patch-ag 1.2
- pkgsrc/lang/php5/patches/patch-ak 1.2
- pkgsrc/lang/php5/patches/patch-aj 1.3
- pkgsrc/lang/php5/patches/patch-ao 1.3
Module Name: pkgsrc
Committed By: reed
Date: Wed Jan 4 17:44:24 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile
Log Message:
Use PKGMANDIR instead of "man".
---
Module Name: pkgsrc
Committed By: rillig
Date: Thu Feb 2 20:31:17 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile PLIST
Log Message:
Added two missing files to the PLIST. Bumped PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 6 06:39:59 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common PLIST buildlink3.mk
distinfo
pkgsrc/lang/php5/patches: patch-ag patch-aj patch-ak patch-ao
Log Message:
Updated lang/php5 to 5.1.2
* HTTP Response Splitting has been addressed in ext/session and in
the header() function.
* Fixed format string vulnerability in ext/mysqli.
* Fixed possible cross-site scripting problems in certain error
conditions.
* Hash & XMLWriter extensions added and enabled by default.
* Upgraded OCI8 extension.
* Over 85 various bug fixes.
(I haven't heard anything from the MAINTAINER but since this works fine
on my servers and as this fixes security issues I checked in this)
---
Module Name: pkgsrc
Committed By: jdolecek
Date: Mon Feb 6 20:12:55 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile.common
Log Message:
add fix to build php-xmlrpc and php5-dom successfully with 5.1.2
salo [Tue, 14 Feb 2006 17:35:55 +0000 (17:35 +0000)]
#1125
salo [Tue, 14 Feb 2006 17:35:33 +0000 (17:35 +0000)]
Pullup ticket 1125 - requested by Matthias Drochner
security updates for libtasn1 and gnutls
Revisions pulled up:
- pkgsrc/security/libtasn1/Makefile 1.20
- pkgsrc/security/libtasn1/distinfo 1.11
Gnutls updated via patch.
Module Name: pkgsrc
Committed By: drochner
Date: Fri Feb 10 12:39:25 UTC 2006
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
pkgsrc/security/libtasn1: Makefile distinfo
Log Message:
update libtasn1 to 0.2.18 and gnutls to 1.2.10
fixes possible DOS (crash by invalid DER input) "GNUTLS-SA-2006-1"
salo [Tue, 14 Feb 2006 15:35:54 +0000 (15:35 +0000)]
#1131
salo [Tue, 14 Feb 2006 15:35:31 +0000 (15:35 +0000)]
Pullup ticket 1131 - requested by Simon Burge
security update for adzap
Revisions pulled up:
- pkgsrc/www/adzap/Makefile 1.56
- pkgsrc/www/adzap/distinfo 1.38
Module Name: pkgsrc
Committed By: simonb
Date: Mon Feb 13 23:44:21 UTC 2006
Modified Files:
pkgsrc/www/adzap: Makefile distinfo
Log Message:
Update to version
20060203.
Fixes DoS reported in http://secunia.com/advisories/18771/.
More ad pattern updates as well.
salo [Tue, 14 Feb 2006 15:04:32 +0000 (15:04 +0000)]
#1130
salo [Tue, 14 Feb 2006 15:04:11 +0000 (15:04 +0000)]
Pullup ticket 1130 - requested by Joerg Sonnenberger
security fix for exim3
Revisions pulled up:
- pkgsrc/mail/exim3/Makefile 1.30
- pkgsrc/mail/exim3/distinfo 1.8
- pkgsrc/mail/exim3/patches/patch-ai 1.1
- pkgsrc/mail/exim3/patches/patch-aj 1.1
- pkgsrc/mail/exim3/patches/patch-ak 1.1
- pkgsrc/mail/exim3/patches/patch-al 1.1
- pkgsrc/mail/exim3/patches/patch-am 1.1
- pkgsrc/mail/exim3/patches/patch-an 1.1
Module Name: pkgsrc
Committed By: joerg
Date: Mon Feb 13 23:20:32 UTC 2006
Modified Files:
pkgsrc/mail/exim3: Makefile distinfo
Added Files:
pkgsrc/mail/exim3/patches: patch-ai patch-aj patch-ak patch-al
patch-am patch-an
Log Message:
Don't use shiped PCRE version, since it is very old and most likely
vulnerable. Bump revision.
salo [Tue, 14 Feb 2006 14:22:44 +0000 (14:22 +0000)]
#1129
salo [Tue, 14 Feb 2006 14:22:21 +0000 (14:22 +0000)]
Pullup ticket 1129 - requested by Min Sik Kim
distfile update for db4
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: minskim
Date: Thu Feb 9 22:07:12 UTC 2006
Modified Files:
pkgsrc/databases/db4: Makefile distinfo
Log Message:
Set DIST_SUBDIR due to the distfile change (.java files were removed).
branch-fixup [Mon, 13 Feb 2006 23:20:32 +0000 (23:20 +0000)]
Add files from parent branch HEAD:
mail/exim3/patches/patch-ai
mail/exim3/patches/patch-aj
mail/exim3/patches/patch-ak
mail/exim3/patches/patch-al
mail/exim3/patches/patch-am
mail/exim3/patches/patch-an
salo [Mon, 13 Feb 2006 16:07:32 +0000 (16:07 +0000)]
#1127
salo [Mon, 13 Feb 2006 16:07:08 +0000 (16:07 +0000)]
Pullup ticket 1127 - requested by Joerg Sonnenberger
security fix for blender
Patch provided by the submitter.
The fix is from Ubuntu.
salo [Mon, 13 Feb 2006 13:23:46 +0000 (13:23 +0000)]
#1126
salo [Mon, 13 Feb 2006 13:23:24 +0000 (13:23 +0000)]
Pullup ticket 1126 - requested by Joerg Sonnenberger
GCC 3.4 and newer build fix for taglib
Revisions pulled up:
- pkgsrc/audio/taglib/files/id3lib_strings.h 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jan 11 16:41:45 UTC 2006
Modified Files:
pkgsrc/audio/taglib/files: id3lib_strings.h
Log Message:
Get a newer local version of id3lib_strings.h, which works with GCC 3.4+.
salo [Mon, 13 Feb 2006 11:06:55 +0000 (11:06 +0000)]
#1124
salo [Mon, 13 Feb 2006 11:06:05 +0000 (11:06 +0000)]
Pullup ticket #1124 - requested by Joerg Sonnenberger
security fix for blender
Revisions pulled up:
- pkgsrc/graphics/blender/Makefile patch
- pkgsrc/graphics/blender/distinfo patch
- pkgsrc/graphics/blender/patches/patch-aa 1.5
Module Name: pkgsrc
Committed By: joerg
Date: Sun Feb 12 21:52:19 UTC 2006
Modified Files:
pkgsrc/graphics/blender: Makefile distinfo
Added Files:
pkgsrc/graphics/blender/patches: patch-aa
Log Message:
Fix an Apple specific buffer overflow. To skip the first argument from
Finder, some copying to and from a local buffer in main is done, without
argument checking.
When a web browser or MUA is configured to start Blender automatically,
this might be exploitable to gain priviledges of the current user.
This is related to CVE-2005-3151.
salo [Mon, 13 Feb 2006 10:10:33 +0000 (10:10 +0000)]
#1121
salo [Mon, 13 Feb 2006 10:10:06 +0000 (10:10 +0000)]
Pullup ticket 1121 - requested by Roland Illig
MIPSpro build fix for gtar-base
Revisions pulled up:
- pkgsrc/archivers/gtar-base/distinfo 1.16
- pkgsrc/archivers/gtar-base/patches/patch-ah 1.3
Module Name: pkgsrc
Committed By: rillig
Date: Sat Jan 28 02:03:58 UTC 2006
Modified Files:
pkgsrc/archivers/gtar-base: distinfo
Added Files:
pkgsrc/archivers/gtar-base/patches: patch-ah
Log Message:
Added a patch to support MIPSpro.
salo [Sun, 12 Feb 2006 02:19:41 +0000 (02:19 +0000)]
#1119
salo [Sun, 12 Feb 2006 02:19:20 +0000 (02:19 +0000)]
Pullup ticket 1119 - requested by Stoned Elipot
security fix for gcpio
Revisions pulled up:
- pkgsrc/archivers/gcpio/Makefile 1.29
- pkgsrc/archivers/gcpio/distinfo 1.10
- pkgsrc/archivers/gcpio/patches/patch-ak 1.2
- pkgsrc/archivers/gcpio/patches/patch-ap 1.1
Module Name: pkgsrc
Committed By: seb
Date: Sun Feb 12 01:44:28 UTC 2006
Modified Files:
pkgsrc/archivers/gcpio: Makefile distinfo
pkgsrc/archivers/gcpio/patches: patch-ak
Added Files:
pkgsrc/archivers/gcpio/patches: patch-ap
Log Message:
Security fix for http://secunia.com/advisories/18251/ (CVE-2005-4268)
adapted from patch attached in redhat bugzilla
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669
While here add test target support.
Bump PKGREVISION to 2.
seb [Sun, 12 Feb 2006 01:54:57 +0000 (01:54 +0000)]
#1118
seb [Sun, 12 Feb 2006 01:53:44 +0000 (01:53 +0000)]
Pullup ticket 1118 - requested by Lubomir Sedlacik
update security/openssh including security fix
Revisions pulled up:
- pkgsrc/security/openssh/Makefile 1.164
- pkgsrc/security/openssh/distinfo 1.51
- pkgsrc/security/openssh/options.mk 1.8
- pkgsrc/security/openssh/patches/patch-aa 1.41
- pkgsrc/security/openssh/patches/patch-ab 1.23
- pkgsrc/security/openssh/patches/patch-ac 1.15
- pkgsrc/security/openssh/patches/patch-ae 1.11
- pkgsrc/security/openssh/patches/patch-ag 1.8
- pkgsrc/security/openssh/patches/patch-ao 1.8
- pkgsrc/security/openssh/patches/patch-am 1.6
- pkgsrc/security/openssh/patches/patch-an 1.7
- pkgsrc/security/openssh/patches/patch-ap 1.7
- pkgsrc/security/openssh/patches/patch-at 1.3
- pkgsrc/security/openssh/patches/patch-av 1.4
Module Name: pkgsrc
Committed By: salo
Date: Sun Feb 12 00:13:55 UTC 2006
Modified Files:
pkgsrc/security/openssh: Makefile distinfo options.mk
pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ac patch-ae
patch-ag patch-am patch-an patch-ao patch-ap patch-at patch-av
Log Message:
Update to version 3.4p1
From Jason White via PR pkg/32780
Changes:
Security bugs resolved in this release:
* CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
subshell to perform local to local, and remote to remote copy
operations. This subshell exposed filenames to shell expansion
twice; allowing a local attacker to create filenames containing
shell metacharacters that, if matched by a wildcard, could lead
to execution of attacker-specified commands with the privilege of
the user running scp (Bugzilla #1094)
This is primarily a bug-fix release, only one new feature has been
added:
* Add support for tunneling arbitrary network packets over a
connection between an OpenSSH client and server via tun(4) virtual
network interfaces. This allows the use of OpenSSH (4.3+) to create
a true VPN between the client and server providing real network
connectivity at layer 2 or 3. This feature is experimental and is
currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
FreeBSD. Other operating systems with tun/tap interface capability
may be added in future portable OpenSSH releases. Please refer to
the README.tun file in the source distribution for further details
and usage examples.
Some of the other bugs resolved and internal improvements are:
* Reduce default key length for new DSA keys generated by ssh-keygen
back to 1024 bits. DSA is not specified for longer lengths and does
not fully benefit from simply making keys longer. As per FIPS 186-2
Change Notice 1, ssh-keygen will refuse to generate a new DSA key
smaller or larger than 1024 bits
* Fixed X forwarding failing to start when a the X11 client is executed
in background at the time of session exit (Bugzilla #1086)
* Change ssh-keygen to generate a protocol 2 RSA key when invoked
without arguments (Bugzilla #1064)
* Fix timing variance for valid vs. invalid accounts when attempting
Kerberos authentication (Bugzilla #975)
* Ensure that ssh always returns code 255 on internal error (Bugzilla
#1137)
* Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029)
* Set SO_REUSEADDR on X11 listeners to avoid problems caused by
lingering sockets from previous session (X11 applications can
sometimes not connect to 127.0.0.1:60xx) (Bugzilla #1076)
* Ensure that fds 0, 1 and 2 are always attached in all programs, by
duping /dev/null to them if necessary.
* Xauth list invocation had bogus "." argument (Bugzilla #1082)
* Remove internal assumptions on key exchange hash algorithm and output
length, preparing OpenSSH for KEX methods with alternate hashes.
* Ignore junk sent by a server before it sends the "SSH-" banner
(Bugzilla #1067)
* The manpages has been significantly improves and rearranged, in
addition to other specific manpage fixes:
#1037 - Man page entries for -L and -R should mention -g.
#1077 - Descriptions for "ssh -D" and DynamicForward should mention
they can specify "bind_address" optionally.
#1088 - Incorrect descriptions in ssh_config man page for
ControlMaster=no.
#1121 - Several corrections for ssh_agent manpages
* Lots of cleanups, including fixes to memory leaks on error paths
(Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092)
* Portable OpenSSH-specific fixes:
- Pass random seed during re-exec for each connection: speeds up
processing of new connections on platforms using the OpenSSH's
builtin entropy collector (ssh-rand-helper)
- PAM fixes and improvements:
#1045 - Missing option for ignoring the /etc/nologin file
#1087 - Show PAM password expiry message from LDAP on login
#1028 - Forward final non-query conversations to client
#1126 - Prevent user from being forced to change an expired
password repeatedly on AIX in some PAM configurations.
#1045 - Do not check /etc/nologin when PAM is enabled, instead
allow PAM to handle it. Note that on platforms using
PAM, the pam_nologin module should be used in sshd's
session stack in order to maintain past behaviour
- Portability-related fixes:
#989 - Fix multiplexing regress test on Solaris
#1097 - Cross-compile fixes.
#1096 - ssh-keygen broken on HPUX.
#1098 - $MAIL being set incorrectly for HPUX server login.
#1104 - Compile error on Tru64 Unix 4.0f
#1106 - Updated .spec file and startup for SuSE.
#1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing
compilation problems on glibc 2.4
branch-fixup [Sun, 12 Feb 2006 01:44:28 +0000 (01:44 +0000)]
Add files from parent branch HEAD:
archivers/gcpio/patches/patch-ap
salo [Sat, 11 Feb 2006 22:48:32 +0000 (22:48 +0000)]
#1079
salo [Sat, 11 Feb 2006 22:48:08 +0000 (22:48 +0000)]
Pullup ticket 1079 - requested by Todd Vierling
security fix for libtool-base
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: tv
Date: Tue Jan 31 20:19:02 UTC 2006
Modified Files:
pkgsrc/devel/libtool [tv-libtool-1-5-18-tmpdirfix]: distinfo
pkgsrc/devel/libtool-base [tv-libtool-1-5-18-tmpdirfix]: Makefile
pkgsrc/devel/libtool/patches [tv-libtool-1-5-18-tmpdirfix]: patch-ac
Log Message:
Backport a change from 1.5.22 to 1.5.18 that fixes some issues with
temp dir creation when using relink-based finalization.
seb [Sat, 11 Feb 2006 17:28:12 +0000 (17:28 +0000)]
#1116
seb [Sat, 11 Feb 2006 17:27:26 +0000 (17:27 +0000)]
Pullup ticket 1116 - requested by Lubomir Sedlacik
update of www/firefox-bin including security fixes
Revisions pulled up:
- pkgsrc/www/firefox-bin/Makefile 1.13
- pkgsrc/www/firefox-bin/distinfo 1.14
Module Name: pkgsrc
Committed By: xtraeme
Date: Fri Feb 3 20:34:44 UTC 2006
Modified Files:
pkgsrc/www/firefox-bin: Makefile distinfo
Log Message:
Update to 1.5.0.1.
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
seb [Sat, 11 Feb 2006 16:20:44 +0000 (16:20 +0000)]
#1115
seb [Sat, 11 Feb 2006 16:19:36 +0000 (16:19 +0000)]
Pullup ticket 1115 - requested by Lubomir Sedlacik
dependency fix for emulators/suse91_libpng
Revisions pulled up:
- pkgsrc/emulators/suse91_libpng/Makefile 1.7
Module Name: pkgsrc
Committed By: salo
Date: Sun Jan 8 14:39:12 UTC 2006
Modified Files:
pkgsrc/emulators/suse91_libpng: Makefile
Log Message:
Add missing dependency on suse_base package.
salo [Thu, 9 Feb 2006 10:34:26 +0000 (10:34 +0000)]
#1102
salo [Thu, 9 Feb 2006 10:32:29 +0000 (10:32 +0000)]
Pullup ticket 1102 - requested by Geert Hendrickx
security update for firefox and thunderbird
Updated via patch from the submitter, includes these changes:
Module Name: pkgsrc
Committed By: joerg
Date: Fri Dec 30 21:35:58 UTC 2005
Modified Files:
pkgsrc/mail/thunderbird/patches: patch-ab patch-ac patch-aq patch-ba
patch-bo patch-bs
Added Files:
pkgsrc/mail/thunderbird/patches: patch-ar patch-da patch-db patch-dc
patch-de patch-df patch-dg patch-dh patch-dj patch-dk patch-dl
patch-dm patch-do patch-ds patch-dt
Log Message:
Add DragonFly build support, partly based on the patches from
www/firefox.
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jan 4 08:55:08 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: distinfo
Log Message:
Also commit distinfo. Reminded by wiz@.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:49:05 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common PLIST
distinfo
pkgsrc/mail/thunderbird-gtk1: Makefile PLIST
pkgsrc/mail/thunderbird/patches: patch-aa patch-ab patch-ac patch-af
patch-ag patch-ai patch-aj patch-al patch-ap patch-aq patch-aw
patch-ax patch-bb patch-bo patch-bq patch-br patch-db patch-de
patch-df
Removed Files:
pkgsrc/mail/thunderbird-gtk1: MESSAGE
pkgsrc/mail/thunderbird/patches: patch-bt patch-bw patch-cc patch-ce
patch-cf
Log Message:
Update to Thunderbird 1.5.
What's new:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Thunderbird may now be half
a megabyte or smaller. Updating extensions has also improved.
* Sort address autocomplete results by how often you send e-mail
to each recipient.
* Spell check as you type.
* Saved Search Folders can now search across multiple accounts.
* Built in phishing detector to help protect users against email scams.
* Podcasting and other RSS Improvements.
* Deleting attachments from messages.
* Integration with server side spam filtering.
* Reply and forward actions for message filters.
* Kerberos Authentication.
* Auto save as draft for mail composition.
* Message aging.
* Filters for Global Inbox.
* Improvements to product usability including redesigned options
interface, and SMTP server management.
* Many security enhancements.
For a more detailed list of changes, see
http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html
Ok with wiz.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:43:59 UTC 2006
Modified Files:
pkgsrc/www/mozilla: Makefile.common
Log Message:
Set CATEGORIES ?=www (instead of =) such that thunderbird (and later
sunbird) can override it. Ok for wiz.
---
odule Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:46:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk1: Makefile PLIST
Added Files:
pkgsrc/www/firefox/patches: patch-dw patch-dx
Removed Files:
pkgsrc/www/firefox/patches: patch-bugzilla-319004
Log Message:
Update to Firefox 1.5.0.1, a bug fix release for Firefox 1.5.
What's new:
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
For a more detailed list changes, see
http://www.squarefree.com/burningedge/releases/1.5.0.1.html
Ok with wiz.
projects / pkgsrcv2.git / log