pkgsrcv2.git
2 years agoPullup ticket 3636 pkgsrc-2011Q3
sbd [Mon, 26 Dec 2011 03:07:07 +0000 (03:07 +0000)]
Pullup ticket 3636

2 years agoPullup ticket #3636 - requested by tron
sbd [Mon, 26 Dec 2011 03:06:15 +0000 (03:06 +0000)]
Pullup ticket #3636 - requested by tron
databases/phpmyadmin security update

Revisions pulled up:
- databases/phpmyadmin/Makefile                                 1.96
- databases/phpmyadmin/distinfo                                 1.57

---
   Module Name: pkgsrc
   Committed By: tron
   Date: Fri Dec 23 08:07:44 UTC 2011

   Modified Files:
    pkgsrc/databases/phpmyadmin: Makefile distinfo

   Log Message:
   Update "phpmyadmin" package to version 3.4.9. Changes since 3.4.8:
   - bug #3442028 [edit] Inline editing enum fields with null shows
     no dropdown
   - bug #3442004 [interface] DB suggestion not correct for user with
     underscore
   - bug #3438420 [core] Magic quotes removed in PHP 5.4
   - bug #3398788 [session] No feedback when result is empty
     (signon auth_type)
   - bug #3384035 [display] Problems regarding ShowTooltipAliasTB
   - bug #3306875 [edit] Can't rename a database that contains views
   - bug #3452506 [edit] Unable to move tables with triggers
   - bug #3449659 [navi] Fast filter broken with table tree
   - bug #3448485 [GUI] Firefox favicon frameset regression
   - [core] Better compatibility with mysql extension
   - [security] Self-XSS on export options (export server/database/table),
     see PMASA-2011-20
   - [security] Self-XSS in setup (host parameter), see PMASA-2011-19

2 years agoPullup ticket #3637.
tron [Fri, 23 Dec 2011 13:57:43 +0000 (13:57 +0000)]
Pullup ticket #3637.

2 years agoPullup ticket #3637 - requested by drochner
tron [Fri, 23 Dec 2011 13:56:48 +0000 (13:56 +0000)]
Pullup ticket #3637 - requested by drochner
graphics/jasper: security patch

Revisions pulled up:
- graphics/jasper/Makefile                                      1.34
- graphics/jasper/distinfo                                      1.14
- graphics/jasper/patches/patch-ai                              1.2

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Thu Dec 22 16:17:57 UTC 2011

   Modified Files:
           pkgsrc/graphics/jasper: Makefile distinfo
           pkgsrc/graphics/jasper/patches: patch-ai

   Log Message:
   add patches from Redhat to add some input validation and fix a
   memory allocation error; both could lead to heap buffer overflows
   (CVE-2011-4516, CVE-2011-4517)
   bump PKGREV

2 years agoPullup ticket #3268.
tron [Wed, 14 Dec 2011 13:11:32 +0000 (13:11 +0000)]
Pullup ticket #3268.

2 years agoPullup ticket #3628 - requested by dholland
tron [Wed, 14 Dec 2011 13:08:47 +0000 (13:08 +0000)]
Pullup ticket #3628 - requested by dholland
www/kazehakase: build fix

Revisions pulled up:
- www/kazehakase/distinfo                                       1.11
- www/kazehakase/patches/patch-src_kz-app.c                     1.1

---
   Module Name: pkgsrc
   Committed By: joerg
   Date: Mon Dec 12 19:10:37 UTC 2011

   Modified Files:
    pkgsrc/www/kazehakase: distinfo
   Added Files:
    pkgsrc/www/kazehakase/patches: patch-src_kz-app.c

   Log Message:
   Fix fallout from newer gnutls.

2 years agoPullup tickets #3627 and #3629.
tron [Wed, 14 Dec 2011 07:44:50 +0000 (07:44 +0000)]
Pullup tickets #3627 and #3629.

2 years agoPullup ticket #3629 - requested by spz
tron [Wed, 14 Dec 2011 07:20:13 +0000 (07:20 +0000)]
Pullup ticket #3629 - requested by spz
www/apache-tomcat6: security update

Revisions pulled up:
- www/apache-tomcat6/Makefile                                   1.10
- www/apache-tomcat6/PLIST                                      1.6
- www/apache-tomcat6/distinfo                                   1.7

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Tue Dec 13 09:44:17 UTC 2011

   Modified Files:
    pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo

   Log Message:
   Upstream changelog:

   Tomcat 6.0.35 (jfclere)
   +++++++++++++++++++++++

   Catalina
   --------

   fix Fix regression in decoding of parameters that contain spaces.
    Patch by Willem Fibbe. (kkolinko)

   Tomcat 6.0.34 (jfclere) not released
   ++++++++++++++++++++++++++++++++++++

   Catalina
   --------

   fix 51550: Display an error page rather than an empty response
    for an IllegalStateException caused by too many active sessions.
    (markt)
   add 51640: Improve the memory leak prevention for leaks triggered
    by java.sql.DriverManager. (markt/kkolinko)
   fix 51688: JreMemoryLeakPreventionListener now protects against
    AWT thread creation. (schultz)
   fix 51758: The digester (used for processing XML files) used
    the logger name org.apache.commons.digester.Digester rather
    than the expected org.apache.tomcat.util.digester.Digester.
    The digester has been changed to use the expected logger name.
    (kkolinko)
   add 51862: Added a classesToInitialize attribute to
    JreMemoryLeakPreventionListener to allow pre-loading of
    configurable classes to avoid some classloader leaks. (slaurent)
   fix 51872: Ensure that the access log always uses the correct
    value for the remote IP address associated with the request
    and that requests with multiple errors do not result in
    multiple entries in the access log. (markt)
   add Allow to overwrite the check for distributability of session
    attributes by session implementations. (rjung)
   add Provide the log format "OneLineFormatter" for JULI that
    provides the same information as the default plus thread
    name but on a single line. (markt/rjung)
   fix Ensure the the memory leak protection for the HttpClient
    keep-alive always operates even if the thread has already
    stopped. (markt)
   fix 51940: Do not limit saving of request bodies during FORM
    authentication to POST requests since any HTTP method may
    include a request body. Based on a patch by Nicholas Sushkin.
    (kkolinko)
   fix 52091: Address performance issues related to lock contention
    in StandardWrapper. Based on patch provided by Taiki Sugawara.
    (kkolinko)
   update In GenericPrincipal, SerializablePrincipal: Do not sort lists
    of roles that have only one element. (kkolinko)
   add Make configuration issue for CsrfPreventionFilter result in
    the failure of the filter rather than just a warning message.
    (kkolinko)
   fix Ensure changes to the configuration of RemoteAddrValve and
    RemoteHostValve via JMX are thread-safe. (kkolinko)
   add Make configuration issue for RemoteAddrValve and
    RemoteHostValve result in the failure of the valve rather
    than just a warning message. (kkolinko)
   update In RequestFilterValve (RemoteAddrValve, RemoteHostValve):
    refactor value matching logic into separate method and expose
    this new method isAllowed through JMX. (kkolinko)
   add Improve performance of parameter processing for GET and POST
    requests. Also add an option to limit the maximum number of
    parameters processed per request. This defaults to 10000.
    Excessive parameters are ignored. Note that FailedRequestFilter
    can be used to reject the request if some parameters were
    ignored. (markt/kkolinko)
   add New filter FailedRequestFilter that will reject a request
    if there were errors during HTTP parameter parsing. (kkolinko)

   Coyote
   ------

   fix 50394: Return -1 from read operation instead of throwing an
    exception when encountering an EOF with the HTTP APR connector.
    (kkolinko)
   fix 51698: Fix CVE-2011-3190. Prevent AJP message injection. (markt)
   fix Detect incomplete AJP messages and reject the associated
    request if one is found. (markt)
   fix 51794: Fix race condition in NioEndpoint selector.
    Patch provided by dlord. (fhanik)
   fix 51905: Fix infinite loop in AprEndpoint shutdown if acceptor
    unlock fails. Reduce timeout before forcefully closing the
    socket from 30s to 10s. (kkolinko)
   fix 52121: Fix possible output corruption when compression is
    enabled for a connector and the response is flushed.
    Test case provided by David Marcks. (kkolinko)
   fix Replace unneeded call that iterated events queue in
    NioEndpoint.Poller. (kkolinko)
   fix Improve MimeHeaders.toString(). (kkolinko)
   fix Allow the BIO HTTP connector to be used with SSL when
    running under Java 7. (markt)
   fix Improve multi-byte character handling in all connectors. (rjung)

   Jasper
   ------

   fix 51220: Correct copy/paste error in original commit for this
    issue. (markt)
   fix 52091: Address performance issues related to log creation
    in TagHandlerPool. Patch provided by Taiki Sugawara. (markt)

   Cluster
   -------

   add 51736: Make rpcTimeout configurable in BackupManager. (kfujino)
   add New cluster manager attribute sessionAttributeFilter allows
    to filter which session attributes are replicated using a
    regular expression applied to the attribute name. (rjung)
   fix Avoid an unnecessary session ID change notice.
    Notice of changed session ID by JvmRouteBinderValve is
    unnecessary to BackupManager. In BackupManager, change of
    session ID is replicated by the call of a setId() method.
    (kfujino)
   fix Fix unneeded duplicate resetDeltaRequest() call in
    DeltaSession.setId(String). (kkolinko)
   add When Context manager does not exist, no context manager
    message is replied in order to avoid timeout (default 60 sec)
    of GET_ALL_SESSIONS sync phase. (kfujino)

   Webapps
   -------

   fix Correct the documentation for the connectionLinger attribute
    of the HTTP connector. (markt)
   add Show build date and version in the header on every
    documentation page. (kkolinko)
   fix 52049: Improve setup instructions for running as a Windows
    service: correct information on how a JRE is identified and
    selected. (markt)
   update 52172: Clarify Tomcat build instructions. Patch provided by
    bmargulies. (kkolinko)

   Other
   -----

   update Update the native component of the APR/native connectors
    to 1.1.22. (markt)
   update Update the recommended version of the native component
    of the APR/native connectors to 1.1.22. (kkolinko)
   update Update the Eclipse compiler (used for JSPs) to 3.7. (markt)
   fix Correct two typos in the Windows installer. (kkolinko)
   fix 52059: In Windows uninstaller: Do not forget to remove
    Tomcat keys from 32-bit registry on deinstallation. (kkolinko)

2 years agoPullup tickets 3630 and 3631
sbd [Wed, 14 Dec 2011 02:45:07 +0000 (02:45 +0000)]
Pullup tickets 3630 and 3631

2 years agoPullup ticket #3631 - requested by spz
sbd [Wed, 14 Dec 2011 02:43:13 +0000 (02:43 +0000)]
Pullup ticket #3631 - requested by spz
www/apache22 security patch

Revisions pulled up:
- www/apache22/Makefile                                         1.76
- www/apache22/distinfo                                         1.47
- www/apache22/patches/patch-modules_mappers_mod_rewrite.c      1.1
- www/apache22/patches/patch-modules_proxy_mod_proxy.c          1.1

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Tue Dec 13 15:37:57 UTC 2011

   Modified Files:
    pkgsrc/www/apache22: Makefile distinfo
   Added Files:
    pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
        patch-modules_proxy_mod_proxy.c

   Log Message:
   add revision 1209432 from http://svn.apache.org/ as patches:
   fix for CVE-2011-4317

2 years agoPullup ticket #3630 - requested by spz
sbd [Wed, 14 Dec 2011 02:42:40 +0000 (02:42 +0000)]
Pullup ticket #3630 - requested by spz
security/openpam security patch

Revisions pulled up:
- security/openpam/Makefile                                     1.16
- security/openpam/distinfo                                     1.8
- security/openpam/patches/patch-ab                             1.4

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Tue Dec 13 15:57:08 UTC 2011

   Modified Files:
    pkgsrc/security/openpam: Makefile distinfo
    pkgsrc/security/openpam/patches: patch-ab

   Log Message:
   added prevention of CVE-2011-4122 taken from NetBSD src

2 years agoPullup ticket #3627 - requested by taca
tron [Tue, 13 Dec 2011 20:16:44 +0000 (20:16 +0000)]
Pullup ticket #3627 - requested by taca
textproc/chasen-base: security patch

Revisions pulled up:
- textproc/chasen-base/Makefile                                 1.21
- textproc/chasen-base/distinfo                                 1.11

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Sun Dec 11 14:26:27 UTC 2011

   Modified Files:
    pkgsrc/textproc/chasen-base: Makefile distinfo

   Log Message:
   Add security patch for CVE-2011-4000 from official site.

   Bump PKGREVISION.

2 years agoPullup tickets 3616 and 3626
sbd [Thu, 8 Dec 2011 04:02:11 +0000 (04:02 +0000)]
Pullup tickets 3616 and 3626

2 years agoPullup ticket #3626 - requested by tron
sbd [Thu, 8 Dec 2011 04:01:37 +0000 (04:01 +0000)]
Pullup ticket #3626 - requested by tron
www/apache22 security update

Revisions pulled up:
- www/apache22/Makefile                                         1.75
- www/apache22/distinfo                                         1.45
- www/apache22/patches/patch-server_protocol.c                  1.2

---
   Module Name: pkgsrc
   Committed By: tron
   Date: Wed Dec  7 22:58:12 UTC 2011

   Modified Files:
    pkgsrc/www/apache22: Makefile distinfo
    pkgsrc/www/apache22/patches: patch-server_protocol.c

   Log Message:
   Add improved fix for proxy vulnerability reported in CVE-2011-3368.
   This should also fix CVE-2011-3639 and possibly CVE-2011-4317, both
   part of SA46987.

2 years agoPullup ticket #3616 - requested by is
sbd [Thu, 8 Dec 2011 04:01:09 +0000 (04:01 +0000)]
Pullup ticket #3616 - requested by is
net/icsi-finger security update

Revisions pulled up:
- doc/CHANGES-2011                                              1.2900
- net/icsi-finger/Makefile                                      1.17-1.19
- net/icsi-finger/distinfo                                      1.10-1.13
- net/icsi-finger/patches/patch-ak                              1.2-1.4
- net/icsi-finger/patches/patch-al                              1.2
- net/icsi-finger/patches/patch-an                              1.1
- net/icsi-finger/patches/patch-lib_util_c                      1.1

---
   Module Name: pkgsrc
   Committed By: is
   Date: Thu Nov 10 09:42:22 UTC 2011

   Modified Files:
    pkgsrc/net/icsi-finger: distinfo
   Added Files:
    pkgsrc/net/icsi-finger/patches: patch-an

   Log Message:
   Missed part of the fix for 64bit time_t from 2011/01/18 12:28:25.
   The maintainance program packet2ascii (actually, the ascii2packet part)
   needed to be fixed, too.

---
   Module Name: pkgsrc
   Committed By: is
   Date: Thu Nov 10 09:59:53 UTC 2011

   Modified Files:
    pkgsrc/net/icsi-finger: Makefile

   Log Message:
   Missed part of the fix for 64bit time_t from 2011/01/18 12:28:25.
   The maintainance program packet2ascii (actually, the ascii2packet part)
   needed to be fixed, too.

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Tue Nov 15 00:11:07 UTC 2011

   Modified Files:
    pkgsrc/net/icsi-finger: distinfo
    pkgsrc/net/icsi-finger/patches: patch-ak patch-al
   Added Files:
    pkgsrc/net/icsi-finger/patches: patch-lib_util_c

   Log Message:
   Use stdlib.h instead of private decls of malloc; remove union wait. Should
   fix build with newer gcc and maybe also clang.

---
   Module Name: pkgsrc
   Committed By: is
   Date: Tue Nov 15 13:04:47 UTC 2011

   Modified Files:
    pkgsrc/doc: CHANGES-2011
    pkgsrc/net/icsi-finger: Makefile distinfo
    pkgsrc/net/icsi-finger/patches: patch-ak

   Log Message:
   replace mktemp() by mkstemp(), updating net/icsi-finger to 1.0.27nb6

---
   Module Name: pkgsrc
   Committed By: is
   Date: Tue Nov 22 09:04:49 UTC 2011

   Modified Files:
    pkgsrc/net/icsi-finger: Makefile distinfo
    pkgsrc/net/icsi-finger/patches: patch-ak

   Log Message:
   Remove a data-dependent case of segmentation fault in in.fingerd.

2 years agoPullup tickets #3624 and #3625.
tron [Wed, 7 Dec 2011 08:34:35 +0000 (08:34 +0000)]
Pullup tickets #3624 and #3625.

2 years agoPullup ticket #3625 - requested by gls
tron [Wed, 7 Dec 2011 08:33:11 +0000 (08:33 +0000)]
Pullup ticket #3625 - requested by gls
devel/p5-PAR: security update

Revisions pulled up:
- devel/p5-PAR/Makefile                                         1.17
- devel/p5-PAR/distinfo                                         1.7

---
   Module Name:    pkgsrc
   Committed By:    gls
   Date:        Sun Dec  4 20:52:25 UTC 2011

   Modified Files:
       pkgsrc/devel/p5-PAR: Makefile distinfo

   Log Message:
   Update devel/p5-PAR to 1.005.
   Includes a fix for CVE 2011-4114.

   Upstream changes:

   [Changes for 1.005 - Dec 2, 2011]
     - run all tests using a nonce PAR_TMPDIR (otherwise CPAN Testers
     goes crazy as top level /tmp/par-USER directories (or similar)
     from previous tests may now be considered "unsafe")

   [Changes for 1.004 - Nov 30, 2011]
     - back out r1241: it causes errors in PAR::Packer's test suite
     - change "unsafe directory" error message to match the wording
     used by PAR::Packer
     - remove "debian" sub directory: it isn't released to CPAN and
     Debian will supply its own anyway
     - remove some cruft from MANIFEST.SKIP

   [Changes for 1.003 - Nov 28, 2011]
     -  RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe
     and predictable temporary directories
     (Note: this bug was originally reported against PAR::Packer, but
     it applies to PAR as well)
     - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
     - if it already exists, make sure that (and bail out if not)
      - it's not a symlink
      - it's mode 0700
      - it's owned by USER
     - Fix a problem packing XML::LibXSLT on Windows (see the thread starting
     with http://www.nntp.perl.org/group/perl.par/2011/02/msg4919.html)
     - Die (with a hopefully useful message) if any error is encountered
     during an Archive::Zip extract operation

2 years agoPullup ticket #3624 - requested by dholland
tron [Wed, 7 Dec 2011 08:30:52 +0000 (08:30 +0000)]
Pullup ticket #3624 - requested by dholland
graphics/xart: build fix

Revisions pulled up:
- graphics/xart/distinfo                                        1.15
- graphics/xart/patches/patch-ad                                1.3
- graphics/xart/patches/patch-ak                                1.2
- graphics/xart/patches/patch-image.h                           1.1
- graphics/xart/patches/patch-main.c                            1.1
- graphics/xart/patches/patch-protocol.c                        1.1
- graphics/xart/patches/patch-rw_readGIF.c                      1.1
- graphics/xart/patches/patch-rw_readWriteXBM.c                 1.1
- graphics/xart/patches/patch-rw_readWriteXWD.c                 1.1

---
   Module Name: pkgsrc
   Committed By: joerg
   Date: Mon Dec  5 22:48:59 UTC 2011

   Modified Files:
    pkgsrc/graphics/xart: distinfo
    pkgsrc/graphics/xart/patches: patch-ad patch-ak
   Added Files:
    pkgsrc/graphics/xart/patches: patch-image.h patch-main.c
        patch-protocol.c patch-rw_readGIF.c patch-rw_readWriteXBM.c
        patch-rw_readWriteXWD.c

   Log Message:
   Fix build with newer GCC

2 years agoPullup ticket #3623.
tron [Mon, 5 Dec 2011 20:09:14 +0000 (20:09 +0000)]
Pullup ticket #3623.

2 years agoPullup ticket #3623 - requested by dholland
tron [Mon, 5 Dec 2011 20:08:05 +0000 (20:08 +0000)]
Pullup ticket #3623 - requested by dholland
devel/opal: build fix

Revisions pulled up:
- devel/opal/distinfo                                           1.9
- devel/opal/patches/patch-configure                            1.1
- devel/opal/patches/patch-configure.ac                         1.1
- devel/opal/patches/patch-plugins_configure                    1.1
- devel/opal/patches/patch-plugins_configure.ac                 1.1
- devel/opal/patches/patch-plugins_video_H.263-1998_h263-1993.cxx 1.1
- devel/opal/patches/patch-plugins_video_MPEG4-ffmpeg_mpeg4.cxx 1.1
- devel/opal/patches/patch-plugins_video_common_dyna.cxx        1.1

---
   Module Name: pkgsrc
   Committed By: marino
   Date: Sun Dec  4 22:06:04 UTC 2011

   Modified Files:
    pkgsrc/devel/opal: distinfo
   Added Files:
    pkgsrc/devel/opal/patches: patch-configure patch-configure.ac
        patch-plugins_configure patch-plugins_configure.ac
        patch-plugins_video_H.263-1998_h263-1993.cxx
        patch-plugins_video_MPEG4-ffmpeg_mpeg4.cxx
        patch-plugins_video_common_dyna.cxx

   Log Message:
   devel/opal: Fix incompatibility with ffmpeg / Add DragonFly support

   Several plugins of Opal weren't building because the function names
   in the ffmpeg libraries changed (they were prefixed with "ff_").
   These function names were updated, but a couple of the plugins also
   needed changes for a modern gcc.  Finally, DragonFly support was
   added to the various configuration scripts.

2 years agoPullup tickets 3621 and 3622
sbd [Sun, 4 Dec 2011 22:24:00 +0000 (22:24 +0000)]
Pullup tickets 3621 and 3622

2 years agoPullup ticket #3622 - requested by gls
sbd [Sun, 4 Dec 2011 22:23:04 +0000 (22:23 +0000)]
Pullup ticket #3622 - requested by gls
www/py-clearsilver security fix

Revisions pulled up:
- www/clearsilver/distinfo                                      1.16
- www/clearsilver/patches/patch-python_neo__cgi.c               1.1
- www/py-clearsilver/Makefile                                   1.15

---
   Module Name:    pkgsrc
   Committed By:    gls
   Date:        Thu Dec  1 20:53:54 UTC 2011

   Modified Files:
       pkgsrc/www/py-clearsilver: Makefile

   Log Message:
   Add a fix for CVE 2011-4357, taken from
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322

---
   Module Name:    pkgsrc
   Committed By:    gls
   Date:        Thu Dec  1 20:50:49 UTC 2011

   Modified Files:
       pkgsrc/www/clearsilver: distinfo
   Added Files:
       pkgsrc/www/clearsilver/patches: patch-python_neo__cgi.c

   Log Message:
   Add a fix for CVE 2011-4357, taken from
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322

2 years agoPullup ticket #3621 - requested by gls
sbd [Sun, 4 Dec 2011 22:22:56 +0000 (22:22 +0000)]
Pullup ticket #3621 - requested by gls
net/p5-Net-Libdnet build fix/update

Revisions pulled up:
- net/p5-Net-Libdnet/Makefile                                   1.8
- net/p5-Net-Libdnet/distinfo                                   1.3

---
   Module Name:    pkgsrc
   Committed By:    gls
   Date:        Thu Dec  1 21:14:22 UTC 2011

   Modified Files:
       pkgsrc/net/p5-Net-Libdnet: Makefile distinfo

   Log Message:
   Update p5-Net-Libdnet to 0.96.

   pkgsrc changes:
   - - Set LICENSE
   - - Add dependency to p5-Class-Gomor, as reported in PR pkg/45674.

   Upstream changes:

   0.96 Wed Nov 16 23:07:38 CET 2011
    - bugfix: default to be compiled against libdnet (and not libdumbnet)
    - update: added some die() in example programs

   0.95 Sun Mar 13 23:47:10 CET 2011
    - new: added ubuntu and standard patchs. See README.

   0.94 Fri Jan 14 11:09:49 CET 2011
    - bugfix: tohash method in pod
    - applied http://rt.cpan.org/Public/Bug/Display.html?id=52359

   0.93 Thu Jan 13 11:07:07 CET 2011
    - update: makes components more inline with local install
    of libdnet
    - update: copyright notice

2 years agopullup #3618
spz [Sun, 4 Dec 2011 07:19:12 +0000 (07:19 +0000)]
pullup #3618

2 years agoPullup ticket #3618 - requested by tron
spz [Sun, 4 Dec 2011 07:17:10 +0000 (07:17 +0000)]
Pullup ticket #3618 - requested by tron
databases/phpmyadmin: security update

Revisions pulled up:
- databases/phpmyadmin/Makefile                                 1.95
- databases/phpmyadmin/distinfo                                 1.56

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By: tron
   Date: Fri Dec  2 23:39:30 UTC 2011

   Modified Files:
    pkgsrc/databases/phpmyadmin: Makefile distinfo

   Log Message:
   Update "phpmyadmin" package to version 3.4.8. Changes since 3.4.7.1:
   - bug #3425230 [interface] enum data split at space char (more space to edi=
   t)
   - bug #3426840 [interface] ENUM/SET editor can't handle commas in values
   - bug #3427256 [interface] no links to browse/empty views and tables
   - bug #3430377 [interface] Deleted search results remain visible
   - bug #3428627 [import] ODS import ignores memory limits
   - bug #3426836 [interface] Visual column separation
   - bug #3428065 [parser] TRUE not recognized by parser
   + patch #3433770 [config] Make location of php-gettext configurable
   - patch #3430291 [import] Handle conflicts in some open_basedir situations
   - bug #3431427 [display] Dropdown results - setting NULL does not work
   - patch #3428764 [edit] Inline edit on multi-server configuration
   - patch #3437354 [core] Notice: Array to string conversion in PHP 5.4
   - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the
     view name in main panel db Structure page
   - bug #3439292 [core] Fail to synchronize column with name of keyword
   - bug #3425156 [interface] Add column after drop
   - [interface] Avoid showing the password in phpinfo()'s output
   - bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
   - bug #3407235 [interface] Entering the key through a lookup window does no=
   t reset NULL
   - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
   - [security] Self-XSS on database names (Operations/rename), see PMASA-2011=
   -18
   - [security] Self-XSS on column type (Create index), see PMASA-2011-18
   - [security] Self-XSS on column type (table Search), see PMASA-2011-18
   - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18

   To generate a diff of this commit:
   cvs rdiff -u -r1.94 -r1.95 pkgsrc/databases/phpmyadmin/Makefile
   cvs rdiff -u -r1.55 -r1.56 pkgsrc/databases/phpmyadmin/distinfo

2 years agoPullup ticket 3619
sbd [Sun, 4 Dec 2011 01:54:10 +0000 (01:54 +0000)]
Pullup ticket 3619

2 years agoPullup ticket #3619 - requested by spz
sbd [Sun, 4 Dec 2011 01:52:57 +0000 (01:52 +0000)]
Pullup ticket #3619 - requested by spz
security/p5-Digest security update

Revisions pulled up:
- security/p5-Digest/Makefile                                   1.23
- security/p5-Digest/distinfo                                   1.10

---
   Module Name: pkgsrc
   Committed By: he
   Date: Thu Dec  1 22:35:14 UTC 2011

   Modified Files:
    pkgsrc/security/p5-Digest: Makefile distinfo

   Log Message:
   Update to version 1.17.

   Upstream changes:
      Gisle Aas (6):
         Less noisy 'git status' output
         Merge pull request #1 from schwern/bug/require_eval
         Don't clobber $@ in Digest->new [RT#50663]
         More meta info added to Makefile.PL
         Fix typo in RIPEMD160 [RT#50629]
         Add schwern's test files

      Michael G. Schwern (5):
         Turn on strict.
         Convert tests to use Test::More
         Untabify
         Turn Digest::Dummy into a real file which exercises the
         Digest->new() require logic.
         Close the eval "require $module" security hole in Digest->new($algorithm)

2 years agoPullup ticket #3617.
tron [Fri, 2 Dec 2011 13:16:51 +0000 (13:16 +0000)]
Pullup ticket #3617.

2 years agoPullup ticket #3617 - requested by dholland
tron [Fri, 2 Dec 2011 13:16:31 +0000 (13:16 +0000)]
Pullup ticket #3617 - requested by dholland
editors/emacs20: bug fix patch

Revisions pulled up:
- editors/emacs20/distinfo                                      1.19-1.22
- editors/emacs20/patches/patch-ab                              1.4
- editors/emacs20/patches/patch-bm                              1.2-1.4
- editors/emacs20/patches/patch-cb                              deleted

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Thu Dec  1 04:05:41 UTC 2011

   Modified Files:
    pkgsrc/editors/emacs20: distinfo
    pkgsrc/editors/emacs20/patches: patch-ab

   Log Message:
   Patch up configure tests for cpp to avoid problems when running gcc
   4.5's cpp on makefiles. PR 45669.

   Unfortunately, this does not by itself fix the build; now I'm getting

      ./temacs -batch -l loadup dump
      gmake[1]: *** [emacs] Segmentation fault

   and I have a bad feeling that this may be the same issue that the
   other emacs versions are sometimes hitting.

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Thu Dec  1 04:51:30 UTC 2011

   Modified Files:
    pkgsrc/editors/emacs20: distinfo
    pkgsrc/editors/emacs20/patches: patch-bm
   Removed Files:
    pkgsrc/editors/emacs20/patches: patch-cb

   Log Message:
   Fold patch-cb into patch-bm since they patch the same file. Related to
   PR 45669. hi joerg!

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Thu Dec  1 05:07:23 UTC 2011

   Modified Files:
    pkgsrc/editors/emacs20: distinfo
    pkgsrc/editors/emacs20/patches: patch-bm

   Log Message:
   Add __asm __volatile("":::"memory") at a critical point in alloc.c.

   gcc thinks it knows the semantics of malloc and so it thinks it can
   optimize out the manipulation of __malloc_hook; however, doing so causes
   the subsequent malloc call to come back to itself, leading to an infinite
   recursion and SIGSEGV in temacs.

   This fixes the remaining part of PR 45669.

   Someone(TM) should check if this issue affects other Emacs versions
   and/or XEmacs.

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Thu Dec  1 05:12:57 UTC 2011

   Modified Files:
    pkgsrc/editors/emacs20: distinfo
    pkgsrc/editors/emacs20/patches: patch-bm

   Log Message:
   Extend previous to realloc and free as well, which is almost certainly
   necessary. PR 45669.

2 years agopullup #3615
spz [Fri, 2 Dec 2011 07:53:22 +0000 (07:53 +0000)]
pullup #3615

2 years agoPullup ticket #3615 - requested by tron
spz [Fri, 2 Dec 2011 07:47:16 +0000 (07:47 +0000)]
Pullup ticket #3615 - requested by tron
comms/kermit:  build fix

Revisions pulled up:
- comms/kermit/Makefile                                         1.78

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By: tron
   Date: Sun Nov 20 12:01:50 UTC 2011

   Modified Files:
    pkgsrc/comms/kermit: Makefile

   Log Message:
   Fix build under recent versions of Mac OS X by selectin a make target
   that actually exists.

   To generate a diff of this commit:
   cvs rdiff -u -r1.77 -r1.78 pkgsrc/comms/kermit/Makefile

2 years agoPullup tickets #3612, #3613 and #3614.
tron [Sun, 20 Nov 2011 14:42:53 +0000 (14:42 +0000)]
Pullup tickets #3612, #3613 and #3614.

2 years agoPullup ticket #3614 - requested by markd
tron [Sun, 20 Nov 2011 14:42:05 +0000 (14:42 +0000)]
Pullup ticket #3614 - requested by markd
misc/kdeutils4: security patch

Revisions pulled up:
- misc/kdeutils4/Makefile                                       1.27 via patch
- misc/kdeutils4/distinfo                                       1.15
- misc/kdeutils4/patches/patch-ark_part_part.cpp                1.1

---
   Module Name: pkgsrc
   Committed By: markd
   Date: Sun Nov 20 02:10:58 UTC 2011

   Modified Files:
    pkgsrc/misc/kdeutils4: Makefile distinfo
   Added Files:
    pkgsrc/misc/kdeutils4/patches: patch-ark_part_part.cpp

   Log Message:
   Fix directory traversal issue (CVE-2011-2725).

2 years agoPullup ticket #3613 - requested by markd
tron [Sun, 20 Nov 2011 13:14:33 +0000 (13:14 +0000)]
Pullup ticket #3613 - requested by markd
x11/kdelibs4: security patch

Revisions pulled up:
- x11/kdelibs4/Makefile                                         1.30 via patch
- x11/kdelibs4/distinfo                                         1.21 via patch
- x11/kdelibs4/patches/patch-kio_kssl_ksslcertificatebox.cpp    1.1
- x11/kdelibs4/patches/patch-kioslave_http_http.cpp             1.1

---
   Module Name: pkgsrc
   Committed By: markd
   Date: Sun Nov 20 02:08:11 UTC 2011

   Modified Files:
    pkgsrc/x11/kdelibs4: Makefile distinfo
   Added Files:
    pkgsrc/x11/kdelibs4/patches: patch-
   kio_kssl_ksslcertificatebox.cpp
        patch-kioslave_http_http.cpp

   Log Message:
   don't interpret html tags. KDE Security Advisory 20111003-1

2 years agoPullup ticket #3612 - requested by markd
tron [Sun, 20 Nov 2011 10:36:31 +0000 (10:36 +0000)]
Pullup ticket #3612 - requested by markd
x11/kdebase3: security patch

Revisions pulled up:
- x11/kdebase3/Makefile                                         1.163 via patch
- x11/kdebase3/distinfo                                         1.114
- x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c         1.1

---
   Module Name: pkgsrc
   Committed By: markd
   Date: Sat Nov 19 21:17:28 UTC 2011

   Modified Files:
    pkgsrc/x11/kdebase3: Makefile distinfo
   Added Files:
    pkgsrc/x11/kdebase3/patches: patch-kcheckpass_checkpass_pam.c

   Log Message:
   Dont allow a path in pam_service.  CVE-2011-4122

2 years agoPullup ticket #3611.
tron [Sun, 20 Nov 2011 08:41:32 +0000 (08:41 +0000)]
Pullup ticket #3611.

2 years agoPullup ticket #3611 - requested by markd
tron [Sun, 20 Nov 2011 08:39:14 +0000 (08:39 +0000)]
Pullup ticket #3611 - requested by markd
x11/kdebase-workspace4: security patch

Revisions pulled up:
- x11/kdebase-workspace4/Makefile                               1.31 via patch
- x11/kdebase-workspace4/distinfo                               1.18
- x11/kdebase-workspace4/patches/patch-kcheckpass_checkpass_pam.c 1.1

---
   Module Name: pkgsrc
   Committed By: markd
   Date: Sat Nov 19 21:12:05 UTC 2011

   Modified Files:
    pkgsrc/x11/kdebase-workspace4: Makefile distinfo
   Added Files:
    pkgsrc/x11/kdebase-workspace4/patches: patch-kcheckpass_checkpass_pam.c

   Log Message:
   Dont allow a path in pam_service.  CVE-2011-4122

2 years agoPullup ticket #3610 - requested by spz
tron [Sat, 19 Nov 2011 11:24:07 +0000 (11:24 +0000)]
Pullup ticket #3610 - requested by spz
graphics/freetype2: security update

Revisions pulled up:
- graphics/freetype2/Makefile                                   1.85
- graphics/freetype2/distinfo                                   1.46

---
   Module Name: pkgsrc
   Committed By: drochner
   Date: Tue Nov 15 19:42:17 UTC 2011

   Modified Files:
    pkgsrc/graphics/freetype2: Makefile distinfo

   Log Message:
   update to 2.4.8
   changes:
   -fixed vulnerabilities in handling CID-keyed PostScript fonts
    (CVE-2011-3439)
   -new API 'FT_Get_PS_Font_Value'

2 years agoPullup tickets #3609 and #3610.
tron [Sat, 19 Nov 2011 10:58:55 +0000 (10:58 +0000)]
Pullup tickets #3609 and #3610.

2 years agoPullup ticket #3609 - requested by ghen
tron [Sat, 19 Nov 2011 10:53:33 +0000 (10:53 +0000)]
Pullup ticket #3609 - requested by ghen
mail/dovecot2: security update

Revisions pulled up:
- mail/dovecot2/Makefile                                        1.16
- mail/dovecot2/PLIST                                           1.9
- mail/dovecot2/distinfo                                        1.13

---
   Module Name:    pkgsrc
   Committed By:   ghen
   Date:           Thu Nov 17 08:10:01 UTC 2011

   Modified Files:
           pkgsrc/mail/dovecot2: Makefile PLIST distinfo

   Log Message:
   Update to Dovecot 2.0.16.

   * VSZ limits weren't being enforced for any processes. On server with
     large mailboxes you may now see errors about it if the limits aren't
     high enough. To fix them, either increase individual service {
     vsz_limit } values or simply increase the default_vsz_limit setting.
   * Proxying: If using ssl=3Dyes or starttls=3Dyes with a hostname (not IP)
     as proxy destination, require that the certificate matches the given
     hostname.
   * LMTP: Changed default client_limit to 1. This should improve LMTP
     throughput with default settings.
   * dsync: Quota is no longer enforced (i.e. dsync can't fail because
     user is over quota).

   + Added "auto" mail storage driver, which can be used to autodetect
     mailbox location and format. This behavior is already the default
     for empty mail_location setting, so this change is mainly useful for
     shared namespace's location setting.
   + checkpassword: Export all auth %variables to AUTH_* environment.

2 years agoPullup ticket 3608
sbd [Thu, 17 Nov 2011 21:52:28 +0000 (21:52 +0000)]
Pullup ticket 3608

2 years agoPullup ticket #3608 - requested by obache
sbd [Thu, 17 Nov 2011 21:52:10 +0000 (21:52 +0000)]
Pullup ticket #3608 - requested by obache
databases/phpldapadmin security fix

Revisions pulled up:
- databases/phpldapadmin/Makefile                               1.32
- databases/phpldapadmin/distinfo                               1.11

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Thu Nov 17 12:44:02 UTC 2011

   Modified Files:
    pkgsrc/databases/phpldapadmin: Makefile distinfo

   Log Message:
   Update phpldapadmin to 1.2.2.

   RELEASE NOTES
   -------------

   This is a minor release update to fix some bugs that were discovered after the
   release of 1.2.1.1.

   There are some security fixes in this release - I suggest you upgrade your
   version of PLA to avoid any exploits.

   CHANGES SINCE 1.2.1.1
   ---------------------
   dece0f4 Release 1.2.2
   d58f011 Language Translation merge from launchpad
   696c266 Additional fix for SF Feature #3387473
   2d018aa SF Feature #3387473 - Support for schema discovery using OpenLDAP's cn=config DN
   cddf783 Add an alert when RFC3866 tags are being used
   1e1fcab SF Bug #3398344 - Import LDIF overwrites entries
   d8ab7fc SF Patch #3391547 - Option for minmal mode
   56830f1 SF Patch #3391389 - Option to initially open the tree
   6c8b623 SF Patch #3391371 - Fix for schema link deactivation
   7fc4f0c SF Patch #3391039 - Remove eval commands from PHP code
   059b83b SF Bug #3391046 - Loading entries with many attributes is very slow
   4089ffa SF Bug #3392644 - Cannot authenticate if password starts or ends with spaces
   c57a927 Disable supplied modifiction templates, it confused too many people
   d5744b0 SF Bug #3370546 - AjaxEnabled create and delete entry fails on IE9
   76e6dad SF Bug #3417184 - PHP Code Injection Vulnerability
   5d4245f SF Bug #3395004 - config.php.example refers to lang/en.php
   80d027d SF Bug #3373466 - Unable to define force_may attributes
   64668e8 Remove XSS vulnerabilty in debug code
   caeba72 SF Bug #3355722 - Issue in MultiList attribute type
   0782730 SF Bug #3355732 - Cosmetic issue in functions.php -> get_icon()
   446faf7 FIX SASL configuration example
   afa4a95 Fix SASL implementation - enabled GSSAPI
   5987194 SF Bug #3304785 - posixGroup creation template uses cn instead of uid
   ddb5ed0 Enabled hiding base DNs that users dont have access to
   7649b9b SF Feature #3298820 - Only custom templates

2 years agoPullup tickets 3605, 3606 and 3607
sbd [Thu, 17 Nov 2011 01:27:31 +0000 (01:27 +0000)]
Pullup tickets 3605, 3606 and 3607

2 years agoPullup ticket #3607 - requested by spz
sbd [Thu, 17 Nov 2011 01:26:17 +0000 (01:26 +0000)]
Pullup ticket #3607 - requested by spz
net/bind96 security update

Revisions pulled up:
- net/bind96/Makefile                                           1.21
- net/bind96/distinfo                                           1.14

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Wed Nov 16 22:26:07 UTC 2011

   Modified Files:
    pkgsrc/net/bind96: Makefile distinfo

   Log Message:
   BIND 9.6-ESV-R5-P1 is a security patch for BIND 9.6-ESV-R5.

   * BIND 9 nameservers performing recursive queries could cache an invalid
     record and subsequent queries for that record could crash the resolvers
     with an assertion failure. [RT #26590]

2 years agoPullup ticket #3606 - requested by spz
sbd [Thu, 17 Nov 2011 01:26:11 +0000 (01:26 +0000)]
Pullup ticket #3606 - requested by spz
net/bind97 security update

Revisions pulled up:
- net/bind97/Makefile                                           1.10
- net/bind97/distinfo                                           1.10

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Wed Nov 16 21:49:57 UTC 2011

   Modified Files:
    pkgsrc/net/bind97: Makefile distinfo

   Log Message:
   BIND 9.7.4-P1 is a security patch for BIND 9.7.4.

   * BIND 9 nameservers performing recursive queries could cache an invalid
     record and subsequent queries for that record could crash the resolvers
     with an assertion failure. [RT #26590]

2 years agoPullup ticket #3605 - requested by spz
sbd [Thu, 17 Nov 2011 01:26:00 +0000 (01:26 +0000)]
Pullup ticket #3605 - requested by spz
net/bind98 security update

Revisions pulled up:
- net/bind98/Makefile                                           1.6
- net/bind98/distinfo                                           1.6-1.7
- net/bind98/patches/patch-bin_dig_dighost.c                    1.1

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Wed Nov 16 21:34:44 UTC 2011

   Modified Files:
    pkgsrc/net/bind98: Makefile distinfo

   Log Message:
   BIND 9.8.1-P1 is security patch for BIND 9.8.1.

   * BIND 9 nameservers performing recursive queries could cache an invalid
     record and subsequent queries for that record could crash the resolvers
     with an assertion failure. [RT #26590]

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Thu Nov 17 00:48:09 UTC 2011

   Modified Files:
    pkgsrc/net/bind98: distinfo
   Added Files:
    pkgsrc/net/bind98/patches: patch-bin_dig_dighost.c

   Log Message:
   Fix build problem on NetBSD current, maybe caused by newer gcc.

   * Avoid to use true as variable name.

2 years agoPullup tickets #3603 & #3604
sbd [Wed, 16 Nov 2011 21:08:18 +0000 (21:08 +0000)]
Pullup tickets #3603 & #3604

2 years agoPullup ticket #3604 - requested by drochner
sbd [Wed, 16 Nov 2011 21:07:03 +0000 (21:07 +0000)]
Pullup ticket #3604 - requested by drochner
multimedia/ffmpeg security update

Revisions pulled up:
- multimedia/ffmpeg/Makefile                                    1.73-1.74
- multimedia/ffmpeg/Makefile.common                             1.13-1.14
- multimedia/ffmpeg/distinfo                                    1.45-1.46
- multimedia/ffmpeg/patches/patch-configure                     1.14

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Oct  7 12:20:39 UTC 2011

   Modified Files:
           pkgsrc/multimedia/ffmpeg: Makefile Makefile.common distinfo

   Log Message:
   update to 0.7.6
   changes:
   -security fixes to many demuxers and decoders
   -bugfixes

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Mon Nov  7 10:43:35 UTC 2011

   Modified Files:
           pkgsrc/multimedia/ffmpeg: Makefile.common distinfo
           pkgsrc/multimedia/ffmpeg/patches: patch-configure

   Log Message:
   update to 0.7.7
   "fixes around 90 bugs, several of which are security relevant"
   (sorry, no details in the release notes)

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Mon Nov  7 10:45:36 UTC 2011

   Modified Files:
           pkgsrc/multimedia/ffmpeg: Makefile

   Log Message:
   update for new release date

2 years agoPullup ticket #3603 - requested by obache
sbd [Wed, 16 Nov 2011 21:06:50 +0000 (21:06 +0000)]
Pullup ticket #3603 - requested by obache
net/proftpd security update

Revisions pulled up:
- net/proftpd/Makefile                                          1.64-1.65
- net/proftpd/distinfo                                          1.38-1.39
- net/proftpd/patches/patch-ab                                  1.13
- net/proftpd/patches/patch-ac                                  1.14
- net/proftpd/patches/patch-contrib_mod_tls.c                   1.2

---
   Module Name: pkgsrc
   Committed By: adam
   Date: Mon Oct  3 11:23:31 UTC 2011

   Modified Files:
    pkgsrc/net/proftpd: Makefile distinfo
    pkgsrc/net/proftpd/patches: patch-ab patch-ac patch-contrib_mod_tls.c

   Log Message:
   Changes 1.3.3f:
   * Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
      configuration used.
   * Fixes mod_wrap syslog level (regression from Bug 3317).
   * Fixes mod_ifsession segfault if regular expression patterns used in
      a <VirtualHost> section.

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Wed Nov 16 09:05:04 UTC 2011

   Modified Files:
    pkgsrc/net/proftpd: Makefile distinfo

   Log Message:
   Update proftpd to 1.3.3g.

   1.3.3g - Released 09-Nov-2011
   --------------------------------
   - Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
   - Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
      To disable this countermeasure, which may cause interoperability issues
      with some clients, use the NoEmptyFragments TLSOption.
   - Bug 3711 - Response pool use-after-free memory corruption error.

2 years agoFixup fromcvs/togit conversion
pkgsrc fixup [Mon, 14 Nov 2011 07:16:55 +0000 (23:16 -0800)]
Fixup fromcvs/togit conversion

2 years agoPullup ticket #3595.
tron [Sun, 13 Nov 2011 11:08:00 +0000 (11:08 +0000)]
Pullup ticket #3595.

2 years agoPullup ticket #3595 - requested by dholland
tron [Sun, 13 Nov 2011 10:13:57 +0000 (10:13 +0000)]
Pullup ticket #3595 - requested by dholland
security/qca-tls: build fix:

Revisions pulled up:
- security/qca-tls/Makefile                                     1.32

---
   Module Name: pkgsrc
   Committed By: gavan
   Date: Tue Nov  8 15:38:48 UTC 2011

   Modified Files:
    pkgsrc/security/qca-tls: Makefile

   Log Message:
   Create missing directory prior to installation

2 years agoPullup ticket #3600
sbd [Sun, 13 Nov 2011 02:02:44 +0000 (02:02 +0000)]
Pullup ticket #3600

2 years agoPullup ticket #3600 - requested by abs
sbd [Sun, 13 Nov 2011 02:01:28 +0000 (02:01 +0000)]
Pullup ticket #3600 - requested by abs
multimedia/adobe-flash-plugin10.1 security update

Revisions pulled up:
- multimedia/adobe-flash-plugin10.1/Makefile                    1.15
- multimedia/adobe-flash-plugin10.1/distinfo                    1.7

---
   Module Name:    pkgsrc
   Committed By:   abs
   Date:           Sat Nov 12 22:02:24 UTC 2011

   Modified Files:
          pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo

   Log Message:
   Updated multimedia/adobe-flash-plugin10.1 to 10.3.183.11

   Changes from 10.3.183.7

   Critical vulnerabilities have been identified in Adobe Flash Player
   11.0.1.152 and earlier versions for Windows, Macintosh, Linux and
   Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions
   for Android. These vulnerabilities could cause a crash and potentially
   allow an attacker to take control of the affected system.

   Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier
   versions for Windows, Macintosh, Linux and Solaris update to Adobe
   Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153
   and earlier versions for Android should update to Adobe Flash Player
   11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows,
   Macintosh, and Android should update to Adobe AIR 3.1.0.4880.

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2445).

   This update resolves a heap corruption vulnerability that could lead
   to code execution (CVE-2011-2450).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2451).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2452).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2453).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2454).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2455).

   This update resolves a buffer overflow vulnerability that could lead
   to code execution (CVE-2011-2456).

   This update resolves a stack overflow vulnerability that could lead to
   code execution (CVE-2011-2457).

   This update resolves a vulnerability that could lead to a cross-domain
   policy bypass (Internet Explorer-only) (CVE-2011-2458).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2459).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2460).

   ... now after reading the above, just how happy are people running this code
   from their browsers?

2 years agoFixup fromcvs/togit conversion
pkgsrc fixup [Sat, 12 Nov 2011 17:50:55 +0000 (09:50 -0800)]
Fixup fromcvs/togit conversion

2 years agoPullup ticket #3594.
tron [Tue, 8 Nov 2011 21:58:44 +0000 (21:58 +0000)]
Pullup ticket #3594.

2 years agoPullup ticket #3594 - requested by dholland
tron [Tue, 8 Nov 2011 21:58:07 +0000 (21:58 +0000)]
Pullup ticket #3594 - requested by dholland
lang/moscow_ml: security patch

Revisions pulled up:
- lang/moscow_ml/Makefile                                       1.29
- lang/moscow_ml/distinfo                                       1.6
- lang/moscow_ml/patches/patch-mosmlyac_main_c                  1.1

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Tue Nov  8 12:41:30 UTC 2011

   Modified Files:
    pkgsrc/lang/moscow_ml: Makefile distinfo
   Added Files:
    pkgsrc/lang/moscow_ml/patches: patch-mosmlyac_main_c

   Log Message:
   Fix PR 45558 (aka CVE-2011-4119) which also turns out to affect Moscow ML.
   Credit to Florian Weimer for noticing this.

2 years agoFixup fromcvs/togit conversion
pkgsrc fixup [Tue, 8 Nov 2011 21:18:15 +0000 (13:18 -0800)]
Fixup fromcvs/togit conversion

2 years agoPullup ticket #3593.
tron [Mon, 7 Nov 2011 22:29:17 +0000 (22:29 +0000)]
Pullup ticket #3593.

2 years agoPullup ticket #3593 - requested by spz
tron [Mon, 7 Nov 2011 22:28:09 +0000 (22:28 +0000)]
Pullup ticket #3593 - requested by spz
textproc/libxml2: security patch

Revisions pulled up:
- textproc/libxml2/Makefile                                     1.110
- textproc/libxml2/distinfo                                     1.84
- textproc/libxml2/patches/patch-ag                             1.9
- textproc/libxml2/patches/patch-ak                             1.3
- textproc/libxml2/patches/patch-include_libxml_xpath.h         1.1
- textproc/libxml2/patches/patch-xpointer.c                     1.1

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Tue Nov  1 19:21:06 UTC 2011

   Modified Files:
    pkgsrc/textproc/libxml2: Makefile distinfo
    pkgsrc/textproc/libxml2/patches: patch-ag patch-ak
   Added Files:
    pkgsrc/textproc/libxml2/patches: patch-include_libxml_xpath.h
        patch-xpointer.c

   Log Message:
   sundry security patches taken from libxml2 git
   among these patches for http://secunia.com/advisories/46632/

2 years agopullups #3591 and #3592
spz [Sun, 6 Nov 2011 20:33:04 +0000 (20:33 +0000)]
pullups #3591 and #3592

2 years agoPullup ticket #3592 - requested by dholland
spz [Sun, 6 Nov 2011 20:31:01 +0000 (20:31 +0000)]
Pullup ticket #3592 - requested by dholland
lang/caml-light: security patch

Revisions pulled up:
- lang/caml-light/Makefile                                      1.13
- lang/caml-light/distinfo                                      1.9
- lang/caml-light/patches/patch-yacc_main_c                     1.1

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By: dholland
   Date: Sun Nov  6 19:32:07 UTC 2011

   Modified Files:
    pkgsrc/lang/caml-light: Makefile distinfo
   Added Files:
    pkgsrc/lang/caml-light/patches: patch-yacc_main_c

   Log Message:
   Fix insecure-temp-files, PR 45558

   To generate a diff of this commit:
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/caml-light/Makefile
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/caml-light/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/caml-light/patches/patch-yacc_main_c

2 years agoPullup ticket #3591 - requested by tron
spz [Sun, 6 Nov 2011 20:22:28 +0000 (20:22 +0000)]
Pullup ticket #3591 - requested by tron
www/squid31: security update

Revisions pulled up:
- www/squid31/Makefile                                          1.34
- www/squid31/distinfo                                          1.31

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By: tron
   Date: Sat Oct 22 17:54:25 UTC 2011

   Modified Files:
    pkgsrc/www/squid31: Makefile distinfo

   Log Message:
   Update "squid31" package to version 3.1.16. Changes since 3.1.15:
   - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
   - Bug 3368: Unhandled exceptions are not logged (workaround)
   - Bug 3326: miss_access incorrect default
   - Bug 3320: miss_access description confusing
   - Bug 3241: squid_kerb_auth cross compilation fix
   - Bug 3237: seq fault in free() from rfc1035RRDestroy
   - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
   - db_auth: display available DSN drivers on connect error
   - Updated OpenSSL 1.0.0 version checks
   - ... and several documentation fixes

   To generate a diff of this commit:
   cvs rdiff -u -r1.33 -r1.34 pkgsrc/www/squid31/Makefile
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/squid31/distinfo

2 years agoPullup tickets #3588, #3589 and #3590.
tron [Wed, 2 Nov 2011 22:58:26 +0000 (22:58 +0000)]
Pullup tickets #3588, #3589 and #3590.

2 years agoPullup ticket #3590 - requested by spz
tron [Wed, 2 Nov 2011 22:55:24 +0000 (22:55 +0000)]
Pullup ticket #3590 - requested by spz
mail/majordomo: fix compatibility with "lang/perl5"

Revisions pulled up:
- mail/majordomo/Makefile                                       1.44
- mail/majordomo/distinfo                                       1.16
- mail/majordomo/patches/patch-ad                               1.3
- mail/majordomo/patches/patch-ai                               1.5
- mail/majordomo/patches/patch-aj                               1.3
- mail/majordomo/patches/patch-an                               1.3

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Fri Oct 28 06:16:12 UTC 2011

   Modified Files:
    pkgsrc/mail/majordomo: Makefile distinfo
    pkgsrc/mail/majordomo/patches: patch-ad patch-ai patch-aj patch-an

   Log Message:
   perl 5.14 adjustment: drop using ctime.pl just for a list of months

2 years agoPullup ticket #3589 - requested by spz
tron [Wed, 2 Nov 2011 22:52:23 +0000 (22:52 +0000)]
Pullup ticket #3589 - requested by spz
devel/rt3: fix compatibility with "lang/perl5"

Revisions pulled up:
- devel/rt3/Makefile                                            1.48
- devel/rt3/distinfo                                            1.21
- devel/rt3/patches/patch-aa                                    1.3
- devel/rt3/patches/patch-ab                                    1.4
- devel/rt3/patches/patch-lib_RT.pm                             1.1
- devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm        1.1
- devel/rt3/patches/patch-lib_RT_CustomFieldValues_External.pm  1.1
- devel/rt3/patches/patch-lib_RT_Interface_Email.pm             1.1
- devel/rt3/patches/patch-lib_RT_Interface_Email_Auth_GnuPG.pm  1.1
- devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm             1.1
- devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm        1.1
- devel/rt3/patches/patch-sbin_rt-attributes-viewer             1.1
- devel/rt3/patches/patch-sbin_rt-attributes-viewer.in          1.1
- devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html 1.1
- devel/rt3/patches/patch-share_html_Helpers_CalPopup.html      1.1
- devel/rt3/patches/patch-share_html_Search_Bulk.html           1.1
- devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType 1.1
- devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips 1.1
- devel/rt3/patches/patch-t_approval_admincc.t                  1.1
- devel/rt3/patches/patch-t_approval_basic.t                    1.1

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Tue Oct 25 19:38:10 UTC 2011

   Modified Files:
    pkgsrc/devel/rt3: Makefile distinfo
    pkgsrc/devel/rt3/patches: patch-aa patch-ab
   Added Files:
    pkgsrc/devel/rt3/patches: patch-lib_RT.pm
        patch-lib_RT_Action_CreateTickets.pm
        patch-lib_RT_CustomFieldValues_External.pm
        patch-lib_RT_Interface_Email.pm
        patch-lib_RT_Interface_Email_Auth_GnuPG.pm
        patch-lib_RT_Ticket__Overlay.pm
        patch-lib_RT_Transaction__Overlay.pm
        patch-sbin_rt-attributes-viewer patch-sbin_rt-attributes-viewer.in
        patch-share_html_Admin_CustomFields_Modify.html
        patch-share_html_Helpers_CalPopup.html
        patch-share_html_Search_Bulk.html
        patch-share_html_Search_Elements_SelectChartType
        patch-share_html_Ticket_Elements_PreviewScrips
        patch-t_approval_admincc.t patch-t_approval_basic.t

   Log Message:
   make rt deal with perl 5.14

2 years agoPullup ticket #3588 - requested by spz
tron [Wed, 2 Nov 2011 21:50:23 +0000 (21:50 +0000)]
Pullup ticket #3588 - requested by spz
lang/perl5: security patch

Revisions pulled up:
- lang/perl5/Makefile.common                                    1.12
- lang/perl5/distinfo                                           1.79
- lang/perl5/patches/patch-cpan_Digest_Digest.pm                1.1

---
   Module Name: pkgsrc
   Committed By: spz
   Date: Sun Oct 16 20:09:42 UTC 2011

   Modified Files:
    pkgsrc/lang/perl5: Makefile.common distinfo
   Added Files:
    pkgsrc/lang/perl5/patches: patch-cpan_Digest_Digest.pm

   Log Message:
   apply the changes to just Digest.pm from:
   http://perl5.git.perl.org/perl.git/commitdiff/a2fa999d41c94d622051667d897fedca90be1828

     2011-10-02   Gisle Aas <gisle@ActiveState.com>

      Release 1.17.

      Gisle Aas (6):
         Less noisy 'git status' output
         Merge pull request #1 from schwern/bug/require_eval
         Don't clobber $@ in Digest->new [RT#50663]
         More meta info added to Makefile.PL
         Fix typo in RIPEMD160 [RT#50629]
         Add schwern's test files

      Michael G. Schwern (5):
         Turn on strict.
         Convert tests to use Test::More
         Untabify
         Turn Digest::Dummy into a real file which exercises the Digest->new() require logic.
         Close the eval "require $module" security hole in Digest->new($algorithm)

2 years agoPullup tickets #3583, #3584, #3585, #3586 and #3587.
tron [Wed, 2 Nov 2011 20:59:20 +0000 (20:59 +0000)]
Pullup tickets #3583, #3584, #3585, #3586 and #3587.

2 years agoPullup ticket #3587 - requested by tez
tron [Wed, 2 Nov 2011 20:54:05 +0000 (20:54 +0000)]
Pullup ticket #3587 - requested by tez
print/xpdf: security update

Revisions pulled up:
- print/xpdf/MESSAGE                                            1.4
- print/xpdf/Makefile                                           1.75
- print/xpdf/distinfo                                           1.40
- print/xpdf/patches/patch-aa                                   1.8
- print/xpdf/patches/patch-ab                                   deleted
- print/xpdf/patches/patch-ai                                   1.4
- print/xpdf/patches/patch-ak                                   1.6
- print/xpdf/patches/patch-al                                   1.4
- print/xpdf/patches/patch-am                                   1.3
- print/xpdf/patches/patch-an                                   deleted
- print/xpdf/patches/patch-aq                                   1.4
- print/xpdf/patches/patch-bb                                   deleted
- print/xpdf/patches/patch-bc                                   1.2
- print/xpdf/patches/patch-bd                                   deleted

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Thu Oct 27 02:35:41 UTC 2011

   Modified Files:
           pkgsrc/print/xpdf: Makefile distinfo
           pkgsrc/print/xpdf/patches: patch-aa patch-ai patch-ak patch-al patch-am
               patch-aq patch-bc
   Removed Files:
           pkgsrc/print/xpdf/patches: patch-ab patch-an patch-bb patch-bd

   Log Message:
   Update to 3.03

   Fixes multiple vulnerabilites

   Change list too long to include here, see http://www.foolabs.com/xpdf/CHANGES
   (file does not note what changes were included in 3.02pl1 - 3.02pl4 and which
    are new for 3.03)

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Thu Oct 27 14:54:41 UTC 2011

   Added Files:
           pkgsrc/print/xpdf: MESSAGE

   Log Message:
   Add MESSAGE to notify users of change in xpdfrc commands.

2 years agoPullup ticket #3586 - requested by tez
tron [Wed, 2 Nov 2011 20:37:12 +0000 (20:37 +0000)]
Pullup ticket #3586 - requested by tez
graphics/freetype2: security update

Revisions pulled up:
- graphics/freetype2/Makefile                                   1.83
- graphics/freetype2/distinfo                                   1.45

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Wed Oct 26 19:24:45 UTC 2011

   Modified Files:
           pkgsrc/graphics/freetype2: Makefile distinfo

   Log Message:
   update to 2.4.7 fixes SA46575 (CVE-2011-3256)

   CHANGES BETWEEN 2.4.6 and 2.4.7

   I. IMPORTANT BUG FIXES
    - Some vulnerabilities in handling Type 1 fonts have been fixed;
      see CVE-2011-3256.

   II. MISCELLANEOUS
    - FreeType now properly handles ZapfDingbats glyph names while
      constructing a Unicode character map (for fonts which don't have one).

2 years agoPullup ticket 3582
sbd [Wed, 2 Nov 2011 09:24:04 +0000 (09:24 +0000)]
Pullup ticket 3582

2 years agoPullup ticket #3582 - requested by tron
sbd [Wed, 2 Nov 2011 09:23:01 +0000 (09:23 +0000)]
Pullup ticket #3582 - requested by tron
net/wireshark security update

Revisions pulled up:
- net/wireshark/Makefile                                        1.70
- net/wireshark/PLIST                                           1.21
- net/wireshark/distinfo                                        1.49

---
   Module Name: pkgsrc
   Committed By: tron
   Date: Wed Nov  2 07:56:25 UTC 2011

   Modified Files:
    pkgsrc/net/wireshark: Makefile PLIST distinfo

   Log Message:
   Update "wireshark" package to version 1.6.3. Changes since version 1.6.2:
   - The following vulnerabilities have been fixed.
     o wnpa-sec-2011-17
       The CSN.1 dissector could crash. (Bug 6351)
       Versions affected: 1.6.0 to 1.6.2.
     o wnpa-sec-2011-18
       Huzaifa Sidhpurwala of Red Hat Security Response Team
       discovered that the Infiniband dissector could dereference a
       NULL pointer. (Bug 6476)
       Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.
     o wnpa-sec-2011-19
       Huzaifa Sidhpurwala of Red Hat Security Response Team
       discovered a buffer overflow in the ERF file reader. (Bug
       6479)
       Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.
   - The following bugs have been fixed:
     o Assertion failed when doing File->Quit->Save during live
       capture. (Bug 1710)
     o Wrong PCEP XRO sub-object decoding. (Bug 3778)
     o Wireshark window takes very long time to show up if invalid
       network file path is at recent file list (Bug 3810)
     o Decoding [Status Records] Timestamp Sequence Field in Bundle
       Protocol fails if over 32 bits. (Bug 4109)
     o ISUP party number dissection. (Bug 5221)
     o wireshark-1.4.2 crashes when testing the example python
       dissector because of a dissector count assertion. (Bug 5431)
     o Ethernet packets with both VLAN tag and LLC header no longer
       displayed correctly. (Bug 5645)
     o SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680)
     o Wireshark crashes when attempting to open a file via drag &
       drop when there's already a file open. (Bug 5987)
     o Adding and removing custom HTTP headers requires a restart.
       (Bug 6241)
     o Can't read full 64-bit SNMP values. (Bug 6295)
     o Dissection fails for frames with Gigamon Header and VLAN. (Bug
       6305)
     o RTP Stream Analysis does not work for TURN-encapsulated RTP.
       (Bug 6322)
     o packet-csn1.c doesn't process CSN_CHOICE entries properly.
       (Bug 6328)
     o BACnet property time-synchronization-interval (204) name shown
       incorrectly as time-synchronization-recipients. (Bug 6336)
     o GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345)
     o [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347)
     o ICMPv6 router advertisement Prefix Information Flag R "Router
       Address" missing. (Bug 6350)
     o Export -> Object -> HTTP -> save all: Error on saving files.
       (Bug 6362)
     o Inner tag of 802.1ad frames not parsed properly. (Bug 6366)
     o Added cursor type decoding to MySQL dissector. (Bug 6396)
     o Incorrect identification of UDP-encapsulated NAT-keepalive
       packets. (Bug 6414)
     o WPA IE pairwise cipher suite dissector uses incorrect
       value_string list. (Bug 6420)
     o S1AP protocol can't decode IPv6 transportLayerAddress. (Bug
       6435)
     o RTPS2 dissector doesn't handle 0 in the octestToNextHeader
       field. (Bug 6449)
     o packet-ajp13 fix, cleanup, and enhancement. (Bug 6452)
     o Network Instruments Observer file format bugs. (Bug 6453)
     o Wireshark crashes when using "Open Recent" 2 times in a row.
       (Bug 6457)
     o Wireshark packet_gsm-sms, display bug: Filler bits in TP-User
       Data Header. (Bug 6469)
     o wireshark unable to decode NetFlow options which have system
       scope size != 4 bytes. (Bug 6471)
     o Display filter Expression Dialog Box Error. (Bug 6472)
     o text_import_scanner.l missing. (Bug 6531)
   - Updated Protocol Support
     AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE
     802.11, IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP,
     S1AP, SSL
   - New and Updated Capture File Support
     Endace ERF.

2 years agoPullup tickets #3580 and #3581.
tron [Sun, 30 Oct 2011 08:56:20 +0000 (08:56 +0000)]
Pullup tickets #3580 and #3581.

2 years agoPullup ticket #3581 - requested by dholland
tron [Sun, 30 Oct 2011 08:55:32 +0000 (08:55 +0000)]
Pullup ticket #3581 - requested by dholland
x11/labltk: build fix

Revisions pulled up:
- x11/labltk/PLIST                                              1.6
- x11/labltk/PLIST.opt                                          1.4

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Sat Oct 29 21:06:51 UTC 2011

   Modified Files:
    pkgsrc/x11/labltk: PLIST PLIST.opt

   Log Message:
   Apparently at some update or other libtkanim disappeared from the ocaml
   distribution. Update PLIST here to match.

2 years agoPullup ticket #3580 - requested by dholland
tron [Sun, 30 Oct 2011 08:47:19 +0000 (08:47 +0000)]
Pullup ticket #3580 - requested by dholland
www/swiftsurf: build fix

Revisions pulled up:
- www/swiftsurf/distinfo                                        1.3
- www/swiftsurf/patches/patch-src_Makefile                      1.1

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Sat Oct 29 15:38:47 UTC 2011

   Modified Files:
    pkgsrc/www/swiftsurf: distinfo
   Added Files:
    pkgsrc/www/swiftsurf/patches: patch-src_Makefile

   Log Message:
   Fix build with current ocaml

2 years agoPullup tickets 3578 and 3579
sbd [Wed, 26 Oct 2011 00:41:04 +0000 (00:41 +0000)]
Pullup tickets 3578 and 3579

2 years agoPullup ticket #3579 - requested by tez
sbd [Wed, 26 Oct 2011 00:40:14 +0000 (00:40 +0000)]
Pullup ticket #3579 - requested by tez
security/mit-krb5 security update

Revisions pulled up:
- security/mit-krb5/Makefile                                    1.55
- security/mit-krb5/distinfo                                    1.32

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Sun Oct 23 19:58:16 UTC 2011

   Modified Files:
           pkgsrc/security/mit-krb5: Makefile distinfo

   Log Message:
   add vendor patch 2011-006-patch-r18 from MITKRB5-SA-2011-006
   this fixes CVE-2011-1528, CVE-2011-1529 & CVE-2011-4151

2 years agoPullup ticket #3578 - requested by obache
sbd [Wed, 26 Oct 2011 00:34:26 +0000 (00:34 +0000)]
Pullup ticket #3578 - requested by obache
security/cy2-scram build fix

Revisions pulled up:
- security/cy2-scram/Makefile                                   1.2

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Mon Oct 24 12:48:56 UTC 2011

   Modified Files:
    pkgsrc/security/cy2-scram: Makefile

   Log Message:
   OpenSSL is required to build.

2 years agoPullup tickets #3576 and #3577.
tron [Sun, 23 Oct 2011 16:09:23 +0000 (16:09 +0000)]
Pullup tickets #3576 and #3577.

2 years agoPullup ticket #3577 - requested by he
tron [Sun, 23 Oct 2011 16:08:46 +0000 (16:08 +0000)]
Pullup ticket #3577 - requested by he
net/ldns: security update

Revisions pulled up:
- net/ldns/Makefile                                             1.19
- net/ldns/PLIST                                                1.4
- net/ldns/distinfo                                             1.11

---
   Module Name: pkgsrc
   Committed By: he
   Date: Sat Oct 22 19:44:54 UTC 2011

   Modified Files:
    pkgsrc/net/ldns: Makefile PLIST distinfo

   Log Message:
   Update to version 1.6.11.

   Pkgsrc changes:
    o Sync PLIST, additional man page installed.

   Upstream changes:
   1.6.11 2011-09-29
    * bugfix #394: Fix socket leak on errors
    * bugfix #392: Apex only and percentage checks for ldns-verify-zone
      (thanks Miek Gieben)
    * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
    * Fix python site package path from sitelib to sitearch for pyldns.
    * Fix python api to support python2 and python3 (thanks Karel Slany).
    * bugfix #401: Correction of date/time functions algorithm and
      prevention of an infinite loop therein
    * bugfix #402: Correct the minimum and maximum number of rdata fields
      in TSIG. (thanks David Keeler)
    * bugfix #403: Fix heap overflow (thanks David Keeler)
    * bugfix #404: Make parsing APL strings more robust
      (thanks David Keeler)
    * bugfix #391: Complete library assessment to prevent assertion errors
             through ldns_rdf_size usage.
    * Slightly more specific error messaging on wrong number of rdata
      fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
      LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
    * bugfix #406: More rigorous openssl result code handling to prevent
      future crashes within openssl.
    * Fix ldns_fetch_valid_domain_keys to search deeper than just one level
             for a DNSKEY that signed a DS RR. (this function was used in the
      check_dnssec_trace nagios module)
    * bugfix #407: Canonicalize TSIG dnames and algorithm fields
    * A new output specifier to accommodate configuration of what to show
      in comment texts when converting host and/or wire-format data to
      string. All conversion to string and printing functions have a new
      version that have such a format specifier as an extra argument.
      The default is changed so that only DNSKEY RR's are annotated with
      an comment show the Key Tag of the DNSKEY.
    * Fixed the ldns resolver to not mark a nameserver unreachable when
      edns0 is tried unsuccessfully with size 4096 (no return packet came),
      but to still try TCP. A big UDP packet might have been corrupted by
      fragments dropping firewalls.
    * Update of libdns.vim (thanks Miek Gieben)
    * Added the ldnsx Python module to our contrib section, which adds even
      more pythonisticism to the usage of ldns with  Python. (Many thanks
      to Christpher Olah and Paul Wouters)
      The ldnsx module is automatically installed when --with-pyldns is
      used with configuring, but may explicitly be excluded with the
      --without-pyldnsx option to configure.
    * bugfix #410: Fix clearing out temporary data on stack in sha2.c
    * bugfix #411: Don't let empty non-terminal NSEC3s cause
      assertion failure.

2 years agoPullup ticket #3576 - requested by gls
tron [Sun, 23 Oct 2011 16:05:41 +0000 (16:05 +0000)]
Pullup ticket #3576 - requested by gls
www/moodle: security update

Revisions pulled up:
- www/moodle/Makefile                                           1.7
- www/moodle/PLIST                                              1.5
- www/moodle/distinfo                                           1.5

---
   Module Name: pkgsrc
   Committed By: gls
   Date: Sat Oct 22 11:05:31 UTC 2011

   Modified Files:
    pkgsrc/www/moodle: Makefile PLIST distinfo

   Log Message:
   Upgrade www/moodle to 2.1.2.

   Upstream changes:

   Highlights

   MDL-28729 - Numerous multi-lang fixes and improvements

   Functional changes

   MDL-28410 - Allow a single option in a Choice activity
   MDL-29394 - HTML editor format option selector hidden when there is only one option
   MDL-23520 - Option added to allow deleting of a wiki page

   Security issues:
   MSA-11-0027 to MSA-11-0035, MSA-11-0039 to MSA-11-0041.
   Fixes SA46427

   See http://docs.moodle.org/dev/Moodle_2.1.2_release_notes for complete
   release notes.

2 years agoPullup ticket #3575.
tron [Sat, 22 Oct 2011 10:06:19 +0000 (10:06 +0000)]
Pullup ticket #3575.

2 years agoPullup ticket #3575 - requested by obache
tron [Sat, 22 Oct 2011 10:05:27 +0000 (10:05 +0000)]
Pullup ticket #3575 - requested by obache
lang/sun-jdk6: security update
lang/sun-jre6: security update

Revisions pulled up:
- lang/sun-jdk6/Makefile                                        1.27
- lang/sun-jdk6/distinfo                                        1.16
- lang/sun-jre6/Makefile                                        1.33
- lang/sun-jre6/distinfo                                        1.19

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Thu Oct 20 12:28:09 UTC 2011

   Modified Files:
    pkgsrc/lang/sun-jdk6: Makefile distinfo
    pkgsrc/lang/sun-jre6: Makefile distinfo

   Log Message:
   Update sun-{jdk,jre}6 to 6.0.29, aka, 6u29.

   Changes:

   [Olson Data 2011g]
   Java SE 6u29 contains Olson time zone data version 2011g. For more information,
   refer to Timezone Data Versions in the JRE Software .

   [Skipped Version Number]
   Release Java SE 6u29 follows release Java SE 6u27. There is no publicly
   available Java SE 6u28 release. Oracle used release version 6u28 for an internal
   build, which was not necessary once the fixes delivered on Java SE 6u29 were
   released.

   [Blacklist Entries]
   This update release includes the following new entries to the Blacklist:
     * Cisco AnyConnect Mobility Client
     * Microsoft UAG Client

   [RMI Registry Issue]
   A bug in the rmiregistry command included in this release may cause unintended
   exceptions to be thrown when an RMI server attempts to bind an exported object
   which includes codebase annotations using the "file:" URL scheme. The RMI
   servers most likely to be effected are those which are invoked only by RMI
   clients executing on the same host as the server.

   RMI annotates codebase information as part of the serialized state of a remote
   object reference to assist RMI clients in loading the required classes and
   interfaces associated with the object at runtime. Exported objects which are
   looked up in the RMI registry and invoked by RMI clients running on hosts other
   than the server are usually annotated with codebase URL schemes, such as
   "http:" or "ftp:" and these should continue to work correctly.

   As a workaround, RMI servers can set the java.rmi.server.codebase property to
   use codebase URLs other than the "file:" scheme for the objects they export.

   [Bug Fixes]
   This release contains fixes for security vulnerabilities. For more information,
   please see Oracle Java SE Critical Patch Update advisory.

2 years agoPullup tickets 3573 and 3474
sbd [Sat, 22 Oct 2011 07:04:31 +0000 (07:04 +0000)]
Pullup tickets 3573 and 3474

2 years agoPullup ticket #3574 - requested by dholland
sbd [Sat, 22 Oct 2011 07:02:03 +0000 (07:02 +0000)]
Pullup ticket #3574 - requested by dholland
textproc/p5-XML-Sablotron build fix

Revisions pulled up:
- textproc/p5-XML-Sablotron/distinfo                            1.4
- textproc/p5-XML-Sablotron/patches/patch-DOM_DOM_xsh           1.1
- textproc/p5-XML-Sablotron/patches/patch-Processor_Processor_h 1.1

---
   Module Name: pkgsrc
   Committed By: dholland
   Date: Sat Oct 15 17:53:51 UTC 2011

   Modified Files:
    pkgsrc/textproc/p5-XML-Sablotron: distinfo
   Added Files:
    pkgsrc/textproc/p5-XML-Sablotron/patches: patch-DOM_DOM_xsh
        patch-Processor_Processor_h

   Log Message:
   Fix build with perl 5.14... I think. Someone who actually knows how to
   write Perl bindings should double-check this.

   XXX: This will almost certainly not work on LP64 platforms as it casts
   XXX: Perl-provided pointers to int and back. However, fixing this
   XXX: requires changing the API of the parent Sablotron package, which
   XXX: doesn't seem like a great idea at the moment.

2 years agoPullup ticket #3573 - requested by taca
sbd [Sat, 22 Oct 2011 07:01:25 +0000 (07:01 +0000)]
Pullup ticket #3573 - requested by taca
lang/php53 security update

Revisions pulled up:
- lang/php53/Makefile                                           1.18
- lang/php53/Makefile.php                                       1.9-1.10
- lang/php53/distinfo                                           1.23-1.26
- lang/php53/patches/patch-Zend_zend__builtin__functions.c      1.1-1.2
- lang/php53/patches/patch-as                                   1.1

---
   Module Name: pkgsrc
   Committed By: jklos
   Date: Thu Oct  6 05:34:00 UTC 2011

   Modified Files:
    pkgsrc/lang/php53: distinfo
   Added Files:
    pkgsrc/lang/php53/patches: patch-as

   Log Message:
   Atomic operations via gcc are not supported on many archs. Allow them only
     on amd64, powerpc, i386 and alpha.

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Thu Oct 20 12:38:24 UTC 2011

   Modified Files:
    pkgsrc/lang/php53: Makefile.php distinfo

   Log Message:
   Re-add suhosin-patch to distinfo.

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Thu Oct 20 12:39:33 UTC 2011

   Modified Files:
    pkgsrc/lang/php53: Makefile.php

   Log Message:
   Revert accidental commit with previous commit.

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Thu Oct 20 13:32:20 UTC 2011

   Modified Files:
    pkgsrc/lang/php53: Makefile distinfo
   Added Files:
    pkgsrc/lang/php53/patches: patch-Zend_zend__builtin__functions.c

   Log Message:
   Add fix for 2011-3379 from r317183 from PHP's repository.

   Bump PKGREVISION.

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Thu Oct 20 14:30:55 UTC 2011

   Modified Files:
    pkgsrc/lang/php53: distinfo
    pkgsrc/lang/php53/patches: patch-Zend_zend__builtin__functions.c

   Log Message:
   A small correction in comment text of the patch.

2 years agoPullup ticket #3572.
tron [Thu, 20 Oct 2011 04:01:35 +0000 (04:01 +0000)]
Pullup ticket #3572.

2 years agoPullup ticket #3572 - requested by sbd
tron [Thu, 20 Oct 2011 03:59:45 +0000 (03:59 +0000)]
Pullup ticket #3572 - requested by sbd
lang/python24: build fix
lang/python25: build fix
lang/python26: build fix
lang/python27: build fix
lang/python31: build fix
security/cyrus-sasl: build fix

Revisions pulled up:
- lang/python24/distinfo                                        1.36
- lang/python24/patches/patch-am                                1.7
- lang/python25/distinfo                                        1.18
- lang/python25/patches/patch-am                                1.8
- lang/python26/distinfo                                        1.39
- lang/python26/patches/patch-am                                1.17
- lang/python27/distinfo                                        1.10
- lang/python27/patches/patch-am                                1.4
- lang/python31/distinfo                                        1.4
- lang/python31/patches/patch-am                                1.3
- security/cyrus-sasl/Makefile                                  1.58

---
   Module Name: pkgsrc
   Committed By: sbd
   Date: Tue Oct 18 21:59:19 UTC 2011

   Modified Files:
    pkgsrc/lang/python24: distinfo
    pkgsrc/lang/python24/patches: patch-am
    pkgsrc/lang/python25: distinfo
    pkgsrc/lang/python25/patches: patch-am
    pkgsrc/lang/python26: distinfo
    pkgsrc/lang/python26/patches: patch-am
    pkgsrc/lang/python27: distinfo
    pkgsrc/lang/python27/patches: patch-am
    pkgsrc/lang/python31: distinfo
    pkgsrc/lang/python31/patches: patch-am
    pkgsrc/security/cyrus-sasl: Makefile

   Log Message:
   Deal with the fact that if /usr/include/ndbm.h exists on Linux it probably
   belongs to gdbm_compat.  I.E. _don't_ use ndbm on Linux.

2 years agoPullup ticket #3567.
tron [Thu, 20 Oct 2011 01:50:00 +0000 (01:50 +0000)]
Pullup ticket #3567.

2 years agoPullup ticket #3567 - requested by obache
tron [Thu, 20 Oct 2011 01:47:40 +0000 (01:47 +0000)]
Pullup ticket #3567 - requested by obache
multimedia/vlc: security patch

Revisions pulled up:
- multimedia/vlc/Makefile                                       1.118
- multimedia/vlc/distinfo                                       1.50
- multimedia/vlc/patches/patch-au                               1.9

---
   Module Name: pkgsrc
   Committed By: drochner
   Date: Fri Oct  7 12:30:17 UTC 2011

   Modified Files:
    pkgsrc/multimedia/vlc: Makefile distinfo
   Added Files:
    pkgsrc/multimedia/vlc/patches: patch-au

   Log Message:
   Add patch from upstream to fix a NULL dereference vulnerability in the
   HTTP and RTSP server component (possible DOS)

2 years agoPullup tickets #3563, #3564 and #3571.
tron [Wed, 19 Oct 2011 13:50:49 +0000 (13:50 +0000)]
Pullup tickets #3563, #3564 and #3571.

2 years agoPullup ticket #3571 - requested by sbd
tron [Wed, 19 Oct 2011 13:47:08 +0000 (13:47 +0000)]
Pullup ticket #3571 - requested by sbd
devel/poco: build fix

Revisions pulled up:
- devel/poco/distinfo                                           1.5
- devel/poco/patches/patch-build_config_Linux                   1.1

---
   Module Name: pkgsrc
   Committed By: sbd
   Date: Mon Oct 17 07:56:57 UTC 2011

   Modified Files:
    pkgsrc/devel/poco: distinfo
   Added Files:
    pkgsrc/devel/poco/patches: patch-build_config_Linux

   Log Message:
   Build a full set of shared library search paths on Linux just like "FreeBSD".

2 years agoPullup ticket #3564 - requested by obache
tron [Wed, 19 Oct 2011 13:17:20 +0000 (13:17 +0000)]
Pullup ticket #3564 - requested by obache
pkgsrc/devel/poco: build fix

Revisions pulled up:
- devel/poco/Makefile                                           1.3
- devel/poco/Makefile.common                                    1.4
- devel/poco/distinfo                                           1.3
- devel/poco/patches/patch-Foundation_include_Poco_Platform.h   1.1

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Sun Oct 16 08:18:53 UTC 2011

   Modified Files:
    pkgsrc/devel/poco: Makefile Makefile.common distinfo
   Added Files:
    pkgsrc/devel/poco/patches: patch-Foundation_include_Poco_Platform.h

   Log Message:
   Add DragonFly BSD support.
   PR pkg/45475 by Samuel J. Greear.

2 years agoPullup ticket #3563 - requested by obache
tron [Wed, 19 Oct 2011 12:41:35 +0000 (12:41 +0000)]
Pullup ticket #3563 - requested by obache
multimedia/gnash: build fix

Revisions pulled up:
- multimedia/gnash/Makefile                                     1.40

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Sat Oct 15 13:34:27 UTC 2011

   Modified Files:
    pkgsrc/multimedia/gnash: Makefile

   Log Message:
   tell boost-header and boost-lib location to configure.

2 years agoPullup tickets 3565, 3568, 3569 and 3570
sbd [Tue, 18 Oct 2011 21:39:44 +0000 (21:39 +0000)]
Pullup tickets 3565, 3568, 3569 and 3570

2 years agoPullup ticket #3570 - requested by bouyer
sbd [Tue, 18 Oct 2011 21:38:07 +0000 (21:38 +0000)]
Pullup ticket #3570 - requested by bouyer
sysutils/xenkernel41 build fix

Revisions pulled up:
- sysutils/xenkernel41/Makefile                                 1.3
- sysutils/xentools41/Makefile                                  1.12

---
   Module Name: pkgsrc
   Committed By: bouyer
   Date: Sun Oct 16 20:32:44 UTC 2011

   Modified Files:
    pkgsrc/sysutils/xenkernel41: Makefile

   Log Message:
   This builds fine on netbsd-5, so relax ONLY_FOR_PLATFORM

---
   Module Name: pkgsrc
   Committed By: bouyer
   Date: Sun Oct 16 20:33:35 UTC 2011

   Modified Files:
    pkgsrc/sysutils/xentools41: Makefile

   Log Message:
   This needs iasl to build, so depend on acpica-utils if /usr/bin/iasl
   doens't exist.

2 years agoPullup ticket #3569 - requested by tron
sbd [Tue, 18 Oct 2011 21:37:59 +0000 (21:37 +0000)]
Pullup ticket #3569 - requested by tron
databases/phpmyadmin security update

Revisions pulled up:
- databases/phpmyadmin/Makefile                                 1.92
- databases/phpmyadmin/distinfo                                 1.53

---
   Module Name: pkgsrc
   Committed By: tron
   Date: Tue Oct 18 14:58:28 UTC 2011

   Modified Files:
    pkgsrc/databases/phpmyadmin: Makefile distinfo

   Log Message:
   Update "phpmyadmin" package to version 3.4.6. Changes since version 3.4.5:
   Welcome to phpMyAdmin 3.4.6, a bugfix and minor security release.
   Please refer to the upcoming PMASA-2011-15 and -16 announcements on
   http://www.phpmyadmin.net/home_page/security/.

2 years agoPullup ticket #3568 - requested by taca
sbd [Tue, 18 Oct 2011 21:37:53 +0000 (21:37 +0000)]
Pullup ticket #3568 - requested by taca
www/typo3 security update

Revisions pulled up:
- www/typo3/Makefile                                            1.36
- www/typo3/PLIST                                               1.21
- www/typo3/distinfo                                            1.27

---
   Module Name: pkgsrc
   Committed By: taca
   Date: Tue Oct 18 13:24:37 UTC 2011

   Modified Files:
    pkgsrc/www/typo3: Makefile PLIST distinfo

   Log Message:
   Update TYPO3 package to 4.5.7.

   >From release announce:

   Dead TYPO3 community,

   the TYPO3 core team has just released TYPO3 version 4.5.7, which is now
   ready for you to download. This is a maintenance release of the LTS
   version of TYPO3v4 and contains bugfixes and a security fix which is
   only exploitable by admins.

   See this article about the new policy of security team for this situation:

   http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues/

2 years agoPullup ticket #3565 - requested by obache
sbd [Tue, 18 Oct 2011 21:37:43 +0000 (21:37 +0000)]
Pullup ticket #3565 - requested by obache
net/net-snmp build fix

Revisions pulled up:
- net/net-snmp/distinfo                                         1.63
- net/net-snmp/patches/patch-ao                                 1.3

---
   Module Name: pkgsrc
   Committed By: obache
   Date: Sun Oct 16 09:30:40 UTC 2011

   Modified Files:
    pkgsrc/net/net-snmp: distinfo
    pkgsrc/net/net-snmp/patches: patch-ao

   Log Message:
   Fixes build on DragonFly BSD (missing IFM_TOKEN).
   Based on PR pkg/45474 by Samuel J. Greear.

2 years agoPullup ticket #3566.
tron [Tue, 18 Oct 2011 09:41:11 +0000 (09:41 +0000)]
Pullup ticket #3566.