AgeCommit message (Collapse)AuthorFilesLines
2007-12-18Tickets #2250, 2251.pkgsrc-2007Q3ghen1-1/+5
2007-12-18Pullup ticket 2251 - requested by marttighen5-26/+28
latest update for clamav - pkgsrc/mail/clamav/Makefile 1.81 - pkgsrc/mail/clamav/PLIST 1.19 - pkgsrc/mail/clamav/distinfo 1.49 - pkgsrc/mail/clamav/patches/patch-ad 1.13 - pkgsrc/mail/clamav/patches/patch-ah 1.12 Module Name: pkgsrc Committed By: martti Date: Tue Dec 18 08:16:11 UTC 2007 Modified Files: pkgsrc/mail/clamav: Makefile PLIST distinfo pkgsrc/mail/clamav/patches: patch-ad patch-ah Log Message: Updated mail/clamav to 0.92 This release provides various bugfixes, optimisations and improvements to the scanning engine. The new features include support for ARJ and SFX-ARJ archives, AutoIt, basic SPF parser in clamav-milter (to reduce phishing false-positives), faster scanning and others (see ChangeLog). To get a consistent behaviour of the anti-phishing module on all platforms, libclamav now includes the regex library from OpenBSD.
2007-12-18Pullup ticket 2250 - requested by obacheghen3-3/+18
security fix for ruby-gnome2-gtk - pkgsrc/x11/ruby-gnome2-gtk/Makefile 1.10 - pkgsrc/x11/ruby-gnome2-gtk/distinfo 1.2 - pkgsrc/x11/ruby-gnome2-gtk/patches/patch-ab 1.1 Module Name: pkgsrc Committed By: obache Date: Mon Dec 17 02:59:59 UTC 2007 Modified Files: pkgsrc/x11/ruby-gnome2-gtk: Makefile distinfo Added Files: pkgsrc/x11/ruby-gnome2-gtk/patches: patch-ab Log Message: Added a patch for fixing format string vulnerability (CVE-2007-6183). Bump PKGREVISION.
2007-12-17Tickets #2208, 2212, 2217, 2221 and 2237.ghen1-1/+11
2007-12-17Pullup ticket 2212 - requested by hiraghen2-1/+15
build fix for p5-Math-Pari - pkgsrc/math/p5-Math-Pari/distinfo 1.9 - pkgsrc/math/p5-Math-Pari/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: obache Date: Sun Oct 14 08:08:53 UTC 2007 Modified Files: pkgsrc/math/p5-Math-Pari: distinfo Added Files: pkgsrc/math/p5-Math-Pari/patches: patch-ac Log Message: Fix build problem on NetBSD/i386. Patch provided by Yakovetsky Vladimir in PR 36934, same as math/pari/patches/patch-ac.
2007-12-17Pullup ticket 2221 - requested by drochnerghen2-1/+14
build fix for kphotobook - pkgsrc/graphics/kphotobook/distinfo 1.3 - pkgsrc/graphics/kphotobook/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: drochner Date: Tue Oct 30 21:24:14 UTC 2007 Modified Files: pkgsrc/graphics/kphotobook: distinfo Added Files: pkgsrc/graphics/kphotobook/patches: patch-ac Log Message: make this compile (with newer KDE/qt?), from Phil Nelson per PR pkg/37199
2007-12-17Pullup ticket 2208 - requested by tnnghen2-1/+19
build fix for sawfish - pkgsrc/wm/sawfish/distinfo 1.12 - pkgsrc/wm/sawfish/patches/patch-ac 1.3 Module Name: pkgsrc Committed By: tnn Date: Sat Oct 20 14:13:45 UTC 2007 Modified Files: pkgsrc/wm/sawfish: distinfo Added Files: pkgsrc/wm/sawfish/patches: patch-ac Log Message: Fix, hopefully, problem spotted in 2007Q3 bulk builds when using XFree86.
2007-12-17Pullup ticket 2237 - requested by mishkaghen2-2/+5
bugfix for mrtg - pkgsrc/net/mrtg/Makefile 1.83, 1.84 - pkgsrc/net/mrtg/PLIST 1.11 Module Name: pkgsrc Committed By: mishka Date: Fri Nov 9 16:41:51 UTC 2007 Modified Files: pkgsrc/net/mrtg: Makefile PLIST Log Message: SNMPv3 requires the custom library. --- Module Name: pkgsrc Committed By: mishka Date: Fri Nov 30 09:51:52 UTC 2007 Modified Files: pkgsrc/net/mrtg: Makefile Log Message: The pkgsrc developer's guide says: "... changes that do merit an increase to PKGREVISION include: Changes to the PLIST" [1]. DTRT. [1]
2007-12-17Pullup ticket 2217 - requested by joergghen2-8/+7
security update for py-django - pkgsrc/www/py-django/Makefile 1.9 - pkgsrc/www/py-django/distinfo 1.5 Module Name: pkgsrc Committed By: joerg Date: Thu Nov 1 21:24:02 UTC 2007 Modified Files: pkgsrc/www/py-django: Makefile distinfo Log Message: Update to Django 0.96.1: Fix a DOS in the i18n layer.
2007-12-17Tickets #2245-2248.ghen1-1/+9
2007-12-17Pullup ticket 2248 - requested by tronghen3-12/+24
security update for wireshark - pkgsrc/net/wireshark/Makefile 1.13 - pkgsrc/net/wireshark/PLIST 1.7 - pkgsrc/net/wireshark/distinfo 1.9 Module Name: pkgsrc Committed By: tron Date: Sat Dec 15 13:53:27 UTC 2007 Modified Files: pkgsrc/net/wireshark: Makefile PLIST distinfo Log Message: Update "wireshark" package to version 0.99.7pre2. Changes since version 0.99.6: - Fixes for the security problems reported in "wnpa-sec-2007-03" - Most of the capture code has been moved out of the GUI, which means that Wireshark no longer needs to be run as root. - Many display filter names have been cleaned up. If your favorite display filter just went missing, please consult the display filter reference to find out where it ended up. - You can now filter directly on SNMP OIDs. - IO graphs have more display options, and you can now export graphs. - You can now follow UDP streams in addition to TCP and SSL streams. - You can now disable coloring rules without deleting them. - Main window toolbar buttons are now available even when the window is small. - Optimizations have been applied in some places to make Wireshark start up and run faster. - New Protocol Support ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT, ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah, IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN, WiMAX ASN Control Plane, X.224 - Updated Protocol Support 3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP, Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT, CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI, DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS, DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE, FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP, IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS, ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP, MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2, MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER, PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP, Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP, RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB, SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP, text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX, WLCCP, X.411, X.420, X.509 SAT, XML - New and Updated Capture File Support Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks, Windows Sniffer (NetXRay)
2007-12-17Pullup ticket 2247 - requested by tronghen2-13/+7
security update for openoffice2-bin - pkgsrc/misc/openoffice2-bin/Makefile 1.34 - pkgsrc/misc/openoffice2-bin/distinfo 1.13 Module Name: pkgsrc Committed By: tron Date: Sat Dec 15 13:32:17 UTC 2007 Modified Files: pkgsrc/misc/openoffice2-bin: Makefile distinfo Log Message: Update "openoffice2-bin" package to version 2.3.1. This update provides a fix for the security vulnerability reported in CVE-2007-4575 and a lot of other bug-fixes. The complete release notes are available here:
2007-12-17Pullup ticket 2246 - requested by marttighen4-15/+16
security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97 - pkgsrc/mail/squirrelmail/PLIST 1.25 - pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46 - pkgsrc/mail/squirrelmail/ 1.7 Module Name: pkgsrc Committed By: martti Date: Fri Dec 14 20:44:35 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. --- Module Name: pkgsrc Committed By: taca Date: Sat Dec 15 13:58:12 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Log Message: Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205. Bump PKG_REVISION.
2007-12-17Pullup ticket 2245 - requested by tronghen11-143/+127
security update for mysql5 - pkgsrc/databases/mysql5-client/Makefile 1.11, 1.12, 1.14 - pkgsrc/databases/mysql5-client/Makefile.common 1.26, 1.28 - pkgsrc/databases/mysql5-client/PLIST 1.8, 1.9 - pkgsrc/databases/mysql5-client/distinfo 1.20, 1.21 - pkgsrc/databases/mysql5-client/patches/patch-ad 1.7 - pkgsrc/databases/mysql5-server/Makefile 1.20 - pkgsrc/databases/mysql5-server/PLIST 1.12 - pkgsrc/databases/mysql5-server/distinfo 1.17 - pkgsrc/databases/mysql5-server/patches/patch-ab 1.5 - pkgsrc/databases/mysql5-server/patches/patch-ak 1.4 - pkgsrc/databases/mysql5-server/patches/patch-an 1.4 Module Name: pkgsrc Committed By: rillig Date: Fri Oct 12 14:32:46 UTC 2007 Modified Files: pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo pkgsrc/databases/mysql5-client/patches: patch-ad Log Message: The file is not rebuilt anymore, so it is safe to install the documentation. PKGREVISION++ --- Module Name: pkgsrc Committed By: rillig Date: Sun Oct 14 17:43:33 UTC 2007 Modified Files: pkgsrc/databases/mysql5-client: Makefile PLIST Log Message: The file manual.chm is installed additionally, since it is much more comfortable to browse than the GNU info file. PKGREVISION++ --- Module Name: pkgsrc Committed By: tron Date: Fri Dec 14 13:36:54 UTC 2007 Modified Files: pkgsrc/databases/mysql5-client: Makefile Makefile.common distinfo pkgsrc/databases/mysql5-server: Makefile PLIST distinfo pkgsrc/databases/mysql5-server/patches: patch-ab patch-ak patch-an Log Message: Update "mysql5-client" and "mysql5-server" packages to version 5.0.51. This version fixes a lot of bugs including the security vulnerability reported in CVE-2007-5969. A complete list of the changes can be found here:
2007-12-10Ticket #2244.ghen1-1/+3
2007-12-10Pullup ticket 2244 - requested by minskimghen15-67/+73
security update for ruby-actionpack - pkgsrc/databases/ruby-activerecord/Makefile 1.10 - pkgsrc/databases/ruby-activerecord/distinfo 1.10 - pkgsrc/devel/ruby-activesupport/Makefile 1.12 - pkgsrc/devel/ruby-activesupport/distinfo 1.10 - pkgsrc/mail/ruby-actionmailer/Makefile 1.9 - pkgsrc/mail/ruby-actionmailer/distinfo 1.10 - pkgsrc/www/rails/Makefile 1.6 - pkgsrc/www/rails/PLIST 1.3 - pkgsrc/www/rails/distinfo 1.5 - pkgsrc/www/rails/patches/patch-ab 1.4 - pkgsrc/www/ruby-actionpack/Makefile 1.9, 1.10 - pkgsrc/www/ruby-actionpack/PLIST 1.10 - pkgsrc/www/ruby-actionpack/distinfo 1.10, 1.11 - pkgsrc/www/ruby-actionwebservice/Makefile 1.8 - pkgsrc/www/ruby-actionwebservice/distinfo 1.9 Module Name: pkgsrc Committed By: minskim Date: Tue Oct 16 02:56:02 UTC 2007 Modified Files: pkgsrc/devel/ruby-activesupport: Makefile distinfo Log Message: Update ruby-activesupport to 1.4.4. Changes: * Backport: allow array and hash query parameters. Array route parameters are converted/to/a/path as before. * Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read files or stdin. * Document Object#blank?. * Update Dependencies to ignore constants inherited from ancestors. * Improved multibyte performance by relying less on exception raising --- Module Name: pkgsrc Committed By: minskim Date: Tue Oct 16 03:17:32 UTC 2007 Modified Files: pkgsrc/www/ruby-actionpack: Makefile PLIST distinfo Log Message: Update ruby-actionpack to 1.13.5. Changes: * Backport: allow array and hash query parameters. Array route parameters are converted/to/a/path as before. #6765, #7047, #7462 [bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou] * Fix in place editor's setter action with non-string fields. #7418 [Andreas] * Only accept session ids from cookies, prevents session fixation attacks. * Change the resource seperator from ; to / change the generated routes to use the new-style named routes. e.g. new_group_user_path(@group) instead of group_new_user_path(@group). [pixeltrix] * Integration tests: introduce methods for other HTTP methods. #6353 [caboose] * Improve performance of action caching. Closes #8231 [skaes] * Fix errors with around_filters which do not yield, restore 1.1 behaviour with after filters. Closes #8891 [skaes] * Allow you to delete cookies with options. Closes #3685 * Deprecate pagination. Install the classic_pagination plugin for forward compatibility, or move to the superior will_paginate plugin. #8157 * Fix filtered parameter logging with nil parameter values. #8422 [choonkeat] * Integration tests: alias xhr to xml_http_request and add a request_method argument instead of always using POST. #7124 * Document caches_action. #5419 [Jarkko Laine] * observe_form always sends the serialized form. #5271 * Update UrlWriter to accept :anchor parameter. Closes #6771. [octopod] * Replace the current block/continuation filter chain handling by an implementation based on a simple loop. Closes #8226 [Stefan Kaes] * Return the string representation from an Xml Builder when rendering a partial. #5044 [tpope] * Cleaned up, corrected, and mildly expanded ActionPack documentation. Closes #7190 [jeremymcanally] * Small collection of ActionController documentation cleanups. Closes #7319 * Performance: patch cgi/session/pstore to require digest/md5 once rather than per #initialize. #7583 [Stefan Kaes] * Deprecation: verification with :redirect_to => :named_route shouldn't be deprecated. #7525 [Justin French] --- Module Name: pkgsrc Committed By: minskim Date: Tue Oct 16 03:05:39 UTC 2007 Modified Files: pkgsrc/databases/ruby-activerecord: Makefile distinfo Log Message: Update ruby-activerecord to 1.15.5. Changes: * Depend on Action Pack 1.4.4 * Fix #count on a has_many :through association so that it recognizes the :uniq option. Closes #8801 [lifofifo] * Don't clobber includes passed to has_many.count [danger] * Make sure has_many uses :include when counting [danger] * Save associated records only if the association is already loaded. #8713 * Changing the :default Date format doesn't break date quoting. #6312 * Allow nil serialized attributes with a set class constraint. #7293 * belongs_to assignment creates a new proxy rather than modifying its target in-place. #8412 [] * Fix column type detection while loading fixtures. Closes #7987 [roderickvd] * Document deep eager includes. #6267 [Josh Susser, Dan Manges] * Oracle: extract column length for CHAR also. #7866 [ymendel] * Small additions and fixes for ActiveRecord documentation. Closes #7342 * SQLite: binary escaping works with $KCODE='u'. #7862 [tsuka] * Improved cloning performance by relying less on exception raising #8159 --- Module Name: pkgsrc Committed By: minskim Date: Tue Oct 16 03:26:23 UTC 2007 Modified Files: pkgsrc/mail/ruby-actionmailer: Makefile distinfo Log Message: Update ruby-actionmailer to 1.3.5. Changes: * Depend on Action Pack 1.13.5 --- Module Name: pkgsrc Committed By: minskim Date: Tue Oct 16 03:31:02 UTC 2007 Modified Files: pkgsrc/www/ruby-actionwebservice: Makefile distinfo Log Message: Update ruby-actionwebservice to 1.2.5. Changes: * Depend on Action Pack 1.13.5 * Depend on Active Record 1.15.5 --- Module Name: pkgsrc Committed By: minskim Date: Tue Oct 16 04:03:43 UTC 2007 Modified Files: pkgsrc/www/rails: Makefile PLIST distinfo pkgsrc/www/rails/patches: patch-ab Log Message: Update rails to 1.2.5. Changes: * Correct RAILS_GEM_VERSION regexp. Use =version gem requirement instead of ~>version so you don't get surprised by a beta gem in production. This change means upgrading to 1.2.5 will require a boot.rb upgrade. * Move custom inflections example so available before route generation. * Add a new rake task to aid debugging of named routes. * use Gem.find_name instead of search when freezing gems. Prevent false positives for other gems with rails in the name. Closes #8729 [wselman] * Fix syntax error in dispatcher than wrecked failsafe responses. * Add Active Resource to rails:freeze:edge and drop Action Web Service. * Give generate scaffold a more descriptive database message. Closes #7316 * Canonicalize RAILS_ROOT by using File.expand_path on Windows, which doesn't have to worry about symlinks, and Pathname#realpath elsewhere, which respects symlinks in relative paths but is incompatible with Windows. #6755 [Jeremy Kemper, trevor] --- Module Name: pkgsrc Committed By: minskim Date: Mon Dec 10 05:47:03 UTC 2007 Modified Files: pkgsrc/www/ruby-actionpack: Makefile distinfo Log Message: Update ruby-actionpack to 1.13.6. Changes: * Correct Broken Fix for session_fixation attacks * Ensure that cookies handle array values correctly. Closes #9937 [queso]
2007-12-06Tickets #2240, 2241, 2243.ghen1-2/+8
2007-12-06Pullup ticket 2243 - requested by tacaghen2-5/+13
bugfix update for squirrelmail (squirrelmail-japanese option) - pkgsrc/mail/squirrelmail/distinfo 1.44 - pkgsrc/mail/squirrelmail/ 1.6 Module Name: pkgsrc Committed By: taca Date: Wed Dec 5 11:25:57 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: distinfo Log Message: Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
2007-12-06Pullup ticket 2241 - requested by tacaghen3-26/+7
security update for squid - pkgsrc/www/squid/Makefile 1.197-1.199 - pkgsrc/www/squid/distinfo 1.135 - pkgsrc/www/squid/patches/patch-av removed Module Name: pkgsrc Committed By: wiz Date: Mon Nov 12 00:15:00 UTC 2007 Modified Files: pkgsrc/www/squid: Makefile Log Message: Remove from MASTER_SITES, doesn't resolve. From Zafer Aydogan in PR 37341. --- Module Name: pkgsrc Committed By: wiz Date: Sun Dec 2 11:46:11 UTC 2007 Modified Files: pkgsrc/www/squid: Makefile Log Message: Remove Ex-MASTER_SITE. From Zafer Aydogan. --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 2 14:47:08 UTC 2007 Modified Files: pkgsrc/www/squid: Makefile distinfo Removed Files: pkgsrc/www/squid/patches: patch-av Log Message: Update squid package to 2.6.17 (2.6.STABLE17). Changes to squid-2.6.STABLE17 (26 Nov 2007) - Fix compile error with old GCC 2.x or other ANSI-C compilers before C99 - Mention the login= cache_peer option in release notes - Fix bad cache_peer example in squid.conf - Bug #2086: Fix a compile-time memory corruption error causing cf_gen to fail - Bug #2048: Clarify high_memory_warning usage - Reject DNS responses which result in no data - Fix version number in configuration manual - Move cache and request/reply_header_max_size to their proper sections - Bug #2088: sbrk statistics broken when process size >2GB - Move logopen() much earlier to have fatal startup errors sent to the proper syslog facility - Fix HTTP/0.9 responses - Correct bad example config for tos_outgoing_tos - Fix grammar in description of mail_program squid.conf option - Ignore Content-Length in chunked responses instead of rejecting the response as invalid - Documented that http_port no longer have a default - Cleanup of cache digest documentation - Make aufs store rebuilding back off a little if I/O load too high - Bug #2100: Respect DNS ttl=0 - Update udp_(incoming|outgoing)_address documentation to reflect current bahaviour. - Update HTCP documentation - Document the overlapping helper request format - Change priority of proxy auth and extacl provided username in login=*:pass - pack header entries on cache updates - Make squid_db_auth reopen the database connection on each query by default - Improve helper debug ouput, including the channel number - Update cachePeerEntry MIB description to mention what is used as index key - Import squid_radius_auth for authenticating to RADIUS
2007-12-06Pullup ticket 2240 - requested by adrianpghen2-6/+8
security update for drupal - pkgsrc/www/drupal/Makefile 1.25 - pkgsrc/www/drupal/distinfo 1.18 Module Name: pkgsrc Committed By: adrianp Date: Wed Dec 5 23:16:19 UTC 2007 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: This release fixes a security vulnerability. Sites are urged to upgrade immediately. For more details, please see the security announcement: * SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release: * 178478 by scor: typo in text displyed when the DB is installed but not accessible * Patch 122759 by Robrecht: fixed broken query in upgrade path. * 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited * Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level. * 184668 by hazexp, Remove unnecessary ';' * Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql(). * 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module * 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered. * 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in * Patch 168829 by Neil Drumm: fixed link in documentation. * 165924 by odious. Use accurate count query for user list. * 187601 by Bart Jansens. Use correct HTTP status codes for redirects. * 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected * 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
2007-12-05Ticket #2239.ghen1-1/+3
2007-12-05Pullup ticket 2239 - requested by adrianpghen5-36/+7
security update for php5 - pkgsrc/lang/php5/Makefile 1.62 - pkgsrc/lang/php5/Makefile.common 1.28 - pkgsrc/lang/php5/distinfo 1.50 - pkgsrc/lang/php5/patches/patch-ao removed - pkgsrc/lang/php5/patches/patch-ar removed Module Name: pkgsrc Committed By: adrianp Date: Fri Nov 23 13:20:01 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Removed Files: pkgsrc/lang/php5/patches: patch-ao patch-ar Log Message: Update to 5.2.5 * Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see:
2007-12-05Ticket #2238.ghen1-1/+3
2007-12-05Pullup ticket 2238 - requested by marttighen5-42/+37
security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.95 - pkgsrc/mail/squirrelmail/PLIST 1.24 - pkgsrc/mail/squirrelmail/ 1.17 - pkgsrc/mail/squirrelmail/distinfo 1.43 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.14 Module Name: pkgsrc Committed By: martti Date: Wed Dec 5 07:11:29 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Log Message: Updated mail/squirrelmail to 1.4.12 NOTE: includes a critical bug fix in the attachment handling - Enabled user selection of address format when adding from address book during message composition. - Fixed issue with adding attachments in PHP 4.x environments (#1805471). - Backport size setting on "newmail" popup window. - Added a "short_open_tag" configuration test. - Undefined notice in error message box when no default folder prefix is set. - Undefined index error when downloading. Possibly caused by using tabs and opening multiple mailboxes. - PAGE_NAME might not be defined in all plugins, which might cause a "not defined" error on session timeouts. - Fixed outgoing messages to allow addresses such as "0@..." or "000@...", etc. (#1818398). - Fixed issue with in-reply-to and reference headers not being retained on reply (#1810659). - Revived logout_error hook (#1800015). - Allow custom session handlers to work correctly (and be defined at the application level with SquirrelMail). - Fix off-by-one in bodystructure parsing triggered by servers sending a body location part (e.g. Sun Java System Messaging Server). Thanks John Callahan (#1808382). - Invalid initialization of To: header (#1772893). - Includes cleanup in include/validate.php. - Cleanup in multiple files to remove unneeded includes. - Added sort by size (#812233 and #159997, plus multiple list requests). Patch provided by Christopher E. Brown. - Fix bug in sitewide SMTP settings still using authenticated user, rather than configured settings (#1835942). - Fixed mailto: functionality. - Added mailto: link handling when viewing messages. - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions
2007-12-03Tickets #2232, 2233, 2234.ghen1-1/+7
2007-12-03Pullup ticket 2234 - requested by adrianpghen2-6/+6
security update for ircservices - pkgsrc/chat/ircservices/Makefile 1.31 - pkgsrc/chat/ircservices/distinfo 1.13 Module Name: pkgsrc Committed By: adrianp Date: Sat Nov 24 00:47:37 UTC 2007 Modified Files: pkgsrc/chat/ircservices: Makefile distinfo Log Message: Update to 5.0.63 2007/06/10 .62 Backported 5.1 fix for a bug allowing guest nicknames to be linked. This release fixes two security-related bugs discovered in version 5.1 which are also present in 5.0.
2007-12-03Pullup ticket 2233 - requested by adrianpghen3-2/+165
security fix for cups - pkgsrc/print/cups/Makefile 1.127-1.128 - pkgsrc/print/cups/distifno 1.53 - pkgsrc/print/cups/patches/patch-au 1.9 Module Name: pkgsrc Committed By: dsainty Date: Mon Oct 22 11:56:46 UTC 2007 Modified Files: pkgsrc/print/cups: Makefile Log Message: Fix the output of "cups-config --ldflags" to output "-Wl,-R/usr/pkg" like other config scripts do. Bump PKGREVISION since client software may not correctly build or run without this fix. --- Module Name: pkgsrc Committed By: adrianp Date: Mon Nov 5 20:16:19 UTC 2007 Modified Files: pkgsrc/print/cups: Makefile distinfo Added Files: pkgsrc/print/cups/patches: patch-au Log Message: Fix for CVE-2007-4351 PKGREVISION++
2007-12-03Pullup ticket 2232 - requested by adrianpghen3-17/+20
security update for mantis - pkgsrc/devel/mantis/Makefile 1.28 - pkgsrc/devel/mantis/PLIST 1.10 - pkgsrc/devel/mantis/distinfo 1.10 Module Name: pkgsrc Committed By: adrianp Date: Sat Oct 27 22:31:10 UTC 2007 Modified Files: pkgsrc/devel/mantis: Makefile PLIST distinfo Log Message: Update to 1.0.8 - 0007902: [bugtracker] constant_inc is missing statement in 1.0.7 (vboctor) - 0008020: [installation] Port 7907: Allow using system adodb (giallu) - 0008029: [localization] Spelling mistake in value of string $s_by_severity file lang/strings_spanish.txt (giallu) - 0008019: [other] Port 5333: Invalid zip file core/adodb/ in CVS (giallu) - 0007939: [rss] Port 7738: Replace non free RSS creation class (vboctor) 2007.04.04 - 1.0.7 - 0007743: [security] Port: CVE-2006-6574 (vboctor) - 0007772: [security] email notifications bypass security on custom fields (vboctor) - 0007784: [security] XSS vulnerabilities (vboctor) - 0007774: [custom fields] custom fields not stored correctly in bug history (vboctor) - 0007783: [filters] Port: Dynamic filter selection (XMLHTTPRequest) broken when using IE7 (vboctor)
2007-11-30Pullup ticket 2229 - requested by ghensalo4-10/+10
security update for openldap Revisions pulled up: - pkgsrc/databases/openldap/Makefile 1.122 - pkgsrc/databases/openldap/Makefile.common 1.11 - pkgsrc/databases/openldap/distinfo 1.59 - pkgsrc/databases/openldap-doc/Makefile 1.8 Module Name: pkgsrc Committed By: ghen Date: Sun Nov 18 19:46:16 UTC 2007 Modified Files: pkgsrc/databases/openldap: Makefile Makefile.common distinfo pkgsrc/databases/openldap-doc: Makefile Log Message: Update openldap packages to 2.3.39, the latest stable release. The next stable release will be 2.4.x. OpenLDAP 2.3.39 Release (2007/10/26) Fixed slapd database/overlay config conflict (ITS#4848) Fixed slapd password_hash config order (ITS#5082) Fixed slapd slap_mods_check bug (ITS#5119) Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873) Fixed slapd ordered values add normalization issue (ITS#5136) Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118) Fixed slapd-ldap search control parsing (ITS#5138) Fixed slapd-ldap SASL idassert w/o authcId Fixed slapd-ldif directory separators in DN (ITS#5172) Fixed slapd-meta conn caching on bind failure (ITS#5154) Fixed slapd-meta bind timeout assertion (ITS#5185) Fixed slapd-sql concurrency issue (ITS#5095) Fixed slapo-chain double-free (ITS#5137) Fixed slapo-pcache and -rwm interaction fix (ITS#4991) Fixed slapo-pcache non-null terminated array crasher (ITS#5163) Fixed slapo-rwm modlist handling (ITS#5124) Fixed slapo-rwm UUID in filter (ITS#5168) Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864) Fixed liblber Windows x64 portability (ITS#5105) Fixed libldap ppolicy control creation (ITS#5103) Build Environment Fixed termios macro check (ITS#4880) Updated Makefiles Documentation Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134) Added slapd-sql(5) empty oc mapping workaround (ITS#4785) Added max-depth/return-error to slapo-chain(5) slapadd/slapindex note about file ownership (ITS#5166) slapcat note about using against running slapd (ITS#5028) Fixed Admin Guide URL in README (ITS#5107)
2007-11-22Ticket #2231.ghen1-1/+3
2007-11-22Pullup ticket 2231 - requested by adrianpghen3-15/+15
security update for apache-tomcat - pkgsrc/www/apache-tomcat55/Makefile 1.12 - pkgsrc/www/apache-tomcat55/PLIST 1.4 - pkgsrc/www/apache-tomcat55/distinfo 1.5 Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 20 22:13:30 UTC 2007 Modified Files: pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo Log Message: Update to 5.5.25 Fix install permissions to silence checkperms In brief: Fix WebDAV Servlet so it works correctly with MS clients. (markt) Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host Manager. Reported by Daiki Fukumori. (markt) Fix NPE when a ResourceLink in context.xml tries to override an env-entry in web.xml. (markt) Fix XSS security vulnerabilities (CVE-2007-2449) in the examples. Reported by Toshiharu Sugiyama. (markt) Add some additional mime-type mappings. (markt) Ensure JARs in webapps are scanned for TLDs when the Tomcat installation path contains spaces. (markt) Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs) For all the details see:
2007-11-16Ticket #2228.ghen1-1/+3
2007-11-16Pullup ticket 2228 - requested by tronghen38-19291/+424
security update for samba - pkgsrc/net/samba/Makefile 1.175-1.177 - pkgsrc/net/samba/Makefile.patches 1.5-1.6 - pkgsrc/net/samba/PLIST 1.37 - pkgsrc/net/samba/distinfo 1.55-1.57 - pkgsrc/net/samba/ 1.22 - pkgsrc/net/samba/patches/patch-ag 1.7 - pkgsrc/net/samba/patches/patch-ai removed - pkgsrc/net/samba/patches/patch-aj removed - pkgsrc/net/samba/patches/patch-al removed - pkgsrc/net/samba/patches/patch-am removed - pkgsrc/net/samba/patches/patch-au 1.7 - pkgsrc/net/samba/patches/patch-au 1.7 - pkgsrc/net/samba/patches/patch-av 1.3 - pkgsrc/net/samba/patches/patch-ay 1.3 - pkgsrc/net/samba/patches/patch-ba 1.5-1.6 - pkgsrc/net/samba/patches/patch-bb removed - pkgsrc/net/samba/patches/patch-bc 1.2 - pkgsrc/net/samba/patches/patch-bd 1.3 - pkgsrc/net/samba/patches/patch-be 1.3 - pkgsrc/net/samba/patches/patch-bf removed - pkgsrc/net/samba/patches/patch-bh 1.3 - pkgsrc/net/samba/patches/patch-bi 1.5 - pkgsrc/net/samba/patches/patch-bj removed - pkgsrc/net/samba/patches/patch-bk removed - pkgsrc/net/samba/patches/patch-bo 1.4 - pkgsrc/net/samba/patches/patch-bp 1.4 - pkgsrc/net/samba/patches/patch-br 1.3 - pkgsrc/net/samba/patches/patch-bs 1.4 - pkgsrc/net/samba/patches/patch-bt 1.3 - pkgsrc/net/samba/patches/patch-bu 1.5 - pkgsrc/net/samba/patches/patch-bw 1.4 - pkgsrc/net/samba/patches/patch-bx removed - pkgsrc/net/samba/patches/patch-by removed - pkgsrc/net/samba/patches/patch-bz removed - pkgsrc/net/samba/patches/patch-ca 1.4 - pkgsrc/net/samba/patches/patch-ce 1.1 - pkgsrc/net/samba/patches/patch-cf 1.1 - pkgsrc/net/samba/patches/patch-cg 1.1 - pkgsrc/net/samba/patches/patch-ch 1.1 Module Name: pkgsrc Committed By: taca Date: Sun Oct 28 07:28:51 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile Makefile.patches PLIST distinfo pkgsrc/net/samba/patches: patch-ag patch-at patch-au patch-av patch-ay patch-ba patch-bc patch-bd patch-be patch-bh patch-bi patch-bo patch-bp patch-br patch-bs patch-bt patch-bu patch-bw patch-ca Added Files: pkgsrc/net/samba/patches: patch-ce patch-cf patch-cg patch-ch Removed Files: pkgsrc/net/samba/patches: patch-ai patch-aj patch-al patch-am patch-bb patch-bf patch-bj patch-bk patch-bx patch-by patch-bz Log Message: Update samba to 3.0.26a. pkgsrc change: Add support for DESTDIR. Changes from 3.0.24 are huge, please refer WHATSNEW.txt. <> --- Module Name: pkgsrc Committed By: rillig Date: Tue Nov 6 00:47:53 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile distinfo pkgsrc/net/samba/patches: patch-ba Log Message: Fixed an expansion of @mandir@ that accidentally got into patch-ba in revision 1.5. PKGREVISION++ --- Module Name: pkgsrc Committed By: tron Date: Fri Nov 16 11:41:38 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile Makefile.patches distinfo Log Message: Apply security fixes for CVE-2007-4572 and CVE-2007-5398 released by the Samba project. Bump package revision.
2007-11-15Ticket #2227.ghen1-1/+3
2007-11-15Pullup ticket 2227 - requested by tronghen4-19/+18
security update for thunderbird - pkgsrc/mail/thunderbird/Makefile 1.30 via patch - pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.31 - pkgsrc/mail/thunderbird/distinfo 1.42 - pkgsrc/mail/thunderbird/patches/patch-ac 1.8 Module Name: pkgsrc Committed By: tron Date: Thu Nov 15 15:05:23 UTC 2007 Modified Files: pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common distinfo pkgsrc/mail/thunderbird/patches: patch-ac Log Message: Update "thunderbird" package to version It fixes the following security problems: - MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows - MFSA 2007-29 Crashes with evidence of memory corruption (rv:
2007-11-14Ticket #2224.ghen1-1/+3
2007-11-14Pullup ticket 2224 - requested by markdghen2-4/+7
security fix for kdegraphics3 - pkgsrc/graphics/kdegraphics3/Makefile 1.75 via patch - pkgsrc/graphics/kdegraphics3/distinfo 1.48 via patch Module Name: pkgsrc Committed By: markd Date: Thu Nov 8 21:30:57 UTC 2007 Modified Files: pkgsrc/graphics/kdegraphics3: Makefile distinfo Log Message: Another xpdf issue
2007-11-13Ticket #2225.ghen1-1/+3
2007-11-13Pullup ticket 2225 - requested by tronghen3-15/+38
security update for phpmyadmin - pkgsrc/databases/phpmyadmin/Makefile 1.62 - pkgsrc/databases/phpmyadmin/PLIST 1.18 - pkgsrc/databases/phpmyadmin/distinfo 1.30 Module Name: pkgsrc Committed By: tron Date: Mon Nov 12 14:05:26 UTC 2007 Modified Files: pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo Log Message: Update "phpmyadmin" package to version Change since version 2.10.2: - creating VIEWs from query results - managing triggers, procedures and functions - supports MySQL 5.0.37 query profiling - improved interface for servers hosting thousands of databases and tables. - security fixes for PMASA-2007-5, PMASA-2007-6 and PMASA-2007-7
2007-11-12Ticket #2223.ghen1-1/+3
2007-11-12Pullup ticket 2223 - requested by markdghen2-4/+7
security fix for koffice - pkgsrc/misc/koffice/Makefile 1.98 - pkgsrc/misc/koffice/distinfo 1.43 Module Name: pkgsrc Committed By: markd Date: Thu Nov 8 21:36:03 UTC 2007 Modified Files: pkgsrc/misc/koffice: Makefile distinfo Log Message: Another xpdf issue PKGREVISION++
2007-11-07Pullup ticket 2222 - requested by drochnerghen3-3/+65
security fix for perl - pkgsrc/lang/perl5/Makefile 1.129 - pkgsrc/lang/perl5/distinfo 1.43 - pkgsrc/lang/perl5/patches/patch-da 1.1 Module Name: pkgsrc Committed By: drochner Date: Tue Nov 6 19:54:53 UTC 2007 Modified Files: pkgsrc/lang/perl5: Makefile distinfo Added Files: pkgsrc/lang/perl5/patches: patch-da Log Message: add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl.
2007-11-04Ticket #2219.ghen1-1/+3
2007-11-04Pullup ticket 2219 - requested by tnnghen8-17/+20
security update for libpurple/pidgin/finch - pkgsrc/chat/finch/Makefile 1.9 - pkgsrc/chat/finch/PLIST 1.4 - pkgsrc/chat/libpurple/Makefile.common 1.7 - pkgsrc/chat/libpurple/PLIST 1.7 - pkgsrc/chat/libpurple/ 1.4 - pkgsrc/chat/libpurple/distinfo 1.10 - pkgsrc/chat/pidgin/ 1.4 - pkgsrc/chat/pidgin/distinfo 1.6 Module Name: pkgsrc Committed By: tnn Date: Sat Nov 3 15:59:18 UTC 2007 Modified Files: pkgsrc/chat/finch: Makefile PLIST pkgsrc/chat/libpurple: Makefile.common PLIST distinfo pkgsrc/chat/pidgin: pkgsrc/chat/pidgin-silc: distinfo Log Message: Update pidgin IM suite to 2.2.2 for the CVE-2007-4999 fix. (A remote user can cause a DoS by sending a message with invalid HTML.) version 2.2.2 (10/23/2007): NOTE: Due to the way this release was made, it is possible that bugs marked as fixed in 2.2.1 or 2.2.2 will not be fixed until the next release. * Various bug and memory leak fixes
2007-11-04Ticket #2218.ghen1-1/+3
2007-11-04Pullup ticket 2218 - requested by joergghen3-1/+29
build fix for shared-mime-info - pkgsrc/databases/shared-mime-info/distinfo patch - pkgsrc/databases/shared-mime-info/patches/patch-ab 1.3 via patch - pkgsrc/databases/shared-mime-info/patches/patch-ac 1.1 via patch Module Name: pkgsrc Committed By: joerg Date: Sat Nov 3 16:37:44 UTC 2007 Modified Files: pkgsrc/databases/shared-mime-info: distinfo Added Files: pkgsrc/databases/shared-mime-info/patches: patch-ab patch-ac Log Message: Remove INCOMPAT_GETTEXT and the automatic rebuilding of the PO files. This fixes the build on older NetBSD systems in a clean way.
2007-10-30Revert last change - wrong branch.is3-12/+8
2007-10-30Make the memsup port program compile, so that the PLIST ist correct onis3-8/+12
NetBSD-4 (at least). Else pkg_sync and pkg_tarup won't work.