Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Dec 13, 2004
  1. #171

    salo authored
  2. Pullup ticket 171 - requested by Havard Eidnes

    salo authored
    security fix for imlib
    
            Module Name:    pkgsrc
            Committed By:   tron
            Date:           Sat Nov 27 08:09:38 UTC 2004
    
            Modified Files:
                    pkgsrc/graphics/imlib: Makefile
    
            Log Message:
            Remove me as maintainer of this package.
    ---
            Module Name:    pkgsrc
            Committed By:   adam
            Date:           Fri Dec  3 13:42:47 UTC 2004
    
            Modified Files:
                    pkgsrc/graphics/imlib: Makefile distinfo
                    pkgsrc/graphics/imlib/patches: patch-ag patch-ah
    
            Log Message:
            Changes 1.9.15:
            * Minor bug fixes
    ---
            Module Name:    pkgsrc
            Committed By:   salo
            Date:           Fri Dec 10 09:30:42 UTC 2004
    
            Modified Files:
                    pkgsrc/graphics/imlib: Makefile buildlink3.mk distinfo
                    pkgsrc/graphics/imlib/patches: patch-ab patch-ai
            Added Files:
                    pkgsrc/graphics/imlib/patches: patch-aj patch-ak patch-al
                        patch-am patch-an patch-ao
    
            Log Message:
            Bump PKGREVISION, security fix:
    
            "Multiple buffer overflows in imlib 1.9.14 and earlier, which is
            used by gkrellm and several window managers, allow remote attackers
            to execute arbitrary code via certain image files."  (1.9.15 is also
            affected)
    
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
    
            Patch from Pavel Kankovsky.
  3. #168

    salo authored
  4. Pullup ticket 168 - requested by Todd Vierling.

    salo authored
    security fix for ssmtp
    
            Module Name:	pkgsrc
            Committed By:	tv
            Date:		Fri Oct 22 14:45:47 UTC 2004
    
            Modified Files:
            	pkgsrc/mail/ssmtp: Makefile distinfo
            	pkgsrc/mail/ssmtp/patches: patch-ab
    
            Log Message:
            Update to 2.61, and obey USE_INET6. Change highlights:
    
              * Fixed two format string vulnerabilities (die() and log_event())
                (Closes: #243945)
    
              * Segfaults when trying to send mail with authenticated smtp
                (Closes: #261975)
              * Make address rewriting possible to disable (Closes: #146238)
              * Add AuthUser, AuthPass, AuthMethod to configuration file
                (Closes: #249905)
              * Logic to choose cram-md5 authentication is backwards
                (Closes: #249907)
              * SSMTP builds with MD5 support but during the exchange it
                segfaults (Closes: #249203)
              * The source compilaton fails if ./configure --enable-logfile
                is selected (Closes: #242905)
              * SSL/TLS support cannot handle STARTTLS (Closes: #244666)
              * Creates bad date headers on some systems (Closes: #230864)
              * Fix 'MAIL FROM' problems with cron and the like setting bad
                'From:' address when FromLineOverride=YES is set (Closes: #205513)
              * Update version string in ssmtp.c (Closes: #198763)
              * Work around missing spaces in headers (Closes: #192445)
Commits on Dec 7, 2004
  1. #165

    salo authored
  2. Pullup ticket 165 - requested by Julio M. Merino Vidal

    salo authored
    MASTER_SITES fix for shared-mime-info
    
            Module Name:	pkgsrc
            Committed By:	sketch
            Date:		Fri Nov 26 17:20:07 UTC 2004
    
            Modified Files:
            	pkgsrc/databases/shared-mime-info: Makefile
    
            Log Message:
            Correct URL to distfile, from Alexis Robert.
Commits on Dec 1, 2004
  1. 161.

    snj authored
  2. Pullup ticket 161 - Requested by Jan Schaumann

    snj authored
    security fix for sun-jre14 and sun-jdk14
    
    Module Name:	pkgsrc
    Committed By:	tv
    Date:		Tue Oct  5 22:09:23 UTC 2004
    
    Modified Files:
    	pkgsrc/lang/sun-jdk13: Makefile PLIST
    	pkgsrc/lang/sun-jdk14: Makefile PLIST pkgsrc/lang/sun-jdk15: Makefile PLIST
    	pkgsrc/lang/sun-jre13: Makefile PLIST
    	pkgsrc/lang/sun-jre14: Makefile PLIST
    	pkgsrc/lang/sun-jre15: Makefile PLIST
    
    Log Message:
    Expand the JAVA_WRAPPERS definitions for the sun-j{re,dk}* packages.
    This adds many commonly used tools to $PREFIX/bin, such as keytool,
    rmiregistry, rmic, idlj, etc.
    ---
    Module Name:	pkgsrc
    Committed By:	tv
    Date:		Mon Oct 11 14:07:38 UTC 2004
    
    Modified Files:
    	pkgsrc/lang/blackdown-jdk13: Makefile PLIST
    	pkgsrc/lang/jdk: Makefile PLIST
    	pkgsrc/lang/sun-jdk13: Makefile PLIST
    	pkgsrc/lang/sun-jdk14: Makefile PLIST
    	pkgsrc/lang/win32-jdk: PLIST
    
    Log Message:
    Fix the "jre" symlink in the various Sun-based JDK packages; it was wrong
    for quite some time after the ${PREFIX}/java migration.  Since pkgsrc now
    has proper symlink handling in pkg_install, this can now be a simple
    PLIST entry rather than an @exec/@unexec pair.
    ---
    Committed By:   jschauma
    Date:           Thu Oct 14 14:32:32 UTC 2004
    
    Modified Files:
            pkgsrc/lang/sun-jdk14: Makefile distinfo
            pkgsrc/lang/sun-jre14: Makefile Makefile.common PLIST distinfo
    
    Log Message:
    Tell people to fetch the JCE file if necessary.
    Update sun-j*4 to 14-2.6 (aka sun-jdk/jre version 1.4.2_06).
    Bugs fixed since last according to
    http://java.sun.com/j2se/1.4.2/ReleaseNotes.html:
    - jResourceBundle holds ClassLoader references using SoftReference (not weak)
    - enablev006: JVMPI_EVENT_ OBJECT_ALLOC request crashes Server VM
    - Update cacerts with new VeriSign ca certs
    - (so) Selector.select() throws CancelledKeyException
    - Internal Error occurs during offet conversion of byte code in rewrite/relocate
    - SEGV in MapLoops test
    - REGRESSION 1.4: PropertyDescriptors do not find the most specific methods
    - REGRESSION 1.5: Introspector.getBeanInfo throws NPE if a primitive type is passed
    - CMS: vtest died with tiger b26
    - JVM crashes during deoptimization phase
    - CMS thread/SLT deadlock problem
    - Unable to create Logger during JVM shutdown
    - 64bit j2sdk1.4.2_01 and j2sdk1.4.2_03 dump core with oracle 64bit jdbc oci driver
    - Cannot set different runtime parameters for different 1.4.2_x versions
    - "java_g -version" dies on an assertion on RH9.0 and RHEL 3.0
    - 1.4.2_05: 3 JCK tests failing with -Xcheck:jni flag on Linux
    - RH Enterprise 3 and Suse Ent 8 server / desktop asian font properties needed
    - Clent VM crash while compiling a large JSP generated method
    - NullPointerException in reading an rtf-file into a javax.swing.text.rtf.RTFEdito
    - RTFEditorKit wrongly parses rtf if fontname has unicode characters
    - 1.4.2_04 Server VM - C2 crash in PhaseCFG::ScheduleLate on Solaris
    - bf) Direct memory cannot be unreserved while reserving thread sleeps
    - Hotspot compiler changes behaviour of program
    - VM segv's running jvmti/jvmpi profiler
    - J2SE 1.4.2 cannot display certain awt components in Asian characters in RH2.1 AS
    - exception thows from jconsole when run any GUI which works fine with jdk1.4.x
    - Can not eliminate implicit null checks for method invocations based on profile
    - Regression 1.4.2_06b1 4937429 failing. cacerts in javaws and security dirs diffe
    - /api/javax_swing/ SwingUtilities/descriptions.html fails for JCK14a, 1.4.2_06b1
    - Regression:4683022 fails for 1.4.2_06-b01
    - REGRESSION: ResourceBundle.getBundle(String, Locale) is broken in jdk 1.4.2_05
  3. 157.

    snj authored
  4. Pullup ticket 157 - requested by Havard Eidnes

    snj authored
    security fix for thunderbird and thunderbird-gtk2
    
    Module Name:    pkgsrc
    Committed By:   kristerw
    Date:           Thu Nov  4 20:06:34 UTC 2004
    
    Modified Files:
            pkgsrc/mail/thunderbird: distinfo
            pkgsrc/mail/thunderbird/patches: patch-bt
    
    Log Message:
    Use __va_copy instead of va_copy for NetBSD.  This is needed on gcc 3.4=
    
    since the build use -ansi that in turn makes gcc 3.4 modify its pre-
    defined symbols in such a way that va_copy is not defined.
    ---
    Module Name:    pkgsrc
    Committed By:   taya
    Date:           Sun Nov 14 23:38:20 UTC 2004
    
    Modified Files:
            pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST dist=
    info
            pkgsrc/mail/thunderbird-gtk2: PLIST
    
    Log Message:
    Update thunderbird & thunderbird-gtk2 to 0.9
    
    Here are the highlights for this Thunderbird release:
    
    * Saved Search Folders
    - Saved Search Folders display messages based on previously set search
    criteria. For example, instead of filtering messages into a new
    folder, you could create a Saved Search Folder that lists all the
    messages received from a certain person over the past 30 days, even if
    those messages are stored in different folders and subfolders.
    
    * Message Grouping
    - You can now group messages in a folder by attributes such as date,
    sender, priority or a custom label. For instance, a folder grouped by
    date will group messages from today, yesterday, last week, etc. into
    self-contained groups in the message list pane. (View > Sort By >
    Grouped By Sort)
    
    * Other New Features
    - Messages with attachments now get marked as such in the message list
    pane immediately and not when the message is displayed.
    
    - Improvements to Thunderbird's Global Inbox support for POP3 users.
    
    - The new quick search bar introduced in 0.8 now features a clear
    button when search text is present inside the quick search box.
    
    - Fixed a regression introduced in 0.8 where a user could not change
    the local folder path in the Account Manager.
    
    - Improved offline support including fixes for common offline-related
    problems.
    
    - Improved privacy controls block remote content in e-mail messages
    from senders not in your address book.
    
    - Long file attachment names are no longer truncated in the message
    pane.
    
    - Bug fixes too numerous to mention!
  5. 149.

    snj authored
  6. Pullup ticket 149 - requested by Lubomir Sedlacik

    snj authored
    win32-codecs update
    
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Tue Nov  9 10:05:49 UTC 2004
    
    Modified Files:
            pkgsrc/multimedia/win32-codecs: Makefile distinfo
    
    Log Message:
    Update windows-all, the old distfile no longer available.  *sigh*
    ---
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Tue Nov  9 10:12:38 UTC 2004
    
    Modified Files:
            pkgsrc/multimedia/win32-codecs: PLIST
    
    Log Message:
    Might as well just commit the PLIST changes too..
    ---
    Module Name:    pkgsrc
    Committed By:   grant
    Date:           Sat Nov 13 07:33:52 UTC 2004
    
    Modified Files:
            pkgsrc/multimedia/win32-codecs: Makefile
    
    Log Message:
    this has no build or configure phase.
  7. #141

    salo authored
  8. Pullup ticket 141 - requested by David Brownlee

    salo authored
    security fix for apache
    
            Module Name:	pkgsrc
            Committed By:	tron
            Date:		Mon Oct 25 08:44:16 UTC 2004
    
            Modified Files:
            	pkgsrc/www/apache: Makefile PLIST distinfo
            Removed Files:
            	pkgsrc/www/apache/patches: patch-ap
    
            Log Message:
            Update "apache" package to version 1.3.32. Changes since version 1.3.31:
            - mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
              [michael teitler <michael.teitler cetelem.fr>,
               Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
            - mod_rewrite: Fix 0 bytes write into random memory position.
              PR 31036. [André Malo]
            - mod_digest: Fix nonce string calculation since 1.3.31 which
              would force re-authentication for every connection if
              AuthDigestRealmSeed was not configured.  PR 30920.  [Joe Orton]
            - Trigger an error when a LoadModule directive attempts to
              load a module which is built-in.  This is a common error when
              switching from a DSO build to a static build.
              [Jeff Trawick, Geoffrey Young]
            - Fix trivial bug in mod_log_forensic that caused the child
              to seg fault when certain invalid requests were fired at it with
              forensic logging is enabled.  PR 29313.
              [Will Slater <Will Slater orbisuk.com>]
            - Fix memory leak in the cache handling of mod_rewrite. PR 27862.
              [chunyan sheng <shengperson yahoo.com>, André Malo]
            - mod_rewrite no longer confuses the RewriteMap caches if
              different maps defined in different virtual hosts use the
              same map name. PR 26462.  [André Malo]
            - mod_setenvif: Remove "support" for Remote_User variable which
              never worked at all. PR 25725.  [André Malo]
            - mod_usertrack: Escape the cookie name before pasting into the
              regexp.  [André Malo]
            - Win32: Improve error reporting after a failed attempt to spawn a
              piped log process or rewrite map process.  [Jeff Trawick]
            - SECURITY: CAN-2004-0492 (cve.mitre.org)
              Reject responses from a remote server if sent an invalid (negative)
              Content-Length.  [Mark Cox]
            - Fix a bunch of cases where the return code of the regex compiler
              was not checked properly. This affects mod_usertrack and
              core. PR 28218.  [André Malo]
            - No longer breaks mod_dav, frontpage and others.  Repair a patch
              in 1.3.31 which prevented discarding the request body for requests
              that will be keptalive but are not currently keptalive. PR 29237.
              [Jim Jagielski, Rasmus Lerdorf]
            - COMPATIBILITY: Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT.
              It controls how UseCanonicalName Off determines the port value if
              the client doesn't provide one in the Host header. If defined during
              compilation, UseCanonicalName Off will use the physical port number to
              generate the canonical name. If not defined, it tries the current Port
              value followed by the default port for the current scheme.
              [Jim Jagielski]
    ---
            Module Name:	pkgsrc
            Committed By:	abs
            Date:		Fri Oct 29 13:48:31 UTC 2004
    
            Modified Files:
            	pkgsrc/www/apache: Makefile distinfo
            	pkgsrc/www/apache/patches: patch-aa patch-ab patch-ac patch-ad
                        patch-ae patch-af patch-ag patch-ah patch-ai patch-aj
                        patch-ak patch-am patch-ao
            Removed Files:
            	pkgsrc/www/apache/patches: patch-al
    
            Log Message:
            Update apache to 1.3.33
    
            The main security vulnerabilities addressed in 1.3.33 are:
    
                * CAN-2004-0940 (cve.mitre.org)
                  Fix potential buffer overflow with escaped characters in SSI
                  tag string.
                * CAN-2004-0492 (cve.mitre.org)
                  Reject responses from a remote server if sent an invalid
                  (negative) Content-Length.
    
            New features
    
                * Win32: Improve error reporting after a failed attempt to
                  spawn a piped log process or rewrite map process.
                * Added new compile-time flag: UCN_OFF_HONOR_PHYSICAL_PORT. It
                  controls how UseCanonicalName Off determines the port value if
                  the client doesn't provide one in the Host header. If defined
                  during compilation, UseCanonicalName Off will use the physical
                  port number to generate the canonical name. If not defined, it
                  tries the current Port value followed by the default port for
                  the current scheme.
    
            The following bugs were found in Apache 1.3.31 (or earlier) and
            have been fixed in Apache 1.3.33:
    
                * mod_rewrite: Fix query string handling for proxied URLs.
                  PR 14518.
                * mod_rewrite: Fix 0 bytes write into random memory position.
                  PR 31036.
                * mod_digest: Fix nonce string calculation since 1.3.31 which
                  would force re-authentication for every connection if
                  AuthDigestRealmSeed was not configured. PR 30920.
                * Fix trivial bug in mod_log_forensic that caused the child to
                  seg fault when certain invalid requests were fired at it with
                  forensic logging is enabled. PR 29313.
                * No longer breaks mod_dav, frontpage and others. Repair a
                  patch in 1.3.31 which prevented discarding the request body
                  for requests that will be keptalive but are not currently
                  keptalive. PR 29237.
    ---
            Module Name:	pkgsrc
            Committed By:	salo
            Date:		Mon Nov 15 19:13:41 UTC 2004
    
            Modified Files:
            	pkgsrc/www/apache/patches: patch-ai
    
            Log Message:
            Revert rev 1.9, do not expand @INSTALL@, it's done in post-patch.
            (hi abs!)
    ---
            Module Name:	pkgsrc
            Committed By:	tron
            Date:		Tue Nov 16 08:23:45 UTC 2004
    
            Modified Files:
            	pkgsrc/www/apache: distinfo
    
            Log Message:
            Regen after "patch-ai" was changed. (hi salo!)
Commits on Nov 30, 2004
  1. #139

    salo authored
  2. Pullup ticket 139 - requested by Thomas Klausner

    salo authored
    security fixes for mozilla and firefox
    
            Module Name:    pkgsrc
            Committed By:   grant
            Date:           Mon Oct  4 11:52:09 UTC 2004
    
            Modified Files:
                    pkgsrc/www/mozilla: distinfo
    
            Log Message:
            bring across a patch in Firefox for using thread-safe resolver
            library functions on NetBSD >=2.0F.
    ---
            Module Name:    pkgsrc
            Committed By:   grant
            Date:           Mon Oct  4 11:52:45 UTC 2004
    
            Modified Files:
                    pkgsrc/www/mozilla/patches: patch-br
    
            Log Message:
            bring across a patch in Firefox for using thread-safe resolver
            library functions on NetBSD >=2.0F.
    ---
            Module Name:    pkgsrc
            Committed By:   sekiya
            Date:           Mon Oct 25 13:02:15 UTC 2004
    
            Modified Files:
                    pkgsrc/www/mozilla: Makefile.common distinfo
                    pkgsrc/www/mozilla/patches: patch-bt
    
            Log Message:
            Force gcc34 and use the right varargs macro for amd64.  Mozilla
            (and its derivatives) now appears to work properly on amd64.
    
            Patches from Nicholas Joly.
    ---
            Module Name:    pkgsrc
            Committed By:   jmmv
            Date:           Mon Oct 25 18:06:26 UTC 2004
    
            Modified Files:
                    pkgsrc/www/mozilla: Makefile Makefile.common PLIST
                    pkgsrc/www/mozilla-gtk2: Makefile PLIST
                    pkgsrc/www/mozilla/files: moz-install
    
            Log Message:
            Modify mozilla and mozilla-gtk2 to install several additional headers.
            More specifically, this lets Mozilla NSS be used by other programs.
    
            Also make the pkgconfig substitutions happen at post-build time, so
            that the right rpaths are added to the mozilla-nspr.pc file (which is
            filled in during the build).
    
            Bump PKGREVISION to 1 for both packages.  Ok'ed by taya@, the
            maintainer.
    ---
            Module Name:    pkgsrc
            Committed By:   wiz
            Date:           Fri Nov 12 02:11:22 UTC 2004
    
            Modified Files:
                    pkgsrc/www/mozilla: Makefile distinfo
                    pkgsrc/www/mozilla-gtk2: Makefile
            Added Files:
                    pkgsrc/www/mozilla/patches: patch-bj
    
            Log Message:
            Update mozilla and mozilla-gtk2 to 1.7.3nb2 with a security fix
            from mozilla CVS.
    ---
            Module Name:    pkgsrc
            Committed By:   kristerw
            Date:           Mon Nov  1 18:07:24 UTC 2004
    
            Modified Files:
                    pkgsrc/www/firefox: distinfo
                    pkgsrc/www/firefox/patches: patch-bt
    
            Log Message:
            Use __va_copy instead of va_copy for NetBSD.  This is needed on gcc
            3.4 since the build use -ansi that in turn makes gcc 3.4 modify its
            predefined symbols in such a way that va_copy is not defined.
    ---
            Module Name:    pkgsrc
            Committed By:   xtraeme
            Date:           Tue Nov  9 20:10:14 UTC 2004
    
            Modified Files:
                    pkgsrc/www/firefox: Makefile-firefox.common PLIST distinfo
                    pkgsrc/www/firefox-gtk2: PLIST
    
            Log Message:
            Update firefox and firefox-gtk2 to 1.0.
    
            This is a bugfix release, to fix the problems reported in Preview
            Releases, etc.
    ---
            Module Name:    pkgsrc
            Committed By:   taya
            Date:           Wed Nov 10 14:38:45 UTC 2004
    
            Modified Files:
                    pkgsrc/www/firefox: Makefile-firefox.common PLIST
    
            Log Message:
            - correct path of mirror site
            - add some missing files to PLIST
    ---
            Module Name:    pkgsrc
            Committed By:   taya
            Date:           Wed Nov 10 14:40:24 UTC 2004
    
            Modified Files:
                    pkgsrc/www/firefox-gtk2: PLIST
    
            Log Message:
            add some missing files to PLIST
    ---
            Module Name:    pkgsrc
            Committed By:   taya
            Date:           Sat Nov 13 07:03:08 UTC 2004
    
            Modified Files:
                    pkgsrc/www/firefox: Makefile-firefox.common PLIST
    
            Log Message:
            remove typeahead extension that confilicts with buildin typeahead
            component.
            fix pkg/28164.
            bump PKGREVISION
    ---
            Module Name:    pkgsrc
            Committed By:   taya
            Date:           Sat Nov 13 08:57:54 UTC 2004
    
            Modified Files:
                    pkgsrc/www/firefox-gtk2: PLIST
    
            Log Message:
            remove typeahead extension
  3. #159

    salo authored
  4. Pullup ticket 159 - requested by Havard Eidnes

    salo authored
    security fix for libxml2
    
            Module Name:    pkgsrc
            Committed By:   xtraeme
            Date:           Thu Oct 21 05:28:17 UTC 2004
    
            Modified Files:
                    pkgsrc/doc: CHANGES TODO
                    pkgsrc/textproc/libxml2: Makefile distinfo
    
            Log Message:
            Update textproc/libxml2 to 2.6.14, this is a bugfix release.
    ---
            Module Name:    pkgsrc
            Committed By:   recht
            Date:           Sun Oct 31 10:40:51 UTC 2004
    
            Modified Files:
                    pkgsrc/textproc/libxml2: Makefile buildlink3.mk distinfo
                    pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
    
            Log Message:
            update to libxml2-2.6.15
    
            changes:
    
            * security fixes on the nanoftp and nanohttp modules
            For details see:
            http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
    
            * build fixes:
              - xmllint detection bug in configure
              - building outside the source tree (Thomas Fitzsimmons)
            * bug fixes:
              - HTML parser on broken ASCII chars in names (William)
              - Python paths (Malcolm Tredinnick)
              - xmlHasNsProp and default namespace (William)
              - saving to python file objects (Malcolm Tredinnick)
              - DTD lookup fix (Malcolm)
              - save back <group> in catalogs (William)
              - tree build fixes (DV and Rob Richards)
              - Schemas memory bug
              - structured error handler on Python 64bits
              - thread local memory deallocation
              - memory leak reported by Volker Roth
              - xmlValidateDtd in the presence of an internal subset
              - entities and _private problem (William)
              - xmlBuildRelativeURI error (William).
            * improvements:
              - better XInclude error reports (William)
              - tree debugging module and tests
              - convenience functions at the Reader API (Graham Bennett)
              - add support for PI in the HTML parser.
    
            Update BUILDLINK_RECOMMENDED to 2.6.15 for the security fix.
    ---
            Module Name:    pkgsrc
            Committed By:   minskim
            Date:           Wed Nov  3 16:41:56 UTC 2004
    
            Modified Files:
                    pkgsrc/textproc/py-libxml2: Makefile distinfo
    
            Log Message:
            Sync with libxml2-2.6.15.
    
            Changes since 2.6.12:
               - saving to python file objects (Malcolm Tredinnick)
               - structured error handler on Python 64bits
               - Python space/tabs cleanups
               - Python libxml2 driver improvement
    ---
            Module Name:    pkgsrc
            Committed By:   recht
            Date:           Thu Nov 11 21:01:15 UTC 2004
    
            Modified Files:
                    pkgsrc/textproc/libxml2: Makefile distinfo
                    pkgsrc/textproc/libxml2/patches: patch-aa patch-ab
    
            Log Message:
            update to 2.6.16
    
            2.6.16: Nov 10 2004:
               - general hardening and bug fixing crossing all the API based on
                 new automated regression testing
               - build fix: IPv6 build and test on AIX (Dodji Seketeli)
               - bug fixes: problem with XML::Libxml reported by Petr Pajas,
                 encoding conversion functions return values, UTF-8 bug affecting
                 XPath reported by Markus Bertheau, catalog problem with NULL
                 entries (William Brack)
               - documentation: fix to xmllint man page, some API function
                 descritpion were updated.
               - improvements: DTD validation APIs provided at the Python level
                 (Brent Hendricks)
    ---
            Module Name:    pkgsrc
            Committed By:   minskim
            Date:           Thu Nov 25 18:37:43 UTC 2004
    
            Modified Files:
                    pkgsrc/textproc/py-libxml2: Makefile distinfo
                    pkgsrc/textproc/py-libxml2/patches: patch-aa
    
            Log Message:
            Update py-libxml2 to 2.6.16.
    
            Changes:
              - improvements: DTD validation APIs provided at the Python level.
Commits on Nov 28, 2004
  1. #155

    snj authored
  2. Pullup ticket 155 - requested by Havard Eidnes

    snj authored
    remove gnats4 package
    
    "The gnats4 pkg has been superseced by the gnats pkg."
  3. Pullup ticket 155 - requested by Havard Eidnes

    snj authored
    security fix for gnats
    
    Module Name:    pkgsrc
    Committed By:   soren
    Date:           Wed Nov 10 21:34:46 UTC 2004
    
    Modified Files:
            pkgsrc/databases/gnats: DESCR MESSAGE Makefile PLIST distinfo
            pkgsrc/databases/gnats/patches: patch-aa patch-ab
    Removed Files:
            pkgsrc/databases/gnats/patches: patch-ac patch-ad patch-ae patch-af
                patch-ag
    
    Log Message:
    Update using the databases/gnats4 package. gnats3 has numerous security
    problems and is no longer supported.
    ---
    Module Name:    pkgsrc
    Committed By:   soren
    Date:           Sun Nov 14 10:59:58 UTC 2004
    
    Modified Files:
            pkgsrc/databases/gnats: Makefile PLIST distinfo
    
    Log Message:
    Update to gnats 4.0.1.
    Fixes vulnerabilities described in
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0623 .
Commits on Nov 27, 2004
  1. #160

    salo authored
  2. Pullup ticket 160 - requested by Thomas Klausner

    salo authored
    remove apache6 package
    
    removed from -current because of too many vulnerabilities and no newer
    version available (people are expected to switch to apache2).
  3. #158

    salo authored
  4. Pullup ticket 158 - requested by Quentin Garnier

    salo authored
    security fix for sudo
    
            Module Name:	pkgsrc
            Committed By:	cube
            Date:		Fri Nov 26 16:23:57 UTC 2004
    
            Modified Files:
            	pkgsrc/security/sudo: Makefile distinfo
    
            Log Message:
            sudo is nominated for crapware of the year.  Now at version 1.6.8pl4!
    
            Just as for pl2, changes are about environment sanitizing, meaning
            there are possible security issues with current versions.
    
            Changes:
    
            550) The CDPATH variable is now stripped from the environment passed
                 to the program to be executed.
            551) Fix temp file generation on systems where the _PATH_VARTMP macro
                 lacks a trailing slash.
            552) The KRB5CCNAME environment variable is preserved during sudo
                 execution for password lookups that use GSSAPI.
  5. #148

    salo authored
  6. Pullup ticket 148 - requested by Jan Schaumann

    salo authored
    security fix for sun-jdk13 and sun-jre13
    
            Module Name:	pkgsrc
            Committed By:	jschauma
            Date:		Tue Nov 23 16:56:33 UTC 2004
    
            Modified Files:
            	pkgsrc/lang/sun-jdk13: Makefile distinfo
            	pkgsrc/lang/sun-jre13: Makefile distinfo
    
            Log Message:
            Update to version 1.3.1_13.
            Addresses security issue
              http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
    
            Changes since _12 according to
              http://java.sun.com/j2se/1.3/ReleaseNotes.html
    
            Can't display localized exception messages of the native method
            correctly java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
Commits on Nov 26, 2004
  1. #119

    snj authored
  2. Pullup ticket 119 - requested by Jeremy C. Reed

    snj authored
    security fix for apache2
    
    Module Name:	pkgsrc
    Committed By:	reed
    Date:		Sat Oct  2 15:47:03 UTC 2004
    
    Modified Files:
    	pkgsrc/devel/apr: distinfo
    	pkgsrc/www/apache2: Makefile Makefile.common distinfo
    Removed Files:
    	pkgsrc/www/apache2/patches: patch-ab
    
    Log Message:
    Update apache to apache-2.0.52.
    
    Also added comment to www/apache2/Makefile.common to remind to
    update checksum in devel/apr also.
    
    No actual devel/apr changes seen.
    
    Also removed www/apache2/patches/patch-ab because it is identical to
    fix for security in new version.
    
    Changes with Apache 2.0.52
      *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
      *) Fix the global mutex crash when the global mutex is never allocated
         due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
      *) Fix a segfault in the LDAP cache when it is configured switched
         off. [Jess Holle <jessh ptc.com>]
      *) SECURITY: CAN-2004-0811 (cve.mitre.org)
         Fix merging of the Satisfy directive, which was applied to
         the surrounding context and could allow access despite configured
         authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
      *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
         is enabled.  Previously, such urls would still be rejected.
         [Jeff Trawick, Bill Stoddard]
      *) mod_mem_cache: Fixed race condition causing segfault because of memory being
         freed twice, or reused after being freed.
         [J. Clar, W. Stoddard, G. Ames]
      *) Add -l option to rotatelogs to let it use local time rather than
         UTC.  PR 24417.  [Ken Coar, Uli Zappe <uli ritual.org>]
      *) mod_log_config: Fix a bug which prevented request completion time
         from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
         processing.  PR 29696.  [Alois Treindl <alois astro.ch>]
    ---
    Module Name:	pkgsrc
    Committed By:	reed
    Date:		Sat Oct  2 16:38:38 UTC 2004
    
    Modified Files:
    	pkgsrc/www/apache2: Makefile PLIST
    
    Log Message:
    Sort the share/httpd/manual entries in the PLIST.
    
    Added 35 share/httpd/manual entries to PLIST. Most are .ko.euc-kr,
    .ko, ja.euc-jp, and .ja files.
    
    I don't know when these were added.
    
    Bump PKGREVISION because now package has several more files.
Commits on Nov 25, 2004
  1. #150

    snj authored
  2. Pullup ticket 150 - requested by Dieter Baron

    snj authored
    security fix for xpdf
    
    Module Name:    pkgsrc
    Committed By:   dillo
    Date:           Thu Nov 25 13:20:36 UTC 2004
    
    Modified Files:
            pkgsrc/print/xpdf: Makefile distinfo
    
    Log Message:
    update to 3.00.1 (pl1): fix various buffer overflows
    ---
    Module Name:    pkgsrc
    Committed By:   dillo
    Date:           Thu Nov 25 13:26:16 UTC 2004
    
    Modified Files:
            pkgsrc/print/xpdf: Makefile
    
    Log Message:
    on second thought, let's call it pl1, as was done before
Commits on Nov 24, 2004
  1. #147

    salo authored
  2. Pullup ticket 147 - requested by Julio M. Merino Vidal

    salo authored
    security fix for libxml
    
            Module Name:	pkgsrc
            Committed By:	jmmv
            Date:		Sat Nov 20 22:07:49 UTC 2004
    
            Modified Files:
            	pkgsrc/textproc/libxml: Makefile buildlink3.mk distinfo
            Added Files:
            	pkgsrc/textproc/libxml/patches: patch-ad patch-ae
    
            Log Message:
            Backport security fixes (in the nanohttp and the nanoftp modules)
            from libxml2 (several buffer overflows).  Bump PKGREVISION to 3.
Commits on Nov 19, 2004
  1. #143

    salo authored
  2. Pullup ticket 143 - requested by Takahiro Kambe

    salo authored
    security and usability fixes for ja-squirrelmail
    
            Module Name:	pkgsrc
            Committed By:	taca
            Date:		Wed Oct 20 14:38:58 UTC 2004
    
            Modified Files:
            	pkgsrc/mail/ja-squirrelmail: Makefile distinfo
    
            Log Message:
            Update ja-squirrelmail to 20041014 release (1.4.3a-ja-20041014).
    
            Fix these bugs..
    
            (1) A problem with displaying mails in Japanese unless they are specified
                charset to ISO-2022-JP in Content-Type header;
    
            	- encoded with euc-JP or Shift_JIS
            	- encoded with ISO-2022-JP but no Content-Type header
    
            (2) A problem with replying to a mail with HTML format.
    
            Bump package revision.
    ---
            Module Name:	pkgsrc
            Committed By:	taca
            Date:		Tue Nov 16 11:51:16 UTC 2004
    
            Modified Files:
            	pkgsrc/mail/ja-squirrelmail: Makefile distinfo
    
            Log Message:
            Apply XSS patch:
    
            	http://article.gmane.org/gmane.mail.squirrelmail.user/21169
    
            Bump package revision.
Something went wrong with that request. Please try again.