security fix for gaim Patch provided by submitter. version 1.1.4 (2/24/2005): * Fixed a bug where Yahoo! would lose messages (and any other packet really) * Correctly show the time when incoming Gadu-Gadu messages were sent (Carl-Daniel Hailfinger) * Fixed crashes with glib 2.6 * Fixed MSN crash when conversations time out after the conversation window was closed * Fixed an html parsing bug, CAN-2005-0208 version 1.1.3 (2/17/2005): * CHAP authentication support for SOCKS5 proxies (Malcolm Smith) * ICQ offline messages are sent using your specified character set instead of Unicode (Magnus Hult) * MSN HTTP method works with proxies using authentication (Bastien Durel) * Really fix the bug where buddies show as logged in for 49 thousand days * Buddy pounces containing '&' are saved correctly * Improved MSN error handling when the servers are unavailable * More MSN bug fixes * Fix some leaks * Fix "Find" in the log viewer so that it finds in all logs * Smileys not appearing at the end of lines has been fixed * Closing conversation windows no longer cancels active file transfers on MSN (Felipe Contreras) version 1.1.2 (1/20/2005): * MSN 'HTTP Method' fixed (Felipe Contreras) * Better handling of MSN's Individuals group and buddy status updates (Felipe Contreras) * Fix a crash inviting MSN user to a chat when they're already there * AIM SecurID login support * Fix configuration of Jabber chat rooms on some servers * More MSN bug fixes (Felipe Contreras) * Fix queue messages to Docklet when not globally away (Robert McQueen) * Fix some leaks * The Autopackage now builds both the mozilla-nss and the gnutls ssl plugins, and requires at least one of those libraries. version 1.1.1 (12/28/2004): * Allow SILC authentication via public key if your key is password protected (Michele Baldessari) * More MSN bug fixes (Felipe Contreras) * Drag-and-drop to conversation window file transfers work again * Disable the delete button on pounces that aren't saved yet anyway (Kevin Stange)
security fix for ethereal Revisions pulled up: - pkgsrc/net/ethereal/Makefile 1.104,1.105 - pkgsrc/net/ethereal/PLIST 1.20 - pkgsrc/net/ethereal/distinfo 1.36 - pkgsrc/net/ethereal/patches/patch-aa removed - pkgsrc/net/ethereal/patches/patch-ab removed Module Name: pkgsrc Committed By: salo Date: Mon Mar 14 15:09:28 UTC 2005 Modified Files: pkgsrc/net/ethereal: Makefile PLIST distinfo Removed Files: pkgsrc/net/ethereal/patches: patch-aa patch-ab Log Message: Update to version 0.10.10 This release fixes three security and stability-related issues: - Matevz Pustisek discovered a buffer overflow in the Etheric dissector. (CAN-2005-0704) - The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. (CAN-2005-0705) - Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This flaw was later reported by Leon Juranic. (CAN-2005-0699) - Leon Juranic discovered a buffer overflow in the IAPP dissector. - A bug in the JXTA dissector could make Ethereal crash. - A bug in the sFlow dissector could make Ethereal crash. Everyone is encouraged to upgrade. New and updated features: ========================= - Tree view item context menus now let you browse to the display filter reference and wiki pages for a particular protocol. - Online help has been expanded. - VoIP call analysis (including nifty connection diagrams) has been added. - GSS-API decryption has been greatly enhanced. New protocol support: ===================== AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol, Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP Updated protocol support: ========================= 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2, DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella, GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ, IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper, JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID, PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP, SPNEGO, SSL, STUN, TCAP, TCP, TZSP New and updated capture file support: ===================================== DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback) --- Module Name: pkgsrc Committed By: tron Date: Mon Mar 14 15:34:57 UTC 2005 Modified Files: pkgsrc/net/ethereal: Makefile Log Message: Remove unnecessary "post-patch" target".
security fix for lesstif Revisions pulled up: - pkgsrc/x11/lesstif/Makefile 1.77,1.78 - pkgsrc/x11/lesstif/buildlink3.mk 1.4 - pkgsrc/x11/lesstif/distinfo 1.11,1.13 - pkgsrc/x11/lesstif/PLIST 1.9 - pkgsrc/x11/lesstif/patches/patch-ab 1.16 - pkgsrc/x11/lesstif/patches/patch-ac 1.17 Module Name: pkgsrc Committed By: adam Date: Wed Jan 5 11:16:38 UTC 2005 Modified Files: pkgsrc/x11/lesstif: Makefile distinfo Log Message: Changes 0.94.0: * XPM security fixes * memory leak fixes * other fixes ---- Module Name: pkgsrc Committed By: wiz Date: Thu Mar 10 16:07:16 UTC 2005 Modified Files: pkgsrc/x11/lesstif: PLIST Log Message: Sort. ---- Module Name: pkgsrc Committed By: wiz Date: Thu Mar 10 16:07:27 UTC 2005 Modified Files: pkgsrc/x11/lesstif: Makefile distinfo Added Files: pkgsrc/x11/lesstif/patches: patch-ab patch-ac Log Message: Add patch to fix CAN-2005-0605. Bump PKGREVISION. ---- Module Name: pkgsrc Committed By: salo Date: Fri Mar 11 00:34:19 UTC 2005 Modified Files: pkgsrc/x11/lesstif: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED for security update. (hi wiz!)
security fix for openmotif Revisions pulled up: - pkgsrc/x11/openmotif/Makefile 1.32 - pkgsrc/x11/openmotif/distinfo 1.16 - pkgsrc/x11/openmotif/patches/patch-bi 1.2 Module Name: pkgsrc Committed By: wiz Date: Thu Mar 10 16:00:32 UTC 2005 Modified Files: pkgsrc/x11/openmotif: Makefile distinfo pkgsrc/x11/openmotif/patches: patch-bi Log Message: Add patch to fix CAN-2005-0605. Bump PKGREVISION.
security fix for xpm Revisions pulled up: - pkgsrc/graphics/xpm/Makefile 1.39 - pkgsrc/graphics/xpm/distinfo 1.12 - pkgsrc/graphics/xpm/patches/patch-ak 1.2 Module Name: pkgsrc Committed By: wiz Date: Thu Mar 10 15:23:10 UTC 2005 Modified Files: pkgsrc/graphics/xpm: Makefile distinfo pkgsrc/graphics/xpm/patches: patch-ak Log Message: Add patch to fix CAN-2005-0605. Bump PKGREVISION.
security fix for libexif Revisions pulled up: - pkgsrc/graphics/libexif/Makefile 1.22 - pkgsrc/graphics/libexif/buildlink3.mk 1.6 - pkgsrc/graphics/libexif/distinfo 1.12 - pkgsrc/graphics/libexif/patches/patch-ab 1.1 Module Name: pkgsrc Committed By: adam Date: Thu Mar 10 19:22:22 UTC 2005 Modified Files: pkgsrc/graphics/libexif: distinfo Added Files: pkgsrc/graphics/libexif/patches: patch-ab Log Message: Added a patch to fix buffer overflow: * SECURITY UPDATE: Fix buffer overflow. * libexif/exif-data.c: Add buffer size checks in several places before trying to access it. * Thanks to Sylvain Defresne for spotting this and the patch. * References: https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152 Thanks to wiz@ for heads-up. :) ---- Module Name: pkgsrc Committed By: salo Date: Thu Mar 10 22:21:56 UTC 2005 Modified Files: pkgsrc/graphics/libexif: Makefile buildlink3.mk Log Message: Bump PKGREVISION and BUILDLINK_RECOMMENDED for the security fix. (hi adam!)
security fix for imap-uw Revisions pulled up: - pkgsrc/mail/imap-uw/Makefile 1.88-1.90 - pkgsrc/mail/imap-uw/PLIST 1.9 - pkgsrc/mail/imap-uw/distinfo 1.19 - pkgsrc/mail/imap-uw-utils/DESCR 1.2 - pkgsrc/mail/imap-uw-utils/Makefile 1.20 - pkgsrc/mail/imap-uw-utils/PLIST 1.2 - pkgsrc/mail/imap-uw-utils/distinfo 1.5 Module Name: pkgsrc Committed By: abs Date: Mon Jan 24 09:03:48 UTC 2005 Modified Files: pkgsrc/mail/imap-uw: Makefile distinfo Log Message: Update imap-uw to 2004c1 imap-2004c: fixes to quoted-printable encoding and CRAM-MD5 authentication. NNTP proxy in imapd now supports the LIST and LSUB commands. imap-2004b: There are new ports for Solaris with Blastwave Community Open Source Software (gcs) and Mandrake Linux (lmd). SET_SNARFINTERVAL now controls how frequently local drivers will move new mail from the mail spool as well as from a maildrop. Maildrops are still tied to a minimum interval of 1 minute, but there is now no minimum for the spool file. Character set conversions now map non-breaking space to space if the destination character set doesn't have nbsp. JIS Roman yen sign is now mapped to Unicode yen sign. --- Module Name: pkgsrc Committed By: abs Date: Mon Jan 31 11:38:22 UTC 2005 Modified Files: pkgsrc/mail/imap-uw: Makefile Log Message: fix my previous attempt to clarify a comment at the start --- Module Name: pkgsrc Committed By: adrianp Date: Sat Mar 5 22:01:47 UTC 2005 Modified Files: pkgsrc/mail/imap-uw: Makefile PLIST Log Message: - Fix builds on NetBSD 1.6 due to Kerberos/OpenSSL 0.9.7 issues - Included some utilities in the install that were once a part of the imap-uw-utils package but are now a part of this package - ok'ed kim@ --- Module Name: pkgsrc Committed By: adrianp Date: Sun Mar 6 14:37:16 UTC 2005 Modified Files: pkgsrc/mail/imap-uw-utils: DESCR Makefile PLIST distinfo Log Message: - Update to 20050108 to avoid conflicts with imap-uw package - Issue spotted by diro (at) nixsys.bz in PR #28966 This distribution now contains two unsupported programs, icat and ifrom, which may be of use to some sites. The old chkmail, imapcopy, imapxfer, mbxcopy, mbxcreat, and mbxcvt programs have been replaced with the mailutil program, which is included in the mail/imap-uw package. The dmail, mlock, and tmail programs are also bundled in the mail/imap-uw package.
security fix for ethereal Revisions pulled up: - pkgsrc/net/ethereal/Makefile 1.103 - pkgsrc/net/ethereal/distinfo 1.33, 1.35 - pkgsrc/net/ethereal/patches/patch-aa 1.11 - pkgsrc/net/ethereal/patches/patch-ab 1.3 Module Name: pkgsrc Committed By: salo Date: Mon Jan 31 22:53:54 UTC 2005 Modified Files: pkgsrc/net/ethereal: distinfo Added Files: pkgsrc/net/ethereal/patches: patch-aa Log Message: Remove attributes in prototype for unnamed pointers. ethereal svn version is laready fixed. From PR pkg/29065 by Greg A. Woods. --- Module Name: pkgsrc Committed By: tron Date: Thu Mar 10 10:05:33 UTC 2005 Modified Files: pkgsrc/net/ethereal: Makefile distinfo Added Files: pkgsrc/net/ethereal/patches: patch-ab Log Message: Fix security vulernability in dissector for CDMA2000 A11 packets. Bump package revision.
security fix for squid Revisions pulled up: - pkgsrc/www/squid/Makefile 1.139 - pkgsrc/www/squid/distinfo 1.86 Module Name: pkgsrc Committed By: taca Date: Sun Mar 6 13:30:49 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo Log Message: Update squid to 2.5.9nb1. * 2005-03-04 22:48 (Cosmetic Security) Unexpected access control results on configuration errors * 2005-03-04 11:55 (Minor) Links in FTP listings without / fails due to missing BASE HREF * 2005-03-04 11:55 (Minor) Fails to parse the EPLF FTP directory format * 2005-03-03 02:26 (Minor Security) Race condition related to Set-Cookie header
security fix for mailman Revisions pulled up: - pkgsrc/mail/mailman/Makefile 1.21 - pkgsrc/mail/mailman/PLIST 1.6 - pkgsrc/mail/mailman/distinfo 1.7 - pkgsrc/mail/mailman/patches/patch-ac 1.3 Module Name: pkgsrc Committed By: kim Date: Wed Mar 2 21:09:56 UTC 2005 Modified Files: pkgsrc/mail/mailman: Makefile PLIST distinfo pkgsrc/mail/mailman/patches: patch-ac Log Message: Upgrade to 2.1.5 due to security issues: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143
to lack of one :). Will need to be revisited.
security fix for cups Revisions pulled up: - pkgsrc/print/cups/Makefile 1.90 - pkgsrc/print/cups/distinfo 1.31 - pkgsrc/print/cups/patches/patch-au 1.4 - pkgsrc/print/cups/patches/patch-av 1.3 Module Name: pkgsrc Committed By: drochner Date: Wed Mar 2 18:33:02 UTC 2005 Modified Files: pkgsrc/print/cups: Makefile distinfo pkgsrc/print/cups/patches: patch-au Added Files: pkgsrc/print/cups/patches: patch-av Log Message: Fix CAN-2005-0206: An overflow check introduced earlier (for CAN-2004-0888) was never triggered on 64-bit systems because 64-bit arithmetics was used there. Sprinkle some casts to int su that the overflow can happen. This fix is similar to the redhat one. The fix for similar code in print/teTeX-bin looks much cleaner, but since cups already contains the wrong redhad fix, I've chosen to stay close to the original. bump PKGREVISION
security fix for gftp Revisions pulled up: - pkgsrc/net/gftp/DESCR 1.3 - pkgsrc/net/gftp/Makefile.common 1.8 - pkgsrc/net/gftp/PLIST 1.9 - pkgsrc/net/gftp/distinfo 1.8-1.9 - pkgsrc/net/gftp/patches/patch-aa 1.3 - pkgsrc/net/gftp/patches/patch-ab 1.5 - pkgsrc/net/gftp/patches/patch-ac 1.1 - pkgsrc/net/gftp/patches/patch-ad 1.1 - pkgsrc/net/gftp-gtk1/DESCR 1.2 - pkgsrc/net/gftp-gtk1/Makefile 1.7 Module Name: pkgsrc Committed By: tron Date: Wed Mar 2 14:36:53 UTC 2005 Modified Files: pkgsrc/net/gftp: DESCR Makefile.common PLIST distinfo pkgsrc/net/gftp-gtk1: DESCR Added Files: pkgsrc/net/gftp/patches: patch-aa patch-ab Log Message: Update "gftp" and "gftp-gtk1" package to version 2.0.18. Changes since version 2.0.17: - Added support for the FSP protocol (http://fsp.sourceforge.net/) - SSH2: Fixed segfault that could occur when renaming a file (bug introduced in 2.0.18rc1) - SSH2: Fixes for parsing the directory listing from the commercial SSH server - FTP: added pasv_behind_router option. If this is enabled, then the IP address that is in the PASV response will be ignored. Instead the IP address of the remote host will be used - FTP: removed the quote filename functionality in the SITE CHMOD and SITE UTIME commands - Chmod: Fixes for setting the group execute bit (bug introduced in 2.0.18rc1) - Fixes so that the text port will prompt you for your password when a URL is entered on the command line - In the text port, convert the string from UTF8 to the users' current locale before it is displayed - Fixes for when the host system does not have getaddrinfo() (bug introduced in 2.0.18rc1) - Rewrote and improved the URL parser so that the :, @ characters are allowed in directories and passwords - Security Fix: Ignore the file paths that are returned by the remote server - FreeBSD and HP/UX fixes - GNOME HIG fixes - Many other small changes and improvements. See the ChangeLog file in the distribution for a detailed list of changes. - Updated language translations (cs de en_CA en_GB es hu nl zh_CN) --- Module Name: pkgsrc Committed By: tron Date: Wed Mar 2 20:43:21 UTC 2005 Modified Files: pkgsrc/net/gftp: distinfo pkgsrc/net/gftp-gtk1: Makefile Added Files: pkgsrc/net/gftp/patches: patch-ac patch-ad Log Message: Fix build problems in "gftp-gtk1" package caused by update to version 2.0.18.
distfile update for unzip Revisions pulled up: - pkgsrc/archivers/unzip/Makefile 1.53 - pkgsrc/archivers/unzip/distinfo 1.13 Module Name: pkgsrc Committed By: salo Date: Tue Mar 1 07:45:28 UTC 2005 Modified Files: pkgsrc/archivers/unzip: Makefile distinfo Log Message: Distfile changed after one day.. grrrrrrr. Relevant change, +5.52 (28 Feb 05): + - win32/win32.c - defer_dir_attribs(): fixed critical "mem-access to + nirwana" bug when processing directory entries without any local + extra field; added some explaining comments
security fix for wu-ftpd Revisions pulled up: - pkgsrc/net/wu-ftpd/Makefile 1.26 - pkgsrc/net/wu-ftpd/distinfo 1.13 - pkgsrc/net/wu-ftpd/patches/patch-ak 1.4 Module Name: pkgsrc Committed By: wiz Date: Tue Mar 1 16:06:37 UTC 2005 Modified Files: pkgsrc/net/wu-ftpd: Makefile distinfo Added Files: pkgsrc/net/wu-ftpd/patches: patch-ak Log Message: Apply patch from Rainer Schoepf in http://marc.theaimsgroup.com/?l=bugtraq&m=110960890901497&w=2 to fix http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities Bump PKGREVISION.
security fix for unace Revisions pulled up: - pkgsrc/archivers/unace/Makefile 1.14 - pkgsrc/archivers/unace/distinfo 1.6 - pkgsrc/archivers/unace/patches/patch-ad 1.2 - pkgsrc/archivers/unace/patches/patch-ae 1.1 - pkgsrc/archivers/unace/patches/patch-af 1.1 Module Name: pkgsrc Committed By: wiz Date: Tue Mar 1 14:53:41 UTC 2005 Modified Files: pkgsrc/archivers/unace: Makefile distinfo pkgsrc/archivers/unace/patches: patch-ad Added Files: pkgsrc/archivers/unace/patches: patch-ae patch-af Log Message: Apply fix for CAN-2005-0160 and CAN-2005-0161. Bump PKGREVISION.