Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jun 13, 2005
  1. 551

    snj authored
  2. Pullup ticket 551 - requested by Lubomir Sedlacik

    snj authored
    security update for libextractor
    
    Revisions pulled up:
    - pkgsrc/devel/libextractor/Makefile		1.7
    - pkgsrc/devel/libextractor/PLIST		1.2
    - pkgsrc/devel/libextractor/distinfo		1.5
    - pkgsrc/devel/libextractor/buildlink3.mk	1.2
    - pkgsrc/devel/libextractor/patches/patch-ac	removed
    - pkgsrc/devel/libextractor/patches/patch-ad	removed
    
        Module Name:    pkgsrc
        Committed By:   tv
        Date:           Fri Jun 10 17:03:35 UTC 2005
    
        Modified Files:
                pkgsrc/devel/libextractor: Makefile PLIST distinfo
        Removed Files:
                pkgsrc/devel/libextractor/patches: patch-ac patch-ad
    
        Log Message:
        Update libextractor to 0.4.2.
    
        Fixes (second half of) Secunia SA: http://secunia.com/advisories/15651/
        (first half was fixed in 0.3.11nb1)
    
        ChangeLog excerpts:
    
        Thu Feb 24 00:32:44 EST 2005
                Added extractor that extracts binary (!) thumbnails from
                images using ImageMagick.  Decoder function for the binary
                string is in the thumbnailextractor.c source.
    
        Sun Feb 20 16:36:17 EST 2005
                Fixed similar problem in REAL extractor.  Added support
                for new Helix/Real format to REAL extractor.
    
        Sun Feb 20 12:48:15 EST 2005
                Fixed (rare) integer overflow bug in PNG extractor.
    
        Fri Jan 21 15:23:43 PST 2005
                Fixed security problem in PDF extractor.
    
        Fri Dec 24 13:28:59 CET 2004
                Added support for Unicode to the pdf extractor.
    
        Thu Dec 23 18:14:10 CET 2004
                Avoided exporting symbol OPEN (conflicts on OSX
                with same symbol from GNUnet).  Added conversion
                to utf8 to various plugqins (see todo) and
                added conversion from utf8 to current locale to
                print keywords.
    ----
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Fri Jun 10 22:59:22 UTC 2005
    
        Modified Files:
                pkgsrc/devel/libextractor: buildlink3.mk
    
        Log Message:
        Set BUILDLINK_RECOMMENDED after recent security fixes. (hi tv!)
  3. 549 & 550.

    snj authored
  4. Pullup ticket 550 - requested by Lubomir Sedlacik

    snj authored
    security update for leafnode
    
    Revisions pulled up:
    - pkgsrc/news/leafnode/Makefile	1.26
    - pkgsrc/news/leafnode/distinfo	1.15
    
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Thu Jun  9 18:21:23 UTC 2005
    
        Modified Files:
                pkgsrc/news/leafnode: Makefile distinfo
    
        Log Message:
        Update to version 1.11.3
    
        Changes:
    
        ### SECURITY BUGFIXES
        - Fetchnews did not detect timeouts while it was downloading an article
          header, which malicious upstream servers could exploit to mount
          a denial of service attack against the fetchnews client. See
          leafnode-SA-2005-02.txt.  CVE Name: CAN-2005-1911
    
        ### BUGFIXES
        - Bugfix sed expression in makesubst script.  (Reported by Jeff Zacharias.)
    
        ### CHANGES
        - texpire now tags the message.id expired count with "message.id" rather
          than "total:" to avoid misleading the user who assumes that "total:"
          would have to be the sum of the group counts. See also the FAQ change
          below.  SourceForge bug #1215453.
        - When debugmode and verbose mode are set, leafnode programs now print a
          warning to stdout that the user should check syslog.conf and the
          syslog output rather than the screen print for debugging and sleeps for
          three seconds.
    
        ### DOCUMENTATION
        - Add FAQ entry to explain discrepancies between texpire group counts
          and message.id expired articles counts.
        - Add FAQ entry to explain influence of Gnus' gnus-read-active-file
          setting on lost subscriptions, and extend stop fetchnews from
          unsubscribing FAQ.  Debian bug #307685.
        - Drop FAQ entry on license issues as some parts of leafnode are in fact
          GPLd.
        - Drop FAQ entry on why old articles aren't posted, obsolete since
          1.9.33.
        - INSTALL and INSTALL_de have been polished.
        - Add a hint that syslog.conf must be edited to config.example.
        - leafnode(8) mentions that LIST ACTIVE keeps an existing subscription
          fresh.
  5. Pullup ticket 549 - requested by Lubomir Sedlacik

    snj authored
    security fix for tcpdump
    
    Revisions pulled up:
    - pkgsrc/net/tcpdump/Makefile		1.16
    - pkgsrc/net/tcpdump/distinfo		1.9
    - pkgsrc/net/tcpdump/patches/patch-ac	1.2
    
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Sun Jun 12 15:38:32 UTC 2005
    
        Modified Files:
                pkgsrc/net/tcpdump: Makefile distinfo
                pkgsrc/net/tcpdump/patches: patch-ac
    
        Log Message:
        Security fix for DoS in BGP packets' processing.
        Patch from tcpdump cvs.
Commits on Jun 11, 2005
  1. 547

    snj authored
  2. Pullup ticket 547 - requested by Lubomir Sedlacik

    snj authored
    security update for gaim
    
    Revisions pulled up:
    - pkgsrc/chat/gaim/Makefile	1.88, 1.89
    - pkgsrc/chat/gaim/distinfo	1.65
    - pkgsrc/chat/gaim/PLIST	1.40
    
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Fri Jun 10 12:57:56 UTC 2005
    
        Modified Files:
                pkgsrc/chat/gaim: Makefile distinfo
    
        Log Message:
        Update to version 1.3.1
    
        Changes:
    
        - security fixes for DoS issues:
    
          http://gaim.sourceforge.net/security/index.php?id=3D18
          http://gaim.sourceforge.net/security/index.php?id=3D19
    
        - Fix Yahoo! privacy bug
        - Fix Jabber Get Info crash on busted servers
        - The file transfer details section now also displays the full
          path to the local file sent/received.
        - Yahoo! has the following new "/" commands:  /join, /buzz
        - Updated our gaim.desktop file, thanks to all our terrific
        - translators for sending in translations of the changes
        - Improvements to how Gaim handles new message notification
    ----
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Fri Jun 10 22:49:47 UTC 2005
    
        Modified Files:
                pkgsrc/chat/gaim: Makefile PLIST
    
        Log Message:
        Add missing file.
        From MAINTAINER, Matthew Luckie  via PR pkg/30494
Commits on Jun 9, 2005
  1. #546

    salo authored
  2. Pullup ticket 546 - requested by Adrian Portelli

    salo authored
    security fix for gzip-base
    
    Revisions pulled up:
    - pkgsrc/archivers/gzip-base/Makefile		1.19
    - pkgsrc/archivers/gzip-base/distinfo		1.6
    - pkgsrc/archivers/gzip-base/patches/patch-ab	1.2
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Thu Jun  9 20:23:26 UTC 2005
    
       Modified Files:
       	pkgsrc/archivers/gzip-base: Makefile distinfo
       	pkgsrc/archivers/gzip-base/patches: patch-ab
    
       Log Message:
       - Patches to address CAN-2005-1228 and CAN-2005-0988 based on FreeBSD SA
         and Gentoo/Debian patches.
  3. 545

    snj authored
  4. Pullup ticket 545 - requested by Lubomir Sedlacik

    snj authored
    security fix for a2ps
    
    Revisions pulled up:
    - pkgsrc/print/a2ps/Makefile		1.54
    - pkgsrc/print/a2ps/distinfo		1.9
    - pkgsrc/print/a2ps/patches/patch-ad	1.4
    - pkgsrc/print/a2ps/patches/patch-ae	1.4
    
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Thu Jun  9 14:53:49 UTC 2005
    
        Modified Files:
                pkgsrc/print/a2ps: Makefile distinfo
        Added Files:
                pkgsrc/print/a2ps/patches: patch-ad patch-ae
    
        Log Message:
        Security fix for CAN-2004-1377:
    
        "The fixps and psmandup scripts in a2ps allow local users to overwrite
         arbitrary files via a symlink attack on temporary files."
    
        Patches from Gentoo with few minor issues corrected.
Commits on Jun 8, 2005
  1. 544

    snj authored
  2. Pullup ticket 544 - requested by Lubomir Sedlacik

    snj authored
    security fix for samba2
    
    Revisions pulled up:
    - pkgsrc/net/samba2/Makefile		1.23
    - pkgsrc/net/samba2/Makefile.common	1.7
    - pkgsrc/net/samba2/distinfo		1.4, 1.5
    - pkgsrc/net/samba2/patches/patch-ap	1.2
    
        Module Name:    pkgsrc
        Committed By:   wiz
        Date:           Wed May 25 13:15:40 UTC 2005
    
        Modified Files:
                pkgsrc/net/samba2: distinfo
    
        Log Message:
        Add RMD160 checksum.
    ----
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Mon Jun  6 13:25:12 UTC 2005
    
        Modified Files:
                pkgsrc/net/samba2: Makefile Makefile.common distinfo
                pkgsrc/net/samba2/patches: patch-ap
    
        Log Message:
        Security fixes for CAN-2004-0882, CAN-2004-0930 and CAN-2004-1154.
        Patches adapted from SuSE.
    
        Functionality not tested beyond simple smbclient operations.
        This package is marked for removal before next stable branch is cut.
Commits on Jun 5, 2005
  1. #541

    salo authored
  2. Pullup ticket 541 - requested by Adrian Portelli

    salo authored
    gcdmaster update
    
    Revisions pulled up:
    - pkgsrc/sysutils/gcdmaster/Makefile		1.23
    - pkgsrc/sysutils/gcdmaster/distinfo		1.5
    - pkgsrc/sysutils/gcdmaster/patches/patch-ae	1.4
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Sat Jun  4 16:43:37 UTC 2005
    
       Modified Files:
       	pkgsrc/sysutils/gcdmaster: Makefile distinfo
       	pkgsrc/sysutils/gcdmaster/patches: patch-ae
    
       Log Message:
       - Update gcdmaster to 1.2.0nb1 (sync with cdrdao)
       - Add missing dependences on "libao", "libmad" and "libvorbis" for full
         audio support.
       - From the ChangeLog:
         >> ----------------------------------------------------------------------
         >>   cdrdao 1.2.0 (2005-05-12)
         >> ----------------------------------------------------------------------
         >>
         >>  o  SECURITY FIX: cdrdao now gives up its root privileges after setting
         >>     up real-time scheduling, as well as before saving settings through
         >>     the --save option. This fixes a potential local root exploit when
         >>     cdrdao is installed with the +s chmod flag. Using --save now also
         >>     forces an early exit after the settings are saved.
         >>
         >>  o  Added MP3 and Ogg Vorbis file support (through respectively the
         >>     libmad and libvorbis libraries). cdrdao will decode the MP3 and
         >>     Ogg files into temporary WAV files that will be deleted upon exit
         >>     (unless the new option --keep is used). The directory used to
         >>     store those temporary WAV files can be specified with the --tmpdir
         >>     option (default is /tmp).
         >>
         >>  o  Improved native CUE file support: replaced old incomplete existing
         >>     parser with the one from Matthias Czapla's excellent
         >>     cue2toc. Added support for cutting binary files.
         >>
         >>  o  Added --rspeed option to manually set the device reading speed. Be
         >>     warned not all devices support this.
         >>
         >>  o  Packaged scsilib library upgraded from cdrtools 2.01 (previously
         >>     was from 2.01a31).
         >>
         >>  o  Added --no-mode2-mixed option. Don't read a MODE2 disk as
         >>     MODE2_FORM_MIXED, only read MODE2_FORM1 or MODE2_FORM2 (Matthieu
         >>     Castet).
         >>
         >>  o  Added help for little-known drive-info command.
         >>
         >> GCDMaster changes:
         >>
         >>  o  MP3 and Ogg Vorbis support: you can drag and drop .mp3, .m3u and
         >>     .ogg files from Nautilus into the sample display window.
         >>
         >>  o  Switched to gtkmm24 API. Improved file browsers.
         >>
         >>  o  CUE files support.
         >>
         >>  o  Sound output now uses libao library.
         >>
         >>  o  Added help for little-known drive-info command.
         >>
         >> GCDMaster changes:
         >>
         >>  o  MP3 and Ogg Vorbis support: you can drag and drop .mp3, .m3u and
         >>     .ogg files from Nautilus into the sample display window.
         >>
         >>  o  Switched to gtkmm24 API. Improved file browsers.
         >>
         >>  o  CUE files support.
         >>
         >>  o  Sound output now uses libao library.
         >>
         >>  o  Added 'Select All' item in menu.
         >>
         >>  o  Added 'Eject' button to progress dialog
         >>
         >>  o  Bug fixes (sample selection weirdness, couldn't close window
         >>     during play, problems with gcdmaster command-line argument,
         >>     crashes with multiple project windows, drive status not reported
         >>     correctly).
  3. #543

    salo authored
  4. Pullup ticket 543 - requested by Robert T. Retzlaff

    salo authored
    portability fix for libpcap
    
    Revisions pulled up:
    - pkgsrc/net/libpcap/distinfo		1.7
    - pkgsrc/net/libpcap/patches/patch-aa	1.1
    
       Module Name:		pkgsrc
       Committed By:	yyamano
       Date:		Mon May 30 16:46:21 UTC 2005
    
       Modified Files:
       	pkgsrc/net/libpcap: distinfo
       Added Files:
       	pkgsrc/net/libpcap/patches: patch-aa
    
       Log Message:
       Make this build on Darwin 8.1.0.
  5. #539, #540

    salo authored
  6. Pullup ticket 540 - requested by Adrian Portelli

    salo authored
    security update for poppassd
    
    Revisions pulled up:
    - pkgsrc/mail/poppassd/Makefile		1.15-1.16
    - pkgsrc/mail/poppassd/MESSAGE		1.3
    - pkgsrc/mail/poppassd/distinfo		1.11
    
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Sat May 28 02:57:22 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/poppassd: Makefile
    
       Log Message:
       - Share MASTER_SITES and HOMEPAGE with qpopper package using
         QPOPPER_MASTER_SITES and QPOPPER_HOMEPAGE defined in
         ../qpopper/Makefile.common.
    
       No functional change.
    ---
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed Jun  1 21:00:39 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/poppassd: MESSAGE Makefile distinfo
    
       Log Message:
       - Update poppassd to 4.0.8
       - Thanks to taca@ and gavan@ for feedback and patch review
       - This also enables experimental PAM support (on platforms that support it)
       - Security fixes included
       - From the ChangeLog:
       Changes from 4.0.7 to 4.0.8:
       > ---------------------------
       >  1.  Fix compilation error on HPUX.
       >  2.  Fix some compilation warnings.
       >  3.  Update man page with '-x' option.
       >  4.  Fix problems with 'make install'
       >
       >
       > Changes from 4.0.6 to 4.0.7:
       > ---------------------------
       >  1.  Fix '-V' for standalone.
       >  2.  Include 'man' directory in tarball.
       >
       >
       > Changes from 4.0.5 to 4.0.6:
       > ----------------------------
       >  1.  Minor fixes for true64.
       >  2.  Patch from Uli Zappe to fix SCRAM compilation bugs.
       >  3.  Minor fixes for true64.
       >  4.  poppassd now runs smbpasswd as user, not root, to avoid exploit
       >  5.  Remove -traditional-cpp from the compiler options for Darwin
       >      builds (otherwise build fails)
       >  6.  Open stdout and stderr as O_WRONLY instead of O_RDONLY so that
       >      should anything actually be written to them it will show up
       >  7.  When configured as --with-pam and required,
       >      include <pam/pam_appl.h> instead of <security/pam_appl.h>
       >      (otherwise build fails)
       >  8.  strdup the pw.pw_name field from getpwnam so that it's still
       >      valid by the time genpath is called; also added corresponding
       >      free (without this fix when the bug manifests, clients are
       >      erroneously told there are 0 messages in the mail drop
       >      regardless of the actual number)
       >  9.  Add a pam bug workaround at the beginning of main to do a
       >      pam_start and pam_end immediately when the program starts up
       >      in order to avoid bogus authentication failed messages from
       >      pam_authenticate later (only when configured as --with-pam)
       >      [ Thanks to Kyle McKay for changes 5-9 ]
       > 10.  Fixed error in configure script for Mac OS / Darwin.
       > 11.  Support chained certs for OpenSSL [from Daniel Senie].
       > 12.  Fixes to compile better on Linux [from Daniel Senie].
       > 13.  X-UIDL header no longer written when Update_status_hdrs is false
       >      [thanks to Helge Oldach]
       > 14.  Now calling SSL_shutdown() again if it fails the first time.
       > 15.  Now logging TLS errors when compiled with debugging and debug is
       >      enabled (instead of either) [thanks to Maks N. Polunin].
       > 16.  Config file now always closed (not just on error).
       > 17.  When using pam, Kerberos tickets are now destroyed.
       >      Otherwise dead tickets accumulate in cache directory which runs
       >      out of space quickly on busy server.  Problem noted by Rodney
       >      McDuff ITS UQ.   (Directory permissions on ticket cache dir need
       >      to be 1777).
       > 18.  Always log "Servicing request" (instead of just when debugging is
       >      on).   This allows start of pop sessions to be logged always which
       >      is useful for diagnosis of problems.
       > 19.  Worked around problem on some systems causing SIGALRM to be masked,
       >      leaving hung pop processes which should have timed out waiting
       >      for a command from the client.
       >      [ Thanks to David Shrimpton for changes 16-19 ]
       > 20.  Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0".
       > 21.  Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen]
       > 22.  Log facility set on command line now applies to daemon as well.
       >      [Thanks to Helge Oldach]
       > 23.  '-y' to set log facility on command line now works again.
       > 24.  Allow '-V' as synonym for '-v' (to see version).
       > 25.  Process user and spool config files as user, not as root (fix
       >      security hole reported by Jens Steube)
       > 26.  Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT
       >      and 'x' as a command-line option to disable it.  You should
       >      disable it unless you really need it, and even then it is better
       >      to move to SMTP AUTH.
       > 27.  popauth now opens trace file as user, not root (fix security
       >      hole reported by Jens Steube); also umask now set.
       > 28.  Fix race crash on FreeBSD (thanks to Martin Haller).
       > 29.  Resolve some compiler warnings.
       > 30.  Fix check for libcrypt on FreeBSD.
       > 31.  Added sample pam configuration file (also installed by 'make
       >      install')
       > 32.  Use generic error msg and sleep in more auth failure cases.
       > 33.  Added code to use mkstemp() instead of our perfectly safe usage
       >      of tempnam() because some compilers issue overly broad warnings
       >      implying that all uses of tempnam() are unsafe.  To bypass,
       >      use '--enable-tempnam' with ./configure.
  7. Pullup ticket 539 - requested by Adrian Portelli

    salo authored
    security update for qpopper
    
    Revisions pulled up:
    - pkgsrc/mail/qpopper/Makefile		1.49-1.50
    - pkgsrc/mail/qpopper/Makefile.common	1.14-1.15
    - pkgsrc/mail/qpopper/PLIST		1.4
    - pkgsrc/mail/qpopper/distinfo		1.12
    - pkgsrc/mail/qpopper/options.mk	patched by hand (parts of 1.5-1.6)
    - pkgsrc/mail/qpopper/patches/patch-am	1.4
    - pkgsrc/mail/qpopper/patches/patch-ao	removed
    - pkgsrc/mail/qpopper/patches/patch-ap	1.3
    
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Sat May 28 02:55:43 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/qpopper: Makefile Makefile.common PLIST
    
       Log Message:
       - Sort PLIST.
       - Share MASTER_SITES and HOMEPAGE with poppassd package with introducing
         QPOPPER_MASTER_SITES and QPOPPER_HOMEPAGE in Makefile.common.
    
       No functional change.
    ---
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed Jun  1 20:55:16 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/qpopper: Makefile Makefile.common distinfo options.mk
       	pkgsrc/mail/qpopper/patches: patch-am patch-ap
       Removed Files:
       	pkgsrc/mail/qpopper/patches: patch-ao
    
       Log Message:
       - Update qpopper to 4.0.8
       - Thanks to taca@ and gavan@ for feedback and patch review
       - This also enables experimental PAM support (on platforms that support it)
       - Security fixes included
       - From the ChangeLog:
       > Changes from 4.0.7 to 4.0.8:
       > ---------------------------
       >  1.  Fix compilation error on HPUX.
       >  2.  Fix some compilation warnings.
       >  3.  Update man page with '-x' option.
       >  4.  Fix problems with 'make install'
       >
       >
       > Changes from 4.0.6 to 4.0.7:
       > ---------------------------
       >  1.  Fix '-V' for standalone.
       >  2.  Include 'man' directory in tarball.
       >
       >
       > Changes from 4.0.5 to 4.0.6:
       > ----------------------------
       >  1.  Minor fixes for true64.
       >  2.  Patch from Uli Zappe to fix SCRAM compilation bugs.
       >  3.  Minor fixes for true64.
       >  4.  poppassd now runs smbpasswd as user, not root, to avoid exploit
       >  5.  Remove -traditional-cpp from the compiler options for Darwin
       >      builds (otherwise build fails)
       >  6.  Open stdout and stderr as O_WRONLY instead of O_RDONLY so that
       >      should anything actually be written to them it will show up
       >  7.  When configured as --with-pam and required,
       >      include <pam/pam_appl.h> instead of <security/pam_appl.h>
       >      (otherwise build fails)
       >  8.  strdup the pw.pw_name field from getpwnam so that it's still
       >      valid by the time genpath is called; also added corresponding
       >      free (without this fix when the bug manifests, clients are
       >      erroneously told there are 0 messages in the mail drop
       >      regardless of the actual number)
       >  9.  Add a pam bug workaround at the beginning of main to do a
       >      pam_start and pam_end immediately when the program starts up
       >      in order to avoid bogus authentication failed messages from
       >      pam_authenticate later (only when configured as --with-pam)
       >      [ Thanks to Kyle McKay for changes 5-9 ]
       > 10.  Fixed error in configure script for Mac OS / Darwin.
       > 11.  Support chained certs for OpenSSL [from Daniel Senie].
       > 12.  Fixes to compile better on Linux [from Daniel Senie].
       > 13.  X-UIDL header no longer written when Update_status_hdrs is false
       >      [thanks to Helge Oldach]
       > 14.  Now calling SSL_shutdown() again if it fails the first time.
       > 15.  Now logging TLS errors when compiled with debugging and debug is
       >      enabled (instead of either) [thanks to Maks N. Polunin].
       > 16.  Config file now always closed (not just on error).
       > 17.  When using pam, Kerberos tickets are now destroyed.
       >      Otherwise dead tickets accumulate in cache directory which runs
       >      out of space quickly on busy server.  Problem noted by Rodney
       >      McDuff ITS UQ.   (Directory permissions on ticket cache dir need
       >      to be 1777).
       > 18.  Always log "Servicing request" (instead of just when debugging is
       >      on).   This allows start of pop sessions to be logged always which
       >      is useful for diagnosis of problems.
       > 19.  Worked around problem on some systems causing SIGALRM to be masked,
       >      leaving hung pop processes which should have timed out waiting
       >      for a command from the client.
       >      [ Thanks to David Shrimpton for changes 16-19 ]
       > 20.  Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0".
       > 21.  Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen]
       > 22.  Log facility set on command line now applies to daemon as well.
       >      [Thanks to Helge Oldach]
       > 23.  '-y' to set log facility on command line now works again.
       > 24.  Allow '-V' as synonym for '-v' (to see version).
       > 25.  Process user and spool config files as user, not as root (fix
       >      security hole reported by Jens Steube)
       > 26.  Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT
       >      and 'x' as a command-line option to disable it.  You should
       >      disable it unless you really need it, and even then it is better
       >      to move to SMTP AUTH.
       > 27.  popauth now opens trace file as user, not root (fix security
       >      hole reported by Jens Steube); also umask now set.
       > 28.  Fix race crash on FreeBSD (thanks to Martin Haller).
       > 29.  Resolve some compiler warnings.
       > 30.  Fix check for libcrypt on FreeBSD.
       > 31.  Added sample pam configuration file (also installed by 'make
       >      install')
       > 32.  Use generic error msg and sleep in more auth failure cases.
       > 33.  Added code to use mkstemp() instead of our perfectly safe usage
       >      of tempnam() because some compilers issue overly broad warnings
       >      implying that all uses of tempnam() are unsafe.  To bypass,
       >      use '--enable-tempnam' with ./configure.
    ---
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed Jun  1 21:09:02 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/qpopper: options.mk
    
       Log Message:
       - Add a note for PAM
Commits on Jun 2, 2005
  1. #532, #533, #534 and #535

    salo authored
  2. Pullup ticket 535 - requested by Manuel Bouyer

    salo authored
    dependencies updates for horde and imp
    
    Revisions pulled up:
    - pkgsrc/www/horde/Makefile	1.36-1.38
    - pkgsrc/mail/imp/Makefile	1.31-1.32
    
       Module Name:		pkgsrc
       Committed By:	bouyer
       Date:		Thu Jun  2 09:03:27 UTC 2005
    
       Modified Files:
       	pkgsrc/www/horde: Makefile
    
       Log Message:
       Add dependancy to pear-DB and pear-Mail, now that these
       aren't included in php any more.
       While here, change -* to -[0-9]* for the pear-Log dependancy.
    ---
       Module Name:		pkgsrc
       Committed By:	bouyer
       Date:		Thu Jun  2 09:13:44 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/imp: Makefile
       	pkgsrc/www/horde: Makefile
    
       Log Message:
       Move pear-Mail dependancy from www/horde to mail/imp
       (horde itself doesn't need it).
    ---
       Module Name:		pkgsrc
       Committed By:	salo
       Date:		Thu Jun  2 23:26:41 UTC 2005
    
       Modified Files:
       	pkgsrc/www/horde: Makefile
    
       Log Message:
       Bump PKGREVISION, DEPENDS changed. (hi bouyer!)
    ---
       Module Name:		pkgsrc
       Committed By:	salo
       Date:		Thu Jun  2 23:28:11 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/imp: Makefile
    
       Log Message:
       Bump PKGREVISION, DEPENDS changed. (hi bouyer!)
  3. Pullup ticket 534 - requested by Manuel Bouyer

    salo authored
    dependencies update for horde3 and imp4
    
    Revisions pulled up:
    - pkgsrc/www/horde3/Makefile	1.7, 1.9
    - pkgsrc/mail/imp4/Makefile	1.6
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed May 18 20:25:02 UTC 2005
    
       Modified Files:
       	pkgsrc/www/horde3: Makefile
    
       Log Message:
       - Add in an extra depends on pear-DB
    ---
       Module Name:		pkgsrc
       Committed By:	salo
       Date:		Thu Jun  2 23:07:30 UTC 2005
    
       Modified Files:
    	pkgsrc/www/horde3: Makefile
    
       Log Message:
       Bump PKGREVISION, DEPENDS changed. (hi bouyer!)
    ---
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed May 18 20:27:13 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/imp4: Makefile
    
       Log Message:
       - Add in an extra depends on pear-Mail
    ---
       Module Name:		pkgsrc
       Committed By:	salo
       Date:		Thu Jun  2 23:10:28 UTC 2005
    
       Modified Files:
    	pkgsrc/mail/imp4: Makefile
    
       Log Message:
       Bump PKGREVISION, DEPENDS changed. (hi bouyer!)
  4. 529 & 531.

    snj authored
  5. Pullup ticket 531 - requested by Lubomir Sedlacik

    snj authored
    security fix for wine
    
    Apply patch from Lubomir Sedlacik.  "it fixes insecure tempfile creation
    in /tmp, patches are from Wine bugzilla:
    http://bugs.winehq.org/show_bug.cgi?id=2715"
  6. Pullup ticket 529 - requested by Lubomir Sedlacik

    snj authored
    security update for cdrdao
    
    Revisions pulled up:
    - pkgsrc/sysutils/cdrdao/Makefile	1.22, 1.23
    - pkgsrc/sysutils/cdrdao/distinfo	1.12
    
        Module Name:    pkgsrc
        Committed By:   adrianp
        Date:           Fri May 27 08:39:26 UTC 2005
    
        Modified Files:
                pkgsrc/sysutils/cdrdao: Makefile distinfo
    
        Log Message:
        - Update cdrdao to 1.2.0
        - NOTE: pkgsrc does _not_ install cdrdao suid root so the noted security fix
          does not apply to us.
        - From the ChangeLog:
        > --------------------------------------------------------------------------
        >   cdrdao 1.2.0 (2005-05-12)
        > --------------------------------------------------------------------------
        >
        >  o  SECURITY FIX: cdrdao now gives up its root privileges after setting
        >     up real-time scheduling, as well as before saving settings through
        >     the --save option. This fixes a potential local root exploit when
        >     cdrdao is installed with the +s chmod flag. Using --save now also
        >     forces an early exit after the settings are saved.
        >
        >  o  Added MP3 and Ogg Vorbis file support (through respectively the
        >     libmad and libvorbis libraries). cdrdao will decode the MP3 and
        >     Ogg files into temporary WAV files that will be deleted upon exit
        >     (unless the new option --keep is used). The directory used to
        >     store those temporary WAV files can be specified with the --tmpdir
        >     option (default is /tmp).
        >
        >  o  Improved native CUE file support: replaced old incomplete existing
        >     parser with the one from Matthias Czapla's excellent
        >     cue2toc. Added support for cutting binary files.
        >
        >  o  Added --rspeed option to manually set the device reading speed. Be
        >     warned not all devices support this.
        >
        >  o  Packaged scsilib library upgraded from cdrtools 2.01 (previously
        >     was from 2.01a31).
        >
        >  o  Added --no-mode2-mixed option. Don't read a MODE2 disk as
        >     MODE2_FORM_MIXED, only read MODE2_FORM1 or MODE2_FORM2 (Matthieu
        >     Castet).
        >
        >  o  Added help for little-known drive-info command.
        >
        > GCDMaster changes:
        >
        >  o  MP3 and Ogg Vorbis support: you can drag and drop .mp3, .m3u and
        >     .ogg files from Nautilus into the sample display window.
        >
        >  o  Switched to gtkmm24 API. Improved file browsers.
        >
        >  o  CUE files support.
        >
        >  o  Sound output now uses libao library.
        >
        >  o  Added help for little-known drive-info command.
        >
        > GCDMaster changes:
        >
        >  o  MP3 and Ogg Vorbis support: you can drag and drop .mp3, .m3u and
        >     .ogg files from Nautilus into the sample display window.
        >
        >  o  Switched to gtkmm24 API. Improved file browsers.
        >
        >  o  CUE files support.
        >
        >  o  Sound output now uses libao library.
        >
        >  o  Added 'Select All' item in menu.
        >
        >  o  Added 'Eject' button to progress dialog
        >
        >  o  Bug fixes (sample selection weirdness, couldn't close window during
        >     play, problems with gcdmaster command-line argument, crashes with
        >     multiple project windows, drive status not reported correctly).
        ----
        Module Name:    pkgsrc
        Committed By:   tron
        Date:           Sat May 28 21:50:19 UTC 2005
    
        Modified Files:
                pkgsrc/sysutils/cdrdao: Makefile
    
        Log Message:
        Add missing dependences on "libao", "libmad" and "libvorbis" for full
        audio support. Bump package revision.
  7. Pullup ticket 533 - requested by Manuel Bouyer

    salo authored
    add pear-Mail package
    
    Revisions pulled up:
    - pkgsrc/mail/pear-Mail/Makefile	1.1.1.1
    - pkgsrc/mail/pear-Mail/DESCR		1.1.1.1
    - pkgsrc/mail/pear-Mail/PLIST		1.1.1.1
    - pkgsrc/mail/pear-Mail/distinfo	1.1.1.1
    - pkgsrc/mail/Makefile			1.256
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed May 18 20:07:46 UTC 2005
    
       Update of /cvsroot/pkgsrc/mail/pear-Mail
       In directory ivanova.netbsd.org:/tmp/cvs-serv1549
    
       Log Message:
       - Import of pear-Mail
       PEAR's Mail:: package defines the interface for implementing mailers
       under the PEAR hierarchy, and provides supporting functions useful in
       multiple mailer backends. Currently supported are native PHP mail()
       function, sendmail and SMTP. This package also provides a RFC 822 Email
       address list validation utility class.
    ---
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed May 18 20:09:12 UTC 2005
    
       Modified Files:
       	pkgsrc/mail: Makefile
    
       Log Message:
       - Note addition of pear-Mail-1.1.4
  8. Pullup ticket 532 - requested by Manuel Bouyer

    salo authored
    add pear-DB package
    
    Revisions pulled up:
    - pkgsrc/databases/pear-DB/Makefile	1.1.1.1
    - pkgsrc/databases/pear-DB/DESCR	1.1.1.1
    - pkgsrc/databases/pear-DB/PLIST	1.1.1.1
    - pkgsrc/databases/pear-DB/distinfo	1.1.1.1
    - pkgsrc/databases/Makefile		1.171
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed May 18 19:56:06 UTC 2005
    
       Update of /cvsroot/pkgsrc/databases/pear-DB
       In directory ivanova.netbsd.org:/tmp/cvs-serv18260
    
       Log Message:
       - Import of pear-DB
       DB is a database abstraction layer providing:
       * an OO-style query API
       * portability features that make programs written for one DBMS
         work with other DBMS's
       * a DSN (data source name) format for specifying database servers
       * prepare/execute (bind) emulation for databases that don't support
         it natively
       * a result object for each query response
       * portable error codes
       * sequence emulation
       * sequential and non-sequential row fetching as well as bulk fetching
       * formats fetched rows as associative arrays, ordered arrays or objects
       * row limit support
       * transactions support
       * table information interface
       * DocBook and phpDocumentor API documentation
    ---
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed May 18 19:58:45 UTC 2005
    
       Modified Files:
       	pkgsrc/databases: Makefile
    
       Log Message:
       - Note addition of pear-DB-1.7.6
  9. #536

    salo authored
  10. Pullup ticket 536 - requested by Manuel Bouyer

    salo authored
    security update for mailman
    
    Revisions pulled up:
    - pkgsrc/mail/mailman/Makefile		1.22
    - pkgsrc/mail/mailman/PLIST		1.8
    - pkgsrc/mail/mailman/distinfo		1.8
    - pkgsrc/mail/mailman/patches/patch-ac	removed
    - pkgsrc/mail/mailman/patches/patch-ai	removed
    
       Module Name:	pkgsrc
       Committed By:	bouyer
       Date:		Wed Jun  1 23:25:07 UTC 2005
    
       Modified Files:
       	pkgsrc/mail/mailman: Makefile PLIST distinfo
       Removed Files:
       	pkgsrc/mail/mailman/patches: patch-ac patch-ai
    
       Log Message:
       Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
       pkgsrc as patches/patch-ai):
    
         Security
    
           - Added the ability for Mailman generated passwords (both member
             and list admin) to be more cryptographically secure.  See new
             configuration variables USER_FRIENDLY_PASSWORDS,
             MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH.  Also added
             a new bin/withlist script called reset_pw.py which can be used
             to reset all member passwords.  Passwords generated by Mailman
             are now 8 characters by default for members, and 10 characters
             for list administrators.
    
           - A potential cross-site scripting hole in the driver script has been
             closed.  Thanks to Florian Weimer for its discovery.  Also, turn
             STEALTH_MODE on by default.
         Internationalization
    
           - Chinese languages are now supported.  They have been moved from
             'big5' and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance
             to the IANA spec.  Note, however, that the character sets were
             changed from 'Big5' or 'GB2312' to 'UTF-8' to cope with the
             insufficient codecs support in Python 2.3 and earlier.  You may
             have to install Chinese capable codecs (like CJKCodecs) separately
             to handle the incoming messages which are in local charsets, or
             upgrade your Python to 2.4 or newer.
    
         Behavior or defaults changes
    
           - VERP_PROBES is disabled by default.
    
           - bin/withlist can be run without a list name, but only if -i is
             given.  Also, withlist puts the directory it's found in at the end
             of sys.path, making it easier to run withlist scripts that live in
             $prefix/bin.
    
           - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost
             which lets the user provide the web and email hostnames for the new
             mailing list.  This is a better way to specify the domain for the
             list, rather than the old 'mylist@hostname' syntax (which is still
             supported for backward compatibility, but deprecated).
    
         Compatibility
    
           - Python 2.4 compatibility issue: time.strftime() became strict about
             the 'day of year' range.  (1078482)
    
         New Features
    
           - New feature: automatic discards of held messages.  List owners can now
             set how many days to hold the messages in the moderator request queue.
             cron/checkdb will automatically discard old messages.  See the
             max_days_to_hold variable in the General Options and
             DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py.  This defaults to 0
             (i.e. disabled). (790494)
    
           - New feature: subject_prefix can be configured to include a sequence
             number which is taken from the post_id variable.  Also, the prefix is
             always put at the start of the subject, i.e. "[list-name] Re:
             original subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.
             The default style is "Re: [list-name]" if numbering is not set, for
             backward compatibility.  If the list owner is using numbering feature
             by "%d" directive, the new style, "[list-name 123] Re:", is always
             used.
           - List owners can now cusomize the non-member rejection notice from
             admin/<listname>/privacy/sender page. (1107169)
    
           - Allow editing of the welcome message from the admin page (1085501).
    
           - List owners can now use Scrubber to get the attachments scrubbed
             (held in the web archive), if the site admin permits it in mm_cfg.py.
             New variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME
             and SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for
             scrubber behavior.  (904850)
    
         Documentation
    
           - Most of the installation instructions have been moved to a latex
             document.  See admin/www/mailman-install/index.html for details.
    
         Bug fixes and other patches
    
           - Mail-to-news gateway now strips subject prefix off from a response
             by a mail user if news_prefix_subject_too is not set.
    
           - Date and Message-Id headers are added for digests. (1116952)
           - Improved mail address sanity check.  (1030228)
    
           - SpamDetect.py now checks attachment header.  (1026977)
    
           - Filter attachments by filename extensions.  (1027882)
    
           - Bugs and patches: 955381 (older Python compatibility),
             1020102/1013079/ 1020013 (fix spam filter removed), 665569 (newer
             Postfix bounce detection), 970383 (moderator -1 admin requests
             pending), 873035 (subject handling in -request mail), 799166/946554
             (makefile compatibility), 872068 (add header/footer via unicode),
             1032434 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty
             Cc:), 789015 (fix pipermail URL), 948152 (Out of date link on Docs),
             1099138 (Scrubber.py breaks on None part),  1099840/1099840
             (deprecated % insertion),  880073/933762 (List-ID RFC compliance),
             1090439 (passwd reminder shunted), 1112349 (case insensitivity in
             acceptable_aliases), 1117618 (Don't Cc for personalized anonymous
             list), 1190404 (wrong permission after editing html)
  11. #528

    salo authored
  12. Pullup ticket 528 - requested by Thomas Klausner

    salo authored
    PLIST fix for lablgtk2
    
    Revisions pulled up:
    - pkgsrc/x11/lablgtk2/Makefile	1.5
    - pkgsrc/x11/lablgtk2/PLIST	1.2
    
       Module Name:		pkgsrc
       Committed By:	drochner
       Date:		Tue May 31 15:56:18 UTC 2005
    
       Modified Files:
       	pkgsrc/x11/lablgtk2: PLIST
    
       Log Message:
       sync with reality
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Wed Jun  1 21:00:26 UTC 2005
    
       Modified Files:
    	pkgsrc/x11/lablgtk2: Makefile
    
       Log Message:
       Bump PKGREVISION after PLIST fix (hi drochner!)
       Noted by salo@.
Commits on May 31, 2005
  1. #512

    salo authored
  2. Pullup ticket 512 - requested by Manuel Bouyer

    salo authored
    bugfix updates for xentools20
    
    Revisions pulled up:
    - pkgsrc/sysutils/xentools20/Makefile		1.6, 1.8, 1.10
    - pkgsrc/sysutils/xentools20/files/xend.sh	1.2
    - pkgsrc/sysutils/xentools20/distinfo		1.4-1.5
    - pkgsrc/sysutils/xentools20/patches/patch-af	1.2
    - pkgsrc/sysutils/xentools20/patches/patch-as	1.1
    
       Module Name:		pkgsrc
       Committed By:	bouyer
       Date:		Fri Apr  1 19:06:12 UTC 2005
    
       Modified Files:
       	pkgsrc/sysutils/xentools20: Makefile
       	pkgsrc/sysutils/xentools20/files: xend.sh
    
       Log Message:
       xend.sh fixes:
       - set command_interpreter, so that rc.subr(8) can find the process(es).
       - /usr/pkg/sbin/xend {stop,restart} don't to what we expect, to
         let rc.subr do it instead.
       Bump PKGREVISION.
       Should fix pkg/29847.
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Sat Apr 16 13:35:29 UTC 2005
    
       Modified Files:
       	pkgsrc/sysutils/xentools20: Makefile
    
       Log Message:
       Fix dependency pattern to include [0-9].
    ---
       Module Name:		pkgsrc
       Committed By:	xtraeme
       Date:		Mon May 23 18:05:16 UTC 2005
    
       Modified Files:
       	pkgsrc/sysutils/xentools20: distinfo
       	pkgsrc/sysutils/xentools20/patches: patch-af
    
       Log Message:
       Fix build on NetBSD/-current by including <sys/select.h>.
    ---
       Module Name:		pkgsrc
       Committed By:	bouyer
       Date:		Mon May 23 22:02:04 UTC 2005
    
       Modified Files:
       	pkgsrc/sysutils/xentools20: Makefile distinfo
       Added Files:
       	pkgsrc/sysutils/xentools20/patches: patch-as
    
       Log Message:
       Don't mmap /kern/xen/privcmd (this doesn't work any more on current),
       use MAP_ANON instead. Bump pkgrevision.
Commits on May 30, 2005
  1. 526

    snj authored
Something went wrong with that request. Please try again.