Permalink
Commits on Mar 29, 2006
  1. #1269

    salo committed Mar 29, 2006
  2. Pullup ticket 1269 - requested by Matthias Scheler

    security update for mysqladmin
    
    Patch provided by the submitter.
    
       Module Name:		pkgsrc
       Committed By:	tron
       Date:		Sun Mar 26 17:55:28 UTC 2006
    
       Modified Files:
       	pkgsrc/databases/phpmyadmin: Makefile distinfo
       Added Files:
       	pkgsrc/databases/phpmyadmin/patches: patch-aa
    
       Log Message:
       Update "phpmyadmin" package to version 2.8.0.2.
       Changes since version 2.8.0.1:
       - XSS vulnerability (set_theme)
       - mysqli problems with zend.ze1_compatibility_mode enabled
       - setup script did not save the mysql/mysqli extension
    
       Package source related changes:
       - incooperate fix for phpMyAdmin bug #1436279 to make the package usable
         with Safari under Mac OS X again
    ---
       Module Name:		pkgsrc
       Committed By:	tron
       Date:		Wed Mar 29 14:04:48 UTC 2006
    
       Modified Files:
       	pkgsrc/databases/phpmyadmin: Makefile
    
       Log Message:
       Remove ".orig" files from work directory before installation so they
       don't get installed. This fixes a package list problem reported by
       Lubomir Sedlacik in private e-mail. Bump package revision.
    salo committed Mar 29, 2006
Commits on Mar 24, 2006
  1. #1254, #1255

    salo committed Mar 24, 2006
  2. Pullup ticket 1255 - requested by Todd Vierling

    security fix for sendmail
    
    Revisions pulled up:
    - pkgsrc/mail/sendmail/Makefile			1.84
    - pkgsrc/mail/sendmail/Makefile.common		1.32
    - pkgsrc/mail/sendmail/distinfo			1.27
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Wed Mar 22 19:56:37 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
    
       Log Message:
       Update sendmail to address the current security issue
       Bump to nb2
       This will change the internal version of sendmail to 8.13.5.20060308
       > 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
       > 		and client side of sendmail with timeouts in the libsm I/O
       > 		layer and fix problems in that code.  Also fix handling of
       > 		a buffer in sm_syslog() which could have been used as an
       > 		attack vector to exploit the unsafe handling of
       > 		setjmp(3)/longjmp(3) in combination with signals.
       > 		Problem detected by Mark Dowd of ISS X-Force.
       > 	Handle theoretical integer overflows that could triggered if
       > 		the server accepted headers larger than the maximum
       > 		(signed) integer value.  This is prevented in the default
       > 		configuration by restricting the size of a header, and on
       > 		most machines memory allocations would fail before reaching
       > 		those values.  Problems found by Phil Brass of ISS.
    salo committed Mar 24, 2006
  3. Pullup ticket 1254 - requested by Todd Vierling

    security fix for sendmail812
    
    Revisions pulled up:
    - pkgsrc/mail/sendmail812/Makefile		1.8
    - pkgsrc/mail/sendmail812/Makefile.common	1.10
    - pkgsrc/mail/sendmail812/distinfo		1.4
    
       Module Name:		pkgsrc
       Committed By:	tv
       Date:		Wed Mar 22 21:19:06 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/sendmail812: Makefile Makefile.common distinfo
    
       Log Message:
       Update sendmail (with vendor patch) to address the current security issue:
           http://www.kb.cert.org/vuls/id/834865
    
       Bump to nb2.
       This will change the internal version of sendmail to 8.12.11.20060308.
    
       >       SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
       >               and client side of sendmail with timeouts in the libsm I/O
       >               layer and fix problems in that code.  Also fix handling of
       >               a buffer in sm_syslog() which could have been used as an
       >               attack vector to exploit the unsafe handling of
       >               setjmp(3)/longjmp(3) in combination with signals.
       >               Problem detected by Mark Dowd of ISS X-Force.
       >       Handle theoretical integer overflows that could triggered if
       >               the server accepted headers larger than the maximum
       >               (signed) integer value.  This is prevented in the default
       >               configuration by restricting the size of a header, and on
       >               most machines memory allocations would fail before reaching
       >               those values.  Problems found by Phil Brass of ISS.
    salo committed Mar 24, 2006
  4. #1250

    salo committed Mar 24, 2006
  5. Pullup ticket 1250 - requested by Marc Recht

    security update for curl
    
    Revisions pulled up:
    - pkgsrc/www/curl/Makefile		1.62, 1.63
    - pkgsrc/www/curl/PLIST			1.19
    - pkgsrc/www/curl/distinfo		1.43, 1.44
    - pkgsrc/www/curl/patches/patch-aa	removed
    - pkgsrc/www/curl/patches/patch-ac	removed
    
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Fri Mar  3 22:26:08 UTC 2006
    
       Modified Files:
       	pkgsrc/www/curl: Makefile PLIST distinfo
       Removed Files:
       	pkgsrc/www/curl/patches: patch-aa
    
       Log Message:
       Update to 7.15.2:
    
       Version 7.15.2 (27 February 2005)
    
       Daniel (22 February 2006)
       - Lots of work and analysis by "xbx___" in bug #1431750
         (http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
         different but related bugs:
    
         1) Removing an easy handle from a multi handle before the transfer is done
            could leave a connection in the connection cache for that handle that is
            in a state that isn't suitable for re-use. A subsequent re-use could then
            read from a NULL pointer and segfault.
    
         2) When an easy handle was removed from the multi handle, there could be an
            outstanding c-ares DNS name resolve request. When the response arrived,
            it caused havoc since the connection struct it "belonged" to could've
            been freed already.
    
         Now Curl_done() is called when an easy handle is removed from a multi handle
         pre-maturely (that is, before the transfer was complteted). Curl_done() also
         makes sure to cancel all (if any) outstanding c-ares requests.
    
       Daniel (21 February 2006)
       - Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
         type to the already provided type CURLPROXY_SOCKS4.
    
         I added a --socks4 option that works like the current --socks5 option but
         instead use the socks4 protocol.
    
       Daniel (20 February 2006)
       - Shmulik Regev fixed an issue with multi-pass authentication and compressed
         content when libcurl didn't honor the internal ignorebody flag.
    
       Daniel (18 February 2006)
       - Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
         code. It should however not be the cause of any troubles. He also fixed a
         few similar problems in the HTTP test server code.
    
       Daniel (17 February 2006)
       - Shmulik Regev provided a fix for the DNS cache when using short life times,
         as previously it could be holding on to old cached entries longer than
         requested.
    
       Daniel (11 February 2006)
       - Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
         that an app can use to let libcurl only connect to a remote host and then
         extract the socket from libcurl. libcurl will then not attempt to do any
         transfer at all after the connect is done.
    
       - Kent Boortz improved the configure check for GnuTLS to properly set LIBS
         instead of LDFLAGS.
    
       Daniel (8 February 2006)
       - Philippe Vaucher provided a brilliant piece of test code that show a problem
         with re-used FTP connections. If the second request on the same connection
         was set not to fetch a "body", libcurl could get confused and consider it an
         attempt to use a dead connection and would go acting mighty strange.
    
       Daniel (2 February 2006)
       - Make --limit-rate [num] mean bytes. It used to be that but it broke in my
         change done in November 2005.
    
       Daniel (30 January 2006)
       - Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
         curl tool with --local-port. Plain and simply set the range of ports to bind
         the local end of connections to. Implemented on to popular demand.
    
       - Based on an error report by Philippe Vaucher, we no longer count a retried
         connection setup as a follow-redirect. It turns out 1) this fails when a FTP
         connection is re-setup and 2) it does make the max-redirs counter behave
         wrong.
    
       Daniel (24 January 2006)
       - Michal Marek provided a patch for FTP that makes libcurl continue to try
         PASV even after EPSV returned a positive response code, if libcurl failed to
         connect to the port number the EPSV response said. Obviously some people are
         going through protocol-sensitive firewalls (or similar) that don't
         understand EPSV and then they don't allow the second connection unless PASV
         was used. This also called for a minor fix of test case 238.
    
       Daniel (20 January 2006)
       - Duane Cathey was one of our friends who reported that curl -P [IP]
         (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
         "native" IP while it works fine for ipv6-disabled builds!
    
         In the process of fixing this, I removed the support for LPRT since I can't
         think of many reasons to keep doing it and asking on the mailing list didn't
         reveal anyone else that could either. The code that sends EPRT and PORT is
         now also a lot simpler than before (IMHO).
    
       Daniel (19 January 2006)
       - Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
         (built ipv4-only) didn't work.
    
       Daniel (18 January 2006)
       - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
         the configure script complained about a missing "missing" script if you ran
         configure within a path whose name included one or more spaces. This is due
         to a flaw in automake (1.9.6 and earlier). I've now worked around it by
         including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
         be used instead of the one automake ships with. This kludge needs to be
         removed once we get an automake version with this problem corrected.
         Possibly we'll then need to convert this into a kludge depending on what
         automake version that is used and that is gonna be painful and I don't even
         want to think about that now...!
    
       Daniel (17 January 2006)
       - David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
         the latest features and protocols that libcurl supports and has a minor fix
         to better deal with the obscure case where someone has more than one libcurl
         installed at the same time.
    
       Daniel (16 January 2006)
       - David Shaw finally removed all traces of Gopher and we are now officially
         not supporting it. It hasn't been functioning for years anyway, so this is
         just finally stating what already was true. And a cleanup at the same time.
    
       - Bryan Henderson turned the 'initialized' variable for curl_global_init()
         into a counter, and thus you can now do multiple curl_global_init() and you
         are then supposed to dot of calls to curl_global_cleanup().
         Bryan has also updated the docs accordingly.
    
       Daniel (13 January 2006)
       - Andrew Benham fixed a race condition in the test suite that could cause the
        ript to kill all processes in the current process group!
    
       Daniel (12 January 2006)
       - Michael Jahn:
    
         Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
         HTTP proxh a proxy.  It would
         previously overwrite internal memory and cause unpredicted behaviour!
    
       Daniel (11 January 2006)
       - I decided to document the "secret option" here now, as I've receivedts from November 2005:
    
         I'm looking for feedback and comments. I added some experimental code the
         other day, that allows a libcurl user to select what method libcurl should
         use to reality is available in CVS code and in recent daily snapshots.
    
         Let me explain...
    
         The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
         the command line tool) andt do this:
    
         1 multicwd - like today, curl will do a single CWD operation for each path
                  part in the given URL. For deep hierarchies this means very many
                  commands. This is how RFC1738 says it should be done. This is the
                 - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
                  a full path to the server.
    
         3 singlecwd - make one CWD with the full target directory and then operate
                 on the file "normally".
    
         (With the command line tool you do --ftp-method [METHOD], where [METHOD] is
         one of "multicwd", "nocwd" or "singlecwd".)
    
         What feedback I'm interested in:vers where one of these don't work?
    
         2 - What would proper names for the option and its arguments be, if we
             consider this feature good enough to get included and documented in
            ses?
    
         3 - Should we make libcurl able to "walk through" these options in case of
             (path related) failures, or should it fail and let the user redo any
             possible retries?
    
         (Thi any man page just yet since I'm not sure
         these names will be used or if the functionality will end up exactly like
         this.  And for the same reasons we have no test cases for these yet.)
    
       Daniel (10 January 2006)
       - When using a bad path over FTP, asinto all
         given subdirs, libcurl would still "remember" the full path as if it is the
         current directory libcurl is in so that the next curl_easy_perform() would
         get really confused if
    ---
       Module Name:		pkgsrc
       Committed By:	recht
       Date:		Tue Mar 21 21:49:47 UTC 2006
    
       Modified Files:
       	pkgsrc/www/curl: Makefile distinfo
       Removed Files:
       	pkgsrc/www/curl/patches: patch-ac
    
       Log Message:
       update to curl 7.15.3
    
       Fixes a TFTP packet buffer overflow vulnerability.
       See http://curl.haxx.se/docs/adv_20060320.html for details.
    
       Changes:
       - added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
    
       Bugfixes:
       - TFTP Packet Buffer Overflow Vulnerability
       - properly detecting problems with sending the FTP command USER
       - wrong error message shown when certificate verification failed
       - multi-part formpost with multi interface crash
       - the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
       - "SSL: couldn't set callback" is now treated as a less serious problem
       - Interix build fix
       - fixed curl "hang" when out of file handles at start
       - prevent FTP uploads to URLs with trailing slash
    salo committed Mar 24, 2006
Commits on Mar 22, 2006
  1. #1244

    salo committed Mar 22, 2006
  2. Pullup ticket 1244 - requested by Takahiro Kambe

    fix namazu2 dependency on File::MMagic
    
    Revisions pulled up:
    - pkgsrc/textproc/namazu2/Makefile		1.30
    
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Sat Mar 18 22:22:31 UTC 2006
    
       Modified Files:
       	pkgsrc/textproc/namazu2: Makefile
    
       Log Message:
       Depend on p5-File-MMagic>=1.25, from ISIHARA Takanori in PR 33099.
       No PKGREVISION bump since older versions broke configure (-> no binary pkg).
    salo committed Mar 22, 2006
Commits on Mar 17, 2006
  1. #1226

    salo committed Mar 17, 2006
  2. Pullup ticket 1226 - requested by Takahiro Kambe

    security update for namazu2
    
    Revisions pulled up:
    - pkgsrc/textproc/namazu2/Makefile		1.27, 1.29
    - pkgsrc/textproc/namazu2/PLIST			1.11
    - pkgsrc/textproc/namazu2/distinfo		1.8, 1.9
    - pkgsrc/textproc/namazu2/patches/patch-ac	removed
    - pkgsrc/textproc/namazu2/patches/patch-ad	removed
    - pkgsrc/textproc/namazu2/patches/patch-ae	removed
    - pkgsrc/textproc/namazu2/patches/patch-af	removed
    - pkgsrc/textproc/namazu2/patches/patch-ag	removed
    - pkgsrc/textproc/namazu2/patches/patch-ah	removed
    - pkgsrc/textproc/namazu2/patches/patch-ai	removed
    - pkgsrc/textproc/namazu2/patches/patch-aj	removed
    - pkgsrc/textproc/namazu2/patches/patch-ak	removed
    
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Thu Mar  2 16:02:37 UTC 2006
    
       Modified Files:
       	pkgsrc/textproc/namazu2: Makefile PLIST distinfo
       Removed Files:
       	pkgsrc/textproc/namazu2/patches: patch-ac patch-ad patch-ae patch-af
       	    patch-ag patch-ah patch-ai patch-aj patch-ak
    
       Log Message:
       Update namazu2 pacakge to 2.0.15.
    
       Overview of Changes in Namazu 2.0.15 - Jan. 29, 2006
    
       * The mistake of the document concerning ISO-8859-* is corrected.
       * RedHat software namazu.spec was taken in.
         The unnecessary patch was deleted.
       * Include File::MMagic 1.25.
       * Support MeCab.
       * Add -b and --use-mecab options for mknmz.
       * Add --norc option for mknmz and namazu.
       * Add --decode-base64 option for mknmz.
       * Add new filters (Gnumeric, Koffice, Mainman/Pipermail, Zip, Visio).
       * Add new directives for mknmzrc (MECAB, DENY_DDN).
         To skip when filename is DDN.
       * Add sorting function by date of field.
       * Added new files (nmzcat, nmzegrep).
       * Adapt new filter programs (wvWare 1.0.3, xlhtml 0.5.1, xpdf 3.01).
       * For Windows of filter (msword.pl, excel.pl, powerpoint.pl,
         postscript.pl, etc...).
       * Ole control filter renewal.
       * ';' can have been used for the delimiter of QUERY_STRING.
       * Add the Perl version test program (pltests).
       * Fix some bugs.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Sun Mar 12 14:36:54 UTC 2006
    
       Modified Files:
       	pkgsrc/textproc/namazu2: Makefile distinfo
    
       Log Message:
       Update namazu to 2.0.16.
    
       Overview of Changes in Namazu 2.0.16 - Mar 12, 2006
    
       * Directory traversal problem by lang and result of CGI parameter
         is corrected.
       * Substitution of "-r" that doesn't correspond to ACL of NTFS.
       * It corresponds to the file name including space.
       * For MeCab-perl-0.90rc10.
    salo committed Mar 17, 2006
  3. #1225

    salo committed Mar 17, 2006
  4. Pullup ticket 1225 - requested by Joerg Sonnenberger

    security update for libextractor
    
    Patch provided by the submitter.
    
       Module Name:		pkgsrc
       Committed By:	adam
       Date:		Sun Mar  5 22:06:38 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/libextractor: Makefile PLIST buildlink3.mk distinfo
       	pkgsrc/devel/libextractor/patches: patch-ab patch-ac
       Removed Files:
       	pkgsrc/devel/libextractor/patches: patch-aa patch-ad patch-ae
    
       Log Message:
       Changes 0.5.10:
       * Yet another round of XPDF-related security fixes.
       * Mis-detection of man pages as part of TAR archives fixed.
       * More Mime-types for the OLE2 extractor.  Also ignore (harmless)
       	libc errors in plugins when extracting.
       * More TAR improvements: keywords 'date' and 'format' are
       	extracted. More checksums variants were added. Long filenames
       	as produced by GNU and Schilling tar (possibly Solaris pax also)
       	are extracted.
    
       Changes 0.5.9:
       * Made TAR extractor parsing more robust.
       * Fixing crash in MIME-extractor due to typo in the code.
       * Fixed security problems in PDF extractor
    ---
       Module Name:		pkgsrc
       Committed By:	joerg
       Date:		Thu Mar 16 14:04:58 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/libextractor: distinfo
       Added Files:
       	pkgsrc/devel/libextractor/patches: patch-aa
    
       Log Message:
       Stupid code using zlib's prototype header. Patch away.
    salo committed Mar 17, 2006
Commits on Mar 16, 2006
  1. #1223

    salo committed Mar 16, 2006
  2. Add missing patches for #1223

    salo committed Mar 16, 2006
  3. Pullup ticket 1223 - requested by Quentin Garnier

    security update for php4
    
    Patch provided by the submitter.
    
       Module Name:		pkgsrc
       Committed By:	cube
       Date:		Fri Mar  3 07:11:34 UTC 2006
    
       Modified Files:
       	pkgsrc/www/php4: Makefile Makefile.common PLIST distinfo
       Added Files:
       	pkgsrc/www/php4/patches: patch-ao patch-ap
       Removed Files:
       	pkgsrc/www/php4/patches: patch-ab patch-am patch-an
    
       Log Message:
       Update to version 4.4.2.  Ok'd by jdolecek@.
    
       This is a bug fix release, which addresses some security problems too.
       The major points that this release corrects are:
    
           * Prevent header injection by limiting each header to a single line.
           * Possible XSS inside error reporting functionality.
           * Missing safe_mode/open_basedir checks into cURL extension.
           * Apache 2 regression with sub-request handling on non-Linux systems.
           * key() and current() regression related to references.
    
       This release also fixes about 30 other defects.
    ---
       Module Name:		pkgsrc
       Committed By:	cube
       Date:		Mon Mar  6 15:57:58 UTC 2006
    
       Modified Files:
       	pkgsrc/www/php4: distinfo
       	pkgsrc/www/php4/patches: patch-ao
    
       Log Message:
       Increase memory limit when installing PEAR packages.  This allows the
       installation to go through on NetBSD/sparc64 (well, at least mine).
    
       Failure reported by Joel Carnat.
    salo committed Mar 16, 2006
Commits on Mar 15, 2006
  1. #1215

    salo committed Mar 15, 2006
  2. Pullup ticket 1215 - requested by Adrian Portelli

    security update for bugzilla
    
    Revisions pulled up:
    - pkgsrc/devel/bugzilla/Makefile	1.17
    - pkgsrc/devel/bugzilla/PLIST		1.8
    - pkgsrc/devel/bugzilla/distinfo	1.10
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Tue Feb 21 16:48:55 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/bugzilla: Makefile PLIST distinfo
    
       Log Message:
       Update to 2.20.1
       Make pkglint happer
       This also fixes a number of security issues:
       	http://www.securityfocus.com/archive/1/425584/30/0/threaded
    
       > Version 2.20.1
       > --------------
       >
       > + Many PostgreSQL fixes, including fixing whine.pl on Pg 8
       >   (bug 301062) and fixing the --regenerate option of collectstats.pl
       >   for all versions of Pg (bug 316971). However, users who want full
       >   PostgreSQL support are encouraged to use the 2.22 series, as
       >   certain PostgreSQL bugs were discovered that will not be fixed
       >   in 2.20 (their fixes were too complex).
       >
       > + In Bugzilla 2.20, the "administrator" user created by checksetup.pl
       >   would not ever be sent email, because their email preferences were
       >   left blank. This has been fixed for 2.20.1. However, if you created
       >   this administrative user with Bugzilla 2.20, make sure to go back
       >   and enable their Email Preferences. (bug 317489)
       >
       > + The bzdbcopy.pl script mentioned in these release notes
       >   has now actually been checked-in to the 2.20 branch, and so
       >   it's included in this release. (bug 291776)
       >
       > + When there's only one Classification, you now won't be required
       >   to pick a Classification on bug entry. (bug 311489)
       >
       > + You can no longer add dependencies on bugs you can't see.
       >   (bug 141593)
       >
       > + The CC list is included in "New" bug emails, again. (bug 313661)
       >
       > + In the original 2.20, certain scripts were not correctly using
       >   the "shadow database," if it was specified. This has been fixed
       >   in 2.20.1. (bug 313695)
       >
       > + "Saved Searches" that were saved before Bugzilla 2.20, would throw
       >   an error if they contained "Days Since Bug Changed." as part of their
       >   criteria. This has been fixed in Bugzilla 2.20.1. (bug 302599)
       >
       > + You can now successfully delete a product even when Target Milestones
       >   are turned off. (bug 317025)
       >
       > + checksetup.pl now correctly pre-compiles templates for languages other
       >   than English. (bug 304417)
       >
       > + The "All Closed" chart that is created by default in New Charts
       >   now actually represents all closed bugs, and not all bugs in the
       >   product. (bug 300473)
       >
       > + CSV bug lists with more than 1000 dates now work properly. (bug 257813)
       >
       > + Various bugs with upgrading from previous versions of Bugzilla
       >   have been fixed. (bug 307662, bug 311047, bug 310108)
       >
       > + Many, many other bug fixes. See
       > http://www.bugzilla.org/status/changes.html
       >   for details on what was fixed between 2.20 and 2.20.1.
    salo committed Mar 15, 2006
  3. #1214

    salo committed Mar 15, 2006
  4. Pullup ticket 1214 - requested by Julio M. Merino Vidal

    security update for monotone
    
    Patch provided by the submitter.
    
       Module Name:		pkgsrc
       Committed By:	jmmv
       Date:		Thu Mar  9 20:30:16 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/monotone: Makefile distinfo
    
       Log Message:
       Update to 0.25.2:
    
               0.25.2 release.  Important security fix for Windows and OS X
               users.
    
               With versions of monotone prior to this release, a person with
               commit access could commit a malicious file with a name like
               "mt/monotonerc".  When anybody else then checked out this
               revision on a system with a case-folding filesystem --
               usually, this means, "on Windows or OS X" -- then their
               monotone would run arbitrary Lua code stored in this file.
    
               The _only_ change in this release as compared to 0.25 is that
               the existing checks against files in MT are now extended to
               check for mt, Mt, and mT.
    
               All users on Windows and OS X, or otherwise checking out
               versioned source on a case-insensitive filesystem, are
               recommended to upgrade immediately.  Binaries used only for
               serving, or only on case-insensitive filesystems (i.e., most
               Unix users), are not affected.
    
               (0.25.1 was never released in source form.  The original
               0.25 build for Windows was found to have problems on NT 4, and
               0.25.1 was Windows-only rebuild with NT 4 compatible
               libraries.)
    salo committed Mar 15, 2006
  5. #1207

    salo committed Mar 15, 2006
  6. Pullup ticket 1207 - requested by Thomas Klausner

    security update for sun-j{re,dk}14
    
    Revisions pulled up:
    - pkgsrc/lang/sun-jdk14/Makefile		1.30, 1.31, 1.32
    - pkgsrc/lang/sun-jdk14/PLIST			1.10
    - pkgsrc/lang/sun-jdk14/buildlink3.mk		1.4, 1.5
    - pkgsrc/lang/sun-jdk14/distinfo		1.16
    - pkgsrc/lang/sun-jdk14/files/common		1.3
    - pkgsrc/lang/sun-jre14/Makefile		1.35
    - pkgsrc/lang/sun-jre14/PLIST			1.17
    - pkgsrc/lang/sun-jre14/buildlink3.mk		1.4
    - pkgsrc/lang/sun-jre14/distinfo		1.20
    
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Thu Mar  2 21:37:01 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/sun-jdk14: Makefile PLIST
       	pkgsrc/lang/sun-jdk14/files: common
    
       Log Message:
       Fix PLIST. Bump PKGREVISION.
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Thu Mar  2 21:37:31 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/sun-jdk14: Makefile buildlink3.mk
    
       Log Message:
       pkgdelint.
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Tue Mar  7 03:22:31 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/sun-jdk14: Makefile distinfo
       	pkgsrc/lang/sun-jre14: Makefile PLIST distinfo
    
       Log Message:
       Update sun-j{re,dk}14 to 1.4.11:
    
       Changes in 1.4.2_11
    
       Exception message's size is more than doubled everytime an exception is thrown
       CMS: assert during mark-word restoration
       returning out of memory when -XX:+UseConcMarkSweepGC is used.
       Concurrently memory allocation and JNI CS provoke OOM
       Gc tests crashes on linux-ia64 at concurrentMarkSweepGeneration.cpp with -Xcongc
       RFE: Stall allocation requests while heap is full and GC locker is held
       Reduce default code cache sizes on 64-bit platforms
       Intel IA64(Montecito) failed with 1.4.2_09
       VM uselessly traps SIGCHLD on Linux (cleanup)
       Linux build does not optimize AWT and other essential libraries
       REGRESSION: ClassCastException in JISAutoDetect.java on 1.4.2_10
       decodeText() doesn't convert from iso-2022-jp to Unicode for some Japanese chars
       Increase compiler optimisation level for libfontmanager to improve runtime performance
       Mouse Cursor should be the default cursor when ALT key is pressed, on win32
       PIT: Default cursor is shown but changing when ALT key is down, on win32
       RE 1.5.0_04 copy and paste fails in Modal JDialog
       REGRESSION: 6 JCK14a api/java_lang/StrictMath tests fail on tiger
       java.net.Socket checks for old-style impls
       InetAddress never caches hostnames with upper case characters
       (coll) Exception thrown while deserializing HashMap
       (coll) The writeObject() specification in HashMap.java was changed in 1.4.2_11
       Correction to the new Azerbaijani currency
       (tz) Regression test java/util/TimeZone/SolarisTZVM.sh is failing on Solaris 10
       GregorianCalendar doesn't work in non-lenient due to timezone bounds checking
       (tz) Support tzdata2005n
       (tz) java/util/TimeZone/WinTZVM.sh fails on amd64
       New Azerbaijani currency
       Cannot deserialize a Calendar with Security on
       (tz) Incorrect default timezone for Santiago, Chile on Win32.
       REGRESSION: serious performance degradation as GZIPInputStream is slower
       Problem with jre 1.4.2_08 install/unistall script
       The official version number is not correct in release notes
       Java Process terminates abnormally, related to Attach/detatch operation in jni.cpp
       realloc should not be used in cjavajni.cpp
       Socket timeouts for SSLSockets causes data corruption
    
       Changes in 1.4.2_10
    
       hotspot crashes when c1 compiler thread is running in 6.0b26
       hotspot crashes(SIGSEGV) when many local variables are used in one java program
       JVM 1.4.2_06 crash in C2 compiler at IdealLoopTree::policy_do_remove_empty_loop
       HotSpot compiler error (Error ID : 4F530E43505002EF 01) uploading large files
       Full GC causes core
       Hotspot problem with loop-variables of type long on jdk1.4.2/Itanium
       CMS: perm gen expansion without explicit GC, but with concurrent cycle initiation.
       CMS: more helpful message for concurrent mode failures
       JVM crash in "instanceof" codelet, array of secondary supertypes at end of heap.
       deadlock at VM startup when JVMPI / JDWP both enabled
       Performance problems with com.sun.corba.se.impl packages in 5.0
       1.4.2xx only: org.omg.CORBA.OBJECT_NOT_EXIST errors when using -Dcom.sun.CORBA.ORBServerPort
       1.4.2xx only - Sun ORB Hang
       Memory Leak in Class Loaders with RMI-IIOP
       Worse performance of isSupported for JISAutoDetect (1.4.X)
       ArrayIndexOutOfBoundsException when opening PrintDialog with HP LaserJet 1300
       nsk/regression/b4305163 test dumps core on solx86
       Font.equals in 1.4.2 needs tightening to include the native font pointer.
       NPE thrown when opening PrintDialog with HP LaserJet 8000N
       java.awt.color.ICC_Profile should define serialVersionUID
       Color Management code is not thread safe in HT/SMP machine
       Component.removeNotify() should always deactivate InputContext
       problem with DefaultPersistenceDelegate use of reflection
       JRE 1.4.2_07 lacks support for Japanese on RHEL-4
       (fs) FileChannelImpl.c: off64_t should be used for flock64 (F_SETLK64) in 1.4.2_07 (lnx)
       (so) client does not see (NIO-created) socket close with SO_TIMEOUT
       REGRESSION: Lock.java is failing with 1.4.2_10-b01 and passing with 1.4.2_09-b05
       (se) DevPollSelectorProvider stops being the default on Solaris 10
       Cannot Ctrl-Shift-Click to create disjoint selection interval in list
       gif files not found error message displayed at console
       Problem with applet interaction with system selection clipboard
       New currencies for Afghanistan and East Timor
       (rb) Update javadoc for java.util.ListResourceBundle class
       ListResourceBundle subclasses should have protected getContents() returning Object[][] copy
       GZipOutputStream/InputStream goes critical(calls JNI_Get*Critical) and causes slowness
       GZipOutputStream/InputStream goes critical(calls JNI_Get*Critical) and causes slowness
       GZipOutputStream/InputStream goes critical(calls JNI_Get*Critical) and causes slowness
       Auto regression test 5098318 was failing with 142_10-b01
       Auto regression test case 6282891 was failing with 142_10-b01(Compilation failed)
       Auto regression test case 6232446 was failing with 142_10-b01 on Sol10-sparc
       Manual regression testcase 4902977 scripts(runTest.ksh) has to be modified to support Suse9.3
       Manual regression Testcase (4861802) is failing on Solaris10-sparc with 5.0u6_b02 and 1.4.2-10_b01
       Manual Regression test 4974531 instructions need modification
       TESTBUG: 6291034 testcase is failing with exit code1
       SubClasses of ListResourceBundle should fix getContents()
       Subclasses of ListResourceBundle should fix getContents()
       FileCacheImageInputStream and FileCacheImageOutputStream should avoid File.deleteOnExit
       JAR verification causes significant footprint increases
       1.4.2_10 nightly build failed
       creating JVM via C program "steals" space from main thread stack rendering JNI useless
       Auto regression testcases(sun/tools/jps/jps-*.sh) is failing.
       java launcher should define -Dsun.java.launcher
       IFrame in Applet flickers
       Applet will not reauthenticate user when returning from another applet
       java web start cannot start on linux with newer glibc
       SubClasses of ListResourceBundle should fix getContents()
       Testcase TestMaliciousSigObj.java in JCE workspace has an extra closing brace
       Cached Jar file should be released on appl. exit even that is opended by Cipher
       intermittent "RSA PreMasterSecret error" during ssl handshake
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Tue Mar  7 04:36:21 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/sun-jre14: buildlink3.mk
    
       Log Message:
       Bump BUILDLINK_RECOMMENDED for security fix.
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Tue Mar  7 04:39:19 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/sun-jdk14: buildlink3.mk
    
       Log Message:
       Bump BUILDLINK_RECOMMENDED for security fix.
    salo committed Mar 15, 2006
  7. #1186

    salo committed Mar 15, 2006
  8. Pullup ticket 1186 - requested by Martti Kuparinen

    security update for squirrelmail
    
    Revisions pulled up:
    - pkgsrc/mail/squirrelmail/Makefile		1.65, 1.66, 1.68, 1.69
    - pkgsrc/mail/squirrelmail/PLIST		1.17
    - pkgsrc/mail/squirrelmail/buildlink3.mk	1.6, 1.7
    - pkgsrc/mail/squirrelmail/distinfo		1.30
    - pkgsrc/mail/squirrelmail/patches/patch-ab	removed
    - pkgsrc/mail/squirrelmail/patches/patch-ac	removed
    - pkgsrc/mail/squirrelmail/patches/patch-ad	removed
    - pkgsrc/mail/squirrelmail/patches/patch-ae	removed
    - pkgsrc/mail/squirrelmail/patches/patch-af	removed
    - pkgsrc/mail/squirrelmail/patches/patch-ag	removed
    - pkgsrc/mail/squirrelmail/patches/patch-ah	removed
    - pkgsrc/mail/squirrelmail/plugin.mk		1.3
    - pkgsrc/mail/squirrelmail-decode/Makefile	1.3
    - pkgsrc/mail/squirrelmail-locales/Makefile	1.11, 1.12, 1.13, 1.14
    - pkgsrc/mail/squirrelmail-locales/PLIST	1.5, 1.6, 1.7
    - pkgsrc/mail/squirrelmail-locales/distinfo	1.4
    - pkgsrc/mail/ja-squirrelmail/Makefile		1.23, 1.24, 1.26
    
       Module Name:		pkgsrc
       Committed By:	joerg
       Date:		Fri Jan 20 23:56:59 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/squirrelmail: Makefile
    
       Log Message:
       Use SUBST framework. Replace some "find foo | xargs bar" with
       "find foo -exec bar {} \;" while here, the former is faster, but can't
       cope with all quoting issues and is also more likely to hit argument
       length limits. CONFLICT to ja-squirrelmail.
    ---
       Module Name:		pkgsrc
       Committed By:	joerg
       Date:		Fri Jan 20 23:57:26 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/ja-squirrelmail: Makefile
    
       Log Message:
       Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar.
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Fri Feb  3 10:26:17 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/squirrelmail: Makefile
    
       Log Message:
       s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Fri Feb  3 10:26:44 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/ja-squirrelmail: Makefile
    
       Log Message:
       s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Fri Feb 17 07:04:25 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/ja-squirrelmail: Makefile
    	pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk
    	pkgsrc/mail/squirrelmail-locales: Makefile
    
       Log Message:
       Fixed warnings found by pkglint -Wall.
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Mon Feb 27 07:12:14 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
       Removed Files:
    	pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae
                patch-af patch-ag patch-ah
    
       Log Message:
       Updated squirrelmail to 1.4.6
    
       This release is very important, and we strongly advise everybody to
       update to the latest release.
    
       Security Update
       ===============
       This version contains a number of security updates that were brought
       to our attention via a number of sources.
    
       - In webmail.php, the right_frame parameter was not properly sanitized
          to deal with very lenient browsers, which allowed for cross site
          scripting or frame replacing. [CVE-2006-0188]
    
       - In the MagicHTML function, some very obscure constructs were
          discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
          concern), and comments could be inside keywords (allows for cross site
          scripting). Both only affect Internet Explorer users. Found by Martijn
          Brinkers and Scott Hughes. [CVE-2006-0195]
    
       - The function sqimap_mailbox_select did not strip newlines from the
          mailbox parameter, and thereby allowed for IMAP command injection.
          Found by Vicente Aguilera. [CVE-2006-0377]
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Mon Feb 27 07:13:00 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo
    
       Log Message:
       Updated squirrelmail-locales to 1.4.6
    
       * sync with squirrelmail 1.4.6
    ---
       Module Name:		pkgsrc
       Committed By:	cube
       Date:		Wed Mar  1 06:39:52 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/squirrelmail-locales: Makefile PLIST
    
       Log Message:
       Fix PLIST.
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Thu Mar  2 07:41:44 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/squirrelmail-decode: Makefile
    
       Log Message:
       Fix pkglint -Wall warnings.
    ---
       Module Name:		pkgsrc
       Committed By:	salo
       Date:		Wed Mar 15 11:48:29 UTC 2006
    
       Modified Files:
      	pkgsrc/mail/squirrelmail-locales: Makefile PLIST
    
       Log Message:
       Fix PLIST. (hi cube and martti!)
    salo committed Mar 15, 2006
Commits on Mar 11, 2006
  1. 1206

    snj committed Mar 11, 2006
  2. Pullup ticket 1206 - requested by Joerg Sonnenberger

    security updates for sun-j{re,dk}13
    
    Revisions pulled up:
    - pkgsrc/lang/sun-jre13/Makefile	1.43
    - pkgsrc/lang/sun-jre13/distinfo	1.16
    - pkgsrc/lang/sun-jdk13/Makefile	1.38
    - pkgsrc/lang/sun-jdk13/distinfo	1.18
    
       Module Name:    pkgsrc
       Committed By:   abs
       Date:           Wed Dec 28 09:21:57 UTC 2005
    
       Modified Files:
               pkgsrc/lang/sun-jre13: Makefile distinfo
    
       Log Message:
       Update lang/sun-jre13 to sun-jre13-1.0.17.
    
       Changes since sun-jre13-1.0.16
    
       - REGRESSION: hotspot c2 crash running rmi JCK tests
       - server VM crashes with -Xcomp in 1.4.2_05
       - Crashes at Function name=JVM_GetCPFieldSignatureUTF in jdk 1.3.1_13
       - Exception message's size is more than doubled everytime an
         exception is thrown
       - RFE: Stall allocation requests while heap is full and GC locker
         is held
       - VolanoTest OOM with mustang b14
       - JVMPI obj_frees come before method_exits
       - improve the performance of GC_locker
       - JRE/Browser crash during repaint - IE/XP on MP or HT systems.
       - GregorianCalendar returns bad WEEK_OF_YEAR
       - Escalation: broken for time zone issue with date on windows
       - Memory leak due to unreferenced Objects created via 1.3.1 ActiveX
         bridge
       - Possible regression in ActiveX Bridge 1.3.1_13 and higher
       - Beans extending JPanel class are not released when created via
         1.3.1 ActiveX bridge
    ---
       Module Name:    pkgsrc
       Committed By:   abs
       Date:           Wed Dec 28 09:22:31 UTC 2005
    
       Modified Files:
               pkgsrc/lang/sun-jdk13: Makefile distinfo
    
       Log Message:
       Update lang/sun-jdk13 to sun-jre13-1.0.17.
    
       Changes since sun-jdk13-1.0.16
    
       - REGRESSION: hotspot c2 crash running rmi JCK tests
       - server VM crashes with -Xcomp in 1.4.2_05
       - Crashes at Function name=JVM_GetCPFieldSignatureUTF in jdk 1.3.1_13
       - Exception message's size is more than doubled everytime an
         exception is thrown
       - RFE: Stall allocation requests while heap is full and GC locker
         is held
       - VolanoTest OOM with mustang b14
       - JVMPI obj_frees come before method_exits
       - improve the performance of GC_locker
       - JRE/Browser crash during repaint - IE/XP on MP or HT systems.
       - GregorianCalendar returns bad WEEK_OF_YEAR
       - Escalation: broken for time zone issue with date on windows
       - Memory leak due to unreferenced Objects created via 1.3.1 ActiveX
         bridge
       - Possible regression in ActiveX Bridge 1.3.1_13 and higher
       - Beans extending JPanel class are not released when created via
         1.3.1 ActiveX bridge
    snj committed Mar 11, 2006
  3. 1205

    snj committed Mar 11, 2006
  4. Pullup ticket 1205 - requested by Joerg Sonnenberger

    security fix for libast
    
    Revisions pulled up:
    - pkgsrc/devel/libast/Makefile		1.20
    - pkgsrc/devel/libast/distinfo		1.4
    - pkgsrc/devel/libast/patches/patch-aa	1.3
    
       Module Name:    pkgsrc
       Committed By:   joerg
       Date:           Tue Mar  7 02:30:41 UTC 2006
    
       Modified Files:
               pkgsrc/devel/libast: Makefile distinfo
       Added Files:
               pkgsrc/devel/libast/patches: patch-aa
    
       Log Message:
       Backport fix for CVE-20060224.
    snj committed Mar 11, 2006
  5. 1204

    snj committed Mar 11, 2006
  6. Pullup ticket 1204 - requested by Joerg Sonnenberger

    security fix for exim3
    
    Revisions pulled up:
    - pkgsrc/mail/exim3/Makefile		1.31
    - pkgsrc/mail/exim3/distinfo		1.9
    - pkgsrc/mail/exim3/patches/patch-ao	1.1
    - pkgsrc/mail/exim3/patches/patch-ap	1.1
    
       Module Name:    pkgsrc
       Committed By:   joerg
       Date:           Mon Mar  6 22:49:16 UTC 2006
    
       Modified Files:
               pkgsrc/mail/exim3: Makefile distinfo
       Added Files:
               pkgsrc/mail/exim3/patches: patch-ao patch-ap
    
       Log Message:
       Fix parsing of IPv6 address possibly result in privilege escalation.
    snj committed Mar 11, 2006
  7. 1203

    snj committed Mar 11, 2006
  8. Pullup ticket 1203 - requested by Joerg Sonnenberger

    security fix for tuxpaint
    
    Revisions pulled up:
    - pkgsrc/graphics/tuxpaint/Makefile		1.35
    - pkgsrc/graphics/tuxpaint/distinfo		1.18
    - pkgsrc/graphics/tuxpaint/patches/patch-ac	1.1
    
       Module Name:    pkgsrc
       Committed By:   adrianp
       Date:           Tue Jan 17 22:48:57 UTC 2006
    
       Modified Files:
               pkgsrc/graphics/tuxpaint: Makefile distinfo
       Added Files:
               pkgsrc/graphics/tuxpaint/patches: patch-ac
    
       Log Message:
       Add a patch via Debain to address:
               http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
    
       "The vulnerability is caused due to temporary files being created insecurely
       in the "/tmp" directory by the tuxpaint-import.sh script. This can be
       exploited via symlink attacks to create or overwrite arbitrary files with
       the privileges of the user running the affected script."
    
       Bump to nb6.
    snj committed Mar 11, 2006
  9. 1212

    snj committed Mar 11, 2006
  10. Pullup ticket 1212 - requested by Adrian Portelli

    security update for snort
    
    Revisions pulled up:
    - pkgsrc/net/snort/distinfo		1.33, 1.34
    - pkgsrc/net/snort/patches/patch-aa	1.13
    - pkgsrc/net/snort/Makefile.common	1.32
    
       Module Name:    pkgsrc
       Committed By:   joerg
       Date:           Thu Feb 16 20:45:52 UTC 2006
    
       Modified Files:
               pkgsrc/net/snort: distinfo
               pkgsrc/net/snort/patches: patch-aa
    
       Log Message:
       Fix errno.
    ---
       Module Name:    pkgsrc
       Committed By:   adrianp
       Date:           Thu Mar  9 09:37:44 UTC 2006
    
       Modified Files:
               pkgsrc/net/snort: Makefile.common distinfo
    
       Log Message:
       Update to 2.4.4
       This includes the fix for:
               http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0839
       > +2006-02-20 Steven Sturges <ssturges@sourcefire.com>
       > +    * src/preprocessors/spp_frag3.c:
       > +    * configure.in:
       > +      Fix ip options handling.  Thanks to Vyacheslav Burdjanadze for
       > +      finding the issue.
       > +
       > +2006-01-09 Steven Sturges <ssturges@sourcefire.com>
       > +    * src/sfutil/mwm.c:
       > +      Fixed bug with multiple recurring patterns in Wu-Manbher
       > +      implementation.
       > +      Thanks to Evan Stawnyczy for pointing it out an Marc Norton for
       > +      the fix.
       > +    * src/parser/IpAddrSet.c:
       > +      Fixed problem with parsing conf file and rules when DNS is not
       > +      working.
       > +      Thanks Martin Olsson for mentioning this and testing the fix.
       > +    * src/preprocessors/spp_perfmonitor.c:
       > +    * src/preprocessors/perf-base.c:
       > +      Handle wrapping on 64-bit platforms
       > +
       > +2005-11-17 Andrew Mullican <amullican@sourcefire.com>
       > +    * src/sfutil/sfxhash.c:
       > +    * src/preprocessors/portscan.c:
       > +      Add tracker without using bogus data, to avoid internal buffer
       > +      overrun.
       > +      Thanks Sandro Poppi for the find.
       > +
       > +2005-11-11 Steven Sturges <ssturges@sourcefire.com>
       > +    * src/snort.c:
       > +      Allow value of 0 to be used with -G flag
       > +    * src/preprocessors/spp_bo.c:
       > +      Code Cleanup
       > +    * src/preprocessors/spp_frag3.c:
       > +      Fix memory leak and mishandling of IP Options.  Thanks Yin
       > +      Zhaohui for the find.
    snj committed Mar 11, 2006
  11. 1218

    snj committed Mar 11, 2006