Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Dec 27, 2006
  1. Pullup ticket 1968 - requested by drochner

    ghen authored
    build fix for xine plugins
    
    - pkgsrc/audio/xine-arts/Makefile		1.23
    - pkgsrc/audio/xine-esound/Makefile		1.19
    
       Module Name:    pkgsrc
       Committed By:   drochner
       Date:           Fri Dec  8 18:48:52 UTC 2006
    
       Modified Files:
            pkgsrc/audio/xine-arts: Makefile
            pkgsrc/audio/xine-esound: Makefile
    
       Log Message:
       make this build again: keep "configure" from checking for X stuff
Commits on Dec 23, 2006
  1. 1966

    snj authored
  2. Pullup ticket 1966 - requested by ghen

    snj authored
    security update for seamonkey{,-bin,-gtk1}
    
    Revisions pulled up:
    - pkgsrc/www/seamonkey/Makefile-seamonkey.common	1.5
    - pkgsrc/www/seamonkey/distinfo				1.17
    - pkgsrc/www/seamonkey-bin/Makefile			1.10
    - pkgsrc/www/seamonkey-bin/distinfo			1.8
    
       Module Name:    pkgsrc
       Committed By:   ghen
       Date:           Wed Dec 20 14:22:45 UTC 2006
    
       Modified Files:
               pkgsrc/www/seamonkey: Makefile-seamonkey.common distinfo
               pkgsrc/www/seamonkey-bin: Makefile distinfo
    
       Log Message:
       Update seamonkey, seamonkey-bin and seamonkey-gtk1 to 1.0.7.  Fixed in this=
        version:
    
       MFSA 2006-74 Mail header processing heap overflows
       MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
       MFSA 2006-72 XSS by setting img.src to javascript: URI
       MFSA 2006-71 LiveConnect crash finalizing JS objects
       MFSA 2006-70 Privilege escallation using watch point
       MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
    
       For more info, see http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.7/README.html
  3. 1965

    snj authored
  4. Pullup ticket 1965 - requested by ghen

    snj authored
    security update for thunderbird
    
    Revisions pulled up:
    - pkgsrc/mail/thunderbird/Makefile-thunderbird.common	1.21
    - pkgsrc/mail/thunderbird/distinfo			1.32
    
       Module Name:    pkgsrc
       Committed By:   ghen
       Date:           Wed Dec 20 12:53:32 UTC 2006
    
       Modified Files:
               pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo
    
       Log Message:
       Update thunderbird and thunderbird-gtk1 to 1.5.0.9.  Fixed in this version:
    
       MFSA 2006-74 Mail header processing heap overflows
       MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
       MFSA 2006-72 XSS by setting img.src to javascript: URI
       MFSA 2006-71 LiveConnect crash finalizing JS objects
       MFSA 2006-70 Privilege escallation using watch point
       MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
    
       For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.9.html
Commits on Dec 21, 2006
  1. #1964

    salo authored
  2. Pullup ticket 1964 - requested by ghen

    salo authored
    security update for firefox
    
    Revisions pulled up:
    - pkgsrc/www/firefox/Makefile-firefox.common		1.39
    - pkgsrc/www/firefox/distinfo				1.59
    - pkgsrc/www/firefox-bin/Makefile			1.25
    - pkgsrc/www/firefox-bin/distinfo			1.22
    
       Module Name:		pkgsrc
       Committed By:	ghen
       Date:		Wed Dec 20 11:01:26 UTC 2006
    
       Modified Files:
       	pkgsrc/www/firefox: Makefile-firefox.common distinfo
       	pkgsrc/www/firefox-bin: Makefile distinfo
    
       Log Message:
       Update firefox, firefox-bin and firefox-gtk1 to 1.5.0.9. Fixed in this
       version:
    
       MFSA 2006-75 RSS Feed-preview referrer leak
       MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
       MFSA 2006-72 XSS by setting img.src to javascript: URI
       MFSA 2006-71 LiveConnect crash finalizing JS objects
       MFSA 2006-70 Privilege escallation using watch point
       MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
    
       For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html
  3. #1963

    salo authored
  4. Pullup ticket 1963 - requested by wiz

    salo authored
    security update for libmodplug
    
    Revisions pulled up:
    - pkgsrc/audio/libmodplug/Makefile			1.7, 1.8
    - pkgsrc/audio/libmodplug/distinfo			1.3
    
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Fri Dec 15 14:34:21 UTC 2006
    
       Modified Files:
       	pkgsrc/audio/libmodplug: Makefile
    
       Log Message:
       Reset maintainer, ben@ has resigned.
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Tue Dec 19 20:08:22 UTC 2006
    
       Modified Files:
       	pkgsrc/audio/libmodplug: Makefile distinfo
    
       Log Message:
       Security update to 0.8.4:
    
       0.8.4:
       A long overdue release, which adds support for .ABC and .MID files,
       as well as security patch [CVE-2006-4192], and a few small cleanups.
    
       0.8:
       This new release contains endianess fixes, and changes that other
       projects (which make use of this library) have deemed necessary
       for the libraries use. Due to the long time since the previous
       release, there may have been more contributers than is listed.
  5. #1962

    salo authored
  6. Pullup ticket 1962 - requested by wiz

    salo authored
    security update for gdm
    
    Revisions pulled up:
    - pkgsrc/x11/gdm/Makefile			1.121, 1.222
    - pkgsrc/x11/gdm/PLIST				1.31
    - pkgsrc/x11/gdm/distinfo			1.45, 1.46
    
       Module Name:		pkgsrc
       Committed By:	drochner
       Date:		Mon Oct 30 21:44:28 UTC 2006
    
       Modified Files:
       	pkgsrc/x11/gdm: Makefile PLIST distinfo
    
       Log Message:
       update to 2.16.1
       changes:
       -bugfixes
       -translation updates
    ---
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Tue Dec 19 17:54:45 UTC 2006
    
       Modified Files:
       	pkgsrc/x11/gdm: Makefile distinfo
    
       Log Message:
       Security update to 2.16.4:
    
       2.16.4 Stuff:
    
       - Fix for a recently reported security issue that has ID
         CVE-2006-6105.  This fixes a problem where a user can
         enter strings like "%08x" into the gdmchooser "Add"j
         host button and print out memory.  (Brian Cameron)
    
       - Fix for TryExec check in gdmsession to make sure that any
         arguments are not passed to g_find_program_in_path since
         this causes the function to say it is not executable.
         (Brian Cameron)
    
       - Translation updates (Runa Bhattacharjee, Josep Puigdemont
         i Casamaj\303\263, Laurent Dhima, I. Felix, David Lodge,
         Ani Peter, Rajesh Ranjan, Clytie Siddall, Vincent van
         Adrighem)
    
       2.16.3 Stuff:
    
       - Now support altfile[n] propery to cater for alternative
         image file definition.  (Erwann Chenede)
    
       - Fix custom lists so that focus does not ever leave the
         username/password entry field.  (Brian Cameron)
    
       - Update to make casting more clear in PAM logic.  This fixes a
         bug where the Kerberos PAM module was sending multiple error
         messages and GDM was not processing them properly.
         (Brian Cameron)
    
       - Add X_EXTRA_LIBS and X_LIBS to utils/Makefile when building
         gdm-dmx-reconnect-proxy to fix bug #368808.  (Brian Cameron)
    
       - Translation updates (Djihed Afifi, Wouter Bolsterlee, Luca
         Ferretti, Pema Geyleg, Priit Laes, Duarte Loreto, Christophe
         Merlet, Jovan Naumovski, Daniel Nylander, Ankit Patel, Ignacio
         Casal Quinteiro, Satoru SATOH, Francisco Javier F. Serrador,
         Alexander Shopov, Ilkka Tuohela)
    
       2.16.2 Stuff:
    
       - Now support for "combo" style lists, and id values of "session"
         and "language" are supported for displaying the session/language
         lists as drop-down combos.  (Brian Cameron).  For example:
    
         <item type="list" id="language" combo="true">
            <pos  x="25" y="10" height="40" width="300"/>
         </item>
         <item type="list" id="session" combo="true">
           <pos x="50" y="10" height="40" width="300"/>
         </item>
    
       - Now OK/Start Again buttons are sensitive/insensitive in a more
         sensible way for both gdmlogin and gdmgreeter (if GTK style buttons
         are used in gdmgreeter).  (Brian Cameron)
    
       - Face Browser widget and background rectangle (for gdmgreeter)
         is not shown if there are no users to display.  (Brian Cameron)
    
       - Help button now enabled in gdmphotosetup.  (Matthias Clasen)
    
       - Fix so that if timed user script returns an invalid user that
         timed login is not turned on.  (Andrew)
    
       - Fix bug that was causing %t to be expanded improperly when
         used in the timed login label.  (Brian Cameron)
    
       - Set authdir to NULL after freeing to avoid accessing an invalid
         pointer.  Fixes bug #359831.  (Amnon Aaronsohn)
    
       - Leaks fixed.  (Kjartan Maraas)
    
       - Translation updates (Abel Cheung, Priit Laes, Daniel Nylander)
Commits on Dec 20, 2006
  1. Ticket #1967.

    ghen authored
  2. Pullup ticket 1967 - requested by drochner

    ghen authored
    security fix for dbus
    
    - pkgsrc/sysutils/dbus/Makefile			patch
    - pkgsrc/sysutils/dbus/distinfo			patch
    - pkgsrc/sysutils/dbus/patches/patch-ba		patch
    
       Apply security patch from dbus 1.0.2 to dbus 0.92 to fix CVE-2006-6107.
Commits on Dec 18, 2006
  1. #1961

    salo authored
  2. Pullup ticket 1961 - requested by tv

    salo authored
    security update for tor
    
    Revisions pulled up:
    - pkgsrc/net/tor/Makefile			1.34, 1.36, 1.38
    - pkgsrc/net/tor/distinfo			1.21, 1.22, 1.23
    - pkgsrc/net/tor/patches/patch-ae		removed
    
       Module Name:		pkgsrc
       Committed By:	tv
       Date:		Mon Oct  9 00:51:26 UTC 2006
    
       Modified Files:
       	pkgsrc/net/tor: Makefile distinfo
       Removed Files:
       	pkgsrc/net/tor/patches: patch-ae
    
       Log Message:
       Update to 0.1.1.24.  Changes:
    
       Changes in version 0.1.1.24 - 2006-09-29
        o Major bugfixes:
          - Allow really slow clients to not hang up five minutes into their
            directory downloads (suggested by Adam J. Richter).
          - Fix major performance regression from 0.1.0.x: instead of checking
            whether we have enough directory information every time we want to
            do something, only check when the directory information has changed.
            This should improve client CPU usage by 25-50%.
          - Don't crash if, after a server has been running for a while,
            it can't resolve its hostname.
          - When a client asks us to resolve (not connect to) an address,
            and we have a cached answer, give them the cached answer.
            Previously, we would give them no answer at all.
    
        o Minor bugfixes:
          - Allow Tor to start when RunAsDaemon is set but no logs are set.
          - Don't crash when the controller receives a third argument to an
            "extendcircuit" request.
          - Controller protocol fixes: fix encoding in "getinfo addr-mappings"
            response; fix error code when "getinfo dir/status/" fails.
          - Fix configure.in to not produce broken configure files with
            more recent versions of autoconf. Thanks to Clint for his auto*
            voodoo.
          - Fix security bug on NetBSD that could allow someone to force
            uninitialized RAM to be sent to a server's DNS resolver. This
            only affects NetBSD and other platforms that do not bounds-check
            tolower().
          - Warn user when using libevent 1.1a or earlier with win32 or kqueue
            methods: these are known to be buggy.
          - If we're a directory mirror and we ask for "all" network status
            documents, we would discard status documents from authorities
            we don't recognize.
    ---
       Module Name:		pkgsrc
       Committed By:	tv
       Date:		Wed Nov  8 19:41:10 UTC 2006
    
       Modified Files:
       	pkgsrc/net/tor: Makefile distinfo
    
       Log Message:
       Update to 0.1.1.25.
    
       Changes in version 0.1.1.25 - 2006-11-04
         o Major bugfixes:
           - When a client asks us to resolve (rather than connect to)
             an address, and we have a cached answer, give them the cached
             answer. Previously, we would give them no answer at all.
           - We were building exactly the wrong circuits when we predict
             hidden service requirements, meaning Tor would have to build all
             its circuits on demand.
           - If none of our live entry guards have a high uptime, but we
             require a guard with a high uptime, try adding a new guard before
             we give up on the requirement. This patch should make long-lived
             connections more stable on average.
           - When testing reachability of our DirPort, don't launch new
             tests when there's already one in progress -- unreachable
             servers were stacking up dozens of testing streams.
    
         o Security bugfixes:
           - When the user sends a NEWNYM signal, clear the client-side DNS
             cache too. Otherwise we continue to act on previous information.
    
         o Minor bugfixes:
           - Avoid a memory corruption bug when creating a hash table for
             the first time.
           - Avoid possibility of controller-triggered crash when misusing
             certain commands from a v0 controller on platforms that do not
             handle printf("%s",NULL) gracefully.
           - Avoid infinite loop on unexpected controller input.
           - Don't log spurious warnings when we see a circuit close reason we
             don't recognize; it's probably just from a newer version of Tor.
           - Add Vidalia to the OS X uninstaller script, so when we uninstall
             Tor/Privoxy we also uninstall Vidalia.
    ---
       Module Name:		pkgsrc
       Committed By:	tv
       Date:		Sun Dec 17 21:53:44 UTC 2006
    
       Modified Files:
       	pkgsrc/net/tor: Makefile distinfo
    
       Log Message:
       Update to 0.1.1.26 to fix information disclosure vuln.
    
       Changes in version 0.1.1.26 - 2006-12-14
        o Security bugfixes:
          - Stop sending the HttpProxyAuthenticator string to directory
            servers when directory connections are tunnelled through Tor.
          - Clients no longer store bandwidth history in the state file.
          - Do not log introduction points for hidden services if SafeLogging
            is set.
    
        o Minor bugfixes:
          - Fix an assert failure when a directory authority sets
            AuthDirRejectUnlisted and then receives a descriptor from an
            unlisted router (reported by seeess).
  3. Ticket #1960.

    ghen authored
  4. Pullup ticket 1960 - requested by salo

    ghen authored
    security update for proftpd
    
    - pkgsrc/net/proftpd/Makefile			1.38
    - pkgsrc/net/proftpd/PLIST			1.11
    - pkgsrc/net/proftpd/distinfo			1.21
    - pkgsrc/net/proftpd/patches/patch-aa		1.8
    - pkgsrc/net/proftpd/patches/patch-ab		1.5
    - pkgsrc/net/proftpd/patches/patch-ac		1.7
    
       Module Name:	pkgsrc
       Committed By:	martti
       Date:		Thu Dec 14 11:19:46 UTC 2006
    
       Modified Files:
    	pkgsrc/net/proftpd: Makefile PLIST distinfo
    	pkgsrc/net/proftpd/patches: patch-aa patch-ab patch-ac
    
       Log Message:
       Updated net/proftpd to 1.3.1rc1
    
       The 1.3.1rc1 release includes major new features and numerous bugfixes,
       including:
    
         + Support for UTF8 and translated response messages (NLS support)
    
         + New configuration directives:
             DisplayChdir
             DisplayFileTransfer
             UseIPv6
             UseUTF8
    
         + Deprecated configuration directives:
             DisplayFirstChdir
               The DisplayFirstChdir directive is deprecated; sites should use
               the new DisplayChdir directive (which allows for files to
               be displayed on every directory change, rather than just the
               first time for a directory change).
    
             HiddenStor
               The HiddenStor directive is deprecated; simply use HiddenStores
               instead.
    
             SQLHomedirOnDemand
               The SQLHomedirOnDemand directive will be removed in future
               releases; use the CreateHome directive instead.
    
         + New modules:
             mod_ban, a module handling dynamic client "black lists"
             See doc/contrib/mod_ban.html
    
         + Enhanced modules:
             The mod_tls module can now make use of cryptographic accelerator
             cards with the new TLSCryptoDevice directive.  It can also use
             a program for obtaining certificate passphrases via the new
             TLSPassPhraseProvider directive.
    
         + Documentation
  5. #1959

    salo authored
  6. Pullup ticket 1959 - requested by ghen

    salo authored
    security update for clamav
    
    Revisions pulled up:
    - pkgsrc/mail/clamav/Makefile			patch
    - pkgsrc/mail/clamav/distinfo			1.44
    
       Module Name:		pkgsrc
       Committed By:	xtraeme
       Date:		Mon Dec 11 18:55:45 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/clamav: Makefile distinfo
    
       Log Message:
       Update to 0.88.7:
    
       This version improves scanning of mail and tar files.
Commits on Dec 13, 2006
  1. Tickets #1956, 1957.

    ghen authored
  2. Pullup ticket 1957 - requested by adrianp

    ghen authored
    security update for kronolith
    
    - pkgsrc/time/kronolith/Makefile		1.8
    - pkgsrc/time/kronolith/PLIST			1.5
    - pkgsrc/time/kronolith/distinfo		1.4
    
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Tue Dec 12 21:53:06 UTC 2006
    
       Modified Files:
    	pkgsrc/time/kronolith: Makefile PLIST distinfo
    
       Log Message:
       Update to 2.1.4
       ------
       v2.1.4
       ------
    
       [cjh] SECURITY: Close arbitrary file inclusion in free/busy views.
    
       ------
       v2.1.3
       ------
    
       [cjh] Set vEvent ORGANIZER to the event creator, not the calendar owner
       (kajtzu@basen.net, Bug 4527).
       [jan] Fix importing of events without end date and duration (Bug 4519).
       [jan] Correctly display recurring events spanning multiple days (Bug 4438).
       [jan] Fix recurrence end dates with SQLite backends (Bug 4219).
       [jan] Fix calculation of recurrence ends with imported and remote events
       (Bug 2813).
       [cjh] Consolidate the check for whether or not users can add events in
       the day and month views (Bug 4373).
       [jan] Fix alarms for recurring events in Kolab driver
       (michael.sheldon@credativ.de, Bug 4326).
       [jan] Show error message if imported file didn't contain events.
       [cjh] Fix the SQL types of several recurrence fields.
       [jan] Add categories from imported events to the user's categories.
       [jan] Add Slovenian translation (Duck <duck@obala.net>).
       [jan] Deal with attendee email addresses case insensitively.
       [jan] Don't consider events from remote calendars as busy time.
       [jan] Always try to return the correct event instance if requesting an
       event by its UID (Thorsten Schaub, Bug 1994).
       [cjh] Fix permissions for the calendar list in advanced search (Bug 4093).
  3. Pullup ticket 1956 - requested by wiz

    ghen authored
    security update for streamripper
    
    - pkgsrc/audio/streamripper/Makefile		1.3
    - pkgsrc/audio/streamripper/distinfo		1.2
    - pkgsrc/audio/streamripper/patches/patch-aa	1.1
    
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Tue Dec 12 20:27:15 UTC 2006
    
       Modified Files:
    	pkgsrc/audio/streamripper: Makefile distinfo
       Added Files:
    	pkgsrc/audio/streamripper/patches: patch-aa
    
       Log Message:
       Update to 1.61.27:
    
       New for 1.61.27
       ---------------
       Saturday, September 09, 2006
       * Fix bug that caused extra garbage between id3v2 and first frame.
       * Fix bug that truncated last byte of last frame in mp3 files.
    
       New for 1.61.26
       ---------------
       Thu Aug 24 21:50:47 EDT 2006
       * Fix for security problem CVE-2006-3124, buffer overflow in http
         header parsing that could result in remote exploit
    
       New for 1.61.25
       ---------------
       Sunday, August 13, 2006
       * Fix bug where -s flag was ignored when used with -a flag
       * Plugin: Add popup menu with history of recent URL's
       * Plugin: Fix problem with "old way of retrieving track"
       * Plugin: Fix problem not finding desktop folder on Windows 98
    
       New for 1.61.24
       ---------------
       Sun Jul  2 14:14:38 EDT 2006
       * Fix bug where external program wasn't being killed when reconnecting
    
       New for 1.61.23
       ---------------
       June 18, 2006
       * Plugin: Fix problem where streamripper can't find winamp directory
       * Plugin: Add STREAMRIPPER_WINAMP_HOME environment variable
       * Plugin: Fix sorting problem with skin list
       * Plugin: Add uninstaller
       * Plugin: Installer no longer overwrites parse_rules.txt
    
       New for 1.61.22
       ---------------
       Fri Jun  2 10:17:53 EDT 2006
       * Docking now works in modern skins
       * Docking now works when windowshading winamp
       * Debuging winamp plugin through STREAMRIPPER_DEBUG environment variable
    
       New for 1.61.21
       ---------------
       Sun 05-28-2006
       * Fix winamp crash caused by reference to debug file
    
       New for 1.61.20
       ---------------
       Sat 05-27-2006
       * Fix problem writing to \\net\paths on windows
       * Fix problem with options getting reset in winamp plugin
       * Fix rendering problem with skin preview in winamp plugin
       * Fix docking problem in winamp plugin
    
       New for 1.61.19
       ---------------
       Sat 03-25-2006
       * Add support for pls and m3u parsing
       * Upgrade to TRE version 0.7.2
       * Add configuration switch: --without-ogg, for compiling
         streamripper on systems that don't have ogg/vorbis libraries.
    
       New for 1.61.18
       ---------------
       Sun Mar  5 19:39:24 EST 2006
       * Add support for ogg file splitting
       * Add support for ogg relay
       * Return an ICY response header instead of HTTP response header.
         This fixes problems with Windows media player classic (#1189504).
       * Winamp relay now adds /;stream.nsv or /.ogg for NSV and OGG streams.
       * Add izverg's patch for when default skin is blank in sripper.ini.
    
       New for 1.61.17
       ---------------
       Tue 11-22-2005
       * Fix memory leak
       * Fix for proxy authentication without password (#1338203)
       * Check http_proxy environment variable for proxy url
    
       New for 1.61.16
       ---------------
       Sat Nov 12 01:18:06 EST 2005
       * Use external program for reading metadata
       * Possible fix for proxy authentication without password (#1338203)
       * Change splitting behavior when song is too short to do silence detection
       * Resize winamp plugin gui to make it more visible
    
       New for 1.61.15
       ---------------
       Fri 10-21-2005
       * Fix a problem where streamripper aborts with SR_ERROR_BUFFER_EMPTY
       * Improve splitting code to add correct amount of padding
       * Add winamp plugin GUI for -k flag
Commits on Dec 11, 2006
  1. Tickets #1953, 1954.

    ghen authored
  2. Pullup ticket 1954 - requested by salo

    ghen authored
    security fix for mutt-devel
    
    - pkgsrc/mail/mutt-devel/Makefile		1.53,1.55
    - pkgsrc/mail/mutt-devel/distinfo		1.35,1.36
    - pkgsrc/mail/mutt-devel/patches/patch-ae	1.7,1.8
    
       Module Name:	pkgsrc
       Committed By:	tonio
       Date:		Fri Nov  3 18:19:07 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/mutt-devel: Makefile distinfo
       Added Files:
    	pkgsrc/mail/mutt-devel/patches: patch-ae
    
       Log Message:
       Make sure that a temporary has been opened with proper permissions.
       Fixes the security problem reported in CVE-2006-5298.
    
       Patch from tron@ for the mail/mutt package
    ---
       Module Name:	pkgsrc
       Committed By:	salo
       Date:		Mon Dec 11 12:47:13 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/mutt-devel: Makefile distinfo
    	pkgsrc/mail/mutt-devel/patches: patch-ae
    
       Log Message:
       Use official upstream patch for CVE-2006-5297 and CVE-2006-5298 security
       issues from mutt GIT repo.  Bump PKGREVISION.
  3. Pullup ticket 1953 - requested by salo

    ghen authored
    security fix for mutt
    
    - pkgsrc/mail/mutt/Makefile			1.147
    - pkgsrc/mail/mutt/distinfo			1.33
    - pkgsrc/mail/mutt/patches/patch-ad		1.9
    
       Module Name:	pkgsrc
       Committed By:	salo
       Date:		Mon Dec 11 12:46:51 UTC 2006
    
       Modified Files:
    	pkgsrc/mail/mutt: Makefile distinfo
    	pkgsrc/mail/mutt/patches: patch-ad
    
       Log Message:
       Use official upstream patch for CVE-2006-5297 and CVE-2006-5298 security
       issues from mutt GIT repo.  Bump PKGREVISION.
    
       ok <tron>
  4. Ticket #1951.

    ghen authored
  5. Pullup ticket 1951 - requested by salo

    ghen authored
    security update for ImageMagick
    
    - pkgsrc/graphics/ImageMagick/Makefile		1.146,1.148
    - pkgsrc/graphics/ImageMagick/Makefile.common	1.65-1.66
    - pkgsrc/graphics/ImageMagick/PLIST		1.51-1.52
    - pkgsrc/graphics/ImageMagick/distinfo		1.78-1.81
    - pkgsrc/graphics/ImageMagick/patches/patch-aa	1.38-1.40
    - pkgsrc/graphics/ImageMagick/patches/patch-ab	1.24-1.25
    
       Module Name:	pkgsrc
       Committed By:	rillig
       Date:		Tue Oct 10 19:43:32 UTC 2006
    
       Modified Files:
    	pkgsrc/graphics/ImageMagick: distinfo
    	pkgsrc/graphics/ImageMagick/patches: patch-aa
    
       Log Message:
       Fixed "test ==".
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Sun Oct 22 21:03:15 UTC 2006
    
       Modified Files:
    	pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo
    	pkgsrc/graphics/ImageMagick/patches: patch-aa patch-ab
    
       Log Message:
       Changes 6.3.0-0:
         * Destroy MagickCore API environment when END{} is called in PerlMagick
         * Support -fx conditionals (e.g. x ? y : z), assignment (e.g. zz=3.1), and
           statement separators (e.g. zz=2.1; zz).
         * Add new pixel: attribute (e.g. -format '%[pixel:s]').
         * Add support for Supplementary Plane Unicode characters
    
       Changes 6.2.9-8:
         * The plasma: coder is once again opaque.
         * Bogus relinquish in rare circustances produced incorrect resource
           utilization statistics.
    
       Changes 6.2.9-7:
         * Add CMYK support to the PAM image format.
         * Do not write PDF soft mask if image is PaletteMatteType.
         * Patches from Sven Koehler to improve PerlMagick's build script.
    
       Changes 6.2.9-7:
         * Add additional ordered-dithering options.
    
       Changes 6.2.9-6:
         * Ensure cache_resources in magick/cache.c is a valid splay-tree before we
           add/remove nodes to/from it.
         * Automatically threshold the alpha channel at 50% when color reducing an
           image.
         * Make ParseMagickOptions() more robust to handle ordered dither options.
    ---
       Module Name:	pkgsrc
       Committed By:	joerg
       Date:		Thu Nov 30 22:55:31 UTC 2006
    
       Modified Files:
    	pkgsrc/graphics/ImageMagick: Makefile distinfo
       Added Files:
    	pkgsrc/graphics/ImageMagick/patches: patch-ac
    
       Log Message:
       Remove comma at end of enum in magick/options.h, making it parseable by
       C++ compilers. Bump revision.
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Sat Dec  9 10:57:50 UTC 2006
    
       Modified Files:
    	pkgsrc/graphics/ImageMagick: Makefile Makefile.common PLIST distinfo
    	pkgsrc/graphics/ImageMagick/patches: patch-aa patch-ab
       Removed Files:
    	pkgsrc/graphics/ImageMagick/patches: patch-ac
    
       Log Message:
       Changes 6.3.1.0:
       * Bug fixes
Commits on Dec 9, 2006
  1. #1949

    salo authored
  2. Pullup ticket 1949 - requested by wiz

    salo authored
    security fix for tnftpd
    
    Revisions pulled up:
    - pkgsrc/net/tnftpd/Makefile				1.15
    - pkgsrc/net/tnftpd/distinfo				1.7
    - pkgsrc/net/tnftpd/patches/patch-aa			1.3
    
       Module Name:		pkgsrc
       Committed By:	adrianp
       Date:		Sat Dec  2 23:00:05 UTC 2006
    
       Modified Files:
       	pkgsrc/net/tnftpd: Makefile distinfo
       Added Files:
       	pkgsrc/net/tnftpd/patches: patch-aa
    
       Log Message:
       Add a patch for:
        http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html
       Bumb to nb1
  3. #1943

    salo authored
  4. Pullup ticket 1943 - requested by taca

    salo authored
    security update for ruby18
    
    Revisions pulled up:
    - pkgsrc/lang/ruby/Makefile				1.41
    - pkgsrc/lang/ruby/rubyversion.mk			1.29, 1.30
    - pkgsrc/lang/ruby18-base/Makefile			1.29
    - pkgsrc/lang/ruby18-base/PLIST				1.9
    - pkgsrc/lang/ruby18-base/PLIST.common_end		1.2
    - pkgsrc/lang/ruby18-base/distinfo			1.17
    - pkgsrc/lang/ruby18-base/options.mk			1.1
    - pkgsrc/lang/ruby18-base/patches/patch-af		1.1
    - pkgsrc/lang/ruby18-base/patches/patch-bl		removed
    - pkgsrc/lang/ruby18/Makefile				1.15
    - pkgsrc/databases/ruby-gdbm/Makefile			1.15
    - pkgsrc/databases/ruby-gdbm/distinfo			1.1
    - pkgsrc/devel/ruby-curses/Makefile			1.10
    - pkgsrc/devel/ruby-curses/distinfo			1.7
    - pkgsrc/devel/ruby-mode/Makefile			1.15
    - pkgsrc/devel/ruby-mode/distinfo			1.6
    - pkgsrc/devel/ruby-readline/Makefile			1.20
    - pkgsrc/devel/ruby-readline/distinfo			1.13
    - pkgsrc/devel/ruby-readline/patches/patch-aa		1.5
    - pkgsrc/x11/ruby-tk/Makefile				1.25, 1.26
    - pkgsrc/x11/ruby-tk/PLIST				1.7
    - pkgsrc/x11/ruby-tk/distinfo				1.11
    - pkgsrc/mk/defaults/options.description		1.130
    
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:25:26 UTC 2006
    
       Modified Files:
       	pkgsrc/databases/ruby-gdbm: Makefile
       Added Files:
       	pkgsrc/databases/ruby-gdbm: distinfo
    
       Log Message:
       Update ruby-gdbm package to 1.8.5.20061205:
    
       - rdoc addition and trivial change.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:28:18 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/ruby-curses: Makefile distinfo
    
       Log Message:
       Update ruby-curses package to 1.8.5.20061205:
    
       - Fixed colose_set method always returns false.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:36:41 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/ruby-mode: Makefile
       Added Files:
       	pkgsrc/devel/ruby-mode: distinfo
    
       Log Message:
       Update ruby-mode package to 1.8.5.20061205.
    
       Tue Dec  5 00:59:05 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
    
       	* misc/ruby-mode.el (ruby-parse-partial): need to parse "/=" as
       	  self assignment operator, not regex.  [ruby-talk:227324]
    
       Wed Sep 13 18:25:18 2006  Yukihiro Matsumoto  <matz@ruby-lang.org>
    
       	* misc/ruby-mode.el (ruby-parse-partial): better here-doc support.
       	  a patch from Marshall T. Vandegrift <llasram at gmail.com>.
       	  [ruby-core:08804]
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:31:34 UTC 2006
    
       Modified Files:
       	pkgsrc/devel/ruby-readline: Makefile distinfo
       	pkgsrc/devel/ruby-readline/patches: patch-aa
    
       Log Message:
       Update ruby-readline package to 1.8.5.20061205:
    
       - No change with 20061205 patch.
       - Disable checking rl_filename_completion_function() to prevent compile
         error.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:34:42 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/ruby: Makefile
    
       Log Message:
       Update ruby package to 1.8.5.20061205.  No change for this wrapper package.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:17:17 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
    
       Log Message:
       - Handle patchlevel which has introduced to Ruby.
       - Introduce RUBY_PATCH_DATE and RUBY_VERSION_SUFFIX.
       - Change _RUBY_VERS_TEENY to _RUBY_VER_TEENY as other version variable
         like RUBY_VER_MAJOR.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:19:50 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
    
       Log Message:
       Update RUBY18_PATCH_DATE to 20061205, starting update of Ruby.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:34:09 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/ruby18: Makefile
    
       Log Message:
       Update ruby18 package to 1.8.5.20061205.  No change for this meta pacakge
       itself.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:24:27 UTC 2006
    
       Modified Files:
       	pkgsrc/lang/ruby18-base: Makefile PLIST PLIST.common_end distinfo
       Added Files:
       	pkgsrc/lang/ruby18-base: options.mk
       	pkgsrc/lang/ruby18-base/patches: patch-af
       Removed Files:
       	pkgsrc/lang/ruby18-base/patches: patch-bl
    
       Log Message:
       o Update ruby18-base pacakge to Ruby 1.8 branch 2006/12/05.
    
       	- Many changes from 2006/9/6; see Changes file, please.
       	- Fixes another cgi.rb vulnerability:
       		http://jvn.jp/jp/JVN%2384798830/index.html
    
       o Introduce ruby-build-ri-db PKG_OPTION which enable installing database
         for Ruby's ri utility.  Default is disabled and should be fix
         PR pkg/34587.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 17:00:54 UTC 2006
    
       Modified Files:
       	pkgsrc/mk/defaults: options.description
    
       Log Message:
       Add description of ruby-build-ri-db.
    ---
       Module Name:		pkgsrc
       Committed By:	tv
       Date:		Fri Nov 10 16:54:54 UTC 2006
    
       Modified Files:
       	pkgsrc/x11/ruby-tk: Makefile
    
       Log Message:
       Use find -print | xargs rather than find -exec.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 16:33:16 UTC 2006
    
       Modified Files:
       	pkgsrc/x11/ruby-tk: Makefile PLIST distinfo
    
       Log Message:
       Update ruby-tk package to 1.8.5.20061205:
    
       Changes are huge, please see Changes.
    
       - pkgsrc change; fix permission of a image file.
  5. #1942

    salo authored
  6. Pullup ticket 1942 - requested by taca

    salo authored
    security update for squirrelmail
    
    Revisions pulled up:
    - pkgsrc/mail/ja-squirrelmail/Makefile			1.34, 1.35, 1.36
    - pkgsrc/mail/ja-squirrelmail/PLIST			1.8
    - pkgsrc/mail/ja-squirrelmail/distinfo			1.13
    - pkgsrc/mail/ja-squirrelmail/patches/patch-aa		1.4
    
       Module Name:		pkgsrc
       Committed By:	tv
       Date:		Fri Nov 10 17:37:13 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/ja-squirrelmail: Makefile
    
       Log Message:
       Use find -print | xargs rather than find -exec.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Wed Dec  6 15:26:26 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo
       	pkgsrc/mail/ja-squirrelmail/patches: patch-aa
    
       Log Message:
       Update ja-squirrelmail to 1.4.9a.
    
       pkgsrc change:
    
       * separate ja-patch into ja-patch and lite-patch.
    
       ChangLog:
       Version 1.4.9a - 3 December 2006
       --------------------------------
         - Security: Multiple IE cross site scripting issues related to the
           widely acceptation of the word expression and url by IE.
         - Security: Removing @import when sanitizing html mail.
    
       Version 1.4.9 - 2 December 2006
       -------------------------------
         - Drop obsolete script plugins/make_archive.pl.
         - Fixed Google translate form in translate plugin. Added new language
           pairs.
         - Added XMAGICTRASH extension tests in configtest utility. Removed code
           that handled 'inbox.trash' as special folder in courier (#1354393).
         - Allowed moving folders to trash in courier.
         - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
           (#1543573).
         - Provide View Unsafe Images link on viewing a text/html attachment.
         - Fix variable typo in folders_create.php (#1545316).
         - Added Courier IMAP OUTBOX check to configtest utility.
         - If mailbox name starts with slash or contains ../, error message is
           generated. Safety check for insecure default UW IMAP setup (#1557078).
         - Ignore message copy errors when messages are deleted. Allows to delete
           messages when quota is exceeded (#614887, #646386, #1446026).
         - Fixed unintended literal fetching (#1562271).
         - Added global file based address book listing controls. Added line
           length configuration option for local_file address book backend
           (#1181561). Added address book data integrity checks in local_file
           address book backend. Fixed eregi and object notices in local_file
           and database address book backends. Added additional address book
           field support.
         - Fixed variable corruption in configtest utility.
         - Checked if configuration file is readable in configuration utility
           (#1568355).
         - Special mailboxes marked in special_mailbox hook are no longer listed
           in folder delete, rename and subscription options.
         - Translate plugin: prevent PHP notice when viewing empty message.
         - Add CEST and MEST (non-standard) timezone codes for +0200.
         - Add <label> to From field in message list.
         - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
         - Fix in bodystructure parser code related to strings ending with an
           escape character.
         - Added "attachment */*" hook
         - Added third parameter $logout_link to logout_error hook that allows
           plugin control over login page URI displayed on login error page.
         - Security: close cross site scripting vulnerability in draft, compose
           and mailto functionality [CVE-2006-6142].
         - Security: work around an issue in Internet Explorer that would guess
           the mime type of a file based on contents, not Content-Type header.
    ---
       Module Name:		pkgsrc
       Committed By:	taca
       Date:		Thu Dec  7 05:38:44 UTC 2006
    
       Modified Files:
       	pkgsrc/mail/ja-squirrelmail: Makefile
    
       Log Message:
       Correct wrong usage of PKGMANDIR.
  7. #1948

    salo authored
  8. Pullup ticket 1948 - requested by abs

    salo authored
    security update for xine-lib
    
    Revisions pulled up:
    - pkgsrc/multimedia/xine-lib/Makefile			1.42
    - pkgsrc/multimedia/xine-lib/Makefile.common		1.36
    - pkgsrc/multimedia/xine-lib/distinfo			1.38
    - pkgsrc/multimedia/xine-lib/patches/patch-aa		1.5
    - pkgsrc/multimedia/xine-lib/patches/patch-ab		1.4
    - pkgsrc/multimedia/xine-lib/patches/patch-ac		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-ae		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-ag		1.14
    - pkgsrc/multimedia/xine-lib/patches/patch-ah		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-ai		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-ao		1.11
    - pkgsrc/multimedia/xine-lib/patches/patch-ap		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-av		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-az		1.2
    - pkgsrc/multimedia/xine-lib/patches/patch-bb		removed
    - pkgsrc/multimedia/xine-lib/patches/patch-bd		1.2
    - pkgsrc/multimedia/xine-lib/patches/patch-be		1.7
    - pkgsrc/multimedia/xine-lib/patches/patch-bg		1.3
    - pkgsrc/multimedia/xine-lib/patches/patch-bh		removed
    - pkgsrc/multimedia/xine-lib/patches/patch-da		1.2
    - pkgsrc/multimedia/xine-lib/patches/patch-db		1.2
    - pkgsrc/multimedia/xine-lib/patches/patch-dc		1.2
    
       Module Name:		pkgsrc
       Committed By:	abs
       Date:		Fri Dec  8 09:24:26 UTC 2006
    
       Modified Files:
        	pkgsrc/multimedia/xine-lib: Makefile Makefile.common distinfo
        	pkgsrc/multimedia/xine-lib/patches: patch-aa patch-ab patch-ac patch-ae
        	    patch-ag patch-ah patch-ai patch-ao patch-ap patch-av patch-az
        	    patch-bd patch-be patch-bg patch-da patch-db patch-dc
       Removed Files:
        	pkgsrc/multimedia/xine-lib/patches: patch-bb patch-bh
    
       Log Message:
       Update xine-lib to 1.1.3
    
          * Security fixes:
            - Heap overflow in libmms (related to CVE-2006-2200)
            - Buffer overrun in Real Media input plugin. [bug #1603458]
              Thanks to Roland Kay for reporting and JW for the patch.
          * Update build system to support x86 Darwin setups, and merge patches to
            support Darwin OS better.
          * Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is
            the requried version.
          * When the compiler supports it, enable hidden visibility for all the
            plugins to export only the plugin info entry (and eventual needed
            special functions), to replace the min-symtab option that wasn't working.
          * Add "m4b" to the list of supported file extensions for the Qt demuxer, to
            allow playing (unprotected) audiobooks in AAC format.
          * Remove --disable-fpic hack, prefer using --without-pic instead.
          * Add new output plugin: PulseAudio (based on PolypAudio plugin), that uses
            0.9 API (PulseAudio is PolypAudio renamed).
          * Remove PolypAudio plugin, latest version supported 0.7 API that is no more
            supported by upstream, and it's replaced by PulseAudio.
          * Allow 0 for DVD title/chapter (navigation or full title).
          * New experimental JACK audio driver.
          * Fix switch from alsa/dmix 2.0 to 5.1 [bug #1226595]
          * Don't use proxy for localhost connection. [bug #1553633]
          * Use mmap() to open local files if available.
          * Use pkg-config to look for external FFmpeg.
          * Allow FFmpeg to play MP3s in case MAD is not present.
          * Reduce the dead time when trying to connect to dead hosts, by falling back
            to non-blocking sockets on the last address found for an host, and allowing
            users to provide a connection timeout. [bug #1550844]
          * Return the correct error message to frontends when a file is inaccessible
            or the network connection is broken. [bug #1550763]
          * Support libcaca 0.99, thanks to cjacker huang.
          * Fix crash on video-only WMV streams. [bug #1564598]
          * Report audio stream on Shorten files (required for Amarok to play them).
          * Optionally use fontconfig to look up fonts to use for OSD. [bug #1551042]
          * Prefer FreeType2 rendered fonts to bitmap fonts.
          * Stone age platforms update
          * Enabled TrueSpeech codec
          * New X11 visual type: xine-lib may now use frontend's mutex/lock mechanism
            instead of XLockDisplay/XUnlockDisplay.
          * Allow playing of OggFlac files. [bug #1590690]
          * Allow playing FLAC files with an ID3 tag at the start.
          * Fix some crashes caused by MP3 files (and possibly others) being
            misdetected as AAC.
Something went wrong with that request. Please try again.