Commits on Dec 18, 2007
  1. Tickets #2250, 2251.

    ghen committed Dec 18, 2007
  2. Pullup ticket 2251 - requested by martti

    latest update for clamav
    
    - pkgsrc/mail/clamav/Makefile				1.81
    - pkgsrc/mail/clamav/PLIST				1.19
    - pkgsrc/mail/clamav/distinfo				1.49
    - pkgsrc/mail/clamav/patches/patch-ad			1.13
    - pkgsrc/mail/clamav/patches/patch-ah			1.12
    
       Module Name:	pkgsrc
       Committed By:	martti
       Date:		Tue Dec 18 08:16:11 UTC 2007
    
       Modified Files:
    	   pkgsrc/mail/clamav: Makefile PLIST distinfo
    	   pkgsrc/mail/clamav/patches: patch-ad patch-ah
    
       Log Message:
       Updated mail/clamav to 0.92
    
       This release provides various bugfixes, optimisations and improvements
       to the scanning engine. The new features include support for ARJ and
       SFX-ARJ archives, AutoIt, basic SPF parser in clamav-milter (to reduce
       phishing false-positives), faster scanning and others (see ChangeLog).
       To get a consistent behaviour of the anti-phishing module on all platforms,
       libclamav now includes the regex library from OpenBSD.
    ghen committed Dec 18, 2007
  3. Pullup ticket 2250 - requested by obache

    security fix for ruby-gnome2-gtk
    
    - pkgsrc/x11/ruby-gnome2-gtk/Makefile			1.10
    - pkgsrc/x11/ruby-gnome2-gtk/distinfo			1.2
    - pkgsrc/x11/ruby-gnome2-gtk/patches/patch-ab		1.1
    
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Mon Dec 17 02:59:59 UTC 2007
    
       Modified Files:
    	   pkgsrc/x11/ruby-gnome2-gtk: Makefile distinfo
       Added Files:
    	   pkgsrc/x11/ruby-gnome2-gtk/patches: patch-ab
    
       Log Message:
       Added a patch for fixing format string vulnerability (CVE-2007-6183).
       http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2?view=rev&revision=2720
    
       Bump PKGREVISION.
    ghen committed Dec 18, 2007
Commits on Dec 17, 2007
  1. Tickets #2208, 2212, 2217, 2221 and 2237.

    ghen committed Dec 17, 2007
  2. Pullup ticket 2212 - requested by hira

    build fix for p5-Math-Pari
    
    - pkgsrc/math/p5-Math-Pari/distinfo			1.9
    - pkgsrc/math/p5-Math-Pari/patches/patch-ac		1.1
    
       Module Name:		pkgsrc
       Committed By:	obache
       Date:		Sun Oct 14 08:08:53 UTC 2007
    
       Modified Files:
    	   pkgsrc/math/p5-Math-Pari: distinfo
       Added Files:
    	   pkgsrc/math/p5-Math-Pari/patches: patch-ac
    
       Log Message:
       Fix build problem on NetBSD/i386.
       Patch provided by Yakovetsky Vladimir in PR 36934,
       same as math/pari/patches/patch-ac.
    ghen committed Dec 17, 2007
  3. Pullup ticket 2221 - requested by drochner

    build fix for kphotobook
    
    - pkgsrc/graphics/kphotobook/distinfo			1.3
    - pkgsrc/graphics/kphotobook/patches/patch-ac		1.1
    
       Module Name:    pkgsrc
       Committed By:   drochner
       Date:           Tue Oct 30 21:24:14 UTC 2007
    
       Modified Files:
               pkgsrc/graphics/kphotobook: distinfo
       Added Files:
               pkgsrc/graphics/kphotobook/patches: patch-ac
    
       Log Message:
       make this compile (with newer KDE/qt?), from Phil Nelson per PR pkg/37199
    ghen committed Dec 17, 2007
  4. Pullup ticket 2208 - requested by tnn

    build fix for sawfish
    
    - pkgsrc/wm/sawfish/distinfo				1.12
    - pkgsrc/wm/sawfish/patches/patch-ac			1.3
    
       Module Name:		pkgsrc
       Committed By:	tnn
       Date:		Sat Oct 20 14:13:45 UTC 2007
    
       Modified Files:
    	   pkgsrc/wm/sawfish: distinfo
       Added Files:
    	   pkgsrc/wm/sawfish/patches: patch-ac
    
       Log Message:
       Fix, hopefully, problem spotted in 2007Q3 bulk builds when using
       XFree86.
    ghen committed Dec 17, 2007
  5. Pullup ticket 2237 - requested by mishka

    bugfix for mrtg
    
    - pkgsrc/net/mrtg/Makefile				1.83, 1.84
    - pkgsrc/net/mrtg/PLIST					1.11
    
       Module Name:		pkgsrc
       Committed By:	mishka
       Date:		Fri Nov  9 16:41:51 UTC 2007
    
       Modified Files:
    	   pkgsrc/net/mrtg: Makefile PLIST
    
       Log Message:
       SNMPv3 requires the Net_SNMP_util.pm custom library.
    ---
       Module Name:		pkgsrc
       Committed By:	mishka
       Date:		Fri Nov 30 09:51:52 UTC 2007
    
       Modified Files:
    	   pkgsrc/net/mrtg: Makefile
    
       Log Message:
       The pkgsrc developer's guide says: "... changes that do merit an
       increase to PKGREVISION include: Changes to the PLIST" [1]. DTRT.
    
       [1] http://www.NetBSD.org/docs/pkgsrc/fixes.html#bumping-pkgrevision
    ghen committed Dec 17, 2007
  6. Pullup ticket 2217 - requested by joerg

    security update for py-django
    
    - pkgsrc/www/py-django/Makefile				1.9
    - pkgsrc/www/py-django/distinfo				1.5
    
       Module Name:	pkgsrc
       Committed By:	joerg
       Date:		Thu Nov  1 21:24:02 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/py-django: Makefile distinfo
    
       Log Message:
       Update to Django 0.96.1: Fix a DOS in the i18n layer.
    ghen committed Dec 17, 2007
  7. Tickets #2245-2248.

    ghen committed Dec 17, 2007
  8. Pullup ticket 2248 - requested by tron

    security update for wireshark
    
    - pkgsrc/net/wireshark/Makefile				1.13
    - pkgsrc/net/wireshark/PLIST				1.7
    - pkgsrc/net/wireshark/distinfo				1.9
    
       Module Name:		pkgsrc
       Committed By:	tron
       Date:		Sat Dec 15 13:53:27 UTC 2007
    
       Modified Files:
    	   pkgsrc/net/wireshark: Makefile PLIST distinfo
    
       Log Message:
       Update "wireshark" package to version 0.99.7pre2. Changes since
       version 0.99.6:
       - Fixes for the security problems reported in "wnpa-sec-2007-03"
       - Most of the capture code has been moved out of the GUI, which means
         that Wireshark no longer needs to be run as root.
       - Many display filter names have been cleaned up. If your favorite
         display filter just went missing, please consult the display filter
         reference to find out where it ended up.
       - You can now filter directly on SNMP OIDs.
       - IO graphs have more display options, and you can now export graphs.
       - You can now follow UDP streams in addition to TCP and SSL streams.
       - You can now disable coloring rules without deleting them.
       - Main window toolbar buttons are now available even when the window is
         small.
       - Optimizations have been applied in some places to make Wireshark start up
         and run faster.
       - New Protocol Support
         ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT,
         ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah,
         IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN,
         WiMAX ASN Control Plane, X.224
       - Updated Protocol Support
         3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP,
         Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT,
         CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC
         ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI,
         DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS,
         DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE,
         FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP,
         IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS,
         ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP,
         MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2,
         MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER,
         PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP,
         Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP,
         RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB,
         SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP,
         text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX,
         WLCCP, X.411, X.420, X.509 SAT, XML
       - New and Updated Capture File Support
         Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks,
         Windows Sniffer (NetXRay)
    ghen committed Dec 17, 2007
  9. Pullup ticket 2247 - requested by tron

    security update for openoffice2-bin
    
    - pkgsrc/misc/openoffice2-bin/Makefile			1.34
    - pkgsrc/misc/openoffice2-bin/distinfo			1.13
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Sat Dec 15 13:32:17 UTC 2007
    
       Modified Files:
    	   pkgsrc/misc/openoffice2-bin: Makefile distinfo
    
       Log Message:
       Update "openoffice2-bin" package to version 2.3.1.
       This update provides a fix for the security vulnerability reported in
       CVE-2007-4575 and a lot of other bug-fixes.
    
       The complete release notes are available here:
       http://development.openoffice.org/releases/2.3.1.html
    ghen committed Dec 17, 2007
  10. Pullup ticket 2246 - requested by martti

    security update for squirrelmail
    
    - pkgsrc/mail/squirrelmail/Makefile			1.96, 1.97
    - pkgsrc/mail/squirrelmail/PLIST			1.25
    - pkgsrc/mail/squirrelmail/distinfo			1.45, 1.46
    - pkgsrc/mail/squirrelmail/options.mk			1.7
    
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Fri Dec 14 20:44:35 UTC 2007
    
       Modified Files:
    	   pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
    
       Log Message:
       Updated mail/squirrelmail to 1.4.13
    
       (pkgsrc notice: we were using the original, known-to-be-good 1.4.12
       distfile so all your servers should be fine)
    
       Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
       release 1.4.13 to ensure no confusions. While initial review didn't
       uncover a need for concern, several proof of concepts show that the
       package alterations introduce a high risk security issue, allowing
       remote inclusion of files. These changes would allow a remote user the
       ability to execute exploit code on a victim machine, without any user
       interaction on the victim's server. This could grant the attacker the
       ability to deploy further code on the victim's server.
    
       We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
       immediately.
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat Dec 15 13:58:12 UTC 2007
    
       Modified Files:
    	   pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
    
       Log Message:
       Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
    
       Bump PKG_REVISION.
    ghen committed Dec 17, 2007
  11. Pullup ticket 2245 - requested by tron

    security update for mysql5
    
    - pkgsrc/databases/mysql5-client/Makefile		1.11, 1.12, 1.14
    - pkgsrc/databases/mysql5-client/Makefile.common	1.26, 1.28
    - pkgsrc/databases/mysql5-client/PLIST			1.8, 1.9
    - pkgsrc/databases/mysql5-client/distinfo		1.20, 1.21
    - pkgsrc/databases/mysql5-client/patches/patch-ad	1.7
    - pkgsrc/databases/mysql5-server/Makefile		1.20
    - pkgsrc/databases/mysql5-server/PLIST			1.12
    - pkgsrc/databases/mysql5-server/distinfo		1.17
    - pkgsrc/databases/mysql5-server/patches/patch-ab	1.5
    - pkgsrc/databases/mysql5-server/patches/patch-ak	1.4
    - pkgsrc/databases/mysql5-server/patches/patch-an	1.4
    
       Module Name:		pkgsrc
       Committed By:	rillig
       Date:		Fri Oct 12 14:32:46 UTC 2007
    
       Modified Files:
    	   pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo
    	   pkgsrc/databases/mysql5-client/patches: patch-ad
    
       Log Message:
       The mysql.info file is not rebuilt anymore, so it is safe to install the
       documentation.
    
       PKGREVISION++
    ---
       Module Name:		pkgsrc
       Committed By:	rillig
       Date:		Sun Oct 14 17:43:33 UTC 2007
    
       Modified Files:
    	   pkgsrc/databases/mysql5-client: Makefile PLIST
    
       Log Message:
       The file manual.chm is installed additionally, since it is much more
       comfortable to browse than the GNU info file.
    
       PKGREVISION++
    ---
       Module Name:		pkgsrc
       Committed By:	tron
       Date:		Fri Dec 14 13:36:54 UTC 2007
    
       Modified Files:
    	   pkgsrc/databases/mysql5-client: Makefile Makefile.common distinfo
    	   pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
    	   pkgsrc/databases/mysql5-server/patches: patch-ab patch-ak patch-an
    
       Log Message:
       Update "mysql5-client" and "mysql5-server" packages to version 5.0.51.
       This version fixes a lot of bugs including the security vulnerability
       reported in CVE-2007-5969.
    
       A complete list of the changes can be found here:
       http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html
    ghen committed Dec 17, 2007
Commits on Dec 10, 2007
  1. Ticket #2244.

    ghen committed Dec 10, 2007
  2. Pullup ticket 2244 - requested by minskim

    security update for ruby-actionpack
    
    - pkgsrc/databases/ruby-activerecord/Makefile		1.10
    - pkgsrc/databases/ruby-activerecord/distinfo		1.10
    - pkgsrc/devel/ruby-activesupport/Makefile		1.12
    - pkgsrc/devel/ruby-activesupport/distinfo		1.10
    - pkgsrc/mail/ruby-actionmailer/Makefile		1.9
    - pkgsrc/mail/ruby-actionmailer/distinfo		1.10
    - pkgsrc/www/rails/Makefile				1.6
    - pkgsrc/www/rails/PLIST				1.3
    - pkgsrc/www/rails/distinfo				1.5
    - pkgsrc/www/rails/patches/patch-ab			1.4
    - pkgsrc/www/ruby-actionpack/Makefile			1.9, 1.10
    - pkgsrc/www/ruby-actionpack/PLIST			1.10
    - pkgsrc/www/ruby-actionpack/distinfo			1.10, 1.11
    - pkgsrc/www/ruby-actionwebservice/Makefile		1.8
    - pkgsrc/www/ruby-actionwebservice/distinfo		1.9
    
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Tue Oct 16 02:56:02 UTC 2007
    
       Modified Files:
    	   pkgsrc/devel/ruby-activesupport: Makefile distinfo
    
       Log Message:
       Update ruby-activesupport to 1.4.4.
    
       Changes:
       * Backport: allow array and hash query parameters. Array route
         parameters are converted/to/a/path as before.
       * Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read
         files or stdin.
       * Document Object#blank?.
       * Update Dependencies to ignore constants inherited from ancestors.
       * Improved multibyte performance by relying less on exception raising
    ---
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Tue Oct 16 03:17:32 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/ruby-actionpack: Makefile PLIST distinfo
    
       Log Message:
       Update ruby-actionpack to 1.13.5.
    
       Changes:
       * Backport: allow array and hash query parameters. Array route
         parameters are converted/to/a/path as before. #6765, #7047, #7462 [bgipsy,
         Jeremy  McAnally, Dan Kubb, brendan, Diego Algorta Casamayou]
       * Fix in place editor's setter action with non-string fields.  #7418
         [Andreas]
       * Only accept session ids from cookies, prevents session fixation
         attacks.
       * Change the resource seperator from ; to / change the generated
         routes to use the new-style named routes. e.g. new_group_user_path(@group)
         instead of group_new_user_path(@group). [pixeltrix]
       * Integration tests: introduce methods for other HTTP methods. #6353
         [caboose]
       * Improve performance of action caching. Closes #8231 [skaes]
       * Fix errors with around_filters which do not yield, restore 1.1
         behaviour with after filters. Closes #8891 [skaes]
       * Allow you to delete cookies with options. Closes #3685
       * Deprecate pagination. Install the classic_pagination plugin for
         forward compatibility, or move to the superior will_paginate plugin. #8157
       * Fix filtered parameter logging with nil parameter values.  #8422
         [choonkeat]
       * Integration tests: alias xhr to xml_http_request and add a
         request_method argument instead of always using POST. #7124
       * Document caches_action.  #5419 [Jarkko Laine]
       * observe_form always sends the serialized form. #5271
       * Update UrlWriter to accept :anchor parameter. Closes #6771.
         [octopod]
       * Replace the current block/continuation filter chain handling by an
         implementation based on a simple loop. Closes #8226 [Stefan Kaes]
       * Return the string representation from an Xml Builder when
         rendering a partial. #5044 [tpope]
       * Cleaned up, corrected, and mildly expanded ActionPack
         documentation. Closes #7190 [jeremymcanally]
       * Small collection of ActionController documentation cleanups.
         Closes #7319
       * Performance: patch cgi/session/pstore to require digest/md5 once
         rather than per #initialize. #7583 [Stefan Kaes]
       * Deprecation: verification with :redirect_to => :named_route
         shouldn't be deprecated. #7525 [Justin French]
    ---
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Tue Oct 16 03:05:39 UTC 2007
    
       Modified Files:
    	   pkgsrc/databases/ruby-activerecord: Makefile distinfo
    
       Log Message:
       Update ruby-activerecord to 1.15.5.
    
       Changes:
       * Depend on Action Pack 1.4.4
       * Fix #count on a has_many :through association so that it
         recognizes the :uniq option. Closes #8801 [lifofifo]
       * Don't clobber includes passed to has_many.count [danger]
       * Make sure has_many uses :include when counting [danger]
       * Save associated records only if the association is already
         loaded.  #8713
       * Changing the :default Date format doesn't break date quoting.  #6312
       * Allow nil serialized attributes with a set class constraint. #7293
       * belongs_to assignment creates a new proxy rather than modifying
         its target in-place.  #8412 [mmangino@elevatedrails.com]
       * Fix column type detection while loading fixtures.  Closes #7987
         [roderickvd]
       * Document deep eager includes.  #6267 [Josh Susser, Dan Manges]
       * Oracle: extract column length for CHAR also.  #7866 [ymendel]
       * Small additions and fixes for ActiveRecord documentation.  Closes
         #7342
       * SQLite: binary escaping works with $KCODE='u'.  #7862 [tsuka]
       * Improved cloning performance by relying less on exception raising
         #8159
    ---
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Tue Oct 16 03:26:23 UTC 2007
    
       Modified Files:
    	   pkgsrc/mail/ruby-actionmailer: Makefile distinfo
    
       Log Message:
       Update ruby-actionmailer to 1.3.5.
    
       Changes:
       * Depend on Action Pack 1.13.5
    ---
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Tue Oct 16 03:31:02 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/ruby-actionwebservice: Makefile distinfo
    
       Log Message:
       Update ruby-actionwebservice to 1.2.5.
    
       Changes:
       * Depend on Action Pack 1.13.5
       * Depend on Active Record 1.15.5
    ---
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Tue Oct 16 04:03:43 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/rails: Makefile PLIST distinfo
    	   pkgsrc/www/rails/patches: patch-ab
    
       Log Message:
       Update rails to 1.2.5.
    
       Changes:
    
       * Correct RAILS_GEM_VERSION regexp. Use =version gem requirement
         instead of ~>version so you don't get surprised by a beta gem in
         production.  This change means upgrading to 1.2.5 will require a boot.rb
         upgrade.
       * Move custom inflections example so available before route
         generation.
       * Add a new rake task to aid debugging of named routes.
       * use Gem.find_name instead of search when freezing gems. Prevent
         false positives for other gems with rails in the name. Closes #8729
         [wselman]
       * Fix syntax error in dispatcher than wrecked failsafe responses.
       * Add Active Resource to rails:freeze:edge and drop Action Web
         Service.
       * Give generate scaffold a more descriptive database message.
         Closes #7316
       * Canonicalize RAILS_ROOT by using File.expand_path on Windows,
         which doesn't have to worry about symlinks, and Pathname#realpath
         elsewhere, which respects symlinks in relative paths but is incompatible
         with Windows. #6755 [Jeremy Kemper, trevor]
    ---
       Module Name:    pkgsrc
       Committed By:   minskim
       Date:           Mon Dec 10 05:47:03 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/ruby-actionpack: Makefile distinfo
    
       Log Message:
       Update ruby-actionpack to 1.13.6.
    
       Changes:
       * Correct Broken Fix for session_fixation attacks
       * Ensure that cookies handle array values correctly.  Closes #9937
         [queso]
    ghen committed Dec 10, 2007
Commits on Dec 6, 2007
  1. Tickets #2240, 2241, 2243.

    ghen committed Dec 6, 2007
  2. Pullup ticket 2243 - requested by taca

    bugfix update for squirrelmail (squirrelmail-japanese option)
    
    - pkgsrc/mail/squirrelmail/distinfo			1.44
    - pkgsrc/mail/squirrelmail/options.mk			1.6
    
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  5 11:25:57 UTC 2007
    
       Modified Files:
    	   pkgsrc/mail/squirrelmail: distinfo options.mk
    
       Log Message:
       Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
    ghen committed Dec 6, 2007
  3. Pullup ticket 2241 - requested by taca

    security update for squid
    
    - pkgsrc/www/squid/Makefile				1.197-1.199
    - pkgsrc/www/squid/distinfo				1.135
    - pkgsrc/www/squid/patches/patch-av			removed
    
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Mon Nov 12 00:15:00 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/squid: Makefile
    
       Log Message:
       Remove ftp.leo.org from MASTER_SITES, doesn't resolve.
       From Zafer Aydogan in PR 37341.
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Sun Dec  2 11:46:11 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/squid: Makefile
    
       Log Message:
       Remove Ex-MASTER_SITE. From Zafer Aydogan.
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Dec  2 14:47:08 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/squid: Makefile distinfo
       Removed Files:
    	   pkgsrc/www/squid/patches: patch-av
    
       Log Message:
       Update squid package to 2.6.17 (2.6.STABLE17).
    
       Changes to squid-2.6.STABLE17 (26 Nov 2007)
    
    	   - Fix compile error with old GCC 2.x or other ANSI-C compilers before
    	     C99
    	   - Mention the login= cache_peer option in release notes
    	   - Fix bad cache_peer example in squid.conf
    	   - Bug #2086: Fix a compile-time memory corruption error causing cf_gen
    	     to fail
    	   - Bug #2048: Clarify high_memory_warning usage
    	   - Reject DNS responses which result in no data
    	   - Fix version number in configuration manual
    	   - Move cache and request/reply_header_max_size to their proper
    	     sections
    	   - Bug #2088: sbrk statistics broken when process size >2GB
    	   - Move logopen() much earlier to have fatal startup errors sent to the
    	     proper syslog facility
    	   - Fix HTTP/0.9 responses
    	   - Correct bad example config for tos_outgoing_tos
    	   - Fix grammar in description of mail_program squid.conf option
    	   - Ignore Content-Length in chunked responses instead of rejecting the
    	     response as invalid
    	   - Documented that http_port no longer have a default
    	   - Cleanup of cache digest documentation
    	   - Make aufs store rebuilding back off a little if I/O load too high
    	   - Bug #2100: Respect DNS ttl=0
    	   - Update udp_(incoming|outgoing)_address documentation to reflect
    	     current bahaviour.
    	   - Update HTCP documentation
    	   - Document the overlapping helper request format
    	   - Change priority of proxy auth and extacl provided username in
    	     login=*:pass
    	   - pack header entries on cache updates
    	   - Make squid_db_auth reopen the database connection on each query by
    	     default
    	   - Improve helper debug ouput, including the channel number
    	   - Update cachePeerEntry MIB description to mention what is used as
    	     index key
    	   - Import squid_radius_auth for authenticating to RADIUS
    ghen committed Dec 6, 2007
  4. Pullup ticket 2240 - requested by adrianp

    security update for drupal
    
    - pkgsrc/www/drupal/Makefile				1.25
    - pkgsrc/www/drupal/distinfo				1.18
    
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Wed Dec  5 23:16:19 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/drupal: Makefile distinfo
    
       Log Message:
       This release fixes a security vulnerability. Sites are urged to upgrade
       immediately. For more details, please see the security announcement:
    
       * SA-2007-031 - Drupal core - SQL Injection possible when certain
       contributed modules are enabled
    
       In addition to this security vulnerability, the following bugs have been
       fixed since the 5.2 release:
    
       * 178478 by scor: typo in text displyed when the DB is installed but not
       accessible
       * Patch 122759 by Robrecht: fixed broken query in upgrade path.
       * 55277 by catch and JirkaRybka: when flat comment view is used, order
       comments by cid (ie. original submission order) instead of timestamp
       (ie. last editing time order) to avoid comments jumping around when
       being edited
       * Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap()
       not booting to the proper level.
       * 184668 by hazexp, Remove unnecessary ';'
       * Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
       * 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft
       carried over in comment module
       * 154388 (backport of 172262) by JirkaRybka. Better globals handling in
       install system, so the choosen profile and language are remembered.
       * 171117 by JirkaRybka: set access time for admin created or edited
       accounts so they are exempt from the spam protection we have for
       accounts never logged in
       * Patch 168829 by Neil Drumm: fixed link in documentation.
       * 165924 by odious. Use accurate count query for user list.
       * 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
       * 180109 by JirkaRybka: overcome browser quirk to detect when no
       taxonomy term was selected
       * 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
    ghen committed Dec 6, 2007
Commits on Dec 5, 2007
  1. Ticket #2239.

    ghen committed Dec 5, 2007
  2. Pullup ticket 2239 - requested by adrianp

    security update for php5
    
    - pkgsrc/lang/php5/Makefile				1.62
    - pkgsrc/lang/php5/Makefile.common			1.28
    - pkgsrc/lang/php5/distinfo				1.50
    - pkgsrc/lang/php5/patches/patch-ao			removed
    - pkgsrc/lang/php5/patches/patch-ar			removed
    
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Fri Nov 23 13:20:01 UTC 2007
    
       Modified Files:
    	   pkgsrc/lang/php5: Makefile Makefile.common distinfo
       Removed Files:
    	   pkgsrc/lang/php5/patches: patch-ao patch-ar
    
       Log Message:
       Update to 5.2.5
    
       * Security Enhancements and Fixes in PHP 5.2.5:
       Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
       Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
       Reported by Laurent Gaffie.
       Fixed htmlentities/htmlspecialchars not to accept partial multibyte
       sequences. Reported by Rasmus Lerdorf
       Fixed possible triggering of buffer overflows inside glibc
       implementations of the fnmatch(), setlocale() and glob() functions.
       Reported by Laurent Gaffie.
       Fixed "mail.force_extra_parameters" php.ini directive not to be
       modifiable in .htaccess due to the security implications. Reported by
       SecurityReason.
       Fixed bug 42869 (automatic session id insertion adds sessions id to
       non-local forms).
       Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
       overwritten with ini_set()).
    
       * Key enhancements in PHP 5.2.5 include:
       Upgraded PCRE to version 7.3
       Updated timezone database to version 2007.9
       Added ability to control memory consumption between request using
       ZEND_MM_COMPACT environment variable.
       Improved speed of array_intersect_key(), array_intersect_assoc(),
       array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
       array_udiff_assoc() functions
       Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
       fetchAll())
       Fixed bug 42785 (json_encode() formats doubles according to locale
       rather then following standard syntax)
       Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
       Over 60 bug fixes.
    
       For all the details see:
    	   http://www.php.net/ChangeLog-5.php#5.2.5
    ghen committed Dec 5, 2007
  3. Ticket #2238.

    ghen committed Dec 5, 2007
  4. Pullup ticket 2238 - requested by martti

    security update for squirrelmail
    
    - pkgsrc/mail/squirrelmail/Makefile			1.95
    - pkgsrc/mail/squirrelmail/PLIST			1.24
    - pkgsrc/mail/squirrelmail/buildlink3.mk		1.17
    - pkgsrc/mail/squirrelmail/distinfo			1.43
    - pkgsrc/mail/squirrelmail/patches/patch-aa		1.14
    
       Module Name:	pkgsrc
       Committed By:	martti
       Date:		Wed Dec  5 07:11:29 UTC 2007
    
       Modified Files:
    	   pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
    	   pkgsrc/mail/squirrelmail/patches: patch-aa
    
       Log Message:
       Updated mail/squirrelmail to 1.4.12
    
       NOTE: includes a critical bug fix in the attachment handling
    
          - Enabled user selection of address format when adding from address
            book during message composition.
          - Fixed issue with adding attachments in PHP 4.x environments (#1805471).
          - Backport size setting on "newmail" popup window.
          - Added a "short_open_tag" configuration test.
          - Undefined notice in error message box when no default folder prefix is set.
          - Undefined index error when downloading.  Possibly caused by using tabs and
            opening multiple mailboxes.
          - PAGE_NAME might not be defined in all plugins, which might cause a
            "not defined" error on session timeouts.
          - Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
            etc. (#1818398).
          - Fixed issue with in-reply-to and reference headers not being retained on
            reply (#1810659).
          - Revived logout_error hook (#1800015).
          - Allow custom session handlers to work correctly (and be defined at the
            application level with SquirrelMail).
          - Fix off-by-one in bodystructure parsing triggered by servers sending
            a body location part (e.g. Sun Java System Messaging Server). Thanks
            John Callahan (#1808382).
          - Invalid initialization of To: header (#1772893).
          - Includes cleanup in include/validate.php.
          - Cleanup in multiple files to remove unneeded includes.
          - Added sort by size (#812233 and #159997, plus multiple list requests).
            Patch provided by Christopher E. Brown.
          - Fix bug in sitewide SMTP settings still using authenticated user, rather
            than configured settings (#1835942).
          - Fixed mailto: functionality.
          - Added mailto: link handling when viewing messages.
          - Handle PHP's insistence on setting the value to 'deleted' for destroyed
            sessions
    ghen committed Dec 5, 2007
Commits on Dec 3, 2007
  1. Tickets #2232, 2233, 2234.

    ghen committed Dec 3, 2007
  2. Pullup ticket 2234 - requested by adrianp

    security update for ircservices
    
    - pkgsrc/chat/ircservices/Makefile			1.31
    - pkgsrc/chat/ircservices/distinfo			1.13
    
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Sat Nov 24 00:47:37 UTC 2007
    
       Modified Files:
    	   pkgsrc/chat/ircservices: Makefile distinfo
    
       Log Message:
       Update to 5.0.63
       2007/06/10 .62	Backported 5.1 fix for a bug allowing guest nicknames to be
    			linked.
       This release fixes two security-related bugs discovered in version 5.1 which
       are also present in 5.0.
    ghen committed Dec 3, 2007
  3. Pullup ticket 2233 - requested by adrianp

    security fix for cups
    
    - pkgsrc/print/cups/Makefile				1.127-1.128
    - pkgsrc/print/cups/distifno				1.53
    - pkgsrc/print/cups/patches/patch-au			1.9
    
       Module Name:	pkgsrc
       Committed By:	dsainty
       Date:		Mon Oct 22 11:56:46 UTC 2007
    
       Modified Files:
    	   pkgsrc/print/cups: Makefile
    
       Log Message:
       Fix the output of "cups-config --ldflags" to output "-Wl,-R/usr/pkg" like
       other config scripts do.
    
       Bump PKGREVISION since client software may not correctly build or run
       without this fix.
    ---
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Mon Nov  5 20:16:19 UTC 2007
    
       Modified Files:
    	   pkgsrc/print/cups: Makefile distinfo
       Added Files:
    	   pkgsrc/print/cups/patches: patch-au
    
       Log Message:
       Fix for CVE-2007-4351
       PKGREVISION++
    ghen committed Dec 3, 2007
  4. Pullup ticket 2232 - requested by adrianp

    security update for mantis
    
    - pkgsrc/devel/mantis/Makefile				1.28
    - pkgsrc/devel/mantis/PLIST				1.10
    - pkgsrc/devel/mantis/distinfo				1.10
    
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Sat Oct 27 22:31:10 UTC 2007
    
       Modified Files:
    	   pkgsrc/devel/mantis: Makefile PLIST distinfo
    
       Log Message:
       Update to 1.0.8
       - 0007902: [bugtracker] constant_inc is missing statement in 1.0.7 (vboctor)
       - 0008020: [installation] Port 7907: Allow using system adodb (giallu)
       - 0008029: [localization] Spelling mistake in value of string
       $s_by_severity file lang/strings_spanish.txt (giallu)
       - 0008019: [other] Port 5333: Invalid zip file core/adodb/adodb-time.zip
       in CVS (giallu)
       - 0007939: [rss] Port 7738: Replace non free RSS creation class (vboctor)
    
       2007.04.04 - 1.0.7
       - 0007743: [security] Port: CVE-2006-6574 (vboctor)
       - 0007772: [security] email notifications bypass security on custom
       fields (vboctor)
       - 0007784: [security] XSS vulnerabilities (vboctor)
       - 0007774: [custom fields] custom fields not stored correctly in bug
       history (vboctor)
       - 0007783: [filters] Port: Dynamic filter selection (XMLHTTPRequest)
       broken when using IE7
       (vboctor)
    ghen committed Dec 3, 2007
Commits on Nov 30, 2007
  1. #2229

    salo committed Nov 30, 2007
  2. Pullup ticket 2229 - requested by ghen

    security update for openldap
    
    Revisions pulled up:
    - pkgsrc/databases/openldap/Makefile			1.122
    - pkgsrc/databases/openldap/Makefile.common		1.11
    - pkgsrc/databases/openldap/distinfo			1.59
    - pkgsrc/databases/openldap-doc/Makefile		1.8
    
       Module Name:		pkgsrc
       Committed By:	ghen
       Date:		Sun Nov 18 19:46:16 UTC 2007
    
       Modified Files:
       	pkgsrc/databases/openldap: Makefile Makefile.common distinfo
       	pkgsrc/databases/openldap-doc: Makefile
    
       Log Message:
       Update openldap packages to 2.3.39, the latest stable release.
    
       The next stable release will be 2.4.x.
    
       OpenLDAP 2.3.39 Release (2007/10/26)
       	Fixed slapd database/overlay config conflict (ITS#4848)
       	Fixed slapd password_hash config order (ITS#5082)
       	Fixed slapd slap_mods_check bug (ITS#5119)
       	Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
       	Fixed slapd ordered values add normalization issue (ITS#5136)
       	Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
       	Fixed slapd-ldap search control parsing (ITS#5138)
       	Fixed slapd-ldap SASL idassert w/o authcId
       	Fixed slapd-ldif directory separators in DN (ITS#5172)
       	Fixed slapd-meta conn caching on bind failure (ITS#5154)
       	Fixed slapd-meta bind timeout assertion (ITS#5185)
       	Fixed slapd-sql concurrency issue (ITS#5095)
       	Fixed slapo-chain double-free (ITS#5137)
       	Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
       	Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
       	Fixed slapo-rwm modlist handling (ITS#5124)
       	Fixed slapo-rwm UUID in filter (ITS#5168)
       	Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
       	Fixed liblber Windows x64 portability (ITS#5105)
       	Fixed libldap ppolicy control creation (ITS#5103)
       	Build Environment
       		Fixed termios macro check (ITS#4880)
       		Updated Makefiles
       	Documentation
       		Fixed slapd-bdb(5) note about dbconfig directives (ITS#5134)
       		Added slapd-sql(5) empty oc mapping workaround (ITS#4785)
       		Added max-depth/return-error to slapo-chain(5)
       		slapadd/slapindex note about file ownership (ITS#5166)
       		slapcat note about using against running slapd (ITS#5028)
       		Fixed Admin Guide URL in README (ITS#5107)
    salo committed Nov 30, 2007
Commits on Nov 22, 2007
  1. Ticket #2231.

    ghen committed Nov 22, 2007
  2. Pullup ticket 2231 - requested by adrianp

    security update for apache-tomcat
    
    - pkgsrc/www/apache-tomcat55/Makefile			1.12
    - pkgsrc/www/apache-tomcat55/PLIST			1.4
    - pkgsrc/www/apache-tomcat55/distinfo			1.5
    
       Module Name:	pkgsrc
       Committed By:	adrianp
       Date:		Tue Nov 20 22:13:30 UTC 2007
    
       Modified Files:
    	   pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
    
       Log Message:
       Update to 5.5.25
       Fix install permissions to silence checkperms
    
       In brief:
       Fix WebDAV Servlet so it works correctly with MS clients. (markt)
       Fix XSS security vulnerability (CVE-2007-2450) in the Manager and Host
       Manager. Reported by Daiki Fukumori. (markt)
       Fix NPE when a ResourceLink in context.xml tries to override an
       env-entry in web.xml. (markt)
       Fix XSS security vulnerabilities (CVE-2007-2449) in the examples.
       Reported by Toshiharu Sugiyama. (markt)
       Add some additional mime-type mappings. (markt)
       Ensure JARs in webapps are scanned for TLDs when the Tomcat installation
       path contains spaces. (markt)
       Add link to httpd 2.2 mod_proxy_ajp docs in AJP connector doc. (yoavs)
    
       For all the details see:
    	   http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
    ghen committed Nov 22, 2007
Commits on Nov 16, 2007
  1. Ticket #2228.

    ghen committed Nov 16, 2007
  2. Pullup ticket 2228 - requested by tron

    security update for samba
    
    - pkgsrc/net/samba/Makefile				1.175-1.177
    - pkgsrc/net/samba/Makefile.patches			1.5-1.6
    - pkgsrc/net/samba/PLIST				1.37
    - pkgsrc/net/samba/distinfo				1.55-1.57
    - pkgsrc/net/samba/options.mk				1.22
    - pkgsrc/net/samba/patches/patch-ag			1.7
    - pkgsrc/net/samba/patches/patch-ai			removed
    - pkgsrc/net/samba/patches/patch-aj			removed
    - pkgsrc/net/samba/patches/patch-al			removed
    - pkgsrc/net/samba/patches/patch-am			removed
    - pkgsrc/net/samba/patches/patch-au			1.7
    - pkgsrc/net/samba/patches/patch-au			1.7
    - pkgsrc/net/samba/patches/patch-av			1.3
    - pkgsrc/net/samba/patches/patch-ay			1.3
    - pkgsrc/net/samba/patches/patch-ba			1.5-1.6
    - pkgsrc/net/samba/patches/patch-bb			removed
    - pkgsrc/net/samba/patches/patch-bc			1.2
    - pkgsrc/net/samba/patches/patch-bd			1.3
    - pkgsrc/net/samba/patches/patch-be			1.3
    - pkgsrc/net/samba/patches/patch-bf			removed
    - pkgsrc/net/samba/patches/patch-bh			1.3
    - pkgsrc/net/samba/patches/patch-bi			1.5
    - pkgsrc/net/samba/patches/patch-bj			removed
    - pkgsrc/net/samba/patches/patch-bk			removed
    - pkgsrc/net/samba/patches/patch-bo			1.4
    - pkgsrc/net/samba/patches/patch-bp			1.4
    - pkgsrc/net/samba/patches/patch-br			1.3
    - pkgsrc/net/samba/patches/patch-bs			1.4
    - pkgsrc/net/samba/patches/patch-bt			1.3
    - pkgsrc/net/samba/patches/patch-bu			1.5
    - pkgsrc/net/samba/patches/patch-bw			1.4
    - pkgsrc/net/samba/patches/patch-bx			removed
    - pkgsrc/net/samba/patches/patch-by			removed
    - pkgsrc/net/samba/patches/patch-bz			removed
    - pkgsrc/net/samba/patches/patch-ca			1.4
    - pkgsrc/net/samba/patches/patch-ce			1.1
    - pkgsrc/net/samba/patches/patch-cf			1.1
    - pkgsrc/net/samba/patches/patch-cg			1.1
    - pkgsrc/net/samba/patches/patch-ch			1.1
    
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Oct 28 07:28:51 UTC 2007
    
       Modified Files:
    	   pkgsrc/net/samba: Makefile Makefile.patches PLIST distinfo options.mk
    	   pkgsrc/net/samba/patches: patch-ag patch-at patch-au patch-av patch-ay
    	       patch-ba patch-bc patch-bd patch-be patch-bh patch-bi patch-bo
    	       patch-bp patch-br patch-bs patch-bt patch-bu patch-bw patch-ca
       Added Files:
    	   pkgsrc/net/samba/patches: patch-ce patch-cf patch-cg patch-ch
       Removed Files:
    	   pkgsrc/net/samba/patches: patch-ai patch-aj patch-al patch-am patch-bb
    	       patch-bf patch-bj patch-bk patch-bx patch-by patch-bz
    
       Log Message:
       Update samba to 3.0.26a.
    
       pkgsrc change: Add support for DESTDIR.
    
       Changes from 3.0.24 are huge, please refer WHATSNEW.txt.
    
       <http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_26/WHATSNEW.txt?rev=22651&view=markup>
    ---
       Module Name:	pkgsrc
       Committed By:	rillig
       Date:		Tue Nov  6 00:47:53 UTC 2007
    
       Modified Files:
    	   pkgsrc/net/samba: Makefile distinfo
    	   pkgsrc/net/samba/patches: patch-ba
    
       Log Message:
       Fixed an expansion of @mandir@ that accidentally got into patch-ba in
       revision 1.5.
    
       PKGREVISION++
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Fri Nov 16 11:41:38 UTC 2007
    
       Modified Files:
    	   pkgsrc/net/samba: Makefile Makefile.patches distinfo
    
       Log Message:
       Apply security fixes for CVE-2007-4572 and CVE-2007-5398 released by the
       Samba project. Bump package revision.
    ghen committed Nov 16, 2007
Commits on Nov 15, 2007
  1. Ticket #2227.

    ghen committed Nov 15, 2007