Permalink
Commits on Oct 3, 2008
  1. Pullup ticket #2538.

    tron
    tron committed Oct 3, 2008
  2. Pullup ticket #2538 - requested by taca

    tron
    tron committed Oct 3, 2008
    lighttpd: security update
    
    Revisions pulled up:
    - www/lighttpd/Makefile			1.22
    - www/lighttpd/distinfo			1.15
    - www/lighttpd/patches/patch-aa		delete
    - www/lighttpd/patches/patch-ac		delete
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Fri Oct  3 01:08:36 UTC 2008
    
    Modified Files:
    	pkgsrc/www/lighttpd: Makefile distinfo
    Removed Files:
    	pkgsrc/www/lighttpd/patches: patch-aa patch-ac
    
    Log Message:
    Update lighttpd to 1.4.20.
    
    This contains security fix: http://trac.lighttpd.net/trac/ticket/1774
    
    - 1.4.20 -
    
      * Fix mod_compress to compile with old gcc version (#1592)
      * Fix mod_extforward to compile with old gcc version (#1591)
      * Update documentation for #1587
      * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
      * Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
      * Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
      * Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
      * Don't send empty Server headers (#1620)
      * Fix conditional interpretation of core options
      * Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"
      * Fix accesslog port (should be port from the connection, not the "server.port") (#1618)
      * Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
      * Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
      * Handle EINTR in mod_cgi during write() (#1640)
      * Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
      * Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page
      * Remove lighttpd.spec* from source, fixing all problems with it ;-)
      * Do not rely on PATH_MAX (POSIX does not require it) (#580)
      * Disable logging to access.log if filename is an empty string
      * Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
      * merge spawn-fcgi changes from trunk (from @2191)
      * let spawn-fcgi propagate exit code from spawned fcgi application
      * close connection after redirect in trigger_b4_dl (thx icy)
      * close connection in mod_magnet if returned status code
      * fix bug with IPv6 in mod_evasive (#1579)
      * fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
      * [tests] fixed system, use foreground daemons and waitpid
      * [tests] removed pidfile from test system
      * [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
      * fixed typo in mod_accesslog (#1699)
      * replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
      * case insensitive match for secdownload md5 token (#1710)
      * Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
      * fixed mod_secdownload problem with unsigned time_t (#1688)
      * handle EAGAIN and EINTR for freebsd sendfile (#1675)
      * Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
      * fixed round-robin balancing in mod_proxy (#1715)
      * fixed EINTR handling for waitpid in mod_fastcgi
      * mod_{fast,s}cgi: overwrite environment variables (#1722)
      * inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
      * fixed url encoding to encode more characters (#266)
      * allow digits in [s]cgi env vars (#1712)
      * fixed dropping last character of evhost pattern (#161)
      * print helpful error message on conditionals in global block (#1550)
      * decode url before matching in mod_rewrite (#1720)
      * fixed conditional patching of ldap filter (#1564)
      * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
      * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
      * fixed format string bugs in mod_accesslog for SYSLOG
      * replaced fprintf with log_error_write in fastcgi debug
      * fixed mem leak in ssi expression parser (#1753), thx Take5k
      * hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
      * do not send content-encoding for 304 (#1754), thx yzlai
      * fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750)
      * fix splitting of auth-ldap filter
      * workaround ldap connection leak if a ldap connection failed (restarting ldap)
      * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
      * fix memleak in request header parsing (#1774, thx qhy)
      * fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
      * use decoded url for matching in mod_redirect (#1720)
Commits on Sep 29, 2008
  1. Pullup ticket #2535.

    tron
    tron committed Sep 29, 2008
  2. Pullup ticket #2535 - requested by dholland

    tron
    tron committed Sep 29, 2008
    gri: security update
    
    Revisions pulled up:
    - graphics/gri/Makefile			1.33-1.35
    - graphics/gri/PLIST			1.8
    - graphics/gri/distinfo			1.7-1.8
    - graphics/gri/patches/patch-aa		1.3
    - graphics/gri/patches/patch-ab		1.3
    - graphics/gri/patches/patch-ac		1.2
    - graphics/gri/patches/patch-ac		1.3
    - graphics/gri/patches/patch-ad		delete
    - graphics/gri/patches/patch-ae		1.3
    - graphics/gri/patches/patch-af		delete
    - graphics/gri/patches/patch-ag		1.4
    - graphics/gri/patches/patch-ag		1.5
    ---
    Module Name:	pkgsrc
    Committed By:	dholland
    Date:		Thu Sep  4 06:43:06 UTC 2008
    
    Modified Files:
    	pkgsrc/graphics/gri: Makefile PLIST distinfo
    	pkgsrc/graphics/gri/patches: patch-aa patch-ab patch-ac patch-ae
    	    patch-ag
    Removed Files:
    	pkgsrc/graphics/gri/patches: patch-ad patch-af
    
    Log Message:
    Update to 2.12.17. Fixes broken amd64 build, among other things.
    pkgsrc changes: now uses readline and popt; added destdir support.
    
    Upstream changes (not including for 2.12.17, which doesn't appear to
    be posted):
    
    Version 2.12.16 [2007 Jul 20  anniversary of the first moon landing, in 1969]
    Bug Fixes
    
        * Fix Debian bug #130802 ... postscript problem in landscape mode,
          refreshed in gv viewer
    
        * Fix Debian bug #434010 ... `set page landscape' requires `set
          page size' first, but it should really default to something
          reasonable instead.
    
    Version 2.12.15 [2007 Apr 16 Mawlid, celebration of birthday of Muhammad]
    Bug Fixes
    
        * Fix SourceForge bug #1700978 ... html concept index mostly broken
    
        * Fix SourceForge bug #1698924 ... box plots show missing data
    
        * Fix Debian bug #417217 ... will not compile in GCC 4.3
    
        * Fix SourceForge bug #1698116 ... poorly-positioned name of RHS y-axis
    
    Version 2.12.14 [2007 Jan 08: Coming-of-Age Day (Japan)]
    Bug Fixes
    
        * Fix SourceForge bug #1630768 ... Fix to segfault in clipped
          images (a bug that may have developed after version 2.13.3)
    
    Version 2.12.13 [2006 Nov 06: Constitution Day (Tajikistan)]
    Bug Fixes
    
        * Fix SourceForge bug #1591475 ... Fix to compile in Solaris CC
    
        * Fix SourceForge bug #1591062 ... Fix to compile in OpenBSD
    
    Version 2.12.12 [2006 July 16: Yellow Pigs Day]
    Bug Fixes
    
        * Fix SourceForge bug #1523033 ... Malloc error (freeing something
          already freed?)
    
        * Fix SourceForge bug #1523032 ... `create columns from function'
          bug, if there is an existing directory called `tmp'.
    
        * Fix SourceForge bug #1491105 ... `set x axis labels' had no
          affect for log axes (same for y)
    
    Version 2.12.11 [2006 Mar 30: Hindu New Year]
    Bug Fixes
    
        * Fix SourceForge bug #1449546 ... x axis limits not correctly
          inferred from `set x grid' (same for y).
    
    Version 2.12.10 [2006 Jan 26: Australia Day]
    Bug Fixes
    
        * Fix SourceForge bug #1408259 ... PostScript file contained
          private information. This was fixed by adding new commandline
          arguments `-private' and `-no_private', the former of which (the
          new default) means to not include the user's name, the
          invocation arguments, or the command-file contents (see Invoking
          Gri).
    
        * Fix SourceForge bug #1285180 ... NaN was mishandled. (The bug
          may have arisen in version 2.12.7 or thereabouts.)
    
        * Port to the FreeBSD operating system, with help from Christopher
          Illies and Roman Neuhauser.
    
        * Fix SourceForge bug #1217273 ... missing some version numbers
          within docs
    
        * Fix SourceForge bug #1196613 ... user-supplied x-axis labels can
          run offscale (fix for y-axis later...)
    
        * Fix SourceForge bug #1198341 ... x-axis labels incorrectly
          rotated (sometimes)
    
        * Fix SourceForge bug #1199280 ... warning about `malloc' for RPN
          assignments
    
        * Fix SourceForge bug #1196115 ... `gri_unpage' and `gri_merge'
          mis-installed
    
        * Fix SourceForge bug #1153209 ... Emacs mode incompatible with
          new version of `gv' PostScript viewer
    
          Fix SourceForge bug #1101172 ... `gri -help' incorrectly stated
          meaning of last argument(s)
    
        * Fix SourceForge bug #835711 ... `draw gri logo' fails.
    
        * Fix SourceForge bug #1098269 ... problem compiling on AMD64
          machine. (Solution provided by Andreas Jochens, a Debian user.)
    
        * Fix SourceForge bug #867515 ... problem with junk appearing in images.
    
        * Fix SourceForge bug #875881 ... problem compiling with gcc
          2.95.3 compiler.
    
    Version 2.12.9 [2005 Jan 6: Feast of Epiphany]
    Bug Fixes
    
        * Fix SourceForge bug #1094087 ... `set path to' incorrectly
          parsed colon-separated paths
    
        * Fix SourceForge bug #1085788 ... `image *=', `image /=', `image
          ^=', and `image _=' all gave incorrect results
    
        * Fix SourceForge bug #1084123 ... does not compile in fink
    
        * Fix SourceForge bug #676767 ... on fink systems, `help' does not work
    
    Version 2.12.8 [2004]
    Bug Fixes
    
        * Fix SourceForge bug #1019141 ... `draw arc' ignores the present
          pen color
    
        * Fix SourceForge bug #997741 ... PostScript broken on images with
          y-axis decreasing, and enclosed by PostScript clipping
    
        * Fix SourceForge bug #978822 ... documentation wrong on `set path to'
    
        * Fix SourceForge bug #932203 ... misplaced labels caused by `set
          x axis labels'
    
        * Fix SourceForge bug #928277 ... `draw polygon' should take `cm'
          and `pt' units
    
        * Fix SourceForge bug #930259 ... fix `draw arc''s drawing of an
          extra line (thanks for the fix, Wolfgang Voegeli)
    
        * Fix SourceForge bug #923719 ... `draw curve overlying' ignored
          the effect of `set dash'
    
        * Fix SourceForge bug #914125 ... offpage points in axes were
          reported as having been drawn by `draw curve'.
    
        * Fix SourceForge bug #877613 ... `help' (and other commands using
          temporary files) does not work in OSX/Fink version.
    
        * Fix SourceForge bug #874483 ... `state save' doesn't keep track
          of `dash' settings.
    
        * Fix SourceForge bug #873245 ... inaccurate times are given in
          the warnings about slow operations on OSX platform (days are
          reported instead of seconds)
    
        * Fix SourceForge bug #871477 ... the `missing value' feature
          should not be the default. The solution involved adding a new
          command `set missing value none', which is now the default.
    
    Version 2.12.7 [2003 Sep 4]
    Bug Fixes
    
        * Fix SourceForge bug #800022 AKA Debian bug #208589, ... did not
          build on some Debian platforms because it was based on an old
          version of `automake'.
    
    Version 2.12.6 [2003 Sep 1: Labour Day]
    New Features
    
        * Add `age' RPN function, for testing file ages (see age-rpn-operator).
    
    Bug Fixes
    
        * Fix SourceForge bug #773850 ... bounding-box is increased by
          `draw symbol' even if (rectangular) postscript clipping is
          active.
    
        * Fix SourceForge bug #760130 ... Solaris cannot compile with
          `C-l' in Makefile.
    
        * Fix SourceForge bug #743134 ... bounding box not limited by `set
          clip postscript'
    
        * Fix SourceForge bug #750561 ... during compilation, `make'
          rebuilds HTML docs even if up-to-date
    ---
    Module Name:	pkgsrc
    Committed By:	dholland
    Date:		Tue Sep 16 22:47:41 UTC 2008
    
    Modified Files:
    	pkgsrc/graphics/gri: Makefile distinfo
    	pkgsrc/graphics/gri/patches: patch-ac patch-ag
    
    Log Message:
    Update to 2.12.18.
    Changes from 2.12.17 (properly part of the previous update) included
    for reference.
    
    Version 2.12.18 [2008 Sep 8  International Literacy Day]
    Bug Fixes
    
        * Improve security of temporary-file handling.
    
        * Fix SourceForge bug #1985862 ... SVG output had axis linewidth
          equal to curve line width.
    
    Version 2.12.17 [2008 May 29  Oak Apple Day (England)]
    New Features
    
        * Add GNU readline support so that interactive mode will have
          history, command editing, etc.
    
    Bug Fixes
    
        * Fix SourceForge bug #1913577 ... superscripts did not end
          correctly, if preceeded by an inline `{}' block.
    
        * Fix SourceForge bug #1761562 ... y axis name printed upside
          down, for log axes in which user specified a high values at the
          bottom end of the axis
    ---
    Module Name:	pkgsrc
    Committed By:	dholland
    Date:		Sat Sep 20 18:53:11 UTC 2008
    
    Modified Files:
    	pkgsrc/graphics/gri: Makefile
    
    Log Message:
    needs build dep on tex
Commits on Sep 26, 2008
  1. Pullup tickets #2533 and #2534.

    tron
    tron committed Sep 26, 2008
  2. Pullup ticket #2534 - requested by ghen

    tron
    tron committed Sep 26, 2008
    firefox3-bin: security update
    
    Revisions pulled up:
    - www/firefox3-bin/MESSAGE	1.2
    - www/firefox3-bin/Makefile	1.3
    - www/firefox3-bin/distinfo	1.2
    ---
    Module Name:	pkgsrc
    Committed By:	ghen
    Date:		Wed Sep 24 16:14:49 UTC 2008
    
    Modified Files:
    	pkgsrc/www/firefox3-bin: MESSAGE Makefile distinfo
    
    Log Message:
    Bring on-par with www/firefox3.  See there for change log.
  3. Pullup ticket #2534 - requested by ghen

    tron
    tron committed Sep 26, 2008
    firefox: security update
    firefox-bin:  security update
    firefox-gtk1: security update
    
    www/firefox-bin/Makefile			1.45
    www/firefox-bin/distinfo			1.45
    www/firefox-gtk1/Makefile			1.20-1.21
    www/firefox-gtk1/PLIST				1.16
    www/firefox/Makefile				1.47-1.48
    www/firefox/Makefile-firefox.common		1.60
    www/firefox/PLIST				1.31
    www/firefox/distinfo				1.81-1.82
    www/firefox/patches/patch-ee			1.1
    www/firefox/patches/patch-ef			1.1
    www/firefox/patches/patch-eg			1.1
    ---
    Module Name:    pkgsrc
    Committed By:   martin
    Date:           Mon Aug 11 10:09:21 UTC 2008
    
    Modified Files:
            pkgsrc/www/firefox: Makefile distinfo
            pkgsrc/www/firefox-gtk1: Makefile
    Added Files:
            pkgsrc/www/firefox/patches: patch-ee patch-ef patch-eg
    
    Log Message:
    Add "unicode" processing alignment patch from mozilla's bugzilla to make
    firefox work again on archs requiring strict alignement.
    Bump pkgrevision.
    ---
    Module Name:	pkgsrc
    Committed By:	ghen
    Date:		Wed Sep 24 14:34:36 UTC 2008
    
    Modified Files:
    	pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo
    	pkgsrc/www/firefox-bin: Makefile distinfo
    	pkgsrc/www/firefox-gtk1: Makefile PLIST
    
    Log Message:
    Update firefox, firefox-bin and firefox-gtk1 to 2.0.0.17.
    (ok during freeze agc@)
    
    Security fixes in this version:
    
    MFSA 2008-45 XBM image uninitialized memory reading
    MFSA 2008-44 resource: traversal vulnerabilities
    MFSA 2008-43 BOM characters stripped from JavaScript before execution
    MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.1=
    7)
    MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    MFSA 2008-40 Forced mouse drag
    MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    MFSA 2008-37 UTF-8 URL stack buffer overflow
    
    For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
  4. Pullup ticket #2534 - requested by ghen

    tron
    tron committed Sep 26, 2008
    firefox3: security update
    
    Revisions pulled up:
    - www/firefox3/Makefile		1.5-1.6
    - www/firefox3/distinfo		1.4
    - www/firefox3/patches/patch-dk	1.2
    ---
    Module Name:    pkgsrc
    Committed By:   tnn
    Date:           Fri Jul 18 07:25:35 UTC 2008
    
    Modified Files:
            pkgsrc/www/firefox3: Makefile
    
    Log Message:
    Take fallback maintainership.
    Do feel free to take it off my shoulders though :-)
    ---
    Module Name:	pkgsrc
    Committed By:	tnn
    Date:		Wed Sep 24 11:40:24 UTC 2008
    
    Modified Files:
    	pkgsrc/www/firefox3: Makefile distinfo
    	pkgsrc/www/firefox3/patches: patch-dk
    
    Log Message:
    Update to firefox3-3.0.2.
    Changes:
    * Fixed several security issues.
    * Fixed several stability issues.
    * Fixed a number of minor issues with the layout of certain web pages.
    * Fixed several theme issues that affected right-to-left locales.
    * Fixed issue that caused some users with customized toolbars to have their
      Back and Forward buttons go missing (bug 426026)
    * Add new Extended Validation (EV) roots to Firefox 3.0.2.
    * On certain IDN sites, the password manager would not fill in username
      and password details properly.
    * Fixed several hangs and crashes that occurred when using screen readers.
  5. Pullup ticket #2533 - tonnerre

    tron
    tron committed Sep 26, 2008
    faad2: security patch
    
    Revisions pulled up:
    - audio/faad2/Makefile		1.41
    - audio/faad2/distinfo		1.17
    - audio/faad2/patches/patch-at	1.2
    ---
    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Wed Sep 24 22:25:14 UTC 2008
    
    Modified Files:
    	pkgsrc/audio/faad2: Makefile distinfo
    	pkgsrc/audio/faad2/patches: patch-at
    
    Log Message:
    Fix for faad2 decodeMP4file() heap overflow. If the sample count looks
    insane, it may as well be insane. Also bump PKGREVISION.
Commits on Sep 23, 2008
  1. Pullup ticket #2532.

    tron
    tron committed Sep 23, 2008
  2. Pullup ticket #2532 - requested by taca

    tron
    tron committed Sep 23, 2008
    mysql5-client: security update
    mysql5-server: security update
    
    Revisions pulled up:
    - databases/mysql5-client/Makefile		1.19
    - databases/mysql5-client/Makefile.common	1.33
    - databases/mysql5-client/buildlink3.mk		1.12
    - databases/mysql5-client/distinfo		1.24
    - databases/mysql5-client/patches/patch-ab	1.3
    - databases/mysql5-client/patches/patch-ac	1.7
    - databases/mysql5-client/patches/patch-af	1.7
    - databases/mysql5-client/patches/patch-ag	1.4
    - databases/mysql5-client/patches/patch-aj	1.3
    - databases/mysql5-client/patches/patch-ak	delete
    - databases/mysql5-client/patches/patch-al	1.3
    - databases/mysql5-server/Makefile		1.25
    - databases/mysql5-server/PLIST			1.13
    - databases/mysql5-server/distinfo		1.21
    - databases/mysql5-server/patches/patch-ad	1.4
    - databases/mysql5-server/patches/patch-ag	1.7
    - databases/mysql5-server/patches/patch-ai	1.3
    - databases/mysql5-server/patches/patch-an	1.5
    - databases/mysql5-server/patches/patch-ca	1.2
    - databases/mysql5-server/patches/patch-cb	1.2
    - databases/mysql5-server/patches/patch-cc	1.2
    - databases/mysql5-server/patches/patch-da	delete
    - databases/mysql5-server/patches/patch-db	delete
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Thu Sep 18 11:50:44 UTC 2008
    
    Modified Files:
    	pkgsrc/databases/mysql5-client: Makefile.common buildlink3.mk distinfo
    	pkgsrc/databases/mysql5-client/patches: patch-ab patch-af patch-ag
    	    patch-aj patch-al
    Added Files:
    	pkgsrc/databases/mysql5-client/patches: patch-ac
    Removed Files:
    	pkgsrc/databases/mysql5-client/patches: patch-ak
    
    Log Message:
    Update mysql5-client pacakge to 5.0.67.
    
    For complete changes, please refer
    http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html.
    Here is a part of it.
    
    Functionality added or changed:
    
    Security Enhancement:
    
      To enable stricter control over the location from which user-defined
      functions can be loaded, the plugin_dir system variable has been
      backported from MySQL 5.1. If the value is non-empty, user-defined
      function object files can be loaded only from the directory named by this
      variable. If the value is empty, the behavior that is used before 5.0.67
      applies: The UDF object files must be located in a directory that is
      searched by your system's dynamic linker. (Bug#37428)
    
    Important Change: Incompatible Change:
    
      The FEDERATED storage engine is now disabled by default in the .cnf files
      shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so
      forth). This affects server behavior only if you install one of these
      files. (Bug#37069)
    
    Cluster API: Important Change:
    
      Because NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in bytes
      rather than kilobytes, it has been renamed to page_size_bytes. The name
      page_size_kb is now deprecated and thus subject to removal in a future
      release, although it currently remains supported for reasons of backward
      compatibility. See The Ndb_logevent_type Type, for more information about
      NDB_LE_MemoryUsage. (Bug#30271)
    
    Important Change:
    
      Some changes were made to CHECK TABLE ... FOR UPGRADE and REPAIR TABLE
      with respect to detection and handling of tables with incompatible .frm
      files (files created with a different version of the MySQL server). These
      changes also affect mysqlcheck because that program uses CHECK TABLE and
      REPAIR table, and thus also mysql_upgrade because that program invokes
      mysqlcheck.
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Thu Sep 18 11:51:37 UTC 2008
    
    Modified Files:
    	pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
    	pkgsrc/databases/mysql5-server/patches: patch-ad patch-ag patch-ai
    	    patch-an patch-ca patch-cb patch-cc
    Removed Files:
    	pkgsrc/databases/mysql5-server/patches: patch-da patch-db
    
    Log Message:
    Update mysql5-server pacakge to 5.0.67.
    
    This is security fix.
    
    For complete changes, please refer
    http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html.
    Here is a part of it.
    
    Functionality added or changed:
    
    Security Enhancement:
    
      To enable stricter control over the location from which user-defined
      functions can be loaded, the plugin_dir system variable has been
      backported from MySQL 5.1. If the value is non-empty, user-defined
      function object files can be loaded only from the directory named by this
      variable. If the value is empty, the behavior that is used before 5.0.67
      applies: The UDF object files must be located in a directory that is
      searched by your system's dynamic linker. (Bug#37428)
    
    Important Change: Incompatible Change:
    
      The FEDERATED storage engine is now disabled by default in the .cnf files
      shipped with MySQL distributions (my-huge.cnf, my-medium.cnf, and so
      forth). This affects server behavior only if you install one of these
      files. (Bug#37069)
    
    Cluster API: Important Change:
    
      Because NDB_LE_MemoryUsage.page_size_kb shows memory page sizes in bytes
      rather than kilobytes, it has been renamed to page_size_bytes. The name
      page_size_kb is now deprecated and thus subject to removal in a future
      release, although it currently remains supported for reasons of backward
      compatibility. See The Ndb_logevent_type Type, for more information about
      NDB_LE_MemoryUsage. (Bug#30271)
    
    Important Change:
    
      Some changes were made to CHECK TABLE ... FOR UPGRADE and REPAIR TABLE
      with respect to detection and handling of tables with incompatible .frm
      files (files created with a different version of the MySQL server). These
      changes also affect mysqlcheck because that program uses CHECK TABLE and
      REPAIR table, and thus also mysql_upgrade because that program invokes
      mysqlcheck.
    ---
    Module Name:	pkgsrc
    Committed By:	tron
    Date:		Thu Sep 18 12:49:40 UTC 2008
    
    Modified Files:
    	pkgsrc/databases/mysql5-client: Makefile
    
    Log Message:
    Fix path to Perl interpreter in the installed scripts. Bump package
    revision because of this fix.
Commits on Sep 21, 2008
  1. ticket #2530

    rtr
    rtr committed Sep 21, 2008
  2. pullup ticket #2530 - requested by tron

    rtr
    rtr committed Sep 21, 2008
    phpmyadmin: update package for security fixes
    
    revisions pulled up:
    pkgsrc/databases/phpmyadmin/Makefile	1.75
    pkgsrc/databases/phpmyadmin/distinfo	1.38
    
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Thu Sep 18 14:33:35 UTC 2008
    
       Modified Files:
               pkgsrc/databases/phpmyadmin: Makefile distinfo
    
       Log Message:
       Update "phpmyadmin" package to version 2.11.9.1. Changes since 2.11.8.1:
       - bug #2031221 [auth] Links to version number on login screen
       - bug #2032707 [core] PMA does not start if ini_set() is disabled
       - bug #2004915 [bookmarks] Saved queries greater than 1000 chars
         not displayed
       - bug #2037381 [export] Export type "replace" does not work
       - bug #2037375 [export] DROP PROCEDURE needs IF EXISTS
       - bug #2045512 [export] Numbers in Excel export
       + [lang] Norwegian UTF-8 original file remerged
       - bug #2074250 [parser] Undefined variable seen_from
       - [security] Code execution vulnerability
    
       This update fixes the security vulnerability reported in PMASA-2008-7.
Commits on Sep 17, 2008
  1. Pullup tickets #2525 and #2528.

    tron
    tron committed Sep 17, 2008
  2. Pullup ticket #2528 - requested by taca

    tron
    tron committed Sep 17, 2008
    ruby18-base: security patch
    
    Revisions pulled up:
    - lang/ruby18-base/Makefile		1.47
    - lang/ruby18-base/distinfo		1.34
    - lang/ruby18-base/patches/patch-dg	1.5
    - lang/ruby18-base/patches/patch-dh	1.3
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Sun Sep 14 05:17:18 UTC 2008
    
    Modified Files:
    	pkgsrc/lang/ruby18-base: Makefile distinfo
    Added Files:
    	pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh
    
    Log Message:
    Add fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
    (http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
    from ruby_1_8 branch.
    
    Bump PKGREVISION.
  3. Pullup ticket #2525 - requested by abs

    tron
    tron committed Sep 17, 2008
    apache-tomcat55: security update
    
    Revisions pulled up:
    - www/apache-tomcat55/Makefile	1.17
    - www/apache-tomcat55/PLIST	1.6
    - www/apache-tomcat55/distinfo	1.7
    ---
        Module Name:	pkgsrc
        Committed By:	abs
        Date:		Wed Sep 10 09:53:31 UTC 2008
    
        Modified Files:
         	pkgsrc/www/apache-tomcat55: Makefile PLIST distinfo
    
        Log Message:
        Updated www/apache-tomcat55 to 5.5.27
    
        Tomcat 5.5.27 (fhanik)
    
             General
    
                 44463: War file upload in manager webapp fails due to missing commons-io dependency. Added commons-io 1.4. (rjung)
    
             Catalina
    
                 44021, 43013: Add support for # to signify multi-level contexts for directories and wars.
                 44494: Backport from 6.0 (rjung)
                 Add additional checks for URI normalization. (remm)
                 Don't throw an ArrayIndexOutOfBoundsException when empty URL is requested. Patch provided by Charles R Caldarale. (markt)
                 29936: Don't use parser from a webapp to parse web.xml and possibly context.xml files. (markt)
                 43079: Correct pattern verification for suspicious URLs. Patch provided by John Kew. (markt)
                 43080: Log suspicious URL pattern warnings to the correct web application. (markt)
                 43117: Setting an empty workDIR could delete all of CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
                 44282: Prevent security exception in trace level logging for web application class loader when running under a security manager. (markt)
                 44529: No roles specified (deny all) should take precedence over no auth-constraint specified (allow-all). (markt)
                 43578: Enable start on Linux if $CATALINA_HOME contains a space. Original patch provided by Ray Sauers with improvements by Ian Ward Comfort. (markt)
                 44673: Throw IOE if ServletInputStream is closed and a call is made to any read(), ready(), mark(), reset(), or skip() method as per javadocs for Reader. (markt)
                 Enable the CGIServlet to work with Windows Vista. (markt)
                 Add additional permission required to read JDK logging configuration when running with a security manager. (markt)
                 44943: Reduce copy/paste issues caused by different engine names in server.xml. (markt)
                 45195: Prevent NPE when calling Session.getAttribute(null) and Session.removeAttribute(null). The spec is unclear but this is a regression from 5.0.x. (markt)
                 45293: Update name of commons-logging jar in security policy. (markt)
                 45453: Fix race condition in JDBC Realm. Based on a patch provided by Santtu Hyrkk. (markt)
                 JAAS Realm did not read role information for users. (markt)
    
             Connectors
    
                 Log errors for AJP signoffs at DEBUG level, since it is harmless if mod_jk has hung up the phone. (billbarker)
                 42727: Handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. (markt)
                 43191: Compression could not be disabled for some file types. Based on a patch by Len Popp. (markt)
                 45591: Fix NPE on shutdown failure in some cases. Based on a patch by Matt Passell. (markt)
    
             Jasper
    
                 31257: Quote endorsed dirs if they contain a space. (markt)
                 42943: Make sure nested element is inside <jsp:text> element before throwing exception. (markt)
                 44877: Prevent collisions in tag pool names. (markt)
                 45015: Enfore JSP spec rules on quoting in attrbutes. This is configurable using the system property org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING. (markt)
    
             Webapps
    
                 42899: When saving config from admin app, correctly handle case where the old config file does not exist. (markt)
                 44541: Document packetSize attribute for AJP connector. (markt)
                 44715: Document use of secret for AJP connector. (markt)
                 45323: Add note that context.xml files can only contain a single Context element. (markt)
                 Update JNDI datasource docs since maxActive setting for unlimited changed in commons-pool > 1.2. (markt)
    
             Specification
    
                 Use a localised error message if a user tries to write a negative length byte array during default processing of a HEAD request. (markt)
                 44562: HEAD requests cannot use includes. Patch provided by David Jencks. (markt)
Commits on Sep 11, 2008
  1. Ticket #2527.

    ghen
    ghen committed Sep 11, 2008
  2. Pullup ticket 2527 - requested by wiz

    ghen
    ghen committed Sep 11, 2008
    security update for libxml2
    
    - pkgsrc/textproc/libxml2/Makefile			1.94
    - pkgsrc/textproc/libxml2/distinfo			1.66
    - pkgsrc/textproc/libxml2/patches/patch-aa		1.23
    
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Sat Sep  6 14:58:34 UTC 2008
    
       Modified Files:
    	   pkgsrc/textproc/libxml2: Makefile distinfo
    	   pkgsrc/textproc/libxml2/patches: patch-aa
    
       Log Message:
       Update to 2.7.1:
    
       2.7.1: Sep 1 2008
    
           * Portability fix: Borland C fix (Moritz Both)
           * Bug fixes: python serialization wrappers, XPath QName corner
             case handking and leaks (Martin)
           * Improvement: extend the xmlSave to handle HTML documents and trees
           * Cleanup: python serialization wrappers
    
       2.7.0: Aug 30 2008
    
           * Documentation: switch ChangeLog to UTF-8, improve mutithreads
           and xmlParserCleanup docs
           * Portability fixes: Older Win32 platforms (Rob Richards), MSVC
           porting fix (Rob Richards), Mac OS X regression tests (Sven
           Herzberg), non GNUCC builds (Rob Richards), compilation on
           Haiku (Andreas F�rber)
           * Bug fixes: various realloc problems (Ashwin), potential
           double-free (Ashwin), regexp crash, icrash with invalid whitespace
           facets (Rob Richards), pattern fix when streaming (William
           Brack), various XML parsing and validation fixes based on the
           W3C regression tests, reader tree skipping function fix (Ashwin),
           Schemas regexps escaping fix (Volker Grabsch), handling of
           entity push errors (Ashwin), fix a slowdown when encoder cant
           serialize characters on output
           * Code cleanup: compilation fix without the reader, without
           the output (Robert Schwebel), python whitespace (Martin), many
           space/tabs cleanups, serious cleanup of the entity handling
           code
           * Improvement: switch parser to XML-1.0 5th edition, add parsing
           flags for old versions, switch URI parsing to RFC 3986, add
           xmlSchemaValidCtxtGetParserCtxt (Holger Kaelberer), new hashing
           functions for dictionnaries (based on Stefan Behnel work),
           improve handling of misplaced html/head/body in HTML parser,
           better regression test tools and code coverage display, better
           algorithms to detect various versions of the billion laughts
           attacks, make arbitrary parser limits avoidable as a parser
           option
Commits on Sep 10, 2008
  1. Pullup tickets #2522, #2523 and #2524.

    tron
    tron committed Sep 10, 2008
  2. Pullup ticket #2524 - requested by martti

    tron
    tron committed Sep 10, 2008
    rrdtool: update package to avoid data corruption
    
    Revisions pulled up:
    databases/rrdtool/Makefile			1.68-1.69
    databases/rrdtool/buildlink3.mk			1.20
    databases/rrdtool/distinfo			1.30-1.31
    databases/rrdtool/patches/patch-al		1.13-1.14
    databases/rrdtool/patches/patch-am		delete
    ---
        Module Name:    pkgsrc
        Committed By:   martti
        Date:           Tue Jul 29 17:23:17 UTC 2008
    
        Modified Files:
                 pkgsrc/databases/rrdtool: Makefile distinfo
                 pkgsrc/databases/rrdtool/patches: patch-al
        Removed Files:
                 pkgsrc/databases/rrdtool/patches: patch-am
    
        Log Message:
        Updated databases/rrdtool to 1.3.1
    
        * image size does get returned properly even with --lazy active
           this broke a number of frontends which should work now.
        * fix rrd_restore to be able to read rrd 1.0.x generated dumps again.
        * several documetation fixes
        * make rrdtool.spec work without php
        * complain when someone tries to create an rrd file with step size zero.
        * added filename to illegal updated interval error message.
        * fix number of rows returned by python modules fetch implementation.
        ---
        Module Name:	pkgsrc
        Committed By:	martti
        Date:		Wed Sep 10 05:38:12 UTC 2008
    
        Modified Files:
        	pkgsrc/databases/rrdtool: Makefile buildlink3.mk distinfo
        	pkgsrc/databases/rrdtool/patches: patch-al
    
        Log Message:
        Updated databases/rrdtool to 1.3.2
    
        MAJOR BUG-FIX:
    
        * When running rrdtool update with multiple updates in one go and
           MMAP enabled, there was a data corruption bug at wrap around.
           See http://oss.oetiker.ch/rrdtool-trac/ticket/178 for details
           Thanks to Kevin Brintnall
    
        OTHER FIXES:
    
        * Forward ported rra cur_row randomization patch from rrdtool
           1.2.28 (it got lost in development).
    
        * Contrary to the documentation imginfo did return the full path
           of the image and not only the file name.
    
        * Make --lazy mode work even when PRINT commands are present.
           http://oss.oetiker.ch/rrdtool-trac/ticket/163
    
        * Fix Ruby Bindings memory leak.
    
        * Fix compilation on solaris 2.8
    
        * Fix a ton of memory leaks in rrd_create and some in rrd_tool as
           well. Based on valgrind analysis by Sven Engelhardt. Thanks!
    
        * Fix handling of error conditions in rrd_tool.c (errno is not the
           ideal indicator)
    
        ENHANCEMENTS:
    
        * Text Strings entered in the current locale will automatically be
           transformed to utf8 for proper handling by Pango.
    
        * Dramatically improved Pango Performance by introducing a static
           fontmap. On my test system the persistent fontmap causes the
           second graph with the same fonts in a single session to be
           created about 0.18s faster than the first one. For a total graph
           creation time of 0.21s this is a pretty substantial improvement.
           With this patch, performance for the second graph is back to
           1.2.x levels or even better.
  3. Pullup - ticket #2523 - requested by is

    tron
    tron committed Sep 10, 2008
    tk: make this package work with modular X.org
    
    Revisions pulled up:
    x11/tk/Makefile			1.62
    x11/tk/distinfo			1.34
    x11/tk/patches/patch-ae		1.4
    ---
        Module Name:	pkgsrc
        Committed By:	dsainty
        Date:		Wed Aug  6 04:09:12 UTC 2008
    
        Modified Files:
    	pkgsrc/x11/tk: Makefile distinfo
        Added Files:
    	pkgsrc/x11/tk/patches: patch-ae
    
        Log Message:
        Tk uses X event numbers to index an "event" array, as well as adding a few of
        its own, starting with "VirtualEvent" (Which is correctly set to LASTEvent,
        defined in include/X11/X.h).  In xproto-7.0.13, a new event "GenericEvent" was
        added - making the defined array broken for all of Tk's internal events.
    
        The easy fix is to just add in the missing event into the hard-coded array.
    
        This patch was reported here: http://bugs.gentoo.org/show_bug.cgi?id=225999
    
        A cleaner fix, but a much bigger patch, is listed in the Tk bug tracker.  I'm
        punting that Tk will have been updated with the fix before X.h grows another
        event.
    
        http://sourceforge.net/tracker/index.php?func=detail&aid=2010422&group_id=12997&atid=112997
    
        Bump PKGREVISION.
  4. Pullup ticket #2522 - requested by taca

    tron
    tron committed Sep 10, 2008
    geeklog: security patch
    
    Revisions pulled up:
    - www/geeklog/Makefile		1.20
    - www/geeklog/distinfo		1.8
    - www/geeklog/patches/patch-ai	1.1
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Tue Sep  9 14:34:13 UTC 2008
    
    Modified Files:
    	pkgsrc/www/geeklog: Makefile distinfo
    Added Files:
    	pkgsrc/www/geeklog/patches: patch-ai
    
    Log Message:
    Add security fix of FCKeditor.
    
    	http://www.geeklog.net/article.php/file-uploads
    
    Bump PKGREVISION.
Commits on Sep 7, 2008
  1. Ticket #2521.

    ghen
    ghen committed Sep 7, 2008
  2. Pullup ticket 2521 - requested by martti

    ghen
    ghen committed Sep 7, 2008
    security update for vim
    
    - pkgsrc/editors/vim-lang/PLIST				1.8
    - pkgsrc/editors/vim-share/Makefile.common		1.111, 1.112
    - pkgsrc/editors/vim-share/PLIST			1.12
    - pkgsrc/editors/vim-share/distinfo			1.100, 1.101
    - pkgsrc/editors/vim-share/version.mk			1.55, 1.56
    - pkgsrc/editors/vim-share/patches/patch-aa		1.15
    - pkgsrc/editors/vim-share/patches/patch-ad		1.14
    - pkgsrc/editors/vim-share/patches/patch-zb		1.7
    
       Module Name:    pkgsrc
       Committed By:   martti
       Date:           Mon Aug 11 12:14:10 UTC 2008
    
       Modified Files:
                pkgsrc/editors/vim-lang: PLIST
                pkgsrc/editors/vim-share: Makefile.common PLIST distinfo version.mk
                pkgsrc/editors/vim-share/patches: patch-aa patch-ad patch-zb
    
       Log Message:
       Updated VIM to 7.2
    
       This is a minor release of Vim.  In the 15 months since Vim 7.1 many
       bugs were fixed and runtime files have been added and updated.  There
       are also security improvements, therefore it's a good idea to upgrade.
    
       The main new feature since 7.1 is floating point support.  You can use
       it in the Vim script language to add up a list of amounts, for example.
    
       Once you have installed Vim 7.2 you can find details about the changes
       since Vim 7.1 with ":help version-7.2".
    ---
       Module Name:		pkgsrc
       Committed By:	martti
       Date:		Sat Sep  6 17:05:47 UTC 2008
    
       Modified Files:
    	   pkgsrc/editors/vim-share: Makefile.common distinfo version.mk
    
       Log Message:
       Updated editors/vim-share to 7.2.10
    
          1877  7.2.001  Mac: pseudo-ttys don't work properly on Leopard
          1462  7.2.002  leaking memory when displaying menus
          3663  7.2.003  typo in translated message, message not translated
          3413  7.2.004  Cscope help message is not translated
          4638  7.2.005  a few problems when profiling
          1552  7.2.006  HTML files are not recognized by contents
         16735  7.2.007  (extra) minor issues for VMS
          1947  7.2.008  wrong window count when using :bunload in a BufHidden
       autocmd
          2245  7.2.009  can't compile with Perl 5.10 on MS-aindows
          5415  7.2.010  "K" in Visual mode does not properly escape all characters
    
       7.2.010 fixes http://www.rdancer.org/vulnerablevim-K.html
Commits on Sep 6, 2008
  1. ticket #2510

    rtr
    rtr committed Sep 6, 2008
  2. pullup ticket #2510 - requested by tron

    rtr
    rtr committed Sep 6, 2008
    tiff: security patch
    
    revisions pulled up:
    pkgsrc/graphics/tiff/Makefile		1.86
    pkgsrc/graphics/tiff/distinfo		1.41
    pkgsrc/graphics/tiff/patches/patch-ac	1.19
    
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Sat Aug 30 08:12:45 UTC 2008
    
       Modified Files:
       pkgsrc/graphics/tiff: Makefile distinfo
       Added Files:
       pkgsrc/graphics/tiff/patches: patch-ac
    
       Log Message:
       Apply Debian's fix for the security vulnerability reported in
       CVE-2008-2327. Bump package revision.
Commits on Sep 5, 2008
  1. Tickets #2517-2520.

    ghen
    ghen committed Sep 5, 2008
  2. Pullup ticket 2520 - requested by tron

    ghen
    ghen committed Sep 5, 2008
    security update for wireshark
    
    - pkgsrc/net/wireshark/Makefile				1.26
    - pkgsrc/net/wireshark/distinfo				1.15
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Fri Sep  5 10:22:08 UTC 2008
    
       Modified Files:
    	   pkgsrc/net/wireshark: Makefile distinfo
    
       Log Message:
       Update "wireshark" package to version 1.0.3. Changes since 1.0.2:
       - Security-related bugs in the NCP dissector, zlib compression code, and
         Tektronix .rf5 file parser have been fixed.
       - WPA group key decryption is now supported.
       - A bug that could cause packets to be wrongly dissected as "Redback
         Lawful Intercept" has been fixed.
    
       This update address the security vulnerability reported in CVE-2008-3146.
  3. Pullup ticket 2518 - requested by martti

    ghen
    ghen committed Sep 5, 2008
    security update for postfix
    
    - pkgsrc/mail/postfix/Makefile				1.219, 1.220
    - pkgsrc/mail/postfix/distinfo				1.119
    - pkgsrc/mail/postfix/patches/patch-aa			1.21
    - pkgsrc/mail/postfix/patches/patch-ag			1.25
    - pkgsrc/mail/postfix/patches/patch-ai			1.22
    
    - pkgsrc/mail/postfix-current/Makefile			1.100, 1.101
    - pkgsrc/mail/postfix-current/distinfo			1.46
    - pkgsrc/mail/postfix-current/patches/patch-aa		1.19
    - pkgsrc/mail/postfix-current/patches/patch-ag		1.17
    - pkgsrc/mail/postfix-current/patches/patch-ai		1.20
    
       Module Name:    pkgsrc
       Committed By:   ghen
       Date:           Fri Aug 22 20:29:55 UTC 2008
    
       Modified Files:
                pkgsrc/mail/postfix: Makefile
                pkgsrc/mail/postfix-current: Makefile
    
       Log Message:
       Add some (http) mirrors.
    ---
       Module Name:	pkgsrc
       Committed By:	martti
       Date:		Thu Sep  4 08:25:20 UTC 2008
    
       Modified Files:
    	   pkgsrc/mail/postfix: Makefile distinfo
    	   pkgsrc/mail/postfix/patches: patch-aa patch-ag patch-ai
    
       Log Message:
       Updated mail/postfix to 2.5.5
    
       Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
       denial of service attack by a local user. There is no breach of
       data confidentiality or data integrity. This problem was found by
       the Postfix author during routine source code maintenance.
    
       An on-line version of this announcement is available at
       http://www.postfix.org/announcements/20080902.html
    ---
       Module Name:	pkgsrc
       Committed By:	martti
       Date:		Thu Sep  4 08:25:31 UTC 2008
    
       Modified Files:
    	   pkgsrc/mail/postfix-current: Makefile distinfo
    	   pkgsrc/mail/postfix-current/patches: patch-aa patch-ag patch-ai
    
       Log Message:
       Updated mail/postfix-current to 2.6.20080903
    
       Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
       denial of service attack by a local user. There is no breach of
       data confidentiality or data integrity. This problem was found by
       the Postfix author during routine source code maintenance.
    
       An on-line version of this announcement is available at
       http://www.postfix.org/announcements/20080902.html
  4. Pullup ticket 2518 - requested by martti

    ghen
    ghen committed Sep 5, 2008
    security update for clamav
    
    - pkgsrc/mail/clamav/Makefile				1.87
    - pkgsrc/mail/clamav/buildlink3.mk			1.16
    - pkgsrc/mail/clamav/distinfo				1.54
    - pkgsrc/mail/clamav/patches/patch-ad			1.15
    - pkgsrc/mail/clamav/patches/patch-af			1.6
    - pkgsrc/mail/clamav/patches/patch-ah			1.16
    - pkgsrc/mail/clamav/patches/patch-ba			removed
    
       Module Name:	pkgsrc
       Committed By:	martti
       Date:		Thu Sep  4 06:44:07 UTC 2008
    
       Modified Files:
    	   pkgsrc/mail/clamav: Makefile buildlink3.mk distinfo
    	   pkgsrc/mail/clamav/patches: patch-ad patch-af patch-ah
       Removed Files:
    	   pkgsrc/mail/clamav/patches: patch-ba
    
       Log Message:
       Updated mail/clamav to 0.94
    
       * Lots of bug fixes
    
       I removed patch-ba and tested this on NetBSD/i386 3.1.1_PATCH and
       NetBSD/amd64 4.0_STABLE and everything seems to work...
  5. Pullup ticket 2517 - requested by wiz

    ghen
    ghen committed Sep 5, 2008
    security update for WordNet
    
    - pkgsrc/textproc/WordNet/Makefile			1.3
    - pkgsrc/textproc/WordNet/distinfo			1.2
    
       Module Name:		pkgsrc
       Committed By:	wiz
       Date:		Mon Sep  1 14:58:53 UTC 2008
    
       Modified Files:
    	   pkgsrc/textproc/WordNet: Makefile distinfo
    
       Log Message:
       Fix possible security problem when WordNet was used as e.g. a web backend,
       using the patch provided by Rob Holland from the oCERT Team, see
       http://www.ocert.org/advisories/ocert-2008-014.html
    
       Bump PKGREVISION.
Commits on Sep 4, 2008
  1. Pullup tickets #2515 and #2516.

    tron
    tron committed Sep 4, 2008
  2. Pullup ticket #2516 - requested by kefren

    tron
    tron committed Sep 4, 2008
    mono: security patch
    
    Revisions pulled up:
    - lang/mono/Makefile		1.70-1.71
    - lang/mono/PLIST		1.25
    - lang/mono/distinfo		1.37
    - lang/mono/patches/patch-cl	1.1
    - lang/mono/patches/patch-cm	1.1
    ---
    Module Name:    pkgsrc
    Committed By:   tron
    Date:           Sun Aug 10 16:19:33 UTC 2008
    
    Modified Files:
            pkgsrc/lang/mono: Makefile PLIST
    
    Log Message:
    Remove directory "include/mono-1.0/mono" on deinstallation.
    Bump package revision because of a package list fix.
    ---
    Module Name:	pkgsrc
    Committed By:	kefren
    Date:		Mon Sep  1 09:28:54 UTC 2008
    
    Modified Files:
    	pkgsrc/lang/mono: Makefile distinfo
    Added Files:
    	pkgsrc/lang/mono/patches: patch-cl patch-cm
    
    Log Message:
    Merge fix for Bug 418620 (SVN revision 111276) - Sys.Web is prone to
    "HTTP header injection" attacks
  3. Pullup ticket #2515 - requested by tonnerre

    tron
    tron committed Sep 4, 2008
    ffmpeg: security patch
    
    Revisions pulled up:
    - multimedia/ffmpeg/Makefile		1.36
    - multimedia/ffmpeg/distinfo		1.15
    - multimedia/ffmpeg/patches/patch-al	1.1
    ---
    Module Name:	pkgsrc
    Committed By:	tonnerre
    Date:		Mon Sep  1 00:00:10 UTC 2008
    
    Modified Files:
    	pkgsrc/multimedia/ffmpeg: Makefile distinfo
    Added Files:
    	pkgsrc/multimedia/ffmpeg/patches: patch-al
    
    Log Message:
    Add patch to fix ffmpeg remote system access vulnerability
    (CVE-2008-3162).
Commits on Sep 3, 2008
  1. Pullup ticket #2514.

    tron
    tron committed Sep 3, 2008