Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jun 18, 2009
  1. Pullup ticket #2800.

    tron authored
  2. Pullup ticket #2800 - requested by hasso

    tron authored
    kdelibs3: security patch
    
    Revisions pulled up:
    - x11/kdelibs3/Makefile			1.141
    ---
    Module Name:    pkgsrc
    Committed By:   hasso
    Date:           Tue Jun 16 16:09:36 UTC 2009
    
    Modified Files:
            pkgsrc/x11/kdelibs3: Makefile
    
    Log Message:
    Fix a serious security issue for platforms using kgrantpty (NetBSD isn't
    such, but DragonFly is): ${SETUID_ROOT_PERMS} doesn't work for suid
    kgrantpty, because the locate() method used to find the path to the binary
    expects it to have a read permissions set.
Commits on Jun 17, 2009
  1. Pullup ticket #2799.

    tron authored
  2. Pullup ticket #2799 - requested by taca

    tron authored
    ruby18-base: bug fix update
    ruby18-curses: bug fix update
    ruby18-tk: bug fix update
    
    Revisions pulled up:
    - devel/ruby-curses/distinfo			1.20
    - lang/ruby/rubyversion.mk			1.48
    - lang/ruby18-base/distinfo			1.39
    - x11/ruby-tk/distinfo				1.23
    ---
    odule Name:	pkgsrc
    Committed By:	taca
    Date:		Tue Jun 16 15:08:38 UTC 2009
    
    Modified Files:
    	pkgsrc/devel/ruby-curses: distinfo
    	pkgsrc/lang/ruby: rubyversion.mk
    	pkgsrc/lang/ruby18-base: distinfo
    	pkgsrc/x11/ruby-tk: distinfo
    
    Log Message:
    Update Ruby packages to 1.8.7.174 (1.8.7-p174).
    
    * Fix critical problem of BigDecimal class in 1.8.7-p173.
    
    Fri Jun 12 16:36:44 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
    
    	* ext/bigdecimal/bigdecimal.c (VpToString): fixed a bug introduced
    	  in r23613.  [ruby-talk:338957]
Commits on Jun 15, 2009
  1. Pullup ticket #2797.

    tron authored
  2. Pullup ticket #2797 - requested by kefren

    tron authored
    p5-Compress-Raw-Zlib: security update
    
    Revisions pulled up:
    - devel/p5-Compress-Raw-Zlib/Makefile		1.9
    - devel/p5-Compress-Raw-Zlib/distinfo		1.7
    - devel/p5-Compress-Raw-Zlib/patches/patch-aa	1.3
    ---
    Module Name:	pkgsrc
    Committed By:	sno
    Date:		Sat Apr 11 22:35:29 UTC 2009
    
    Modified Files:
    	pkgsrc/devel/p5-Compress-Raw-Zlib: Makefile distinfo
    	pkgsrc/devel/p5-Compress-Raw-Zlib/patches: patch-aa
    
    Log Message:
    PkgSrc changes:
       - Updating module to 2.017
    
    Upstream changes:
       2.017 28 March 2009
    
           * Added 'LimitOutput' option
           * Removed MAN3PODS from Makefile.PL
           * Fixed coring issue when LimitOutput was used.
           * Documented Compress::Raw::Zlib::zlib_version()
           * Documented Compress::Raw::Zlib::deflateReset()
             [RT #40566]
Commits on Jun 14, 2009
  1. pullup #2796

    spz authored
  2. Pullup ticket 2796 - requested by tron

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/www/firefox3/Makefile			1.33
    - pkgsrc/www/firefox3/PLIST			1.9
    - pkgsrc/www/firefox3/distinfo			1.25
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Fri Jun 12 10:08:28 UTC 2009
    
       Modified Files:
       	pkgsrc/www/firefox3: Makefile PLIST distinfo
    
       Log Message:
       Update "firefox3" package to version 3.0.11. Changes since version 3.0.10:
       - Fixed several security issues:
         MFSA 2009-32 JavaScript chrome privilege escalation
         MFSA 2009-31 XUL scripts bypass content-policy checks
         MFSA 2009-30 Incorrect principal set for file: resources loaded via
                      location bar
         MFSA 2009-29 Arbitrary code execution using event listeners attached
                      to an element whose owner document is null
         MFSA 2009-28 Race condition while accessing the private data of a
                      NPObject JS wrapper class object
         MFSA 2009-27 SSL tampering via non-200 responses to proxy
                      CONNECT requests
         MFSA 2009-26 Arbitrary domain cookie access by local file: resources
         MFSA 2009-25 URL spoofing with invalid unicode characters
         MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
       - Fixed several stability issues.
       - Several issues were reported with the internal database, SQLite, which
         have now been fixed by upgrading to a newer version.
       - Fixed an issue where, in some specific cases, the bookmarks database
         would become corrupt. (bug 464486)
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/firefox3/Makefile
       cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox3/PLIST
       cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/firefox3/distinfo
Commits on Jun 12, 2009
  1. pullup #2795

    spz authored
  2. Pullup ticket 2795 - requested by tron

    spz authored
    Compatibility update
    Fixes PR 41550
    
    Revisions pulled up:
    - pkgsrc/www/apache22/Makefile			1.46
    - pkgsrc/www/apache22/distinfo			1.20
    - pkgsrc/www/apache22/patches/patch-ba		1.2
    - pkgsrc/www/apache22/patches/patch-bc		1.2
    - pkgsrc/www/apache22/patches/patch-bd		1.2
    
    Files deleted:
    pkgsrc/www/apache22/patches/patch-bb
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Thu Jun 11 20:30:59 UTC 2009
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       	pkgsrc/www/apache22/patches: patch-ba patch-bc patch-bd
       Removed Files:
       	pkgsrc/www/apache22/patches: patch-bb
    
       Log Message:
       Import improved version of the fix for CVE-2009-1195 to restore
       backwards compatibility with e.g. "mod_perl".
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/apache22/Makefile
       cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/apache22/distinfo
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/apache22/patches/patch-ba \
           pkgsrc/www/apache22/patches/patch-bc pkgsrc/www/apache22/patches/patch-bd
       cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache22/patches/patch-bb
  3. Pullup ticket #2794.

    tron authored
  4. Pullup ticket #2794 - requested by tez

    tron authored
    openssl: security patch
    
    Revisions pulled up:
    - security/openssl/Makefile			1.140
    - security/openssl/distinfo			1.68
    - security/openssl/patches/patch-ax		1.1
    - security/openssl/patches/patch-ay		1.1
    - security/openssl/patches/patch-az		1.1
    - security/openssl/patches/patch-ba		1.1
    ---
    Module Name:    pkgsrc
    Committed By:   tez
    Date:           Wed Jun 10 13:57:08 UTC 2009
    
    Modified Files:
            pkgsrc/security/openssl: Makefile distinfo
    Added Files:
            pkgsrc/security/openssl/patches: patch-ax patch-ay patch-az patch-ba
    
    Log Message:
    Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from
    http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10
    http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
    http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5
    http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2
    http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18
  5. Pullup ticket #2793.

    tron authored
  6. Pullup ticket #2793 - requested by martti

    tron authored
    clamav: bug fix update
    
    Revisions pulled up:
    - mail/clamav/Makefile				1.95
    - mail/clamav/distinfo				1.60
    - mail/clamav/patches/patch-aa			1.19
    ---
    odule Name:	pkgsrc
    Committed By:	martti
    Date:		Thu Jun 11 04:38:19 UTC 2009
    
    Modified Files:
    	pkgsrc/mail/clamav: Makefile distinfo
    	pkgsrc/mail/clamav/patches: patch-aa
    
    Log Message:
    Updated mail/clamav to 0.95.2
    
    * Lots of bug fixes (see the ChangeLog for details)
Commits on Jun 11, 2009
  1. Pullup ticket #2792.

    tron authored
  2. Pullup ticket #2792 - requested by taca

    tron authored
    ruby-curses: security update
    ruby-readline: security update
    lang/ruby18-base: security update
    ruby-tk: security update
    
    Revisions pulled up:
    - devel/ruby-curses/distinfo			1.19
    - devel/ruby-readline/Makefile			1.26-1.27
    - lang/ruby/rubyversion.mk			1.46
    - lang/ruby18-base/PLIST			1.15
    - lang/ruby18-base/distinfo			1.38
    - lang/ruby18-base/patches/patch-bi		delete
    - x11/ruby-tk/distinfo				1.22
    ---
    Module Name:	pkgsrc
    Committed By:	wiz
    Date:		Wed May 20 00:58:30 UTC 2009
    
    Modified Files:
    	pkgsrc/devel/ruby-readline: Makefile
    
    Log Message:
    Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
    major change.
    
    Reported by Robert Elz in PR 41345.
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Wed Jun 10 12:45:34 UTC 2009
    
    Modified Files:
    	pkgsrc/lang/ruby: rubyversion.mk
    
    Log Message:
    Start update of Ruby programming language packages to 1.8.7.173 (1.8.7-p173).
    
    - Add LICENSE.
    - Update RUBY18_PATCHLEVEL to 173.
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Wed Jun 10 12:46:47 UTC 2009
    
    Modified Files:
    	pkgsrc/lang/ruby18-base: PLIST distinfo
    Removed Files:
    	pkgsrc/lang/ruby18-base/patches: patch-bi
    
    Log Message:
    Update ruby18-base package to 1.8.7.173 (Ruby 1.8.7-p173).
    
    Mon Jun  8 10:58:41 2009  NAKAMURA Usaku  <usa@ruby-lang.org>
    
    	* eval.c (rb_thread_schedule): mswin32 doesn't have F_GETFD, so check
    	  with another method.
    
    Mon Jun  8 08:15:36 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
    
    	* ext/bigdecimal/bigdecimal.c (VpAlloc): avoid ALLOCA_N() to avoid
    	  segmentation fault caused by (insanely) long decimal values.
    	  backported from 1.9. CVE-2009-1904
    
    	* ext/bigdecimal/bigdecimal.c (BigDecimal_dump, BigDecimal_to_i,
    	  BigDecimal_to_f, BigDecimal_to_s, BigDecimal_split,
    	  BigDecimal_inspect): ditto.
    
    Mon Jun  8 08:15:36 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
    
    	* ext/bigdecimal/bigdecimal.c (BigDecimal_to_f): returns Inf if
    	  exp is bigger than DBL_MANT_DIG.
    
    Wed Jun  3 21:16:30 2009  Tanaka Akira  <akr@fsij.org>
    
    	* file.c: include fcntl.h for O_RDONLY on Solaris.
    
    Wed Jun  3 21:09:56 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* util.c (rv_strdup): macro to duplicate nul-terminated string.
    	  [ruby-core:22852]
    
    	* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
    	  overrun.  a patch from Charlie Savage at [ruby-core:22604].
    
    Wed Jun  3 21:09:56 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* util.c (ruby_dtoa): allocates one more byte to get rid of buffer
    	  overrun.  a patch from Charlie Savage at [ruby-core:22604].
    
    Wed Jun  3 21:05:44 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* ext/bigdecimal/bigdecimal.c (gfDebug): uncommented out.
    	  [ruby-core:22600]
    
    Wed Jun  3 20:54:23 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* eval.c (rb_eval): needs to guard intermediate string objects.
    	  based on a patch from Brent Roman <brent AT mbari.org> a
    	  [ruby-core:22584].
    
    Tue May 26 21:24:01 2009  URABE Shyouhei  <shyouhei@ruby-lang.org>
    
    	* Makefile.in (update-rubyspec, test-rubyspec): Catch up to
    	  rubyspec merge.  A patch by Brian Ford at [ruby-core:21032]
    
    Tue May 26 21:21:49 2009  Akinori MUSHA  <knu@iDaemons.org>
    
    	* lib/soap/mimemessage.rb (MIMEMessage#to_s): Fix a fatal
    	  method name typo. [Bug #1173]
    
    Tue May 26 21:16:55 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* file.c (rb_file_s_extname): fix for spaces before extention.
    	  [ruby-dev:38044]
    
    Tue May 26 21:09:21 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* win32/win32.c (_CrtDbgReportW): prevent from false positive
    	  assertions in msvcrtd.  [ruby-core:22116]
    
    Tue May 26 21:02:13 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* lib/ostruct.rb (OpenStruct#new_ostruct_member): checks if frozen.
    	  [ruby-talk:328195], [ruby-core:22142]
    
    Tue May 26 21:00:08 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
    
    	* lib/ostruct.rb (OpenStruct#inspect): fixed the recursion check.
    	  Patch by Kornelius Kalnbach.  [ruby-core:20992].
    
    	* test/ostruct/test_ostruct.rb: test for inspect.
    	  Patch by Kornelius Kalnbach.  [ruby-core:20992].
    
    Tue May 26 20:50:32 2009  Tanaka Akira  <akr@fsij.org>
    
    	* eval.c (rb_thread_schedule): handle EBADF of select as well.
    	  [ruby-core:21264]
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Wed Jun 10 12:47:36 UTC 2009
    
    Modified Files:
    	pkgsrc/devel/ruby-curses: distinfo
    
    Log Message:
    Update ruby-curses pakcage to 1.8.7.173 (1.8.7-p173).
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Wed Jun 10 12:48:07 UTC 2009
    
    Modified Files:
    	pkgsrc/devel/ruby-readline: Makefile
    
    Log Message:
    Update ruby-readline package to 1.8.7.173 (1.8.7-p173).
    
    Reset PKGREVISION.
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Wed Jun 10 12:48:38 UTC 2009
    
    Modified Files:
    	pkgsrc/x11/ruby-tk: distinfo
    
    Log Message:
    Update ruby-tk package to packages to 1.8.7.173 (1.8.7-p173).
Commits on Jun 8, 2009
  1. Pullup ticket #2789.

    tron authored
  2. Pullup ticket #2789 - requested by adrianp

    tron authored
    apache-tomcat6: security update
    
    Revisions pulled up:
    - www/apache-tomcat6/Makefile		1.2
    - www/apache-tomcat6/PLIST		1.2
    - www/apache-tomcat6/distinfo		1.2
    ---
    Module Name:	pkgsrc
    Committed By:	adrianp
    Date:		Sat Jun  6 17:34:08 UTC 2009
    
    Modified Files:
    	pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo
    
    Log Message:
    Update from .18->.20
    
    In brief:
    46933: Update StringManager to use Java 5 features. Patch provided by
    Jens Kapitza. (markt)
    46990: Fix synchronization issues reported by FindBugs. Patch provided
    by Sebb. (markt)
    Allow huge request body packets for AJP13. (rjung)
    Manager application prints FAIL if application was deployed but failed
    to start (fhanik)
    When shutdown port is disabled, print user friendly message and not a
    stack trace. (fhanik)
    The invoker servlet has been deprecated and will be removed in Tomcat 7
    onwards. (markt)
    45154  Implement SEND_FILE behavior for SSL connections using NIO (fhanik)
    
    For full details see:
    	http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
  3. pullup #2790

    spz authored
  4. Pullup ticket 2790 - requested by tron

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/audio/libsndfile/Makefile		1.52
    - pkgsrc/audio/libsndfile/distinfo		1.29
    - pkgsrc/audio/libsndfile/options.mk		1.7
    
    Files added:
    pkgsrc/audio/libsndfile/patches/patch-aa	1.15
    pkgsrc/audio/libsndfile/patches/patch-ab	1.9
    pkgsrc/audio/libsndfile/patches/patch-ac	1.11
    pkgsrc/audio/libsndfile/patches/patch-ad	1.12
    pkgsrc/audio/libsndfile/patches/patch-ae	1.7
    pkgsrc/audio/libsndfile/patches/patch-af	1.7
    
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Sat May  2 17:24:15 UTC 2009
    
       Modified Files:
       	pkgsrc/audio/libsndfile: options.mk
    
       Log Message:
       Add octave option, based on PR 41307 by Rumko.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.5 -r1.6 pkgsrc/audio/libsndfile/options.mk
    
    ---------------------------------------------------------------------
    
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Thu May 14 12:58:27 UTC 2009
    
       Modified Files:
       	pkgsrc/audio/libsndfile: Makefile distinfo options.mk
    
       Log Message:
       Changes 1.0.20:
       * Fix potential heap overflow in VOC file parser.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.50 -r1.51 pkgsrc/audio/libsndfile/Makefile
       cvs rdiff -u -r1.27 -r1.28 pkgsrc/audio/libsndfile/distinfo
       cvs rdiff -u -r1.6 -r1.7 pkgsrc/audio/libsndfile/options.mk
    
    ---------------------------------------------------------------------
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Mon Jun  8 09:30:17 UTC 2009
    
       Modified Files:
       	pkgsrc/audio/libsndfile: Makefile distinfo
       Added Files:
       	pkgsrc/audio/libsndfile/patches: patch-aa patch-ab patch-ac patch-ad
       	    patch-ae patch-af
    
       Log Message:
       Add upstream patch (taken from Debian bug report) to fix crashes
       caused by bad audio files.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.51 -r1.52 pkgsrc/audio/libsndfile/Makefile
       cvs rdiff -u -r1.28 -r1.29 pkgsrc/audio/libsndfile/distinfo
       cvs rdiff -u -r0 -r1.15 pkgsrc/audio/libsndfile/patches/patch-aa
       cvs rdiff -u -r0 -r1.9 pkgsrc/audio/libsndfile/patches/patch-ab
       cvs rdiff -u -r0 -r1.11 pkgsrc/audio/libsndfile/patches/patch-ac
       cvs rdiff -u -r0 -r1.12 pkgsrc/audio/libsndfile/patches/patch-ad
       cvs rdiff -u -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-ae \
           pkgsrc/audio/libsndfile/patches/patch-af
  5. pullup #2791

    spz authored
  6. Pullup ticket 2791 - requested by tron

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/devel/apr-util/Makefile	1.10
    - pkgsrc/devel/apr-util/distinfo	1.6
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Mon Jun  8 13:19:20 UTC 2009
    
       Modified Files:
       	pkgsrc/devel/apr-util: Makefile distinfo
    
       Log Message:
       Update "apr-util" package to version 1.3.7. Changes since version 1.3.4:
       - SECURITY:
         Fix a denial of service attack against the apr_xml_* interface
         using the "billion laughs" entity expansion technique.
       - SECURITY: CVE-2009-0023 (cve.mitre.org)
         Fix underflow in apr_strmatch_precompile.
       - Minor build and bug fixes.
       - SECURITY: CVE-2009-0023 (cve.mitre.org)
         Fix underflow in apr_strmatch_precompile.
       - Fix off by one overflow in apr_brigade_vprintf.
       - APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
         SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and
         LDAP_NO_LIMIT/0) it is not safe to use a literal -1.
         Bug 23356
       - Clean up ODBC types. Warnings seen when compiling packages for
         Fedora 11.
       - Use of my_init() requires my_global.h and my_sys.h.
       - Fix apr_memcache_multgetp memory corruption and incorrect error
         handling. Bug 46588
       - Fix memcache memory leak with persistent connections.
         Bug 46482
       - Add Oracle 11 support.
       - apr_dbd_freetds: Avoid segfault when process is NULL.
         Do no print diagnostics to stderr. Never allow driver to exit
         process.
       - apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h
         or sybdb.h.
       - LDAP detection improvements: --with-ldap now supports library names
         containing non-alphanumeric characters, such as libldap-2.4.so.  New
         option --with-lber can be used to override the default liblber name.
         Fix a problem reporting the lber library from apu-N-config.
       - Suppress pgsql column-out-of-range warning.
       - Fix a buffer overrun and password matching for SHA passwords.
       - Introduce DSO handling of the db, gdbm and ndbm drivers, so these are
         loaded as .so's on first demand, unless --disable-util-dso is configured.
       - Fix a segfault in the DBD testcase when the DBD modules were not present.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile
       cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo
Commits on Jun 7, 2009
  1. Pullup ticket #2787.

    tron authored
  2. Pullup ticket #2787 - requested by adrianp

    tron authored
    base: security update
    
    Revisions pulled up:
    - security/base/Makefile			1.24
    - security/base/PLIST				1.9
    - security/base/distinfo			1.11
    - security/base/patches/patch-aa		1.3
    ---
    Module Name:	pkgsrc
    Committed By:	adrianp
    Date:		Sat Jun  6 11:26:19 UTC 2009
    
    Modified Files:
    	pkgsrc/security/base: Makefile PLIST distinfo
    	pkgsrc/security/base/patches: patch-aa
    
    Log Message:
    4/03/2009 1.4.2 (chandy)
    - EmThreats_link opens now in separate browser window -- Juergen Leising
    for Micah Gersten
    - A new reference "[rule]" points now to base_local_rules.php,
    which displays a particular rule for a given rules id (sid).
    Prerequisite for this is that "local_rules_dir" in base_conf.php
    points to an actually existing and readable/searchable directory which
    contains the snort rules.  Please note, that a web server
    is usually NOT allowed to access any files outside of its
    document root.  Feature request by Chris Ryan, cf.
    https://sourceforge.net/forum/message.php?msg_id=5310420
    https://sourceforge.net/forum/message.php?msg_id=5311517
    -- Juergen Leising
    - Update of base.spec; works with fedora 10 -- Juergen Leising
    - I have applied two patches submitted by asavenkov
    with regard to the oci8 driver (oracle 10), cf.
    https://sourceforge.net/forum/message.php?msg_id=5795641
    https://sourceforge.net/forum/message.php?msg_id=5796556
    -- Juergen Leising
    - The "email-the-alerts"-variables were defined twice at different
    locations in base_conf.php.  Fixed this.  -- Juergen Leising
    - Emails from BASE containing one or more alerts include now a
    "To:"-header, as well.  Bug report no. 2234733 -- Juergen Leising
    - $sort_order, once it has been chosen, survives now a possible "action",
    even in base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
    base_stat_class.php and base_stat_sensor.php.
    Bug no. 2234745. -- Juergen Leising
    - The refresh-problem, when an "action" has been taken, is now fixed in
    base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
    base_stat_class.php and base_stat_sensor.php, as well.
    Bug no. 1681012. -- Juergen Leising
    - I have corrected the way ICMP redirect messages are displayed
    by BASE, inspired by Bruno G. San Alejo. -- Juergen Leising
    - Several preprocessor events that did not get stored in the acid_event
    table, so far, are now processed and displayed by BASE.  This affects
    all those preprocessors which have sig names that do NOT start with
    a "spp_" prefix. -- Juergen Leising
    - Fixed bug with archiving IP options. -- Juergen Leising
    
    5/14/09 1.4.3 (gabi)
    - XSS Flaws fixed in alert groups -- Kevin Johnson
    - Possible SQL injection flaw fixed in AG -- Kevin Johnson
    - XSS Flaws fixed in base_qry files -- Kevin Johnson
    - Multiple XSS flaws fixed in citems -- Kevin Johnson
    
    5/30/09 1.4.3.1 (zig)
    - Multiple XSS flaws fixed in User and Role management -- Kevin Johnson
  3. Pullup ticket 2788 second part - requested by wiz

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/graphics/png/Makefile			1.114
    - pkgsrc/graphics/png/distinfo			1.58
    
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Sat Jun  6 20:56:16 UTC 2009
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
    
       Log Message:
       Update to 1.2.37:
    
       version 1.2.37beta01 [May 14, 2009]
         Fixed inconsistency in pngrutil.c, introduced in libpng-1.2.36.  The
           memset() was using "png_ptr->rowbytes" instead of "row_bytes", which
           the corresponding png_malloc() uses (Joe Drew).
         Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri)
         Updated some of the makefiles in the scripts directory (merged with
           those in libpng-1.4.0beta57).
    
       version 1.2.37beta02 [May 19, 2009]
         Fixed typo in libpng documentation (FILTER_AVE should be FILTER_AVG)
         Relocated misplaced #endif in pngwrite.c, sCAL chunk handler.
         Conditionally compile png_read_finish_row() which is not used by
           progressive readers.
         Added contrib/pngminim/preader to demonstrate building minimal progressive
           decoder, based on contrib/gregbook with embedded libpng and zlib.
    
       version 1.2.37beta03 [May 20, 2009]
         In contrib/pngminim/*, renamed "makefile.std" to "makefile", since there
           is only one makefile in those directories, and revised the README files
           accordingly.
         Reformated sources in libpng style (3-space indentation, comment format)
    
       version 1.2.37rc01 [May 27, 2009]
         No changes.
    
       versions 1.2.37 and 1.0.45 [June 4, 2009]
         Reformatted several remaining "else statement;" and "if () statment;" into
           two lines.
         Added "#define PNG_NO_WRITE_SWAP" to contrib/pngminim/encoder/pngusr.h
           and "define PNG_NO_READ_SWAP" to decoder/pngusr.h and preader/pngusr.h
         Added sections about the git repository and our coding style to the
           documentation (merged from libpng-1.4.0beta62)
         Added a section about using png_get_io_ptr() in configure scripts to detect
           the presence of libpng.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.113 -r1.114 pkgsrc/graphics/png/Makefile
       cvs rdiff -u -r1.57 -r1.58 pkgsrc/graphics/png/distinfo
  4. pullup 2788

    spz authored
  5. Pullup ticket 2788 - requested by wiz

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/graphics/png/Makefile			1.113
    - pkgsrc/graphics/png/distinfo			1.57
    - pkgsrc/graphics/png/patches/patch-ae		1.9
    
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Wed May 13 09:56:05 UTC 2009
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
       	pkgsrc/graphics/png/patches: patch-ae
    
       Log Message:
       Update to 1.2.36:
    
       version 1.2.36beta01 [February 28, 2009]
         Revised comments in png_set_read_fn() and png_set_write_fn().
         Revised order of #ifdef's and indentation in png_debug definitions of png.h
           bug introduced in libpng-1.2.34.
    
       version 1.2.36beta02 [March 21, 2009]
         Use png_memset() after png_malloc() of big_row_buf when reading an
           interlaced file, to avoid a possible UMR.
         Undid recent revision of PNG_NO_STDIO version of png_write_flush().  Users
           having trouble with fflush() can build with PNG_NO_WRITE_FLUSH defined.
         Revised libpng*.txt documentation about use of png_write_flush().
         Removed fflush() from pngtest.c.
         Added "#define PNG_NO_WRITE_FLUSH" to contrib/pngminim/encoder/pngusr.h
    
       version 1.2.36beta03 [March 27, 2009]
         Relocated misplaced PNG_1_0_X define in png.h that caused the prototype
           for png_set_strip_error_numbers() to be omitted from PNG_NO_ASSEMBLER_CODE
           builds.  This bug was introduced in libpng-1.2.15beta4.
         Added a section on differences between 1.0.x and 1.2.x to libpng.3/libpng.txt
    
       version 1.2.36beta04 [April 5, 2009]
         Fixed potential memory leak of "new_name" in png_write_iCCP() (Ralph Giles)
    
       version 1.2.36beta05 [April 24, 2009]
         Added "ifndef PNG_SKIP_SETJMP_CHECK" block in pngconf.h to allow
           application code writers to bypass the check for multiple inclusion
           of setjmp.h when they know that it is safe to ignore the situation.
         Made some cosmetic changes to whitespace in pngtest output.
         Renamed "user_chunk_data" to "my_user_chunk_data" in pngtest.c to suppress
           "shadowed declaration" warning from gcc-4.3.3.
         Renamed "gamma" to "png_gamma" in pngset.c to avoid "shadowed declaration"
           warning about a global "gamma" variable in math.h on some platforms.
    
       version 1.2.36rc01 [April 30, 2009]
         No changes.
    
       version 1.0.44 and 1.2.36 [May 7, 2009]
         No changes.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.112 -r1.113 pkgsrc/graphics/png/Makefile
       cvs rdiff -u -r1.56 -r1.57 pkgsrc/graphics/png/distinfo
       cvs rdiff -u -r1.8 -r1.9 pkgsrc/graphics/png/patches/patch-ae
Commits on Jun 5, 2009
  1. Pullup ticket #2785.

    tron authored
  2. Pullup ticket #2785 - requested by mishka

    tron authored
    bochs: build fix
    
    Revisisons pulled up:
    - emulators/bochs/Makefile	1.58
    - emulators/bochs/PLIST		1.13
    ---
    Module Name:	pkgsrc
    Committed By:	mishka
    Date:		Mon May 25 12:54:48 UTC 2009
    
    Modified Files:
    	pkgsrc/emulators/bochs: Makefile PLIST
    
    Log Message:
    Fix package build caused by improper PLIST generation due to x11 options.
Commits on Jun 4, 2009
  1. pullup #2786

    spz authored
  2. Pullup ticket 2786 - requested by tron

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/www/apache22/Makefile			1.45
    - pkgsrc/www/apache22/distinfo			1.19
    
    Files added:
    - pkgsrc/www/apache22/patches/patch-ba		1.1
    - pkgsrc/www/apache22/patches/patch-bb		1.1
    - pkgsrc/www/apache22/patches/patch-bc		1.1
    - pkgsrc/www/apache22/patches/patch-bd		1.1
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Thu Jun  4 08:51:52 UTC 2009
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       Added Files:
       	pkgsrc/www/apache22/patches: patch-ba patch-bb patch-bc patch-bd
    
       Log Message:
       Add patches from the Apache SVN repository to fix the security bypass
       vulnerability reported in CVE-2009-1195.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/apache22/Makefile
       cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/apache22/distinfo
       cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache22/patches/patch-ba \
           pkgsrc/www/apache22/patches/patch-bb pkgsrc/www/apache22/patches/patch-bc \
           pkgsrc/www/apache22/patches/patch-bd
  3. Pullup ticket #2784.

    tron authored
  4. Pullup ticket #2784 - requested by markd

    tron authored
    kdegraphics3: security patch
    
    Revisions pulled up:
    - graphics/kdegraphics3/Makefile		1.81 via patch
    - graphics/kdegraphics3/distinfo		1.51
    - graphics/kdegraphics3/patches/patch-aa	1.14
    - graphics/kdegraphics3/patches/patch-ab	1.11
    - graphics/kdegraphics3/patches/patch-ac	1.8
    ---
    Module Name:	pkgsrc
    Committed By:	markd
    Date:		Wed Jun  3 12:29:43 UTC 2009
    
    Modified Files:
    	pkgsrc/graphics/kdegraphics3: Makefile distinfo
    Added Files:
    	pkgsrc/graphics/kdegraphics3/patches: patch-aa patch-ab patch-ac
    
    Log Message:
    Update kpdf to have the xpdf3.02pl patches for the vulnerabilities
    reported in CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799,
    CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181,
    CVE-2009-1182 and CVE-2009-1183.
    also some patches from poppler for postscript output generation problems
    seen here.
  5. pullup #2780

    spz authored
  6. Pullup ticket 2780 - requested by tron

    spz authored
    Security update
    
    Revisions pulled up:
    - pkgsrc/devel/cscope/Makefile			1.50
    - pkgsrc/devel/cscope/distinfo			1.19
    
    Files deleted:
    - pkgsrc/devel/cscope/patches/patch-ae
    - pkgsrc/devel/cscope/patches/patch-af
    - pkgsrc/devel/cscope/patches/patch-ag
    - pkgsrc/devel/cscope/patches/patch-ah
    - pkgsrc/devel/cscope/patches/patch-ai
    - pkgsrc/devel/cscope/patches/patch-aj
    - pkgsrc/devel/cscope/patches/patch-ak
    - pkgsrc/devel/cscope/patches/patch-al
    - pkgsrc/devel/cscope/patches/patch-am
    - pkgsrc/devel/cscope/patches/patch-an
    - pkgsrc/devel/cscope/patches/patch-ao
    - pkgsrc/devel/cscope/patches/patch-ap
    
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Sat May 23 09:04:02 UTC 2009
    
       Modified Files:
       	pkgsrc/devel/cscope: Makefile distinfo
       Removed Files:
       	pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah
       	    patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao
       	    patch-ap
    
       Log Message:
       Update "cscope" package to version 15.7a. This version fixes the
       security vulnerability reported in CVE-2009-0148.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile
       cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo
       cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae
       cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af
       cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \
           pkgsrc/devel/cscope/patches/patch-ai
       cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah
       cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj
       cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \
           pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap
       cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \
           pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao
Something went wrong with that request. Please try again.