Permalink
Commits on Oct 15, 2010
  1. Pullup ticket 3243 - requested by tron

    security update
    
    Revisions pulled up:
    - pkgsrc/devel/apr-util/Makefile		1.17
    - pkgsrc/devel/apr-util/distinfo		1.9
    - pkgsrc/devel/apr-util/patches/patch-aa	1.3
    
    Files removed:
    - pkgsrc/devel/apr-util/patches/patch-ab
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Wed Oct 13 19:21:16 UTC 2010
    
       Modified Files:
               pkgsrc/devel/apr-util: Makefile distinfo
               pkgsrc/devel/apr-util/patches: patch-aa
       Removed Files:
               pkgsrc/devel/apr-util/patches: patch-ab
    
       Log Message:
       Update "apr-util" package to version 1.3.10. Changes since 1.3.9:
       - SECURITY: CVE-2010-1623 (cve.mitre.org)
         Fix a denial of service attack against apr_brigade_split_line().
         [Stefan Fritsch]
       - SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
         Fix two buffer over-read flaws in the bundled copy of expat which
         could cause applications to crash while parsing specially-crafted
         XML documents.  [Joe Orton]
       - Upgrade bundled copy of expat library to 1.95.7.  [Joe Orton]
       - apr_thread_pool: Fix some potential deadlock situations.  Bug 49709.
         [Joe Mudd <Joe.Mudd sas.com>]
       - apr_thread_pool_create: Fix pool corruption caused by multithreaded
         use of the pool when multiple initial threads are created.  Bug 47843.
         [Alex Korobka <akorobka fxcm.com>]
       - apr_thread_pool_create(): Only set the output thread pool handle on
         success.  [Paul Querna]
       - DBD ODBC support: Fix memory corruption using apr_dbd_datum_get() with
         several different data types, including APR_DBD_TYPE_TIME.  Bug 49645.
         [<kappa psilambda.com>]
       - Add support for Berkeley DB 4.8 and 5.0.  Bug 49866, Bug 49179.
         [Bernhard Rosenkraenzer <br blankpage.ch>,
          Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>]
       - Make bundled expat compatible with libtool 2.x.  Bug 49053.
         [Rainer Jung]
       - Prefer libtool 1.x when searching for libtool in
         bundled expat release process. [Rainer Jung, Jim Jagielski]
       - Improve platform detection for bundled expat by updating
         config.guess and config.sub. [Rainer Jung]
    
       Patch supplied by Mihai Chelaru, approved by Alistair Crooks.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/apr-util/Makefile
       cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/apr-util/distinfo
       cvs rdiff -u -r1.2 -r1.3 pkgsrc/devel/apr-util/patches/patch-aa
       cvs rdiff -u -r1.2 -r0 pkgsrc/devel/apr-util/patches/patch-ab
    spz committed Oct 15, 2010
Commits on Oct 8, 2010
  1. Pullup ticket #3236.

    tron committed Oct 8, 2010
  2. Pullup ticket #3236 - requested by taca

    www/typo3: security update
    
    Revisions pulled up:
    - www/typo3/Makefile		patch
    - www/typo3/distinfo		patch
    ----
    Update typo3 package to 4.3.7, security fix.
    
    Dear TYPO3 community,
    
    The TYPO3 core team has just released TYPO3 versions 4.2.15,
    4.3.7 and 4.4.4, which are now ready for you to download. All versions
    are maintenance releases and contain bugfixes and security fixes.
    
    IMPORTANT:
    These versions include important security fixes to the TYPO3 core. A
    security announcement has just been released:
      http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020
    tron committed Oct 8, 2010
Commits on Sep 28, 2010
  1. pullup 3232

    spz committed Sep 28, 2010
  2. Pullup ticket 3232 - requested by tron

    security update
    
    Revisions pulled up:
    - pkgsrc/net/wireshark/Makefile			1.52
    - pkgsrc/net/wireshark/PLIST			1.19
    - pkgsrc/net/wireshark/distinfo			1.34
    - pkgsrc/net/wireshark/patches/patch-ad		1.6
    
    Files added:
    - pkgsrc/net/wireshark/patches/patch-ae
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Sat Sep 25 11:19:10 UTC 2010
    
       Modified Files:
               pkgsrc/net/wireshark: Makefile PLIST distinfo
               pkgsrc/net/wireshark/patches: patch-ad
       Added Files:
               pkgsrc/net/wireshark/patches: patch-ae
    
       Log Message:
       Update "wireshark" package to version 1.4.0. Change since version 1.2.10:
       - The following bugs have been fixed:
         - Update time display in background. (Bug 1275)
         - Tshark returns 0 even with an invalid interface or capture
           filter. (Bug 4735)
       - The following features are new (or have been significantly
         updated) since version 1.2:
         - The packet list internals have been rewritten and are now more
           efficient.
         - Columns are easier to use. You can add a protocol field as a
           column by right-clicking on its packet detail item, and you
           can adjust some column preferences by right-clicking the
           column header.
         - Preliminary Python scripting support has been added.
         - Many memory leaks have been fixed.
         - Packets can now be ignored (excluded from dissection), similar
           to the way they can be marked.
         - Manual IP address resolution is now supported.
         - Columns with seconds can now be displayed as hours, minutes
           and seconds.
         - You can now set the capture buffer size on UNIX and Linux if
           you have libpcap 1.0.0 or greater.
         - TShark no longer needs elevated privileges on UNIX or Linux to
           list interfaces. Only dumpcap requires privileges now.
         - Wireshark and TShark can enable 802.11 monitor mode directly
           if you have libpcap 1.0.0 or greater.
         - You can play RTP streams directly from the RTP Analysis
           window.
         - Capinfos and editcap now respectively support time order
           checking and forcing.
         - Wireshark now has a "jump to timestamp" command-line option.
         - You can open JPEG files directly in Wireshark.
       - New Protocol Support
         3GPP Nb Interface RTP Multiplex, Access Node Control Protocol,
         Apple Network-MIDI Session Protocol, ARUBA encapsulated remote
         mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N.
         Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle
         Protocol, CIP Class Generic, CIP Connection Configuration Object,
         CIP Connection Manager, CIP Message Router, collectd network data,
         Control And Provisioning of Wireless Access Points, Controller
         Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging
         Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync
         Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch
         Link, Fibre Channel Delimiters, File Replication Service DFS-R,
         Gateway Load Balancing Protocol, Gigamon Header, GigE Vision
         Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM
         sub-protocol, GSM over IP protocol as used by ip.access, GSM
         Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated
         remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled
         Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol,
         IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless
         Association Control Service, ISO 9548-1 OSI Connectionless Session
         Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol,
         ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider
         Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode
         encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word,
         MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One
         encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU
         encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter
         Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS
         Protocol, packetbb Protocol, Peer Network Resolution Protocol,
         PKIX Attribute Certificate, Pseudowire Padding, Server/Application
         State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol,
         TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS
         RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN
         Iuh interface RUA signalling, V5.2, Vendor Specific Control
         Protocol, Vendor Specific Network Protocol, VMware Lab Manager,
         VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt,
         X.411 Message Access Service, ZigBee Cluster Library
       - Updated Protocol Support
         There are too many to list here.
       - New and Updated Capture File Support
         Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000,
         Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries,
         JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler,
         PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian
         OS btsnoop, Visual Networks
    
       Pkgsrc changes:
       A fix for the security vulnerability reported in SA41535 has been
       integrated from the Wireshark SVN repository.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.51 -r1.52 pkgsrc/net/wireshark/Makefile
       cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/wireshark/PLIST
       cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/wireshark/distinfo
       cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/wireshark/patches/patch-ad
       cvs rdiff -u -r0 -r1.1 pkgsrc/net/wireshark/patches/patch-ae
    spz committed Sep 28, 2010
Commits on Sep 25, 2010
  1. Pullup ticket #3231.

    tron committed Sep 25, 2010
  2. Pullup ticket #3231 - requested by spz

    apache-tomcat6: security update
    
    Revisions pulled up:
    - www/apache-tomcat6/Makefile			1.7
    - www/apache-tomcat6/PLIST			1.4
    - www/apache-tomcat6/distinfo			1.4
    ---
    Module Name:	pkgsrc
    Committed By:	spz
    Date:		Sun Sep 19 14:32:04 UTC 2010
    
    Modified Files:
    	pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo
    
    Log Message:
    Update of apache-tomcat to version 6.0.29
    (and a little Makefile cosmetics)
    fixes two of the currently known security issues
    
    Upstream changelog:
    Tomcat 6.0.29 (jfclere)	released 2010-07-22
    
    Catalina
    
    add	48960: Add a new option to the SSI Servlet and SSI Filter to
    	allow the disabling of the exec command. This is now disabled
    	by default. Based on a patch by Yair Lenga. (markt)
    fix	49551: Allow default context.xml location to be specified using
    	an absolute path. (markt)
    fix	49598: When session is changed and the session cookie is
    	replaced, ensure that the new Set-Cookie header overwrites the
    		old Set-Cookie header. (markt)
    fix	Fix order when listing Webapp loader search URLs. (rjung)
    add	Add support for *.jar pattern in VirtualWebappLoader. (kkolinko)
    
    Tomcat 6.0.28 (jfclere)	released 2010-07-09
    
    Catalina
    
    fix	Arrange filter logic. (jfclere)
    fix	49230: Enhance JRE leak prevention listener with protection for
    	the keep-alive thread started by sun.net.www.http.HttpClient.
    	Patch provided by Rob Kooper. (markt)
    fix	49351: Fix possible NPe when embedding and no name is specified
    	for the Service. (markt)
    fix	49424: Avoid NPE if client provides no data with a chunked
    	POST request. (markt)
    fix	49414: Differentiate between request threads and application
    	created threads when warning about still running threads when
    	an application stops. (markt)
    fix	49443: Use remoteIpHeader rather than remoteIPHeader
    	consistently. (markt)
    add	Add property searchExternalFirst to WebappLoader. If set,
    	the external repositories will be searched before the WEB-INF
    	ones. (rjung)
    
    Cluster
    
    fix	49445: When session ID is changed after authentication, ensure
    	the DeltaManager replicates the change in ID to the other nodes
    	in the cluster. (kfujino)
    
    Webapps
    
    fix	49213: Grant permissions required by manager application when
    	running under a security manager. (markt/kkolinko)
    fix	49436: Correct documented default for readonly attribute of
    	the UserDatabase component. (markt)
    
    Tomcat 6.0.27 (jfclere)	not released
    
    General
    
    update	Update DBCP to 1.3. (markt)
    
    Catalina
    
    fix	Fix CVE-2010-1157. Prevent possible disclosure of host name
    	or IP address via the HTTP WWW-Authenticate header when using
    	BASIC or DIGEST authentication. (markt)
    add	Include context name when reporting memory leaks to aid root
    	cause identification. (markt)
    fix	Improve exception handling on session de-serialization to
    	assist in identifying the root cause of 48007. (kkolinko)
    add	48379: Make session cookie name, domain and path configurable
    	per context. (markt)
    fix	48589: Make JNDIRealm easier to extend. Based on a patch by
    	Candid Dauth. (markt/kkolinko)
    fix	48629: Allow user names as well as DNs to be used with the
    	nested role search. Add roleNested to the documentation.
    	Patch provided by Felix Schumacher. (markt)
    fix	48661: Make error page behavior consistent, regardless of how
    	the error page is defined. If a response has been committed,
    	always include the error page. (markt)
    fix	48729: Return roles defined by both userRoleName and roleName
    	mechanisms. Patch provided by 'eric'. Also make user's role
    	list immutable.(markt)
    fix	48760: Fix potential multi-threading issue in static resource
    	serving where multiple threads could try to use the the same
    	InputStream. (markt)
    fix	48790: Fix thread safety issue in the count of the maximum
    	number of active session. (markt/kkolinko)
    fix	48793: Make catalina.sh more robust to different return values
    	on different platforms. Patch provided by Thomas GL. (markt)
    fix	48840: Swallow output (if any) from use of cd when determining
    	$CATALINA_HOME in catalina.sh and tool-wrapper.sh scripts.
    	Based on patch provided by mdietze. (markt/kkolinko)
    fix	48895: Make clearing of ThreadLocals that are causing memory
    	leaks on web application stop, reload or undeploy configurable
    	since the process of clearing them is not thread-safe. (markt)
    fix	48903: Fix deadlock in webapp class loader. (rjung)
    fix	48971: Make stopping of leaking Timer threads optional and
    	disabled by default. (markt)
    fix	48976: Document JAVA_ENDORSED_DIRS in start-up scripts.
    	Patch provided by Laurent Vaills. (markt)
    fix	48983: Improve debug logging for situations when RemoteIpValve
    	is bypassed. Patch provided by Cyrille Le Clerc. (markt)
    fix	49018: Fix processing of time argument in the Expire sessions
    	action in the Manager web application. (kkolinko)
    fix	49116: If session is already invalid, expire session to prevent
    	memory leak. (kfujino)
    fix	49158: Ensure only one session cookie is returned for a single
    	request. (markt/fhanik)
    fix	49245: Fix session expiration check in cross-context requests.
    	(markt)
    fix	49398: ByteChunk.indexOf(String, int, int, int) could not find
    	a string of length 1. (kkolinko)
    fix	Fix possible overflows when calculating session statistics.
    	(kkolinko)
    add	Log unexpected exceptions when providing access to web
    	application resources in ApplicationContext. (kkolinko)
    fix	Improve exception handling in CatalinaShutdownHook. (kkolinko)
    add	Expose properties of VirtualWebappLoader and WebappClassLoader
    	via JMX. (rjung)
    
    Coyote
    
    fix	48839: Correctly handle HTTP header folding in the NIO connector.
    	Patch suggested by Richa Baronia. (markt)
    fix	48843: Prevent possible deadlock for worker allocation in
    	connectors. (kkolinko)
    fix	48843: Fix handling of add queues in AprEndpoint.Poller and
    	AprEndpoint.Sendfile. Do not miss wakeups. (kkolinko)
    add	48862: Add support for the backlog parameter to the AJP
    	connector. (pero/markt)
    fix	48917: Correct name of mod_jk module in ApacheConfig.
    	Patch provided by Todd Hicks. (markt)
    fix	49095: AprEndpoint did not wakeup acceptors during shutdown
    	when deferAccept option was enabled. Based on a patch provided
    	by Ruediger Pluem. (kkolinko)
    add	Use chunked encoding for http 1.1 requests with no
    	content-length (regardless of keep-alive) so client can
    	differentiate between complete and partial responses. (markt)
    fix	Correct the SSL session timeout attribute name so the code
    	agrees with the documentation. (markt)
    add	CoyotePrincipal now implements Serializable. (fhanik)
    fix	Enable the BIO AJP connector to run under a security manager.
    	(markt)
    
    Jasper
    
    fix	45015: Correct a regression in quote handling caused by the
    	re-factoring of attribute parsing. (markt)
    fix	48701: Add a system property to allow disabling enforcement
    	of JSP.5.3. The specification recommends, but does not require,
    	this enforcement. (kkolinko)
    fix	48737: Don't assume paths that start with /META-INF/... are
    	always in JARs. This is not true for some IDEs.
    	Patch provided by Fabrizio Giustina. (markt)
    fix	49081: Correctly handle EL expressions of the form #${...}. (markt)
    fix	49196: Avoid NullPointerException in PageContext.getErrorData()
    	if an error-handling JSP page is called directly. (markt)
    
    Cluster
    
    fix	48717: When a node joins a cluster and it receives all the
    	current sessions, ensure the sessionCreated event is fired
    	if the Manager is configured to replicate session events. (markt)
    fix	48934: Previous fix to handle dropped connections incorrectly
    	permanently disabled session replication. (fhanik)
    fix	49051: memberAlive is not called if member has not already
    	existed in membership. (kfujino)
    fix	49151: Avoid ClassCastException in BackupManager#stop. (kfujino)
    fix	49170: Do not send duplicated session. (kfujino)
    fix	Add missing messages and ensure cluster listeners log messages
    	to correct logger. (markt)
    
    Webapps
    
    add	Use underscores instead of spaces in anchor names in Tomcat
    	documentation. (kkolinko)
    add	Add support for displaying the Spring Security user name
    	(if present) in the Manager application. (markt)
    update	Improve the ChatServlet Comet example (/examples/jsp/chat/).
    	(kkolinko)
    
    Other
    
    update	Update to Commons Daemon 1.0.2. Use service launcher (procrun)
    	from the Commons Daemon release. Do not keep a copy of it in
    	our source tree. (mturk/kkolinko)
    update	Update to NSIS 2.46. (kkolinko)
    fix	48990: Fix the skip.installer build property so if set, only
    	the Windows installer is skipped. (markt)
    fix	49178: Provide in catalina.policy an example of additional
    	permissions that might be needed for code located in
    	$CATALINA_BASE/lib. (markt)
    fix	49236: Do not use indexing when packing Tomcat JARs. (kkolinko)
    fix	Remove unused code from org.apache.tomcat.util.buf classes.
    	(kkolinko)
    update	Rearrange tomcat-juli.jar permissions and wrap long lines in
    	the conf/catalina.policy file, to make the text more readable
    	when cited in documentation. (kkolinko)
    fix	Do not evaluate the execute.installer property when building
    	a release. The skip.installer property is used instead. (kkolinko)
    
    Tomcat 6.0.26 (jfclere)	released 2010-03-11
    
    Catalina
    
    fix	Close security hole in unreleased 6.0.25 by ensuring new find
    	leaks functionality is protected by a security constraint.
    	(kkolinko)
    fix	48831: Improve logging shutdown behaviour. Use Catalina's
    	shutdown hook to shutdown JULI. This enables them to be shutdown
    	in the correct order. Do not shutdown global handlers several
    	times. (markt/kkolinko)
    
    Coyote
    
    fix	48584: Prevent the APR connector logging an error if the
    	acceptor fails during shutdown since this is expected. (mturk)
    fix	48660: Using compression should not overwrite any Vary header
    	set by a web application. (markt)
    
    Jasper
    
    fix	48371: Ensure generated servlet mappings are inserted at the
    	correct location when using JspC and allow the option that
    	controls this to be configured on the command line.
    	Also allow the encoding of web.xml to be configured when using
    	JspC and deprecate some unused JspC methods. (markt/kkolinko)
    fix	48498: Avoid ArrayIndexOutOfBoundsException triggered by a
    	Java 6/7 XML parser bug. (markt/kkolinko)
    fix	48668: Additional fixes to ensure deferred syntax is handled
    	correctly. (kkolinko)
    fix	48827: Correct a regression in the fix for 47977 that caused
    	an incorrect non-empty body error to be reported for valid
    	JSP documents. (markt)
    
    Webapps
    
    add	Make changelog.xml be directly rendered as HTML by certain
    	browsers. (kkolinko)
    add	Add support for automated generation of TOC tables and for
    	links to svn revisions to tomcat-docs.xsl in documentation.
    	(kkolinko/fhanik)
    add	Move Manager application JSPs that are not intended to be
    	accessed directly under the WEB-INF directory. (kkolinko)
    fix	Improve the messages displayed by the find leaks diagnostic
    	in the Manager application. (kkolinko)
    
    Other
    
    fix	Encode all property files using ascii escaped UTF-8. Also
    	fixes deployment problem when using French locale. (jfclere/rjung)
    
    Tomcat 6.0.25 (jfclere)	not released
    
    Catalina
    
    fix	48039: Return immediately if start() is called on an already
    	started StandardService. (markt)
    fix	48109: Ensure InputStream is closed on error condition in web
    	application class loader. (markt)
    fix	48179: Clean up dead code that was used to read tldCache file.
    	(kkolinko)
    fix	48318: Handle case where WebDAV resource is in directory
    	listing but is not accessible. (markt)
    add	48384: Add a per context xslt option for directory listings.
    	Make the fallback options work as described in the
    	documentation. (markt)
    fix	48577: Filter URL when displaying missing included page. (markt)
    fix	48612: Prevent exception on shutdown if the address attribute
    	is specified for a connector. (markt)
    fix	48613: Further fixes to ensure APRLifecycleListener is only
    	used if defined in server.xml. (fhanik)
    fix	48614: Correct JULI log file buffering so default behaviour
    	is no buffering. (fhanik)
    fix	48625: Provide an option to exit if an error occurs during
    	the initialization phase. (fhanik)
    fix	48645: Use specified encoding rather than null in calls to
    	RequestUtil.URLDecode(byte[] bytes, String enc) (markt)
    fix	48653: Force request.secure and request.scheme to false and
    	http if the X-Forwarded-Proto header has the value http.
    	Patch provided by Cyrille Le Clerc. (markt)
    fix	48678: Remove duplicate server field from
    	org.apache.catalina.startup.Catalina. (markt)
    fix	48694: Remove potential deadlock in web application class
    	loader. (markt)
    add	48716: Provide additional configuration options for JULI. (markt)
    fix	48726: Prevent OOME when uploading large WAR files with the
    	deployer. Patch provided by adam. (markt)
    add	Improve memory leak protection by safely stopping threads
    	started via java.util.Timer that an application starts but
    	fails to stop and by clearing references retained due to the
    	use of java.util.ResourceBundle. (markt)
    update	Modify ThreadLocal memory leak detection to not report false
    	positives and to simplify implementation. (markt/kkolinko)
    add	Basic memory leak detection was added to the standard Host
    	implementation and exposed via JMX to detect memory leaks on
    	web application reload. (markt/kkolinko)
    
    Coyote
    
    update	Update the native/APR library version bundled with Tomcat to
    	1.1.20. (kkolinko)
    
    Jasper
    
    add	Add some debug logging to the compiler where exceptions were
    	previously swallowed. (markt)
    fix	48170: Remove unnecessary synchronization that is causing
    	issues under load. (markt)
    fix	48580: Prevent AccessControlException if first access is to
    	a JSP that uses a FunctionMapper. (markt)
    fix	48582: Avoid NPE on background compilation failure. (markt)
    fix	48616: Don't declare or synchronize scripting variables for
    	JSP fragments since they are scriptless. This is an alternative
    	fix for 42390 that avoids both the original problem and the
    	regression in the first fix. (kkolinko)
    fix	48627: Fix regression in re-factored EL parsing. Keep literals
    	as literals and handle deferredSyntaxAllowedAsLiteral. (kkolinko)
    fix	48668: When parsing JSPs only parse EL as EL if EL is enabled
    	else strings such as ${ will be silently dropped. (markt)
    fix	Various EL TCK failures. (markt)
    
    Cluster
    
    fix	Force a disconnect if an error occurs during replication such
    	as a firewall dropping the connection. (fhanik)
    
    Webapps
    
    add	Add new "Find leaks" command to the Manager application.
    	It allows to detect web applications that have caused memory
    	leaks on stop, reload or undeploy. (markt/kkolinko)
    
    Other
    
    fix	Ensure files in conf directory have CRLF line endings when
    	using the Windows installer. (kkolinko)
    fix	Allow special characters recognized by the Windows command-line
    	shell to be present in the names of CATALINA_HOME/_BASE and
    	the current directory used to call the Tomcat scripts. (kkolinko)
    fix	Don't use @Deprecated annotations in javax.servlet.jsp.JspContext
    	since the specification does not include them in the API
    	definition. (markt)
    add	Improve the information in the JAR manifest files. (markt)
    tron committed Sep 25, 2010
  3. Pullup tickets #3229 and #3230.

    tron committed Sep 25, 2010
  4. Pullup ticket #3230 - requested by adam

    mail/clamav: security update
    
    Revisions pulled up:
    - mail/clamav/Makefile				1.104-1.105
    - mail/clamav/buildlink3.mk			1.24
    - mail/clamav/distinfo				1.65-1.67
    - mail/clamav/patches/patch-ac			1.9
    ---
    Module Name:	pkgsrc
    Committed By:	adam
    Date:		Thu Aug 26 05:49:30 UTC 2010
    
    Modified Files:
    	pkgsrc/mail/clamav: Makefile distinfo
    	pkgsrc/mail/clamav/patches: patch-ac
    
    Log Message:
    Changes 0.96.2:
    * contrib: add safe_clamd from Luca
    * freshclam: uses private symbol which changed proto, change name to prevent
      crash
    * libclamav: fix callback_sigload
    * clamdscan: fix parsing of virus names in extended mode and --stream
    * libclamav/c++/detect.cpp: Mac OS X can run 64-bit apps on 32-bit kernel
    * libclamav/others.h: bump f-level
    * sigtool/sigtool.c: fix handling of --datadir
    * libclamav/matcher-ac.c: improve offset handling
    * libclamav/7z/Archive/7z/7zDecode.c: shut up a warning
    * libclamav/autoit.c: properly resume from empty files regression introduced
      in ac867aad
    * libclamav/elf.c: fix zero mem alloc warning
    * win32: fix libclamav's triple and fix GetVersion
    * libclamav/bytecode.c: save lsig counts/offsets
    * libclamav/{bytecode,matcher}.c: matchicon API
    * libclamav/pe_icons.c: BE fixes
    * more...
    ---
    Module Name:	pkgsrc
    Committed By:	adam
    Date:		Thu Aug 26 06:02:07 UTC 2010
    
    Modified Files:
    	pkgsrc/mail/clamav: distinfo
    
    Log Message:
    patch-ac has been changed
    ---
    Module Name:	pkgsrc
    Committed By:	adam
    Date:		Tue Sep 21 07:47:26 UTC 2010
    
    Modified Files:
    	pkgsrc/mail/clamav: Makefile buildlink3.mk distinfo
    
    Log Message:
    Changes 0.96.3:
    This release fixes problems with the PDF parser and the internal bzip2 library.
    A complete list of changes is available in the Changelog file.
    tron committed Sep 25, 2010
  5. Pullup ticket #3229 - requested by taca

    mail/mailman: security patch
    
    Revisions pulled up:
    - mail/mailman/Makefile				1.62
    - mail/mailman/distinfo				1.19
    - mail/mailman/patches/patch-ak			1.1
    - mail/mailman/patches/patch-al			1.1
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Fri Sep 24 23:24:31 UTC 2010
    
    Modified Files:
    	pkgsrc/mail/mailman: Makefile distinfo
    Added Files:
    	pkgsrc/mail/mailman/patches: patch-ak patch-al
    
    Log Message:
    Add patches to fix XSS (CVE-2010-3089).
    
    Bump PKGREVISION.
    tron committed Sep 25, 2010
Commits on Sep 24, 2010
  1. Pullup ticket #3228 - requested by joerg

    archivers/bzip2: security update
    
    Revisions pulled up:
    - archivers/bzip2/files/LICENSE			1.3
    - archivers/bzip2/files/blocksort.c		1.3
    - archivers/bzip2/files/bzip2.1			1.3
    - archivers/bzip2/files/bzip2.c			1.3
    - archivers/bzip2/files/bzip2recover.c		1.3
    - archivers/bzip2/files/bzlib.c			1.3
    - archivers/bzip2/files/bzlib.h			1.3
    - archivers/bzip2/files/bzlib_private.h		1.3
    - archivers/bzip2/files/compress.c		1.3
    - archivers/bzip2/files/crctable.c		1.3
    - archivers/bzip2/files/huffman.c		1.3
    - archivers/bzip2/files/randtable.c		1.3
    ---
    Module Name:	pkgsrc
    Committed By:	joerg
    Date:		Thu Sep 23 11:03:36 UTC 2010
    
    Modified Files:
    	pkgsrc/archivers/bzip2/files: LICENSE blocksort.c bzip2.1 bzip2.c
    	    bzip2recover.c bzlib.c bzlib.h bzlib_private.h compress.c
    	    crctable.c huffman.c randtable.c
    
    Log Message:
    Forcefully merge the branch back. This updates the included version
    numbers.
    tron committed Sep 24, 2010
Commits on Sep 22, 2010
  1. Pullup ticket #3228.

    tron committed Sep 22, 2010
  2. Pullup ticket #3228 - requested by joerg

    archivers/bzip2: security update
    
    Revisions pulled up:
    - archivers/bzip2/Makefile			1.50
    - archivers/bzip2/PLIST				1.4
    - archivers/bzip2/files/CHANGES			1.3
    - archivers/bzip2/files/README			1.3
    - archivers/bzip2/files/bzdiff			new file
    - archivers/bzip2/files/bzdiff.1		new file
    - archivers/bzip2/files/bzgrep			new file
    - archivers/bzip2/files/bzgrep.1		new file
    - archivers/bzip2/files/decompress.c		1.3
    ---
    Module Name:	pkgsrc
    Committed By:	joerg
    Date:		Wed Sep 22 14:32:18 UTC 2010
    
    Update of /cvsroot/pkgsrc/archivers/bzip2/files
    In directory ivanova.netbsd.org:/tmp/cvs-serv13227
    
    Log Message:
    Import stripped down bzip2-1.0.6.
    ---
    Module Name:	pkgsrc
    Committed By:	joerg
    Date:		Wed Sep 22 14:48:41 UTC 2010
    
    Modified Files:
    	pkgsrc/archivers/bzip2/files: CHANGES README decompress.c
    
    Log Message:
    Update to bzip2-1.0.6: Fix for CVE-2010-0405
    ---
    Module Name:	pkgsrc
    Committed By:	joerg
    Date:		Wed Sep 22 14:53:22 UTC 2010
    
    Modified Files:
    	pkgsrc/archivers/bzip2: Makefile PLIST
    
    Log Message:
    Update to bzip2-1.0.6: Fix for CVE-2010-0405. Also install various
    helper scripts.
    tron committed Sep 22, 2010
Commits on Sep 20, 2010
  1. Pullup ticket #3224.

    tron committed Sep 20, 2010
  2. Pullup ticket #3224 - requested by taca

    www/mediawiki: security update
    
    Revisions pulled up:
    - www/mediawiki/Makefile			1.13
    - www/mediawiki/distinfo			1.9
    - www/mediawiki/patches/patch-aa		1.1
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Thu Sep 16 14:52:02 UTC 2010
    
    Modified Files:
    	pkgsrc/www/mediawiki: Makefile distinfo
    Added Files:
    	pkgsrc/www/mediawiki/patches: patch-aa
    
    Log Message:
    Update mediawiki to 1.15.5.
    
    == MediaWiki 1.15.5 ==
    
    2010-07-28
    
    This is a security and maintenance release.
    
    MediaWiki is now using a "continuous integration" development model with
    quarterly snapshot releases. The latest development code is always kept
    "ready to run", and in fact runs our own sites on Wikipedia.
    
    Release branches will continue to receive security updates for about a year
    from first release, but nonessential bugfixes and feature developments
    will be made on the development trunk and appear in the next quarterly release.
    
    Those wishing to use the latest code instead of a branch release can obtain
    it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
    tron committed Sep 20, 2010
Commits on Sep 15, 2010
  1. Pullup ticket #3223.

    tron committed Sep 15, 2010
  2. Pullup ticket #3223 - requested by taca

    net/samba33: security update
    
    Revisions pulled up:
    - net/samba33/Makefile		1.11
    - net/samba33/distinfo		1.5
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Tue Sep 14 13:08:23 UTC 2010
    
    Modified Files:
    	pkgsrc/net/samba33: Makefile distinfo
    
    Log Message:
    Update samba33 package to 3.3.14.
    
                       ==============================
                       Release Notes for Samba 3.3.14
    		         September 14, 2010
                       ==============================
    
    This is a security release in order to address CVE-2010-3069.
    
    o  CVE-2010-3069:
       All current released versions of Samba are vulnerable to
       a buffer overrun vulnerability. The sid_parse() function
       (and related dom_sid_parse() function in the source4 code)
       do not correctly check their input lengths when reading a
       binary representation of a Windows SID (Security ID). This
       allows a malicious client to send a sid that can overflow
       the stack variable that is being used to store the SID in the
       Samba smbd server.
    tron committed Sep 15, 2010
Commits on Sep 11, 2010
  1. Pullup ticket #3220.

    tron committed Sep 11, 2010
  2. Pullup ticket #3220 - requested by spz

    security/sudo: security update
    
    Revisions pulled up:
    - security/sudo/Makefile			1.122-1.123
    - security/sudo/PLIST				1.5
    - security/sudo/distinfo			1.64-1.65
    - security/sudo/patches/patch-aa		1.24
    - security/sudo/patches/patch-af		1.24-1.25
    - security/sudo/patches/patch-ag		1.15-1.16
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Mon Jul	 5 03:08:10 UTC 2010
    
    Modified Files:
    	pkgsrc/security/sudo: Makefile distinfo
    	pkgsrc/security/sudo/patches: patch-af patch-ag
    
    Log Message:
    Update sudo package to 1.7.2p8.
    
    Major changes between sudo 1.7.2p7 and 1.7.2p8:
    
     * Fixed a crash on AIX when LDAP support is in use.
    
     * Fixed problems with the QAS non-Unix group support
    ---
    Module Name:	pkgsrc
    Committed By:	spz
    Date:		Fri Sep 10 17:11:27 UTC 2010
    
    Modified Files:
    	pkgsrc/security/sudo: Makefile PLIST distinfo
    	pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
    
    Log Message:
    updating to the latest and greatest (and less a bunch of security
    relevant bugs) version:
    
    Major changes between version 1.7.4p3 and 1.7.4p4:
    
        * A potential security issue has been fixed with respect to the
          handling of sudo's -g command line option when -u is also
          specified. The flaw may allow an attacker to run commands as a
          user that is not authorized by the sudoers file.
        * A bug has been fixed where "sudo -l" output was incomplete if
          multiple sudoers sources were defined in nsswitch.conf and there
          was an error querying one of the sources.
        * The log_input, log_output, and use_pty sudoers options now work
          correctly on AIX. Previously, sudo would hang if they were
          enabled.
        * Fixed "make install" when sudo is built in a directory other
          than the directory that holds the sources.
        * The runas_default sudoers setting now works properly in a
          per-command Defaults line.
        * Suspending and resuming the bash shell when PAM is in use now
          works properly. The SIGCONT signal was not being propagated to
          the child process.
    
    Major changes between version 1.7.4p2 and 1.7.4p3:
    
        * A bug has been fixed where duplicate HOME environment variables
          could be set when the env_reset setting was disabled and the
          always_set_home setting was enabled in sudoers.
        * The value of sysconfdir is now substituted into the path to the
          sudoers.d directory in the installed sudoers file.
        * Fixed compilation problems on Irix and other platforms.
        * If multiple PAM "auth" actions are specified and the user enters
          ^C at the password prompt, sudo will now abort any subsequent
          "auth" actions. Previously it was necessary to enter ^C once for
          each "auth" action.
    
    Major changes between version 1.7.4p1 and 1.7.4p2:
    
        * Fixed a bug where sudo could spin in a cpu loop waiting for the
          child process.
        * Packaging fixes for sudo.pp to better handle patchlevels.
    
    Major changes between version 1.7.4 and 1.7.4p1:
    
        * Fix a bug introduced in sudo 1.7.3 that prevented the -k and -K
          options from functioning when the tty_tickets sudoers option was
          enabled.
        * Sudo no longer prints a warning when the -k or -K options are
          specified and the ticket file does not exist.
        * Changes to the configure script to enable cross-compilation of
          Sudo.
    
    Major changes between version 1.7.3 and 1.7.4:
    
        * Sudoedit will now preserve the file extension in the name of the
          temporary file being edited. The extension is used by some
          editors (such as emacs) to choose the editing mode.
        * Time stamp files have moved from /var/run/sudo to either
          /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories
          are checked for existence in that order. This prevents users
          from receiving the sudo lecture every time the system reboots.
          Time stamp files older than the boot time are ignored on systems
          where it is possible to determine this.
        * Ancillary documentation (README files, LICENSE, etc) is now
          installed in a sudo documentation directory.
        * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
          in ldap.conf.
        * Defaults settings that are tied to a user, host or command may
          now include the negation operator. For example:
    	  Defaults:!millert lecture
          will match any user but millert.
        * The default PATH environment variable, used when no PATH variable
          exists, now includes /usr/sbin and /sbin.
        * Sudo now uses polypkg for cross-platform packing.
        * On Linux, sudo will now restore the nproc resource limit before
          executing a command, unless the limit appears to have been
          modified by pam_limits. This avoids a problem with bash scripts
          that open more than 32 descriptors on SuSE Linux, where
          sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set
          to RLIMIT_UNLIMITED (-1).
        * Visudo will now treat an unrecognized Defaults entry as a parse
          error (sudo will warn but still run).
        * The HOME and MAIL environment variables are now reset based on
          the target user's password database entry when the env_reset
          sudoers option is enabled (which is the case in the default
          configuration). Users wishing to preserve the original values
          should use a sudoers entry like:
    	  Defaults env_keep += HOME
          to preserve the old value of HOME and
    	  Defaults env_keep += MAIL
          to preserve the old value of MAIL.
        * The tty_tickets option is now on by default.
        * Fixed a problem in the restoration of the AIX authdb registry
          setting.
        * If PAM is in use, wait until the process has finished before
          closing the PAM session.
        * Fixed "sudo -i -u user" where user has no shell listed in the
          password database.
        * When logging I/O, sudo now handles pty read/write returning ENXIO,
          as seen on FreeBSD when the login session has been killed.
        * Sudo now performs I/O logging in the C locale. This avoids
          locale-related issues when parsing floating point numbers in the
          timing file.
        * Added support for Ubuntu-style admin flag dot files.
    
    Major changes between version 1.7.2p8 and 1.7.3:
    
        * Support for logging a command's input and output as well as the
          ability to replay sessions. For more information, see the
          documentation for the log_input and log_output Defaults options
          in the sudoers manual. Also see the sudoreplay manual for
          information on replaying I/O log sessions.
        * The use_pty sudoers option can be used to force a command to be
          run in a pseudo-pty, even when I/O logging is not enabled.
        * On some systems, sudo can now detect when a user has logged out
          and back in again when tty-based time stamps are in use.
          Supported systems include Solaris systems with the devices file
          system, Mac OS X, and Linux systems with the devpts filesystem
          (pseudo-ttys only).
        * On AIX systems, the registry setting in /etc/security/user is
          now taken into account when looking up users and groups.
          Sudo now applies the correct the user and group ids when running
          a command as a user whose account details come from a different
          source (e.g. LDAP or DCE vs. local files).
        * Support for multiple sudoers_base and uri entries in ldap.conf.
          When multiple entries are listed, sudo will try each one in the
          order in which they are specified.
        * Sudo's SELinux support should now function correctly when running
          commands as a non-root user and when one of stdin, stdout or stderr
          is not a terminal.
        * Sudo will now use the Linux audit system with configure with the
          --with-linux-audit flag.
        * Sudo now uses mbr_check_membership() on systems that support it
          to determine group membership. Currently, only Darwin (Mac OS X)
          supports this.
        * When the tty_tickets sudoers option is enabled but there is no
          terminal device, sudo will no longer use or create a tty-based
          ticket file. Previously, sudo would use a tty name of "unknown".
          As a consequence, if a user has no terminal device, sudo will now
          always prompt for a password.
        * The passwd_timeout and timestamp_timeout options may now be
          specified as floating point numbers for more granular timeout
          values.
        * Negating the fqdn option in sudoers now works correctly when sudo
          is configured with the --with-fqdn option. In previous versions
          of sudo the fqdn was set before sudoers was parsed.
    tron committed Sep 11, 2010
  3. pullups 3218 + 3219

    spz committed Sep 11, 2010
  4. Pullup ticket 3218 - requested by tnn

    security update
    
    Revisions pulled up:
    - pkgsrc/www/seamonkey/Makefile			1.39
    - pkgsrc/www/seamonkey/distinfo			1.55
    - pkgsrc/www/seamonkey/patches/patch-ap		1.8
    - pkgsrc/www/seamonkey/patches/patch-mm		1.2
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tnn
       Date:           Thu Sep  9 11:12:27 UTC 2010
    
       Modified Files:
               pkgsrc/www/seamonkey: Makefile distinfo
               pkgsrc/www/seamonkey/patches: patch-ap patch-mm
    
       Log Message:
       Update to seamonkey-2.0.7.
    
       * Message-ID searches on Google Groups work again
       * Add-ons preferences button for Lightning should work now
       * Security fixes:
       MFSA 2010-63 Information leak via XMLHttpRequest statusText
       MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
       MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
                    attribute
       MFSA 2010-60 XSS using SJOW scripted function
       MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
       MFSA 2010-57 Crash and remote code execution in normalizeDocument
       MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
       MFSA 2010-55 XUL tree removal crash and remote code execution
       MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
       MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
       MFSA 2010-52 Windows XP DLL loading vulnerability
       MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
       MFSA 2010-50 Frameset integer overflow vulnerability
       MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.38 -r1.39 pkgsrc/www/seamonkey/Makefile
       cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/seamonkey/distinfo
       cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/seamonkey/patches/patch-ap
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/seamonkey/patches/patch-mm
    spz committed Sep 11, 2010
  5. Pullup ticket 3219 - requested by tnn

    security update
    
    Revisions pulled up:
    - pkgsrc/devel/nspr/Makefile			1.37
    - pkgsrc/devel/nspr/PLIST			1.11
    - pkgsrc/devel/nss/Makefile			1.38
    - pkgsrc/devel/xulrunner/PLIST			1.24
    - pkgsrc/devel/xulrunner/dist.mk		1.14
    - pkgsrc/devel/xulrunner/distinfo		1.36
    - pkgsrc/devel/xulrunner/mozilla-common.mk	1.16
    - pkgsrc/devel/xulrunner/patches/patch-ag	1.2
    - pkgsrc/devel/xulrunner/patches/patch-al	1.2
    - pkgsrc/devel/xulrunner/patches/patch-ap	1.4
    - pkgsrc/devel/xulrunner/patches/patch-mc	1.2
    - pkgsrc/devel/xulrunner/patches/patch-mm	1.3
    - pkgsrc/devel/xulrunner/patches/patch-mn	1.3
    
    -------------------------------------------------------------------------
       Modified Files:
               pkgsrc/devel/nspr: Makefile PLIST
    
       Log Message:
       Update to nspr-4.8.6 (via firefox-3.6.9). Changes unknown.
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.36 -r1.37 pkgsrc/devel/nspr/Makefile
       cvs rdiff -u -r1.10 -r1.11 pkgsrc/devel/nspr/PLIST
    
    -------------------------------------------------------------------------
       Modified Files:
               pkgsrc/devel/nss: Makefile
    
       Log Message:
       Update to nss-3.12.7.0 (via firefox-3.6.9). Changes unknown.
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.37 -r1.38 pkgsrc/devel/nss/Makefile
    
    -------------------------------------------------------------------------
       Modified Files:
               pkgsrc/devel/xulrunner: PLIST dist.mk distinfo mozilla-common.mk
               pkgsrc/devel/xulrunner/patches: patch-ag patch-al patch-ap
       patch-mc patch-mm patch-mn
    
       Log Message:
       Update to firefox-3.6.9 (xulrunner-1.9.2.9)
    
       MFSA 2010-63 Information leak via XMLHttpRequest statusText
       MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
       MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type
                    attribute
       MFSA 2010-59 SJOW creates scope chains ending in outer object
       MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
       MFSA 2010-57 Crash and remote code execution in normalizeDocument
       MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
       MFSA 2010-55 XUL tree removal crash and remote code execution
       MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
       MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
       MFSA 2010-52 Windows XP DLL loading vulnerability
       MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
       MFSA 2010-50 Frameset integer overflow vulnerability
       MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/xulrunner/PLIST
       cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/xulrunner/dist.mk
       cvs rdiff -u -r1.35 -r1.36 pkgsrc/devel/xulrunner/distinfo
       cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/xulrunner/mozilla-common.mk
       cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/devel/xulrunner/patches/patch-ag \
           pkgsrc/devel/xulrunner/patches/patch-al
       cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/xulrunner/patches/patch-ap
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/xulrunner/patches/patch-mc
       cvs rdiff -u -r1.2 -r1.3 pkgsrc/devel/xulrunner/patches/patch-mm \
           pkgsrc/devel/xulrunner/patches/patch-mn
    spz committed Sep 11, 2010
Commits on Sep 9, 2010
  1. pullup #3216

    spz committed Sep 9, 2010
  2. Pullup ticket 3216 - requested by tron

    security update
    
    Revisions pulled up:
    - pkgsrc/www/squid/options.mk		1.20
    - pkgsrc/www/squid31/Makefile		1.26
    - pkgsrc/www/squid31/distinfo		1.24
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   adam
       Date:           Wed Jul 28 10:16:14 UTC 2010
    
       Modified Files:
               pkgsrc/www/squid: options.mk
               pkgsrc/www/squid31: Makefile distinfo
    
       Log Message:
       Changes 3.1.5.1:
       * SourceFormat Enforcement
       * Replace most USE_IPV6 with run-time support probing
       * Translations: sync with 3.HEAD language updates
       * Split-Stack enable DNS and http(s)_port sockets.
       * Bug: --with-valgrind-debug failures ignored
       * Fixed comm.cc:377: "fd_table[fd].halfClosedReader !=3D NULL" assertion
       * Kludge: try to detect system acinclude path, to fix libtool brokenness.
       * Bug: search scope for digest_ldap_auth didn't work
       * Update libtool autoconf macros to libtool2 style
       * Correction documentation of QoS disable-preserve-miss
       * Remove .so from SASL build checks
       * Bug: AIX support: c only c++ style comments test case
       * Bug: AIX support: check libm for log()
       * Do not stop accepting just because we got COMM_NOMESSAGE.
       * Bug: AIX support: uchar is already define (more)
       * Bug: AIX support: uchar is already define
       * Bug: crash handling NULL write callback
       * Correct Joomla DB auth handling
       * Fixed memory leak related to retried requests.
       * Prevent memory leaks when cloning Range requests.
       * Fixed memory leaks related to Range requests.
    
       Changes 3.1.5:
       * Bug: Fix context leak in HttpStateData::processReplyHeader
       * Bug: raw-IPv6 address URL with append_domain broken
       * Bug: does not send indirect X-Client-Ip in ICAP respmod
       * Fix free memory corruption and off-by-on error when comparing SNMP OIDs
       * Restart DNS retransmission count when restarting the query as an A lookup
       * Bug: HTTP responses with no Date, L-M or Expires can now be cached
       * Maintenance: Formater skip libltdl dirs
       * SourceFormat Enforcement
       * Bug: Fails to detect chunked encoding if not given in all lower case
       * Port from 2.7: max_filedescriptor config option
       * persistent_connection_after_error is meant to be on by default
       * kFreeBSD does not have linux headers. Wrap properly.
       * Maintenance: Use system MD5 instead of hard-coded python paths
       * Bug: ICAP tokens not logged when using multiple access
       * SourceFormat Enforcement
       * OpenBSD: Fix build mem.cc warning: converting of negative value
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/squid/options.mk
       cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/squid31/Makefile
       cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/squid31/distinfo
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Wed Aug  4 11:36:08 UTC 2010
    
       Modified Files:
               pkgsrc/www/squid31: Makefile distinfo
    
       Log Message:
       Update "squid31" package to version 3.1.6. Changes since 3.1.5.1:
       - Bug 2994, 2995: IPv4-only regressions
       - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
       - Bug 2975: chunked requests not supported after regular ones
       - Fix: 32-bit overflow in reported bytes received from next hop
       - Fix Libtool build regressions
       - Limited split-stack IPv6 support.
       - squid_db_auth support MD5 encrypted passwords
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/squid31/Makefile
       cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/squid31/distinfo
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Wed Aug 25 17:53:44 UTC 2010
    
       Modified Files:
               pkgsrc/www/squid31: Makefile distinfo
    
       Log Message:
       Update "squid31" package to version 3.1.7. Change since 3.1.6:
       - Regression Bug 3021: Large DNS reply causes crash
       - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
       - Regression Bug 2997: visible_hostname directive no longer matches docs
       - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
       - Bug 3006: handle IPV6_V6ONLY definition missing
       - Bug 3004: Solaris 9 SunStudio 12 build failure
       - Bug 3003: inconsistent concepts in documentation of cache_dir
       - Bug 3001: dnsserver link issues
       - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
       - HTTP/1.1: Improved Range header field validation
       - HTTP/1.1: Forward multiple unknown Cache-Control directives
       - HTTP/1.1: Stop sending Proxy-Connection header
       - Fix 32-bit wrap in refresh_pattern min/max values
       - ... and several documentation corrections.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/squid31/Makefile
       cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/squid31/distinfo
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Tue Sep  7 19:55:17 UTC 2010
    
       Modified Files:
               pkgsrc/www/squid31: Makefile distinfo
    
       Log Message:
       Update "squid31" package to version 3.1.8. Changes since 3.1.7:
       - Security fixes:
        - Fixes for the request processing vulnerability tagged SQUID-2010:3.
          http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
        - A hardening of the DNS client against packet queueing approaches
          used to enable attacks. This completes the protection against attacks
          published by Yamaguchi late in 2009.
        - An HTTP request-line parser hardened against several categories of
          request attack. This greatly increasing the speed of detection and
          reducing resources used to detect these categories of attack.
       - Fixes for the following bugs:
         - Bug 3020: Segmentation fault: nameservers[vc->ns].vc =3D NULL
         - Bug 3005,2972: Locate LTDL headers correctly (again)
         - Bug 2872: leaking file descriptors
         - Bug 2583: pure virtual method called
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.25 -r1.26 pkgsrc/www/squid31/Makefile
       cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/squid31/distinfo
    spz committed Sep 9, 2010
Commits on Sep 3, 2010
  1. Pullup ticket #3215.

    tron committed Sep 3, 2010
  2. Pullup ticket #3215 - requested by drochner

    graphics/dia: package list fix
    
    Revisions pulled up:
    - graphics/dia/PLIST				1.19
    ---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Tue Aug 31 18:25:29 UTC 2010
    
    Modified Files:
            pkgsrc/graphics/dia: PLIST
    
    Log Message:
    add conditionals to PLIST to fix the non-gnome case, should fix
    PR pkg/43812 by Matthew Mondor
    The DIA_HELPDIR variable looks unnecessary now, it might make sense
    to not install the xml documentation in the non-gnome case because
    there is no tool to read it anyway.
    tron committed Sep 3, 2010
Commits on Aug 27, 2010
  1. Pullup ticket #3214.

    tron committed Aug 27, 2010
  2. Pullup ticket #3214 - requested by gdt

    net/quagga-devel: security update
    
    Revisions pulled up:
    - net/quagga-devel/Makefile			1.16
    - net/quagga-devel/distinfo			1.11
    ---
    Module Name:	pkgsrc
    Committed By:	gdt
    Date:		Wed Aug 25 17:52:24 UTC 2010
    
    Modified Files:
    	pkgsrc/net/quagga-devel: Makefile distinfo
    
    Log Message:
    Update to 0.99.17.
    
    The most important change is in correcting handling of malformed data
    in BGP sessions.
    
    bgpd:
        fix handling of AS path data
        tighten bounds checking in RR ORF msg reader
    
    ospfd:
        Only refresh external default route once.
        Make sure ospf_distribute_list_update_timer() eventually runs.
        Make sure all external routes are updated.
    
    zebra:
        fix infinite loop when deleting an interface
    
    ospf6d:
        Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config
    
    isisd:
        change ISIS_METHOD to use C preprocessor
    
    other:
        build: ignore mkinstalldirs and texinfo.tex
        build: Add QuaggaId to README.NetBSD
        build/extra: Enhance README.NetBSD make/gmake decision.
        git: add pointers to out-of-tree work
        git: add (generated) m4 files to .gitignore
        Update for git and emphasize asking for good reports.
        doc: fixed spelling in bgpd.texi
    tron committed Aug 27, 2010
Commits on Aug 25, 2010
  1. Pullup ticket #3213.

    tron committed Aug 25, 2010
  2. Pullup ticket #3213 - requested by obache

    graphics/pear-Image_Color: build fix
    
    Revisions pulled up:
    - lang/php/pear.mk		1.19
    ---
    Module Name:	pkgsrc
    Committed By:	obache
    Date:		Wed Aug 25 06:37:20 UTC 2010
    
    Modified Files:
    	pkgsrc/lang/php: pear.mk
    
    Log Message:
    Always install pear with `-n', or failed to install if extension is required
    but not loaded in php.ini.
    tron committed Aug 25, 2010
Commits on Aug 22, 2010
  1. pullup #3211 & #3212

    spz committed Aug 22, 2010
  2. Pullup ticket 3212 - requested by tron

    security update
    
    Revisions pulled up:
    - pkgsrc/databases/phpmyadmin/Makefile	1.83
    - pkgsrc/databases/phpmyadmin/distinfo	1.44
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tron
       Date:           Sat Aug 21 07:50:02 UTC 2010
    
       Modified Files:
               pkgsrc/databases/phpmyadmin: Makefile distinfo
    
       Log Message:
       Update "phpmyadmin" package to version 2.11.10.1.
       Changes since version 2.11.10:
       - [setup] Fixed output sanitizing in setup script, see PMASA-2010-4 for
         more details.
       - [core] Fixed various XSS issues, see PMASA-2010-5 for more details.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.82 -r1.83 pkgsrc/databases/phpmyadmin/Makefile
       cvs rdiff -u -r1.43 -r1.44 pkgsrc/databases/phpmyadmin/distinfo
    spz committed Aug 22, 2010
  3. Pullup ticket 3211 - requested by tez

    build fix for Solaris
    
    Revisions pulled up:
    - pkgsrc/devel/glib2/Makefile	1.176
    
    -------------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   tez
       Date:           Fri Aug 20 16:33:10 UTC 2010
    
       Modified Files:
               pkgsrc/devel/glib2: Makefile
    
       Log Message:
       Fix build on Solaris per pkg/43707 -  no revision bump since other
       platforms are unaffected and Solaris did not build before
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.175 -r1.176 pkgsrc/devel/glib2/Makefile
    spz committed Aug 22, 2010
Commits on Aug 19, 2010
  1. Pullup tickets #3208, #3209 and #3210.

    tron committed Aug 19, 2010
  2. Pullup ticket #3210 - requested by obache

    x11/wxGTK24: build fix
    
    Revisions pulled up:
    - x11/wxGTK24/Makefile.common			1.7
    - x11/wxGTK24/distinfo				1.12
    - x11/wxGTK24/patches/patch-aa			1.6
    ---
    Module Name:	pkgsrc
    Committed By:	obache
    Date:		Wed Aug 18 10:05:08 UTC 2010
    
    Modified Files:
    	pkgsrc/x11/wxGTK24: Makefile.common distinfo
    	pkgsrc/x11/wxGTK24/patches: patch-aa
    
    Log Message:
    Let to use BUILDLINK_DIR first for find header/library files.
    It should fixes PR#43215.
    tron committed Aug 19, 2010