Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Mar 30, 2011
  1. Pullup ticket #3397.

    tron authored
  2. Pullup ticket #3397 - requested by drochner

    tron authored
    sysutils/xenkernel3: security patch
    sysutils/xenkernel33: security patch
    
    Revisions pulled up:
    - sysutils/xenkernel3/Makefile                                  1.20
    - sysutils/xenkernel3/distinfo                                  1.13
    - sysutils/xenkernel3/patches/patch-ac                          1.3
    - sysutils/xenkernel33/Makefile                                 1.13
    - sysutils/xenkernel33/distinfo                                 1.11
    - sysutils/xenkernel33/patches/patch-ac                         1.1
    
    ---
       Module Name:    pkgsrc
       Committed By:   drochner
       Date:           Thu Mar 24 12:04:57 UTC 2011
    
       Modified Files:
               pkgsrc/sysutils/xenkernel33: Makefile distinfo
       Added Files:
               pkgsrc/sysutils/xenkernel33/patches: patch-ac
    
       Log Message:
       add patch from upstream (manually, due to changed #ifdefs and indentation)
       to fix possible crashes triggered by 64-bit guests (found by
       Cherry G. Mathew, CVE-2011-1166)
       bump PKGREV
    
    ---
       Module Name:    pkgsrc
       Committed By:   drochner
       Date:           Thu Mar 24 12:43:53 UTC 2011
    
       Modified Files:
               pkgsrc/sysutils/xenkernel3: Makefile distinfo
       Added Files:
               pkgsrc/sysutils/xenkernel3/patches: patch-ac
    
       Log Message:
       add patch from upstream (manually, due to changed #ifdefs and indentation)
       to fix possible crashes triggered by 64-bit guests (found by
       Cherry G. Mathew, CVE-2011-1166)
       bump PKGREV
Commits on Mar 22, 2011
  1. Pullup tickets 3393, 3394 and 3395

    sbd authored
  2. Pullup ticket #3395 - requested by taca

    sbd authored
    security fix for lang/php53
    
    Revisions pulled up:
    - lang/php53/Makefile                                           1.8
    - lang/php53/Makefile.common                                    1.5
    - lang/php53/distinfo                                           1.13
    - lang/php53/patches/patch-aa                                   1.2
    - lang/php53/patches/patch-ab                                   1.4
    - lang/php53/patches/patch-af                                   1.2
    - lang/php53/patches/patch-ar                                   Removed
    - lang/php53/patches/patch-ext_exif_exif.c                      Removed
    - lang/php53/patches/patch-ext_zip_lib_zip__name__locate.c      Removed
    - lang/php53/patches/patch-ext_zip_php__zip.c                   Removed
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat Mar 19 07:01:19 UTC 2011
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile Makefile.common distinfo
       	pkgsrc/lang/php53/patches: patch-aa patch-ab patch-af
       Removed Files:
       	pkgsrc/lang/php53/patches: patch-ar patch-ext_exif_exif.c
       	    patch-ext_zip_lib_zip__name__locate.c patch-ext_zip_php__zip.c
    
       Log Message:
       Update lang/php53 package to PHP 5.3.
    
       PHP 5.3.6 Released!
    
       [17-Mar-2011]
       The PHP development team would like to announce the immediate availability
       of PHP 5.3.6. This release focuses on improving the stability of the PHP
       5.3.x branch with over 60 bug fixes, some of which are security related.
    
       Security Enhancements and Fixes in PHP 5.3.6:
    
       * Enforce security in the fastcgi protocol parsing with fpm SAPI.
       * Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
       * Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
       * Fixed bug #54055 (buffer overrun with high values for precision ini setting).
       * Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
       * Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty
         archive). (CVE-2011-0421)
    
       Key enhancements in PHP 5.3.6 include:
    
       * Upgraded bundled Sqlite3 to version 3.7.4.
       * Upgraded bundled PCRE to version 8.11.
       * Added ability to connect to HTTPS sites through proxy with basic
         authentication using stream_context/http/header/Proxy-Authorization.
       * Added options to debug backtrace functions.
       * Changed default value of ini directive serialize_precision from 100 to 17.
       * Fixed Bug #53971 (isset() and empty() produce apparently spurious
         runtime error).
       * Fixed Bug #53958 (Closures can't 'use' shared variables by value and
         by reference).
       * Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir
         with a trailing forward slash).
       * Over 60 other bug fixes.
  3. Pullup ticket #3393 - requested by taca

    sbd authored
    security fix for lang/php5
    
    Revisions pulled up:
    - lang/php5/Makefile                                            1.84
    - lang/php5/distinfo                                            1.89
    - lang/php5/patches/patch-main_snprintf.c                       1.1
    - lang/php5/patches/patch-main_snprintf.h                       1.1
    - lang/php5/patches/patch-main_spprintf.c                       1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Mar 21 16:34:28 UTC 2011
    
       Modified Files:
       	pkgsrc/lang/php5: Makefile distinfo
       Added Files:
       	pkgsrc/lang/php5/patches: patch-main_snprintf.c patch-main_snprintf.h
       	    patch-main_spprintf.c
    
       Log Message:
       Apply changes by r308525 from PHP's repository to fix bug #54055
       (buffer overrun with high values for precision ini setting).
    
       It fixes one of security fixes by PHP 5.3.6.
    
       Bump PKGREVISION.
  4. Pullup ticket #3394 - requested by taca

    sbd authored
    security fix for devel/php-shmop
    
    Revisions pulled up:
    - devel/php-shmop/Makefile                                      1.10
    - lang/php5/distinfo                                            1.88
    - lang/php5/patches/patch-ext_shmop_shmop.c                     1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Mar 21 16:08:29 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/php-shmop: Makefile
       	pkgsrc/lang/php5: distinfo
       Added Files:
       	pkgsrc/lang/php5/patches: patch-ext_shmop_shmop.c
    
       Log Message:
       Add a patch to fix bug #54193 (Integer overflow in shmop_read()) referring
       r309018 from PHPs' repository.  (CVE-2011-1092)
    
       Bump PKGREVISION of devel/php-shmop.
Commits on Mar 13, 2011
  1. Pullup ticket #3388

    sbd authored
  2. Pullup ticket #3388 - requested by tron

    sbd authored
    Security update for graphic/tiff
    
    Revisions pulled up:
    - graphics/tiff/Makefile                                        1.99
    - graphics/tiff/distinfo                                        1.50
    - graphics/tiff/patches/patch-SA43593                           1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Sat Mar 12 16:10:43 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/tiff: Makefile distinfo
       Added Files:
       	pkgsrc/graphics/tiff/patches: patch-SA43593
    
       Log Message:
       Add fix for vulnerability reported in SA43593 taken from the
       "libtiff" CVS repository.
Commits on Mar 12, 2011
  1. Pullup ticket #3387

    sbd authored
  2. Pullup ticket #3387 - requested by wiz

    sbd authored
    build fix for devel/bmake
    
    Revisions pulled up:
    - devel/bmake/files/make-bootstrap.sh.in                        1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Wed Jan 26 10:13:48 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/bmake/files: make-bootstrap.sh.in
    
       Log Message:
       Add missing ".o". Found by Matthieu Herrb in PR 44461.
Commits on Mar 11, 2011
  1. Pullup ticket #3385.

    tron authored
  2. Pullup ticket #3385 - requested by taca

    tron authored
    mail/postfix-current: security update
    
    Revisions pulled up:
    - mail/postfix-current/MESSAGE				patch
    - mail/postfix-current/MESSAGE.sasl			patch
    - mail/postfix-current/Makefile				patch
    - mail/postfix-current/PLIST				patch
    - mail/postfix-current/distinfo				patch
    - mail/postfix-current/files/mailer.conf		patch
    - mail/postfix-current/patches/patch-aa			patch
    - mail/postfix-current/patches/patch-ag			patch
    - mail/postfix-current/patches/patch-ai			patch
    - mail/postfix-current/patches/patch-as			patch
    - mail/postfix-current/patches/patch-at			deleted
    - mail/postfix-current/patches/patch-au			deleted
    - mail/postfix-current/patches/patch-av			deleted
    
    ---
    Update "postfix-current" package to version 2.8.1:
      Postfix stable release 2.8.0 is available. This release continues the
      move towards improving code and documentation, and making the system
      better prepared for changes in the threat environment.
    
      The postscreen daemon (a zombie blocker in front of Postfix) is now
      included with the stable release. postscreen now supports TLS and can
      log the rejected sender, recipient and helo information. See the
      POSTSCREEN_README file for recommended usage scenarios.
    
      Support for DNS whitelisting (permit_rhswl_client), and for pattern
      matching to filter the responses from DNS white/blacklist servers
      (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).
    
      Improved message tracking across SMTP-based content filters; the
      after-filter SMTP server can log the before-filter queue ID (the
      XCLIENT protocol was extended).
    
      Read-only support for sqlite databases. See sqlite_table(5) and
      SQLITE_README.
    
      Support for 'footers' that are appended to SMTP server "reject"
      responses. See "smtpd_reject_footer" in the postconf(5) manpage.
Commits on Mar 9, 2011
  1. Pullup ticket #3386 - requested by gls

    tron authored
    www/py-moin: security patch
    
    Revisions pulled up:
    - www/py-moin/Makefile                                          1.16
    - www/py-moin/distinfo                                          1.7
    - www/py-moin/patches/patch-MoinMoin_parser_text__rst.py        1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	gls
       Date:		Mon Mar  7 20:51:41 UTC 2011
    
       Modified Files:
       	pkgsrc/www/py-moin: Makefile distinfo
       Added Files:
       	pkgsrc/www/py-moin/patches: patch-MoinMoin_parser_text__rst.py
    
       Log Message:
       Add a fix for CVE CVE 2011-1058.
       Taken from http://moinmo.in/SecurityFixes
  2. Pullup tickets #3383, #3384 and #3386.

    tron authored
  3. Pullup ticket #3384 - requested by taca

    tron authored
    mail/postfix: security update
    
    Revisions pulled up:
    - mail/postfix/Makefile					patch
    - mail/postfix/distinfo					patch
    - mail/postfix/patches/patch-ag				patch
    
    ---
    Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
    These releases contain a fix for CVE-2011-0411 which allows plaintext
    command injection with SMTP sessions over TLS. This defect was
    introduced with Postfix version 2.2. The same flaw exists in other
    implementations of the STARTTLS command.
    
        Note: CVE-2011-0411 is an issue only for the minority of SMTP
        clients that actually verify server certificates. Without server
        certificate verification, clients are always vulnerable to
        man-in-the-middle attacks that allow attackers to inject
        plaintext commands or responses into SMTP sessions, and more.
    
    Postfix 2.8 and 2.9 are not affected.
    
    The following problems were fixed with the Postfix legacy releases:
    
        * Fix for CVE-2011-0411: discard buffered plaintext input,
          after reading the SMTP "STARTTLS" command or response.
    
        * Fix to the local delivery agent: look up the "unextended"
          address in the local aliases database, when that address has
          a malformed address extension.
    
        * Fix to virtual alias expansion: report a tempfail error,
          instead of silently ignoring recipients that exceed the
          virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
    
        * Fix for Solaris: the Postfix event engine was deaf for SIGHUP
          and SIGALRM signals after the switch from select() to /dev/poll.
          Symptoms were delayed "postfix reload" response, and killed
          processes with watchdog timeout values under 100 seconds.
    
        * Fix for HP-UX: the Postfix event engine was deaf for SIGALRM
          signals. Symptoms were killed processes with watchdog timeout
          values under 100 seconds.
    
        * Fix for BSD-ish mkdir() to prevent maildir directories from
          inheriting their group ownership from the parent directory.
    
        * Fix to the SMTP client: missing support for mail to
          [ipv6:ipv6addr] address literal destinations.
    
        * FreeBSD back-ported closefrom() from FreeBSD 8x to 7x, breaking
          Postfix builds retroactively.
    
    Historical note:
    
        Wietse Venema discovered the problem two weeks before the
        Postfix 2.8 release, and silently fixed it pending further
        investigation. While investigating the problem's scope and
        impact, Victor Duchovni found that many other TLS applications
        were also affected. At that point, CERT/CC was asked to coordinate
        with the problem's resolution.
    
    You can find the updated Postfix source code at the mirrors listed
    at http://www.postfix.org/.
  4. Pullup ticket #3383 - requested by tonio

    tron authored
    chat/weechat: security update
    
    Revisions pulled up:
    - chat/weechat/Makefile                                               1.27
    - chat/weechat/PLIST                                                  1.14
    - chat/weechat/distinfo                                               1.18
    - chat/weechat/patches/patch-aa                                       1.4
    - chat/weechat/patches/patch-ab                                       1.6
    - chat/weechat/patches/patch-ac                                       1.5
    - chat/weechat/patches/patch-ad                                       1.4
    - chat/weechat/patches/patch-src_core_wee-hook.c                      1.1
    - chat/weechat/patches/patch-src_core_wee-hook.h                      1.1
    - chat/weechat/patches/patch-src_core_wee-network.c                   1.1
    - chat/weechat/patches/patch-src_plugins_irc_irc-server.c             1.1
    - chat/weechat/patches/patch-src_plugins_rmodifier_rmodifier-config.h 1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	tonio
       Date:		Sat Mar  5 22:48:07 UTC 2011
    
       Modified Files:
       	pkgsrc/chat/weechat: Makefile PLIST distinfo
       	pkgsrc/chat/weechat/patches: patch-aa patch-ab patch-ac patch-ad
       Added Files:
       	pkgsrc/chat/weechat/patches: patch-src_core_wee-hook.c
       	    patch-src_core_wee-hook.h patch-src_core_wee-network.c
       	    patch-src_plugins_irc_irc-server.c
       	    patch-src_plugins_rmodifier_rmodifier-config.h
    
       Log Message:
       Update chat/weechat to 0.3.4
       Fix for SA43543 and update kindly provided by gls@
    
       This is a major release, with lot of bugs fixed and major new features.
    
       Among the new features:
       - 256 colors support, with unlimited number of nick colors
       - irc proxy (relay plugin)
       - redirection of IRC commands
       - command /notify
       - rmodifier plugin
       - regular expressions for highlights
       - color support for timestamp in chat buffer
       - irc option to force color for some nicks
       - share input line between buffers.
Commits on Mar 6, 2011
  1. Pullup ticket #3379.

    tron authored
  2. Pullup ticket #3379 - requested by tnn

    tron authored
    mail/thunderbird: security update
    
    Revisions pulled up:
    - mail/thunderbird/Makefile                                     1.66 via patch
    - mail/thunderbird/distinfo                                     1.78
    - mail/thunderbird/patches/patch-directory_c-sdk_configure.in   1.2
    - mail/thunderbird/patches/patch-directory_c-sdk_ldap_include_portable.h 1.3
    - mail/thunderbird/patches/patch-directory_c-sdk_ldap_libraries_libldap_Makefile.in 1.2
    - mail/thunderbird/patches/patch-mm                             1.4
    
    ---
       Module Name:	pkgsrc
       Committed By:	tnn
       Date:		Sat Mar  5 13:09:36 UTC 2011
    
       Modified Files:
       	pkgsrc/mail/thunderbird: Makefile distinfo
       	pkgsrc/mail/thunderbird/patches: patch-directory_c-sdk_configure.in
       	    patch-directory_c-sdk_ldap_include_portable.h
       	    patch-directory_c-sdk_ldap_libraries_libldap_Makefile.in patch-mm
    
       Log Message:
       Stability and security update of thunderbird to 3.1.8.
    
       MFSA 2011-09 Crash caused by corrupted JPEG image
       MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
       MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
  3. Pullup #3381, requested by tnn

    schnoebe authored
    firefox-3.6.15 update and prerequisite commits.
    
    pkgsrc/www/firefox/Makefile		1.82, 1.83
    pkgsrc/devel/xulrunner/Makefile		1.46, 1.47, 1.48
    pkgsrc/devel/xulrunner/dist.mk		1.18
    pkgsrc/devel/xulrunner/distinfo		1.40
    pkgsrc/devel/xulrunner/patches/patch-mm	1.4
    
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Thu Jan 13 13:40:12 UTC 2011
    
       Modified Files:
    	   pkgsrc/www/firefox: Makefile
    
       Log Message:
       png shlib name changed for png>=1.5.0, so bump PKGREVISIONs.
    
       ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Thu Jan 13 13:53:34 UTC 2011
    
       Modified Files:
    	   pkgsrc/devel/xulrunner: Makefile
    
       Log Message:
       png shlib name changed for png>=1.5.0, so bump PKGREVISIONs.
    
       ---
       Module Name:	pkgsrc
       Committed By:	markd
       Date:		Sun Jan 23 11:18:27 UTC 2011
    
       Modified Files:
    	   pkgsrc/devel/xulrunner: Makefile
    
       Log Message:
       set FREEBL_NO_DEPEND=0 in MAKE_ENV otherwise Linux2.6 defaults to
       FREEBL_NO_DEPEND=1 and files not in PLIST are installed.
       OKed by tnn.
    
       ---
       Module Name:	pkgsrc
       Committed By:	tnn
       Date:		Sat Mar  5 11:57:17 UTC 2011
    
       Modified Files:
    	   pkgsrc/devel/xulrunner: Makefile dist.mk distinfo
    	   pkgsrc/devel/xulrunner/patches: patch-mm
    	   pkgsrc/www/firefox: Makefile
    
       Log Message:
       Stability & security update of firefox to 3.6.15.
    
       MFSA 2011-10 CSRF risk with plugins and 307 redirects
       MFSA 2011-09 Crash caused by corrupted JPEG image
       MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
       MFSA 2011-07 Memory corruption during text run construction (Windows)
       MFSA 2011-06 Use-after-free error using Web Workers
       MFSA 2011-05 Buffer overflow in JavaScript atom map
       MFSA 2011-04 Buffer overflow in JavaScript upvarMap
       MFSA 2011-03 Use-after-free error in JSON.stringify
       MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
       MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
  4. Pullup ticket #3380.

    tron authored
  5. Pullup ticket #3380 - requested by gls

    tron authored
    chat/cgiirc: security update
    
    Revisions pulled up:
    - chat/cgiirc/Makefile						1.17
    - chat/cgiirc/distinfo						1.7
    ---
    Module Name:	pkgsrc
    Committed By:	gls
    Date:		Wed Mar  2 20:24:40 UTC 2011
    
    Modified Files:
    	pkgsrc/chat/cgiirc: Makefile distinfo
    
    Log Message:
    Update chat/cgiirc to 0.5.10
    
    Upstream changes:
    
    After ~5 years without a release 0.5.10 is now available. This is
    actually just
    0.5.9 with one security fix:
      CVE-2011-0050: XSS in R param in nonjs interface
    Thanks to Michael Brooks (Sitewatch) for discovering this.
    
    pkgsrc changes:
    - Update MASTER_SITES and HOMEPAGE to point to cgiirc.org
    - Add LICENSE
Commits on Mar 5, 2011
  1. Pullup tickets #3376 and #3382.

    schnoebe authored
  2. pull up request 3382, requested by tnn@

    schnoebe authored
    Revisions pulled up:
    + pkgsrc/www/seamonkey/Makefile	1.46, 1.47
    + pkgsrc/www/seamonkey/distinfo	1.59
    
       Module Name:    pkgsrc
       Committed By:   wiz
       Date:           Thu Jan 13 13:53:34 UTC 2011
    
       Modified Files:
    	   pkgsrc/www/seamonkey: Makefile
    
       Log Message:
       png shlib name changed for png>=1.5.0, so bump PKGREVISIONs.
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/seamonkey/Makefile
    
       Module Name:    pkgsrc
       Committed By:   tnn
       Date:           Sat Mar  5 14:48:21 UTC 2011
    
       Modified Files:
    	   pkgsrc/www/seamonkey: Makefile distinfo
    
       Log Message:
       Security and stability update of seamonkey to 2.0.12.
    
       MFSA 2011-10 CSRF risk with plugins and 307 redirects
       MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome
       documents MFSA 2011-07 Memory corruption during text run construction
       (Windows) MFSA 2011-06 Use-after-free error using Web Workers
       MFSA 2011-05 Buffer overflow in JavaScript atom map
       MFSA 2011-04 Buffer overflow in JavaScript upvarMap
       MFSA 2011-03 Use-after-free error in JSON.stringify
       MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to
       true MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/
       1.9.1.17)
  3. Pull up ticket 3376, requested by tron@

    schnoebe authored
       Module Name:    pkgsrc
       Committed By:   adam
       Date:           Tue Feb  8 07:56:09 UTC 2011
    
       Modified Files:
    	   pkgsrc/security/clamav: Makefile distinfo
    
       Log Message:
       Changes 0.97:
       ClamAV 0.97 brings many improvements, including complete Windows
       support (all major components compile out-of-box under Visual
       Studio), support for signatures based on SHA1 and SHA256, better
       error detection, as well as speed and memory optimizations. The
       complete list of changes is available in the ChangeLog file.
  4. pullups 3377 + 3378

    spz authored
  5. Pullup ticket #3378 - requested by tron

    spz authored
    devel/pango: security fix
    
    Revisions pulled up:
    - devel/pango/Makefile						1.152
    - devel/pango/distinfo						1.88
    
    Files added:
    devel/pango/patches/patch-CVE-2011-0064-1
    devel/pango/patches/patch-CVE-2011-0064-2
    devel/pango/patches/patch-CVE-2011-0064-3
    
    ---------------------------------------------------------------------
       Module Name:		pkgsrc
       Committed By:	tron
       Date:		Sat Mar  5 13:37:20 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/pango: Makefile distinfo
       Added Files:
       	pkgsrc/devel/pango/patches: patch-CVE-2011-0064-1 patch-CVE-2011-0064-2
       	    patch-CVE-2011-0064-3
    
       Log Message:
       Add openSUSE's fix for the DoS vulnerability remoted in CVE-2011-0064.
  6. Pullup ticket #3377 - requested by tron

    spz authored
    devel/pango: security update
    
    Revisions pulled up:
    - devel/pango/Makefile			1.151
    - devel/pango/distinfo			1.87
    - devel/pango/patches/patch-ac		1.15
    - devel/pango/patches/patch-ad		1.12
    
    ----------------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	drochner
       Date:		Thu Jan 27 14:04:51 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/pango: Makefile distinfo
       Added Files:
       	pkgsrc/devel/pango/patches: patch-ac patch-ad
    
       Log Message:
       -add patch from https://bugzilla.gnome.org/show_bug.cgi?id=3D639882 to fix
        possible heap corruption when parsing a corrupt font (CVE-2011-0020)
       -being here, add a patch from upstream to fix a scaling inconsistency
       bump PKGREV
  7. Pullup ticket #3373, #3374 and #3375.

    tron authored
  8. Pullup ticket #3375 - requested by taca

    tron authored
    www/typo3: dependence fix
    
    Revisions pulled up:
    - www/typo3/Makefile						1.32
    ---
    Module Name:	pkgsrc
    Committed By:	bouyer
    Date:		Wed Mar	2 19:06:09 UTC 2011
    
    Modified Files:
    	pkgsrc/www/typo3: Makefile
    
    Log Message:
    This requires php-json
  9. Pullup ticket #3374 - requested by taca

    tron authored
    www/mongrel: build fix
    
    Revisions pulled up:
    - www/mongrel/Makefile                                          1.14 via patch
    - www/mongrel/files/gemspec                                     1.1
    - www/mongrel/patches/patch-ac                                  0
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Mon Feb 28 15:46:39 UTC 2011
    
    Modified Files:
    	pkgsrc/www/mongrel: Makefile
    Added Files:
    	pkgsrc/www/mongrel/files: gemspec
    Removed Files:
    	pkgsrc/www/mongrel/patches: patch-ac
    
    Log Message:
    Fix build problem with ruby18.
    
    Give up to patch gemspec but use pre-generated one.
  10. Pullup ticket #3373 - requested by taca

    tron authored
    graphics/ruby-imlib2: build fix
    
    Revisions pulled up:
    - graphics/ruby-imlib2/Makefile                                 1.25
    - graphics/ruby-imlib2/distinfo                                 1.7
    - graphics/ruby-imlib2/files/gemspec                            1.1
    - graphics/ruby-imlib2/patches/patch-aa                         0
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Mon Feb 28 15:46:08 UTC 2011
    
    Modified Files:
    	pkgsrc/graphics/ruby-imlib2: Makefile distinfo
    Added Files:
    	pkgsrc/graphics/ruby-imlib2/files: gemspec
    Removed Files:
    	pkgsrc/graphics/ruby-imlib2/patches: patch-aa
    
    Log Message:
    Fix build problem with ruby18.
    
    Give up to patch gemspec but use pre-generated one.
Commits on Mar 3, 2011
  1. Pullup ticket #3368

    sbd authored
  2. Pullup ticket #3368 - requested by taca

    sbd authored
    net/samba35 security fix.
    
    Revisions pulled up:
    - net/samba35/Makefile                                          1.2
    - net/samba35/distinfo                                          1.2
    ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Mon Feb 28 14:34:56 UTC 2011
    
    Modified Files:
    	pkgsrc/net/samba35: Makefile distinfo
    
    Log Message:
    Update samba35 pacakge to 3.5.7.
    
    Release Announcements
    =====================
    
    Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
    address CVE-2011-0719.
    
    o  CVE-2011-0719:
       All current released versions of Samba are vulnerable to
       a denial of service caused by memory corruption. Range
       checks on file descriptors being used in the FD_SET macro
       were not present allowing stack corruption. This can cause
       the Samba code to crash or to loop attempting to select
       on a bad file descriptor set.
    
       A connection to a file share, or a local account is needed
       to exploit this problem, either authenticated or unauthenticated
       (guest connection).
    
       Currently we do not believe this flaw is exploitable
       beyond a crash or causing the code to loop, but on the
       advice of our security reviewers we are releasing fixes
       in case an exploit is discovered at a later date.
    
    Changes
    -------
    
    o   Jeremy Allison <jra at samba.org>
        * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
Commits on Mar 2, 2011
  1. pullups 3371 and 3372

    spz authored
  2. Pullup ticket 3372 - requested by sbd

    spz authored
    build fix for Linux
    
    Revisions pulled up:
    - pkgsrc/net/samba35/Makefile	1.3
    
    -----------------------------------------------------------------------------
       Module Name:  pkgsrc
       Committed By: sbd
       Date:         Tue Mar  1 11:28:59 UTC 2011
    
       Modified Files:
             pkgsrc/net/samba35: Makefile
    
       Log Message:
       Add --with-cifsumount to CONFIGURE_ARGS on Linux systems in order to build
       umount.cifs
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/samba35/Makefile
Something went wrong with that request. Please try again.