Permalink
Commits on Sep 14, 2011
  1. Pullup ticket #3526.

    tron committed Sep 14, 2011
  2. Pullup ticket #3526 - requested by taca

    tron committed Sep 14, 2011
    www/apache22: security update
    
    Revisions pulled up:
    - www/apache22/Makefile                                         1.68-1.70
    - www/apache22/distinfo                                         1.40-1.42
    - www/apache22/patches/patch-CVE-2011-3192                      deleted
    - www/apache22/patches/patch-lock.c                             1.1
    - www/apache22/patches/patch-repos.c                            1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Wed Aug 31 12:52:45 UTC 2011
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       Removed Files:
       	pkgsrc/www/apache22/patches: patch-CVE-2011-3192
    
       Log Message:
       Update "apache22" package to version 2.2.20. Changes since version 2.2.19:
       - mod_authnz_ldap: If the LDAP server returns constraint violation,
         don't treat this as an error but as "auth denied". [Stefan Fritsch]
       - mod_filter: Fix FilterProvider conditions of type "resp=" (response
         headers) for CGI. [Joe Orton, Rainer Jung]
       - mod_reqtimeout: Fix a timed out connection going into the keep-alive
         state after a timeout when discarding a request body. Bug 51103.
         [Stefan Fritsch]
       - core: Do the hook sorting earlier so that the hooks are properly sorted
         for the pre_config hook and during parsing the config. [Stefan Fritsch]
    
    ---
       Module Name:	pkgsrc
       Committed By:	sborrill
       Date:		Mon Sep 12 17:18:46 UTC 2011
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       Added Files:
       	pkgsrc/www/apache22/patches: patch-lock.c patch-repos.c
    
       Log Message:
       Atomically create files when using DAV to stop files being deleted on error
    
       From:
       https://issues.apache.org/bugzilla/show_bug.cgi?id=39815
    
       Bump PKGREVISION.
    
       OK tron@
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Sep 14 07:10:21 UTC 2011
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
    
       Log Message:
       Update apahce22 package to 2.2.21.
    
       Quote from release announce:
    
          The Apache Software Foundation and the Apache HTTP Server Project are
          pleased to announce the release of version 2.2.21 of the Apache HTTP
          Server ("Apache").  This version of Apache is principally a security
          and bug fix release:
    
            * SECURITY: CVE-2011-3348 (cve.mitre.org)
              mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
              unrecognized HTTP methods from marking ajp: balancer members
              in an error state, avoiding denial of service.
    
            * SECURITY: CVE-2011-3192 (cve.mitre.org)
              core: Further fixes to the handling of byte-range requests to use
              less memory, to avoid denial of service. This patch includes fixes
              to the patch introduced in release 2.2.20 for protocol compliance,
              as well as the MaxRanges directive.
    
          Note the further advisories on the state of CVE-2011-3192 will no longer
          be broadcast, but will be kept up to date at;
    
            http://httpd.apache.org/security/CVE-2011-3192.txt
    
          We consider this release to be the best version of Apache available, and
          encourage users of all prior versions to upgrade.
  3. Pullup ticket #3525 - requested by taca

    tron committed Sep 14, 2011
    www/typo3: security update
    
    Revisions pulled up:
    - www/typo3/Makefile                                            1.34
    - www/typo3/distinfo                                            1.26
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Sep 14 11:49:46 UTC 2011
    
       Modified Files:
       	pkgsrc/www/typo3: Makefile distinfo
    
       Log Message:
       Update typo3 package to 4.5.6.
    
       Due to several security issues found in the TYPO3 Core, there was a
       combined release of TYPO3 4.3.14, 4.4.11 and 4.5.6.
    
       Find more details in the security bulletins:
       http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-002/
       http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-003/
    
       Release Notes: http://wiki.typo3.org/wiki/TYPO3_4.5.6
  4. Pullup ticket #3524 - requested by gdt

    tron committed Sep 14, 2011
    filesystems/tahoe-lafs: security update
    
    Revisions pulled up:
    - filesystems/tahoe-lafs/Makefile                               1.8
    - filesystems/tahoe-lafs/distinfo                               1.5
    
    ---
       Module Name:	pkgsrc
       Committed By:	gdt
       Date:		Wed Sep 14 11:36:17 UTC 2011
    
       Modified Files:
       	pkgsrc/filesystems/tahoe-lafs: Makefile distinfo
    
       Log Message:
       * Release 1.8.3 (2011-09-13)
    
       ** Security-related Bugfix
    
        - Fix flaw that would allow a person who knows a storage index of a file to
          delete shares of that file (#1528).
        - Remove corner cases in mutable file bounds management which could expose
          extra lease info or old share data (from prior versions of the mutable
          file) if someone with write authority to that mutable file exercised these
          corner cases in a way that no actual Tahoe-LAFS client does. (Probably not
          exploitable.) (#1528).
Commits on Sep 13, 2011
  1. pullup #3522

    spz committed Sep 13, 2011
  2. Pullup ticket #3522 - requested by tron

    spz committed Sep 13, 2011
    net/wireshark: security update
    
    Revisions pulled up:
    - net/wireshark/Makefile	by patch
    - net/wireshark/distinfo	by patch
    
    -------------------------------------------------------------------
    Update "wireshark" package to version 1.4.9. Changes since 1.4.8:
    - Bug Fixes
      The following vulnerabilities have been fixed.
      o wnpa-sec-2011-13
       A malformed IKE packet could consume excessive resources.
       Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
       CVE-2011-3266
      o wnpa-sec-2011-14
        A malformed capture file could result in an invalid root
        tvbuff and cause a crash. (Bug 6135)
        Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
      o wnpa-sec-2011-15
        Wireshark could run arbitrary Lua scripts. (Bug 6136)
        Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
      The following bugs have been fixed:
      o Unable to configure zero length SNMP Engine ID. (Bug 5731)
      o H.323 RAS packets missing from packet counts in
        "Telephony->VoIP Calls" and the "Flow Graph" for the call.
        (Bug 5848)
      o Malformed Packet in decode for BGP-AD update. (Bug 6122)
      o BGP : AS_PATH attribute was decode wrong. (Bug 6188)
      o Fixes for SCPS TCP option. (Bug 6194)
      o Offset calculated incorrectly for sFlow extended data. (Bug
        6219)
      o [Enter] key behavior varies when manually typing display
        filters. (Bug 6228)
      o Contents of pcapng EnhancedPacketBlocks with comments aren't
        displayed. (Bug 6229)
      o Misdecoding 3G Neighbour Cell Information Element in SI2quater
        message due to a coding typo. (Bug 6237)
      o Mis-spelled word "unknown" in assorted files. (Bug 6244)
      o btl2cap extended window shows wrong bit. (Bug 6257)
      o NDMP dissector incorrectly represents
        "ndmp.bytes_left_to_read" as signed. (Bug 6262)
      o ERF records with extension headers not written out correctly
        to pcap or pcap-ng files. (Bug 6265)
      o RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276)
      o Copying from RTP stream analysis copies 1st line many times.
        (Bug 6279)
      o File types with no snaplen written out with a zero snaplen in
        pcap-ng files. (Bug 6289)
      o MEGACO context tracking fix - context id reuse. (Bug 6311)
    - Updated Protocol Support
      BGP, Bluetooth L2CAP, GSM A RR, H.225, IKE, MEGACO, NDMP, RTPS2,
      SCPS, sFlow, SNMP
    - New and Updated Capture File Support
      CommView, pcap-ng.
    ---------------------------------------------------------------------
Commits on Sep 10, 2011
  1. Pullup ticket #3520 - requested by bouyer

    tron committed Sep 10, 2011
    sysutils/xenkernel3: security patch
    sysutils/xenkernel33: security patch
    
    Revisions pulled up:
    - sysutils/xenkernel3/Makefile                                  1.21
    - sysutils/xenkernel3/distinfo                                  1.15
    - sysutils/xenkernel3/patches/patch-SA45835                     1.1
    - sysutils/xenkernel33/Makefile                                 1.15
    - sysutils/xenkernel33/distinfo                                 1.14
    - sysutils/xenkernel33/patches/patch-SA45835                    1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	bouyer
       Date:		Sat Sep 10 18:35:51 UTC 2011
    
       Modified Files:
       	pkgsrc/sysutils/xenkernel3: Makefile distinfo
       	pkgsrc/sysutils/xenkernel33: Makefile distinfo
       Added Files:
       	pkgsrc/sysutils/xenkernel3/patches: patch-SA45835
       	pkgsrc/sysutils/xenkernel33/patches: patch-SA45835
    
       Log Message:
       Apply patch from http://www.openwall.com/lists/oss-security/2011/09/02/2,
       fixing SA45835.
       Bump pkgrevision
  2. Pullup ticket #3520.

    tron committed Sep 10, 2011
  3. Pullup ticket #3518.

    tron committed Sep 10, 2011
  4. Pullup ticket #3518 - requested by dholland

    tron committed Sep 10, 2011
    devel/roundup: security update
    
    Revisions pulled up:
    - devel/roundup/MESSAGE                                         1.3
    - devel/roundup/Makefile                                        1.40
    - devel/roundup/PLIST                                           1.16
    - devel/roundup/distinfo                                        1.25
    - devel/roundup/patches/patch-setup-py                          1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sun Jul 17 02:24:13 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/roundup: MESSAGE Makefile PLIST distinfo
       Added Files:
       	pkgsrc/devel/roundup/patches: patch-setup-py
    
       Log Message:
       Update roundup to 1.4.19. Set LICENSE.
    
       Three years of development, way too much to include here. If anyone's
       curious the list is in CHANGES.txt in the distfile.
Commits on Sep 2, 2011
  1. Pullup ticket #3517.

    tron committed Sep 2, 2011
  2. Pullup ticket #3517 - requested by jnemeth

    tron committed Sep 2, 2011
    comms/spandsp: build fix
    
    Revisions pulled up:
    - comms/spandsp/distinfo                                        1.2
    - comms/spandsp/patches/patch-src_gsm0610__rpe.c                1.1
    
    ---
       Module Name:    pkgsrc
       Committed By:   jnemeth
       Date:           Thu Sep  1 09:22:30 UTC 2011
    
       Modified Files:
               pkgsrc/comms/spandsp: distinfo
       Added Files:
               pkgsrc/comms/spandsp/patches: patch-src_gsm0610__rpe.c
    
       Log Message:
       Add a patch for PR/44766.  The issue was that older versions of gas
       require you to use movd (instead of movq) when transferring data
       between reg32/64 and an mmx register.  No PKGREVISION bump since it
       failed to compile on amd64 meaning there was no binary package.
Commits on Aug 31, 2011
  1. Pullup ticket #3516

    sbd committed Aug 31, 2011
  2. Pullup ticket #3516 - requested by tron

    sbd committed Aug 31, 2011
    www/squid31 security update
    
    Revisions pulled up:
    - www/squid31/Makefile                                          1.32-1.33
    - www/squid31/distinfo                                          1.29-1.30
    - www/squid31/patches/patch-src_base_TidyPointer.h              1.1
    - www/squid31/patches/patch-src_ssl_gadgets.cc                  1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Wed Jul 20 11:44:27 UTC 2011
    
       Modified Files:
       	pkgsrc/www/squid31: Makefile distinfo
       Added Files:
       	pkgsrc/www/squid31/patches: patch-src_base_TidyPointer.h
       	    patch-src_ssl_gadgets.cc
    
       Log Message:
       Changes 3.1.14:
       * Regression Bug 3261: Could not create a DNS socket and exit
    
       Changes 3.1.13:
       * Regression Bug 3239: problems with myip/myport upgrade
       * Bug 3153: hung ICAP RESPMOD transactions
       * Update ssl_crtd to use 'OK' status inline with other helpers
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Tue Aug 30 23:02:57 UTC 2011
    
       Modified Files:
       	pkgsrc/www/squid31: Makefile distinfo
    
       Log Message:
       Update "squid31" package to version 3.1.15. Changes since version 3.1.14:
       - Regression fix: vhost and defaultsite causing vport to be ignored
       - Regression Bug 3295: broken escaping in rfc1738_do_escape
       - Bug #3232: fails to compile with OpenSSL v1.0.0
       - Bug #3222: cache_peer name is not logging on CONNECT
       - Bug #3131: fd_table[fd].closing() assert from
         ConnStateData::noteMoreBodySpaceAvailable()
       - Bug #3217: "!fd_table[fd].closing()" from
         ServerStateData::noteMoreBodySpaceAvailable
       - Bug #3213: https sites (CONNECT) not open when using NTLM
       - Bug #3114: Memory leak in SSL certificate verify code
       - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
       - Bug #2662: cf_gen failure when cross compiling
       - Bug #2655: passing wrong the username to the url_rewrite_program
       - Bug #2495: ignore whitespace prefix on config lines
       - Bug #2051: 'default' cache_peer option does not match documentation
       - Bug #1842: Optimize order of tests in peerWouldBePinged() and
         peerHTTPOkay()
       - Bug #1791: timestampsSet does not validate Date: if server sends very
         old date
       - Correct parsing of large Gopher indexes
       - Enable negative cacheing on unknown or -1 expiry timestamp
       - Remove hierarchy_stoplist default value
       - Migrate cf_gen tool from C-style to C++
       - ... and several documentation and compiler warning fixes
Commits on Aug 30, 2011
  1. Pullup ticket #3515.

    tron committed Aug 30, 2011
  2. Pullup ticket #3515 - requested by bouyer

    tron committed Aug 30, 2011
    net/netatalk: bug fix patch
    
    Revisions pulled up:
    - net/netatalk/Makefile                                         1.77
    - net/netatalk/distinfo                                         1.40
    - net/netatalk/patches/patch-at                                 1.6
    
    ---
       Module Name:	pkgsrc
       Committed By:	bouyer
       Date:		Tue Aug 30 15:09:23 UTC 2011
    
       Modified Files:
       	pkgsrc/net/netatalk: Makefile distinfo
       	pkgsrc/net/netatalk/patches: patch-at
    
       Log Message:
       PR pkg/45300 net/netatalk patch-at seems broken
       Don't seteuid() to a gid. Always pass the uid in addition to the quota id
       to getfreespace() so we can properly seteuid().
       bump PKGREVISION
  3. Pullup ticket #3514

    sbd committed Aug 30, 2011
  4. Pullup ticket #3514 - requested by tron

    sbd committed Aug 30, 2011
    www/apache22 security update
    
    Revisions pulled up:
    - www/apache22/Makefile                                         1.67
    - www/apache22/distinfo                                         1.39
    - www/apache22/patches/patch-CVE-2011-3192                      1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Mon Aug 29 22:07:05 UTC 2011
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       Added Files:
       	pkgsrc/www/apache22/patches: patch-CVE-2011-3192
    
       Log Message:
       Add patch for security vulnerability reported in CVE-2011-3192 taken
       from Apache SVN repository.
Commits on Aug 29, 2011
  1. Pullup ticket #3513.

    tron committed Aug 29, 2011
  2. Pullup ticket #3513 - requested by sbd

    tron committed Aug 29, 2011
    print/cups: security update
    
    Revisions pulled up:
    - print/cups/Makefile                                           1.177-1.178
    - print/cups/PLIST                                              1.36
    - print/cups/distinfo                                           1.81-1.82
    - print/cups/patches/patch-aa                                   deleted
    - print/cups/patches/patch-filter_image-gif.c                   1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	sbd
       Date:		Sun Aug 28 07:11:01 UTC 2011
    
       Modified Files:
       	pkgsrc/print/cups: Makefile PLIST distinfo
       Removed Files:
       	pkgsrc/print/cups/patches: patch-aa
    
       Log Message:
       Update to cups-1.4.8
    
       CHANGES IN CUPS V1.4.8
    
               - The scheduler would delete job data files when restarted (STR #3880)
               - The network backends could crash if a printer returned a value of 0
                 for the maximum capacity for a supply (STR #3875)
    
       CHANGES IN CUPS V1.4.7
    
               - Documentation changes (STR #3710, STR #3720, STR #3745, STR #3750,
                 STR #3757, STR #3758, STR #3782, STR #3826, STR #3829, STR #3837)
               - Web interface fixes (STR #3412, STR #3345, STR #3455, STR #3707,
                 STR #3755, STR #3769, STR #3783)
               - Configure script fixes (STR #3659, STR #3691)
               - Compilation fixes (STR #3718, STR #3771, STR #3774)
               - The imageto* filters could crash with bad GIF files (STR #3867)
               - The scheduler might leave old job data files in the spool directory
                 (STR #3795)
               - CUPS did not work with locales using the ASCII character set
                 (STR #3832)
               - httpAddrString() did not return a URI-style IPv6 numeric address
                 (STR #3814)
               - Fixed an issue when reading compressed CUPS raster streams (STR #3812)
               - Fixed an issue with PostScript printer auto-configuration (STR #3443)
               - Fixed some compatibility issues with the libusb-based USB backend
                 (STR #3799)
               - The network backends no longer try to collect SNMP supply and status
                 information for raw queues (STR #3809)
               - The DBUS notifier did not report job state changes (STR #3805)
               - The scheduler did not always report that the "normal" print-quality
                 value was supported (STR #3803)
               - The gziptoany filter did not report the correct error if it was unable
                 to write the uncompressed document to the next filter or backend in
                 the chain (STR #3797)
               - The Epson and Oki 9-pin drivers had a bad resolution option
                 (STR #3798)
               - The scheduler did not always register the correct default ICC profile
                 on Mac OS X.
               - The scheduler did not use the job owner when authorizing access for
                 the CUPS-Get-Document operation, preventing non-admins from accessing
                 their own jobs.
               - CUPS did not work with some printers that incorrectly implemented the
                 HTTP/1.1 standard (STR #3778, STR #3791)
               - The scheduler did not retry fax jobs properly.
               - The scheduler now recognizes an empty cupsCommands PPD keyword as
                 meaning that CUPS commands are not supported for a printer (STR #3773)
               - Fixed a crash bug in the scheduler when the application/octet-stream
                 MIME type was not defined (STR #3690)
               - Polled printers were advertised more slowly than necessary (STR #3574)
               - cupsResolveConflicts() did not handle resolving multiple UIConstraints
                 issues (STR #3705)
               - The SetEnv and PassEnv directives had no effect (STR #3664)
               - The web interface no longer tries to use multi-part delivery when
                 adding printers (STR #3455)
               - The libusb-based USB backend printed slowly to the LaserJet 1300 and
                 other printers (STR #3405)
               - "lp" and "lpr" failed to print with Kerberos enabled (STR #3768)
               - The cupsctl program now displays an error if you try to directly set
                 the Port or Listen directives (STR #3749)
               - PPD files with "*JobPatchFile: bla" no longer fail to load in relaxed
                 conformance mode (STR #3747)
               - The scheduler generated a bad notify-text string for printer state
                 change notifications (STR #3739)
               - The scheduler incorrectly updated printers.conf when it really needed
                 to update classes.conf or remote.cache (STR #3726)
               - Hardwired remote printers with options did not work (STR #3717)
               - Accessing the CUPS web interface using a CNAME-based hostname would
                 sometimes fail due to redirection to the actual hostname (STR #3701)
               - Subscription events had a misspelled attribute (STR #3693)
               - "make check" failed if LC_MESSAGES was set (STR #3765)
               - Fixed the configure script to always look for the pkg-config script
                 (STR #3761)
               - The scheduler now only looks up interface hostnames if HostNameLookups
                 are enabled (STR #3737)
               - Fixed a compilation problem on DragonFly BSD (STR #3738)
               - The default PageLogFormat value had the username and job ID swapped
                 from CUPS 1.3.x (STR #3727)
               - The scheduler could crash if a browsed printer times out while a job
                 is printing (STR #3754)
               - The scheduler incorrectly mapped custom page sizes to standard sizes
                 (STR #3764)
               - cupsfilter and pstops did not map IPP attributes to PPD options due to
                 a change in cupsMarkOptions (STR #3756)
               - The scheduler did not always show the most recent status message from
                 the print filters (STR #3731)
               - The PostScript filter did not apply the mirror and number-up options
                 properly, leading to offset and clipped output (STR #3732)
               - The network backends always reported "low toner" or "out of toner"
                 states, even for inkjet printers (STR #3733)
    
    ---
       Module Name:	pkgsrc
       Committed By:	sbd
       Date:		Sun Aug 28 07:22:12 UTC 2011
    
       Modified Files:
       	pkgsrc/print/cups: Makefile distinfo
       Added Files:
       	pkgsrc/print/cups/patches: patch-filter_image-gif.c
    
       Log Message:
       Use str3914.patch from STR #3914 to fix CVE-2011-3170
    
       Bump PKGREVISION
Commits on Aug 26, 2011
  1. Pullup ticket #3512

    sbd committed Aug 26, 2011
  2. Pullup ticket #3512 - requested by tron

    sbd committed Aug 26, 2011
    mail/fetchmail critical bug fix
    
    Revisions pulled up:
    - mail/fetchmail/Makefile                                       1.177
    - mail/fetchmail/distinfo                                       1.45
    - mail/fetchmailconf/Makefile                                   1.81
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Fri Aug 26 07:19:25 UTC 2011
    
       Modified Files:
       	pkgsrc/mail/fetchmail: Makefile distinfo
       	pkgsrc/mail/fetchmailconf: Makefile
    
       Log Message:
       Update "fetchmail" and "fetchmailconf" package to version 6.3.21.
       Changes since version 6.3.20:
       - The IMAP client no longer inserts NUL bytes into the last line of a
         message when it is not closed with a LF or CRLF sequence. Reported
         by Antoine Levitt.  As a side effect of the fix, and in order to
         avoid a full rewrite, fetchmail will now CRLF-terminate the last
         line fetched through IMAP, even if it is originally not terminated
         by LF or CRLF. This bears no relevance if your messages end up in
         mbox, but adds line termination for storages (like Maildir) that do
         not require that the last line be LF- or CRLF-terminated.
Commits on Aug 25, 2011
  1. Pullup ticket #3502

    sbd committed Aug 25, 2011
  2. Pullup ticket #3502 - requested by taca

    sbd committed Aug 25, 2011
    x11/qt4-libs build fix
    
    Revisions pulled up:
    - x11/qt4-libs/hacks.mk                                         1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Wed Aug  3 16:38:31 UTC 2011
    
       Added Files:
       	pkgsrc/x11/qt4-libs: hacks.mk
    
       Log Message:
       Compile this package with "-O1" under Mac OS X if GCC is used. The generated
       "qmake" binary no longer crashes and the build actually succeeds.
    
       This fixes PR pkg/44716 by Richard Hansen who found out that this is
       a compiler problem in the first place.
Commits on Aug 23, 2011
  1. Pullup ticket #3511.

    tron committed Aug 23, 2011
  2. Pullup ticket #3511 - requested by pettai

    tron committed Aug 23, 2011
    mail/roundcube: security update
    
    Revisions pulled up:
    - mail/roundcube/Makefile                                       1.35
    - mail/roundcube/distinfo                                       1.22
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Wed Aug 17 08:31:36 UTC 2011
    
       Modified Files:
       	pkgsrc/mail/roundcube: Makefile distinfo
    
       Log Message:
       Changes 0.5.4:
       * Fixes XSS vulnerability
  3. Pullup ticket #3504 and #3505.

    tron committed Aug 23, 2011
  4. Pullup ticket #3505 - requested by taca

    tron committed Aug 23, 2011
    devel/ruby-railties: bug fix update
    
    Revisions pulled up:
    - devel/ruby-railties/Makefile                                  1.6
    - devel/ruby-rdoc/PLIST                                         1.2
    - devel/ruby-rdoc/distinfo                                      1.2
    - lang/ruby/rdoc.mk                                             1.2-1.3
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jul 22 03:18:45 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/ruby-rdoc: PLIST distinfo
       	pkgsrc/lang/ruby: rdoc.mk
    
       Log Message:
       Update ruby-rdoc pacakge to 3.8.
    
       It was really needed by devel/ruby-railties, sigh.
    
       === 3.8 / ??
    
       * Minor enhancements
         * RDoc::Parser::C can now discover methods on ENV and ARGF.
         * RDoc::Parser::C now knows about rb_cSocket and rb_mDL.
       * Bug fixes
         * Updating Object in an ri data store with new data now removes methods,
           includes, constants and aliases.
    
       === 3.7 / 2011-06-27
    
       * Minor enhancements
         * New directive :category: which allows methods to be grouped into sections
           more cleanly.  See RDoc::Markup for details.
         * Document-class for RDoc::Parser::C now supports Foo::CONST as well as
           CONST.
         * ri method output is now a comma-separated list when displayed
           interactively.  Pull Request #39 by Benoit Daloze.
         * RDoc::ClassModule#merge now prefers the argument's information over the
           receiver's (it now behaves like Hash#merge! instead of a backwards
           Hash#merge!).
         * RDoc::Markup#convert now accepts an RDoc::Markup::Document instance
         * RDoc now owns the code for generating RDoc and ri data when gems install
         * Added RDoc::RDoc::reset
         * Added RDoc::CodeObject#file_name
       * Bug fixes
         * ri no longer crashes when attempting to complete a plain [.
         * ri data now tracks which file information came from so it can process
           removals and changes to:
           * Classes and Modules
           * Methods
           * Attributes
           * Includes
           * Constants
           You will need to rebuild your ri data for it to update properly.  Issue
           #21 by Sven Riedel
         * Signal and SignalException no longer clobber each other
         * RDoc::Parser::C no longer creates classes when processing aliases.
         * RDoc::Text#strip_stars handles Document-method for methods with =, ! and ?
           now.
         * RDoc::Parser::C now allows .cpp files to be used with the "in" comment on
           rb_define_method.  Bug #35 by Hanmac.
         * RDoc::Parser::Ruby no longer eats content when =begin/=end documentation
           blocks are followed by a documentable item.  Issue #41 by mfn.
         * RDoc::Markup::Formatter and subclasses now allow an optional +markup+
           parameter for adding custom markup.  The example in
           RDoc::Markup::Formatter will now work.  Issue #38 by tsilen.
         * RDoc::Parser::C can now distinguish between class methods and instance
           methods in Document-method.  Issue #36 by Vincent Batts.
         * RDoc now encodes file names in the output encoding.  Issue #33 by Perry
           Smith.
         * ri data generation for method aliases no longer duplicates the class in
           #full_name
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jul 22 03:36:11 UTC 2011
    
       Modified Files:
       	pkgsrc/lang/ruby: rdoc.mk
    
       Log Message:
       * Fix dependency condition to inverse when RUBY_RDOC_REQD is defined.
       * Minor clean up.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jul 22 03:40:52 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/ruby-railties: Makefile
    
       Log Message:
       Set RUBY_RDOC_REQD to 3.4 as for gemspec and now rails command of
       www/ruby-rails3 package should be work.
    
       Bump PKGREVISION.
  5. Pullup ticket #3504 - requested by dholland

    tron committed Aug 23, 2011
    www/amaya: build fix
    
    Revisions pulled up:
    - www/amaya/distinfo                                            1.23
    - www/amaya/patches/patch-ad                                    1.12
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Aug 13 19:03:38 UTC 2011
    
       Modified Files:
       	pkgsrc/www/amaya: distinfo
       Added Files:
       	pkgsrc/www/amaya/patches: patch-ad
    
       Log Message:
       Don't try to redefine intptr_t. Should fix 32-bit build and PR 40198.
  6. Pullup ticket #3507 - requested by taca

    tron committed Aug 23, 2011
    security/openssh: bug fix patch
    
    Revisions pulled up:
    - security/openssh/Makefile                                     1.203-1.204
    - security/openssh/distinfo                                     1.81
    - security/openssh/patches/patch-atomicio.c                     1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Aug 10 15:21:02 UTC 2011
    
       Modified Files:
       	pkgsrc/security/openssh: Makefile
       Added Files:
       	pkgsrc/security/openssh/patches: patch-atomicio.c
    
       Log Message:
       Add a patch to avoid SSP side effect as NetBSD current.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Aug 18 09:22:02 UTC 2011
    
       Modified Files:
       	pkgsrc/security/openssh: Makefile distinfo
    
       Log Message:
       I forgot to update distinfo about latest patch file addition
       (patch-atomicio.c).  Noted by wiz@ via private mail.
    
       Bump PKGREVISION.
  7. Pullup ticket #3503 - requested by dholland

    tron committed Aug 23, 2011
    net/tinyfugue: bug fix
    
    Revisions pulled up:
    - net/tinyfugue/Makefile                                        1.28
    - net/tinyfugue/distinfo                                        1.13
    - net/tinyfugue/patches/patch-ab                                1.9
    - net/tinyfugue/patches/patch-ac                                1.5
    - net/tinyfugue/patches/patch-ae                                1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Thu Aug 18 05:03:10 UTC 2011
    
       Modified Files:
       	pkgsrc/net/tinyfugue: Makefile distinfo
       	pkgsrc/net/tinyfugue/patches: patch-ab patch-ac
       Added Files:
       	pkgsrc/net/tinyfugue/patches: patch-ae
    
       Log Message:
       Fix broken destdirization. (hi joerg)
    
       For some reason the "Checking for work-directory references" test
       didn't catch the fact that ${DESTDIR}${LIBDIR} was being compiled
       into the main binary as its library search path.
    
       Noted by moof.
    
       PKGREVISION -> 7
Commits on Aug 22, 2011
  1. Pullup ticket #3508 - requested by taca

    tron committed Aug 22, 2011
    net/bind96: security update
    
    Revisions pulled up:
    - net/bind96/Makefile                                           1.20
    - net/bind96/PLIST                                              1.8
    - net/bind96/distinfo                                           1.13
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Aug 10 15:24:51 UTC 2011
    
       Modified Files:
       	pkgsrc/net/bind96: Makefile PLIST distinfo
    
       Log Message:
       Update bind96 pacakge to 9.6.3.1.ESV.5 (9.6-ESV-R5).
    
       For full changes, please refer:
       ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html
    
       New Features
    
       9.6-ESV-R5
    
            * Added a tool able to generate malformed packets to allow testing of
              how named handles them. [RT #24096]
    
       Security Fixes
    
       9.6-ESV-R5
    
            * named, set up to be a caching resolver, is vulnerable to a user
              querying a domain with very large resource record sets (RRSets)
              when trying to negatively cache the response. Due to an off-by-one
              error, caching the response could cause named to crash. [RT #24650]
              [CVE-2011-1910]
            * Change #2912 populated the message section in replies to UPDATE
              requests, which some Windows clients wanted. This exposed a latent
              bug that allowed the response message to crash named. With this
              fix, change 2912 has been reduced to copy only the zone section to
              the reply. A more complete fix for the latent bug will be released
              later. [RT #24777]
    
       Feature Changes
    
       9.6-ESV-R5
    
            * Merged in the NetBSD ATF test framework (currently version 0.12)
              for development of future unit tests. Use configure --with-atf to
              build ATF internally or configure --with-atf=prefix to use an
              external copy. [RT #23209]
            * Added more verbose error reporting from DLZ LDAP. [RT #23402]
            * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
  2. Pullup ticket #3506 - requested by taca

    tron committed Aug 22, 2011
    textproc/namazu: security update
    
    Revisions pulled up:
    - textproc/namazu/Makefile                                      1.7
    - textproc/namazu/distinfo                                      1.5
    
    ---
       Module Name:	pkgsrc
       Committed By:	mef
       Date:		Sun Jul 24 14:31:34 UTC 2011
    
       Modified Files:
       	pkgsrc/textproc/namazu: Makefile distinfo
    
       Log Message:
       Bump verion  PR#45170
    
       2011-07-18  Tadamasa Teranishi  <yw3t-trns@asahi-net.or.jp>
    
               * configure.in: Bumped version number to to 2.0.21.
               * configure.in (LTVERSION): Set "8:3:1".
               * man: update.
               * namazu.cgi:
                  Fix IE6,7 cross-site scripting problem.
               * tests, pltests:
                  Add New Tests.
    
       make check have passed by changing '$WATATI =  ;' lines in pl/conf.pl
       for LANG=ja, except $MECAB is set.
  3. Pullup ticket #3510 - requested by taca

    tron committed Aug 22, 2011
    www/typo3: security update
    
    Revisions pulled up:
    - www/typo3/Makefile                                            1.33
    - www/typo3/PLIST                                               1.20
    - www/typo3/distinfo                                            1.25
    - www/typo3/patches/patch-aa                                    1.6
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Aug 18 12:21:22 UTC 2011
    
       Modified Files:
       	pkgsrc/www/typo3: Makefile PLIST distinfo
       	pkgsrc/www/typo3/patches: patch-aa
    
       Log Message:
       Update typo3 package to 4.5.5.
    
       4.5.3 and 4.5.5 contains some security fixes.  For more detail,
       please refer these changes.
    
       	http://wiki.typo3.org/wiki/TYPO3_4.5.3
       	http://wiki.typo3.org/wiki/TYPO3_4.5.4
       	http://wiki.typo3.org/wiki/TYPO3_4.5.5