Permalink
Commits on Jun 20, 2012
  1. Pullup ticket #3837.

    tron committed Jun 20, 2012
  2. Pullup ticket #3837 - requested by bouyer

    tron committed Jun 20, 2012
    sysutils/xenkernel41: security patch
    
    Revisions pulled up:
    - sysutils/xenkernel41/Makefile                                 1.7
    - sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1                  deleted
    - sysutils/xenkernel41/patch-xsa9-xen-4.1                       deleted
    - sysutils/xenkernel41/patches/patch-xsa7-xsa8-xen-4.1          1.1
    - sysutils/xenkernel41/patches/patch-xsa9-xen-4.1               1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	bouyer
       Date:		Tue Jun 19 20:17:07 UTC 2012
    
       Modified Files:
       	pkgsrc/sysutils/xenkernel41: Makefile
       Added Files:
       	pkgsrc/sysutils/xenkernel41/patches: patch-xsa7-xsa8-xen-4.1
       	    patch-xsa9-xen-4.1
       Removed Files:
       	pkgsrc/sysutils/xenkernel41: patch-xsa7-xsa8-xen-4.1 patch-xsa9-xen-4.1
    
       Log Message:
       Move patches to the right place. Bump PKGREVISION
Commits on Jun 18, 2012
  1. Pullup tickets #3835 and #3836.

    tron committed Jun 18, 2012
  2. Pullup ticket #3836 - requested by obache

    tron committed Jun 18, 2012
    emulators/suse121_libxml2: security update
    
    Revisions pulled up:
    - emulators/suse121_libxml2/Makefile                            1.2-1.3
    - emulators/suse121_libxml2/distinfo                            1.2-1.3
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sun May 27 09:09:57 UTC 2012
    
       Modified Files:
       	pkgsrc/emulators/suse121_libxml2: Makefile distinfo
    
       Log Message:
       Update libxml2 rpm to 2.7.8+git20110708-3.5.1 for CVE-2012-0841.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Wed Jun 13 23:38:37 UTC 2012
    
       Modified Files:
       	pkgsrc/emulators/suse121_libxml2: Makefile distinfo
    
       Log Message:
       Update suse121 libxml2 rpm to 2.7.8+git20110708-3.8.1 for CVE-2011-3102.
    
       Bump PKGREVISION.
  3. Pullup ticket #3835 - requested by dholland

    tron committed Jun 18, 2012
    devel/electric-fence: build fix
    
    Revisions pulled up:
    - devel/electric-fence/Makefile                                 1.4
    - devel/electric-fence/distinfo                                 1.2
    - devel/electric-fence/patches/patch-efence_c                   1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun 16 07:46:55 UTC 2012
    
       Modified Files:
       	pkgsrc/devel/electric-fence: Makefile distinfo
       Added Files:
       	pkgsrc/devel/electric-fence/patches: patch-efence_c
    
       Log Message:
       Add gcc memory barriers after the manner of emacs20's patch-bm, for
       the same reason: gcc "knows" that malloc has no side effects and
       reorders code around it, only it's wrong. Fixes SIGSEGV during build
       seen in some environments.
    
       Bump package revision as a precaution, because I don't understand why
       this sometimes doesn't fail and sometimes does with the same gcc
       version.
Commits on Jun 13, 2012
  1. Pullup ticket #3834.

    tron committed Jun 13, 2012
  2. Pullup ticket #3834 - requested by bouyer

    tron committed Jun 13, 2012
    sysutils/xenkernel41: security patch
    
    Revisions pulled up:
    - sysutils/xenkernel41/Makefile                                 1.6
    - sysutils/xenkernel41/distinfo                                 1.7
    - sysutils/xenkernel41/patch-xsa7-xsa8-xen-4.1                  1.1
    - sysutils/xenkernel41/patch-xsa9-xen-4.1                       1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	bouyer
       Date:		Tue Jun 12 15:59:04 UTC 2012
    
       Modified Files:
       	pkgsrc/sysutils/xenkernel41: Makefile distinfo
       Added Files:
       	pkgsrc/sysutils/xenkernel41: patch-xsa7-xsa8-xen-4.1 patch-xsa9-xen-4.1
    
       Log Message:
       pull up patches from upstream, fixing XSA7, XSA8 and XSA9.
       PKGREVISION++
Commits on Jun 11, 2012
  1. Pullup tickets #3832 and #3833.

    tron committed Jun 11, 2012
  2. Pullup ticket #3833 - requested by obache

    tron committed Jun 11, 2012
    multimedia/adobe-flash-plugin11: security update
    
    Revisions pulled up:
    - multimedia/adobe-flash-plugin11/Makefile                      1.6
    - multimedia/adobe-flash-plugin11/distinfo                      1.6
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Mon Jun 11 06:51:05 UTC 2012
    
       Modified Files:
       	pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
    
       Log Message:
       Update adobe-flas-plugin11 to 11.2.202.236 for APSB12-14.
  3. Pullup ticket #3832 - requested by obache

    tron committed Jun 11, 2012
    multimedia/adobe-flash-plugin10.1: security update
    
    Revisions pulled up:
    - multimedia/adobe-flash-plugin10.1/Makefile                    1.19
    - multimedia/adobe-flash-plugin10.1/distinfo                    1.11
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Mon Jun 11 06:50:03 UTC 2012
    
       Modified Files:
       	pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo
    
       Log Message:
       Update adobe-flas-plugin10.1 to 10.3.183.20 for APSB12-14.
Commits on Jun 9, 2012
  1. Pullup ticket #3831.

    tron committed Jun 9, 2012
  2. Pullup ticket #3831 - requested by tez

    tron committed Jun 9, 2012
    security/mit-krb5: security patch
    
    Revisions pulled up:
    - security/mit-krb5/Makefile                                    1.57
    - security/mit-krb5/distinfo                                    1.34
    - security/mit-krb5/patches/patch-lib_kadm5_srv_svr__principal.c 1.1
    
    ---
       Module Name:    pkgsrc
       Committed By:   tez
       Date:           Wed Jun  6 18:17:46 UTC 2012
    
       Modified Files:
               pkgsrc/security/mit-krb5: Makefile distinfo
       Added Files:
               pkgsrc/security/mit-krb5/patches: patch-lib_kadm5_srv_svr__principal.c
    
       Log Message:
       Fix for CVE-2012-1013 from:
        [10]krb5/krb5@ca29094
       5
  3. Pullup tickets #3828, #3829 and #3830.

    tron committed Jun 9, 2012
  4. Pullup ticket #3830 - requested by obache

    tron committed Jun 9, 2012
    audio/pulseaudio: build fix
    
    Revisions pulled up:
    - audio/pulseaudio/distinfo                                     1.29-1.32
    - audio/pulseaudio/patches/patch-aa                             1.9-1.11
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Mon May 14 14:56:51 UTC 2012
    
       Modified Files:
       	pkgsrc/audio/pulseaudio: distinfo
       	pkgsrc/audio/pulseaudio/patches: patch-aa
    
       Log Message:
       Try to fix build failure on NeBSD 6.99.7 from _oss_ioctl API change as PR 46448.
    
    ---
       Module Name:	pkgsrc
       Committed By:	abs
       Date:		Mon May 14 18:01:46 UTC 2012
    
       Modified Files:
       	pkgsrc/audio/pulseaudio: distinfo
       	pkgsrc/audio/pulseaudio/patches: patch-aa
    
       Log Message:
       Extend previous to apply to netbsd-6 also (at least the one currently on
       netbsd-daily and soon be in BETA2)
    
    ---
       Module Name:	pkgsrc
       Committed By:	abs
       Date:		Mon May 14 18:46:22 UTC 2012
    
       Modified Files:
       	pkgsrc/audio/pulseaudio: distinfo
    
       Log Message:
       regen distinfo
    
    ---
       Module Name:	pkgsrc
       Committed By:	abs
       Date:		Tue May 15 13:20:03 UTC 2012
    
       Modified Files:
       	pkgsrc/audio/pulseaudio: distinfo
       	pkgsrc/audio/pulseaudio/patches: patch-aa
    
       Log Message:
       fix borked __NetBSD_Version__ in last
  5. Pullup ticket #3829 - requested by dholland

    tron committed Jun 9, 2012
    finance/kmymoney2: build fix
    
    Revisions pulled up:
    - finance/kmymoney2/Makefile                                    1.59 via patch
    - finance/kmymoney2/options.mk                                  1.4
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 18:33:32 UTC 2012
    
       Modified Files:
       	pkgsrc/finance/kmymoney2: Makefile options.mk
    
       Log Message:
       As the sqlite plugin in the PLIST is unconditional, and sqlite3 is
       innocuous and small compared to kde3, and built into netbsd-6 anyway,
       and the package finds sqlite3 regardless of whether it's buildlinked,
       always depend on sqlite3. Should fix build on netbsd-5.
    
       Remove commented-out traces of a sqlite3 option from options.mk.
    
       PKGREVISION++
  6. Pullup ticket #3828 - requested by dholland

    tron committed Jun 9, 2012
    devel/ruby-posix-spawn: correct list of supported platforms
    
    Revisions pulled up:
    - devel/ruby-posix-spawn/Makefile                               1.4-1.6
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Mon May 21 12:18:05 UTC 2012
    
       Modified Files:
       	pkgsrc/devel/ruby-posix-spawn: Makefile
    
       Log Message:
       Not for NetBSD-5 release.
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Wed Jun  6 21:55:22 UTC 2012
    
       Modified Files:
       	pkgsrc/devel/ruby-posix-spawn: Makefile
    
       Log Message:
       Fix COMMENT.
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  9 08:03:17 UTC 2012
    
       Modified Files:
       	pkgsrc/devel/ruby-posix-spawn: Makefile
    
       Log Message:
       Don't try to be too fancy with the NOT_FOR_PLATFORM pattern. It broke.
       (see pkgsrc-bulk)
Commits on Jun 6, 2012
  1. Pullup ticket #3825 - requested by dholland

    tron committed Jun 6, 2012
    x11/xvidtune: build fix
    
    Revisions pulled up:
    - x11/xvidtune/hacks.mk                                         1.1-1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 21:03:03 UTC 2012
    
       Added Files:
       	pkgsrc/x11/xvidtune: hacks.mk
    
       Log Message:
       Work around x11-links lossage with native X on NetBSD 5.
    
       x11-links rejects xf86vidmodeproto because it's too old according
       to the pkgsrc X xf86vidmodeproto bl3 file (which is at best dubious
       logic) and doesn't link it. Then the .pc file isn't available, so
       this package's configure script silently fails running pkg-config
       and sets XVIDTUNE_LIBS to empty. The build then fails at link time
       because no X libs at all have been requested. Fix it by feeding in
       the result of running the same pkg-config invocation outside
       pkgsrc. The fact that the native xf86vidmode is "too old" does not
       itself break the package.
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sun Jun  3 18:06:11 UTC 2012
    
       Modified Files:
       	pkgsrc/x11/xvidtune: hacks.mk
    
       Log Message:
       This should also have bsd.prefs.mk before checking MACHINE_PLATFORM.
  2. Pullup ticket #3824 - requested by dholland

    tron committed Jun 6, 2012
    www/p5-Task-Plack: build fix
    
    Revisions pulled up:
    - www/p5-Task-Plack/Makefile                                    1.5
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 18:54:32 UTC 2012
    
       Modified Files:
       	pkgsrc/www/p5-Task-Plack: Makefile
    
       Log Message:
       Fix invalid version numbers.
  3. Pullup ticket #3823 - requested by dholland

    tron committed Jun 6, 2012
    net/nasd: build fix
    
    Revisions pulled up:
    - net/nasd/distinfo                                             1.2
    - net/nasd/patches/patch-al                                     1.2
    - net/nasd/patches/patch-ay                                     1.2
    - net/nasd/patches/patch-common_i386_Imakefile                  1.1
    - net/nasd/patches/patch-include_nasd_nasd__timer_h             1.1
    - net/nasd/patches/patch-kernel__generate_dux_other_Makefile    1.1
    - net/nasd/patches/patch-kernel__generate_dux_other_nasd_Makefile 1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 23:34:56 UTC 2012
    
       Modified Files:
       	pkgsrc/net/nasd: distinfo
       	pkgsrc/net/nasd/patches: patch-al patch-ay
       Added Files:
       	pkgsrc/net/nasd/patches: patch-common_i386_Imakefile
       	    patch-include_nasd_nasd__timer_h
       	    patch-kernel__generate_dux_other_Makefile
       	    patch-kernel__generate_dux_other_nasd_Makefile
    
       Log Message:
       Fix broken build.
    
       (1) With gcc 4.5, cpp does not fold lines separated by a escaped
       newline in the output. Therefore when nasd_rpcgen runs its rpc
       definitions through cpp, what comes out contains syntax errors. The
       parser then reports these with SIGSEGV. First fix the cpp plumbing to
       use the cpp tool wrapper during build, and then have it use -traditional.
    
       (2) On amd64, roughly half the build thinks it's actually i386. Patch
       the other half to agree. This may not turn out to work, but it does
       build instead of dumping out bizarre compile errors.
  4. Pullup ticket #3822 - requested by tron

    tron committed Jun 6, 2012
    misc/stellarium/Makefile: build fix
    print/pdf2djvu/Makefile: build fix
    
    Revisions pulled up:
    - misc/stellarium/Makefile                                      1.54-1.55
    - print/pdf2djvu/Makefile                                       1.8-1.9
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 19:35:47 UTC 2012
    
       Modified Files:
       	pkgsrc/misc/stellarium: Makefile
    
       Log Message:
       Use BUILDLINK_TRANSFORM to drop unsupported -W options on netbsd-5.
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 19:38:56 UTC 2012
    
       Modified Files:
       	pkgsrc/print/pdf2djvu: Makefile
    
       Log Message:
       Use BUILDLINK_TRANSFORM to remove -Werror=foo syntax not supported on
       netbsd-5.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sun Jun  3 09:31:32 UTC 2012
    
       Modified Files:
       	pkgsrc/misc/stellarium: Makefile
       	pkgsrc/print/pdf2djvu: Makefile
    
       Log Message:
       require bsd.prefs.mk before conditional check.
  5. Pullup ticket #3821 - requested by tron

    tron committed Jun 6, 2012
    audio/xcdplayer: build fix
    
    Revisions pulled up:
    - audio/xcdplayer/distinfo                                      1.9
    - audio/xcdplayer/patches/patch-al                              1.6
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sat Jun  2 20:00:50 UTC 2012
    
       Modified Files:
       	pkgsrc/audio/xcdplayer: distinfo
       	pkgsrc/audio/xcdplayer/patches: patch-al
    
       Log Message:
       Call time() correctly; fixes netbsd-5 build.
Commits on Jun 5, 2012
  1. Pullup tickets 3817, 3818, 3819 and 3820

    sbd committed Jun 5, 2012
  2. Pullup ticket #3820 - requested by taca

    sbd committed Jun 5, 2012
    net/bind96 security update
    
    Revisions pulled up:
    - net/bind96/Makefile                                           1.26
    - net/bind96/distinfo                                           1.18
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Jun  4 13:29:19 UTC 2012
    
       Modified Files:
       	pkgsrc/net/bind96: Makefile distinfo
    
       Log Message:
       Update bind96 to 9.6.3.1.ESV.7pl1 (BIND 9.6-ESV-R7-P1).
       Security release for CVE-2012-1667.
    
       	--- 9.6-ESV-R7-P1 released ---
    
       3331.	[security]	dns_rdataslab_fromrdataset could produce bad
       			rdataslabs. [RT #29644]
  3. Pullup ticket #3819 - requested by taca

    sbd committed Jun 5, 2012
    net/bind97 security update
    
    Revisions pulled up:
    - net/bind97/Makefile                                           1.15
    - net/bind97/distinfo                                           1.14
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Jun  4 13:27:32 UTC 2012
    
       Modified Files:
       	pkgsrc/net/bind97: Makefile distinfo
    
       Log Message:
       Update bind97 to 9.7.6pl1 (BIND 9.7.6-P1).
       Security release for CVE-2012-1667.
    
       	--- 9.7.6-P1 released ---
    
       3331.	[security]	dns_rdataslab_fromrdataset could produce bad
       			rdataslabs. [RT #29644]
  4. Pullup ticket #3818 - requested by taca

    sbd committed Jun 5, 2012
    net/bind98 security update
    
    Revisions pulled up:
    - net/bind98/Makefile                                           1.12
    - net/bind98/distinfo                                           1.12
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Jun  4 13:25:56 UTC 2012
    
       Modified Files:
       	pkgsrc/net/bind98: Makefile distinfo
    
       Log Message:
       Update bind98 to 9.8.3pl1 (BIND 9.8.3-P1).
       Security release for CVE-2012-1667.
    
       	--- 9.8.3-P1 released ---
    
       3331.	[security]	dns_rdataslab_fromrdataset could produce bad
       			rdataslabs. [RT #29644]
  5. Pullup ticket #3817 - requested by taca

    sbd committed Jun 5, 2012
    net/bind99 security update
    
    Revisions pulled up:
    - net/bind99/Makefile                                           1.5
    - net/bind99/distinfo                                           1.5
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Jun  4 13:24:28 UTC 2012
    
       Modified Files:
       	pkgsrc/net/bind99: Makefile distinfo
    
       Log Message:
       Update bind99 to 9.9.1pl1 (BIND 9.9.1-P1).
       Security release for CVE-2012-1667.
    
       	--- 9.9.1-P1 released ---
    
       3331.	[security]	dns_rdataslab_fromrdataset could produce bad
       			rdataslabs. [RT #29644]
Commits on Jun 3, 2012
  1. Pullup ticket #3816.

    tron committed Jun 3, 2012
  2. Pullup ticket #3816 - requested by obache

    tron committed Jun 3, 2012
    geography/mapserver: security update
    
    Revisions pulled up:
    - geography/mapserver/Makefile                                  1.34
    - geography/mapserver/distinfo                                  1.7
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sat Jun  2 11:16:58 UTC 2012
    
       Modified Files:
       	pkgsrc/geography/mapserver: Makefile distinfo
    
       Log Message:
       Update MapServer to 5.6.8.
       PR 46504 By Wen Heping.
    
       Version 5.6.8 (2012-02-08):
       ---------------------------
    
       - Fix security issue with quote escape in WFS GetFeature Filter (#4087)
    
       - Fix segfault on join with postgresql tables (#4074)
    
       - Define Z_BEST_COMPRESSION for newer libpng versions (#4033)
    
       - Fixes to support latest PROJ versions (#4008)
    
       Version 5.6.7 (2011-07-12):
       ---------------------------
    
       IMPORTANT SECURITY FIXES:
    
       -  Fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS
           and SOS), as well as a potential SQL injection in WMS time support.
           Your system may be vulnerable if it has MapServer with OGC protocols
           enabled, with layers connecting to an SQL RDBMS backend, either
           natively or via OGR (#3903)
    
       -  Fixed potentially exploitable buffer overflows in OGC Filter Encoding
           support (#3903)
    
       Other Fixes:
    
       - Fixed PHP/MapScript ms_iogetstdoutbufferbytes() always returning 0 bytes
          written (#3041)
    
       - OGC Filter: fix segfault when a ows_varname_type or wfs_varname_type is
          defined but not a gml_varname_type (#3902)
    
       - Fixed mssql2008 to return correct geometries with chart layer type (#3894)
    
       - Fix segfault with png-inimage exceptions and quantize_force=on (#2903)
    
       - Fix segfault on malformed <PropertyIsLike> filters (#3888)
    
       - Fixed potential crash with AVERAGE resampling and crazy reprojection (#3886)
    
       - Fixed segmentation fault on invalid symbol (#3849)
    
       - add support for gml:Box for spatial filters (#3789)
    
       - Fixed false computation of symbol size when used as a brush on line (#3760)
    
       - Fixed SQL Spatial to be able to use UniqueIdentifier field as unique key (#3722)
    
       - Fixed possible seg. fault when using "OGR:Label*" special attributes (#3667)
    
       - Fixed bug with newlines around multipart boundaries in wcs multipart (#3672)
    
       Version 5.6.6 (2011-01-17):
       ---------------------------
    
       - SLD: Fix point symbolizer issue when color is not set (#3658)
    
       - Fix WMS EXCEPTIONS parameter issue with fastcgi (#3525)
    
       - Fixed missing time in msDrawMap logging (#3651)
    
       - Fixed Internal error with Oracle Spatial multi point geometries (#3627)
    
       - Fixed double free in shp2img.c (#3497)
    
       - Fixed free(): invalid next size in mapfile.c (#3604)
    
       - Fix for the memory corruption when mapping the string data type in the
          Java bindings (3491)
    
       - Correct wms 1.3.0 latlong bbox error (#2578)
    
       - Fix ProperyIsLike not used efficiently with Oracle (#3557)
    
       - Fixed msOGRGetSymbolId according to the changes in gdal 1.8 (#3556)
    
       - Fixed crash when drawing a map using UNIQUE fid in the layer data (#3271)
    
       - Fixed Oracle Spatial Data gets corrupt (#3541)
    
       - Fixed issue with multiple styles and binding (#3538)
    
       - Fixed multiple include tags not supported in xml mapfiles (#3530)
    
       - Ensure the class is not marked BeforeFieldInit causing memory corruption
          with C#/CLR4 (#3438)
    
       - Fixed MSSQL2008 driver returning invalid extent (#3498)
    
       - Fix computation of shape bounds when the first line contains no points
          (#3119)(fixes #3383)
    
       - Fixed error message tiles on zero-sized map cause memory allocation errors
          in maperror.c. (#3524)
Commits on Jun 1, 2012
  1. Pullup tickets #3814 and #3815.

    tron committed Jun 1, 2012
  2. Pullup ticket #3815 - requested by dholland

    tron committed Jun 1, 2012
    graphics/cairo: build fix
    
    Revisions pulled up:
    - graphics/cairo/Makefile                                       1.99
    - graphics/cairo/hacks.mk                                       1.3
    
    ---
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Sun May 27 18:21:44 UTC 2012
    
       Modified Files:
       	pkgsrc/graphics/cairo: Makefile hacks.mk
    
       Log Message:
       Since a proper solution does not appear to be forthcoming anytime soon,
       add a hack for "the pixman problem" on netbsd-5. Add -lpixman-1 to the
       libs in cairo's .pc file when on netbsd-5.
  3. Pullup ticket #3814 - requested by obache

    tron committed Jun 1, 2012
    www/moodle:: security update
    
    Revisions pulled up:
    - www/moodle/Makefile                                           1.11
    - www/moodle/PLIST                                              1.9
    - www/moodle/distinfo                                           1.9
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu May 31 12:12:54 UTC 2012
    
       Modified Files:
       	pkgsrc/www/moodle: Makefile PLIST distinfo
    
       Log Message:
       Update moodle to 2.1.6, include some security fixes.
       Based on maintainer update request by PR 46498.
    
       Upstream changes:
    
       Highlights
    
       * MDL-32431 Calendar events can be backed-up and restored
       * MDL-29262 Moodle 2 backup_controllers table is no longer needlessly massive
    
       Functional changes
    
       * MDL-27862 Ability to unset a theme
       * MDL-31835 Recent conversations link added when viewing a message
       * MDL-27427 Option added to delete external blog entries
    
       Security issues
    
       * MSA-12-0024 Hidden information access issue
       * MSA-12-0025 Personal communication access issue
       * MSA-12-0026 Quiz capability issue
       * MSA-12-0027 Question bank capability issues
       * MSA-12-0028 Insecure authentication issue
       * MSA-12-0029 Information editing access issue
       * MSA-12-0030 Capability manipulation issue
       * MSA-12-0031 Cross-site scripting vulnerability in Wiki
       * MSA-12-0032 Cross-site scripting vulnerability in Web services
       * MSA-12-0035 Cross-site scripting vulnerability in "download all"
       * MSA-12-0036 Cross-site scripting vulnerability in category identifier
       * MSA-12-0037 Write access issue in Database activity module
       * MSA-12-0038 Calendar event write permission issue
    
       Fixes and improvements
    
       * MDL-32061 Backup fixed when there is a lesson with attempts in the course
       * MDL-31008 CSS fixed to display dimmed objects
       * MDL-30867 Lesson essay question formatting fixed
       * MDL-31528 Breadcrumbs appearing consistently when editing is off
       * MDL-31631 Caching fixed so deleted activities do not remain listed
       * MDL-26674 Wiki Module activity logs activity fully
       * MDL-31510 Students in groups see only assignments in the Gradebook according to their group allocation
       * MDL-32141 Custom TinyMCE additions now work in Firefox 11
Commits on May 29, 2012
  1. Pullup ticket #3812.

    tron committed May 29, 2012
  2. Pullup ticket #3812 - requested by gls

    tron committed May 29, 2012
    devel/apache-ant: security update
    
    Revisions pulled up:
    - devel/apache-ant/Makefile                                     1.31
    - devel/apache-ant/PLIST                                        1.14
    - devel/apache-ant/distinfo                                     1.15
    
    ---
       Module Name:	pkgsrc
       Committed By:	tonio
       Date:		Mon May 28 08:10:06 UTC 2012
    
       Modified Files:
       	pkgsrc/devel/apache-ant: Makefile PLIST distinfo
    
       Log Message:
       Update devel/apache-ant to 1.8.4
    
       Changes from Ant 1.8.3 TO Ant 1.8.4
       Fixed bugs:
         * Ported libbzip2's fallback sort algorithm to CBZip2OutputStream to
           speed up compression in certain edge cases.  Merge from Commons
           Compress.
         * Using specially crafted inputs this can be used as a denial of
           service attack.
           See CVE-2012-2098.
Commits on May 28, 2012
  1. Pullup ticket #3811.

    tron committed May 28, 2012