Permalink
Commits on Jul 15, 2013
  1. Pullup ticket #4184 - requested by tron

    www/apache22: security update
    
    Revisions pulled up:
    - www/apache22/Makefile                                         1.92
    - www/apache22/distinfo                                         1.57
    - www/apache22/patches/patch-modules_mappers_mod_rewrite.c      deleted
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Mon Jul 15 18:15:49 UTC 2013
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       Removed Files:
       	pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
    
       Log Message:
       Update "apache22" package to version 2.2.25. Changes since 2.2.24:
       - SECURITY: CVE-2013-1862 (cve.mitre.org)
         mod_rewrite: Ensure that client data written to the RewriteLog is
         escaped to prevent terminal escape sequences from entering the
         log file.  [Eric Covener, Jeff Trawick, Joe Orton]
       - core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
         strings.  The default limit for ap_pregsub() can be adjusted at compile
          time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]
       - core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
         on Linux kernel versions 3.x and above.  Bug#55121.  [Bradley Heilbrun
         <apache heilbrun.org>]
       - mod_setenvif: Log error on substitution overflow.
         [Stefan Fritsch]
       - mod_ssl/proxy: enable the SNI extension for backend TLS connections
         [Kaspar Brand]
       - mod_proxy: Use the the same hostname for SNI as for the HTTP request when
         forwarding to SSL backends. Bug#53134.
         [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
       - mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
         in the error log to debug level.  [William Rowe]
       - mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
         with SSLProxyMachineCertificateFile/Path directives. Bug#52212, Bug#54698.
         [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
       - mod_proxy_balancer: Added balancer parameter failontimeout to allow server
         admin to configure an IO timeout as an error in the balancer.
         [Daniel Ruggeri]
       - mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
         password.  [Daniel Ruggeri]
       - htdigest: Fix buffer overflow when reading digest password file
         with very long lines. Bug#54893. [Rainer Jung]
       - mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
         the source href (sent as part of the request body as XML) pointing to a
         URI that is not configured for DAV will trigger a segfault. [Ben Reser
         <ben reser.org>]
       - mod_dav: Ensure URI is correctly uriencoded on return. Bug#54611
         [Timothy Wood <tjw omnigroup.com>]
       - mod_dav: Make sure that when we prepare an If URL for Etag comparison,
         we compare unencoded paths. Bug#53910 [Timothy Wood <tjw omnigroup.com>]
       - mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
         result in a 412 Precondition Failed for a COPY operation. PR54610
         [Timothy Wood <tjw omnigroup.com>]
       - mod_dav: When a PROPPATCH attempts to remove a non-existent dead
         property on a resource for which there is no dead property in the same
         namespace httpd segfaults. Bug#52559 [Diego Santa Cruz
         <diego.santaCruz spinetix.com>]
       - mod_dav: Do not fail PROPPATCH when prop namespace is not known.
         Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
       - mod_dav: Do not segfault on PROPFIND with a zero length DBM.
         Bug#52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.91 -r1.92 pkgsrc/www/apache22/Makefile
       cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/apache22/distinfo
       cvs rdiff -u -r1.3 -r0 \
           pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
    spz committed Jul 15, 2013
Commits on Jun 29, 2013
  1. Pullup tickets #4166.

    tron committed Jun 29, 2013
  2. Pullup ticket #4166 - requested by morr

    www/wordpress: security update
    
    Revisions pulled up:
    - www/wordpress/Makefile                                        1.32-1.33
    - www/wordpress/PLIST                                           1.15
    - www/wordpress/distinfo                                        1.25
    
    ---
       Module Name:	pkgsrc
       Committed By:	morr
       Date:		Mon Jun 24 16:13:21 UTC 2013
    
       Modified Files:
       	pkgsrc/www/wordpress: Makefile distinfo
    
       Log Message:
       Security update to version 3.5.2.
    
       Fixed issues:
    
       * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
       * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
       * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
       * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
       * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
       * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
       * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.
    
       * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
       * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
       * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
    
    ---
       Module Name:    pkgsrc
       Committed By:   morr
       Date:           Mon Jun 24 16:16:42 UTC 2013
    
       Modified Files:
               pkgsrc/www/wordpress: Makefile
    
       Log Message:
       Remove pkgrevision bit
    
    ---
       Module Name:    pkgsrc
       Committed By:   morr
       Date:           Thu Jun 27 08:04:57 UTC 2013
    
       Modified Files:
               pkgsrc/www/wordpress: PLIST
    
       Log Message:
       Fix PLIST file, unbreak build
    tron committed Jun 29, 2013
Commits on Jun 23, 2013
  1. pullups 4164 4165

    spz committed Jun 23, 2013
  2. Pullup ticket #4164 - requested by morr

    net/haproxy: security update
    Pullup ticket #4165 - requested by morr
    net/haproxy: security update
    
    Revisions pulled up:
    - net/haproxy/Makefile                                          1.8
    - net/haproxy/distinfo                                          1.6
    - net/haproxy/patches/patch-aa                                  1.3
    - net/haproxy/patches/patch-ab                                  1.2
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	morr
       Date:		Wed Apr 17 19:55:38 UTC 2013
    
       Modified Files:
       	pkgsrc/net/haproxy: Makefile distinfo
       	pkgsrc/net/haproxy/patches: patch-aa patch-ab
    
       Log Message:
       Security update to version 1.4.23.
    
       ChangeLog:
       2013/04/03 : 1.4.23
        - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
        - BUG: fix garbage data when http-send-name-header replaces an existing header
        - BUG/MEDIUM: remove supplementary groups when changing gid
        - BUG/MINOR: Correct logic in cut_crlf()
        - BUG/MINOR: config: use a copy of the file name in proxy configurations
        - BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
        - MINOR: halog: sort output by cookie code
        - BUG/MINOR: halog: -ad/-ac report the correct number of output lines
        - BUG/MINOR: halog: fix help message for -ut/-uto
        - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode
        - BUG/MEDIUM: command-line option -D must have precedence over "debug"
        - OPTIM: halog: keep a fast path for the lines-count only
        - MINOR: halog: add a parameter to limit output line count
        - BUG: halog: fix broken output limitation
        - MEDIUM: checks: avoid accumulating TIME_WAITs during checks
        - MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts
        - BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list
        - BUG/MINOR: http: don't report client aborts as server errors
        - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests
        - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
        - BUG/MINOR: http: don't abort client connection on premature responses
        - BUILD: no need to clean up when making git-tar
        - MINOR: http: always report PR-- flags for redirect rules
        - BUG/MINOR: time: frequency counters are not totally accurate
        - BUG/MINOR: http: don't process abortonclose when request was sent
        - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
        - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
        - BUG/MEDIUM: checks: ensure the health_status is always within bounds
        - CLEANUP: http: remove a useless null check
        - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
        - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
        - CLEANUP: config: slowstart is never negative
        - BUILD: improve the makefile's support for libpcre
        - BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
        - MEDIUM: halog: add support for counting per source address (-ic)
        - DOC: mention the new HTTP 307 and 308 redirect statues     (cherry picked from commit b67fdc4cd8bde202f2805d98683ddab929469a05)
        - MEDIUM: poll: do not use FD_* macros anymore
        - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
        - BUILD: enable poll() by default in the makefile
        - BUILD: add explicit support for Mac OS/X
        - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
        - MEDIUM: http: implement redirect 307 and 308
        - MINOR: http: status 301 should not be marked non-cacheable
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/haproxy/Makefile
       cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/haproxy/distinfo
       cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/haproxy/patches/patch-aa
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/haproxy/patches/patch-ab
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	morr
       Date:		Thu Jun 20 21:36:28 UTC 2013
    
       Modified Files:
       	pkgsrc/net/haproxy: Makefile distinfo
    
       Log Message:
       Security update to version 1.4.24.
    
       ChangeLog:
    
       - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances
       - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used
       - MEDIUM: protocol: implement a "drain" function in protocol layers
       - BUG/CRITICAL: fix a possible crash when using negative header occurrences
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/haproxy/Makefile
       cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/haproxy/distinfo
    spz committed Jun 23, 2013
Commits on Jun 22, 2013
  1. Pullup ticket #4159 - requested by tron

    net/wireshark: security update
    
    Revisions pulled up:
    - net/wireshark/Makefile                                        1.103
    - net/wireshark/distinfo                                        1.66
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Tue Jun 11 22:57:59 UTC 2013
    
       Modified Files:
       	pkgsrc/net/wireshark: Makefile distinfo
    
       Log Message:
       Update "wireshark" package to version 1.8.8. Changes since 1.8.7:
       - Bug Fixes
         The following vulnerabilities have been fixed.
           o wnpa-sec-2013-32
             The CAPWAP dissector could crash. Discovered by Laurent Butti.
             (Bug 8725)
             Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
           o wnpa-sec-2013-33
             The GMR-1 BCCH dissector could crash. Discovered by Sylvain
             Munaut and Laurent Butti. (Bug 7664, Bug 8726 )
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-34
             The PPP dissector could crash. Discovered by Laurent Butti.
             (Bug 7880, Bug 8727 )
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-35
             The NBAP dissector could crash. (Bug 8697)
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-36
             The RDP dissector could crash. Discovered by Laurent Butti
             (Bug 8729)
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-37
             The GSM CBCH dissector could crash. Discovered by Laurent
             Butti (Bug 8730)
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-38
             The Assa Abloy R3 dissector could consume excessive memory and
             CPU. (Bug 8764)
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-39
             The HTTP dissector could overrun the stack. (Bug 8733)
             Versions affected: 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
           o wnpa-sec-2013-40
             The Ixia IxVeriWave file parser could overflow the heap.
             Discovered by Sachin Shinde. (Bug 8760)
             Versions affected: 1.8.0 to 1.8.7.
           o wnpa-sec-2013-41
             The DCP ETSI dissector could crash. (Bug 8717)
             Versions affected: 1.10.0, 1.8.0 to 1.8.7, 1.6.0 to 1.6.15.
         The following bugs have been fixed:
           o TRY_TO_FAKE_THIS_ITEM disables bounds errors. (Bug 3290)
           o Multiple expert info in a packet does not cause the most
             "severe" to be displayed in expert column. (Bug 7733)
           o tshark -z io,stat reports bad byte counts if filter doesn't
             match anything. (Bug 8066)
           o Add decryption for WPA eapol 4-way handshake. (Bug 8680)
           o wireshark is crashing while attempting to use 'SCTP' ->
             'Prepare Filter for this Association'. (Bug 8731)
           o Crash analyzing VoIP Calls (T38). (Bug 8736)
           o IMAP Dissector, Missing byte. (Bug 8739)
           o C12.22 Invocation Id shows negative sometimes. (Bug 8744)
           o gsm_a_dtap dissector (SMS): under certain conditions fillbits
             may be displayed for an alphanumeric TP-Originating-Address.
             (Bug 8756)
           o TETRA dissector assertion. (Bug 8768)
           o Mark retransmitted SYN and FIN packets as retransmissions.
       - Updated Protocol Support
         Bittorrent DHT, C12.22, CAPWAP, DCP ETSI, EAPOL, GMR-1 BCCH, GSM
         CBCH, GSM SMS, HTTP, IMAP, NBAP, PPP, R3, RDP, SGsAP, T.38, TETRA
       - New and Updated Capture File Support
         Ixia IxVeriWave.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.102 -r1.103 pkgsrc/net/wireshark/Makefile
       cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/wireshark/distinfo
    spz committed Jun 22, 2013
Commits on Jun 19, 2013
  1. Pullup tickets #4162.

    tron committed Jun 19, 2013
  2. Pullup ticket #4162 - requested by wiz

    sysutils/dbus: security update
    
    Revisions pulled up:
    - sysutils/dbus/Makefile                                        1.60-1.61
    - sysutils/dbus/distinfo                                        1.43-1.44
    - sysutils/dbus/patches/patch-ab                                1.21
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Sun May 26 18:06:05 UTC 2013
    
       Modified Files:
       	pkgsrc/sysutils/dbus: Makefile distinfo
       	pkgsrc/sysutils/dbus/patches: patch-ab
    
       Log Message:
       Update to 1.6.10:
    
       D-Bus 1.6.10 (2013-04-24)
       ==
    
       The “little-known facts about bananas” release.
    
       • Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
         U+FDD0..U+FDEF are allowed in UTF-8 strings again.
         (fd.o #63072, Simon McVittie)
    
       • Diagnose incorrect use of dbus_connection_get_data() with negative slot
         (i.e. before allocating the slot) rather than returning junk
         (fd.o #63127, Dan Williams)
    
       • In the activation helper, when compiled for tests, do not reset the system
         bus address, fixing the regression tests. (fd.o #52202, Simon)
    
       • Fix building with Valgrind 3.8, at the cost of causing harmless warnings
         with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan)
    
       • Don't leak temporary fds pointing to /dev/null (fd.o #56927, Michel HERMIER)
    
       • Create session.d, system.d directories under CMake (fd.o #41319,
         Ralf Habacker)
    
       • Unix-specific:
         · Include alloca.h for alloca() if available, fixing compilation on
           Solaris 10 (fd.o #63071, Dagobert Michelsen)
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Thu Jun 13 13:00:34 UTC 2013
    
       Modified Files:
       	pkgsrc/sysutils/dbus: Makefile distinfo
    
       Log Message:
       Update to 1.6.12:
    
       D-Bus 1.6.12 (2013-06-13)
       ==
    
       Fixes:
    
       • CVE-2013-2168: Fix misuse of va_list that could be used as a denial
         of service for system services. Vulnerability reported by Alexandru Cornea.
         (Simon)
    
       • In dbus-daemon, don't crash if a .service file starts with key=value
         (fd.o #60853, Chengwei Yang)
    
       • Unix-specific:
         · Fix an assertion failure if we try to activate systemd services before
           systemd connects to the bus (fd.o #50199, Chengwei Yang)
         · Avoid compiler warnings for ignoring the return from write()
           (Chengwei Yang)
    tron committed Jun 19, 2013
Commits on Jun 15, 2013
  1. Pullup tickets #4160 and #4161.

    tron committed Jun 15, 2013
  2. Pullup ticket #4161 - requested by obache

    multimedia/adobe-flash-plugin10.1: security update
    
    Revisions pulled up:
    - multimedia/adobe-flash-plugin10.1/Makefile                    1.29
    - multimedia/adobe-flash-plugin10.1/distinfo                    1.20
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri Jun 14 08:22:13 UTC 2013
    
       Modified Files:
       	pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo
    
       Log Message:
       Update adobe-flash-plugin10.1 to 10.3.183.90 for APSB13-16
    tron committed Jun 15, 2013
  3. Pullup ticket #4160 - requested by obache

    multimedia/adobe-flash-plugin11: security update
    
    Revisions pulled up:
    - multimedia/adobe-flash-plugin11/Makefile                      1.17
    - multimedia/adobe-flash-plugin11/distinfo                      1.16
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri Jun 14 08:20:57 UTC 2013
    
       Modified Files:
       	pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
    
       Log Message:
       Update adobe-flash-plugin11 to 11.2.202.291 for APSB13-16
    tron committed Jun 15, 2013
Commits on Jun 11, 2013
  1. Force rebuild.

    tron committed Jun 11, 2013
  2. Force rebuild.

    tron committed Jun 11, 2013
  3. Pullup ticket #4158 - requested by taca

    lang/php53: fix build with "suhosi" option
    
    Revisions pulled up:
    - lang/php53/Makefile.php                                       1.34
    - lang/php53/distinfo                                           1.65
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Jun  9 22:23:24 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile.php distinfo
    
       Log Message:
       Fix suhosi patch part.
       Thanks to Volkmar Seifert notified me the problem via private e-mail.
    
       (I should modify my local mk.conf to handle better...)
    tron committed Jun 11, 2013
Commits on Jun 10, 2013
  1. Pullup tickets #4156, #4157 and #4158.

    tron committed Jun 10, 2013
  2. Pullup ticket #4158 - requested by taca

    lang/php53: fix build with "suhosi" option
    
    Revisions pulled up:
    - lang/php53/Makefile.php                                       1.34
    - lang/php53/distinfo                                           1.65
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Jun  9 22:23:24 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile.php distinfo
    
       Log Message:
       Fix suhosi patch part.
       Thanks to Volkmar Seifert notified me the problem via private e-mail.
    
       (I should modify my local mk.conf to handle better...)
    tron committed Jun 10, 2013
  3. Pullup ticket #4157 - requested by taca

    lang/php/phpversion.mk: update PHP versions after security update
    
    Revisions pulled up:
    - lang/php/phpversion.mk                                        1.32-1.34
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Apr 12 17:01:47 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
    
       Log Message:
       Update PHP53_VERSION and PHP54_VERSION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Jun  3 15:23:14 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
    
       Log Message:
       Update PHP53_VERSION and PHP54_VERSION.  It should be updated with
       last update of php53/php54.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jun  7 13:56:25 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
    
       Log Message:
       Update PHP53_VERSION and PHP54_VERSION.
    tron committed Jun 10, 2013
  4. Pullup ticket #4156 - requested by taca

    lang/php53: security update
    
    Revisions pulled up:
    - lang/php53/Makefile.common                             1.24-1.26
    - lang/php53/Makefile.php                                1.33 via patch
    - lang/php53/distinfo                                    1.63-1.64 via patch
    - lang/php53/patches/patch-main_main.c                   deleted
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Apr 12 16:59:51 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile.common Makefile.php distinfo
       	pkgsrc/lang/php53/patches: patch-ab
    
       Log Message:
       Update php53 to 5.3.24.
    
       11 Apr 2013, PHP 5.3.24
    
       - Core
         . Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
           (Anatol)
         . Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle
           exceptions properly). (Jeff Welch)
         . Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry)
    
       - PCRE:
         . Merged PCRE 8.32). (Anatol)
    
       - mysqlnd
         . Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
           for stmt->param_bind). (Andrey)
    
       - DateTime
         . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
    
       - Zip:
         . Bug #64452 (Zip crash intermittently). (Anatol)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu May 16 16:19:14 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile.common Makefile.php distinfo
       Removed Files:
       	pkgsrc/lang/php53/patches: patch-main_main.c
    
       Log Message:
       Update php53 to 5.3.25 (PHP 5.3.25).
    
       09 May 2013, PHP 5.3.25
    
       - Core:
         . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap:
           segfault). (Laruence)
         . Fixed bug #64458 (dns_get_record result with string of length -1). (Stas)
         . Fixed bugs #47675 and #64577 (fd leak on Solaris). (Rasmus)
    
       - Streams:
         . Fixed Windows x64 version of stream_socket_pair() and improved error
           handling. (Anatol Belski)
    
       - Zip:
         . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
           (Anatol)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jun  7 13:53:52 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile.common distinfo
    
       Log Message:
       Update php53 to 5.3.26.
    
       06 Jun 2013, PHP 5.3.26
    
       - Core:
         . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
           CVE 2013-2110). (Stas)
    
       - Calendar:
         . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
    
       - FPM:
         . Fixed some possible memory or resource leaks and possible null dereference
           detected by code coverity scan. (Remi)
         . Log a warning when a syscall fails. (Remi)
    
       - MySQLi:
         . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
           pointer has closed). (Laruence)
    
       - Phar
         . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
           with non std tmp dir). (Pierre)
    
       - Streams:
         . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
           on Windows x64). (Anatol)
    
       - Zend Engine:
         . Fixed bug #64821 (Custom Exception crash when internal properties
           overridden). (Anatol)
    tron committed Jun 10, 2013
Commits on Jun 9, 2013
  1. Pullup tickets #4149, #4154 and #4155.

    tron committed Jun 9, 2013
  2. Pullup ticket #4155 - requested by taca

    lang/php54: security update
    
    Revisions pulled up:
    - lang/php54/Makefile.common                                    1.11-1.13
    - lang/php54/distinfo                                           1.16-1.18
    - lang/php54/patches/patch-main_main.c                          deleted
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Apr 12 17:00:40 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php54: Makefile.common distinfo
    
       Log Message:
       Update php54 to 5.4.14.
    
       11 Apr 2013, PHP 5.4.14
       - Core
         . Fixed bug #64529 (Ran out of opcode space). (Dmitry)
         . Fixed bug #64515 (Memoryleak when using the same variablename two t=
       imes in
           function declaration). (Laruence)
         . Fixed bug #64432 (more empty delimiter warning in strX methods). (L=
       aruence)
         . Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal=
        error).
           (Dmitry)
         . Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_=
       FLOAT']).
           (Anatol)
         . Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or =
       5.4.11).
           (Dmitry, Laruence)
         . Fixed bug #63976 (Parent class incorrectly using child constant in =
       class
           property). (Dmitry)
         . Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle
           exceptions properly). (Jeff Welch)
         . Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmit=
       ry)
    
       - PCRE:
         . Merged PCRE 8.32. (Anatol)
    
       - SNMP:
         . Fixed bug #61981 (OO API, walk: $suffix_as_key is not working corre=
       ctly).
       	(Boris Lytochkin)
    
       - Zip:
         . Bug #64452 (Zip crash intermittently). (Anatol)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu May 16 16:19:58 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php54: Makefile.common distinfo
       Removed Files:
       	pkgsrc/lang/php54/patches: patch-main_main.c
    
       Log Message:
       Update php54 to 5.4.15 (PHP 5.4.15).
    
       09 May 2013, PHP 5.4.15
       - Core:
         . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zen=
       d heap:
           segfault). (Laruence)
         . Fixed bug #64458 (dns_get_record result with string of length -1). =
       (Stas)
         . Fixed bug #64433 (follow_location parameter of context is ignored f=
       or most
           response codes). (Sergey Akbarov)
         . Fixed bugs #47675 and #64577 (fd leak on Solaris)
    
       - Fileinfo:
         . Upgraded libmagic to 5.14. (Anatol)
    
       - Zip:
         . Fixed bug #64342 (ZipArchive::addFile() has to check for file exist=
       ence).
           (Anatol)
    
       - Streams:
         . Fixed Windows x64 version of stream_socket_pair() and improved erro=
       r
           handling (Anatol Belski)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jun  7 13:54:33 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php54: Makefile.common distinfo
    
       Log Message:
       Update php54 to 5.4.16.
    
       06 Jun 2013, PHP 5.4.16
    
       - Core:
         . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_en=
       code,
           CVE 2013-2110). (Stas)
         . Fixed bug #64853 (Use of no longer available ini directives causes =
       crash on
           TS build). (Anatol)
         . Fixed bug #64729 (compilation failure on x32). (Gustavo)
         . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
         . Fixed bug #64660 (Segfault on memory exhaustion within function def=
       inition).
           (Stas, reported by Kylm=E4nen)
    
       - Calendar:
         . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
    
       - Fileinfo:
         . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anato=
       l)
    
       - FPM:
         . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
         . Fixed some possible memory or resource leaks and possible null dere=
       ference
           detected by code coverity scan. (Remi)
         . Log a warning when a syscall fails. (Remi)
         . Add --with-fpm-systemd option to report health to systemd, and
           systemd_interval option to configure this. The service can now use
           Type=3Dnotify in the systemd unit file. (Remi)
    
       - MySQLi
        . Fixed bug #64726 (Segfault when calling fetch_object on a use_result=
        and DB
           pointer has closed). (Laruence)
    
       - Phar
         . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, =
       SMB or
           with non std tmp dir). (Pierre)
    
       - SNMP:
         . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong).
           (Boris Lytochkin)
         . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
    
       - Streams:
         . Fixed bug #64770 (stream_select() fails with pipes returned by proc=
       _open()
           on Windows x64). (Anatol)
    
       - Zend Engine:
         . Fixed bug #64821 (Custom Exceptions crash when internal properties
           overridden). (Anatol)
    tron committed Jun 9, 2013
  3. Pullup ticket #4154 - requested by obache

    fonts/efont-unicode: build fix
    fonts/ja-naga10: build fix
    
    Revisions pulled up:
    - fonts/efont-unicode/Makefile                                  1.14
    - fonts/ja-naga10/Makefile                                      1.12
    - mk/tools/replace.mk                                           1.259-1.260
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Wed Jun  5 13:26:35 UTC 2013
    
       Modified Files:
       	pkgsrc/mk/tools: replace.mk
    
       Log Message:
       fixes usage of TOOLS_CREATE for X related tools, and those tools will be created
       in ${TOOLS_DIR}/bin, same as other tools.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu Jun  6 02:17:17 UTC 2013
    
       Modified Files:
       	pkgsrc/mk/tools: replace.mk
    
       Log Message:
       create X related tools also for X11_TYPE=native.
    
       might fix PR pkg/47883.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sun Jun  9 13:00:47 UTC 2013
    
       Modified Files:
       	pkgsrc/fonts/efont-unicode: Makefile
       	pkgsrc/fonts/ja-naga10: Makefile
    
       Log Message:
       Bump PKGREVISION so that .pcf files will be created correctly with X related
       tools fixes.
    
       PR pkg/47883.
    tron committed Jun 9, 2013
  4. Pullup ticket #4149 - requested by taca

    lang/ruby193-base: security update
    
    Revisions pulled up:
    - lang/ruby/rubyversion.mk                                      1.96-1.99 via patch
    - lang/ruby193-base/Makefile                                    1.28-1.30 via patch
    - lang/ruby193-base/PLIST                                       1.8 via patch
    - lang/ruby193-base/distinfo                                    1.19-1.21,1.19 via patch
    - lang/ruby193-base/patches/patch-Makefile.in                   1.1 via patch
    - lang/ruby193-base/patches/patch-configure                     1.7-1.9,1.7 via patch
    - lang/ruby193-base/patches/patch-configure.in                  1.6-1.8,1.6 via patch
    - lang/ruby193-base/patches/patch-lib_rubygems_dependency__installer.rb 1.2 via patch
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu Apr  4 13:30:07 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
    
       Log Message:
       define ruby library names for Cygwin (only tested with ruby193).
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu Apr  4 13:31:55 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby193-base: Makefile PLIST
    
       Log Message:
       Add missing PLIST entries for Win32 (currently, on Cygwin).
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sat Apr 20 02:30:18 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby193-base: Makefile
    
       Log Message:
       Cygwin also require tools.mkdir in rbconfig.rb work around.
    
    ---
       Module Name:	pkgsrc
       Committed By:	rodent
       Date:		Mon Apr  8 11:17:26 UTC 2013
    
       Modified Files:
       	pkgsrc/audio/distmp3: Makefile
       	pkgsrc/audio/festival: Makefile
       	pkgsrc/audio/moc: Makefile
       	pkgsrc/chat/konversation: Makefile
       	pkgsrc/chat/xchat: Makefile.common
       	pkgsrc/converters/skf: Makefile
       	pkgsrc/databases/clisp-bdb: PLIST
       	pkgsrc/databases/gdbm: Makefile
       	pkgsrc/databases/gdbm_compat: builtin.mk
       	pkgsrc/databases/mysql51-client: Makefile.common
       	pkgsrc/databases/p5-Catalyst-Model-RDBO: MESSAGE
       	pkgsrc/databases/php-pdo_mysql: Makefile
       	pkgsrc/databases/postgresql84: options.mk
       	pkgsrc/databases/py-metakit: Makefile
       	pkgsrc/devel/gps: options.mk
       	pkgsrc/devel/gtexinfo: options.mk
       	pkgsrc/devel/lwp: PLIST
       	pkgsrc/devel/netbsd-iscsi-lib: Makefile
       	pkgsrc/devel/p5-Devel-Pragma: Makefile
       	pkgsrc/devel/p5-Test-TinyMocker: Makefile
       	pkgsrc/devel/ruby-readline: options.mk
       	pkgsrc/devel/tpasm: PLIST
       	pkgsrc/devel/xulrunner192: Makefile mozilla-common.mk
       	pkgsrc/editors/emacs22: Makefile.common
       	pkgsrc/editors/xemacs: hacks.mk
       	pkgsrc/emulators/suse121_gtk2: Makefile
       	pkgsrc/filesystems/fuse: builtin.mk
       	pkgsrc/filesystems/glusterfs: MESSAGE.NetBSD options.mk
       	pkgsrc/filesystems/openafs: options.mk
       	pkgsrc/fonts/ja-elisat: Makefile
       	pkgsrc/games/crack-attack-sounds: Makefile
       	pkgsrc/games/gnuchess: Makefile
       	pkgsrc/games/pingus: Makefile
       	pkgsrc/games/quake3server-ut: Makefile
       	pkgsrc/graphics/graphviz: buildlink3.mk
       	pkgsrc/graphics/tgif: Makefile
       	pkgsrc/graphics/xplot-devel: Makefile
       	pkgsrc/inputmethod/ibus: bad-env-usage.mk
       	pkgsrc/inputmethod/prime: Makefile
       	pkgsrc/inputmethod/uim-elisp: Makefile
       	pkgsrc/lang/gcc47-libs: Makefile
       	pkgsrc/lang/objc: Makefile
       	pkgsrc/lang/ruby: gem.mk rubyversion.mk
       	pkgsrc/lang/ucblogo: Makefile
       	pkgsrc/mail/mailhops: Makefile
       	pkgsrc/mail/perdition: Makefile.common
       	pkgsrc/mail/thunderbird-l10n: MESSAGE
       	pkgsrc/mail/thunderbird10-l10n: MESSAGE
       	pkgsrc/math/mpcomplex: inplace.mk
       	pkgsrc/math/mtl: Makefile
       	pkgsrc/math/p5-Math-Random-MT-Perl: Makefile
       	pkgsrc/misc/autocue: distinfo
       	pkgsrc/multimedia/gstreamer1: options.mk
       	pkgsrc/multimedia/tstools: Makefile
       	pkgsrc/net/arping: Makefile
       	pkgsrc/net/delegate: Makefile
       	pkgsrc/net/hlfl: Makefile
       	pkgsrc/net/irrd: options.mk
       	pkgsrc/net/netdisco: Makefile
       	pkgsrc/net/openvpn: MESSAGE
       	pkgsrc/net/py-omniORBpy: hacks.mk
       	pkgsrc/net/radiusclient-ng: Makefile
       	pkgsrc/net/ruby-amqp: Makefile
       	pkgsrc/net/sitescooper: Makefile
       	pkgsrc/net/teamspeak-client: Makefile
       	pkgsrc/net/vnc: Makefile
       	pkgsrc/net/wistumbler2: Makefile.common
       	pkgsrc/net/wpa_gui: Makefile
       	pkgsrc/net/wu-ftpd: Makefile
       	pkgsrc/parallel/gridscheduler: Makefile
       	pkgsrc/pkgtools/pkg_install: Makefile
       	pkgsrc/print/LPRng-core: Makefile
       	pkgsrc/security/crypto++: Makefile
       	pkgsrc/security/f-prot-antivirus6-ms-bin: Makefile
       	pkgsrc/security/libbf: Makefile
       	pkgsrc/security/libidea: Makefile
       	pkgsrc/security/libssh: Makefile
       	pkgsrc/security/pakemon: Makefile
       	pkgsrc/security/php-suhosin: Makefile
       	pkgsrc/security/pks: Makefile
       	pkgsrc/security/prelude-lml: Makefile
       	pkgsrc/security/prngd: Makefile
       	pkgsrc/security/py-lasso: Makefile
       	pkgsrc/shells/ast-ksh: Makefile.common
       	pkgsrc/sysutils/mkmemstick: distinfo
       	pkgsrc/sysutils/whowatch: Makefile
       	pkgsrc/textproc/dblatex: Makefile
       	pkgsrc/textproc/hunspell-da_DK: Makefile
       	pkgsrc/textproc/hunspell-sk_SK: Makefile
       	pkgsrc/textproc/jade: Makefile
       	pkgsrc/textproc/kakasi: Makefile
       	pkgsrc/textproc/py-enchant: Makefile
       	pkgsrc/wm/compiz-fusion-plugins-extra: Makefile
       	pkgsrc/wm/compiz-fusion-plugins-main: Makefile
       	pkgsrc/www/SOGo: MESSAGE
       	pkgsrc/www/amaya: hacks.mk
       	pkgsrc/www/ap2-xslt2: Makefile
       	pkgsrc/www/contao30: Makefile
       	pkgsrc/www/epiphany: Makefile
       	pkgsrc/www/firefox-l10n: MESSAGE
       	pkgsrc/www/firefox10-l10n: MESSAGE
       	pkgsrc/www/firefox36: Makefile
       	pkgsrc/www/firefox36-l10n: MESSAGE
       	pkgsrc/www/phraseanet: MESSAGE
       	pkgsrc/www/seamonkey-l10n: MESSAGE
       	pkgsrc/x11/xdaemon: Makefile
    
       Log Message:
       Remove "Trailing empty lines." and/or "Trailing white-space."
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue May 14 15:18:05 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
    
       Log Message:
       * Properly handle the case of multiple values in RUBY_VERSION_SUPPORTED.
       * Clean up PLIST_VARS.
    
       No functional change should be done.
    
    ---
       Module Name:	pkgsrc
       Committed By:	bsiegert
       Date:		Tue Apr 30 21:30:59 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby193-base: distinfo
       	pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in
    
       Log Message:
       Unbreak build on MirBSD by pre-including sys/types.h and sys/time.h in
       header checks.
       This will be submitted upstream.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu May 16 16:13:59 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
       	pkgsrc/lang/ruby193-base: Makefile distinfo
       	pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in
       	    patch-lib_rubygems_dependency__installer.rb
       Added Files:
       	pkgsrc/lang/ruby193-base/patches: patch-Makefile.in
    
       Log Message:
       Update ruby193 and related packages to 1.9.3p429 (Ruby 1.9.3 patchlevel 429).
    
       pkgsrc changes:
    
         * Fix gem command creating extra directories.
    
       Quote from release announce:
    
         This release includes a security fix about bundled DL / Fiddle.
    
         * Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)
    
       	http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
    
         * And some small bugfixes are also included.
    
           See tickets:
    
       	https://bugs.ruby-lang.org/projects/ruby-193/issues?set_filter=1&amp;status_id=5
           ChangeLog for details.
    
       	http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_426/ChangeLog
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat May 18 07:39:36 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby193-base: distinfo
       	pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in
    
       Log Message:
       Correct patch of configure scripts for DragonFly/FreeBSD.
       That place was changed prior to my update of ruby193-base pacakge and
       I'm not sure it was correct or not.
    
       And suffix of libruby shared library has something historical part of
       pkgsrc.  I don't care so much to changing the name, but also don't
       think it is so important thing to bump revisions.
    
       Noted by pkg/47831 from David Shao.
    
    ---
       Module Name:	pkgsrc
       Committed By:	bsiegert
       Date:		Tue Apr 30 21:30:59 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby193-base: distinfo
       	pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in
    
       Log Message:
       Unbreak build on MirBSD by pre-including sys/types.h and sys/time.h in
       header checks.
       This will be submitted upstream.
    tron committed Jun 9, 2013
Commits on Jun 7, 2013
  1. Pullup ticket #4150.

    tron committed Jun 7, 2013
  2. Pullup ticket #4150 - requested by taca

    devel/transifex-client: security update
    
    Revisions pulled up:
    - devel/transifex-client/Makefile                               1.2-1.3
    - devel/transifex-client/PLIST                                  1.2
    - devel/transifex-client/distinfo                               1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu May 23 13:17:52 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/transifex-client: Makefile
    
       Log Message:
       Correct HOEPAGE noted by PR pkg/47848 from Ilias-Dimitrios Vrachnis.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu May 23 14:54:53 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/transifex-client: Makefile PLIST distinfo
    
       Log Message:
       Update transifex-client to 0.9, fixing CVE-2013-2073.
    
       pkgsrc changes; use wget instead of curl to fetch.
    
       Quote from release announce on the blog.
    
       * Verify SSL certificates. Even though the client opened an encrypted
         connection to the server, it did not validate the certificate used. As a
         result, the client was open to MITM attacks. The new version will always
         validate the certificate first and refuse to connect to the server if there
         is a problem with it.
    
       * Add support for soft links in UNIX systems. You can now use soft links in
         your project directories. This would be useful in cases where you have a
         large project and you would prefer to assign the localization files to
         multiple Transifex projects.
    
       * Add support for local .transifexrc files. You can now have a .transifexrc
         file in your project directory. The entries in the file will override the
         ones from the main one. This would be useful in cases you would prefer to
         use a different set of credentials for a project than the ones you use for
         the rest of your projects in Transifex.
    
       * Make the client more friendly to users in Windows. The .tx/config file now
         supports forward slashes for the paths in Windows, in accordance to what
         UNIX uses. As a result, people can now share a .tx/config irrespective of
         whether they use a UNIX-based system (like Linux and Mac OS X) or Windows.
    tron committed Jun 7, 2013
Commits on Jun 2, 2013
  1. pullup 4148

    spz committed Jun 2, 2013
  2. Pullup ticket #4148 - requested by tron

    www/apache22: security patch
    
    Revisions pulled up:
    - www/apache22/Makefile                                         1.88
    - www/apache22/distinfo                                         1.55
    - www/apache22/patches/patch-modules_mappers_mod_rewrite.c      1.3
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Thu May 30 22:58:15 UTC 2013
    
       Modified Files:
       	pkgsrc/www/apache22: Makefile distinfo
       Added Files:
       	pkgsrc/www/apache22/patches: patch-modules_mappers_mod_rewrite.c
    
       Log Message:
       Add Apache developer fix for security vulnerability reported
       in CVE-2013-1862.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.87 -r1.88 pkgsrc/www/apache22/Makefile
       cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/apache22/distinfo
       cvs rdiff -u -r0 -r1.3 \
           pkgsrc/www/apache22/patches/patch-modules_mappers_mod_rewrite.c
    spz committed Jun 2, 2013
Commits on May 31, 2013
  1. Pullup ticket #4143.

    tron committed May 31, 2013
  2. Pullup ticket #4143 - requested by spz

    www/apache-tomcat6: security update
    
    Revisions pulled up:
    - www/apache-tomcat6/Makefile                                   1.12
    - www/apache-tomcat6/PLIST                                      1.8
    - www/apache-tomcat6/distinfo                                   1.9
    
    ---
       Module Name:	pkgsrc
       Committed By:	spz
       Date:		Sat May 18 15:19:15 UTC 2013
    
       Modified Files:
       	pkgsrc/www/apache-tomcat6: Makefile PLIST distinfo
    
       Log Message:
       security update:
    
       Important: Session fixation CVE-2013-2067
    
       FORM authentication associates the most recent request requiring
       authentication with the current session. By repeatedly sending
       a request for an authenticated resource while the victim is
       completing the login form, an attacker could inject a request
       that would be executed using the victim's credentials.
    
       Note that the option to change session ID on authentication was
       added in Tomcat 6.0.21. In earlier 6.0.x releases, prevention of
       session fixation was an application responsibility.
       This vulnerability represents a bug in Tomcat's session fixation
       protection that was added in 6.0.21. Hence, only versions 6.0.21
       onwards are listed as vulnerable.
    
       This was fixed in revision 1417891.
    
       This issue was identified by the Tomcat security team on
       15 Oct 2012 and made public on 10 May 2013.
    
       Affects: 6.0.21-6.0.36
    
       Important: Denial of service CVE-2012-3544
    
       When processing a request submitted using the chunked transfer
       encoding, Tomcat ignored but did not limit any extensions that
       were included. This allows a client to perform a limited DOS
       by streaming an unlimited amount of data to the server.
    
       This was fixed in revision 1476592.
    
       This issue was reported to the Tomcat security team on
       10 November 2011 and made public on 10 May 2013.
    
       Affects: 6.0.0-6.0.36
    
       ChangeLog:
       ++++++++++
       Catalina
    
       fix	52055: Ensure that filters are recycled. (markt/kkolinko)
       fix	52184: Reduce log level for invalid cookies. (markt)
       fix	53481: Added support for SSLHonorCipherOrder to allow the
       	server to impose its cipher order on the client. Based on
       	a patch provided by Marcel Šebek. (schultz)
       fix	54044: Correct bug in timestamp cache used by logging
       	(including the access log valve) that meant entries could
       	be made with an earlier timestamp than the true timestamp. (markt)
       fix	In FormAuthenticator: If it is configured to change
       	Session IDs, do the change before displaying the login
       	form. (kkolinko)
       fix	54054: Do not share shell environment variables between
       	multiple instances of the CGI servlet. (markt)
       fix	54087: Correctly handle (ignore) invalid If-Modified-Since
       	header rather than throwing an exception. (markt/kkolinko)
       fix	54220: Ensure the ErrorReportValve only generates an error
       	report if the error flag on the response has been set. (markt)
       fix	Fix memory leak of servlet instances when running with
       	a SecurityManager and either init() or destroy() methods
       	fail or the servlet is a SingleThreadModel one, and of
       	filter instances if their destroy() method fails with an
       	Error. (kkolinko)
       fix	54382: Fix NPE when SSI processing is enabled and an empty
       	SSI directive is present. (markt)
       fix	54483: Correct one of the Spanish translations. Based on
       	a suggestion from adinamita. (kkolinko)
       update	54527: Synchronize conf/web.xml mime mapping with Tomcat 7. (markt)
    
       Coyote
    
       fix	54248: Ensure that byte order marks are swallowed when
       	using a Reader to read a request body with a BOM for those
       	encodings that require byte order marks. (markt)
       fix	54324: Allow APR connector to disable TLS compression
       	if OpenSSL supports it. (schultz)
       fix	54456: Ensure that if a client aborts a request when
       	sending a chunked request body that this is communicated
       	correctly to the client reading the request body. (markt)
       update	Update the native component of the APR/native connector
       	to 1.1.27 and make that version the recommended minimum
       	version. (kkolinko)
    
       Jasper
    
       fix	54615: Tomcat 6 doesn't build against ecj 4.x (kkolinko)
    
       Cluster
    
       fix	54045: Make sure getMembers() returns available member
       	when TcpFailureDetector works in static cluster. (kfujino)
    
       Web applications
    
       update	22278: Add a commented out sample configuration of
       	RemoteAddrValve to META-INF/context.xml files of the
       	Manager and Host Manager applications. (kkolinko)
       fix	54080: Clarify documentation for initial value of
       	internalProxies attribute of RemoteIpValve. (schultz/kkolinko)
       fix	54198: Clarify that HttpServletResponse.sendError(int)
       	results in an HTML response by default. (markt)
       fix	54207: Correct JNDI factory package name in Javadoc for
       	org.apache.naming.java.javaURLContextFactory. (markt)
    
       Other
    
       update	Add sample Apache Commons Daemon JSVC wrapper script
       	bin/daemon.sh that can be used with /etc/init.d. (kkolinko)
       update	In the build configuration: introduce property
       	"tomcat.output" that is used to specify location of the
       	build output directory. This simplifies configuration if
       	someone wants to move the output directory elsewhere
       	(e.g. out of the source tree). (kkolinko)
       fix	54390: Use 'java_home' on Mac OS X to auto-detect
       	JAVA_HOME. (schultz)
       update	54601: Change catalina.sh to consistently use
       	LOGGING_MANAGER variable to configure logging, instead
       	of modifying JAVA_OPTS one. (kkolinko)
       update	54890: Update to Apache Commons Daemon 1.0.15. (mturk)
    tron committed May 31, 2013
Commits on May 30, 2013
  1. Pullup ticket #4142.

    tron committed May 30, 2013
  2. Pullup ticket #4142 - requested by spz

    devel/rt3: security update
    
    Revisions pulled up:
    - devel/rt3/Makefile                                            1.52
    - devel/rt3/Makefile.install                                    1.20
    - devel/rt3/PLIST                                               1.23
    - devel/rt3/distinfo                                            1.24
    
    ---
       Module Name:	pkgsrc
       Committed By:	spz
       Date:		Sun May 26 16:55:53 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo
    
       Log Message:
       security update for RT3, fixing:
    
           CVE-2013-3368
           CVE-2013-3369
           CVE-2013-3370
           CVE-2013-3371
           CVE-2013-3372
           CVE-2013-3373
           CVE-2013-3374
    
       It also includes a database upgrade, so please make sure to run `make
       upgrade-database`.
    
       Changes in detail are:
       3.8.15->3.8.16:
       ruz 	stop RT from locking on "large" mails
       ruz 	make sure data is recorded (tests)
       alexmv 	Remove bogus argument to ->get(), which fail on HTTP::Message >= 5.05
       alexmv 	Ensure that tickets are destroyed before global destruction, in more
       alexmv 	Work around a bug in perl < 5.13.10 with open($fh, ">:raw", \$string)
       sunnavy destroy more tickets and objects before global destruction for modern
       tsibley Remove the "signature" paragraph from the README's explanation of RT
    
       3.8.16->3.8.17:
       alexmv 	Ensure that filenames in inline image attributes are HTML-escaped
       alexmv 	Deny direct access to callbacks
       alexmv 	Protect calls to $m->comp with user input in ColumnMap
       alexmv 	Ensure that subjects cannot contain embedded newlines
       alexmv 	Remove filename= suggesions from Content-Disposition lines
       alexmv 	Ensure consistent escaping of filenames in attachment URIs
       alexmv 	Ensure that URLs placed in HTML attributes are escaped correctly, to
       	prevent XSS injection
       alexmv 	Ensure that the default replacement does not pass through unescaped
       	content
       alexmv 	Use File::Temp for non-predictable temporary filenames
    tron committed May 30, 2013
Commits on May 25, 2013
  1. Pullup ticket #4141.

    tron committed May 25, 2013
  2. Pullup ticket #4141 - requested by obache

    print/acroread9: security update
    
    Revisions pulled up:
    - print/acroread9/Makefile                                      1.10
    - print/acroread9/distinfo                                      1.9
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri May 24 13:11:08 UTC 2013
    
       Modified Files:
       	pkgsrc/print/acroread9: Makefile distinfo
    
       Log Message:
       Update acroread9 to 9.5.5 for APSB13-15.
    tron committed May 25, 2013
Commits on May 23, 2013
  1. Pullup ticket #4140.

    tron committed May 23, 2013
  2. Pullup ticket #4140 - requested by obache

    emulators/suse121_libtiff: security update
    
    Revisions pulled up:
    - emulators/suse121_libtiff/Makefile                            1.4
    - emulators/suse121_libtiff/distinfo                            1.4
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu May 23 11:20:09 UTC 2013
    
       Modified Files:
       	pkgsrc/emulators/suse121_libtiff: Makefile distinfo
    
       Log Message:
       Update libtiff3 rpm to 3.9.5-8.17.1 for CVE-2013-1960 and CVE-2013-1961.
    
       Bump PKGREVISION.
    tron committed May 23, 2013
Commits on May 20, 2013
  1. pullup 4139

    spz committed May 20, 2013