Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
...
This comparison is big! We’re only showing the most recent 250 commits
Commits on Dec 19, 2004
minskim Add more missing dependencies: gettext-lib, zlib, and intltool. a88bf35
kristerw Add back ONLY_FOR_PLATFORM that was removed by mistake when the package
was updated in r1.17.
4d7826d
wiz Add space (between option and argument) for Irix.
From Georg Schwarz in PR 28715.
b566417
tron Update "analog" package to version 6.0. Changes since version 5.32:
- Added Palm OS and Symbian OS to the Operating System Report.
- ISO 8601 extended date format available in language files.
- Another style sheet from James Reeves added to the examples directory.
- Analog is now distributed under the GNU General Public License.
- Fix problems building unzip.c on some platforms.
- Fix invalid XHTML output in non-European languages.
- The DNSTIMEOUT command is now off by default, because it breaks DNS lookups
  on many platforms.
- Recognises Firebird and Firefox as browsers.
- msnbot recognised as a robot in the default configuration.
- Patches for Mac.
- New Makefiles for Windows and RISC OS.
- Corrections to Finnish and Japanese language files.
- Reads zip and bzip2 logfiles without the need for an UNCOMPRESS command.
- Automatically strips ;params section from URLs (for example, jsessionid's).
- Recognises Windows Server 2003 in the Operating System Report.
- First user-contributed style sheets added to examples/css directory.
- Computer-readable output style now forces English output.
- More corrections to XML output style.
- Patches for OpenVMS and RISC OS.
- Basque language files.
- Country code .cs, formerly Czechoslovakia, is now Serbia and Montenegro.
  (Changed in English, French and German domains files, and removed from other
  domains files).
- Corrections to Swedish and Ukrainian language files, and to German domains
  files.
- Internal Search reports now work properly on case-insensitive file systems.
- Various bug fixes and improvements to XHTML and XML output styles.
- New command CSSPREFIX to add a prefix to the CSS class names used in the
  XHTML output.
- XML DTD distributed with the program.
- Language files for Simplified Chinese.
- This is the first beta test for version 6.
- Output code completely rewritten, to permit more output formats.
- New output formats XHTML and XML. (Thanks to Per Jessen for XML, and to
  Jeremy Wadsack for help with XHTML).
- XHTML is now the default output style.
- The barcharts are now made from png's not gif's by default.
- New command LOGOURL.
514cee2
tron Note update of "analog" package to version 6.0. 6606b3b
tron Remove erroneous slash in "MASTER_SITES" declaration accidently invented
in last revision.
72d6565
minskim overnet was updated to 1.0.1. eb1d64e
minskim Bump PKGREVISION due to the newly-added zlib dependency. Noted by gra…
…nt@.
c94d738
Commits on Dec 20, 2004
schmonz Update to 4.2.5. From the changelog:
  -fix typo in getmailcore/exceptions.py that would raise a NameError
    exception in certain rare cases.  Thanks: Gour ?.
c497c18
schmonz Note getmail update (bugfix). 6ec65d8
schmonz The value of QUEUE_EXTRA can be a local user instead of an alias.
Clarify admonishment to the reader accordingly.
f9219d6
grant since perl is now built with threads on most platforms, the perl archlib
module directory has changed (eg. "darwin-2level" vs.
"darwin-thread-multi-2level").

binary packages of perl modules need to be distinguishable between
being built against threaded perl and unthreaded perl, so bump the
PKGREVISION of all perl module packages and introduce
BUILDLINK_RECOMMENDED for perl as perl>=5.8.5nb5 so the correct
dependencies are registered and the binary packages are distinct.

addresses PR pkg/28619 from H. Todd Fujinaka.
0fdfc20
grant Note revision bumps for the following packages:
    p5-Archive-Tar, p5-Archive-Zip, p5-Compress-Bzip2, p5-Audio-CD,
    p5-Audio-Wav, p5-CDDB, p5-CDDB_get, p5-MP3-Info, p5-MP3-Tag,
    p5-MusicBrainz-Client, p5-MusicBrainz-Queries, p5-Net-AIM, p5-Net-AOLIM,
    p5-Net-Goofey, p5-Net-ICQ2000, p5-Net-Jabber, p5-Device-Gsm,
    p5-Device-Modem, p5-Device-SerialPort, p5-pilot-link, p5-Convert-BinHex,
    p5-Convert-TNEF, p5-Convert-UUlib, p5-Jcode, p5-MIME-Base64,
    p5-Text-Iconv, p5-Unicode-IMAPUtf7, p5-Unicode-Map8, p5-Unicode-String,
    p5-chkjis, p5-jcode, p5-nkf, p5-AddressBook, p5-Apache-DBI, p5-BerkeleyDB,
    p5-Class-DBI, p5-DBD-CSV, p5-DBD-Google, p5-DBD-Oracle, p5-DBD-SQLite,
    p5-DBD-Sybase, p5-DBD-XBase, p5-DBD-mysql, p5-DBD-postgresql, p5-DBI,
    p5-DBI-Shell, p5-DBIWrapper, p5-DBIx-ContextualFetch, p5-DBIx-Datasource,
    p5-DBIx-SearchBuilder, p5-DB_File, p5-Ima-DBI, p5-MARC, p5-MLDBM,
    p5-MLDBM-Sync, p5-Palm, p5-SQL-Statement, p5-gdbm, p5-perl-ldap,
    p5-postgresql, p5-sybperl, p5-Algorithm-Annotate, p5-Algorithm-Diff,
    p5-Algorithm-Merge, p5-AppConfig, p5-AtExit, p5-Attribute-Handlers,
    p5-BSD-Resource, p5-Bit-Vector, p5-Cache-Cache,
    p5-Cache-Simple-TimedExpiry, p5-Carp-Assert, p5-Class-Accessor,
    p5-Class-Container, p5-Class-Data-Inheritable, p5-Class-Factory,
    p5-Class-Fields, p5-Class-Inner, p5-Class-Loader, p5-Class-MethodMaker,
    p5-Class-ObjectTemplate, p5-Class-ReturnValue, p5-Class-Trigger,
    p5-Class-WhiteHole, p5-Class-XPath, p5-Clone, p5-Compress-Zlib,
    p5-Config-General, p5-Config-IniFiles, p5-Curses, p5-Data-Buffer,
    p5-Data-Hierarchy, p5-Data-ShowTable, p5-Data-TemporaryBag, p5-Data-UUID,
    p5-Date-Business, p5-Date-Calc, p5-Date-Manip, p5-Devel-Profile,
    p5-Devel-SmallProf, p5-Devel-StackTrace, p5-Devel-Symdump, p5-Error,
    p5-Event, p5-Exception-Class, p5-Expect, p5-ExtUtils-Depends,
    p5-ExtUtils-F77, p5-ExtUtils-PkgConfig, p5-ExtUtils-XSBuilder,
    p5-File-BaseDir, p5-File-DirSync, p5-File-FlockDir, p5-File-MimeInfo,
    p5-File-PathConvert, p5-File-Spec, p5-File-Temp, p5-File-Type,
    p5-FileHandle-Unget, p5-FileKGlob, p5-FreezeThaw, p5-Getopt-Simple,
    p5-Graph, p5-Heap, p5-IO-Digest, p5-IO-LockedFile, p5-IO-Null,
    p5-IO-String, p5-IO-Stty, p5-IO-Tee, p5-IO-Tty, p5-IO-Util, p5-IO-Zlib,
    p5-IO-stringy, p5-IPC-Run, p5-IPC-ShareLite, p5-IPC-Shareable,
    p5-IPC-SharedCache, p5-Inline, p5-LDAP, p5-Lingua-EN-Inflect,
    p5-Log-Agent, p5-Log-Dispatch, p5-Log-Dispatch-Config,
    p5-Log-Dispatch-DBI, p5-Log-Dispatch-FileRotate, p5-Log-LogLite, p5-Make,
    p5-Memoize, p5-Memoize-ExpireLRU, p5-Module-Build, p5-Module-CoreList,
    p5-Module-Dependency, p5-Module-ScanDeps, p5-Module-Versions-Report,
    p5-Net-CIDR, p5-Net-Netmask, p5-OLE-Storage_Lite, p5-OOTools,
    p5-Object-Realize-Later, p5-PAR-Dist, p5-POE, p5-PV, p5-Params-Validate,
    p5-Parse-RecDescent, p5-Parse-Yapp, p5-PatchReader, p5-Perl-Tidy,
    p5-PerlIO-eol, p5-PerlIO-via-dynamic, p5-PerlIO-via-symlink,
    p5-Proc-Daemon, p5-Regexp-Shellish, p5-SDL, p5-SVN-Mirror, p5-SVN-Simple,
    p5-Safe-Hole, p5-Scalar-List-Utils, p5-Schedule-RateLimiter,
    p5-Set-IntSpan, p5-Set-Scalar, p5-SortVersions, p5-Storable,
    p5-Term-ProgressBar, p5-Term-ReadKey, p5-Term-ReadLine,
    p5-Test-Builder-Tester, p5-Test-Cmd, p5-Test-Harness, p5-Test-Inline,
    p5-Test-Pod, p5-Test-Simple, p5-Test-Unit, p5-Tie-IxHash, p5-Tree-Simple,
    p5-UNIVERSAL-moniker, p5-Want, p5-WeakRef, p5-gettext, p5-glib2,
    p5-perl-headers, p5-subversion, p5-finance-quote, p5-Font-AFM,
    p5-Font-TTF, p5-Chart, p5-Chart-ThreeD, p5-GD, p5-GDGraph, p5-GDGraph3d,
    p5-GDTextUtil, p5-GIFgraph, p5-Gdk-Pixbuf, p5-GraphViz, p5-Image-Imlib2,
    p5-Image-Info, p5-Image-Size, p5-PerlMagick, p5-SWF-File, p5-Email-Valid,
    p5-IMAP-Admin, p5-MIME-Lite, p5-MIME-Types, p5-MIME-tools, p5-Mail-Audit,
    p5-Mail-ClamAV, p5-Mail-IMAPClient, p5-Mail-ListDetector,
    p5-Mail-Mbox-MessageParser, p5-Mail-Milter, p5-Mail-SPF-Query,
    p5-Mail-SRS, p5-Mail-Sendmail, p5-MailTools, p5-Sendmail-AccessDB,
    p5-Sendmail-PMilter, p5-User-Identity, p5-razor-agents, p5-Math-Bezier,
    p5-Math-BigInteger, p5-Math-FFT, p5-Math-Interpolate, p5-Math-MatrixReal,
    p5-Math-Pari, p5-Number-Latin, p5-Spreadsheet-ParseExcel,
    p5-Spreadsheet-WriteExcel, p5-Array-PrintCols, p5-Business-CreditCard,
    p5-Business-ISBN, p5-Business-ISBN-Data, p5-Business-UPS,
    p5-ControlX10-CM11, p5-ControlX10-CM17, p5-File-MMagic,
    p5-Geography-Countries, p5-I18N-LangTags, p5-Locale-Codes,
    p5-Locale-Maketext, p5-Locale-Maketext-Fuzzy, p5-Locale-Maketext-Lexicon,
    p5-Locale-Maketext-Simple, p5-Mac-Macbinary, p5-Msgcat, p5-Search,
    p5-xmltv, p5-DNS-ZoneParse, p5-Geo-IP, p5-INET6, p5-IO-Interface,
    p5-IO-Socket-Multicast, p5-Net, p5-Net-Bind, p5-Net-CIDR-Lite, p5-Net-DNS,
    p5-Net-DNSServer, p5-Net-Daemon, p5-Net-Gnats, p5-Net-Google, p5-Net-IP,
    p5-Net-IRC, p5-Net-Pcap, p5-Net-SNMP, p5-Net-Server, p5-Net-TFTP,
    p5-Net-Telnet, p5-Net-Telnet-Cisco, p5-Net-XWhois, p5-Net-Z3950,
    p5-NetAddr-IP, p5-NetPacket, p5-RADIUS, p5-SNMP-MIB-Compiler,
    p5-SNMP_Session, p5-SOAP-Lite, p5-Socket6, p5-Wais, p5-ispman,
    p5-Parallel-Pvm, p5-PostScript-MailLabels, p5-Authen-SASL,
    p5-Authen-SASL-Cyrus, p5-Crypt-Blowfish, p5-Crypt-CAST5_PP, p5-Crypt-CBC,
    p5-Crypt-CipherSaber, p5-Crypt-DES, p5-Crypt-DES_EDE3, p5-Crypt-DSA,
    p5-Crypt-IDEA, p5-Crypt-OpenPGP, p5-Crypt-OpenSSL-Bignum,
    p5-Crypt-OpenSSL-DSA, p5-Crypt-OpenSSL-RSA, p5-Crypt-OpenSSL-Random,
    p5-Crypt-Primes, p5-Crypt-RIPEMD160, p5-Crypt-RSA, p5-Crypt-RandPasswd,
    p5-Crypt-Random, p5-Crypt-Rijndael, p5-Crypt-Twofish, p5-Digest,
    p5-Digest-BubbleBabble, p5-Digest-HMAC, p5-Digest-Hashcash, p5-Digest-MD2,
    p5-Digest-MD4, p5-Digest-MD5, p5-Digest-Nilsimsa, p5-Digest-SHA,
    p5-Digest-SHA1, p5-IO-Socket-SSL, p5-Module-Signature, p5-Net-DNS-SEC,
    p5-Net-SSLeay, p5-SHA, p5-SSLeay, p5-Tie-EncryptedHash, p5-Lchown,
    p5-Sys-Hostname-Long, p5-Unix-Syslog, p5-Convert-ASCII-Armour,
    p5-Convert-ASN1, p5-Convert-BER, p5-Convert-PEM, p5-Cz-Cstools,
    p5-Data-FormValidator, p5-Filter, p5-PDF, p5-PDF-API2, p5-PDF-Create,
    p5-Pod-Escapes, p5-Pod-POM, p5-Pod-Simple, p5-Regexp-Common,
    p5-String-Approx, p5-String-CRC32, p5-String-ShellQuote,
    p5-Text-Autoformat, p5-Text-Balanced, p5-Text-BibTeX, p5-Text-CSV-Hash,
    p5-Text-CSV_XS, p5-Text-ChaSen, p5-Text-DelimMatch, p5-Text-Diff,
    p5-Text-Format, p5-Text-Kakasi, p5-Text-Quoted, p5-Text-Reform,
    p5-Text-Substitute, p5-Text-Tabs+Wrap, p5-Text-Template,
    p5-Text-WikiFormat, p5-Text-Wrapper, p5-XML-Checker, p5-XML-DOM,
    p5-XML-Encoding, p5-XML-Filter-BufferText, p5-XML-Filter-DetectWS,
    p5-XML-Filter-Reindent, p5-XML-Filter-SAXT, p5-XML-Grove, p5-XML-LibXML,
    p5-XML-LibXML-Common, p5-XML-LibXML-Iterator, p5-XML-LibXML-XPathContext,
    p5-XML-LibXSLT, p5-XML-NamespaceSupport, p5-XML-Node, p5-XML-NodeFilter,
    p5-XML-Parser, p5-XML-RAI, p5-XML-RSS, p5-XML-RSS-Parser, p5-XML-RegExp,
    p5-XML-SAX, p5-XML-SAX-Expat, p5-XML-Sablotron, p5-XML-Simple,
    p5-XML-Stream, p5-XML-Twig, p5-XML-UM, p5-XML-Writer,
    p5-XML-Writer-String, p5-XML-XPath, p5-XML-XQL, p5-XML-XSLT,
    p5-XML-XUpdate-LibXML, p5-XML-Xerces, p5-XML-YAWriter, p5-YAML, p5-libxml,
    p5-Time, p5-Time-HiRes, p5-Time-Period, p5-Time-Piece, p5-TimeDate,
    p5-Apache-ASP, p5-Apache-AuthCookie, p5-Apache-AuthCookieDBI,
    p5-Apache-DBILogConfig, p5-Apache-DBILogger, p5-Apache-Filter,
    p5-Apache-Gallery, p5-Apache-Reload, p5-Apache-SSI, p5-Apache-Session,
    p5-Apache-Session-Wrapper, p5-Apache-Test, p5-Apache-ePerl, p5-CGI,
    p5-CGI-Application, p5-CGI-FastTemplate, p5-CGI-FormBuilder, p5-CGI-Kwiki,
    p5-CGI-Minimal, p5-CGI-Session, p5-CGI_Lite, p5-FCGI, p5-HTML-Clean,
    p5-HTML-FillInForm, p5-HTML-FixEntities, p5-HTML-Format,
    p5-HTML-LinkExtractor, p5-HTML-Mason, p5-HTML-Parser,
    p5-HTML-PrettyPrinter, p5-HTML-Scrubber, p5-HTML-SimpleParse,
    p5-HTML-StickyQuery, p5-HTML-Table, p5-HTML-TableExtract, p5-HTML-Tagset,
    p5-HTML-Template, p5-HTML-Tree, p5-HTMLObject, p5-HTTP-DAV,
    p5-HTTP-Request-Form, p5-HTTPD-User-Manage,
    p5-MasonX-Request-WithApacheSession, p5-SVN-Web, p5-Template-Extract,
    p5-Template-Generate, p5-Template-Toolkit, p5-URI, p5-VRML,
    p5-WWW-Amazon-Wishlist, p5-WWW-Mechanize, p5-libapreq, p5-libapreq2,
    p5-libwww, p5-Tk, p5-X11-Protocol, p5-gtk, p5-gtk2
4819cd8
grant glib2 uses dlopen() 82b2e34
grant Darwin 7.7.x has poll() in libc, but no poll.h. Address this in GNU
configure packages by testing for poll.h and sys/poll.h and pretending
that there is no poll() if neither exist.
03b92e4
grant remove workaround for Darwin missing poll.h as a more correct fix is
applied globally now.
c498220
grant actually bump PKGREVISION of perl58 and BUILDLINK_RECOMMENDED to address
PR pkg/28619. this should have been part of the PKGREVISION bump of p5-*.
3e9a2b6
grant note PKGREVISION bump of perl58 to 5.8.5nb6 (perl threaded vs.
unthreaded binary pkgs).
9e52534
xtraeme Apply patch from X.org to fix:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914

While I'm here, make this build again on NetBSD -current, which has not
/usr/include/threadlib.h.

Bump PKGREVISION.
2a9f717
wiz Apply patch from Rudolf Polzer against CAN-2004-1170. 47b4155
wiz a2ps update for possible security problem. cb7ff5f
wiz + centericq-4.13.0, gnupg-1.4.0, gwenview-1.1.7, mozilla-1.7.5,
  nessus-2.2.2a, xpad-2.1.
- thunderbird-1.0, thunderbird-gtk2-1.0 (thanks, taya!)
8f6c4ce
wiz Remove gmc -- obsolete and vulnerable. f785f27
wiz Merge Makefile.common back into Makefile now that gmc is gone. 580a843
xtraeme Make sure we have defined GNU_CONFIGURE and USE_LIBTOOL before including
bsd.prefs.mk, otherwise the check for _OPSYS_MAX_CMDLEN is skipped.
c2b6116
Commits on Dec 21, 2004
agc Add file to keep track of changes to the pkgsrc-2004Q4 branch. 1fd1e02
snj Pullup ticket 172 - requested by grant beattie
build fix for libgcrypt

Module Name:    pkgsrc
Committed By:   grant
Date:           Tue Dec 21 08:57:48 UTC 2004

Modified Files:
        pkgsrc/security/libgcrypt: hacks.mk

Log Message:
fix socklen_t hack by falling through to ${TRUE} if ${GREP} fails
(pattern not matched). ugh, bash.

fixes build on Linux. reported by minskim@
624e67b
snj 172 872a01e
snj Pullup ticket 173 - requested by Matthias Scheler
security fix for mozilla-bin

Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Dec 21 10:03:45 UTC 2004

Modified Files:
        pkgsrc/www/mozilla-bin: Makefile distinfo

Log Message:
Update "mozilla-bin" package to version 1.7.5. Changes since version 1.7.3:
- NPRuntime support. NPRuntime is an extension to the Netscape Plugin API that
    was developed in cooperation with Apple, Opera, and a group of plugin
  vendors. http://www.mozilla.org/projects/plugins/npruntime.html
- Added undetectable document.all support, and support for exposing elements
    by their ID in the global scope for greater IE compatibility when viewing
  pages that don't request standards compliant behaviour.
  https://bugzilla.mozilla.org/show_bug.cgi?id=248549 and
  https://bugzilla.mozilla.org/show_bug.cgi?id=256932.
- Fix for http://secunia.com/advisories/12956/

Support for Solaris SPARC and x86 is not available due to lack of a
precompiled binary at this point of time.
eb4317f
snj 173 cefb415
Commits on Dec 22, 2004
snj Pullup ticket 174 - requested by Jeremy C. Reed
security fix for tiff

Module Name:    pkgsrc
Committed By:   reed
Date:           Wed Dec 22 03:57:15 UTC 2004

Modified Files:
        pkgsrc/graphics/tiff: Makefile buildlink3.mk distinfo
        pkgsrc/graphics/tiff/patches: patch-ag patch-ao

Log Message:
patch-ag and patch-ao already had security fixes for CESA-2004-006.
But now these are improved in response to
 iDEFENSE Security Advisory 12.21.04
 www.idefense.com/application/poi/display?id=173&type=vulnerabilities
 libtiff STRIPOFFSETS Integer Overflow Vulnerability
 December 21, 2004

This fix (in two files) was from that advisory and also seen
in tiff 3.7.1.

PKGREVISION is bumped to 6 and BUILDLINK_RECOMMENDED is adjusted for
this possible security issue. Other packages depending on this are not
bumped.
7cc31c3
snj 174 9761b84
salo Pullup ticket 175 - requested by Adrian Portelli
usability fixes for freeradius

        Module Name:    pkgsrc
        Committed By:   adrianp
        Date:           Tue Dec 21 22:16:01 UTC 2004

        Modified Files:
                pkgsrc/net/freeradius: Makefile
                pkgsrc/net/freeradius/files: radiusd.sh

        Log Message:
        - Fix freeradius not starting because of missing directory cleaned
          out at reboot.
        - Issue spotted and patch sent to me from kbrand (at) dplanet.ch,
          thanks.
        - Bumped PKGREVISION
---
        Module Name:    pkgsrc
        Committed By:   adrianp
        Date:           Wed Dec 22 10:07:21 UTC 2004

        Modified Files:
                pkgsrc/net/freeradius: Makefile
                pkgsrc/net/freeradius/files: radiusd.sh

        Log Message:
        - Portability fix, use @ROOT_USER@:@ROOT_GROUP@ as opposed to
          hardcoding root:wheel in the startup script.
        - Again thanks to kbrand (at) dplanet.ch for the suggestion.
f5e11f1
salo #175 8e9cec8
Commits on Dec 23, 2004
snj Pullup ticket 178 - requested by Juan RP
build fix for pan

Module Name:    pkgsrc
Committed By:   xtraeme
Date:           Wed Dec 22 16:19:37 UTC 2004

Modified Files:
        pkgsrc/news/pan: Makefile

Log Message:
Linux needs -lcompat as well, noted by Sebastian Prause on tech-pkg@.
---
Module Name:    pkgsrc
Committed By:   xtraeme
Date:           Wed Dec 22 16:29:44 UTC 2004

Modified Files:
        pkgsrc/news/pan: Makefile

Log Message:
Erm, fix previous, I understood this wrongly before... Linux/SunOS doesn't
need -lcompat.
91855b1
snj 178 92d493a
snj Pullup ticket 179 - requested by Adrian Portelli
security fix for xpdf

Module Name:    pkgsrc
Committed By:   adrianp
Date:           Wed Dec 22 21:24:44 UTC 2004

Modified Files:
        pkgsrc/print/xpdf: Makefile distinfo

Log Message:
- Update to 3.00pl2 to address recent security issue:
    http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
0e6944d
snj 179 781ae85
snj Pullup ticket 180 - requested by grant beattie
portability fix for libtool

Module Name:    pkgsrc
Committed By:   grant
Date:           Tue Dec 21 13:50:25 UTC 2004

Modified Files:
        pkgsrc/devel/libtool: distinfo
        pkgsrc/devel/libtool-base: Makefile
        pkgsrc/devel/libtool/patches: patch-ab patch-ac patch-ad

Log Message:
add DragonFly support from patch sent to libtool-patches:

        http://lists.gnu.org/archive/html/libtool-patches/2004-12/msg00188.html

tested with gcc2 and gcc3 in-tree compilers.

bump PKGREVISION.
---
Module Name:    pkgsrc
Committed By:   grant
Date:           Tue Dec 21 13:52:26 UTC 2004

Modified Files:
        pkgsrc/mk/platform: DragonFly.mk

Log Message:
libtool>=1.5.10nb9 actually works on DragonFly, so require at
least that version.
88551ba
snj 180 b673174
snj Pullup ticket 181 - requested by Thomas Klausner
security fix for xzgv

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Dec 23 02:01:11 UTC 2004

Modified Files:
        pkgsrc/graphics/xzgv: Makefile distinfo
Removed Files:
        pkgsrc/graphics/xzgv/patches: patch-ac

Log Message:
Update to 0.8, and add fix against vulnerability.

* Changes in xzgv 0.8

** New features

Added support for the Exif orientation tag (Exif in this context is a
form of JPEG). If you enable the "Use Exif Orientation" option in the
viewer (or `exif-orient' config/option), it'll compensate for the
(e.g.) digital camera's orientation when viewing, so pictures taken
with the camera side-on will display the way you would probably want
them to. However, since this differs from how most *other* programs
will see the files - which are, after all, carefully constructed to be
compatible with JFIF/JPEG files - and has the potential to be
extremely confusing if you don't know exactly what's going on, it's
not enabled by default. Thanks to Fraser Wright for suggesting this
feature.

** Bugfixes

Broken GIFs could overrun a buffer previously - fixed.

Added call to gtk_set_locale() which should hopefully avoid problems
when GTK+'s default font is set to something which isn't
ASCII-friendly. Thanks to Alexander Pohoyda for this one.

Fixed JPEG segfault bug on files which were corrupted after the image
itself. Thanks to Aaron Brick for spotting this one.

Fixed long-standing bug with interpolation, which could have resulted
in segfaults (though it's hard to say if it ever actually did).

Stopped selector getting permanently hidden if two middle-button
presses were too close together. Thanks to José Luis González González
for spotting this.

No longer sets background colour to black for mono PNG files, where
this may cause problems. This change was ported from zgv; thanks to
Morten Bo Johansen for spotting it there.

** Other changes

Added 9/0 keys as yet another way of doing file untag/tag. These are
last-ditch alternatives for keyboards where -/= don't make sense (some
non-US/UK keyboards), and where keypad -/+ aren't easily accessible
(e.g. laptops). Thanks to Szabó, Balázs for inspiring this one.
f15f5e3
snj 181 7ea3f3d
snj Pullup ticket 182 - requested by Johnny C. Lam
security fix for mit-krb5

Module Name:    pkgsrc
Committed By:   jlam
Date:           Thu Dec 23 04:02:39 UTC 2004

Modified Files:
        pkgsrc/security/mit-krb5: Makefile distinfo

Log Message:
Update security/mit-krb5 to 1.3.6.

        NOTE: THIS IS A SECURITY UPDATE.

Changes from version 1.3.4 include:

* [2841] Fix heap buffer overflow in password history
  mechanism. [MITKRB5-SA-2004-004]

* [2682] Fix ftpd hang caused by empty PASS command.

* [2686] Fix double-free errors. [MITKRB5-SA-2004-002]

* [2687] Fix denial-of-service vulnerability in ASN.1
  decoder. [MITKRB5-SA-2004-003]
4670604
snj 182 8b9e0b6
snj Pullup ticket 183 - requested by Mark Davies
build fix for kde3

Module Name: pkgsrc
Committed By: markd
Date:  Thu Dec 23 13:04:37 UTC 2004

Modified Files:
 pkgsrc/meta-pkgs/kde3: Makefile

Log Message:
Allow any PKGREVISION in dependencies.  Bump PKGREVISION.
63388d5
snj 183 6345c64
snj Pullup ticket 184 - requested by Mark Davies
security fix for kdegraphics3

Module Name: pkgsrc
Committed By: markd
Date:  Thu Dec 23 13:02:17 UTC 2004

Modified Files:
 pkgsrc/graphics/kdegraphics3: Makefile distinfo
Added Files:
 pkgsrc/graphics/kdegraphics3/patches: patch-aa patch-ab

Log Message:
Fix for security problem:
http://www.kde.org/info/security/advisory-20041223-1.txt
Bump PKGREVISION.
d6c2abd
snj 184 bae1b7f
Commits on Dec 24, 2004
snj Pullup ticket 185 - requested by Thomas Klausner
remove pan-gnome package

Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Dec 24 00:43:15 UTC 2004

Modified Files:
        pkgsrc/news: Makefile
Removed Files:
        pkgsrc/news/pan-gnome: DESCR Makefile PLIST distinfo
        pkgsrc/news/pan-gnome/patches: patch-aa patch-ac patch-ag

Log Message:
Remove ancient pan-gnome package because it has been vulnerable for a long time
now.
Ok from rh, the maintainer.
a64c53f
snj 185 7963b01
Commits on Dec 27, 2004
snj Pullup ticket 188 - requested by Juan RP
build fix for xorg-*

Module Name:    pkgsrc
Committed By:   xtraeme
Date:           Mon Dec 27 17:26:19 UTC 2004

Modified Files:
        pkgsrc/meta-pkgs/xorg: Makefile.common
        pkgsrc/x11/xorg-imake: Makefile distinfo
        pkgsrc/x11/xorg-imake/patches: patch-ac
        pkgsrc/x11/xorg-libs: Makefile
        pkgsrc/x11/xorg-server: Makefile

Log Message:
Finish my previous commit and unbreak xorg-*:

* Move the subst macros for threadlib.h from xorg-libs to
  xorg/Makefile.common.
* SUBST_CLASSES should be appended.

Thanks to Manuel Stuehn <manuel.stuehn@student.uni-siegen.de> for
the email showing me the problems.
a083dae
snj 188 74cc3db
Commits on Dec 28, 2004
salo Pullup ticket 189 - requested by Amitai Schlair
installation fix for php5

        Module Name:   pkgsrc
        Committed By:  jdolecek
        Date:          Mon Dec 27 20:20:23 UTC 2004

        Modified Files:
               pkgsrc/lang/php5: Makefile.php

        Log Message:
        use ${PKG_SYSCONFDIR} rather than hardcoding ${PREFIX}/etc

        Fixes PR pkg/28718 by Amitai Schlair
c4f4162
salo Pullup ticket 190 - requested by Amitai Schlair
viruscan addition for qmail

        Module Name:   pkgsrc
        Committed By:  schmonz
        Date:          Tue Dec 21 05:32:56 UTC 2004

        Modified Files:
               pkgsrc/mail/qmail: INSTALL Makefile distinfo options.mk

        Log Message:
        With the "viruscan" option, enable Russ Nelson's patch to SMTP-reject
        messages with MIME attachments that match certain signatures, as
        well as Jeremy Kitchen's patch that causes such rejections to be
        logged.

        Bump PKGREVISION.
834def8
salo #189 and #190 b993a3e
salo Pullup ticket 191 - requested by Julio M. Merino Vidal
security fix for gpdf

        Module Name:    pkgsrc
        Committed By:   jmmv
        Date:           Tue Dec 28 21:56:16 UTC 2004

        Modified Files:
                pkgsrc/print/gpdf: Makefile distinfo

        Log Message:
        Update to 2.8.1:

        * Fix integer overflows (Discovered in xpdf by Chris Evans,
          Patch by Dan Williams) - CAN 2004-0888, #156729
        * Fix some crashes with http URLs. (Mark McLoughlin) - #153159,
          #151364
        * Check for NULL BonoboControlFrames. (Loic Minier) - (#151364)
        * Handle not-installed schemas better. (Muktha Narayan, Martin)
          - #151172
        * Translation updates: Meelad Zakaria (fa), Jesus Bravo Alvarez
          (gl), Christophe Merlet (fr), Mohammad DAMT (id), Martin
          Willemoes Hansen (da)
ae45a39
salo #191 8ce2597
Commits on Dec 29, 2004
salo Pullup ticket 192 - requested by Adrian Portelli
security fix for tcpflow

        Module Name:    pkgsrc
        Committed By:   adrianp
        Date:           Wed Dec 29 11:51:39 UTC 2004

        Modified Files:
                pkgsrc/net/tcpflow: Makefile distinfo
                pkgsrc/net/tcpflow/patches: patch-aa

        Log Message:
        - Update to 0.21
        - Security fix
          (http://www.atstake.com/research/advisories/2003/a080703-2.txt)
        - PPP interfaces supported
1661c86
salo #192 e73dde0
Commits on Dec 30, 2004
salo Pullup ticket 193 - requested by Matthias Scheler
security fix for opera7

        Module Name:	pkgsrc
        Committed By:	tron
        Date:		Wed Dec 29 23:19:34 UTC 2004

        Modified Files:
        	pkgsrc/www/opera7: Makefile distinfo

        Log Message:
        Update "opera" package to version 7.54u1 (as 7.54pl1). Changes since
        version 7.54:
        - Tightened origin check for frames, fixing issue reported in Secunia
          Advisory 13253. A side effect of this is that documents not passing
          the origin check will open in a new page.
        - Fixed issue reported by Marc Schönefeld: intrusive JavaScript or
          Java applet could exploit Sun Java vulnerability to retrieve
          logged-in user's username and install directory.
        - Fixed LiveConnect class access security issue reported by Jouko
          Pynnönen.
        - Fixed download issue reported by Andreas Sandblad, Secunia
          Research, described in Secunia Advisory 12981: periods and
          non-breaking spaces in content-type header type could obscure file
          type.
        - Improved support for the "must-revalidate" cache directive.
70c2d6c
salo #193 cae7fcb
snj Pullup ticket 199 - requested by Mark Davies
security fix for koffice

    Module Name: pkgsrc
    Committed By: markd
    Date:  Thu Dec 30 21:49:14 UTC 2004

    Modified Files:
     pkgsrc/misc/koffice: Makefile distinfo
    Added Files:
     pkgsrc/misc/koffice/patches: patch-ac patch-ad

    Log Message:
    Add patches to address the latest xpdf security issue in the PDF import
    filter. Bump PKGREVISION.
2504b7b
snj 199 fcbb7ba
Commits on Jan 05, 2005
salo Pullup ticket 205 - requested by Takahiro Kambe
security fix for squid

        Module Name:	pkgsrc
        Committed By:	taca
        Date:		Fri Dec 31 13:31:37 UTC 2004

        Modified Files:
        	pkgsrc/www/squid: Makefile distinfo

        Log Message:
        Add two official fix.

        * 2004-12-28 12:55 (Minor) Don't close "other" filedescriptors on
          startup
        * 2004-12-27 18:54 (Minor Security) Confusing results on empty acl
        * declarations

        Bump package revision.
---
        Module Name:	pkgsrc
        Committed By:	taca
        Date:		Sat Jan  1 15:57:42 UTC 2005

        Modified Files:
        	pkgsrc/www/squid: Makefile distinfo

        Log Message:
        Update DIST_STAMP to change DIST_SUBDIR because of some patches
        were changed their size.
66cc7e4
salo #205 c64cd7d
salo Pullup ticket 206 - requested by Johnny C. Lam
security fix for perl58

        Module Name:	pkgsrc
        Committed By:	jlam
        Date:		Tue Jan  4 09:50:15 UTC 2005

        Modified Files:
        	pkgsrc/lang/perl58: Makefile distinfo
        	pkgsrc/lang/perl58/patches: patch-ca
        Added Files:
        	pkgsrc/lang/perl58/patches: patch-bd patch-be

        Log Message:
        Fix instances of insecure use of /tmp that is subject to symlink
        attacks due to race conditions [CAN-2004-0976].  Also fix builds
        on *BSD boxes without a hostname set.  Bump PKGREVISION.
87e8376
salo #206 da19b54
Commits on Jan 06, 2005
salo Pullup ticet 207 - requested by Mark Davies
portability fix for kdelibs3

        Module Name:	pkgsrc
        Committed By:	markd
        Date:		Wed Jan  5 10:27:43 UTC 2005

        Modified Files:
        	pkgsrc/x11/kdelibs3: Makefile distinfo
        	pkgsrc/x11/kdelibs3/patches: patch-cg

        Log Message:
        patch from KDE_3_3_BRANCH to stop SIGBUS on Solaris during URL
        completion.  Bump PKGREVISION.
3f54a7b
salo Pullup ticket 208 - requested by Mark Davies
security fix for kdelibs3

        Module Name:	pkgsrc
        Committed	By: markd
        Date:		Wed Jan  5 10:36:23 UTC 2005

        Modified Files:
        	 pkgsrc/x11/kdelibs3: Makefile distinfo
        Added Files:
        	pkgsrc/x11/kdelibs3/patches: patch-aq

        Log Message:
        The FTP kioslave can be misused to execute any ftp command on the
        server or be a vector for sending out unsolicited email.
        http://www.kde.org/info/security/advisory-20050101-1.txt
        Bump PKGREVISION.
f4a8660
salo #207 & #208 8a25458
salo Pullup ticket 209 - requested by Julio M. Merino Vidal
usability fix for fam

        Module Name:	pkgsrc
        Committed By:	jmmv
        Date:		Wed Jan  5 16:21:06 UTC 2005

        Modified Files:
        	pkgsrc/sysutils/fam: Makefile
        	pkgsrc/sysutils/fam/files: IMonKQueue.c++

        Log Message:
        Fix some long-standing kqueue bugs that have been bothering me for
        a long time.  For example, simply running 'nautilus /' could lock
        up famd in pipewr status.  To fix:

        - Make the struct devino's sorting function work properly; otherwise
          the map behaves incorrectly.
        - Handle kqueue errors if they are returned as an entry in the events
          table (with flags containing EV_ERROR).

        While here, add more debugging code that helped me catch this issue
        (some extra messages and assertions).

        Also reenable assertions (except on Darwin as, according to version
        1.14 of the Makefile, they cause problems).

        Not bumping revision because kqueue support is still off by default.
3b9768b
salo #209 f6f4445
Commits on Jan 07, 2005
salo Pullup ticket 110 - requested by Matthias Scheler
security fix for xine-lib

        Module Name:	pkgsrc
        Committed By:	tron
        Date:		Thu Jan  6 12:04:08 UTC 2005

        Modified Files:
        	pkgsrc/multimedia/xine-lib: Makefile buildlink3.mk distinfo
        Added Files:
        	pkgsrc/multimedia/xine-lib/patches: patch-aj

        Log Message:
        Fix buffer overflow reported in CAN-2004-1300, bump package revision.
ed1de79
salo #210 c6ef12c
salo Pullup ticket 211 - requested by Adrian Portelli
security fix for nasm

        Module Name:	pkgsrc
        Committed By:	adrianp
        Date:		Thu Jan  6 13:06:10 UTC 2005

        Modified Files:
        	pkgsrc/devel/nasm: Makefile distinfo
        Added Files:
        	pkgsrc/devel/nasm/patches: patch-ac patch-ad patch-ae patch-af
        	patch-ag patch-ah patch-ai

        Log Message:
        Bump to nb1 for recent security issue:
        http://sourceforge.net/mailarchive/forum.php?thread_id=6166881&forum_id=4978
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1287
144da1c
salo #211 cc89b42
salo Pullup ticket 213 - requested by Adrian Portelli
security fix for tnftp

        Module Name:	pkgsrc
        Committed By:	lukem
        Date:		Tue Jan  4 23:18:56 UTC 2005

        Update of /cvsroot/pkgsrc/net/tnftp/files
        In directory ivanova.netbsd.org:/tmp/cvs-serv1263

        Log Message:
        Import tnftp 20050103.
        Various changes, including:
        	* forbid mget of filenames that aren't in or below
                  the local cwd.
        	* improve auto-fetch transfers
        	* improve www/proxy authentication support
        	* improve http response header parsing
        	* change UCB-licensed code from 4-clause to 3-clause
4476f6d
salo #213 d927ddd
Commits on Jan 08, 2005
salo Pullup ticket 212 - requested by Adrian Portelli
security fix for vim

        Module Name:	pkgsrc
        Committed By:	cjs
        Date:		Wed Jan  5 11:03:44 UTC 2005

        Modified Files:
        	pkgsrc/editors/vim: Makefile
        	pkgsrc/editors/vim-share: Makefile.common

        Log Message:
        Move --enable-multibyte from vim/Makefile to
        vim-share/Makefile.common, since it should be not just the command
        line version of vim but all versions (e.g., gtk) that use this.
---
        Module Name:	pkgsrc
        Committed By:	adrianp
        Date:		Thu Jan  6 20:38:06 UTC 2005

        Modified Files:
        	pkgsrc/editors/vim-share: Makefile.common distinfo
        	pkgsrc/editors/vim: Makefile
        	pkgsrc/editors/vim-gtk: Makefile
        	pkgsrc/editors/vim-gtk2: Makefile
        	pkgsrc/editors/vim-motif: Makefile
        	pkgsrc/editors/vim-xaw: Makefile

        Log Message:
        Bump to 6.3.045 for recent security issue

        6.3.001  ":browse split" gives file selection dialog twice
        6.3.002  utf-8 detection in translated help files is wrong
        6.3.003  crash when using console dialog without default choice
        6.3.004  too many hit-enter prompts when searching for long string
        6.3.005  crash when searching with character offset in closed fold
        6.3.006  the current directory is prepended to the ":breakadd" argument
        6.3.007  swap file is not deleted for a "nofile" buffer after ":cd"
        6.3.008  OS/2: can't compile, missing error message
        6.3.009  (after 6.3.006) ":breakadd file" does not match for a symlink
        6.3.010  writing to a named pipe causes an error message for fsync()
        6.3.011  crash when user command completion uses "normal :cmd"
        6.3.012  lalloc(0) error for substitute command with multi-line pattern
        6.3.013  crash when using CTRL-R = in command line uses "normal :cmd"
        6.3.014  default value of 'helplang' is wrong for Chinese and Taiwanese
        6.3.015  the string returned by winrestcmd() may end in garbage
        6.3.016  'define' default had "\s" before #, breaks "[d"
        6.3.017  "9zz" could place the cursor beyond the end of a line
        6.3.018  ":0argadd zero" added the argument after the first one
        6.3.019  crash during startup when compiled for debugging
        6.3.020  "dw" doesn't work right for UTF-8 when 'delcombine' is set
        6.3.021  can't edit file with path separator in trail byte of last char
        6.3.023  when <Space> is remapped abbreviations are not expanded
        6.3.024  missing NUL for strings created with ga_concat()
        6.3.026  setting 'bg' in syncolor.vim may cause endless loop or crash
        6.3.027  VMS: Writing a file may insert extra CR characters
        6.3.028  the BOM marker is written when appending to a file
        6.3.029  crash in syntax highlighting code when inserting a line break
        6.3.030  GTK 2: crash when 'enc' is set to "utf-8" and menus redefined
        6.3.031  pressing Tab when entering a mapping may cause a display error
        6.3.032  with Python 2.3 using threads doesn't work
        6.3.033  mapping ending in two-char command doesn't restart Insert mode
        6.3.034  VMS: crash in RTL when using :help, caused by ? wildcard
        6.3.036  ml_get errors when fold was deleted
        6.3.037  (after 6.3.032) warning for unused variable
        6.3.039  line numbers not updated when inserting a line above window
        6.3.040  window count for a buffer was wrong after error handling
        6.3.042  CTRL-X CTRL-E in Insert mode does not scroll fold correctly
        6.3.043  'hlsearch' highlighting sometimes disappears
        6.3.045  some option values may cause trouble in a modeline
d963f48
salo #212 2ec45a8
Commits on Jan 10, 2005
salo Pullup ticket 219 - requested by Manuel Bouyer
build fix for p5-DBD-mysql

        Module Name:	pkgsrc
        Committed By:	seb
        Date:		Tue Dec 21 23:58:03 UTC 2004

        Modified Files:
        	pkgsrc/databases/p5-DBD-mysql: Makefile

        Log Message:
        Fix build: p5-Data-ShowTable had its PKGREVISION bumped, be more
        liberal on the version this package requires.
7e79131
Commits on Jan 11, 2005
salo Pullup ticket 220 - requested by Manuel Bouyer
runtime fix for horde

        Module Name:	pkgsrc
        Committed By:	bouyer
        Date:		Mon Jan 10 16:25:27 UTC 2005

        Modified Files:
        	pkgsrc/www/horde: Makefile

        Log Message:
        Horde has a run-time dependancy on ../../sysutils/pear-Log
a1738dd
salo #219 & #220 834360d
salo Pullup ticket 214 - requested by Johnny C. Lam
security and build fixes for cups

        Module Name:	pkgsrc
        Committed By:	minskim
        Date:		Wed Dec 29 15:31:24 UTC 2004

        Modified Files:
        	pkgsrc/print/cups: Makefile

        Log Message:
        Use VARBASE.
---
        Module Name:	pkgsrc
        Committed By:	jmmv
        Date:		Tue Jan  4 14:48:22 UTC 2005

        Modified Files:
        	pkgsrc/print/cups: buildlink3.mk

        Log Message:
        OpenSSL is needed here because 'cups-config --libs' lists -lssl
        as a dependency (so we need it in the buildlink directory to build
        other packages).  Should fix build of libgnomeprint shown in
        minskim@'s latest Linux bulk build.
---
        Module Name:	pkgsrc
        Committed By:	jlam
        Date:		Thu Jan  6 07:26:39 UTC 2005

        Modified Files:
        	pkgsrc/print/cups: Makefile PLIST distinfo
        	pkgsrc/print/cups/files: cupsd.sh
        Added Files:
        	pkgsrc/print/cups/patches: patch-at

        Log Message:
        Update print/cups to 1.1.23.  Changes from version 1.1.22 include:

        - The scheduler's is_path_absolute() code could cause a DoS
          (STR #1042)
        - The scheduler's device loading code used the wrong size limits
          for the make/model and info parameters (STR #1035)
        - The PNG loading code did not use a "long unsigned integer"
          format specifier for the width and height (STR #1032)
        - The web interface only showed the first 4 or 8 characters of
          "{variable-name}" for undefined template variables (STR #1031)
        - The hpgltops filter did not handle a common PCL command to enter
          HP-GL/2 mode (STR #1037)
        - The scheduler no longer sends the page-set option when printing
          banner pages (STR #995)
        - The hpgltops filter contained two buffer overflows that could
          potentially allow remote access to the "lp" account (STR #1024)
        - The lppasswd command did not protect against file descriptor or
          ulimit attacks (STR #1023)
        - The "lpc status" command used the wrong resource path when
          querying the list of printers and jobs, causing unnecessary
          authentication requests (STR #1018)
        - The httpWait() function did not handle signal interruptions
          (STR #1020)
        - The USB backend used the wrong size status variable when
          checking the printer status (STR #1017)
        - The scheduler did not delete classes from other classes or
          implicit classes, which could cause a crash (STR #1015)
        - The IPP backend now logs the remote print job ID at log level
          NOTICE instead of INFO (so it shows up in the error_log file...)
---
        Module Name:	pkgsrc
        Committed By:	jlam
        Date:		Thu Jan  6 18:22:29 UTC 2005

        Modified Files:
        	pkgsrc/print/cups: distinfo
        	pkgsrc/print/cups/patches: patch-at

        Log Message:
        Don't create the directories during installation... let the pkgsrc
        INSTALL script handle it instead to ensure proper ownership.
---
        Module Name:	pkgsrc
        Committed By:	salo
        Date:		Tue Jan 11 00:09:21 UTC 2005

        Modified Files:
        	pkgsrc/print/cups: buildlink3.mk

        Log Message:
        Bump BUILDLINK_RECOMMENDED after latest security update.
a30beb4
salo #214 7850f03
Commits on Jan 15, 2005
snj Pullup ticket 226 - requested by Takahiro Kambe
security fix for squid

 Module Name:    pkgsrc
 Committed By:   taca
 Date:           Thu Jan 13 16:19:10 UTC 2005

 Modified Files:
         pkgsrc/www/squid: Makefile distinfo

 Log Message:
 Add three official fixes.

 o 2005-01-12 17:21 (Security issue) Denial of service with forged WCCP messages
 o 2005-01-12 17:19 (Security issue) buffer overflow bug in gopherToHTML()
 o 2005-01-08 03:13 (Medium) fakeauth_auth memory leak and NULL pointer access

 Bump package revision.
2969ada
snj 226 1c61960
snj Pullup ticket 227 - requested by Matthias Drochner
security fix for mpg123

   Module Name:  pkgsrc
   Committed By: drochner
   Date:         Fri Jan  7 14:52:13 UTC 2005

   Modified Files:
         pkgsrc/audio/mpg123: Makefile distinfo
   Added Files:
         pkgsrc/audio/mpg123/patches: patch-as patch-at

   Log Message:
   Fix a buffer overflow by a malicous playlist (CAN-2004-1284).
   Being here, fix a possible problem which was mentioned in conjunction
   with CAN-2003-0577 - zero bitrate makes mpg123 assume a negative
   frame size.
   bump PKGREVISION
---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Jan 12 11:52:38 UTC 2005

   Modified Files:
           pkgsrc/audio/mpg123: distinfo
           pkgsrc/audio/mpg123/patches: patch-ar

   Log Message:
   another header valdation (CAN-2004-0991)
   ride on recent PKGREVISION bump
---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Wed Jan 12 14:17:44 UTC 2005

   Modified Files:
           pkgsrc/audio/mpg123: Makefile
           pkgsrc/audio/mpg123-esound: Makefile
           pkgsrc/audio/mpg123-nas: Makefile

   Log Message:
   PKGREVISION bump for security fix (previous bump was >4 days ago.
1bb8cc3
snj 227 038585d
Commits on Jan 17, 2005
snj Pullup ticket 221 - requested by Min Sik Kim
build fix for nbitools

   Module Name:    pkgsrc
   Committed By:   minskim
   Date:           Tue Dec 28 10:30:58 UTC 2004

   Modified Files:
          pkgsrc/devel/nbitools: distinfo
          pkgsrc/devel/nbitools/patches: patch-ag

   Log Message:
   Include sys/stat.h to use "struct stat" on Linux.

   To generate a diff of this commit:
   cvs rdiff -r1.3 -r1.4 pkgsrc/devel/nbitools/distinfo
   cvs rdiff -r1.1 -r1.2 pkgsrc/devel/nbitools/patches/patch-ag
---
   Module Name:    pkgsrc
   Committed By:   minskim
   Date:           Thu Dec 30 00:04:56 UTC 2004

   Modified Files:
          pkgsrc/devel/nbitools: Makefile

   Log Message:
   Use GNU make on Linux because imake generates Makefile that requires
   GNU make.

   To generate a diff of this commit:
   cvs rdiff -r1.5 -r1.6 pkgsrc/devel/nbitools/Makefile
e6457e9
snj 221 39ce993
snj Pullup ticket 222 - requested by Juan RP
build fix for xorg-libs

   Module Name:    pkgsrc
   Committed By:   xtraeme
   Date:           Thu Jan 13 00:01:15 UTC 2005

   Modified Files:
           pkgsrc/x11/xorg-libs: Makefile PLIST.OpenBSD

   Log Message:
   Fix PLIST for OpenBSD, reported by Lasse Kliemann on tech-pkg@.

   Bump PKGREVISION.
---
   Module Name:    pkgsrc
   Committed By:   xtraeme
   Date:           Thu Jan 13 01:40:27 UTC 2005

   Modified Files:
           pkgsrc/x11/xorg-libs: PLIST.OpenBSD

   Log Message:
   Add some more missing libs, required by xorg-clients. Reported by
   Lasse Kliemann on tech-pkg@.
---
   Module Name:    pkgsrc
   Committed By:   xtraeme
   Date:           Sat Jan 15 17:04:22 UTC 2005

   Modified Files:
           pkgsrc/x11/xorg-libs: PLIST.OpenBSD

   Log Message:
   Add some more libs for OpenBSD, reported by Lasse Kliemann on tech-pkg@.
2507e72
snj 222 a20a1bd
snj Pullup ticket 223 - requested by Juan RP
build fix for icewm and friends

   Module Name:    pkgsrc
   Committed By:   xtraeme
   Date:           Thu Jan 13 01:31:53 UTC 2005

   Modified Files:
           pkgsrc/wm/icewm: Makefile distinfo
           pkgsrc/wm/icewm-gnome: Makefile
           pkgsrc/wm/icewm-imlib: Makefile
   Added Files:
           pkgsrc/wm/icewm/patches: patch-af

   Log Message:
   Fix the icewm* packages on NetBSD >= 2.0 (with native iconv(3)), the
   problem was that the prototype used by this was not matching the NetBSD
   one, which uses ``const char **'' as its second argument, when libiconv
   and POSIX uses ``char **''.

   This closes PR pkg/28693.

   Bumped PKGREVISION to all icewm* pkgs for the bulk builds.
---
   Module Name:    pkgsrc
   Committed By:   xtraeme
   Date:           Thu Jan 13 10:14:45 UTC 2005

   Modified Files:
           pkgsrc/wm/icewm: Makefile
           pkgsrc/wm/icewm-gnome: Makefile
           pkgsrc/wm/icewm-imlib: Makefile

   Log Message:
   There's no need to bumping PKGREVISION, because the packages were
   not building before, thanks jmmv.
91bc824
snj 223 92aef36
snj Pullup ticket 228 - requested by Julio M. Merino Vidal
update (for ease of distfile retrieval and bugfixes) sun-jdk15 and sun-jre15

Module Name:	pkgsrc
Committed By:	jmmv
Date:		Sat Jan 15 21:56:46 UTC 2005

Modified Files:
	pkgsrc/lang/sun-jdk15: Makefile PLIST distinfo
	pkgsrc/lang/sun-jre15: Makefile PLIST distinfo

Log Message:
Update sun-jdk15 and sun-jre15 to 1.5.0_01 (which in pkgsrc is represented
by version 5.0.1).

List of bugs fixed in this release:

5087041 - hotspot - compiler1 - Tiger b62 vm crashes in client compiler
5026838 - hotspot - compiler2 - 1.4.2_04 Server JVM crashes on Linux
5033614 - hotspot - compiler2 - ClassLoaders do not get released by GC,
          causing OutOfMemory in Perm Space
5071820 - hotspot - compiler2 - server VM crashes with -Xcomp in 1.4.2_05
5090967 - hotspot - garbage_collector - SIGSEGV in
          ContiguousSpace::prepare_for_compaction(CompactPoint*)
5096167 - hotspot - jvmti - null class name crashes VM if ClassFileLoadHook
          is enabled
6195632 - hotspot - other - jhelper must be recompiled with the beta version
          of dtrace
5095421 - hotspot - runtime_system - amd64 vm should not crash on em64t
5101288 - hotspot - runtime_system - async exception can be delivered on entry
          from native to vm
4993280 - java - apt - apt should favor source files over class files for
          type information
4996963 - java - apt - apt could accept class files and java files on the
          command line
5095716 - java - apt - RoundState.finalRound computed improperly
5096931 - java - apt - TypeDeclaration.getMethods needs to screen out static
          initializers
5096932 - java - apt - Bad comparator in SourceOrderDeclScanner
6174696 - java - apt - apt getTypeDeclaration(Strings) cannot find classes
          that are not already loaded
5079070 - java - build - metadata incorrect for 1.5.0_01
5099622 - java - build - Don't use javah_g in j2se build
5106516 - java - build - Please define JDK update version in makefile
5108366 - java - build - invalid characters in English LICENSE file in tiger
          b64 solaris/linux bundles
6174598 - java - build - Need to backout fix for 5106516
6201982 - java - build - Solaris 8 Build patch requirement change, need
          109147-32/109148-32 (ld/dtrace issue)
4806753 - java - char_encodings - Using alternating charsets with
          String(byte[]) and String.getBytes is very slow
5002890 - java - char_encodings - (cs) Charset.isSupported is slow when
          invoked for different charsets
5066464 - java - classes_2d - JDK 1.5 fontconfig.properties should not include
          abolute path to physical font
6173770 - java - classes_2d - JCK-5.0 test
          api/java_awt/Graphics/index.html#CopyArea[Graphics0018_14] fails
          intermittently
4972534 - java - classes_awt - [Tiger]Can't input anything into textfields on
          solaris10 by JRE1.5-B32
5076963 - java - classes_awt - JNI bugs in sun.awt.windows.WToolkit.eventLoop()
5085626 - java - classes_awt - Exponential performance regression in AWT
          components (multiple monitors)
5088782 - java - classes_awt - AWT application does not load : throws NPE
5093198 - java - classes_awt - XAWT: Java crashes on window
          dispose/getLocationOnScreen
6178323 - java - classes_awt - REGRRESSION: sun.awt.windows.WComponentPeer
          throws exception "couldn't create component peer"
5097856 - java - classes_lang - (reflect) hashCode of TypeVariable causes
          StackOverflowError
5101311 - java - classes_lang - NullPointerException thrown when environment
          contains strings without `='
5101626 - java - classes_lang - Unexpected NPE from toLowerCase
5082105 - java - classes_net - InetAddress.isReachable() leaves open handles
          after execution
5086348 - java - classes_net - URL.openConnection(Proxy.NO_PROXY) throws
          NULLPointerException
5087907 - java - classes_net - InetAddress.getAllByName does not obey setting
          of java.net.preferIPv6Addresses
6197569 - java - classes_net - VM crash if java application tries to use
          system proxy (Solaris10 build 71 CDE only)
5100121 - java - classes_nio - (se) select not immune to EINTR (linux)
5072953 - java - classes_security - AuthorityInfoAccess certificate extension
          is being ignored.
5100603 - java - classes_security - Need JKS KeyStore with case sensitive
          alias names
4890345 - java - classes_swing - 1.4.2 REGRESSION: JComboBox has problem in
          JTable in Windows L&F
4959489 - java - classes_swing - NPE in
          javax.swing.text.html.ParagraphView.paint()
5036904 - java - classes_swing - JFileChooser in Motif L&F does not comply
          with Section 508
5059744 - java - classes_swing - [App]Press Ctl+Space, there is exception
          thrown in jgraphpad
5061077 - java - classes_swing - Exception with JFileChooser in GTK LNF
5073869 - java - classes_swing - Synth does not resolve styles with name and
          region matches correctly
5077647 - java - classes_swing - Under GTK L&F JFileChooser does not have
          drag support at all.
5080144 - java - classes_swing - REGRESSION: XP L&F: JTextField.setEditable()
          does not change background color
5082298 - java - classes_swing - REGRESSION:
          com/sun/java/swing/plaf/gtk/5048769/bug5048769.sh fails
5084107 - java - classes_swing - Regression: JTextPane doesn't wrap with RTL
          ComponentOrientation
5087905 - java - classes_swing - REGRESSION: CSS cause NPE for unknown colours
5088268 - java - classes_swing - REGRESSION: Suns Default CSS has bad styles
          for lists
5089077 - java - classes_swing - Regression: NPE when relative font sizes used
          in html
5092815 - java - classes_swing - REGRESSION: Simplified chinese file name not
          displayed correctly in JFileChooser
5094122 - java - classes_swing - Applets fail w/ GTK L&F due to security
          manager.
5096948 - java - classes_swing - 1.5.0 Regression: NPE when switching from
          Metal L&F with JComboBox
5097973 - java - classes_swing - REGRESSION: table border nonumerical width
          is broken
6175284 - java - classes_swing - REGRESSION:
          javax/swing/JScrollPane/5096948/bug5096948.java fails to compile
5101540 - java - classes_util_i18n - New Turkish currency
4856983 - java - compiler - (crash) mutually f-bounded type vars with multiple
          bounds may crash javac
5081785 - java - compiler - (enum) Empty enum declartion allowed in non-static
          context
5090006 - java - compiler - javac fails with assertion error
5090126 - java - compiler - Clean up com.sun.tools.javac.Main specification
          to reflect CCC 5087488
5092545 - java - compiler - Assertion failed in javac (ClassWriter.java:513)
5094318 - java - compiler - REGRESSION: Array cloning is not backwards
          compatible
5097548 - java - compiler - (crash) Stack overflow in capture conversion
5105890 - java - compiler - (codegen) constant folding broken for conditional
          operator
4853713 - java - doc - Dummy bug report
5092670 - java - doc - tiger supported platforms - discrepancy between internal
          and external matrix
5100416 - java - doc - JDK5.0 README.html references deprecated JVMPI/JVMDI,
          should reference JVM TI
5104731 - java - doc - README files need info about CA certificates
5082481 - java - drag&drop - normal DnD program causes "FATAL ERROR in native
          method"
5057832 - java - install - update releases need to be resolved for namechange
5066525 - java - install - Java Control Panel desktop file needs to be fixed
          (for Cinnabar)
5083395 - java - install - SUNWj5cfg missing class action script for "e" type
          files
5084556 - java - install - Regression: Java icon isn't updated to 1.5.0_01
          on Win98 only
6173968 - java - install - ALT_JRE_CAB_URL default does not need a -jre or -jdk
6175102 - java - install - xpi installer is broken as a result of 5.0 jinstall
          arg changes
6175981 - java - install - Uninstallation through Add/Remove
          Programs/Change/Remove fails and throws a fatal error on AMD
6177485 - java - install - jre1.5.0.10 found in Fearure Descripion of the
          JDK1.5.0_01 b03 Install Wizard
6196130 - java - install - Java default selection not robust on Micro release
6176978 - java - javadoctool - current Javadoc's invocation and extension
          (Doclet) mechanisms are problematic
5109805 - java - localization - l10n for 4996963: apt resource has 6 new
          properties
6174188 - java - localization - l10n for 5081785 & 5097250: compiler resource
          has 2 new properties
5054778 - java - qa_web_eng - problems in http://java.sun.com/
6208691 - java - qa_web_eng - 5.0u1 releasenotes has "SDK"
5093343 - java - runtime - Verifier allows hidden field initialization before
          super() call
5078608 - java_deployment - compression - Digital signatures are invalid after
          unpacking
5062648 - java_deployment - configuration - Wrong initialization order in
          Config.initialize()
6182774 - java_deployment - update - Java Update on XP causing increase in
          java.sun.com traffic
5077565 - java_plugin - iexplorer - Java Script event handlers issue.
5081700 - java_plugin - iexplorer - Java Plug-In no longer supports
          'javascript:' URLs after MS Hotfix 867801
5050796 - java_plugin - misc - REGRESSION: Graybox is not resizable for
          relative dimension applet
5094966 - java_plugin - misc - Mimetypes 1.5.0_01 not recognized on Mozilla
          browser for Solaris and Linux
5100835 - java_plugin - misc - mime type should be updated automatically for
          java update
5076437 - java_plugin - solaris - [cinnabar14] mozilla crashes when opening a
          java applet - intermittent
5047548 - javawebstart - download_engine - Lazy downloading of parts with
          packages is broken
5109575 - javawebstart - download_engine - Authenticating Proxy causes
          NoSuchMethodError when using pre-1.4 jre's
5074087 - javawebstart - general - if title is not specified for
          related-content, app cannot start on windows
5086391 - javawebstart - other - please refert back to 1.4.2 behaviour of
          checking changed jar files...
5093922 - jmx - classes - NotificationBroadcasterSupport should not use
          synchronized(this)
4425728 - jsse - examples - rmi server closes the connection early
5091352 - jsse - runtime - Allow null localKeyID attribute in pkcs12 with
          one private key
---
Module Name:	pkgsrc
Committed By:	jmmv
Date:		Mon Jan 17 16:17:24 UTC 2005

Modified Files:
	pkgsrc/lang/sun-jre15: Makefile PLIST

Log Message:
Humm... fix PLIST, which got completely broken during previous update.
Bump PKGREVISION to 1.
ad28d2e
snj 228 b16dc9a
Commits on Jan 19, 2005
salo Pullup ticket 231 - requested by Min Sik Kim
build fix for canna

        Module Name:    pkgsrc
        Committed By:   minskim
        Date:           Thu Jan 13 12:18:42 UTC 2005

        Modified Files:
               pkgsrc/inputmethod/canna: distinfo
               pkgsrc/inputmethod/canna/patches: patch-ac

        Log Message:
        Regen to make GNU patch happy.
926902e
salo #231 86f3d97
salo Pullup ticket 230 - requested by Min Sik Kim
security fix for awstats

        Module Name:    pkgsrc
        Committed By:   minskim
        Date:           Wed Dec 29 10:22:27 UTC 2004

        Modified Files:
               pkgsrc/www/awstats: Makefile PLIST distinfo

        Log Message:
        Update awstats to 6.2 and take maintainership.

        Changes:
        - awstats_updateall.pl: Added -excludeconf option
        - Allow plugins to add entry in menu.
        - Allow plugins to add charts with its own way to compile data
          inside the update process.
        - Added the geoip_region_maxmind and geoip_city_maxmind plugins.
        - maillogconvert.pl: Support postfix 2.1 that change its log
          format using NOQUEUE string instead of a number for mails that
          are rejected before being queued.
        - Little speed improvments.
        - Counts javascript disabled browsers (A new MiscTracker feature).
        - When a direct access to last line is successfull, awstats is
          directly in mode "NewLine". No need to find a more recent record
          for this. This means the NotSortedRecordTolerance works even
          between end and start of updates.
        - You can use a particular not used field in your log file to build
          a personalized report with the ExtraSection feature. Just use
          a personalized log format and use the tag %extraX (where X is
          a number) to name field you want to use, then, in ExtraSection
          parmaters, you can use extraX to tell wich info to use to extract
          data for building the chart.
        - Support method "put" when analyzing ftp log files.
        - Added a bold style around current day/month in label of charts.
        - Bug fixes and documentation improvements.
---
        Module Name:    pkgsrc
        Committed By:   minskim
        Date:           Tue Jan 18 13:37:26 UTC 2005

        Modified Files:
               pkgsrc/www/awstats: Makefile PLIST distinfo

        Log Message:
        Update awstats to 6.3.

        Changes:

        New features/improvements:
        - Added the geoip_isp_maxmind and geoip_org_maxmind plugin.
        - Details firefox versions.

        Fixes:
        - The geoip_city_maxmind plugin was sometimes bind and towns with
          space in names are reported correctly.
        - Removed an unknown security hole.
        - Removed an other unknown security hole (found by iDEFENSE).
        - Restart of apache works correctly on debian.

        Other/Documentation:
        - Updated documentation
        - Updated language files
---
        Module Name:	pkgsrc
        Committed By:	minskim
        Date:		Wed Jan 19 12:49:33 UTC 2005

        Modified Files:
        	pkgsrc/www/awstats: Makefile PLIST

        Log Message:
        Correct PLIST and file permission.  Noted by salo@.

        Bump PKGREVISION.
c05cda4
salo #230 fbc1e97
Commits on Jan 21, 2005
salo Pullup ticket 235 - requested by Dan McMahill
build fix for octave-forge

Patch supplied by the requester.
Add missing USE_FORTRAN to allow this package to compile.
02b3d0a
salo #235 be398e8
salo Pullup ticket 232 - requested by Min Sik Kim
build fix for nbitools

Revisions pulled up:
- pkgsrc/devel/nbitools/buildlink3.mk 1.3

        Module Name:    pkgsrc
        Committed By:   minskim
        Date:           Tue Jan 18 17:05:21 UTC 2005

        Modified Files:
               pkgsrc/devel/nbitools: buildlink3.mk

        Log Message:
        Let packages that require nbitools use GNU make on Linux, because
        imake in nbitools generates Makefile that needs GNU make on Linux.
ba05ee8
salo #232 8f8bacc
snj Pullup ticket 234 - requested by Mark Davies
security fix for kdegraphics3

Revisions pulled up:
- pkgsrc/graphics/kdegraphics3/Makefile 1.45
- pkgsrc/graphics/kdegraphics3/distinfo 1.25
- pkgsrc/graphics/kdegraphics3/patches/patch-ac 1.4

    Module Name: pkgsrc
    Committed By: markd
    Date:  Thu Jan 20 12:36:58 UTC 2005

    Modified Files:
     pkgsrc/graphics/kdegraphics3: Makefile distinfo

    Log Message:
    Latest xpdf vulnerability
    http://www.kde.org/info/security/advisory-20050119-1.txt
    Bump PKGREVISION.
---
    Module Name:    pkgsrc
    Committed By:   markd
    Date:           Thu Jan 20 12:39:56 UTC 2005

    Added Files:
            pkgsrc/graphics/kdegraphics3/patches: patch-ac

    Log Message:
    add patch that was supposed to be in last commit.
c59dc35
snj 234 b1daca3
snj Pullup ticket 237 - requested by Lubomir Sedlacik
security fix for etheral

Revisions pulled up:
- pkgsrc/net/ethereal/Makefile 1.101-1.102
- pkgsrc/net/ethereal/PLIST 1.19
- pkgsrc/net/ethereal/distinfo 1.32

   Module Name:    pkgsrc
   Committed By:   minskim
   Date:           Sat Jan  1 17:55:38 UTC 2005

   Modified Files:
           pkgsrc/net/ethereal: Makefile

   Log Message:
   Add missing dependencies (glib2, pkgconfig) and bump PKGREIVISION.
---
   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Fri Jan 21 00:33:24 UTC 2005

   Modified Files:
           pkgsrc/net/ethereal: Makefile PLIST distinfo

   Log Message:
   Update to version 0.10.9

   This release fixes the following security-related issues:

   - The COPS dissector could go into an infinite loop. (CAN-2005-0006)
   - The DLSw dissector could cause an assertion, making Ethereal exit
     prematurely. (CAN-2005-0007)
   - The DNP dissector could cause memory corruption. (CAN-2005-0008)
   - The Gnutella dissector could cause an assertion, making Ethereal exit
     prematurely. (CAN-2005-0009)
   - The MMSE dissector could free static memory. (CAN-2005-0010)
   - The X11 protocol dissector is vulnerable to a string buffer overflow.
     (CAN-2005-0084)
   - Please see the application advisory for more information

   Everyone is encouraged to upgrade.

   New and updated features:
   =========================
   - Ethereal will now detect and flag weak 802.11 WEP IVs.
   - Windows Sniffer timestamp handling has been greatly improved.
   - A bug which made Ethereal crash at startup on Windows 98 and Windows ME
     systems has been fixed.
   - Ethereal and Tethereal now support a personal "hosts" file.
   - Invalid field length handling has been greatly improved.
   - The capture progress window title now shows the interface name.

   New protocol support:
   =====================
   - ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA

   Updated protocol support:
   =========================
   - AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM, DHCPv6,
     DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS, FCIP, FCSB3, FIX,
     GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11,
     IEEE 802a, image/GIF, image/JFIF, Kerberos, L2TP, LDAP, LLC, LMP, MGCP,
     MIME Multipart, MMSE, MPLS, MTP2, NBNS, NDMP, NMAS, NSIP, OLSR, PER, pflog,
     PGM, PostgreSQL, PPP, PRES, Q.931, RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP,
     SIP, SLSK, SMB, SMPP, SRVLOC, SSL/TLS, T.38, TACACS, TCAP, TCP, X11

   New and updated capture file support:
   =====================================
   - Windows Sniffer
44e9d37
snj 237 d73e8b2
salo Pullup ticket 236 - requested by Thomas Klausner
remove thunderbird-bin package

        Module Name:	pkgsrc
        Committed By:	wiz
        Date:		Thu Jan 20 14:00:41 UTC 2005

        Modified Files:
        	pkgsrc/mail: Makefile
        Removed Files:
        	pkgsrc/mail/thunderbird-bin: DESCR Makefile
                    Makefile.Linux.i386 Makefile.SunOS.i386
                    Makefile.SunOS.sparc PLIST distinfo

        Log Message:
        Remove old (and vulnerable) thunderbird-bin package. Ok'd by grant.
fa14a5e
salo #236 e713849
salo Pullup ticket 239 - requested by Takahiro Kambe
security fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.125-1.128
- pkgsrc/www/squid/distinfo 1.73-1.74

   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Jan 16 15:46:25 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile

   Log Message:
   Set PKG_USERS and PKG_GROUPS with SQUID_USER and SQUID_GROUP.
   Now squid's user and group are handled by bsd.pkg.install.mk properly.

   Thanks much to Volker Wiegand at t-online dot de noted this problem
   by private mail.

   Bump PKGREVISION.
---
   Module Name:	pkgsrc
   Committed By:	kim
   Date:		Wed Jan 19 00:19:27 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile

   Log Message:
   Record SQUID_USER and SQUID_GROUP in BUILD_DEFS.
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jan 19 14:56:55 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Apply three official patch including a minor security problem.

   o 2005-01-17 04:29 (Minor Secuity issue) Sanity check usernames
     in squid_ldap_auth
   o 2005-01-17 02:52 (Minor) FQDN names truncated on compressed DNS
     responses
   o 2005-01-17 02:52 (Minor) Internal DNS memory leak on malformed
     responses

   Bump package revision; squid-2.5.7nb7.
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan 21 13:41:27 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update new official patched.

   o  2005-01-21 12:43 (Security issue)
   	Strengthen Squid from HTTP response splitting cache pollution attack

   o  2005-01-21 12:10 (Minor)
   	Icons fails to load on non-anonymous FTP when using
   	short_icons_url directive

   o  2005-01-21 12:10 (Minor)
   	FTP data connection fails on some FTP servers when requesting
   	directory without a trailing slash

   One patch has problem to apply and hold to apply

   o  2005-01-21 12:10 (Minor) Disable Path-MTU discovery on intercepted
      requests

   Bump package revision.
ff2c6fe
salo #239 c05ff85
salo Pullup ticket 240 - requested by Thomas Klausner
security fix for unarj

Revisions pulled up:
- pkgsrc/archivers/unarj/Makefile         1.18-1.19
- pkgsrc/archivers/unarj/PLIST            1.2
- pkgsrc/archivers/unarj/distinfo         1.3-1.4
- pkgsrc/archivers/unarj/files/Makefile   1.1-1.2
- pkgsrc/archivers/unarj/patches/patch-aa 1.6
- pkgsrc/archivers/unarj/patches/patch-ab 1.4
- pkgsrc/archivers/unarj/patches/patch-ad 1.1

   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Jan 21 14:30:05 UTC 2005

   Modified Files:
   	pkgsrc/archivers/unarj: Makefile PLIST distinfo

   Log Message:
   Update to 2.65. (Documented) changes:
        UNARJ 2.65 - Fixed table boundaries per suggestion of
        UNARJ 2.63 - Added additional header data checks.
        UNARJ 2.61 - Added chapter and encryption information.
---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Jan 21 14:30:32 UTC 2005

   Added Files:
   	pkgsrc/archivers/unarj/files: Makefile

   Log Message:
   Add Makefile, since distfiles comes without one.
--
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Jan 21 14:41:16 UTC 2005

   Modified Files:
   	pkgsrc/archivers/unarj/patches: patch-aa

   Log Message:
   regen with correct offsets
--
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Jan 21 14:42:10 UTC 2005

   Modified Files:
   	pkgsrc/archivers/unarj: Makefile distinfo
   	pkgsrc/archivers/unarj/files: Makefile
   Added Files:
   	pkgsrc/archivers/unarj/patches: patch-ab patch-ad

   Log Message:
   Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027.
   Bump PKGREVISION.
2221087
salo #240 f12fe4a
Commits on Jan 23, 2005
salo Pullup ticket 238 - requested by Mark Davies
security fix for koffice

Revisions pulled up:
- pkgsrc/misc/koffice/Makefile         1.52-1.53
- pkgsrc/misc/koffice/distinfo         1.20
- pkgsrc/misc/koffice/patches/patch-ae 1.6

   Module Name:	pkgsrc
   Committed By:	darcy
   Date:		Sun Jan  9 10:56:14 UTC 2005

   Modified Files:
   	pkgsrc/misc/koffice: Makefile

   Log Message:
   Package builds with latest version of Python.
---
   Module Name: pkgsrc
   Committed By: markd
   Date:  Fri Jan 21 11:32:12 UTC 2005

   Modified Files:
    pkgsrc/misc/koffice: Makefile distinfo
   Added Files:
    pkgsrc/misc/koffice/patches: patch-ae

   Log Message:
   latest xpdf vulnerability as it occurs in kword pdf import filter.
   http://www.kde.org/info/security/advisory-20050120-1.txt
   Bump PKGREVISION.
34236d9
salo #238 465fc27
salo Pullup ticket 242 - requested by Takahiro Kambe
security fix for webmin

Revisions pulled up:
- pkgsrc/sysutils/webmin/DEINSTALL        1.3
- pkgsrc/sysutils/webmin/Makefile         1.4-1.5
- pkgsrc/sysutils/webmin/distinfo         1.3
- pkgsrc/sysutils/webmin/files/webmin.sh  1.2
- pkgsrc/sysutils/webmin/patches/patch-aa 1.3

   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Sun Jan 23 04:36:27 UTC 2005

   Modified Files:
   	pkgsrc/sysutils/webmin: DEINSTALL Makefile distinfo
   	pkgsrc/sysutils/webmin/files: webmin.sh
   	pkgsrc/sysutils/webmin/patches: patch-aa

   Log Message:
   Update sysutils/webmin to webmin-1.170.  Changes from version 1.150
   include:

   * Added the new Bandwidth Monitoring module, for generating simple
     reports of network traffic by port, time and host on Linux systems.
   * Added the Cluster Copy module, for copying files to multiple servers
     either on schedule or manually.
   * Added the Backup Configuration Files module, for backing up and
     restoring config files known to Webmin.
   * Several improvements to the Linux firewall module, including pre-
     and post commands, cluster support and the ability to reset the
     firewall configuration.
   * Support for selecting specific MySQL and PostgreSQL tables to back
     up, and improved searching in the MySQL module.
   * Automatic email notification for users approaching their disk quotas.
   * The timezone can now be set in the System Time module on Linux,
     Solaris and FreeBSD.
   * Added the new Sarg Squid access reporting module. Thanks to Omar
     Armas for sponsoring its development.
   * Added support for NFSv4 to the Disk and Network Filesystems module.
   * In the MySQL and PostgreSQL modules, all databases can now be backed
     up at once, either manually or on a configured schedule.
   * Added the ability to delete multiple users at once to the Users and
     Groups module.
   * Added support for MD5 encryption for Webmin passwords, to avoid the
     8-character effective password length limit.
   * The BIND module can now create and edit delegation-only zones.
   * When PAM is used for Unix authentication, expired passwords are now
     detected and the user is prompted to select a new password (if this
     feature is enabled on the Webmin Configuration module).
---
   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Sun Jan 23 06:20:43 UTC 2005

   Modified Files:
   	pkgsrc/sysutils/webmin: Makefile

   Log Message:
   Use the openssl/buildlink3.mk file to properly handle a built-in OpenSSL
   distribution for the location of the "openssl" binary (used to generate
   the self-signed certificate).
0ace066
salo Fro^W#242 888ec2c
Commits on Jan 27, 2005
snj Pullup ticket 247 - requested by Takahiro Kambe
security fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile	1.129
- pkgsrc/www/squid/distinfo	1.75

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Jan 26 15:29:03 UTC 2005

   Modified Files:
           pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update new and disabled official patches.  The new patch includes
   security fix.

   o 2005-01-21 12:10 (Minor)
           Disable Path-MTU discovery on intercepted requests

   o 2005-01-21 12:43 (Security issue)
           Strengthen Squid from HTTP response splitting cache pollution attack

   Bump package revision.
676619c
snj 247 307d273
snj Pullup ticket 241 - requested by Kimmo Suominen
build fix for postfix

Revisions pulled up:
- pkgsrc/mail/postfix/distinfo				1.80
- pkgsrc/mail/postfix/options.mk			1.14
- pkgsrc/mail/postfix/files/patch-inet6-ni_withscopeid	1.1
- pkgsrc/mail/postfix/patches/patch-aj			removed

    Module Name:    pkgsrc
    Committed By:   kim
    Date:           Tue Dec 28 16:13:28 UTC 2004

    Modified Files:
            pkgsrc/mail/postfix: distinfo options.mk
    Added Files:
            pkgsrc/mail/postfix/files: patch-inet6-ni_withscopeid
    Removed Files:
            pkgsrc/mail/postfix/patches: patch-aj

    Log Message:
    Apply NI_WITHSCOPEID patch only if the inet6 option is enabled.

    Closes PR pkg/28756
af5bf3a
snj 241 4bb41ee
salo Pullup ticket 249 - requested by Todd Vierling
security fix for bind9

Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.65
- pkgsrc/net/bind9/distinfo 1.20

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Jan 26 09:32:31 UTC 2005

   Modified Files:
   	pkgsrc/net/bind9: Makefile distinfo

   Log Message:
   Apply ISC patch to fix a potential DoS in BIND 9.3.0 reported
   in VU#938617.
   Bump package version number to 9.3.0pl1 because of this.
b3e2045
salo #249 a1f08f9
salo Pullup ticket 248 - requested by Min Sik Kim
distfile fix for awstats

Revisions pulled up:
- pkgsrc/www/awstats/Makefile 1.13
- pkgsrc/www/awstats/distinfo 1.7

   Module Name:    pkgsrc
   Committed By:   minskim
   Date:           Wed Jan 26 15:55:41 UTC 2005

   Modified Files:
           pkgsrc/www/awstats: Makefile distinfo

   Log Message:
   Distfile changed without bumping the version number.  Noted by adrianp@.
   diff(1) shows that some default values have been changed.

   Set DIST_SUBDIR and bump PKGREVISION.
a91fb94
salo #248 5a82dff
Commits on Jan 29, 2005
salo Pullup ticket 251 - requested by Johnny C. Lam
compatibility fix for dlopen.builtin.mk

Revisions pulled up:
- pkgsrc/mk/dlopen.builtin.mk 1.10

   Module Name:	pkgsrc
   Committed By:	jlam
   Date:		Thu Jan 20 15:22:39 UTC 2005

   Modified Files:
   	pkgsrc/mk: dlopen.builtin.mk

   Log Message:
   Also match NetBSD security releases, e.g. 2.0.1, when deciding whether
   using dlopen() implies linking against libpthread.  Idea for fix from
   PR pkg/29022 and probably also fixes PR pkg/28800.
fb05a26
salo #251 b5d4550
salo Pullup ticket 252 - requested by Ben Collver
update win32-codecs

Revisions pulled up:
- pkgsrc/multimedia/win32-codecs/Makefile 1.13
- pkgsrc/multimedia/win32-codecs/PLIST    1.8
- pkgsrc/multimedia/win32-codecs/distinfo 1.11

   Module Name:		pkgsrc
   Committed By:	ben
   Date:		Thu Jan 27 23:53:13 UTC 2005

   Modified Files:
   	pkgsrc/multimedia/win32-codecs: Makefile PLIST distinfo

   Log Message:
   Update win32-codecs to 050115.  Changes unknown.  Update necessary
   because older distfile versions are removed.  This addresses PR#29137
61afc8c
salo #252 d8103d6
salo Pullup ticket 253 - requested by Dan McMahill
security fix for f2c

Revisions pulled up;
- pkgsrc/lang/f2c/Makefile         1.33
- pkgsrc/lang/f2c/buildlink3.mk    1.4
- pkgsrc/lang/f2c/distinfo         1.13
- pkgsrc/lang/f2c/patches/patch-ac 1.15
- pkgsrc/lang/f2c/patches/patch-ae 1.10
- pkgsrc/lang/f2c/patches/patch-ag 1.10
- pkgsrc/lang/f2c/patches/patch-ak 1.1

   Modified Files:
   	pkgsrc/lang/f2c: Makefile buildlink3.mk distinfo
   	pkgsrc/lang/f2c/patches: patch-ac patch-ae patch-ag
   Added Files:
   	pkgsrc/lang/f2c/patches: patch-ak

   Log Message:
   update to f2c-20001205nb8

   This addresses a temp file symlink race vulnerability.  The f2c patch
   is adapted from the debian one.  The f2c-f77 (wrapper script which
   emulates a fortran compiler) patch was done a bit differently.
80c9451
salo #253 e0fabbe
snj Pullup ticket 254 - requested by Takahiro Kambe
security fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile	1.130
- pkgsrc/www/squid/distinfo 	1.76

    Module Name:    pkgsrc
    Committed By:   taca
    Date:           Sat Jan 29 00:51:42 UTC 2005

    Modified Files:
            pkgsrc/www/squid: Makefile distinfo

    Log Message:
    Apply a new official patch which contains security problem.

    * 2005-01-28 23:16 (Security issue) Buffer overflow in WCCP recvfrom() call

    Bump PKG_REVISION and now squid-2.5.7nb10.
620bd2f
snj 254 c55d0dc
Commits on Jan 30, 2005
salo Addition to ticket 210:
Correct the version in BUILDLINK_RECOMMENDED, the package is still at 1rc6,
not 1rc8 on the branch.

Noted by Bartosz Kuzma in private mail.
390405a
Commits on Jan 31, 2005
salo Pullup ticket 245 - requested by Jan Schaumann
generate and upload checksums for bulk builds

Revisions pulled up:
- pkgsrc/mk/bulk/build.conf-example 1.24-1.26
- pkgsrc/mk/bulk/upload             1.20-1.21

   Module Name:	pkgsrc
   Committed By:	jschauma
   Date:		Mon Jan 24 03:41:34 UTC 2005

   Modified Files:
   	pkgsrc/mk/bulk: upload

   Log Message:
   Add bits to allow bulk-builders to generate checksums for the binary
   packages they upload (by setting the optional variable MKSUMS=yes) and,
   also optionally, PGP signing them (by setting SIGN_AS=username@NetBSD.org,
   for example).
---
   Module Name:	pkgsrc
   Committed By:	jschauma
   Date:		Mon Jan 24 13:08:19 UTC 2005

   Modified Files:
   	pkgsrc/mk/bulk: build.conf-example

   Log Message:
   Add MKSUMS and SIGN_AS (the former defaulting to yes, the latter
   commented out).
---
   Module Name:	pkgsrc
   Committed By:	tv
   Date:		Mon Jan 24 13:21:13 UTC 2005

   Modified Files:
   	pkgsrc/mk/bulk: build.conf-example

   Log Message:
   Not all OS's have all the checksum tools available to make MKSUMS=yes
   work.  Default it to "no" instead.
---
   Module Name:	pkgsrc
   Committed By:	jschauma
   Date:		Mon Jan 24 15:00:48 UTC 2005

   Modified Files:
   	pkgsrc/mk/bulk: build.conf-example upload

   Log Message:
   Per default, only create md5 and sha1 checksums.
   (These are available on all platforms via digest(1).)
   Set commands for other checksums on a per OPSYS basis.

   Set MKSUSM=yes back as the default.
1819772
salo #245 8f14772
Commits on Feb 01, 2005
salo Pullup ticket 256 - requested by Takahiro Kambe
distfiles fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.131-1.132
- pkgsrc/www/squid/distinfo 1.77-1.78

   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb  1 01:31:10 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update squid package to squid-2.5.7nb11.

   squid-2.5.STABLE7-response_splitting.patch was updated, so update distinfo
   and DIST_SUBDIR.  It seems that a patch to one more file was added.

   * 2005-01-31 01:50 (Security issue)
   	Strengthen Squid from HTTP response splitting cache pollution attack
---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb  1 10:22:20 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Fix file name of a patch file which squid people fix its typo.

   Noted by salo@ first and PR pkg/29181 later.
60eb211
salo #256 c286f5d
Commits on Feb 02, 2005
snj Pullup ticket 258 - requested by Lubomir Sedlacik
security fix for xpdf

Revisions pulled up:
- pkgsrc/print/xpdf/Makefile	1.35
- pkgsrc/print/xpdf/distinfo	1.18

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Jan 19 10:01:03 UTC 2005

   Modified Files:
           pkgsrc/print/xpdf: Makefile distinfo

   Log Message:
   the daily security patch: update to 3.00pl3, fixes:
   http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
a9f7000
snj 258 2109394
Commits on Feb 03, 2005
salo Pullup ticket 263 - requested by Julio M. Merino Vidal
security fix for gpdf

Revisions pulled up:
- pkgsrc/print/gpdf/Makefile 1.22
- pkgsrc/print/gpdf/distinfo 1.9

   Module Name:		pkgsrc
   Committed By:	jmmv
   Date:		Thu Feb  3 10:43:53 UTC 2005

   Modified Files:
   	pkgsrc/print/gpdf: Makefile distinfo

   Log Message:
   Update to 2.8.3:

   Version 2.8.3
   -------------
   * Fix for CAN 2005-0064 (Derek Noonburg)
   * Fix font encoding code for Type1C fonts and freetype > 2.1.7

   Version 2.8.2
   -------------
   * Fix potential buffer overflow in xpdf colorspace handling code.
     (Derek Noonburg) - CAN 2004-1125
   * Fix bookmarks navigation. (Martin Sjogren, Marco Pesenti Gritti)
     - #159937
   * Show "Exit Fullscreen" button only on current workspace. (Gordon
     Ingram) - #161225
   * Fix crash with broken embedded fonts. (Martin) - #161066
   * Fix several crashes with mouse-over-links. (Martin) - #156784
   * Translation updates: Vincent van Adrighem (nl)
05b9ed0
salo #263 3f68e41
salo Pullup ticket 265 - requested by Kimmo Suominen
security fix for p5-DBI

Revisions pulled up:
- pkgsrc/databases/p5-DBI/Makefile         1.28
- pkgsrc/databases/p5-DBI/distinfo         1.14
- pkgsrc/databases/p5-DBI/patches/patch-aa 1.1
- pkgsrc/databases/p5-DBI/patches/patch-ab 1.1

   Module Name:		pkgsrc
   Committed By:	kim
   Date:		Sat Jan 29 18:30:47 UTC 2005

   Modified Files:
   	pkgsrc/databases/p5-DBI: Makefile distinfo
   Added Files:
   	pkgsrc/databases/p5-DBI/patches: patch-aa patch-ab

   Log Message:
   Apply Debian DSA-658 fix for CAN-2005-0077:
   - do not create a PID file by default

   http://www.debian.org/security/2005/dsa-658
96c7d4c
salo #265 d3f78a0
salo Pullup ticket 266 - requested by Adrian Portelli
security fix for dillo

Revisions pulled up:
- pkgsrc/www/dillo/Makefile         1.23-1.24
- pkgsrc/www/dillo/PLIST            1.10
- pkgsrc/www/dillo/distinfo         1.20-1.21
- pkgsrc/www/dillo/patches/patch-aa 1.5
- pkgsrc/www/dillo/patches/patch-ac 1.6

   Module Name:		pkgsrc
   Committed By:	jmmv
   Date:		Tue Jan  4 14:09:17 UTC 2005

   Modified Files:
   	pkgsrc/www/dillo: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/www/dillo/patches: patch-aa

   Log Message:
   Properly handle the dpidrc configuration file.  Bump PKGREVISION to 1.
   Closes PR pkg/28854 by Alexander Becher.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Mon Jan 10 21:54:36 UTC 2005

   Modified Files:
   	pkgsrc/www/dillo: Makefile distinfo
   Added Files:
   	pkgsrc/www/dillo/patches: patch-ac

   Log Message:
   Patch for recent security issue - bump to nb2
   http://secunia.com/advisories/13760/
19e7801
salo #266 e9fd0d1
Commits on Feb 04, 2005
salo Pullup ticket 267 - requested by Adrian Portelli
security fix for snort

Revisions pulled up:
- pkgsrc/net/snort/Makefile.common  1.17
- pkgsrc/net/snort/PLIST            1.18
- pkgsrc/net/snort/distinfo         1.24
- pkgsrc/net/snort-mysql/Makefile   1.12
- pkgsrc/net/snort-contrib/DESCR    removed
- pkgsrc/net/snort-contrib/Makefile removed
- pkgsrc/net/snort-contrib/PLIST    removed
- pkgsrc/net/snort-contrib/distinfo removed

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Jan 28 23:02:41 UTC 2005

   Modified Files:
   	pkgsrc/net/snort: Makefile Makefile.common PLIST

   Log Message:
   Update to snort 2.3.0

   2005-01-25 - Snort 2.3.0 Final Released

   * Fixed issue with sfPortscan reporting incorrect IP datagram length.
     Thanks Jon Hart for the test case and finding the bug, and Marc Norton
     for resolving the issue.

   * Threshold/Suppression now prints properly when logging to syslog.
     Thanks Sekure for pointing out the problem. Thanks Steve Sturges for
     working on the fix.

   * Threshold memcap argument now correctly handles non-integer input.
     Thanks nnposter for the patch.

   * Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were
     not decoded properly. Thanks Dan Roelker for the fix.

   * Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your
     work on putting it all together.

   2004-12-15 - Snort 2.3.0 RC2 Released

   * Small performance improvement to arpspoof and also fixed a problem
     where the list of configured IP/MAC entries would contain only one
     entry and leaked memory (Jeff Nathan).

   * Fixed a problem affecting MacOS X where linking may fail with
     non-standard libraries when global symbols are encountered multiple
     times (Jeff Nathan).

   * Ignore RST|ACK midstream pickup case so we don't get an evasive TCP
     alerts.  Thanks for the report, Sekure. Thanks Dan Roelker for the fix.

   * Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the
     logdir config will work if the default or command-line logdir does not
     exist on the system. Thanks Dan Roelker.

   * Fixed bug when setting the doe_ptr on a successful pcre match.
     It is now set relative to base_ptr. Thanks Steve Sturges for the
     fix.

   * Added from_beginning and multiplier options for byte_jump.
     from_beginning skips bytes from the beginning of the content,
     instead of from the location immediately following the number
     of bytes to skip.  multiplier takes a numeric argument, and
     skips x times that number of bytes. Thanks again to Steve Sturges.

   * In "fast" output, now log only actual packet contents when UDP
     data length is greater than actual data length. Thanks Brian
     Caswell for spotting this, and Andrew Mullican for working on the fix.

   * Please check the ChangeLog for further details.

   2004-11-18 - Snort 2.3.0 RC1 Released

   * Added IPS functionality from Snort-Inline.  A big thanks to the
     Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor
     Julien).  Also, Thanks Dan Roelker for doing the integrating of
     Snort-Inline into the official Snort project.

   * Added new portscan detector.  The design and implementation was headed
     up by Dan Roelker, and included Marc Norton and Jeremy Hewlett.

   * Numerous changes for better 64bit Snort support from Jeremy Hewlett and
     Marc Norton.  Additionally, an --enable-64bit-gcc option was added to
     configure.  However, there are still some memory alignment issues to
     work out before 64bit mode is fully functional, patches are welcomed.
     Thanks Chris Baker for doing 64bit testing.

   * Added not_established keyword to the flow detection option.  This allows
     snort to do dynamic firewall rulesets.  Experimental for now.

   * Added an enforce_state keyword to stream4 so we won't pick up midstream
     sessions.  This works well for asynchronous links and also for
     just monitoring legitimate traffic.

   * Relocated ./contrib files to http://www.snort.org/dl/contrib as many
     are not maintained by Sourcefire and are out of date. The rpm and
     schema files have been relocated in their respective 'rpm' and 'schemas'
     directories under the snort parent directory.

   * perfmonitor config line can now be configured with "accumulate" or
     "reset."  Thanks Marc Norton for the feature, and Barry Basselgia for
     pointing out the issue.  Thanks Scott Dexter and Andreas Ostling for
     doing some initial testing.

   * Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson
     and Clay McClure.  Thanks guys.

   * Fixed reference times to match log time for first packet, for an event
     generated by a reassembled packet.  Incremented event ID to give
     unique ID for each packet.  Also made unified logging compatible with
     Windows.  Thanks Andrew Mullican for the fix.

   * Fixed linux perfmonitoring stats for the 2.6 kernel.  Thanks to
     everyone that reported this bug.  Thanks Dan Roelker for the fix.

   * Get thresholding/suppression to work for alerts that do not
     contain an ip header (primarily decode alerts).  Thanks
     Brian Caswell.

   * Fix conditions where snort would log double web alerts that
     contained only content options (no uricontents).  Thanks to kawa for
     finding and reporting this bug.

   * Fix suppression/thresholding bug for non-rule alerts.  Thanks to
     Alex Butcher for reporting it to us.

   * Many other bug fixes, please check the ChangeLog for details.
---
   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Sat Jan 29 03:27:58 UTC 2005

   Modified Files:
   	pkgsrc/net/snort: distinfo

   Log Message:
   Update distinfo for snort-2.3.0.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Jan 28 23:03:59 UTC 2005

   Modified Files:
   	pkgsrc/net/snort-mysql: Makefile

   Log Message:
   Sync and minor tidy up for snort 2.3.0 release.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Jan 28 22:51:27 UTC 2005

   Removed Files:
   	pkgsrc/net/snort-contrib: DESCR Makefile PLIST distinfo

   Log Message:
   As of snort 2.3.0 all contrib files are now available from:
   http://www.snort.org/dl/contrib/
571ff4b
salo #267 233e458
Commits on Feb 05, 2005
salo Pullup ticket 268 - requested by Johnny C. Lam
security fix fod perl58

Patch provided by the submitter.  PKGREVISION bumped.
Fixes for:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156
8b19e2c
salo #268 8072eec
salo Pullup ticket 269 - requested by Johnny C. Lam
security fix for cups

Revisions pulled up:
- pkgsrc/print/cups/Makefile         1.88
- pkgsrc/print/cups/distinfo         1.29
- pkgsrc/print/cups/patches/patch-au 1.3

   Module Name:		pkgsrc
   Committed By:	drochner
   Date:		Wed Jan 19 11:03:23 UTC 2005

   Modified Files:
   	pkgsrc/print/cups: Makefile distinfo
   Added Files:
   	pkgsrc/print/cups/patches: patch-au

   Log Message:
   apply the last xpdf security patch to the embedded pdftops filter
   which is based on xpdf, bump PKGREVISION
84732ef
salo #269 ad6b11f
Commits on Feb 07, 2005
snj Pullup ticket 274 - requested by Takahiro Kambe
security fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile	1.133
- pkgsrc/www/squid/distinfo	1.79

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sun Feb  6 08:08:03 UTC 2005

   Modified Files:
           pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update squid package to 2.5.7nb12.

   Adding several official patches which fix security and critical problem.


   o 2005-02-06 00:57 (Cosmetic)
           Improve password handling in FTP gatewaying of ftp://user@host URLs

   o 2005-02-04 11:41 (Minor) WCCP easily disturbed by forged packets

   o 2005-02-04 00:33 (Medium)
           Persistent connection trouble on failed PUT/POST requests

   o 2005-02-04 00:12 (Major) Segmentation fault on failed PUT/POST request

   o 2005-02-03 23:27 (Minor)
           Sporadic segmentation fault when using ntlm authentication

   o 2005-02-03 23:17 (Minor)
           LDAP helpers sends slightly malformed search requests

   o 2005-01-31 22:50 (Security issue)
           Correct handling of oversized reply headers
28f5ad1
snj 274 af865d5
Commits on Feb 10, 2005
salo Pullup ticket 277 - requested by Matthias Scheler
security fix for apache2

Revisions pulled up:
- pkgsrc/devel/apr/Makefile           1.31
- pkgsrc/devel/apr/distinfo           1.11
- pkgsrc/www/apache2/Makefile         1.66 (merged by hand)
- pkgsrc/www/apache2/Makefile.common  1.13
- pkgsrc/www/apache2/PLIST            1.27
- pkgsrc/www/apache2/distinfo         1.36 (merged by hand)
- pkgsrc/www/apache2/patches/patch-aa 1.14
- pkgsrc/www/apache2/patches/patch-as removed
- pkgsrc/www/apache2/patches/patch-at removed

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Feb  9 14:52:12 UTC 2005

   Modified Files:
   	pkgsrc/devel/apr: Makefile distinfo

   Log Message:
   Update "apr" package to version 0.9.6.2.0.53. Changes since
   version 0.9.5.2.0.52:
   - Add apr_threadattr_stacksize_set() for overriding the default
     stack size for threads created by apr_thread_create().
   - Add an RPM spec file.
   - Add a build script to create a solaris package.
---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Feb  9 14:57:52 UTC 2005

   Modified Files:
   	pkgsrc/www/apache2: Makefile Makefile.common PLIST distinfo
   	pkgsrc/www/apache2/patches: patch-aa
   Removed Files:
   	pkgsrc/www/apache2/patches: patch-as patch-at

   Log Message:
   Update "apache2" package to version 2.0.53. Changes since version 2.0.52:
   - Fix --with-apr=/usr and/or --with-apr-util=/usr.  Bug report 29740.
     [Max Bowsher <maxb ukf.net>]
   - mod_proxy: Fix ProxyRemoteMatch directive.  Bug report 33170.
     [Rici Lake <rici ricilake.net>]
   - mod_proxy: Respect errors reported by pre_connection hooks.
     [Jeff Trawick]
   - --with-module can now take more than one module to be statically
     linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
     If the <modtype>-subdirectory doesn't exist it will be created and
     populated with a standard Makefile.in.  [Erik Abele]
   - Fix the RPM spec file so that an RPM build now works. An RPM
     build now requires system installations of APR and APR-util.
     Remove some arbitrary moving around of binaries - the RPM now
     maps to the ASF build of httpd.
     [Graham Leggett]
   - mod_dumpio, an I/O logging/dumping module, added to the
     modules/expermimental subdirectory.  [Jim Jagielski]
   - mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
     library handles special characters.  Bug report 24437.
     [Jess Holle]
   - Win32 MPM: Correct typo in debugging output.  [William Rowe]
   - conf: Remove AddDefaultCharset from the default configuration because
     setting a site-wide default does more harm than good.
     Bug report 23421. [Roy Fielding]
   - Add charset to example CGI scripts.  [Roy Fielding]
   - mod_ssl: fail quickly if SSL connection is aborted rather than
     making many doomed ap_pass_brigade calls.
     Bug report 32699.  [Joe Orton]
   - Remove compiled-in upper limit on LimitRequestFieldSize.
     [Bill Stoddard]
   - Start keeping track of time-taken-to-process-request again for
     mod_status if ExtendedStatus is enabled. [Jim Jagielski]
   - mod_proxy: Handle client-aborted connections correctly.
     Bug report 32443.  [Janne Hietamäki, Joe Orton]
   - Fix handling of files >2Gb on all platforms (or builds) where
     apr_off_t is larger than apr_size_t.
     Bug report 28898.  [Joe Orton]
   - mod_include: Fix bug which could truncate variable expansions
     of N*64 characters by one byte.  Bug report 32985.  [Joe Orton]
   - Correct handling of certain bucket types in ap_save_brigade, fixing
     possible segfaults in mod_cgi with #include virtual.
     Bug report 31247.  [Joe Orton]
   - Allow for the use of --with-module=foo:bar where the ./modules/foo
     directory is local only. Assumes, of course, that the required
     files are in ./modules/foo, but makes it easier to statically
     build/log "external" modules.  [Jim Jagielski]
   - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
     ldap authorization only modules have access to the util_ldap
     user cache without having to require ldap authentication as well.
     Bug report 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]
   - mod_auth_ldap: Added the directive "Requires ldap-attribute" that
     allows the module to only authorize a user if the attribute value
     specified matches the value of the user object. Bug report 31913
     [Ryan Morgan <rmorgan pobox.com>]
   - SECURITY: CAN-2004-0942 (cve.mitre.org)
     Fix for memory consumption DoS in handling of MIME folded request
     headers.  [Joe Orton]
   - SECURITY: CAN-2004-0885 (cve.mitre.org)
     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
     bypassed during an SSL renegotiation.  Bug report 31505.
     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
   - mod_ssl: Fail at startup rather than segfault at runtime if a
     client cert is configured with an encrypted private key.
     Bug report 24030.  [Joe Orton]
   - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so".
     Bug report 31448 [Joe Orton]
   - mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
     [Jeff Trawick]
   - mod_cache: CacheDisable will only disable the URLs it was meant to
     disable, not all caching. Bug report 31128.
     [Edward Rudd <eddie omegaware.com>, Paul Querna]
   - mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
     cache responses.  [Justin Erenkrantz]
   - mod_rewrite: Handle per-location rules when r->filename is unset.
     Previously this would segfault or simply not match as expected,
     depending on the platform.  [Jeff Trawick]
   - mod_rewrite: Fix 0 bytes write into random memory position.
     Bug report 31036. [André Malo]
   - mod_disk_cache: Do not store aborted content.  Bug report 21492.
     [Rüdiger Plüm <r.pluem t-online.de>]
   - mod_disk_cache: Correctly store cached content type.
     Bug report 30278.
     [Rüdiger Plüm <r.pluem t-online.de>]
   - mod_ldap: prevent the possiblity of an infinite loop in the LDAP
     statistics display. Bug report 29216. [Graham Leggett]
   - mod_ldap: fix a bogus error message to tell the user which file
     is causing a potential problem with the LDAP shared memory cache.
     Bug report 31431 [Graham Leggett]
   - mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
   - Fix the re-linking issue when purging elements from the LDAP cache
     Bug report 24801.  [Jess Holle <jessh ptc.com>]
   - mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]
   - Fix Expires handling in mod_cache.  [Justin Erenkrantz]
   - Alter mod_expires to run at a different filter priority to allow
     proper Expires storage by mod_cache.  [Justin Erenkrantz]
3175419
salo #277 ce40bff
Commits on Feb 11, 2005
snj Pullup ticket 280 - requested by Takahiro Kambe
update squid

Revisions pulled up:
pkgsrc/www/squid/Makefile		1.134
pkgsrc/www/squid/distinfo		1.80
pkgsrc/www/squid/patches/patch-al	1.6
pkgsrc/www/squid/patches/patch-cd	1.5


  Module Name:    pkgsrc
  Committed By:   taca
  Date:           Fri Feb 11 14:47:18 UTC 2005

  Modified Files:
          pkgsrc/www/squid: Makefile distinfo
          pkgsrc/www/squid/patches: patch-al patch-cd

  Log Message:
  Update squid package to 2.5.8 (squid-2.5.STABLE8).

  Most of these changes are already included in previous squid-2.5.7nb12.
  But last one is really new one.

  Changes to squid-2.5.STABLE8 (11 Feb 2005)

          - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
            #1096)
          - [Cosmetic] Document -v (protocol version) option to LDAP helpers
          - [Minor] The new req_header and resp_header acls segfaults
            immediately on parse of squid.conf (Bug #961)
          - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
            (Bug #1118)
          - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
          - [Minor] Squid fails to close TCP connection after blank HTTP
            response (Bug #1116)
          - [Minor security] Random error messages in response to malformed
            host name (Bug #1143)
          - [Minor] PURGE should not be able to delete internal objects
            (Bug #1112)
          - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
            #1121)
          - [Minor] cachemgr vm_objects segfault (Bug #1149)
          - [Minor security] Confusing results on empty acl declarations (Bug
            #1166)
          - [Minor] Don't close all "other" filedescriptors on startup (Bug
            #1177)
          - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
            #1183)
          - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
          - [Medium security] Denial of service with forged WCCP messages
            (Bug #1190)
          - [Minor] DNS related memory leak on certain malformed DNS responses
            (Bug #1197)
          - [Minor] Internal DNS sometimes truncates host names in reverse
            (PTR) lookups (Bug #1136)
          - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
          - [Security] Harden Squid agains HTTP request smuggling attacks
          - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
            short_icon_urls is on (Bug #1203)
          - [Security] Harden Squid agains HTTP response splitting attacks
            (Bug #1200)
          - [Medium security] Buffer overflow in WCCP recvfrom() call
            (Bug #1217)
          - [Security] Properly handle oversized reply headers (Bug #1216)
          - [Minor] LDAP helpers search fixed to properly ask for no attributes
          - [Minor] A sporadic segmentation fault when using ntlm authentication
            fixed (Bug #1127)
          - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
          - [Medium] Persistent connection mismatch on failed PUT/POST request
            (Bug #1122)
          - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
          - [Minor] Password management in ftp:// gatewaying improved (Bug #1226
          - [Major] HTTP reply data corruption in certain situations involving
            reply headers split over multiple packets (Bug #1233)
bc181e0
snj 280 2d0c4fe
Commits on Feb 13, 2005
salo Pullup ticket 283 - requested by Grant Beattie
clamav update

Revisions pulled up:
- pkgsrc/mail/clamav/Makefile         1.32-1.34
- pkgsrc/mail/clamav/buildlink3.mk    1.4
- pkgsrc/mail/clamav/distinfo         1.21
- pkgsrc/mail/clamav/patches/patch-ad 1.8
- pkgsrc/mail/clamav/patches/patch-ag removed
- pkgsrc/mail/clamav/patches/patch-ah 1.2

   Module Name:	pkgsrc
   Committed By:	grant
   Date:		Sun Feb 13 07:24:22 UTC 2005

   Modified Files:
   	pkgsrc/mail/clamav: Makefile buildlink3.mk distinfo
   	pkgsrc/mail/clamav/patches: patch-ad patch-ah

   Log Message:
   update clamav to 0.82. closes PR pkg/29139, PR pkg/29319.

   [ skipped ridiculously long list of changes ]
---
   Module Name:	pkgsrc
   Committed By:	grant
   Date:		Sun Feb 13 13:08:50 UTC 2005

   Removed Files:
   	pkgsrc/mail/clamav/patches: patch-ag

   Log Message:
   remove unused patch.
5cccf68
salo #283 7b7a55f
salo Pullup ticket 284 - requested by Min Sik Kim
distfile fix for awstats

Revisions pulled up:
- pkgsrc/www/awstats/Makefile 1.14
- pkgsrc/www/awstats/distinfo 1.8

   Module Name:    pkgsrc
   Committed By:   minskim
   Date:           Sun Feb 13 15:29:15 UTC 2005

   Modified Files:
          pkgsrc/www/awstats: Makefile distinfo

   Log Message:
   Bump PKGREVISION due to distfile change.

   This fixes PR pkg/29210.
3abb09c
salo #284 3d22774
Commits on Feb 14, 2005
salo Pullup ticket 285 - requested by Min Sik Kim
portability fix for battalion

Revisions pulled up:
- pkgsrc/games/battalion/Makefile         1.27
- pkgsrc/games/battalion/distinfo         1.5
- pkgsrc/games/battalion/patches/patch-aa 1.10

   Module Name:		pkgsrc
   Committed By:	minskim
   Date:		Sun Feb 13 21:03:41 UTC 2005

   Modified Files:
   	pkgsrc/games/battalion: Makefile distinfo
   	pkgsrc/games/battalion/patches: patch-aa

   Log Message:
   Make this package build on Linux.  This fixes PR pkg/29357.
     - Use -lcompat on NetBSD only.
     - Define LINUXVERSION on Linux.
98bf472
salo #285 f6d9e0d
Commits on Feb 15, 2005
snj Pullup ticket 286 - requested by grant beattie
clamav update

Revisions pulled up:
- pkgsrc/mail/clamav/Makefile		1.35
- pkgsrc/mail/clamav/distinfo		1.22
- pkgsrc/mail/clamav/patches/patch-ad	1.9
- pkgsrc/mail/clamav/patches/patch-ah	1.3

   Module Name:    pkgsrc
   Committed By:   grant
   Date:           Mon Feb 14 11:20:13 UTC 2005

   Modified Files:
           pkgsrc/mail/clamav: Makefile distinfo
           pkgsrc/mail/clamav/patches: patch-ad patch-ah

   Log Message:
   update to 0.83.

   changes since 0.82 (summarized):

     * clamd: change default value of StreamMaxPort to 2048
     * freshclam: add support for Foreground (requested by Jeremy Kitchen
                  <kitchen*scriptkitchen.com>)
     * clamav-milter:      Added --whistlist-file and --sendmail-cf options
                           When in SESSION mode, not all sessions would send END

   other changes are documentation and misc. bug fixes.
63c2d5c
snj 286 74c23fb
salo Pullup ticket 272 - requested by Robert T. Retzlaff
pkg_add preserve modes of entries in binary packages

Revisions pulled up:
- pkgsrc/pkgtools/pkg_install/files/lib/ftpio.c   1.14
- pkgsrc/pkgtools/pkg_install/files/lib/version.h 1.39

   Module Name:    pkgsrc
   Committed By:   agc
   Date:           Fri Jan  7 11:58:12 UTC 2005

   Modified Files:
           pkgsrc/pkgtools/pkg_install/files/lib: ftpio.c version.h

   Log Message:
   Sync changes with src/:

   + extract files on ftp pkg_adds with the 'p' flag to tar, to preserve
     modes of entries in the binary package.  (Addresses PR 28826 from
     Tyler Retzlaff)

   Bump version to 20050106
8270869
salo #272 221045f
snj Pullup ticket 290 - requested by Min Sik Kim
security fix for awstats

Revisions pulled up:
- pkgsrc/www/awstats/Makefile		1.15
- pkgsrc/www/awstats/distinfo		1.9
- pkgsrc/www/awstats/patches/patch-aa	1.1
- pkgsrc/www/awstats/patches/patch-ab	1.1

    Module Name:  pkgsrc
    Committed By: minskim
    Date:         Tue Feb 15 15:55:25 UTC 2005

    Modified Files:
          pkgsrc/www/awstats: Makefile distinfo
    Added Files:
          pkgsrc/www/awstats/patches: patch-aa patch-ab

    Log Message:
    Security fix for http://www.securityfocus.com/archive/1/390368.
    Patches from awstats CVS.

    Bump PKGREVISION.
c839cb3
snj 290 ab3fef6
snj Pullup ticket 291 - requested by Stoned Elipot
security fix for sympa

Revisions pulled up:
- pkgsrc/mail/sympa/Makefile		1.12
- pkgsrc/mail/sympa/distinfo		1.5
- pkgsrc/mail/sympa/patches/patch-ad	1.3
- pkgsrc/mail/sympa/patches/patch-ae	1.3

    Module Name:    pkgsrc
    Committed By:   seb
    Date:           Tue Feb 15 22:45:54 UTC 2005

    Modified Files:
            pkgsrc/mail/sympa: Makefile distinfo
    Added Files:
            pkgsrc/mail/sympa/patches: patch-ad patch-ae

    Log Message:
    Apply security fixes for CAN-2005-0073. Patches obtained from
    Sympa's CVS repository via Sympa's homepage.

    Bump PKGREVISION to 2.
f735873
snj 291 3cb257f
Commits on Feb 16, 2005
salo Pullup ticket 289 - requested by Matthias Drochner
security fix for python

Patches hand-rolled, based on the following commit:

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Feb  4 15:39:04 UTC 2005

   Modified Files:
           pkgsrc/lang/python22: Makefile distinfo
           pkgsrc/lang/python23: Makefile distinfo
           pkgsrc/lang/python23-nth: Makefile
           pkgsrc/lang/python24: Makefile distinfo
   Added Files:
           pkgsrc/lang/python22/patches: patch-an
           pkgsrc/lang/python23/patches: patch-an
           pkgsrc/lang/python24/patches: patch-an

   Log Message:
   apply the security fix from
   http://www.python.org/security/PSF-2005-001/
   This disables hierarchical object lookups in SimpleXMLRPCServer.
   Unfortunately, this breaks some applications (eg kenosis). Don't
   shoot me for this.
   bump PKGREVISION
3b4f555
salo #289 ce26abe
Commits on Feb 17, 2005
salo Pullup ticket 292 - requested by Takahiro Kambe
DoS fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.135
- pkgsrc/www/squid/PLIST    1.16
- pkgsrc/www/squid/distinfo 1.81

   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Thu Feb 17 15:04:12 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile PLIST distinfo

   Log Message:
   Update squid package to 2.5.8nb1.

   Apply four official fixes.

   * 2005-02-15 02:14 (Cosmetic) FTP URL cleanups
   * 2005-02-15 01:07 (Cosmetic) Allow high characters in generated FTP and
   				Gopher directory listings
   * 2005-02-15 00:03 (Cosmetic) Cross-platform format fixes
   * 2005-02-13 05:58 (Major) Assertion failure on certain odd DNS responses

   Fixes PR pkg/29412 from Mike M. Volokhov.
c8a5208
salo #292 33842dc
Commits on Feb 18, 2005
salo Pullup ticket 294 - requested by Matthias Scheler
security fix for bidwatcher

Revisions pulled up:
- pkgsrc/misc/bidwatcher/Makefile         1.41
- pkgsrc/misc/bidwatcher/distinfo         1.33
- pkgsrc/misc/bidwatcher/patches/patch-ac removed

   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Fri Feb 18 10:10:06 UTC 2005

   Modified Files:
   	pkgsrc/misc/bidwatcher: Makefile distinfo
   Removed Files:
   	pkgsrc/misc/bidwatcher/patches: patch-ac

   Log Message:
   Update "bidwatcher" package to version 1.3.17.
   Changes since version 1.3.16:
   - Fix eBay parser.
   - Add libcurl support.  libcurl is now a dependency.
   - Tons of little fixes.
   - Fix potential security bug in versions <= 1.3.16 (CAN-2005-0158).
   - Added Seller id to the Log.
   - Fixed BUY Only items that expire but bidwather don't think so.
   - Should compile on cygwin now.
   - Be more compatible with BSD.
e085509
salo #294 cc878a5
Commits on Feb 19, 2005
snj Pullup ticket 295 - requested by Lubomir Sedlacik
security fixes for suse91_libtiff, suse91_x11, and suse91_gtk2

Revisions pulled up:
- pkgsrc/emulators/suse91_libtiff/Makefile	1.2
- pkgsrc/emulators/suse91_libtiff/distinfo	1.2
- pkgsrc/emulators/suse91_x11/Makefile		1.2
- pkgsrc/emulators/suse91_x11/distinfo		1.2
- pkgsrc/emulators/suse91_gtk2/DEINSTALL	removed
- pkgsrc/emulators/suse91_gtk2/INSTALL		1.3
- pkgsrc/emulators/suse91_gtk2/POSTINSTALL	removed
- pkgsrc/emulators/suse91_gtk2/Makefile		1.5,1.6,1.7
- pkgsrc/emulators/suse91_gtk2/distinfo		1.2
- pkgsrc/emulators/suse91_gtk2/PLIST		1.1


    Module Name:	pkgsrc
    Committed By:	jdolecek
    Date:		Sat Jan 22 09:57:51 UTC 2005

    Modified Files:
            pkgsrc/emulators/suse91_libtiff: Makefile distinfo

    Log Message:
    Update to RPM version libtiff-3.6.1-38.14, which fixes the recent
    security problems in libtiff.
    Bump PKGREVISION
    ---
    Module Name:    pkgsrc
    Committed By:   jdolecek
    Date:           Sat Jan 22 10:10:17 UTC 2005

    Modified Files:
            pkgsrc/emulators/suse91_x11: Makefile distinfo

    Log Message:
    Update to latest available version (4.3.99.902-43.35.3), which fixes
    the recently discovered Xpm vulnerabilities
    ---
    Module Name:    pkgsrc
    Committed By:   jdolecek
    Date:           Sat Jan 22 10:46:20 UTC 2005

    Modified Files:
            pkgsrc/emulators/suse91_gtk2: Makefile
    Removed Files:
            pkgsrc/emulators/suse91_gtk2: DEINSTALL INSTALL POSTINSTALL

    Log Message:
    the gtk/pango stuff doesn't appear to be necessary and causes unclean
    package deinstall
    ---
    Module Name:    pkgsrc
    Committed By:   jdolecek
    Date:           Sat Jan 22 10:53:49 UTC 2005

    Modified Files:
            pkgsrc/emulators/suse91_gtk2: Makefile distinfo

    Log Message:
    use updated gtk2 RPM, which fixes recently discovered Xpm-related
    vulnerabilities
    ---
    Module Name:    pkgsrc
    Committed By:   jdolecek
    Date:           Sat Jan 22 12:35:26 UTC 2005

    Modified Files:
            pkgsrc/emulators/suse91_gtk2: Makefile
    Added Files:
            pkgsrc/emulators/suse91_gtk2: INSTALL PLIST

    Log Message:
    put back INSTALL (in slighly simplified form) - it _is_ necessary
    to setup the etc files for gtk & pango; add the files into PLIST, so that
    they are properly removed when package is deinstalled
ce693d1
snj 295 3e949c4
snj Pullup ticket 296 - requested by Lubomir Sedlacik
security fix for tcpdump

Revisions pulled up:
- pkgsrc/net/tcpdump/Makefile		1.13
- pkgsrc/net/tcpdump/distinfo		1.5
- pkgsrc/net/tcpdump/patches/patch-aa	removed
- pkgsrc/net/tcpdump/patches/patch-ab	removed

   Module Name:    pkgsrc
   Committed By:   reed
   Date:		Tue Jan 25 18:55:43 UTC 2005

   Modified Files:
           pkgsrc/net/tcpdump: Makefile distinfo
   Removed Files:
           pkgsrc/net/tcpdump/patches: patch-aa patch-ab

   Log Message:
   Update to tcpdump-3.8.3 (as prompted by Chris Ross on tech-pkg list).

   Changes include:

           Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
                                http://www.rapid7.com/advisories/R7-0017.html
           IP-over-IEEE1394 printing.
           some MINGW32 changes.
           updates for autoconf 2.5
           fixes for print-aodv.c - check for too short packets
           formatting changes to print-ascii for hex output.
           check for too short packets: print-bgp.c, print-bootp.c, print-cdp.c,
                   print-chdlc.c, print-domain.c, print-icmp.c, print-icmp6.c,
                   print-ip.c, print-lwres.c, print-ospf.c, print-pim.c,
                   print-ppp.c,print-pppoe.c, print-rsvp.c, print-wb.c
           print-ether.c - better handling of unknown types.
           print-isoclns.c - additional decoding of types.
           print-llc.c - strings for LLC names added.
           print-pfloc.c - various enhancements
           print-radius.c - better decoding to strings.

           changed syntax of -E argument so that multiple SAs can be decrypted
           fixes for Digital Unix headers and Documentation
           __attribute__ fixes
           CDP changes from Terry Kennedy <terry@tmk.com>.
           IPv6 mobility updates from Kazushi Sugyo <sugyo@pb.jp.nec.com>
           Fixes for ASN.1 decoder for 2.100.3 forms.
           Added a count of packets received and processed to clarify numbers.
           Incorporated WinDUMP patches for Win32 builds.
           PPPoE payload length headers.
           Fixes for HP C compiler builds.
           Use new pcap_breakloop() and pcap_findalldevs() if we can.
           BGP output split into multiple lines.
           Fixes to 802.11 decoding.
           Fixes to PIM decoder.
           SuperH is a CPU that can't handle unaligned access. Many fixes for
                   unaligned access work.
           Fixes to Frame-Relay decoder for Q.933/922 frames.
           Clarified when Solaris can do captures as non-root.
           Added tests/ subdir for examples/regression tests.
           New -U flag.    -flush stdout after every packet
           New -A flag     -print ascii only
           support for decoding IS-IS inside Cisco HDLC Frames
           more verbosity for tftp decoder
           mDNS decoder
           new BFD decoder
           cross compilation patches
           RFC 3561 AODV support.
           UDP/TCP pseudo-checksum properly for source-route options.
           sanitized all files to modified BSD license
           Add support for RFC 2625 IP-over-Fibre Channel.
           fixes for DECnet support.
           Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI.
           RFC 2684 encapsulation of BPDUs.

   This is a security fix update.
b36983e
snj 296 200c6d6
snj Pullup ticket 297 - requested by Lubomir Sedlacik
security fix for p5-Tk

Revisions pulled up:
- pkgsrc/x11/p5-Tk/Makefile		1.42
- pkgsrc/x11/p5-Tk/distinfo		1.9
- pkgsrc/x11/p5-Tk/patches/patch-ac	1.1
- pkgsrc/x11/p5-Tk/patches/patch-ad	1.1
- pkgsrc/x11/p5-Tk/buildlink3.mk	1.2

    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Sat Dec 25 14:00:10 UTC 2004

    Modified Files:
            pkgsrc/x11/p5-Tk: Makefile distinfo
    Added Files:
            pkgsrc/x11/p5-Tk/patches: patch-ac patch-ad

    Log Message:
    Update to 804.027nb2: use png and jpeg packages instead of copies
    coming with the source. Patch from Michael van Elst in PR 28770.
    ---
    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Sat Dec 25 14:02:30 UTC 2004

    Modified Files:
            pkgsrc/x11/p5-Tk: buildlink3.mk

    Log Message:
    Recommend 804.027nb2 because of security problems in earlier versions.
632860e
snj 297 a7894f7
Commits on Feb 20, 2005
salo Pullup ticket 298 - requested by Marc Recht
PLIST fix for python24

Revisions pulled up:
- pkgsrc/lang/python24/PLIST.common 1.3

   Module Name:		pkgsrc
   Committed By:	recht
   Date:		Fri Feb 18 22:25:22 UTC 2005

   Modified Files:
   	pkgsrc/lang/python24: PLIST.common

   Log Message:
   add dl.so to PLIST.common (conditionally)
   addresses PR 29402 by salo
0ba4fcb
salo #298 720f2bc
snj Pullup ticket 299 - requested by Mark Davies
security fix for kdeedu3

Revisions pulled up:
- pkgsrc/misc/kdeedu3/Makefile		1.29
- pkgsrc/misc/kdeedu3/distinfo		1.22
- pkgsrc/misc/kdeedu3/patches/patch-ac	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ad	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ae	1.1
- pkgsrc/misc/kdeedu3/patches/patch-af	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ag	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ah	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ai	1.1
- pkgsrc/misc/kdeedu3/patches/patch-aj	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ak	1.1
- pkgsrc/misc/kdeedu3/patches/patch-al	1.1
- pkgsrc/misc/kdeedu3/patches/patch-am	1.1
- pkgsrc/misc/kdeedu3/patches/patch-an	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ao	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ap	1.1
- pkgsrc/misc/kdeedu3/patches/patch-aq	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ar	1.1
- pkgsrc/misc/kdeedu3/patches/patch-as	1.1
- pkgsrc/misc/kdeedu3/patches/patch-at	1.1
- pkgsrc/misc/kdeedu3/patches/patch-au	1.1
- pkgsrc/misc/kdeedu3/patches/patch-av	1.1
- pkgsrc/misc/kdeedu3/patches/patch-aw	1.1
- pkgsrc/misc/kdeedu3/patches/patch-ax	1.1

    Module Name: pkgsrc
    Committed By: markd
    Date:  Sun Feb 20 11:31:11 UTC 2005

    Modified Files:
         pkgsrc/misc/kdeedu3: Makefile distinfo
    Added Files:
         pkgsrc/misc/kdeedu3/patches: patch-ac patch-ad patch-ae patch-af
         patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am
         patch-an patch-ao patch-ap patch-aq patch-ar patch-as patch-at
         patch-au patch-av patch-aw patch-ax

    Log Message:
    Fix for http://www.kde.org/info/security/advisory-20050215-1.txt.
    Bump PKGREVISION.
c01a79b
snj 299 99ceaab
Commits on Feb 21, 2005
salo Pullup ticket 302 - requested by Takahiro Kambe
update distribution patches for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.136
- pkgsrc/www/squid/distinfo 1.82

   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Mon Feb 21 00:05:32 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update to squid-2.5.8nb2;

   Add new two patches:

   * 2005-02-20 19:11 (Cosmetic) GCC4 warnings
   * 2005-02-20 10:47 (Minor) Relax header parsing slightly again to work
   				around broken web servers

   Reflect update of one patch:

   * 2005-02-20 11:03 (Cosmetic) Cross-platform format fixes

   Update DIST_SUBDIR.
8baf1ac
salo #302 2a295cc
snj Pullup ticket 300 - requested by Lubomir Sedlacik
security fix for mc

Revisions pulled up:
- pkgsrc/sysutils/mc/DESCR		1.2
- pkgsrc/sysutils/mc/PLIST		1.2
- pkgsrc/sysutils/mc/PLIST.charset	1.1
- pkgsrc/sysutils/mc/PLIST.cons.saver	1.1
- pkgsrc/sysutils/mc/PLIST.mcedit	1.1
- pkgsrc/sysutils/mc/PLIST.vfs		1.1
- pkgsrc/sysutils/mc/Makefile		1.47
- pkgsrc/sysutils/mc/distinfo		1.11
- pkgsrc/sysutils/mc/patches/patch-ab	1.11
- pkgsrc/sysutils/mc/patches/patch-aa	removed
- pkgsrc/sysutils/mc/patches/patch-ac	removed
- pkgsrc/sysutils/mc/patches/patch-ad	removed
- pkgsrc/sysutils/mc/patches/patch-ae	removed
- pkgsrc/sysutils/mc/patches/patch-af	removed
- pkgsrc/sysutils/mc/patches/patch-ag	removed
- pkgsrc/sysutils/mc/patches/patch-ah	removed
- pkgsrc/sysutils/mc/patches/patch-ai	removed
- pkgsrc/sysutils/mc/patches/patch-aj	removed
- pkgsrc/sysutils/mc/patches/patch-ak	removed

   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jan 15 21:14:27 UTC 2005

   Modified Files:
           pkgsrc/sysutils/mc: DESCR Makefile PLIST distinfo
           pkgsrc/sysutils/mc/patches: patch-ab
   Removed Files:
           pkgsrc/sysutils/mc/patches: patch-aa patch-ac patch-ad patch-ae
               patch-af patch-ag patch-ah patch-ai patch-aj patch-ak

   Log Message:
   Update to 4.6.1pre2, fixing a number of vulnerabilities.
   Joined work in pkgsrc-wip by Pavel Arnost, myself, and Roland Illig.

   Version 4.6.1-pre2.

   Release candidate for 4.6.1.

   - Security.
           - Fixed CAN-2004-0226 (buffer overflows).
           - Fixed CAN-2004-0231 (unsafe temporary file and directory creation).
           - Fixed CAN-2004-0232 (format string vulnerablities).
           - cons.saver does not need to be setuid-root on Linux.
           - Hiding of FTP passwords.
   [...]
   Version 4.6.0-pre2.

   Release candidate for 4.6.0.

   - Security.
           - mc now creates its own temporary directory /tmp/mc-$USER.
             If it fails or permissions are wrong, the user is warned.
   [...]
   Version 4.6.0-pre1.

   - Security release.  Massive code cleanup.  Most improvements didn't
     need any significant amount of the new code.

   - Security.
           - Fixes for remotely exploitable buffer overflows in VFS.
   [...]

   ---

   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jan 15 21:15:26 UTC 2005

   Added Files:
           pkgsrc/sysutils/mc: PLIST.charset PLIST.cons.saver PLIST.mcedit
               PLIST.vfs

   Log Message:
   Add some PLIST fragments for extra features.
079e4e7
snj 300 a1f9cd1
snj Pullup ticket 301 - requested by Lubomir Sedlacik
security fix for ImageMagick and p5-PerlMagick

Revisions pulled up:
- pkgsrc/graphics/ImageMagick/Makefile		1.123,1.125
- pkgsrc/graphics/ImageMagick/Makefile.common	1.25-1.27
- pkgsrc/graphics/ImageMagick/options.mk	1.1
- pkgsrc/graphics/ImageMagick/PLIST		1.28-1.29
- pkgsrc/graphics/ImageMagick/distinfo		1.35-1.37
- pkgsrc/graphics/ImageMagick/patches/patch-aa	1.27
- pkgsrc/graphics/p5-PerlMagick/Makefile	1.38


   Module Name:    pkgsrc
   Committed By:   tv
   Date:           Fri Dec 24 23:42:49 UTC 2004

   Modified Files:
           pkgsrc/graphics/ImageMagick: Makefile
   Added Files:
           pkgsrc/graphics/ImageMagick: options.mk

   Log Message:
   Allow building without X11 support with "PKG_OPTIONS.ImageMagick=-x11".
   Idea inspired by post to tech-pkg from <imil@home.imil.net>.

   ---

   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed Jan  5 09:25:18 UTC 2005

   Modified Files:
           pkgsrc/graphics/ImageMagick: Makefile Makefile.common PLIST distinfo
           pkgsrc/graphics/ImageMagick/patches: patch-aa

   Log Message:
   Changes 6.1.7:
   * ReadPALMImage() now produces a proper RGB image
   * Added the -shadow option to simulate an image shadow
   * Fix file leak in ImageToBlob() method

   ---

   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Fri Jan 14 12:41:07 UTC 2005

   Modified Files:
           pkgsrc/graphics/ImageMagick: Makefile.common PLIST distinfo

   Log Message:
   Changes 6.1.8-6:
   * Bug fixes and improvements

   ---

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Jan 18 11:22:10 UTC 2005

   Modified Files:
           pkgsrc/graphics/ImageMagick: Makefile.common distinfo
           pkgsrc/graphics/p5-PerlMagick: Makefile

   Log Message:
   update to 6.1.8-8, fixes a security problem, see
   http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities
10405e2
snj 301 1590fc4
snj Pullup ticket 303 - requested by Lubomir Sedlacik
security fix for hylafax

Revisions pulled up:
- pkgsrc/comms/hylafax/distinfo		1.12
- pkgsrc/comms/hylafax/Makefile		1.42
- pkgsrc/comms/hylafax/PLIST		1.8
- pkgsrc/comms/hylafax/distinfo		1.13
- pkgsrc/comms/hylafax/patches/patch-ac	1.7
- pkgsrc/comms/hylafax/patches/patch-ae	1.9-1.10
- pkgsrc/comms/hylafax/patches/patch-af	1.7
- pkgsrc/comms/hylafax/patches/patch-ah	1.6
- pkgsrc/comms/hylafax/patches/patch-ai	1.9
- pkgsrc/comms/hylafax/patches/patch-aj	1.6
- pkgsrc/comms/hylafax/patches/patch-ak	1.6
- pkgsrc/comms/hylafax/patches/patch-al	1.6
- pkgsrc/comms/hylafax/patches/patch-an	1.7
- pkgsrc/comms/hylafax/patches/patch-ao	1.7
- pkgsrc/comms/hylafax/patches/patch-ap	1.8
- pkgsrc/comms/hylafax/patches/patch-aq	removed
- pkgsrc/comms/hylafax/patches/patch-ar	1.8
- pkgsrc/comms/hylafax/patches/patch-as	1.6


    Module Name:    pkgsrc
    Committed By:   markd
    Date:           Mon Jan  3 22:58:14 UTC 2005

    Modified Files:
            pkgsrc/comms/hylafax: distinfo
            pkgsrc/comms/hylafax/patches: patch-ae

    Log Message:
    Fix configure to allow build with libtiff 3.7.

    ---

    Module Name:    pkgsrc
    Committed By:   adam
    Date:           Thu Jan 27 16:22:37 UTC 2005

    Modified Files:
            pkgsrc/comms/hylafax: Makefile PLIST distinfo
            pkgsrc/comms/hylafax/patches: patch-ac patch-ae patch-af patch-ah
                patch-ai patch-aj patch-ak patch-al patch-an patch-ao patch-ap
                patch-ar patch-as
    Removed Files:
            pkgsrc/comms/hylafax/patches: patch-aq

    Log Message:
    Changes 4.2.1:

    * fix CAN-2004-1182: hfaxd client/server authentication
      vulnerability (10 Jan 2005)
    * fix possible filename race in tiff2pdf (10 Jan 2005)
    * improve modern distinctive ring support, add
      NoAnswerVoice config feature, and enhance third-party
      getty interaction (1, 2 Jan 2005)
    * add support for etc/resetmodem (30 Dec 2004)
    * fix NOTIFY_FAXMASTER within notify (30 Dec 2004)
    * improve tiff2pdf and use it more (29 Dec 2004)
    * fix 300 dpi support for some receivers (28 Dec 2004)
    * cause faxsetup to double-check and fix attachment encoding
      setup (27 Dec 2004)
    * add uuencode support in pollrcvd (27 Dec 2004)
    * add support for base64-encode (27 Dec 2004)
    * check strftime with arguments, gcc-3.3 fix (23 Dec 2004)
    * initialize some variables in some scripts that may not
      be initialzed in setup.cache (23, 27 Dec 2004)
    * remove need to have separate "fax" user (22 Dec 2004)
    * fix parsing of AT+FCLASS=3D? response within faxaddmodem
      and probemodem (21 Dec 2004)
    * improve multi-line handling within notify (20 Dec 2004)
    * improve trap handling in faxaddmodem/probemodem (17 Dec 2004)
    * fix hfaxd from rejecting jobs scheduled for the past while
      the killtime is still in the future (15 Dec 2004)
    * drop ftp links from received notification e-mail (8 Dec 2004)
    * fix dial-and-answer feature (2 Dec 2004)
    * add NSF recognition for MFC-3100C (29 Nov 2004)
    * fix Class 1 support for services "0,1.0" (26 Nov 2004)
    * limit hfaxd jobs cache size (23 Nov 2004)
    * fix hfaxd ABOR command and trigger (23 Nov 2004)
    * fix error when hfaxd FIFO fills (23 Nov 2004)
    * document -age option for recvstats/xferfaxstats (23 Nov 2004)
    * add coversheet information into the q-file (23 Nov 2004)
    * fix documentation regarding DesiredEC (23 Nov 2004)
    * change minsp to minbr for consistency (23 Nov, 2 Dec 2004)
    * fix hfaxd problem with file descriptors (23 Nov 2004)
    * fix hfaxd from dying on ECONNABORTED (23 Nov 2004)
    * add -fpic to DSO build for non-x86 Linux (23 Nov 2004)
    * add CALL records to xferfaxlog and LogCalls config (16 Nov 2004)
    * fix/implement desireddf in faxsend and faxq (29 Oct 2004)
    * fix the filetype output for JPARM DOCUMENTS (14 Oct 2004)
    * add SHIELDED_DTMF option for CIDNumber (7 Oct 2004)
    * add Class1Resolutions, deprecate Class1ExtendedRes (20 Sep 2004)
    * fix a bug in notify when the job is killed (15 Sep 2004)
    * initialize supplementary groups when switching
      uid (13 Sep, 8 Dec 2004)
    * fix faxsend to retrain after receiving RTP (9 Sep 2004)
    * fix tiffcheck unit comparison error (1 Sep 2004)
    * fix misconfirmation of some ECM faxes (30 Aug 2004)
    * add fax batching support to faxq (30 Aug, 9 Sep 2004)
    * ignore garbage after sending TCF data (26 Aug 2004)
    * fix truncation of filenames in faxcron (26 Aug 2004)
    * add configure support for libtiff 3.7 (25 Aug 2004)
    * extend short send-HDLC timeouts (18 Aug 2004)
    * add a pause after receiving MCF on non-ECM send sessions (18 Aug 2004)
    * fix broken fax polling (17 Aug 2004)
    * add several timing enhancements for stressed
      servers (16 Aug, 10, 15 Sep, 14 Oct 2004)
bcd82fd
snj 303 711ac79
Commits on Feb 22, 2005
snj Pullup ticket 304 - requested by Lubomir Sedlacik
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.16,1.19
- pkgsrc/mail/mailman/PLIST		1.5
- pkgsrc/mail/mailman/files/DEINSTALL	1.1
- pkgsrc/mail/mailman/files/INSTALL	1.1
- pkgsrc/mail/mailman/distinfo		1.5
- pkgsrc/mail/mailman/patches/patch-ai	1.1


    Module Name:    pkgsrc
    Committed By:   kim
    Date:           Sat Dec 25 16:55:33 UTC 2004

    Modified Files:
            pkgsrc/mail/mailman: Makefile PLIST
    Added Files:
            pkgsrc/mail/mailman/files: DEINSTALL INSTALL

    Log Message:
    Change permissions of installed files to match what is required by
    the software to work.  Run "check_perms -f" to make sure permissions
    are correct (it still fixes a setgid problem with "mail/mailman").

    Remove mm_cfg.pyc (compiled copy of mm_cfg.py) always, so the package
    can be deinstalled cleanly.

    Closes PR pkg/24041.

    ---

    Module Name:    pkgsrc
    Committed By:   tv
    Date:           Mon Feb 14 16:56:38 UTC 2005

    Modified Files:
            pkgsrc/mail/mailman: Makefile distinfo
    Added Files:
            pkgsrc/mail/mailman/patches: patch-ai

    Log Message:
    Apply patch from Mailman maintainers to fix vulnerability described in:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202
ebc0ce0
snj 304 a80ba73
Commits on Feb 24, 2005
salo Pullup ticket 307 - requested by Matthias Drochner
security fix for emacs

Revisions pulled up:
- pkgsrc/editors/emacs/Makefile           1.76
- pkgsrc/editors/emacs/distinfo           1.17
- pkgsrc/editors/emacs/patches/patch-al   1.5
- pkgsrc/editors/emacs-nox11/Makefile     1.11
- pkgsrc/editors/emacs20/Makefile         1.15
- pkgsrc/editors/emacs20/distinfo         1.6
- pkgsrc/editors/emacs20/patches/patch-ca 1.1

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Wed Feb  9 16:09:43 UTC 2005

   Modified Files:
           pkgsrc/editors/emacs: Makefile distinfo
           pkgsrc/editors/emacs-nox11: Makefile
           pkgsrc/editors/emacs20: Makefile distinfo
   Added Files:
           pkgsrc/editors/emacs/patches: patch-al
           pkgsrc/editors/emacs20/patches: patch-ca

   Log Message:
   fix format string vulnerability (CAN-2005-0100), bump PKGREVISION
a71fc30
Commits on Feb 25, 2005
salo Pullup ticket 308 - requested by Matthias Drochner
security fix for xview-lib

Revisions pulled up:
- pkgsrc/x11/xview-lib/Makefile         1.25
- pkgsrc/x11/xview-lib/distinfo         1.8
- pkgsrc/x11/xview-lib/patches/patch-fa 1.1

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Thu Feb 10 11:03:53 UTC 2005

   Modified Files:
           pkgsrc/x11/xview-lib: Makefile distinfo
   Added Files:
           pkgsrc/x11/xview-lib/patches: patch-fa

   Log Message:
   the daily security patch:
   sprintf->snprintf to fix security problem (CAN-2005-0076)
   (patch from Debian)
   bump PKGREVISION
32a4d87
salo #307, #308 84393c4
salo Pullup ticket 313 - requested by Adrian Portelli
security fix for cyrus-imapd22

Patch provided by the submitter.

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Feb 25 10:21:15 UTC 2005

   Modified Files:
   	pkgsrc/mail/cyrus-imapd22: Makefile distinfo

   Log Message:
   - Update cyrus-imapd22 from 2.2.10 to 2.2.12
   - ok'ed recht@
   - Addresses a few recent security issues:
     http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723
     http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33733

   Changes to the Cyrus IMAP Server since 2.2.10

   * Fix possible single byte overflow in mailbox handling code.
   * Fix possible single byte overflows in the imapd annotate extension.
   * Fix stack buffer overflows in fetchnews (exploitable by peer news
     server), backend (exploitable by admin), and in imapd (exploitable
     by users though only on platforms where a filename may be larger
     than a mailbox name).
855e528
salo #313 6ee7763
salo Pullup ticket 309 - requested by Adrian Portelli
security fix for phpmyadmin

Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.26-1.29
- pkgsrc/databases/phpmyadmin/PLIST    1.9
- pkgsrc/databases/phpmyadmin/distinfo 1.10-1.11

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Feb 24 17:26:03 UTC 2005

   Modified Files:
   	pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo

   Log Message:
   - Update from 2.6.1-rc1 to 2.6.1-pl1
   - Addresses known security issues as well as numerious other changes
   - ok'ed tron@
   [ Changelog skipped]
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Thu Feb 24 17:50:43 UTC 2005

   Modified Files:
   	pkgsrc/databases/phpmyadmin: Makefile

   Log Message:
   Add dependence on "php-mbstring" package because phpMyAdmin complains
   about the lack of multibyte support otherwise.
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Thu Feb 24 20:52:09 UTC 2005

   Modified Files:
   	pkgsrc/databases/phpmyadmin: Makefile distinfo

   Log Message:
   Update "phpmyadmin" to 2.6.1pl2. It fixes a serious regression in 2.6.1pl1
   which e.g. completely broke editing entries in a table.
c077ab8
salo #309 2588d2e
Commits on Feb 26, 2005
snj Pullup ticket 311 - requested by Lubomir Sedlacik
security fix for curl

Apply a manual patch that fixes a buffer overflow in the NTLM
authentication code.  See http://www.securityfocus.com/archive/1/391042
for more information.
f9e0fc4
snj 311 fdc255c
Commits on Feb 28, 2005
snj Pullup ticket 317 - requested by Lubomir Sedlacik
security fix for xine-lib

Apply a manual patch that fixes the vulnerabilities noted in
http://www.xinehq.de/index.php/security/XSA-2004-6
303d7ef
snj 317 eaa7933
snj Pullup ticket 320 - requested by Lubomir Sedlacik
security fix for unzip

Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile	1.52
- pkgsrc/archivers/unzip/distinfo	1.12


   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Mon Feb 28 16:50:24 UTC 2005

   Modified Files:
           pkgsrc/archivers/unzip: Makefile distinfo

   Log Message:
   Update to version 5.52

   Changes:

   The 5.52 maintenance release fixes a few minor problems found in the 5.51
   release, closes some more security holes, adds a new AtheOS port, and
   contains a Win32 extra-field code cleanup that was not finished earlier.
   The most important changes are:

   - (re)enabled unshrinking support by default, the LZW patents have expired
   - fixed an extraction size bug for encrypted stored entries (12 excess bytes
     were written with 5.51)
   - fixed false "uncompressed size mismatch" messages when extracting encrypted
     archive entries
   - do not restore SUID/SGID/Tacky attribute bits on Unix (BeOS, AtheOS) unless
     explicitely requested by new "-K" command line qualifier
   - optional support for "-W" qualifier to modify the pattern matching syntax
     (with -W: "*" stops at directory delimiter, "**" matches unlimited)
   - prevent buffer overflow caused by bogus extra-long Zipfile specification
   - performance enhancements for VMS port
   - fixed windll interface handling of its extraction mode qualifiers nfflag,
     ExtractOnlyNewer, noflag, PromptToOverwrite; added detailed explanation of
     their meanings and interactions to the windll documentation
98173a1
snj 320 46b92c4
Commits on Mar 01, 2005
salo Pullup ticket 322 - requested by Takahiro Kambe
update squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile 1.137-1.138
- pkgsrc/www/squid/distinfo 1.84-1.85

   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Mon Feb 28 16:59:08 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update squid to 2.5.8nb3, adding recent five official patches.

   * 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
   			      and other server errors
   * 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
   * 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow
   			      for sane display of national characters etc
   * 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k
   			      reconfigure"
   * 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
   			      configure
---
   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Tue Mar  1 11:16:58 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update squid package to 2.5.9 (2.5.STABLE9).

   There is no runtime change from 2.5.8nb3.

   - Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
     ACl support: The effective host type is i386-pc-solaris2.9.

   - Documentation update for squid 2.5.STALBE9.
6e49288
salo #322 d1dc3aa
snj Pullup ticket 323 - requested by Thomas Klausner
security fix for unace

Revisions pulled up:
- pkgsrc/archivers/unace/Makefile		1.14
- pkgsrc/archivers/unace/distinfo		1.6
- pkgsrc/archivers/unace/patches/patch-ad	1.2
- pkgsrc/archivers/unace/patches/patch-ae	1.1
- pkgsrc/archivers/unace/patches/patch-af	1.1


    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Tue Mar  1 14:53:41 UTC 2005

    Modified Files:
            pkgsrc/archivers/unace: Makefile distinfo
            pkgsrc/archivers/unace/patches: patch-ad
    Added Files:
            pkgsrc/archivers/unace/patches: patch-ae patch-af

    Log Message:
    Apply fix for CAN-2005-0160 and CAN-2005-0161.
    Bump PKGREVISION.
c472601
snj 323 e13bdd8
snj Pullup ticket 324 - requested by Thomas Klausner
security fix for wu-ftpd

Revisions pulled up:
- pkgsrc/net/wu-ftpd/Makefile		1.26
- pkgsrc/net/wu-ftpd/distinfo		1.13
- pkgsrc/net/wu-ftpd/patches/patch-ak	1.4

    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Tue Mar  1 16:06:37 UTC 2005

    Modified Files:
            pkgsrc/net/wu-ftpd: Makefile distinfo
    Added Files:
            pkgsrc/net/wu-ftpd/patches: patch-ak

    Log Message:
    Apply patch from Rainer Schoepf in
     http://marc.theaimsgroup.com/?l=bugtraq&m=110960890901497&w=2
    to fix
     http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
    Bump PKGREVISION.
c67ef6b
snj 324 308aa69
snj Pullup ticket 321 - requested by Lubomir Sedlacik
distfile update for unzip

Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile	1.53
- pkgsrc/archivers/unzip/distinfo	1.13

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Tue Mar  1 07:45:28 UTC 2005

    Modified Files:
            pkgsrc/archivers/unzip: Makefile distinfo

    Log Message:
    Distfile changed after one day.. grrrrrrr.

    Relevant change,

    +5.52 (28 Feb 05):
    + - win32/win32.c - defer_dir_attribs(): fixed critical "mem-access to
    +    nirwana" bug when processing directory entries without any local
    +    extra field; added some explaining comments
ab780fa
snj 321 490ff47
Commits on Mar 02, 2005
salo Pullup ticket 326 - requested by Matthias Scheler
security fix for gftp

Revisions pulled up:
- pkgsrc/net/gftp/DESCR			1.3
- pkgsrc/net/gftp/Makefile.common	1.8
- pkgsrc/net/gftp/PLIST			1.9
- pkgsrc/net/gftp/distinfo		1.8-1.9
- pkgsrc/net/gftp/patches/patch-aa	1.3
- pkgsrc/net/gftp/patches/patch-ab	1.5
- pkgsrc/net/gftp/patches/patch-ac	1.1
- pkgsrc/net/gftp/patches/patch-ad	1.1
- pkgsrc/net/gftp-gtk1/DESCR		1.2
- pkgsrc/net/gftp-gtk1/Makefile		1.7

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Mar  2 14:36:53 UTC 2005

   Modified Files:
   	pkgsrc/net/gftp: DESCR Makefile.common PLIST distinfo
   	pkgsrc/net/gftp-gtk1: DESCR
   Added Files:
   	pkgsrc/net/gftp/patches: patch-aa patch-ab

   Log Message:
   Update "gftp" and "gftp-gtk1" package to version 2.0.18. Changes since
   version 2.0.17:
   - Added support for the FSP protocol (http://fsp.sourceforge.net/)
   - SSH2: Fixed segfault that could occur when renaming a file (bug
     introduced in 2.0.18rc1)
   - SSH2: Fixes for parsing the directory listing from the commercial SSH
     server
   - FTP: added pasv_behind_router option. If this is enabled, then the IP
     address that is in the PASV response will be ignored. Instead the IP
     address of the remote host will be used
   - FTP: removed the quote filename functionality in the SITE CHMOD and
     SITE UTIME commands
   - Chmod: Fixes for setting the group execute bit (bug introduced in
     2.0.18rc1)
   - Fixes so that the text port will prompt you for your password when
     a URL is entered on the command line
   - In the text port, convert the string from UTF8 to the users' current
     locale before it is displayed
   - Fixes for when the host system does not have getaddrinfo() (bug
     introduced in 2.0.18rc1)
   - Rewrote and improved the URL parser so that the :, @ characters are
     allowed in directories and passwords
   - Security Fix: Ignore the file paths that are returned by the remote
     server
   - FreeBSD and HP/UX fixes
   - GNOME HIG fixes
   - Many other small changes and improvements. See the ChangeLog file
     in the distribution for a detailed list of changes.
   - Updated language translations (cs de en_CA en_GB es hu nl zh_CN)
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Wed Mar  2 20:43:21 UTC 2005

   Modified Files:
   	pkgsrc/net/gftp: distinfo
   	pkgsrc/net/gftp-gtk1: Makefile
   Added Files:
   	pkgsrc/net/gftp/patches: patch-ac patch-ad

   Log Message:
   Fix build problems in "gftp-gtk1" package caused by update to
   version 2.0.18.
073988b
salo #326 05e1e95
Commits on Mar 04, 2005
snj Pullup ticket 328 - requested by Lubomir Sedlacik
security fix for cups

Revisions pulled up:
- pkgsrc/print/cups/Makefile		1.90
- pkgsrc/print/cups/distinfo		1.31
- pkgsrc/print/cups/patches/patch-au	1.4
- pkgsrc/print/cups/patches/patch-av	1.3

    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Wed Mar  2 18:33:02 UTC 2005

    Modified Files:
            pkgsrc/print/cups: Makefile distinfo
            pkgsrc/print/cups/patches: patch-au
    Added Files:
            pkgsrc/print/cups/patches: patch-av

    Log Message:
    Fix  CAN-2005-0206:
    An overflow check introduced earlier (for CAN-2004-0888) was never
    triggered on 64-bit systems because 64-bit arithmetics was used there.
    Sprinkle some casts to int su that the overflow can happen.
    This fix is similar to the redhat one. The fix for similar code
    in print/teTeX-bin looks much cleaner, but since cups already contains
    the wrong redhad fix, I've chosen to stay close to the original.
    bump PKGREVISION
79ba4ad
snj 328 14254ac
spz stopgap to make building on amd64 possible (hopefully, as untested due
to lack of one :). Will need to be revisited.
e8bae33
salo Backout misimport.
Please pay more attention to where are you committing stuff.
f884b3c
Commits on Mar 05, 2005
snj Pullup ticket 330 - requested by Lubomir Sedlacik
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.21
- pkgsrc/mail/mailman/PLIST		1.6
- pkgsrc/mail/mailman/distinfo		1.7
- pkgsrc/mail/mailman/patches/patch-ac	1.3


    Module Name:    pkgsrc
    Committed By:   kim
    Date:           Wed Mar  2 21:09:56 UTC 2005

    Modified Files:
            pkgsrc/mail/mailman: Makefile PLIST distinfo
            pkgsrc/mail/mailman/patches: patch-ac

    Log Message:
    Upgrade to 2.1.5 due to security issues:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143
013b654
snj 330 cecad1c
Commits on Mar 07, 2005
salo Pullup ticket 335 - requested by Takahiro Kambe
security fix for squid

Revisions pulled up:
- pkgsrc/www/squid/Makefile	1.139
- pkgsrc/www/squid/distinfo	1.86

   Module Name:		pkgsrc
   Committed By:	taca
   Date:		Sun Mar  6 13:30:49 UTC 2005

   Modified Files:
   	pkgsrc/www/squid: Makefile distinfo

   Log Message:
   Update squid to 2.5.9nb1.

   * 2005-03-04 22:48 (Cosmetic Security)
   	Unexpected access control results on configuration errors

   * 2005-03-04 11:55 (Minor)
   	Links in FTP listings without / fails due to missing BASE HREF

   * 2005-03-04 11:55 (Minor)
   	Fails to parse the EPLF FTP directory format

   * 2005-03-03 02:26 (Minor Security)
   	Race condition related to Set-Cookie header
638955f
salo #335 be71fd3
Commits on Mar 09, 2005
salo Pullup ticket 339 - requested by Shin'ichiro TAYA
security fix for firefox

Patch supplied by submitter, equals to:

   Module Name:		pkgsrc
   Committed By:	taya
   Date:		Sun Feb 27 13:20:43 UTC 2005

   Log Message:
   Update firefox to 1.0.1.

   Changes from release notes:

   * Improved stability
   * International Domain Names are now displayed as punycode.
     (To show International Domain Names in Unicode, set the
     "network.IDN_show_punycode" preference to false.)
   * Several security fixes.
   MFSA 2005-29  Internationalized Domain Name (IDN) homograph spoofing
   MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
   MFSA 2005-27 Plugins can be used to load privileged content
   MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
   MFSA 2005-25 Image drag and drop executable spoofing
   MFSA 2005-24 HTTP auth prompt tab spoofing
   MFSA 2005-23 Download dialog source spoofing
   MFSA 2005-22 Download dialog spoofing using Content-Disposition header
   MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
   MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
   MFSA 2005-19 Autocomplete data leak
   MFSA 2005-18 Memory overwrite in string library
   MFSA 2005-17 Install source spoofing with user:pass@host
   MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
   MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
   MFSA 2005-14 SSL "secure site" indicator spoofing
   MFSA 2005-13 Window Injection Spoofing
ba3718d
salo #339 04d6a15
Commits on Mar 10, 2005
salo Pullup ticket 347 - requested by Matthias Scheler
security fix for ethereal

Revisions pulled up:
- pkgsrc/net/ethereal/Makefile		1.103
- pkgsrc/net/ethereal/distinfo		1.33, 1.35
- pkgsrc/net/ethereal/patches/patch-aa	1.11
- pkgsrc/net/ethereal/patches/patch-ab	1.3

   Module Name:		pkgsrc
   Committed By:	salo
   Date:		Mon Jan 31 22:53:54 UTC 2005

   Modified Files:
   	pkgsrc/net/ethereal: distinfo
   Added Files:
   	pkgsrc/net/ethereal/patches: patch-aa

   Log Message:
   Remove attributes in prototype for unnamed pointers.
   ethereal svn version is laready fixed.

   From PR pkg/29065 by Greg A. Woods.
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Thu Mar 10 10:05:33 UTC 2005

   Modified Files:
   	pkgsrc/net/ethereal: Makefile distinfo
   Added Files:
   	pkgsrc/net/ethereal/patches: patch-ab

   Log Message:
   Fix security vulernability in dissector for CDMA2000 A11 packets.
   Bump package revision.
0b9b188
salo #347 908a0f6
salo Pullup ticket 333 - requested by Adrian Portelli
security fix for imap-uw

Revisions pulled up:
- pkgsrc/mail/imap-uw/Makefile		1.88-1.90
- pkgsrc/mail/imap-uw/PLIST		1.9
- pkgsrc/mail/imap-uw/distinfo		1.19
- pkgsrc/mail/imap-uw-utils/DESCR	1.2
- pkgsrc/mail/imap-uw-utils/Makefile	1.20
- pkgsrc/mail/imap-uw-utils/PLIST	1.2
- pkgsrc/mail/imap-uw-utils/distinfo	1.5

   Module Name:	pkgsrc
   Committed By:	abs
   Date:		Mon Jan 24 09:03:48 UTC 2005

   Modified Files:
   	pkgsrc/mail/imap-uw: Makefile distinfo

   Log Message:
   Update imap-uw to 2004c1

   imap-2004c:
       fixes to quoted-printable encoding and CRAM-MD5 authentication.
       NNTP proxy in imapd now supports the LIST and LSUB commands.

   imap-2004b:
       There are new ports for Solaris with Blastwave Community Open
       Source Software (gcs) and Mandrake Linux (lmd).

       SET_SNARFINTERVAL now controls how frequently local drivers
       will move new mail from the mail spool as well as from a
       maildrop.  Maildrops are still tied to a minimum interval of
       1 minute, but there is now no minimum for the spool file.

       Character set conversions now map non-breaking space to space
       if the destination character set doesn't have nbsp.  JIS Roman
       yen sign is now mapped to Unicode yen sign.
---
   Module Name:	pkgsrc
   Committed By:	abs
   Date:		Mon Jan 31 11:38:22 UTC 2005

   Modified Files:
   	pkgsrc/mail/imap-uw: Makefile

   Log Message:
   fix my previous attempt to clarify a comment at the start
---
   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Sat Mar  5 22:01:47 UTC 2005

   Modified Files:
   	pkgsrc/mail/imap-uw: Makefile PLIST

   Log Message:
   - Fix builds on NetBSD 1.6 due to Kerberos/OpenSSL 0.9.7 issues
   - Included some utilities in the install that were once a part of the
     imap-uw-utils package but are now a part of this package
   - ok'ed kim@
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Sun Mar  6 14:37:16 UTC 2005

   Modified Files:
   	pkgsrc/mail/imap-uw-utils: DESCR Makefile PLIST distinfo

   Log Message:
   - Update to 20050108 to avoid conflicts with imap-uw package
   - Issue spotted by diro (at) nixsys.bz in PR #28966

   This distribution now contains two unsupported programs, icat and ifrom,
   which may be of use to some sites.

   The old chkmail, imapcopy, imapxfer, mbxcopy, mbxcreat, and mbxcvt
   programs have been replaced with the mailutil program, which is
   included in the mail/imap-uw package.

   The dmail, mlock, and tmail programs are also bundled in the mail/imap-uw
   package.
eb9f42a
salo #333 b9eb27e
Commits on Mar 11, 2005
snj Pullup ticket 349 - requested by Lubomir Sedlacik
security fix for libexif

Revisions pulled up:
- pkgsrc/graphics/libexif/Makefile		1.22
- pkgsrc/graphics/libexif/buildlink3.mk		1.6
- pkgsrc/graphics/libexif/distinfo		1.12
- pkgsrc/graphics/libexif/patches/patch-ab	1.1


    Module Name:    pkgsrc
    Committed By:   adam
    Date:           Thu Mar 10 19:22:22 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: distinfo
    Added Files:
            pkgsrc/graphics/libexif/patches: patch-ab

    Log Message:
    Added a patch to fix buffer overflow:

      * SECURITY UPDATE: Fix buffer overflow.
      * libexif/exif-data.c: Add buffer size checks in several places before
        trying to access it.
      * Thanks to Sylvain Defresne for spotting this and the patch.
      * References:
        https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152

    Thanks to wiz@ for heads-up. :)

    ----

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Thu Mar 10 22:21:56 UTC 2005

    Modified Files:
            pkgsrc/graphics/libexif: Makefile buildlink3.mk

    Log Message:
    Bump PKGREVISION and BUILDLINK_RECOMMENDED for the security fix. (hi adam!)
edb455c
snj 349 f42300c
snj Pullup ticket 350 - requested by Lubomir Sedlacik
security fix for xpm

Revisions pulled up:
- pkgsrc/graphics/xpm/Makefile		1.39
- pkgsrc/graphics/xpm/distinfo		1.12
- pkgsrc/graphics/xpm/patches/patch-ak	1.2


    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Thu Mar 10 15:23:10 UTC 2005

    Modified Files:
            pkgsrc/graphics/xpm: Makefile distinfo
            pkgsrc/graphics/xpm/patches: patch-ak

    Log Message:
    Add patch to fix CAN-2005-0605. Bump PKGREVISION.
c7b7bca
snj 350 16031c2
snj Pullup ticket 351 - requested by Lubomir Sedlacik
security fix for openmotif

Revisions pulled up:
- pkgsrc/x11/openmotif/Makefile		1.32
- pkgsrc/x11/openmotif/distinfo		1.16
- pkgsrc/x11/openmotif/patches/patch-bi	1.2


    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Thu Mar 10 16:00:32 UTC 2005

    Modified Files:
            pkgsrc/x11/openmotif: Makefile distinfo
            pkgsrc/x11/openmotif/patches: patch-bi

    Log Message:
    Add patch to fix CAN-2005-0605. Bump PKGREVISION.
3554d7c
snj 351 5d08b00
snj Pullup ticket 352 - requested by Lubomir Sedlacik
security fix for lesstif

Revisions pulled up:
- pkgsrc/x11/lesstif/Makefile		1.77,1.78
- pkgsrc/x11/lesstif/buildlink3.mk	1.4
- pkgsrc/x11/lesstif/distinfo		1.11,1.13
- pkgsrc/x11/lesstif/PLIST		1.9
- pkgsrc/x11/lesstif/patches/patch-ab	1.16
- pkgsrc/x11/lesstif/patches/patch-ac	1.17


    Module Name:    pkgsrc
    Committed By:   adam
    Date:           Wed Jan  5 11:16:38 UTC 2005

    Modified Files:
            pkgsrc/x11/lesstif: Makefile distinfo

    Log Message:
    Changes 0.94.0:
    * XPM security fixes
    * memory leak fixes
    * other fixes

    ----

    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Thu Mar 10 16:07:16 UTC 2005

    Modified Files:
            pkgsrc/x11/lesstif: PLIST

    Log Message:
    Sort.

    ----

    Module Name:    pkgsrc
    Committed By:   wiz
    Date:           Thu Mar 10 16:07:27 UTC 2005

    Modified Files:
            pkgsrc/x11/lesstif: Makefile distinfo
    Added Files:
            pkgsrc/x11/lesstif/patches: patch-ab patch-ac

    Log Message:
    Add patch to fix CAN-2005-0605. Bump PKGREVISION.

    ----

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Fri Mar 11 00:34:19 UTC 2005

    Modified Files:
            pkgsrc/x11/lesstif: buildlink3.mk

    Log Message:
    Bump BUILDLINK_RECOMMENDED for security update. (hi wiz!)
23f536b
snj 352 08f8596
Commits on Mar 14, 2005
salo Remove RIPEMD-160 checksum which sneaked in. 1a79fb8
snj Pullup ticket 357 - requested by Lubomir Sedlacik
security fix for ethereal

Revisions pulled up:
- pkgsrc/net/ethereal/Makefile		1.104,1.105
- pkgsrc/net/ethereal/PLIST		1.20
- pkgsrc/net/ethereal/distinfo		1.36
- pkgsrc/net/ethereal/patches/patch-aa	removed
- pkgsrc/net/ethereal/patches/patch-ab	removed


   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Mon Mar 14 15:09:28 UTC 2005

   Modified Files:
           pkgsrc/net/ethereal: Makefile PLIST distinfo
   Removed Files:
           pkgsrc/net/ethereal/patches: patch-aa patch-ab

   Log Message:
   Update to version 0.10.10

   This release fixes three security and stability-related issues:

   - Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
     (CAN-2005-0704)
   - The GPRS-LLC dissector could crash if the "ignore cipher bit" option was
     enabled. (CAN-2005-0705)
   - Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This
     flaw was later reported by Leon Juranic. (CAN-2005-0699)
   - Leon Juranic discovered a buffer overflow in the IAPP dissector.
   - A bug in the JXTA dissector could make Ethereal crash.
   - A bug in the sFlow dissector could make Ethereal crash.

   Everyone is encouraged to upgrade.

   New and updated features:
   =========================
   - Tree view item context menus now let you browse to the display filter
     reference and wiki pages for a particular protocol.
   - Online help has been expanded.
   - VoIP call analysis (including nifty connection diagrams) has been added.
   - GSS-API decryption has been greatly enhanced.

   New protocol support:
   =====================
   AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol, Retix
   Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP

   Updated protocol support:
   =========================
   3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2, DAAP,
   DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella, GPRS, GSM A,
   GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ, IEEE 802.11, IEEE 802.3
   Slow Protocols, IP, iSCSI, ISUP, Juniper, JXTA, Kerberos, L2TP, LDAP, MIP,
   MPLS, NDMP, NSIP, NTP, OSPF, OXID, PostgreSQL, RADIUS, RDT, Redback, RMCP,
   RTP, RTSP, SCSI, SCTP, SDP, SPNEGO, SSL, STUN, TCAP, TCP, TZSP

   New and updated capture file support:
   =====================================
   DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)

   ---

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Mon Mar 14 15:34:57 UTC 2005

   Modified Files:
           pkgsrc/net/ethereal: Makefile

   Log Message:
   Remove unnecessary "post-patch" target".
5cec4ab
snj 357 8ac6fd3
Commits on Mar 19, 2005
salo Pullup ticket 372 - requested by Julio M. Merino Vidal
security fix for gaim

Patch provided by submitter.

version 1.1.4 (2/24/2005):
	* Fixed a bug where Yahoo! would lose messages (and any other packet
	  really)
	* Correctly show the time when incoming Gadu-Gadu messages were sent
	  (Carl-Daniel Hailfinger)
	* Fixed crashes with glib 2.6
	* Fixed MSN crash when conversations time out after the conversation
	  window was closed
	* Fixed an html parsing bug, CAN-2005-0208

version 1.1.3 (2/17/2005):
	* CHAP authentication support for SOCKS5 proxies (Malcolm Smith)
	* ICQ offline messages are sent using your specified character
	  set instead of Unicode (Magnus Hult)
	* MSN HTTP method works with proxies using authentication (Bastien
	  Durel)
	* Really fix the bug where buddies show as logged in for 49 thousand
	  days
	* Buddy pounces containing '&' are saved correctly
	* Improved MSN error handling when the servers are unavailable
	* More MSN bug fixes
	* Fix some leaks
	* Fix "Find" in the log viewer so that it finds in all logs
	* Smileys not appearing at the end of lines has been fixed
	* Closing conversation windows no longer cancels active file transfers
	  on MSN (Felipe Contreras)

version 1.1.2 (1/20/2005):
	* MSN 'HTTP Method' fixed (Felipe Contreras)
	* Better handling of MSN's Individuals group and buddy status updates
	  (Felipe Contreras)
	* Fix a crash inviting MSN user to a chat when they're already there
	* AIM SecurID login support
	* Fix configuration of Jabber chat rooms on some servers
	* More MSN bug fixes (Felipe Contreras)
	* Fix queue messages to Docklet when not globally away (Robert McQueen)
	* Fix some leaks
	* The Autopackage now builds both the mozilla-nss and the gnutls
	  ssl plugins, and requires at least one of those libraries.

version 1.1.1 (12/28/2004):
	* Allow SILC authentication via public key if your key is password
	  protected (Michele Baldessari)
	* More MSN bug fixes (Felipe Contreras)
	* Drag-and-drop to conversation window file transfers work again
	* Disable the delete button on pounces that aren't saved yet anyway
	  (Kevin Stange)
5a2da83
salo #372 bcc7663