Pullup #2936

(spz)

Pullup ticket 2936 - requested by tron
security update

Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile 1.22
- pkgsrc/databases/mysql5-client/Makefile.common 1.36
- pkgsrc/databases/mysql5-client/PLIST 1.12
- pkgsrc/databases/mysql5-client/distinfo 1.27
- pkgsrc/databases/mysql5-server/Makefile 1.29
- pkgsrc/databases/mysql5-server/PLIST 1.15
- pkgsrc/databases/mysql5-server/distinfo 1.23
- pkgsrc/databases/mysql5-server/patches/patch-ab 1.6
- pkgsrc/databases/mysql5-server/patches/patch-al 1.4
- pkgsrc/databases/mysql5-server/patches/patch-an 1.6

Deleted files:
- pkgsrc/databases/mysql5-client/patches/patch-bh
- pkgsrc/databases/mysql5-client/patches/patch-bi
- pkgsrc/databases/mysql5-client/patches/patch-bj
- pkgsrc/databases/mysql5-server/patches/patch-ac
- pkgsrc/databases/mysql5-server/patches/patch-ad

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Nov 26 16:33:30 UTC 2009

  Modified Files:
  pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo
  pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
  pkgsrc/databases/mysql5-server/patches: patch-ab patch-al patch-an
  Removed Files:
  pkgsrc/databases/mysql5-client/patches: patch-bh patch-bi patch-bj
  pkgsrc/databases/mysql5-server/patches: patch-ac patch-ad

  Log Message:
  Update "mysql5-client" and "mysql5-server" package to version 5.0.88.
  This release fixes a large number of bugs and security vulnerabilities
  including SA37372.

  For detailed list of all the changes since 5.0.67 have a look here, please:
  http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html

  To generate a diff of this commit:
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/databases/mysql5-client/Makefile
  cvs rdiff -u -r1.35 -r1.36 pkgsrc/databases/mysql5-client/Makefile.common
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/mysql5-client/PLIST
  cvs rdiff -u -r1.26 -r1.27 pkgsrc/databases/mysql5-client/distinfo
  cvs rdiff -u -r1.3 -r0 pkgsrc/databases/mysql5-client/patches/patch-bh
  cvs rdiff -u -r1.1 -r0 pkgsrc/databases/mysql5-client/patches/patch-bi \
      pkgsrc/databases/mysql5-client/patches/patch-bj
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-server/Makefile
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/mysql5-server/PLIST
  cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/mysql5-server/distinfo
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/mysql5-server/patches/patch-ab \
      pkgsrc/databases/mysql5-server/patches/patch-an
  cvs rdiff -u -r1.8 -r0 pkgsrc/databases/mysql5-server/patches/patch-ac
  cvs rdiff -u -r1.4 -r0 pkgsrc/databases/mysql5-server/patches/patch-ad
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/databases/mysql5-server/patches/patch-al

(spz)

pullup #2931

(spz)

Pullup ticket 2931 - requested by tron
MASTER_SITES list update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile patch 1.53 to 1.54

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Nov 11 22:28:51 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile

  Log Message:
  Provide working URLs for fetching old Apache releases.

  To generate a diff of this commit:
  cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/Makefile

(spz)

fix syntax error for python26 in khashmir/test_krpc.py
patch kudos Attila T�th for Gentoo

(spz)

pullup #2927

(spz)

Pullup ticket 2927 - requested by obache
security update

Revisions pulled up:
- pkgsrc/www/p5-HTML-Parser/Makefile 1.47
- pkgsrc/www/p5-HTML-Parser/distinfo 1.22

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: sno
  Date: Sat Oct 24 16:07:16 UTC 2009

  Modified Files:
  pkgsrc/www/p5-HTML-Parser: Makefile distinfo

  Log Message:
  Updating www/p5-HTML-Parser from 3.62 to 3.63

  Upstream changes:
  2009-10-22  Release 3.63

  Gisle Aas (2):
      Take more care to prepare the char range for encode_entities [RT#50170]
      decode_entities confused by trailing incomplete entity

  To generate a diff of this commit:
  cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/p5-HTML-Parser/Makefile
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/p5-HTML-Parser/distinfo

(spz)

pullup #2924

(spz)

Pullup ticket 2924 - requested by tron
security update

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.38
- pkgsrc/net/wireshark/distinfo 1.25

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Oct 28 11:53:40 UTC 2009

  Modified Files:
  pkgsrc/net/wireshark: Makefile distinfo

  Log Message:
  Update "wireshark" package to version 1.2.3. Changes since version 1.2.2:
  - The following vulnerabilities have been fixed. See the security
    advisory for details and a workaround.
    o The Paltalk dissector could crash on alignment-sensitive
      processors. (Bug 3689)
      Versions affected: 1.2.0 to 1.2.2
    o The DCERPC/NT dissector could crash.
      Versions affected: 0.10.10 to 1.2.2
    o The SMB dissector could crash.
      Versions affected: 1.2.0 to 1.2.2
  - The following bugs have been fixed:
    o Wireshark memory leak with each file open and/or display
      filter change. (Bug 2375)
    o DHCP Dissector displays negative lease time. (Bug 2733)
    o Invalid advertised window line on tcptrace style graph. (Bug
      3417)
    o SMB get_dfs_referral referral entry is not dissected
      correctly. (Bug 3542)
    o Error dissecting eMule sourceOBFU message. (Bug 3848)
    o Typos in Diameter XML files. (Bug 3878)
    o RSL dissector for MS Power IE is broken. (Bug 4017)
    o Manifest problem in 1.2.2 Win64 build. (Bug 4024)
    o FIP dissector throws assertion. (Bug 4046)
    o TCAP problem with indefinite length 'components' SEQ OF. (Bug
      4053)
    o GSM MAP: an-APDU not decoded. (Bug 4095)
    o Add "Drag and Drop entries..." message on Columns preferences
      page. (Bug 4099)
    o Editcap -t and -w option parses fractional digits incorrectly.
      (Bug 4162)
  - Updated Protocol Support
    DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP,
    Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS

  To generate a diff of this commit:
  cvs rdiff -u -r1.37 -r1.38 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/wireshark/distinfo

(spz)

pullup #2908

(spz)

Pullup ticket 2908 - requested by tron
security update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile by patch to 1.52
- pkgsrc/www/apache22/distinfo by patch to 1.27
- pkgsrc/www/apache22/patches/patch-ab by patch to 1.14

Files removed:
pkgsrc/www/apache22/patches/patch-av
pkgsrc/www/apache22/patches/patch-ba
pkgsrc/www/apache22/patches/patch-bb

The patches update the package to the state in HEAD.

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Oct  4 12:21:35 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  pkgsrc/www/apache22/patches: patch-ab

  Log Message:
  Add patch from the Apache SVN repository to the vulnerability reported
  in CVE-2009-3095.

  To generate a diff of this commit:
  cvs rdiff -u -r1.51 -r1.52 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.26 -r1.27 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/apache22/patches/patch-ab

(spz)

fix GNUism in find syntax in the news.daily script source
(reported by Geoff Wing <gcw@pobox.com>)

(spz)

pullup #2902

(spz)

Pullup ticket 2902 - requested by tron
security patch

Revisions pulled up:
- pkgsrc/multimedia/ffmpeg/Makefile by patch
- pkgsrc/multimedia/ffmpeg/distinfo by patch
- pkgsrc/multimedia/ffmpeg/options.mk by patch
- pkgsrc/multimedia/ffmpeg/patches/patch-bktr by patch
- pkgsrc/multimedia/ffmpeg/patches/patch-configure by patch

Files added:
pkgsrc/multimedia/ffmpeg/patches/patch-aa 1.9
pkgsrc/multimedia/ffmpeg/patches/patch-ab 1.6
pkgsrc/multimedia/ffmpeg/patches/patch-powerpc 1.6

  -------------------------------------------------------------------------

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri Sep 25 11:10:21 UTC 2009

  Modified Files:
  pkgsrc/multimedia/ffmpeg: Makefile distinfo
  Added Files:
  pkgsrc/multimedia/ffmpeg/patches: patch-ab

  Log Message:
  Add patch from ffmpeg GIT repository to fix the vulnerability
  reported in SA36760.

  To generate a diff of this commit:
  cvs rdiff -u -r1.53 -r1.54 pkgsrc/multimedia/ffmpeg/Makefile
  cvs rdiff -u -r1.30 -r1.31 pkgsrc/multimedia/ffmpeg/distinfo
  cvs rdiff -u -r0 -r1.6 pkgsrc/multimedia/ffmpeg/patches/patch-ab

(spz)

fix packaging bugs noted by Geoff Wing (gcw@pobox.com) (thanks)

(spz)

pullup #2900

(spz)

Pullup ticket 2900 - requested by jun
build fix for mips

Revisions pulled up:
- pkgsrc/editors/emacs/distinfo by patch
- pkgsrc/editors/emacs/patches/patch-ab by patch

Files added:
pkgsrc/editors/emacs/patches/patch-aw by patch
pkgsrc/editors/emacs/patches/patch-ax by patch

package revision doesn't bump because the change only impacts mips
architecture, where it wouldn't properly build before.

  -------------------------------------------------------------------------

  Module Name:    pkgsrc
  Committed By:  jun
  Date:          Mon Sep 21 10:10:58 UTC 2009

  Modified Files:
          pkgsrc/editors/emacs22: distinfo
  Added Files:
          pkgsrc/editors/emacs22/patches: patch-ax

  Log Message:
  compile enable on mips ports.
  adviced and patches from tsutsui-san on [netbsd,09810].

  tested on hpcmips-current.

  To generate a diff of this commit:
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/editors/emacs22/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/editors/emacs22/patches/patch-ax

  -------------------------------------------------------------------------

  Module Name:    pkgsrc
  Committed By:  jun
  Date:          Sun Sep 13 02:12:28 UTC 2009

  Modified Files:
          pkgsrc/editors/emacs22: Makefile distinfo
          pkgsrc/editors/emacs22/patches: patch-ab

  Log Message:
  change patch-ab:
          add mips config to configure
  Bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/editors/emacs22/Makefile \
      pkgsrc/editors/emacs22/distinfo
  cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/editors/emacs22/patches/patch-ab

  -------------------------------------------------------------------------

  Module Name:    pkgsrc
  Committed By:  jun
  Date:          Sun Sep 13 01:26:34 UTC 2009

  Modified Files:
          pkgsrc/editors/emacs22/patches: patch-aw

  Log Message:
  Fit for mips, change fix from emacs23:
  http://cvs.savannah.gnu.org/viewvc/emacs/configure.in?root=emacs&r1=1.602&r2=1.603

  adviced by obata-san,[netbsd,09792]

  To generate a diff of this commit:
  cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/editors/emacs22/patches/patch-aw

(spz)

pullup #2899

(spz)

Pullup ticket 2899 - requested by tron
security update

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile by patch
- pkgsrc/net/wireshark/PLIST by patch
- pkgsrc/net/wireshark/distinfo by patch

  Module Name: pkgsrc
  Committed By: tron
  Date: Sat Sep 19 06:36:19 UTC 2009

  Modified Files:
  pkgsrc/net/wireshark: Makefile PLIST distinfo

  Log Message:
  Update "wireshark" package to version 1.2.2. Changes since version 1.2.1:
  - The following vulnerabilities have been fixed. See the security
    advisory for details and a workaround.
    - The GSM A RR dissector could crash.
      Versions affected: 1.2.0 to 1.2.1
    - The OpcUa dissector could use excessive CPU and memory.
      Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
    - The TLS dissector could crash on some platforms.
      Versions affected: 1.2.0 to 1.2.1
  - The following bugs have been fixed:
    - The "Capture->Interfaces" window can't be closed. (Bug 1740)
    - tshark-1.0.2 (dumpcap) signal abort core saved. (Bug 2767)
    - Memory leak fixes. (Bug 3330)
    - Display filter autocompletion doesn't work for some RADIUS and
      WiMAX ASNCP fields. (Bug 3538)
    - Wireshark Portable includes wrong WinPcap installer. (Bug
      3547)
    - Crash when loading a profile. (Bug 3640)
    - The proto,colinfo tap doesn't work if the INFO column isn't
      being printed. (Bug 3675)
    - Flow Graph adds too much unnecessary garbage. (Bug 3693)
    - The EAP Diameter dictionary file was missing in the
      distribution. (Bug 3761)
    - Graph analysis window is behind other window. (Bug 3773)
    - IKEv2 Cert Request payload dissection error. (Bug 3782)
    - DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified
      domain-name. (Bug 3792)
    - Malformed RTCP Packet error while sending Payload specific
      RTCP feedback packet( as per RFC 4585). (Bug 3800)
    - 802.11n Block Ack packet Bitmap field missing. (Bug 3806)
    - Wireshark doesn't decode WBXML/ActiveSync information
      correctly. (Bug 3811)
    - Malformed packet when IPv6 packet has Next Header =3D=3D 59. (Bug
      3820)
    - Wireshark could crash while reading an ERF file. (Bug 3849)
    - Minor errors in gsm rr dissectors. (Bug 3889)
    - WPA Decryption Issues. (Bug 3890)
    - GSM A RR sys info dissection problem. (Bug 3901)
    - GSM A RR inverts MEAS-VALID values. (Bug 3915)
    - PDML output leaks ~300 bytes / packet. (Bug 3913)
    - Incorrect station identifier parsing in Kingfisher dissector.
      (Bug 3946)
    - DHCPv6, Vendor-Specific Informantion, SubOption"Option
      Request" parser incorrect. (Bug 3987)
    - Wireshark could leak memory while analyzing SSL.
    - Wireshark could crash while updating menu items after reading
      a file in some cases.
    - The Mac OS X ChmodBPF script now works correctly under Snow
      Leopard.
  - Updated Protocol Support
    DCERPC, DHCPv6, DNS, E.212, GSM A RR, GTPv2, H.248, IEEE 802.11,
    IPMI, ISAKMP/IKE, ISUP, Kingfisher, LDAP, OpcUA, RTCP, SCTP, SIP,
    SSL, TCP, WBXML, ZRTP
  - Updated Capture File Support
    ERF

  To generate a diff of this commit:
  cvs rdiff -u -r1.36 -r1.37 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/wireshark/PLIST
  cvs rdiff -u -r1.23 -r1.24 pkgsrc/net/wireshark/distinfo

(spz)

Note update of news/inn to latest stable version, 2.5.0

(spz)

Update of the INN package to the latest stable version (2.5.0).

(spz)

add an option to openvpn to enable using certificates on USB sticks
or cards (etc) that are using the PKCS11 protocol

(spz)

security update (lesser impact) to version 3.8.5

(spz)

note the addition of pkcs11-helper

(spz)

take wip/pkcs11-helper as generated by Daniel 'morr' Horecki <shinden@@linux.pl>

add options, DESTDIR, LICENSE and other small updates to pkgsrc-current

(spz)

take wip/pkcs11-helper as generated by Daniel 'morr' Horecki <shinden@linux.pl>

add options, DESTDIR, LICENSE and other small updates to pkgsrc-current

(spz)

make pkglint shut up, add a forgotten "successor"

(spz)

added openssl and nss option descriptions

(spz)

pullups 2893 and 2894

(spz)

Pullup ticket 2894 - requested by tron
security update

Revisions pulled up:
- pkgsrc/www/neon/Makefile by patch
- pkgsrc/www/neon/PLIST by patch
- pkgsrc/www/neon/distinfo by patch

Files added:
pkgsrc/www/neon/patches/patch-ab by patch

  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Mon Sep 14 16:48:44 UTC 2009

  Modified Files:
          pkgsrc/www/neon: Makefile PLIST distinfo
          pkgsrc/www/neon/patches: patch-ab
  Removed Files:
          pkgsrc/www/neon/patches: patch-aa

  Log Message:
  Update "neon" package to version 0.29. Changes since version 0.28.5:
  * Interface changes:
    o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
  * New interfaces and features:
    o added NTLM auth support for Unix builds (Kai Sommerfeld,
      Daniel Stenberg)
    o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
    o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
    o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
      and ne_session.h:ne_session_socks_proxy()
    o added support for system-default proxies: ne_session_system_proxy(),
      implemented using libproxy where available
    o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
      SSL verification failure bits extended by NE_SSL_BADCHAIN and
      NE_SSL_REVOKED, better handling of failures within the cert chain
      (thanks to Ludwig Nussel)
    o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
      ne_iaddr_raw(), ne_iaddr_parse()
    o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
  * Deprecated interfaces:
    o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
    o obsolete feature "NE_FEATURE_SOCKS" now never marked present
  * Other changes:
    o fix handling of "stale" flag in RFC2069-style Digest auth challenge
    o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
    o symbol versioning used for new symbols, where supported
    o ensure SSL connections are closed cleanly with OpenSSL
    o fix build with OpenSSL 1.0 beta
    o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
  * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
    could allow a Denial of Service attack by a malicious server.
  * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
    certificate subject name; could allow an undetected MITM attack against
    an SSL server if a trusted CA issues such a cert.

  Tested by Daniel Horecki with SVN client.

  To generate a diff of this commit:
  cvs rdiff -u -r1.48 -r1.49 pkgsrc/www/neon/Makefile
  cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/neon/PLIST
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/neon/distinfo
  cvs rdiff -u -r1.1 -r0 pkgsrc/www/neon/patches/patch-aa
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/neon/patches/patch-ab

(spz)

Pullup ticket 2893 - requested by tron
security fix

Revisions pulled up:
- pkgsrc/net/wget/Makefile 1.100
- pkgsrc/net/wget/distinfo 1.34

Files added:
pkgsrc/net/wget/patches/patch-aa 1.9

  Module Name: pkgsrc
  Committed By: tron
  Date: Mon Sep 14 12:06:13 UTC 2009

  Modified Files:
  pkgsrc/net/wget: Makefile distinfo
  Added Files:
  pkgsrc/net/wget/patches: patch-aa

  Log Message:
  Add a fix for SA36540 (SSL certificate spoofing vulnerability) taken
  from the source repository.

  To generate a diff of this commit:
  cvs rdiff -u -r1.99 -r1.100 pkgsrc/net/wget/Makefile
  cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/wget/distinfo
  cvs rdiff -u -r0 -r1.9 pkgsrc/net/wget/patches/patch-aa

(spz)

pullup 2892

(spz)

Pullup ticket 2892 - requested by tron
security fix

Revisions pulled up:
- pkgsrc/www/apache22/Makefile by patch
- pkgsrc/www/apache22/distinfo by patch

Files added:
pkgsrc/www/apache22/patches/patch-ab 1.12

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Sep 13 13:32:50 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-ab

  Log Message:
  Add a fix for the remote Denial of Service vulnerability reported
  in CVE-2009-3094.

  To generate a diff of this commit:
  cvs rdiff -u -r1.49 -r1.50 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r0 -r1.12 pkgsrc/www/apache22/patches/patch-ab

(spz)

pullups 2883 and 2886

(spz)

Pullup ticket 2883 - requested by tron
security fix

Revisions pulled up:
- pkgsrc/mail/libspf2/Makefile 1.7
- pkgsrc/mail/libspf2/distinfo 1.4

Files added:
pkgsrc/mail/libspf2/patches/patch-aa 1.1

  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Sep  8 10:36:27 UTC 2009

  Modified Files:
  pkgsrc/mail/libspf2: Makefile distinfo
  Added Files:
  pkgsrc/mail/libspf2/patches: patch-aa

  Log Message:
  Fix an abort() caused by miscalculating the size of an internal buffer.
  This can crash applications using "libspf2" (e.g. "milter-greylist")
  in an e-mail gets delivered via SMTP over IPv6 depending on the
  remote machine's IPv6 address.

  To generate a diff of this commit:
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/libspf2/Makefile
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/mail/libspf2/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/mail/libspf2/patches/patch-aa

(spz)

Pullup ticket 2886 - requested by drochner
security fix

Revisions pulled up:
- pkgsrc/textproc/expat/Makefile 1.24
- pkgsrc/textproc/expat/distinfo 1.17

Files added:
pkgsrc/textproc/expat/patches/patch-aa 1.7

  Module Name:    pkgsrc
  Committed By:  drochner
  Date:          Thu Sep 10 09:59:21 UTC 2009

  Modified Files:
          pkgsrc/textproc/expat: Makefile distinfo
  Added Files:
          pkgsrc/textproc/expat/patches: patch-aa

  Log Message:
  fix SA36425: possible DoS due to an error when parsing certain
  UTF-8 sequences
  (patch from Python CVS)
  bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -u -r1.23 -r1.24 pkgsrc/textproc/expat/Makefile
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/expat/distinfo
  cvs rdiff -u -r0 -r1.7 pkgsrc/textproc/expat/patches/patch-aa

(spz)

should have been deleted with pullup #2844 already

(spz)

pullup #2875

(spz)

Pullup ticket 2875 - requested by tron
security update

Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.108
- pkgsrc/mail/squirrelmail/PLIST 1.33
- pkgsrc/mail/squirrelmail/distinfo 1.55

  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Aug 26 12:47:17 UTC 2009

  Modified Files:
  pkgsrc/mail/squirrelmail: Makefile PLIST distinfo

  Log Message:
  Update "squirremail" package to version 1.4.20rc2. Changes since 1.4.19:
  - Protect message deletion with security token system.
    (Secunia Advisory SA346)
  - Removed the shut down DSBL blocklists (#2796734).
  - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess
    (#2798839).
  - Updated INSTALL doc to remove possible bad system admin typos (#2827153).
  - PHP 5.3 deprecates ereg functions (#2820952).
  - Filters plugin uses badly formatted literals request (#2805201).
  - Provide option for complete removal of usernames and user IP addresses
    from message headers, and remove personal data from Message ID seed.
    (#880029/847107)
  - Implemented page referal verification mechanism.
    (Secunia Advisory SA34627)
  - Implemented security token system. (Secunia Advisory SA34627)

  Approved by Martti Kuparinen.

  To generate a diff of this commit:
  cvs rdiff -u -r1.107 -r1.108 pkgsrc/mail/squirrelmail/Makefile
  cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/squirrelmail/PLIST
  cvs rdiff -u -r1.54 -r1.55 pkgsrc/mail/squirrelmail/distinfo

(spz)

pullup #2874

(spz)

Pullup ticket 2874 - requested by tron
security update

Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.86
- pkgsrc/security/gnutls/PLIST 1.36
- pkgsrc/security/gnutls/distinfo 1.60

Files added:
pkgsrc/security/gnutls/patches/patch-ak 1.2
pkgsrc/security/gnutls/patches/patch-al 1.2

  Module Name: pkgsrc
  Committed By: wiz
  Date: Sat Jul 18 10:32:32 UTC 2009

  Modified Files:
  pkgsrc/security/gnutls: Makefile distinfo

  Log Message:
  Update to 2.8.1:

  * Version 2.8.1 (released 2009-06-10)

  ** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cyc=
  le.
  Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
  <http://bugs.gentoo.org/272388>.

  ** libgnutls: Fix PKCS#12 decryption from password.
  The encryption key derived from the password was incorrect for (on
  average) 1 in every 128 input for random inputs.  Reported by "Kukosa,
  Tomas" <tomas.kukosa@siemens-enterprise.com> in
  <http://permalink.gmane.org/gmane.network.gnutls.general/1663>.

  ** API and ABI modifications:
  No changes since last version.

  To generate a diff of this commit:
  cvs rdiff -u -r1.83 -r1.84 pkgsrc/security/gnutls/Makefile
  cvs rdiff -u -r1.57 -r1.58 pkgsrc/security/gnutls/distinfo

  ----------------------------------------------------------------------

  Module Name: pkgsrc
  Committed By: drochner
  Date: Wed Jul 22 16:50:07 UTC 2009

  Modified Files:
  pkgsrc/security/gnutls: Makefile PLIST distinfo
  Added Files:
  pkgsrc/security/gnutls/patches: patch-ak patch-al

  Log Message:
  disable the openssl compatibility library -- no pkg I know of needs
  it, and it only has a potential to conflict with the real openssl
  (bad things will happen if a program links or dlopen()s both)
  bump PKGREVISION
  (the bug fixed in the added patches is already fixed upstream, will
  be in the next release)

  To generate a diff of this commit:
  cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/gnutls/Makefile
  cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/gnutls/PLIST
  cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/gnutls/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-ak \
      pkgsrc/security/gnutls/patches/patch-al

  ----------------------------------------------------------------------

  Module Name: pkgsrc
  Committed By: snj
  Date: Thu Aug 13 18:56:32 UTC 2009

  Modified Files:
  pkgsrc/security/gnutls: Makefile distinfo
  pkgsrc/security/gnutls/patches: patch-ak patch-al

  Log Message:
  Update to 2.8.3.  Changes:

  * Version 2.8.3 (released 2009-08-13)

  ** libgnutls: Fix patch for NUL in CN/SAN in last release.
  Code intended to be removed would lead to an read-out-bound error in
  some situations.  Reported by Tomas Hoger <thoger@redhat.com>.  A CVE
  code have been allocated for the vulnerability: [CVE-2009-2730].

  ** libgnutls: Fix rare failure in gnutls_x509_crt_import.
  The function may fail incorrectly when an earlier certificate was
  imported to the same gnutls_x509_crt_t structure.

  ** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build
  error.

  ** tests: Made self-test mini-eagain take less time.

  ** doc: Typo fixes.

  ** API and ABI modifications:
  No changes since last version.

  * Version 2.8.2 (released 2009-08-10)

  ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
  By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
  into 1) not printing the entire CN/SAN field value when printing a
  certificate and 2) cause incorrect positive matches when matching a
  hostname against a certificate.  Some CAs apparently have poor
  checking of CN/SAN values and issue these (arguable invalid)
  certificates.  Combined, this can be used by attackers to become a
  MITM on server-authenticated TLS sessions.  The problem is mitigated
  since attackers needs to get one certificate per site they want to
  attack, and the attacker reveals his tracks by applying for a
  certificate at the CA.  It does not apply to client authenticated TLS
  sessions.  Research presented independently by Dan Kaminsky and Moxie
  Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger@redhat.com>
  for providing one part of the patch.  [GNUTLS-SA-2009-4].

  ** libgnutls: Fix return value of gnutls_certificate_client_get_request_sta=
  tus.
  Before it always returned false.  Reported by Peter Hendrickson
  <pdh@wiredyne.com> in
  <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.

  ** libgnutls: Fix off-by-one size computation error in unknown DN printing.
  The error resulted in truncated strings when printing unknown OIDs in
  X.509 certificate DNs.  Reported by Tim Kosse
  <tim.kosse@filezilla-project.org> in
  <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.

  ** libgnutls: Return correct bit lengths of some MPIs.
  gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
  gnutls_dh_get_peers_public_bits.  Before the reported value was
  overestimated.  Reported by Peter Hendrickson <pdh@wiredyne.com> in
  <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.

  ** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
  Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
  <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
  and
  <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.

  ** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
  Before we required that the runtime library used the same (or more
  recent) libgcrypt/libtasn1 as it was compiled with.  Now we just check
  that the runtime usage is above the minimum required.  Reported by
  Marco d'Itri <md@linux.it> via Andreas Metzler
  <ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.

  ** minitasn1: Internal copy updated to libtasn1 v2.3.

  ** tests: Fix failure in "chainverify" because a certificate have expired.

  ** API and ABI modifications:
  No changes since last version.

  To generate a diff of this commit:
  cvs rdiff -u -r1.85 -r1.86 pkgsrc/security/gnutls/Makefile
  cvs rdiff -u -r1.59 -r1.60 pkgsrc/security/gnutls/distinfo
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/gnutls/patches/patch-ak \
      pkgsrc/security/gnutls/patches/patch-al

(spz)

pullup #2873

(spz)

Pullup ticket 2873 - requested by tron
security update

Revisions pulled up:
- pkgsrc/textproc/libxml2/Makefile 1.101
- pkgsrc/textproc/libxml2/distinfo 1.72

Files added:
pkgsrc/textproc/libxml2/patches/patch-af 1.5

  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Aug 26 10:20:57 UTC 2009

  Modified Files:
  pkgsrc/textproc/libxml2: Makefile distinfo
  Added Files:
  pkgsrc/textproc/libxml2/patches: patch-af

  Log Message:
  Add patch to fix the security vulnerabilites reported in CVE-2009-2414
  and CVE-2009-2416.

  The patch was taken from the latest Fedora 11 "libxml2" source RPM.

  To generate a diff of this commit:
  cvs rdiff -u -r1.100 -r1.101 pkgsrc/textproc/libxml2/Makefile
  cvs rdiff -u -r1.71 -r1.72 pkgsrc/textproc/libxml2/distinfo
  cvs rdiff -u -r0 -r1.5 pkgsrc/textproc/libxml2/patches/patch-af

(spz)

pullup #2852

(spz)

Pullup ticket 2852 - requested by tron
bug fix update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.48
- pkgsrc/www/apache22/PLIST 1.13
- pkgsrc/www/apache22/distinfo 1.23
- pkgsrc/www/apache22/patches/patch-ba 1.4
- pkgsrc/www/apache22/patches/patch-bb 1.3

Files added:
pkgsrc/www/apache22/patches/patch-bb

Files deleted:
pkgsrc/www/apache22/patches/patch-ab
pkgsrc/www/apache22/patches/patch-af
pkgsrc/www/apache22/patches/patch-ah
pkgsrc/www/apache22/patches/patch-bc
pkgsrc/www/apache22/patches/patch-bd

  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Aug  6 07:07:23 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile PLIST distinfo
  Removed Files:
  pkgsrc/www/apache22/patches: patch-ab patch-af patch-ah patch-ba
      patch-bc patch-bd

  Log Message:
  Update "apache22" package to version 2.2.12. Changes since version 2.2.11:
  - SECURITY: CVE-2009-1891 (cve.mitre.org)
    Fix a potential Denial-of-Service attack against mod_deflate or other
    modules, by forcing the server to consume CPU time in compressing a
    large file after a client disconnects. Bug 39605.
    [Joe Orton, Ruediger Pluem]
  - SECURITY: CVE-2009-1195 (cve.mitre.org)
    Prevent the "Includes" Option from being enabled in an .htaccess
    file if the AllowOverride restrictions do not permit it.
    [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
      Ruediger Pluem, Jeff Trawick]
  - SECURITY: CVE-2009-1890 (cve.mitre.org)
    Fix a potential Denial-of-Service attack against mod_proxy in a
    reverse proxy configuration, where a remote attacker can force a
    proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
  - SECURITY: CVE-2009-1191 (cve.mitre.org)
    mod_proxy_ajp: Avoid delivering content from a previous request which
    failed to send a request body. Bug 46949 [Ruediger Pluem]
  - SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
    The bundled copy of the APR-util library has been updated, fixing three
    different security issues which may affect particular configurations
    and third-party modules.
  - mod_include: fix potential segfault when handling back references
    on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]
  - mod_alias: check sanity in Redirect arguments.
    Bug 44729 [S??nke Tesch <st kino-fahrplan.de>, Jim Jagielski]
  - mod_proxy_http: fix Host: header for literal IPv6 addresses.
    Bug 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
  - mod_rewrite: Remove locking for writing to the rewritelog.
    Bug 46942
  - mod_alias: Ensure Redirect emits HTTP-compliant URLs.
    Bug 44020
  - mod_proxy_http: fix case sensitivity checking transfer encoding
    Bug 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
  - mod_rewrite: Fix the error string returned by RewriteRule.
    RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
    argument of RewriteRule was not started with "[" or not ended with "]".
    Bug 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
  - mod_proxy: Complete ProxyPassReverse to handle balancer URL's.  Given;
      BalancerMember balancer://alias http://example.com/foo
      ProxyPassReverse /bash balancer://alias/bar
    backend url http://example.com/foo/bar/that is now translated /bash/that
    [William Rowe]
  - New piped log syntax: Use "||process args" to launch the given process
    without invoking the shell/command interpreter.  Use "|$command line"
    (the default behavior of "|command line" in 2.2) to invoke using shell,
    consuming an additional shell process for the lifetime of the logging
    pipe program but granting additional process invocation flexibility.
    [William Rowe]
  - mod_ssl: Add server name indication support (RFC 4366) and better
    support for name based virtual hosts with SSL. Bug 34607
    [Peter Sylvester <peter.sylvester edelweb.fr>,
      Kaspar Brand <asfbugz velox.ch>, Guenter Knauf, Joe Orton,
      Ruediger Pluem]
  - mod_negotiation: Escape pathes of filenames in 406 responses to avoid
    HTML injections and HTTP response splitting.  Bug 46837.
    [Geoff Keating <geoffk apple.com>]
  - mod_include: Prevent a case of SSI timefmt-smashing with filter chains
    including multiple INCLUDES filters. Bug 39369 [Joe Orton]
  - mod_rewrite: When evaluating a proxy rule in directory context, do
    escape the filename by default. Bug 46428 [Joe Orton]
  - mod_proxy_ajp: Check more strictly that the backend follows the AJP
    protocol. [Mladen Turk]
  - mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
    to enable stricter checking of remote server certificates.
    [Ruediger Pluem]
  - mod_substitute: Fix a memory leak. Bug 44948
    [Dan Poirier <poirier pobox.com>]
  - mod_proxy_ajp: Forward remote port information by default.
    [Rainer Jung]
  - mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders
    directive to correctly remove headers before storing them.
    [Lars Eilebrecht]
  - mod_deflate: revert changes in 2.2.8 that caused an invalid
    etag to be emitted for on-the-fly gzip content-encoding.
    Bug 39727 will require larger fixes and this fix was far more
    harmful than the original code. Bug 45023. [Roy T. Fielding]
  - mod_disk_cache: The module now turns off sendfile support if
    'EnableSendfile off' is defined globally. Bug 41218.
    [Lars Eilebrecht, Issac Goldstand]
  - prefork: Fix child process hang during graceful restart/stop in
    configurations with multiple listening sockets.  Bug 42829.  [Joe Orton,
    Jeff Trawick]
  - mod_ssl: Add SSLRenegBufferSize directive to allow changing the
    size of the buffer used for the request-body where necessary
    during a per-dir renegotiation.  Bug 39243.  [Joe Orton]
  - mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
    way that per-directory rewrites append the previous notion of PATH_INFO
    to each substitution before evaluating subsequent rules.
    Bug 38642 [Eric Covener]
  - mod_authnz_ldap: Reduce number of initialization debug messages and make
    information more clear. Bug 46342 [Dan Poirier]
  - mod_cache: Introduce 'no-cache' per-request environment variable
    to prevent the saving of an otherwise cacheable response.
    [Eric Covener]
  - core: Translate the status line to ASCII on EBCDIC platforms in
    ap_send_interim_response() and for locally generated "100 Continue"
    responses.  [Eric Covener]
  - CGI: return 504 (Gateway timeout) rather than 500 when a script
    times out before returning status line/headers.
    Bug 42190 [Nick Kew]
  - prefork: Log an error instead of segfaulting when child startup fails
    due to pollset creation failures.  Bug 46467.  [Jeff Trawick]
  - mod_ext_filter: fix error handling when the filter prog fails to start,
    and introduce an onfail configuration option to abort

  All the security problems mentioned above had already been fixed in
  "pkgsrc" via patches. Thanks a lot to Adam Ciarcinski for letting me
  know that new version had finally been released.

  To generate a diff of this commit:
  cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/apache22/PLIST
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r1.10 -r0 pkgsrc/www/apache22/patches/patch-ab
  cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache22/patches/patch-af \
      pkgsrc/www/apache22/patches/patch-ah
  cvs rdiff -u -r1.2 -r0 pkgsrc/www/apache22/patches/patch-ba \
      pkgsrc/www/apache22/patches/patch-bc pkgsrc/www/apache22/patches/patch-bd

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Aug  6 08:21:44 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-ba patch-bb

  Log Message:
  Add patches provided by Adam Ciarcinski to fix build with recent versions
  of OpenSSL (e.g. the version in NetBSD-current).

  To generate a diff of this commit:
  cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r0 -r1.4 pkgsrc/www/apache22/patches/patch-ba
  cvs rdiff -u -r0 -r1.3 pkgsrc/www/apache22/patches/patch-bb

(spz)

pullup #2856

(spz)

Pullup ticket 2856 - requested by gdt
security update

Revisions pulled up:
- pkgsrc/devel/apr/Makefile 1.59
- pkgsrc/devel/apr/distinfo 1.27

  Module Name: pkgsrc
  Committed By: gdt
  Date: Fri Aug  7 14:29:44 UTC 2009

  Modified Files:
  pkgsrc/devel/apr: Makefile distinfo

  Log Message:
  Update to 1.3.8 (security fix).

  Changes for APR 1.3.8

    *) SECURITY: CVE-2009-2412 (cve.mitre.org)
        Fix overflow in pools and rmm, where size alignment was taking place.
        [Matt Lewis <mattlewis@google.com>, Sander Striker]

    *) Make sure that "make check" is used in the RPM spec file, consistent
        with apr-util. [Graham Leggett]

    *) Pass default environment to testflock, testoc and testpipe children,
        so that tests run when APR is compiled with Intel C Compiler.
        [Bojan Smojver]

  To generate a diff of this commit:
  cvs rdiff -u -r1.58 -r1.59 pkgsrc/devel/apr/Makefile
  cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/apr/distinfo

(spz)

pullup #2854

(spz)

Pullup ticket 2854 - requested by tron
security update

Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.14
- pkgsrc/devel/apr-util/Makefile 1.8
- pkgsrc/devel/apr/Makefile 1.58
- pkgsrc/devel/apr/distinfo 1.26

  Module Name: pkgsrc
  Committed By: schmonz
  Date: Fri Jul 24 13:09:32 UTC 2009

  Modified Files:
  pkgsrc/devel/apr-util: Makefile

  Log Message:
  Configure --without-sqlite2 in case it's unavoidably on the include path.

  To generate a diff of this commit:
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/apr-util/Makefile

  -----

  Module Name: pkgsrc
  Committed By: tonnerre
  Date: Tue Aug  4 10:09:35 UTC 2009

  Modified Files:
  pkgsrc/devel/apr: Makefile distinfo

  Log Message:
  Update to apr version 1.3.7, which, other than 1.3.5, is still downloadable.

  Changes since 1.3.5:
    - On Linux/hppa flock() returns EAGAIN instead of EWOULDBLOCK. This
      causes proc mutex failures.
    - Set CLOEXEC flags where appropriate. Either use new O_CLOEXEC flag and
      associated functions, such as dup3(), accept4(), epoll_create1() etc.,
      or simply set CLOEXEC flag using fcntl().
    - More elaborate detection for dup3(), accept4() and epoll_create1().

  To generate a diff of this commit:
  cvs rdiff -u -r1.57 -r1.58 pkgsrc/devel/apr/Makefile
  cvs rdiff -u -r1.25 -r1.26 pkgsrc/devel/apr/distinfo

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

  -----

  Module Name: pkgsrc
  Committed By: tonnerre
  Date: Tue Aug  4 10:13:04 UTC 2009

  Modified Files:
  pkgsrc/devel/apr-util: Makefile distinfo

  Log Message:
  Upgrade apr-util to version 1.3.8, which, unlike 1.3.7, is still downloadab=
  le.

  Changes since 1.3.7:
    - Use locally scoped variables in PostgreSQL driver to avoid stomping
      on return codes.
    - Fix race conditions in initialisation of DBD, DBM and DSO.
    - Expose DBM libs in apu-1-config by default. To avoid that, use
      apu-1-config --avoid-dbm --libs. To get just DBM libs, use
      apu-1-config --dbm-libs.
    - Make sure --without-ldap works.

  To generate a diff of this commit:
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/apr-util/Makefile
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/apr-util/distinfo

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri Aug  7 10:39:24 UTC 2009

  Modified Files:
  pkgsrc/devel/apr-util: Makefile distinfo

  Log Message:
  Update "apr-util" package to version 1.3.8. Changes since 1.3.9:
  - SECURITY: CVE-2009-2412 (cve.mitre.org)
    Fix overflow in rmm, where size alignment was taking place.
    [Matt Lewis <mattlewis@google.com>, Sander Striker]
  - Make sure that "make check" is used in the RPM spec file, so that
    the crypto, dbd and dbm tests pass. [Graham Leggett]
  - Make sure the mysql version of dbd_mysql_get_entry() respects the
    rule that if the column number exceeds the number of columns, we
    return NULL. [Graham Leggett]
  - Ensure the dbm module is packaged up correctly in the RPM.
    [Graham Leggett]
  - Clarify the error messages within the dbd tests. [Graham Leggett]

  To generate a diff of this commit:
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/apr-util/Makefile
  cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/apr-util/distinfo

(spz)

pullup #2840

(spz)

Pullup ticket 2840 - requested by tron
security update

Revisions pulled up:
- pkgsrc/www/squid/Makefile.squid 1.14
- pkgsrc/www/squid31/DESCR 1.2
- pkgsrc/www/squid31/Makefile 1.13
- pkgsrc/www/squid31/PLIST 1.3
- pkgsrc/www/squid31/distinfo 1.11
- pkgsrc/www/squid31/patches/patch-ad 1.5
- pkgsrc/www/squid31/patches/patch-ae 1.3

Files deleted:
pkgsrc/www/squid31/patches/patch-aa
pkgsrc/www/squid31/patches/patch-ab

  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Jul  7 18:25:13 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: Makefile distinfo
  pkgsrc/www/squid31/patches: patch-ae

  Log Message:
  Update "squid31" package to version 3.1.0.9. Changes since version 3.1.0.8:
  - Bug 2682: Add ftp_epsv control to disable EPSV support.
  - Bug 2665: Detach automake system from using -I.
  - Bug 2395: FTP auth errors not displayed
  - ... also several changes and bugs closed in 3.0.STABLE16
  - Port from 2.7: Show local address on listening sockets
  - Add "tag" type acl matching tags set by external acl helpers.
  - Adds Language alias linker/installer/upgrade scripts
  - Support for GCC 4.4
  - Fix false NAT lookup errors on Linux
  - Fix many Windows port issues
  - Fix squid_kerb_auth helepr install location
  - Better detection of IPv6 stack types
  - Updates Licensing information for Squid 3.1
  - ... and many packaging portability build and install issues

  To generate a diff of this commit:
  cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/squid31/Makefile
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/squid31/distinfo
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/squid31/patches/patch-ae

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Jul  8 15:02:01 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: Makefile

  Log Message:
  Fix destdir build.

  To generate a diff of this commit:
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/squid31/Makefile

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jul 12 09:45:02 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: Makefile distinfo
  Added Files:
  pkgsrc/www/squid31/patches: patch-aa

  Log Message:
  Add fix for Squid bug 2707 to make anonymous FTP work again.

  To generate a diff of this commit:
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/squid31/Makefile
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/squid31/distinfo
  cvs rdiff -u -r0 -r1.3 pkgsrc/www/squid31/patches/patch-aa

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jul 19 23:05:38 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: DESCR Makefile PLIST distinfo
  pkgsrc/www/squid31/patches: patch-aa patch-ad patch-ae

  Log Message:
  Update "squid31" package to version 3.1.0.11.
  Changes since version 3.1.0.9:
  - Bug 2087: Support adaptation sets and chains
  - Bug 2459: dns error message broken when error handling delayed
  - Support ICAP Retry
  - Support ICAP retries based on the ICAP responses status code
  - Support logging ICAP
  - Support logging total DNS wait time
  - Support logging response times of adaptation transactions
  - General logging enhancements
  - Dynamically form chains based on ICAP X-Next-Services header
  - Support cross-transactional ICAP header exchange
  - Bug 2680: Regression Crash after rotate with no helpers running
  - Bug 2695: Regression in WCCPv2 L2 mask assignment
  - Bug 2707: Regression in FTP anonymous auth
  - Bug 422, 2706: RFC 2616 Date header requirements
  - Bug 1087: ESI processor not quoting attributes correctly.
  - Bug 1338: File prefetches aborted despite range_offset
  - Bug 2080: wbinfo_group.pl - false positive under certain conditions
  - Bug 2092: select loop 32-bit call counter overflows
  - Bug 2127: delay pools class 4 crashes with ntlm auth
  - Bug 2611: document fast/slow acl types
  - Bug 2614: Potential loss of adapted body data from eCAP adapters
  - Bug 2658: Missing TextException copy constructor
  - Bug 2659: String length overflows on append, leading to segfaults
  - Bug 2699: Build failure NTLM smb_lm helper
  - Bug 2709: TRANSLATIONS not installed
  - Bug 2710: squid_kerb_auth non-terminated string
  - Delay pools 64-bit buckets and IPv6-polish
  - Break forwarding loops for "transparent" or "intercept" http_ports.
  - Add --disable-translation option to detatch .po from error negotiation
  - Add squidclient man(1) page
  - Add localhost to default permitted networks
  - http_port allow-direct option to allow direct forwarding in accelerator m=
  ode
  - ... and many testing infrastructure updates
  - ... and much adaptation polish and improvements

  To generate a diff of this commit:
  cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/www/squid31/DESCR
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/squid31/Makefile
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/squid31/PLIST
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/squid31/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/squid31/patches/patch-aa
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/squid31/patches/patch-ad
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/squid31/patches/patch-ae

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jul 19 23:28:04 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: distinfo
  pkgsrc/www/squid31/patches: patch-aa

  Log Message:
  Add Squid bug number.

  To generate a diff of this commit:
  cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/squid31/distinfo
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/squid31/patches/patch-aa

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Mon Jul 20 13:56:31 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: Makefile distinfo
  Added Files:
  pkgsrc/www/squid31/patches: patch-ab

  Log Message:
  Add fix for Squid bug 2395 which makes FTP connection to e.g.
  "ftp.fu-berlin.de" work again.

  To generate a diff of this commit:
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/squid31/Makefile
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/squid31/distinfo
  cvs rdiff -u -r0 -r1.3 pkgsrc/www/squid31/patches/patch-ab

  -----

  Module Name: pkgsrc
  Committed By: tron
  Date: Mon Jul 27 16:35:55 UTC 2009

  Modified Files:
  pkgsrc/www/squid31: Makefile distinfo
  Removed Files:
  pkgsrc/www/squid31/patches: patch-aa patch-ab

  Log Message:
  Update "squid31" package to version 3.1.0.12.
  Changes since version 3.1.0.11:
  - Bug 2716: Chunked request Signed/Unsigned build error
  - Bug 2674: Remove limit on HTTP headers read.
  - Bug 2620: Invalid HTTP response codes causes segfault
  - Fix FTP EPSV negotiation parser.
  - Fix Via string when leak checking is enabled (valgrind etc)
  - ... and several documentation and testing additions

  This update also fixes the security vulnerabilites reported in
  the SQUID-2009:2 advisory.

  To generate a diff of this commit:
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/squid31/Makefile
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/squid31/distinfo
  cvs rdiff -u -r1.6 -r0 pkgsrc/www/squid31/patches/patch-aa
  cvs rdiff -u -r1.3 -r0 pkgsrc/www/squid31/patches/patch-ab

  -----

  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Tue Jul  7 15:01:12 UTC 2009

  Modified Files:
          pkgsrc/www/squid: Makefile.squid

  Log Message:
  General improvements:
  1.) Allow individual "squid*" packages to register an extra target that
      is run before the common "post-install" target.
  2.) Use a much simpler logic to figure out what files get installed into
      "share/squid/errors" and "share/squid/icons".

  Tested with the "squid27" and the "squid31" package.

  To generate a diff of this commit:
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/www/squid/Makefile.squid

  -----

  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Tue Jul  7 15:21:37 UTC 2009

  Modified Files:
          pkgsrc/www/squid: Makefile.squid

  Log Message:
  Improve package list creation to work with symbolic links as well.

  To generate a diff of this commit:
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/squid/Makefile.squid

  -----

  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Tue Jul  7 18:44:28 UTC 2009

  Modified Files:
          pkgsrc/www/squid: Makefile.squid

  Log Message:
  Add mirror on "ftp.nluug.nl" to master site list.

  To generate a diff of this commit:
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/squid/Makefile.squid

  -----

  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Mon Jul 27 11:29:08 UTC 2009

  Modified Files:
          pkgsrc/www/squid: Makefile.squid

  Log Message:
  Make it DESTDIR careful.

  To generate a diff of this commit:
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/squid/Makefile.squid

(spz)

pullup #2844

(spz)

Pullup ticket 2844 - requested by reed
security update
last part of pullups for PR 41796

Revisions pulled up:
- pkgsrc/net/bind96/Makefile 1.7
- pkgsrc/net/bind96/PLIST 1.3
- pkgsrc/net/bind96/distinfo 1.4
- pkgsrc/net/bind96/options.mk 1.2
- pkgsrc/net/bind96/patches/patch-ab 1.2
- pkgsrc/net/bind96/patches/patch-ac 1.3
- pkgsrc/net/bind96/patches/patch-ad 1.2
- pkgsrc/net/bind96/patches/patch-ag 1.2
- pkgsrc/net/bind96/patches/patch-aj 1.1

  Module Name:    pkgsrc
  Committed By:  obache
  Date:          Fri Jul 24 12:30:00 UTC 2009

  Modified Files:
          pkgsrc/net/bind9: Makefile
          pkgsrc/net/bind95: Makefile
          pkgsrc/net/bind96: Makefile

  Log Message:
  Update HOMEPAGE url.

  To generate a diff of this commit:
  cvs rdiff -u -r1.107 -r1.108 pkgsrc/net/bind9/Makefile
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/Makefile
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/Makefile

  Module Name:    pkgsrc
  Committed By:  obache
  Date:          Sun Jul 26 09:07:58 UTC 2009

  Modified Files:
          pkgsrc/net/bind96: Makefile PLIST distinfo options.mk
          pkgsrc/net/bind96/patches: patch-ab patch-ac patch-ad patch-ag
  Removed Files:
          pkgsrc/net/bind96/patches: patch-aj

  Log Message:
  Update bind96 to 9.6.1.
  Based on PR 41772 by Robert Elz.

  Pkgsrc changes:
    o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
    o remove patch-aj, libbind has been removed from the BIND 9 distribution
      since 9.6.0.
    o add bind-dig-sigchase option. requested by PR 41751.

  Changes since 9.6.0:

          --- 9.6.1 released ---

  2607.  [bug]          named could incorrectly delete NSEC3 records for
                          empty nodes when processing a update request.
                          [RT #19749]

  2606.  [bug]          "delegation-only" was not being accepted in
                          delegation-only type zones. [RT #19717]

  2605.  [bug]          Accept DS responses from delegation only zones.
                          [RT # 19296]

  2603.  [port]          win32: handle .exe extension of named-checkzone and
                          named-comilezone argv[0] names under windows.
                          [RT #19767]

  2602.  [port]          win32: fix debugging command line build of libisccfg.
                          [RT #19767]

          --- 9.6.1rc1 released ---

  2599.  [bug]          Address rapid memory growth when validation fails.
                          [RT #19654]

  2597.  [bug]          Handle a validation failure with a insecure delegation
                          from a NSEC3 signed master/slave zone.  [RT #19464]

  2596.  [bug]          Stale tree nodes of cache/dynamic rbtdb could stay
                          long, leading to inefficient memory usage or rejecting
                          newer cache entries in the worst case. [RT #19563]

  2595.  [bug]          Fix unknown extended rcodes in dig. [RT #19625]

  2592.  [bug]          Treat "any" as a type in nsupdate. [RT #19455]

  2591.  [bug]          named could die when processing a update in
                          removed_orphaned_ds(). [RT #19507]

  2588.  [bug]          SO_REUSEADDR could be set unconditionally after failure
                          of bind(2) call.  This should be rare and mostly
                          harmless, but may cause interference with other
                          processes that happen to use the same port. [RT #19642]

  2586.  [bug]          Missing cleanup of SIG rdataset in searching a DLZ DB
                          or SDB. [RT #19577]

  2585.  [bug]          Uninitialized socket name could be referenced via a
                          statistics channel, triggering an assertion failure in
                          XML rendering. [RT #19427]

  2584.  [bug]          alpha: gcc optimization could break atomic operations.
                          [RT #19227]

  2583.  [port]          netbsd: provide a control to not add the compile
                          date to the version string, -DNO_VERSION_DATE.

  2582.  [bug]          Don't emit warning log message when we attempt to
                          remove non-existant journal. [RT #19516]

  2579.  [bug]          DNSSEC lookaside validation failed to handle unknown
                          algorithms. [RT #19479]

  2578.  [bug]          Changed default sig-signing-type to 65534, because
                          65535 turns out to be reserved.  [RT #19477]

  2499.  [port]          solaris: lib/lwres/getaddrinfo.c namespace clash.
                          [RT #18837]

          --- 9.6.1b1 released ---

  2577.  [doc]          Clarified some statistics counters. [RT #19454]

  2576.  [bug]          NSEC record were not being correctly signed when
                          a zone transitions from insecure to secure.
                          Handle such incorrectly signed zones. [RT #19114]

  2574.  [doc]          Document nsupdate -g and -o. [RT #19351]

  2573.  [bug]          Replacing a non-CNAME record with a CNAME record in a
                          single transaction in a signed zone failed. [RT #19397]

  2568.  [bug]          Report when the write to indicate a otherwise
                          successful start fails. [RT #19360]

  2567.  [bug]          dst__privstruct_writefile() could miss write errors.
                          write_public_key() could miss write errors.
                          dnssec-dsfromkey could miss write errors.
                          [RT #19360]

  2564.  [bug]          Only take EDNS fallback steps when processing timeouts.
                          [RT #19405]

  2563.  [bug]          Dig could leak a socket causing it to wait forever
                          to exit. [RT #19359]

  2562.  [doc]          ARM: miscellaneous improvements, reorganization,
                          and some new content.

  2561.  [doc]          Add isc-config.sh(1) man page. [RT #16378]

  2560.  [bug]          Add #include <config.h> to iptable.c. [RT #18258]

  2559.  [bug]          dnssec-dsfromkey could compute bad DS records when
                          reading from a K* files.  [RT #19357]

  2557.  [cleanup]      PCI compliance:
                          * new libisc log module file
                          * isc_dir_chroot() now also changes the working
                            directory to "/".
                          * additional INSISTs
                          * additional logging when files can't be removed.

  2556.  [port]          Solaris: mkdir(2) on tmpfs filesystems does not do the
                          error checks in the correct order resulting in the
                          wrong error code sometimes being returned. [RT #19249]

  2554.  [bug]          Validation of uppercase queries from NSEC3 zones could
                          fail. [RT #19297]

  2553.  [bug]          Reference leak on DNSSEC validation errors. [RT #19291]

  2552.  [bug]          zero-no-soa-ttl-cache was not being honoured.
                          [RT #19340]

  2551.  [bug]          Potential Reference leak on return. [RT #19341]

  2550.  [bug]          Check --with-openssl=<path> finds <openssl/opensslv.h>.
                          [RT #19343]

  2549.  [port]          linux: define NR_OPEN if not currently defined.
                          [RT #19344]

  2548.  [bug]          Install iterated_hash.h. [RT #19335]

  2547.  [bug]          openssl_link.c:mem_realloc() could reference an
                          out-of-range area of the source buffer.  New public
                          function isc_mem_reallocate() was introduced to address
                          this bug. [RT #19313]

  2545.  [doc]          ARM: Legal hostname checking (check-names) is
                          for SRV RDATA too. [RT #19304]

  2544.  [cleanup]      Removed unused structure members in adb.c. [RT #19225]

  2543.  [contrib]      Update contrib/zkt to version 0.98. [RT #19113]

  2542.  [doc]          Update the description of dig +adflag. [RT #19290]

  2541.  [bug]          Conditionally update dispatch manager statistics.
                          [RT #19247]

  2539.  [security]      Update the interaction between recursion, allow-query,
                          allow-query-cache and allow-recursion.  [RT #19198]

  2538.  [bug]          cache/ADB memory could grow over max-cache-size,
                          especially with threads and smaller max-cache-size
                          values. [RT #19240]

  2537.  [experimental]  Added more statistics counters including those on socket
                          I/O events and query RTT histograms. [RT #18802]

  2536.  [cleanup]      Silence some warnings when -Werror=format-security is
                          specified. [RT #19083]

  2535.  [bug]          dig +showsearh and +trace interacted badly. [RT #19091]

  2532.  [bug]          dig: check the question section of the response to
                          see if it matches the asked question. [RT #18495]

  2531.  [bug]          Change #2207 was incomplete. [RT #19098]

  2530.  [bug]          named failed to reject insecure to secure transitions
                          via UPDATE. [RT #19101]

  2529.  [cleanup]      Upgrade libtool to silence complaints from recent
                          version of autoconf. [RT #18657]

  2528.  [cleanup]      Silence spurious configure warning about
                          --datarootdir [RT #19096]

  2527.  [bug]          named could reuse cache on reload with
                          enabling/disabling validation. [RT #19119]

  2525.  [experimental]  New logging category "query-errors" to provide detailed
                          internal information about query failures, especially
                          about server failures. [RT #19027]

  2524.  [port]          sunos: dnssec-signzone needs strtoul(). [RT #19129]

  2523.  [bug]          Random type rdata freed by dns_nsec_typepresent().
                          [RT #19112]

  2522.  [security]      Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

  2521.  [bug]          Improve epoll cross compilation support. [RT #19047]

  2519.  [bug]          dig/host with -4 or -6 didn't work if more than two
                          nameserver addresses of the excluded address family
                          preceded in resolv.conf. [RT #19081]

  2517.  [bug]          dig +trace with -4 or -6 failed when it chose a
                          nameserver address of the excluded address.
                          [RT #18843]

  2516.  [bug]          glue sort for responses was performed even when not
                          needed. [RT #19039]

  2514.  [bug]          dig/host failed with -4 or -6 when resolv.conf contains
                          a nameserver of the excluded address family.
                          [RT #18848]

  2511.  [cleanup]      dns_rdata_tofmttext() add const to linebreak.
                          [RT #18885]

  2506.  [port]          solaris: Check at configure time if
                          hack_shutup_pthreadonceinit is needed. [RT #19037]

  2505.  [port]          Treat amd64 similarly to x86_64 when determining
                          atomic operation support. [RT #19031]

  2503.  [port]          linux: improve compatibility with Linux Standard
                          Base. [RT #18793]

  2502.  [cleanup]      isc_radix: Improve compliance with coding style,
                          document function in <isc/radix.h>. [RT #18534]

  To generate a diff of this commit:
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/Makefile
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/PLIST
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind96/distinfo
  cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/options.mk
  cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind96/patches/patch-ab \
      pkgsrc/net/bind96/patches/patch-ad pkgsrc/net/bind96/patches/patch-ag
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind96/patches/patch-ac
  cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/net/bind96/patches/patch-aj

  Module Name:    pkgsrc
  Committed By:  reed
  Date:          Wed Jul 29 00:03:38 UTC 2009

  Modified Files:
          pkgsrc/net/bind96: Makefile distinfo

  Log Message:
  Update to 9.6.1-P1.
  This is for PR pkg/41796: Security fix CVE-2009-0696

  To generate a diff of this commit:
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind96/Makefile
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind96/distinfo

  Module Name:    pkgsrc
  Committed By:  reed
  Date:          Wed Jul 29 00:16:33 UTC 2009

  Modified Files:
          pkgsrc/net/bind96: Makefile

  Log Message:
  Fix PKGNAME that I broke.

  To generate a diff of this commit:
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/bind96/Makefile

(spz)

Pullup ticket 2844 - requested by reed
security update
second part of pullups for PR 41796

Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.109
- pkgsrc/net/bind9/PLIST 1.44

  Module Name:    pkgsrc
  Committed By:  reed
  Date:          Tue Jul 28 20:39:45 UTC 2009

  Modified Files:
          pkgsrc/net/bind9: Makefile distinfo

  Log Message:
  Updated to 9.4.3-P3 for security issue:
  https://www.isc.org/node/474

  To generate a diff of this commit:
  cvs rdiff -u -r1.108 -r1.109 pkgsrc/net/bind9/Makefile
  cvs rdiff -u -r1.43 -r1.44 pkgsrc/net/bind9/distinfo

(spz)

Pullup ticket 2844 - requested by reed
security update
first part of pullups for PR 41796

Revisions pulled up:
- pkgsrc/net/bind95/Makefile 1.11
- pkgsrc/net/bind95/PLIST 1.9

  Module Name:    pkgsrc
  Committed By:  reed
  Date:          Wed Jul 29 00:24:04 UTC 2009

  Modified Files:
          pkgsrc/net/bind95: Makefile distinfo

  Log Message:
  Update to 9.5.1-P3.
  From CHANGES:
  2640.  [security]      A specially crafted update packet will cause named
                          to exit. [RT #20000]

  To generate a diff of this commit:
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind95/Makefile
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/bind95/distinfo

(spz)

where env PATH is being set for security reasons, have it include $PREFIX/bin
pointed out by "Peter C. Lai" <peter@simons-rock.edu>
fixes PR 41571

(spz)

as discussed with gendalia@:
- add a patch to use hw.physmem64 instead of hw.physmem
- change paths around so VARBASE gets a workout too
- a bit of package makeup (DESTDIR, LICENSE)

(spz)

pullup #2832

(spz)

Pullup ticket 2832 - requested by tron
security update

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.35
- pkgsrc/net/wireshark/PLIST 1.14
- pkgsrc/net/wireshark/distinfo 1.23
- pkgsrc/net/wireshark/patches/patch-aa 1.10
- pkgsrc/net/wireshark/patches/patch-ad 1.4

  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Jul 21 20:39:41 UTC 2009

  Modified Files:
  pkgsrc/net/wireshark: Makefile PLIST distinfo
  pkgsrc/net/wireshark/patches: patch-aa patch-ad

  Log Message:
  Update "wireshark" package to version 1.2.1. Changes since version 1.0.8:
  New features:
  - Wireshark has a spiffy new start page.
  - Display filters now autocomplete.
  - Support for the c-ares resolver library has been added. It has many
  - advantages over ADNS.
  - Many new protocol dissectors and capture file formats have been added.
  - Macintosh OS X support has been improved.
  - GeoIP database lookups.
  - OpenStreetMap + GeoIP integration.
  - Improved Postscript(R) print output.
  - The preference handling code is now much smarter about changes.
  - Support for Pcap-ng, the next-generation capture file format.
  - Support for process information correlation via IPFIX.
  - Column widths are now saved.
  - The last used configuration profile is now saved.
  - Protocol preferences are changeable from the packet details context menu.
  - Support for IP packet comparison.
  - Capinfos now shows the average packet rate.
  Security fixes:
  - The AFS dissector could crash.
  - The Infiniband dissector could crash on some platforms.

  To generate a diff of this commit:
  cvs rdiff -u -r1.34 -r1.35 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/wireshark/PLIST
  cvs rdiff -u -r1.22 -r1.23 pkgsrc/net/wireshark/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/wireshark/patches/patch-aa
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/patches/patch-ad

(spz)

pullup #2821

(spz)

Pullup ticket 2821 - requested by adrianp
security update

Revisions pulled up:
- pkgsrc/net/isc-dhclient/distinfo 1.4
- pkgsrc/net/isc-dhcp/Makefile.common 1.5
- pkgsrc/net/isc-dhcp/distinfo 1.4
- pkgsrc/net/isc-dhcpd/distinfo 1.4
- pkgsrc/net/isc-dhcrelay/distinfo 1.4

  Module Name: pkgsrc
  Committed By: adrianp
  Date: Thu Jul 16 18:29:49 UTC 2009

  Modified Files:
  pkgsrc/net/isc-dhclient: distinfo
  pkgsrc/net/isc-dhcp: Makefile.common distinfo
  pkgsrc/net/isc-dhcpd: distinfo
  pkgsrc/net/isc-dhcrelay: distinfo

  Log Message:
  Bump to p1
  * A stack overflow vulnerability was fixed in dhclient that could allow r=
  emote attackers to execute arbitrary commands as root on the system, or s=
  imply terminate the client, by providing an over-long subnet-mask option.

  To generate a diff of this commit:
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhclient/distinfo
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/isc-dhcp/Makefile.common
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhcp/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhcpd/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/isc-dhcrelay/distinfo

(spz)

pullup #2824

(spz)

Pullup ticket 2824 - requested by tron
security fix

Revisions pulled up:
- pkgsrc/databases/mysql5-server/Makefile 1.28
- pkgsrc/databases/mysql5-server/distinfo 1.22

Files added:
pkgsrc/databases/mysql5-server/patches/patch-ac 1.8

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jul 19 13:50:20 UTC 2009

  Modified Files:
  pkgsrc/databases/mysql5-server: Makefile distinfo
  Added Files:
  pkgsrc/databases/mysql5-server/patches: patch-ac

  Log Message:
  Add a patch for CVE-2009-2446 based on the description in the report.

  To generate a diff of this commit:
  cvs rdiff -u -r1.27 -r1.28 pkgsrc/databases/mysql5-server/Makefile
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/databases/mysql5-server/distinfo
  cvs rdiff -u -r0 -r1.8 pkgsrc/databases/mysql5-server/patches/patch-ac

(spz)

pullup #2823

(spz)

Pullup ticket 2823 - requested by tron
security fix

Revisions pulled up:
- pkgsrc/graphics/tiff/Makefile 1.88
- pkgsrc/graphics/tiff/distinfo 1.43

Files added:
pkgsrc/graphics/tiff/patches/patch-ca 1.1
pkgsrc/graphics/tiff/patches/patch-cb 1.1

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jul 19 11:45:09 UTC 2009

  Modified Files:
  pkgsrc/graphics/tiff: Makefile distinfo
  Added Files:
  pkgsrc/graphics/tiff/patches: patch-ca patch-cb

  Log Message:
  Apply fix for integer overflows in various inter-color space conversion
  tools taken from MapTools Bugzilla. This fixes CVE-2009-2347.

  To generate a diff of this commit:
  cvs rdiff -u -r1.87 -r1.88 pkgsrc/graphics/tiff/Makefile
  cvs rdiff -u -r1.42 -r1.43 pkgsrc/graphics/tiff/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-ca \
      pkgsrc/graphics/tiff/patches/patch-cb

(spz)

pullup #2805

(spz)

Pullup ticket 2805 - requested by tron
Build problem fix

Revisions pulled up:
- pkgsrc/mk/platform/Darwin.mk 1.39

  Module Name: pkgsrc
  Committed By: tron
  Date: Sat Jul 11 10:32:41 UTC 2009

  Modified Files:
  pkgsrc/mk/platform: Darwin.mk

  Log Message:
  Don't use "/bin/ksh" to run wrappe scripts under Mac OS X before Leopard.
  This should fix build problems reported by Christoph Egger.

  To generate a diff of this commit:
  cvs rdiff -u -r1.38 -r1.39 pkgsrc/mk/platform/Darwin.mk

(spz)

pullup #2812

(spz)

Pullup ticket 2812 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.47
- pkgsrc/www/apache22/distinfo 1.21

Files added:
pkgsrc/www/apache22/patches/patch-af
pkgsrc/www/apache22/patches/patch-ah

  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Jul 14 12:23:40 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-af patch-ah

  Log Message:
  Add patches from the Apache SVN repository to fix the security
  vulnerabilities reported in CVE-2009-1890 and CVE-2009-1891.

  To generate a diff of this commit:
  cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache22/patches/patch-af \
      pkgsrc/www/apache22/patches/patch-ah

(spz)

security update to version 3.8.4

(spz)

pullup #2796

(spz)

Pullup ticket 2796 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/www/firefox3/Makefile 1.33
- pkgsrc/www/firefox3/PLIST 1.9
- pkgsrc/www/firefox3/distinfo 1.25

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri Jun 12 10:08:28 UTC 2009

  Modified Files:
  pkgsrc/www/firefox3: Makefile PLIST distinfo

  Log Message:
  Update "firefox3" package to version 3.0.11. Changes since version 3.0.10:
  - Fixed several security issues:
    MFSA 2009-32 JavaScript chrome privilege escalation
    MFSA 2009-31 XUL scripts bypass content-policy checks
    MFSA 2009-30 Incorrect principal set for file: resources loaded via
                  location bar
    MFSA 2009-29 Arbitrary code execution using event listeners attached
                  to an element whose owner document is null
    MFSA 2009-28 Race condition while accessing the private data of a
                  NPObject JS wrapper class object
    MFSA 2009-27 SSL tampering via non-200 responses to proxy
                  CONNECT requests
    MFSA 2009-26 Arbitrary domain cookie access by local file: resources
    MFSA 2009-25 URL spoofing with invalid unicode characters
    MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
  - Fixed several stability issues.
  - Several issues were reported with the internal database, SQLite, which
    have now been fixed by upgrading to a newer version.
  - Fixed an issue where, in some specific cases, the bookmarks database
    would become corrupt. (bug 464486)

  To generate a diff of this commit:
  cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/firefox3/Makefile
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/firefox3/PLIST
  cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/firefox3/distinfo

(spz)

pullup #2795

(spz)

Pullup ticket 2795 - requested by tron
Compatibility update
Fixes PR 41550

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.46
- pkgsrc/www/apache22/distinfo 1.20
- pkgsrc/www/apache22/patches/patch-ba 1.2
- pkgsrc/www/apache22/patches/patch-bc 1.2
- pkgsrc/www/apache22/patches/patch-bd 1.2

Files deleted:
pkgsrc/www/apache22/patches/patch-bb

  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Jun 11 20:30:59 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  pkgsrc/www/apache22/patches: patch-ba patch-bc patch-bd
  Removed Files:
  pkgsrc/www/apache22/patches: patch-bb

  Log Message:
  Import improved version of the fix for CVE-2009-1195 to restore
  backwards compatibility with e.g. "mod_perl".

  To generate a diff of this commit:
  cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/apache22/patches/patch-ba \
      pkgsrc/www/apache22/patches/patch-bc pkgsrc/www/apache22/patches/patch-bd
  cvs rdiff -u -r1.1 -r0 pkgsrc/www/apache22/patches/patch-bb

(spz)

revert previous commit: apache22 was fixed to provide backwards compat
for its dependents, so the removed patches are no longer necessary.

(spz)

pullup #2790

(spz)

Pullup ticket 2790 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/audio/libsndfile/Makefile 1.52
- pkgsrc/audio/libsndfile/distinfo 1.29
- pkgsrc/audio/libsndfile/options.mk 1.7

Files added:
pkgsrc/audio/libsndfile/patches/patch-aa 1.15
pkgsrc/audio/libsndfile/patches/patch-ab 1.9
pkgsrc/audio/libsndfile/patches/patch-ac 1.11
pkgsrc/audio/libsndfile/patches/patch-ad 1.12
pkgsrc/audio/libsndfile/patches/patch-ae 1.7
pkgsrc/audio/libsndfile/patches/patch-af 1.7

  Module Name: pkgsrc
  Committed By: wiz
  Date: Sat May  2 17:24:15 UTC 2009

  Modified Files:
  pkgsrc/audio/libsndfile: options.mk

  Log Message:
  Add octave option, based on PR 41307 by Rumko.

  To generate a diff of this commit:
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/audio/libsndfile/options.mk

---------------------------------------------------------------------

  Module Name: pkgsrc
  Committed By: adam
  Date: Thu May 14 12:58:27 UTC 2009

  Modified Files:
  pkgsrc/audio/libsndfile: Makefile distinfo options.mk

  Log Message:
  Changes 1.0.20:
  * Fix potential heap overflow in VOC file parser.

  To generate a diff of this commit:
  cvs rdiff -u -r1.50 -r1.51 pkgsrc/audio/libsndfile/Makefile
  cvs rdiff -u -r1.27 -r1.28 pkgsrc/audio/libsndfile/distinfo
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/audio/libsndfile/options.mk

---------------------------------------------------------------------

  Module Name: pkgsrc
  Committed By: tron
  Date: Mon Jun  8 09:30:17 UTC 2009

  Modified Files:
  pkgsrc/audio/libsndfile: Makefile distinfo
  Added Files:
  pkgsrc/audio/libsndfile/patches: patch-aa patch-ab patch-ac patch-ad
      patch-ae patch-af

  Log Message:
  Add upstream patch (taken from Debian bug report) to fix crashes
  caused by bad audio files.

  To generate a diff of this commit:
  cvs rdiff -u -r1.51 -r1.52 pkgsrc/audio/libsndfile/Makefile
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/audio/libsndfile/distinfo
  cvs rdiff -u -r0 -r1.15 pkgsrc/audio/libsndfile/patches/patch-aa
  cvs rdiff -u -r0 -r1.9 pkgsrc/audio/libsndfile/patches/patch-ab
  cvs rdiff -u -r0 -r1.11 pkgsrc/audio/libsndfile/patches/patch-ac
  cvs rdiff -u -r0 -r1.12 pkgsrc/audio/libsndfile/patches/patch-ad
  cvs rdiff -u -r0 -r1.7 pkgsrc/audio/libsndfile/patches/patch-ae \
      pkgsrc/audio/libsndfile/patches/patch-af

(spz)

pullup #2791

(spz)

Pullup ticket 2791 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/devel/apr-util/Makefile 1.10
- pkgsrc/devel/apr-util/distinfo 1.6

  Module Name: pkgsrc
  Committed By: tron
  Date: Mon Jun  8 13:19:20 UTC 2009

  Modified Files:
  pkgsrc/devel/apr-util: Makefile distinfo

  Log Message:
  Update "apr-util" package to version 1.3.7. Changes since version 1.3.4:
  - SECURITY:
    Fix a denial of service attack against the apr_xml_* interface
    using the "billion laughs" entity expansion technique.
  - SECURITY: CVE-2009-0023 (cve.mitre.org)
    Fix underflow in apr_strmatch_precompile.
  - Minor build and bug fixes.
  - SECURITY: CVE-2009-0023 (cve.mitre.org)
    Fix underflow in apr_strmatch_precompile.
  - Fix off by one overflow in apr_brigade_vprintf.
  - APR_LDAP_SIZELIMIT should prefer LDAP_DEFAULT_LIMIT/-1 when the
    SDK supports it, but in the absence of LDAP_DEFAULT_LIMIT (and
    LDAP_NO_LIMIT/0) it is not safe to use a literal -1.
    Bug 23356
  - Clean up ODBC types. Warnings seen when compiling packages for
    Fedora 11.
  - Use of my_init() requires my_global.h and my_sys.h.
  - Fix apr_memcache_multgetp memory corruption and incorrect error
    handling. Bug 46588
  - Fix memcache memory leak with persistent connections.
    Bug 46482
  - Add Oracle 11 support.
  - apr_dbd_freetds: Avoid segfault when process is NULL.
    Do no print diagnostics to stderr. Never allow driver to exit
    process.
  - apr_dbd_freetds: The sybdb.h header file might be freetds/sybdb.h
    or sybdb.h.
  - LDAP detection improvements: --with-ldap now supports library names
    containing non-alphanumeric characters, such as libldap-2.4.so.  New
    option --with-lber can be used to override the default liblber name.
    Fix a problem reporting the lber library from apu-N-config.
  - Suppress pgsql column-out-of-range warning.
  - Fix a buffer overrun and password matching for SHA passwords.
  - Introduce DSO handling of the db, gdbm and ndbm drivers, so these are
    loaded as .so's on first demand, unless --disable-util-dso is configured.
  - Fix a segfault in the DBD testcase when the DBD modules were not present.

  To generate a diff of this commit:
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/apr-util/Makefile
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/devel/apr-util/distinfo

(spz)

The recent security patch to www/apache22 removed OPT_INCNOEXEC.
This in turn makes the build of ap2-perl with apache22 fail.
The patches committed here make ap2-perl build again.
They may not be sufficient to actually use the package in earnest, though.

(spz)

Pullup ticket 2788 second part - requested by wiz
Security update

Revisions pulled up:
- pkgsrc/graphics/png/Makefile 1.114
- pkgsrc/graphics/png/distinfo 1.58

  Module Name: pkgsrc
  Committed By: wiz
  Date: Sat Jun  6 20:56:16 UTC 2009

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Update to 1.2.37:

  version 1.2.37beta01 [May 14, 2009]
    Fixed inconsistency in pngrutil.c, introduced in libpng-1.2.36.  The
      memset() was using "png_ptr->rowbytes" instead of "row_bytes", which
      the corresponding png_malloc() uses (Joe Drew).
    Clarified usage of sig_bit versus sig_bit_p in example.c (Vincent Torri)
    Updated some of the makefiles in the scripts directory (merged with
      those in libpng-1.4.0beta57).

  version 1.2.37beta02 [May 19, 2009]
    Fixed typo in libpng documentation (FILTER_AVE should be FILTER_AVG)
    Relocated misplaced #endif in pngwrite.c, sCAL chunk handler.
    Conditionally compile png_read_finish_row() which is not used by
      progressive readers.
    Added contrib/pngminim/preader to demonstrate building minimal progressive
      decoder, based on contrib/gregbook with embedded libpng and zlib.

  version 1.2.37beta03 [May 20, 2009]
    In contrib/pngminim/*, renamed "makefile.std" to "makefile", since there
      is only one makefile in those directories, and revised the README files
      accordingly.
    Reformated sources in libpng style (3-space indentation, comment format)

  version 1.2.37rc01 [May 27, 2009]
    No changes.

  versions 1.2.37 and 1.0.45 [June 4, 2009]
    Reformatted several remaining "else statement;" and "if () statment;" into
      two lines.
    Added "#define PNG_NO_WRITE_SWAP" to contrib/pngminim/encoder/pngusr.h
      and "define PNG_NO_READ_SWAP" to decoder/pngusr.h and preader/pngusr.h
    Added sections about the git repository and our coding style to the
      documentation (merged from libpng-1.4.0beta62)
    Added a section about using png_get_io_ptr() in configure scripts to detect
      the presence of libpng.

  To generate a diff of this commit:
  cvs rdiff -u -r1.113 -r1.114 pkgsrc/graphics/png/Makefile
  cvs rdiff -u -r1.57 -r1.58 pkgsrc/graphics/png/distinfo

(spz)

pullup 2788

(spz)

Pullup ticket 2788 - requested by wiz
Security update

Revisions pulled up:
- pkgsrc/graphics/png/Makefile 1.113
- pkgsrc/graphics/png/distinfo 1.57
- pkgsrc/graphics/png/patches/patch-ae 1.9

  Module Name: pkgsrc
  Committed By: wiz
  Date: Wed May 13 09:56:05 UTC 2009

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo
  pkgsrc/graphics/png/patches: patch-ae

  Log Message:
  Update to 1.2.36:

  version 1.2.36beta01 [February 28, 2009]
    Revised comments in png_set_read_fn() and png_set_write_fn().
    Revised order of #ifdef's and indentation in png_debug definitions of png.h
      bug introduced in libpng-1.2.34.

  version 1.2.36beta02 [March 21, 2009]
    Use png_memset() after png_malloc() of big_row_buf when reading an
      interlaced file, to avoid a possible UMR.
    Undid recent revision of PNG_NO_STDIO version of png_write_flush().  Users
      having trouble with fflush() can build with PNG_NO_WRITE_FLUSH defined.
    Revised libpng*.txt documentation about use of png_write_flush().
    Removed fflush() from pngtest.c.
    Added "#define PNG_NO_WRITE_FLUSH" to contrib/pngminim/encoder/pngusr.h

  version 1.2.36beta03 [March 27, 2009]
    Relocated misplaced PNG_1_0_X define in png.h that caused the prototype
      for png_set_strip_error_numbers() to be omitted from PNG_NO_ASSEMBLER_CODE
      builds.  This bug was introduced in libpng-1.2.15beta4.
    Added a section on differences between 1.0.x and 1.2.x to libpng.3/libpng.txt

  version 1.2.36beta04 [April 5, 2009]
    Fixed potential memory leak of "new_name" in png_write_iCCP() (Ralph Giles)

  version 1.2.36beta05 [April 24, 2009]
    Added "ifndef PNG_SKIP_SETJMP_CHECK" block in pngconf.h to allow
      application code writers to bypass the check for multiple inclusion
      of setjmp.h when they know that it is safe to ignore the situation.
    Made some cosmetic changes to whitespace in pngtest output.
    Renamed "user_chunk_data" to "my_user_chunk_data" in pngtest.c to suppress
      "shadowed declaration" warning from gcc-4.3.3.
    Renamed "gamma" to "png_gamma" in pngset.c to avoid "shadowed declaration"
      warning about a global "gamma" variable in math.h on some platforms.

  version 1.2.36rc01 [April 30, 2009]
    No changes.

  version 1.0.44 and 1.2.36 [May 7, 2009]
    No changes.

  To generate a diff of this commit:
  cvs rdiff -u -r1.112 -r1.113 pkgsrc/graphics/png/Makefile
  cvs rdiff -u -r1.56 -r1.57 pkgsrc/graphics/png/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/graphics/png/patches/patch-ae

(spz)

pullup #2786

(spz)

Pullup ticket 2786 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.45
- pkgsrc/www/apache22/distinfo 1.19

Files added:
- pkgsrc/www/apache22/patches/patch-ba 1.1
- pkgsrc/www/apache22/patches/patch-bb 1.1
- pkgsrc/www/apache22/patches/patch-bc 1.1
- pkgsrc/www/apache22/patches/patch-bd 1.1

  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Jun  4 08:51:52 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-ba patch-bb patch-bc patch-bd

  Log Message:
  Add patches from the Apache SVN repository to fix the security bypass
  vulnerability reported in CVE-2009-1195.

  To generate a diff of this commit:
  cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/www/apache22/patches/patch-ba \
      pkgsrc/www/apache22/patches/patch-bb pkgsrc/www/apache22/patches/patch-bc \
      pkgsrc/www/apache22/patches/patch-bd

(spz)

pullup #2780

(spz)

Pullup ticket 2780 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/devel/cscope/Makefile 1.50
- pkgsrc/devel/cscope/distinfo 1.19

Files deleted:
- pkgsrc/devel/cscope/patches/patch-ae
- pkgsrc/devel/cscope/patches/patch-af
- pkgsrc/devel/cscope/patches/patch-ag
- pkgsrc/devel/cscope/patches/patch-ah
- pkgsrc/devel/cscope/patches/patch-ai
- pkgsrc/devel/cscope/patches/patch-aj
- pkgsrc/devel/cscope/patches/patch-ak
- pkgsrc/devel/cscope/patches/patch-al
- pkgsrc/devel/cscope/patches/patch-am
- pkgsrc/devel/cscope/patches/patch-an
- pkgsrc/devel/cscope/patches/patch-ao
- pkgsrc/devel/cscope/patches/patch-ap

  Module Name: pkgsrc
  Committed By: tron
  Date: Sat May 23 09:04:02 UTC 2009

  Modified Files:
  pkgsrc/devel/cscope: Makefile distinfo
  Removed Files:
  pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah
      patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao
      patch-ap

  Log Message:
  Update "cscope" package to version 15.7a. This version fixes the
  security vulnerability reported in CVE-2009-0148.

  To generate a diff of this commit:
  cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile
  cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo
  cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae
  cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af
  cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \
      pkgsrc/devel/cscope/patches/patch-ai
  cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah
  cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj
  cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \
      pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap
  cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \
      pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao

(spz)

pullup #2779

(spz)

Pullup ticket 2779 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.32
- pkgsrc/net/wireshark/distinfo 1.21

  Module Name: pkgsrc
  Committed By: tron
  Date: Sat May 23 08:12:08 UTC 2009

  Modified Files:
  pkgsrc/net/wireshark: Makefile distinfo

  Log Message:
  Update "wireshare" package to version 1.0.8. Changes since version 1.0.7:
  - Bug Fixes:
    - The PCNFSD dissector could crash. (wnpa-sec-2009-03)
    - Lua integration could crash.
    - The SCCP dissector could crash when loading more than one file in
      a single session.
    - The NDMP dissector could crash if reassembly was enabled.
  - Updated Protocol Support:
    All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066

  To generate a diff of this commit:
  cvs rdiff -u -r1.31 -r1.32 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/wireshark/distinfo

(spz)

pullup #2778

(spz)

Pullup ticket 2778 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.43
- pkgsrc/www/apache22/distinfo 1.18
- pkgsrc/www/apache22/patches/patch-ab 1.10

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri May 22 09:46:06 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-ab

  Log Message:
  Add patch from the Apache SVN repository to fix the information leak
  in the "mod_proxy_ajp" module reported in CVE-2009-1191.

  To generate a diff of this commit:
  cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r0 -r1.10 pkgsrc/www/apache22/patches/patch-ab

(spz)

Pullup ticket 2778 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.43
- pkgsrc/www/apache22/distinfo 1.18
- pkgsrc/www/apache22/patches/patch-ab 1.10

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri May 22 09:46:06 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-ab

  Log Message:
  Add patch from the Apache SVN repository to fix the information leak
  in the "mod_proxy_ajp" module reported in CVE-2009-1191.

  To generate a diff of this commit:
  cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/apache22/Makefile
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/apache22/distinfo
  cvs rdiff -u -r0 -r1.10 pkgsrc/www/apache22/patches/patch-ab

(spz)

pullup 2756

(spz)

Pullup ticket 2756 - requested by tnn
Security fix

Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.80
- pkgsrc/security/gnutls/distinfo 1.54

  Module Name: pkgsrc
  Committed By: wiz
  Date: Mon Apr 20 13:11:57 UTC 2009

  Modified Files:
  pkgsrc/security/gnutls: Makefile distinfo

  Log Message:
  Update to 2.6.5. Update commented out LICENSE (needs two).

  * Version 2.6.5 (released 2009-04-11)

  ** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
  specify the client hello message record version. Used to overcome buggy
  TLS servers. Report by Martin von Gagern.

  ** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
  Libtasn1 0.3.4 or later is required.  This is to align with the
  upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.

  ** API and ABI modifications:
  No changes since last version.

  To generate a diff of this commit:
  cvs rdiff -u -r1.77 -r1.78 pkgsrc/security/gnutls/Makefile
  cvs rdiff -u -r1.52 -r1.53 pkgsrc/security/gnutls/distinfo

  Module Name: pkgsrc
  Committed By: zafer
  Date: Fri May  1 13:49:07 UTC 2009

  Modified Files:
  pkgsrc/security/gnutls: Makefile

  Log Message:
  replace non working mirrors with working ones.

  To generate a diff of this commit:
  cvs rdiff -u -r1.78 -r1.79 pkgsrc/security/gnutls/Makefile

  Module Name: pkgsrc
  Committed By: tnn
  Date: Sat May  2 20:04:33 UTC 2009

  Modified Files:
  pkgsrc/security/gnutls: Makefile distinfo

  Log Message:
  Update to gnutls-2.6.6.

  * Version 2.6.6 (released 2009-04-30)

  libgnutls: Corrected double free on signature verification failure.
    Reported by Miroslav Kratochvil.  See the advisory
    for more details.  [GNUTLS-SA-2009-1] [CVE-2009-1415]

  libgnutls: Fix DSA key generation.
    Noticed when investigating the previous GNUTLS-SA-2009-1 problem.  All
    DSA keys generated using GnuTLS 2.6.x are corrupt.  See the advisory
    for more details.  [GNUTLS-SA-2009-2] [CVE-2009-1416]

  To generate a diff of this commit:
  cvs rdiff -u -r1.79 -r1.80 pkgsrc/security/gnutls/Makefile
  cvs rdiff -u -r1.53 -r1.54 pkgsrc/security/gnutls/distinfo

(spz)

pullup tickets 2755 and 2758

(spz)

Pullup ticket 2755 and 2758 - requested by tnn
Security fix

Revisions pulled up:
- pkgsrc/graphics/freetype2/Makefile 1.69
- pkgsrc/graphics/freetype2/distinfo 1.31
- pkgsrc/graphics/freetype2/patches/patch-aa 1.17
- pkgsrc/graphics/freetype2/patches/patch-ab 1.12
- pkgsrc/graphics/freetype2/patches/patch-ac 1.4
- pkgsrc/graphics/freetype2/patches/patch-ad 1.2

  Module Name:    pkgsrc
  Committed By:  drochner
  Date:          Thu Apr 16 20:26:26 UTC 2009

  Modified Files:
          pkgsrc/graphics/freetype2: Makefile distinfo
  Removed Files:
          pkgsrc/graphics/freetype2/patches: patch-aa

  Log Message:
  update to 2.3.9
  changes:
  -important bugfixes
  -improved CID support

  There was an ABI breakage between 2.3.7 and 2.3.8 which was reverted
  in 2.3.9. The public 'PS_FontInfoRec' structure was expanded and
  then shrunk. Applications compiled against 2.3.8 should work fine
  with 2.3.9. Applications compiled against the new 2.3.9 can
  theoretically exhibit problems if run against a 2.3.8 binary, if
  some PS_FontInfo stuff is used. See the freetype release notes
  for details. I didn't find any suspects for now. If one is found,
  it should be changed to require 2.3.9, and PKGREV bumped.

  To generate a diff of this commit:
  cvs rdiff -u -r1.67 -r1.68 pkgsrc/graphics/freetype2/Makefile
  cvs rdiff -u -r1.29 -r1.30 pkgsrc/graphics/freetype2/distinfo
  cvs rdiff -u -r1.15 -r0 pkgsrc/graphics/freetype2/patches/patch-aa

  Date: Sat, 2 May 2009 19:44:51 +0000
  From: Tobias Nygren <tnn@netbsd.org>
  To: pkgsrc-changes@NetBSD.org
  Subject: CVS commit: pkgsrc/graphics/freetype2

  Module Name: pkgsrc
  Committed By: tnn
  Date: Sat May  2 19:44:51 UTC 2009

  Modified Files:
  pkgsrc/graphics/freetype2: Makefile distinfo
  Added Files:
  pkgsrc/graphics/freetype2/patches: patch-aa patch-ab patch-ac
  patch-ad

  Log Message:
  patch-[a-d]: Upstream patches for CVE-2009-0946.
  Bump PKGREVISION.

  To generate a diff of this commit:
  cvs rdiff -u -r1.68 -r1.69 pkgsrc/graphics/freetype2/Makefile
  cvs rdiff -u -r1.30 -r1.31 pkgsrc/graphics/freetype2/distinfo
  cvs rdiff -u -r0 -r1.17 pkgsrc/graphics/freetype2/patches/patch-aa
  cvs rdiff -u -r0 -r1.12 pkgsrc/graphics/freetype2/patches/patch-ab
  cvs rdiff -u -r0 -r1.4 pkgsrc/graphics/freetype2/patches/patch-ac
  cvs rdiff -u -r0 -r1.2 pkgsrc/graphics/freetype2/patches/patch-ad

(spz)

Pullup ticket #2754

(spz)

Pullup ticket 2754 - requested by tron
Build fix for Solaris

Revisions pulled up:
- pkgsrc/net/libtorrent/Makefile 1.30
- pkgsrc/net/libtorrent/distinfo 1.22
- pkgsrc/net/libtorrent/patches/patch-aa 1.8
- pkgsrc/net/rtorrent/Makefile 1.30
- pkgsrc/net/rtorrent/distinfo 1.21
- pkgsrc/net/rtorrent/patches/patch-aa 1.7

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri Apr 10 09:06:21 UTC 2009

  Modified Files:
  pkgsrc/net/libtorrent: Makefile distinfo
  pkgsrc/net/rtorrent: Makefile distinfo
  Added Files:
  pkgsrc/net/libtorrent/patches: patch-aa
  pkgsrc/net/rtorrent/patches: patch-aa

  Log Message:
  Add two patches taken from "xnet.fi" to fix the build under SunOS 5.11
  (and eventually older versions). Problem reported by Tom Hensel in
  private e-mail.

  To generate a diff of this commit:
  cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/libtorrent/Makefile
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/libtorrent/distinfo
  cvs rdiff -u -r0 -r1.8 pkgsrc/net/libtorrent/patches/patch-aa
  cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/rtorrent/Makefile
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/rtorrent/distinfo
  cvs rdiff -u -r0 -r1.7 pkgsrc/net/rtorrent/patches/patch-aa

(spz)

pullup #2743

(spz)

Pullup ticket 2743 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/print/xpdf/Makefile 1.66
- pkgsrc/print/xpdf/distinfo 1.34

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri Apr 17 12:09:35 UTC 2009

  Modified Files:
  pkgsrc/print/xpdf: Makefile distinfo

  Log Message:
  Update "xpdf" package to version 3.02pl3. This update fixes the
  security vulnerabilities reported in CVE-2009-0146, CVE-2009-0147,
  CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
  CVE-2009-1180, CVE-2009-1181, CVE-2009-1182 and CVE-2009-1183.

  To generate a diff of this commit:
  cvs rdiff -u -r1.65 -r1.66 pkgsrc/print/xpdf/Makefile
  cvs rdiff -u -r1.33 -r1.34 pkgsrc/print/xpdf/distinfo

(spz)

pullup #2741

(spz)

Pullup ticket 2741 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.79
- pkgsrc/databases/phpmyadmin/distinfo 1.41

  Module Name: pkgsrc
  Committed By: tron
  Date: Fri Apr 17 09:40:13 UTC 2009

  Modified Files:
  pkgsrc/databases/phpmyadmin: Makefile distinfo

  Log Message:
  Update "phpmyadmin" package to version 2.11.9.5. This fixes the remote
  code execution vulnerability reported in PMASA-2009-3 / CVE-2009-1151.

  To generate a diff of this commit:
  cvs rdiff -u -r1.78 -r1.79 pkgsrc/databases/phpmyadmin/Makefile
  cvs rdiff -u -r1.40 -r1.41 pkgsrc/databases/phpmyadmin/distinfo

(spz)

pullup #2738

(spz)

Pullup ticket 2738 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/graphics/ghostscript/Makefile 1.61
- pkgsrc/graphics/ghostscript/distinfo 1.23
- pkgsrc/graphics/ghostscript/patches/patch-aa 1.4

  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Apr 14 19:32:54 UTC 2009

  Modified Files:
  pkgsrc/print/ghostscript: Makefile distinfo
  Added Files:
  pkgsrc/print/ghostscript/patches: patch-aa

  Log Message:
  Add patch for the security vulnerability reported in CVE-2009-0196
  taken from Redhat's Bugzilla.

  To generate a diff of this commit:
  cvs rdiff -u -r1.60 -r1.61 pkgsrc/print/ghostscript/Makefile
  cvs rdiff -u -r1.22 -r1.23 pkgsrc/print/ghostscript/distinfo
  cvs rdiff -u -r0 -r1.4 pkgsrc/print/ghostscript/patches/patch-aa

(spz)

Pullup #2737

(spz)

Pullup ticket 2737 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/graphics/lcms/Makefile 1.29
- pkgsrc/graphics/lcms/distinfo 1.20
- pkgsrc/graphics/lcms/patches/patch-aa 1.10

  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Apr 14 18:54:38 UTC 2009

  Modified Files:
  pkgsrc/graphics/lcms: Makefile distinfo
  Added Files:
  pkgsrc/graphics/lcms/patches: patch-aa

  Log Message:
  Add patch for the security vulnerability reported in SA34634/CVE-2009-0793
  taken from Redhat's Bugzilla.

  To generate a diff of this commit:
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/graphics/lcms/Makefile
  cvs rdiff -u -r1.19 -r1.20 pkgsrc/graphics/lcms/distinfo
  cvs rdiff -u -r0 -r1.10 pkgsrc/graphics/lcms/patches/patch-aa

(spz)

Update to version 2.0.4 of the package
fixes PR pkg/41118
adds a LICENSE setting

(spz)

Pullup ticket #2732.

(spz)

Pullup ticket 2732 - requested by joerg
Bug fix

Revisions pulled up:
- pkgsrc/pkgtools/pkg_install/files/add/perform.c 1.85
- pkgsrc/pkgtools/pkg_install/files/lib/version.h 1.121

  Module Name: pkgsrc
  Committed By: joerg
  Date: Mon Apr  6 14:34:15 UTC 2009

  Modified Files:
  pkgsrc/pkgtools/pkg_install/files/add: perform.c
  pkgsrc/pkgtools/pkg_install/files/lib: version.h

  Log Message:
  pkg_install-20090406:
  Remove premature return that broke dependency tracking for pkg_add -u.
  Fixes PR 41143.

  To generate a diff of this commit:
  cvs rdiff -u -r1.84 -r1.85 pkgsrc/pkgtools/pkg_install/files/add/perform.c
  cvs rdiff -u -r1.120 -r1.121 pkgsrc/pkgtools/pkg_install/files/lib/version.h

(spz)

Pullup ticket #2731.

(spz)

Pullup ticket 2731 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.30
- pkgsrc/net/wireshark/distinfo 1.20

  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Fri Apr 10 07:21:29 UTC 2009

  Modified Files:
          pkgsrc/net/wireshark: Makefile distinfo

  Log Message:
  Update "wireshark" package to version 1.0.7. Changes since version 1.0.6:
  - Security-related bugs in the Profinet, LDAP, and CPHAP dissectors and
    the Tektronix K12 file format have been fixed.
  - Many other bugs have been fixed.

  To generate a diff of this commit:
  cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/wireshark/distinfo

(spz)

fix the asplain patch: since the routing registries currently won't find
asplained autnums, make asdot the default, but prepare for them switching
by asking the asplained format before giving up, independently of any
command line settings. Bump pkgrev, too.

(spz)

noted news/inn update

(spz)

update to the next minor version of INN; now also uses ln in postinstall
instead of install -l. Plus, fix a nit in the startup script.

(spz)

oops, the two new patches escaped commit last time

(spz)

rpslcheck and RtConfig bring their own parsers for autnums (and treat them as
int), fix for extended autnum asdot format.

(spz)

add the patch for the -no_default_afi option to RtConfig
by David Croft <david@sargasso.net>

(spz)

switch from previous DESTDIRifying src/Makefile.in patch to a prettier one
by Kaj Niemi <kajtzu@basen.net> (bump pkgrev etc)

(spz)

bump pkgrev too for adding patches for new option -asplain

(spz)

add new option -asplain that makes extended autnums be output as simple numbers
instead of in asdot format.

(spz)

Pullup ticket #2644

(spz)

Pullup ticket 2644 - requested by mlelstv
fixes dnssec resolver checks

Revisions pulled up:
- pkgsrc/net/bind95/Makefile 1.6
- pkgsrc/net/bind95/distinfo 1.5
- pkgsrc/net/bind95/PLIST by patch

  Module Name:    pkgsrc
  Committed By:  adrianp
  Date:          Thu Jan  8 09:02:50 UTC 2009

  Modified Files:
          pkgsrc/net/bind95: Makefile distinfo

  Log Message:
  Changes since 9.5.1:

  2522.  [security]      Handle -1 from DSA_do_verify().

  To generate a diff of this commit:
  cvs rdiff -r1.5 -r1.6 pkgsrc/net/bind95/Makefile
  cvs rdiff -r1.4 -r1.5 pkgsrc/net/bind95/distinfo

(spz)

make package DESTDIR'able

(spz)

make package somewhat cleaner (includes some PLIST cleanup)

(spz)

add a description for the uucp option used eg in news/inn. Since other
packages may also want to optionally add uucp support, don't use inn-uucp.

(spz)

add a line for the recently added bind-xml-statistics-server option for the
net/bind95 package

(spz)

added missing entries for news/inn teeny version updates

(spz)

added missing entry for upgrade of net/irrtoolset-nox11

(spz)

the irrtoolset package was updated from 4.8.4 to 4.8.5 in May 2007

(spz)

add options framework, and optionalize (default off) the building of the
xml statistics server (+bump pkgrev)

(spz)

cleaned up PLIST, fiddled with directory creation some more

(spz)

update to next tiny version

(spz)

make inn start successfully on a previously clean box

(spz)

when installing to variable locations, make it so we actually vary where we
expect that which we installed (ie, fix PLIST)
also make sure that our installation destination is under PREFIX
fixes PR 39165

(spz)

pullup ticket #2502

(spz)

Pullup ticket 2502 - requested by is
fix PR 34723

Revisions pulled up:
- pkgsrc/www/links/Makefile by patch provided
- pkgsrc/www/links/distinfo by patch provided
- pkgsrc/www/links-gui/Makefile by patch provided
- pkgsrc/www/links/patches/patch-aa by patch provided

  Module Name: pkgsrc
  Committed By: is
  Date: Wed Aug 20 09:26:45 UTC 2008

  Modified Files:
  pkgsrc/www/links: Makefile distinfo
  pkgsrc/www/links-gui: Makefile
  pkgsrc/www/links/patches: patch-aa

  Log Message:
  Patch no longer needed, besides failing for some boundary conditions.
  Feature request/code had been submitted upstream "back then", and
  apparently a different solution has been implemented upstream in the
  meantime, but our package was upgraded without removing our patch.

  To generate a diff of this commit:
  cvs rdiff -r1.54 -r1.55 pkgsrc/www/links/Makefile
  cvs rdiff -r1.49 -r1.50 pkgsrc/www/links/distinfo
  cvs rdiff -r1.56 -r1.57 pkgsrc/www/links-gui/Makefile
  cvs rdiff -r1.3 -r1.4 pkgsrc/www/links/patches/patch-aa

(spz)

pullup ticket 2476 and fix number for 2482

(spz)

Pullup ticket 2476 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/www/apache22/Makefile 1.28
- pkgsrc/www/apache22/distinfo 1.12
- pkgsrc/www/apache22/patches/patch-ab 1.8

  Module Name: pkgsrc
  Committed By: tron
  Date: Sat Aug  9 22:16:44 UTC 2008

  Modified Files:
  pkgsrc/www/apache22: Makefile distinfo
  Added Files:
  pkgsrc/www/apache22/patches: patch-ab

  Log Message:
  Add patch from Apache SVN repository to avoid cross-site scripting attacks
  in the FTP proxy module. This fixes the security vulnerability reported
  in CVE-2008-2939.

  To generate a diff of this commit:
  cvs rdiff -r1.27 -r1.28 pkgsrc/www/apache22/Makefile
  cvs rdiff -r1.11 -r1.12 pkgsrc/www/apache22/distinfo
  cvs rdiff -r0 -r1.8 pkgsrc/www/apache22/patches/patch-ab

(spz)

fix for IOS address-family syntax
suggested by Daryl Collins <daryl@internode.com.au> (but revamped and expanded)

(spz)

distinfo knew a patch-aj with different timestamps, fix

(spz)

- bump inn version to 2.4.4
- major change of directory structure
- two new options (uucp and perl now both optional)
- change of maintainer

(spz)

Pullup ticket 2428 - requested by tron
Security fix

Revisions pulled up:
- pkgsrc/misc/openoffice2-bin/Makefile 1.36
- pkgsrc/misc/openoffice2-bin/distinfo 1.15

  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jun 15 12:22:52 UTC 2008

  Modified Files:
  pkgsrc/misc/openoffice2-bin: Makefile distinfo

  Log Message:
  Update "openoffice2-bin" package to version 2.4.1.
  This version fixes various bugs including the security vulnerability
  reported in CVE-2008-2152.

  To generate a diff of this commit:
  cvs rdiff -r1.35 -r1.36 pkgsrc/misc/openoffice2-bin/Makefile
  cvs rdiff -r1.14 -r1.15 pkgsrc/misc/openoffice2-bin/distinfo

(spz)

Pullup ticket 2427 - requested by hira
Security fix (fixes CVE-2008-2152)

Revisions pulled up:
- pkgsrc/misc/openoffice2/Makefile 1.47
- pkgsrc/misc/openoffice2/distinfo 1.40

  Module Name: pkgsrc
  Committed By: hira
  Date: Fri Jun 13 11:20:15 UTC 2008

  Modified Files:
  pkgsrc/misc/openoffice2: Makefile distinfo

  Log Message:
  Update to 2.4.1.  This release fixes CVE-2008-2152.

  Release Notes:
    http://development.openoffice.org/releases/2.4.1.html

  To generate a diff of this commit:
  cvs rdiff -r1.46 -r1.47 pkgsrc/misc/openoffice2/Makefile
  cvs rdiff -r1.39 -r1.40 pkgsrc/misc/openoffice2/distinfo

(spz)

ticket #2401

(spz)

Pullup ticket 2401 - requested by tonnerre
fix security problem in aterm

Revisions pulled up:
- pkgsrc/x11/aterm/patches/patch-aa 1.5
- pkgsrc/x11/aterm/distinfo 1.13
- pkgsrc/x11/aterm/Makefile 1.35

  Module Name: pkgsrc
  Committed By: tonnerre
  Date: Tue May 27 21:46:53 UTC 2008

  Modified Files:
  pkgsrc/x11/aterm: Makefile distinfo
  pkgsrc/x11/aterm/patches: patch-aa

  Log Message:
  Don't make any assumptions about default displays in aterm.
  Fixes CVE-2008-1142.

  To generate a diff of this commit:
  cvs rdiff -r1.34 -r1.35 pkgsrc/x11/aterm/Makefile
  cvs rdiff -r1.12 -r1.13 pkgsrc/x11/aterm/distinfo
  cvs rdiff -r1.4 -r1.5 pkgsrc/x11/aterm/patches/patch-aa

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

(spz)

ticket 2402

(spz)

Pullup ticket 2402 - requested by tonnerre
fix build problem on MacOS X

Revisions pulled up:
- pkgsrc/print/teTeX3-bin/patches/patch-at 1.3
- pkgsrc/print/teTeX3-bin/distinfo 1.10

  Module Name: pkgsrc
  Committed By: tonnerre
  Date: Sun May 25 17:10:29 UTC 2008

  Modified Files:
  pkgsrc/print/teTeX3-bin: distinfo
  pkgsrc/print/teTeX3-bin/patches: patch-at

  Log Message:
  Fix build of teTeX3-bin on MacOS X as described in PR 38635. Patch
  tested by me and Matthias Kretschmer.

  PKGREVISION not bumped because there is no change at all to the content.

  To generate a diff of this commit:
  cvs rdiff -r1.9 -r1.10 pkgsrc/print/teTeX3-bin/distinfo
  cvs rdiff -r1.2 -r1.3 pkgsrc/print/teTeX3-bin/patches/patch-at

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

(spz)

ticket #2405

(spz)

Pullup ticket 2405 - requested by mishka
fix build problem on NetBSD-current

Revisions pulled up:
- pkgsrc/lang/perl5/patches/patch-ae 1.11
- pkgsrc/lang/perl5/distinfo 1.47

  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Mon Apr 28 22:24:22 UTC 2008

  Modified Files:
          pkgsrc/lang/perl5: distinfo
          pkgsrc/lang/perl5/patches: patch-ae

  Log Message:
  Add missing single quote. Fixes build on -current.

  To generate a diff of this commit:
  cvs rdiff -r1.46 -r1.47 pkgsrc/lang/perl5/distinfo
  cvs rdiff -r1.10 -r1.11 pkgsrc/lang/perl5/patches/patch-ae

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

(spz)

ticket #2371

(spz)

Pullup ticket 2371 - requested by tonnerre
security fix for mplayer and gmplayer

Revisions pulled up:
- pkgsrc/multimedia/mplayer-share/distinfo 1.50
- pkgsrc/multimedia/mplayer-share/patches/patch-al 1.3
- pkgsrc/multimedia/mplayer/Makefile 1.59
- pkgsrc/multimedia/gmplayer/Makefile 1.70
- pkgsrc/multimedia/gmplayer/distinfo 1.56

  Module Name: pkgsrc
  Committed By: tonnerre
  Date: Sun May 11 03:46:24 UTC 2008

  Modified Files:
  pkgsrc/multimedia/mplayer: Makefile
  pkgsrc/multimedia/mplayer-share: distinfo
  Added Files:
  pkgsrc/multimedia/mplayer-share/patches: patch-al

  Log Message:
  Add a patch for CVE-2008-1558 to mplayer. This fixes a buffer overflow
  in the RealRTSP SDP code which can be exploited to execute arbitrary
  code remotely.

  To generate a diff of this commit:
  cvs rdiff -r1.58 -r1.59 pkgsrc/multimedia/mplayer/Makefile
  cvs rdiff -r1.49 -r1.50 pkgsrc/multimedia/mplayer-share/distinfo
  cvs rdiff -r0 -r1.3 pkgsrc/multimedia/mplayer-share/patches/patch-al

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

---

  Module Name:    pkgsrc
  Committed By:  tonnerre
  Date:          Mon May 19 20:55:51 UTC 2008

  Modified Files:
          pkgsrc/multimedia/gmplayer: Makefile distinfo

  Log Message:
  Add patches for CVE-2008-1558 for gmplayer

  To generate a diff of this commit:
  cvs rdiff -r1.69 -r1.70 pkgsrc/multimedia/gmplayer/Makefile
  cvs rdiff -r1.55 -r1.56 pkgsrc/multimedia/gmplayer/distinfo

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

(spz)

pullup tickets #2388 and #2389

(spz)

Pullup ticket 2389 - requested by tron
security update for tk

Revisions pulled up:
- pkgsrc/x11/tk/Makefile.version 1.8
- pkgsrc/x11/tk/PLIST 1.10
- pkgsrc/x11/tk/distinfo 1.32

  Module Name: pkgsrc
  Committed By: bjs
  Date: Mon Apr  7 15:14:10 UTC 2008

  Modified Files:
  pkgsrc/x11/tk: Makefile.version PLIST distinfo

  Log Message:
  Update to version 8.4.18.  Way too many changes to list here--please
  see ChangeLog.  Insofar as I can tell, all of the changes are bug fixes
  (and some backports from HEAD for Darwin).

  To generate a diff of this commit:
  cvs rdiff -r1.7 -r1.8 pkgsrc/x11/tk/Makefile.version
  cvs rdiff -r1.9 -r1.10 pkgsrc/x11/tk/PLIST
  cvs rdiff -r1.31 -r1.32 pkgsrc/x11/tk/distinfo

(spz)

Pullup ticket 2388 - requested by tron
security update for tcl

Revisions pulled up:
- pkgsrc/lang/tcl/Makefile.version 1.8
- pkgsrc/lang/tcl/distinfo 1.42

  Module Name: pkgsrc
  Committed By: bjs
  Date: Mon Apr  7 15:16:40 UTC 2008

  Modified Files:
  pkgsrc/lang/tcl: Makefile.version distinfo

  Log Message:
  Update to version 8.4.18.  Distilled list of non-Windows changes:

  * generic/tclInterp.c (Tcl_GetAlias): fix for [Bug 1882373]

  * generic/regguts.h, generic/regc_color.c, generic/regc_nfa.c:
  Fixes for problems created when processing regular expressions that
  generate very large automata. An enormous number of thanks to Will
  Drewry <wad@google.com>, Tavis Ormandy <taviso@google.com>, and Tom
  Lane <tgl@sss.pgh.pa.us> from the Postgresql crowd for their help in
  tracking these problems down. [Bug 1810264]

  * unix/tclUnixCompat.c (TclpGetHostByName): Really applied
  the change noted on 2007-11-13 by dkf below.

  * generic/tclIOUtil.c (TclGetOpenMode): Only set the O_APPEND flag
  * tests/ioUtil.test (ioUtil-4.1): on a channel for the 'a'
  mode and not for 'a+'. [Bug 1773127] (backport from HEAD)

  * generic/tclCmdIL.c (Tcl_LsearchObjCmd): Prevent shimmering crash
  when -exact and -integer/-real are mixed. [Bug 1844789]

  * generic/tclThread.c: Back-port locking changes from Tcl8.5
  in Tcl_Mutex/ConditionFinlize. Now we properly master-lock
  the finalization of sync primitives.

  * generic/regc_nfa.c: Fixed infinite loop in the regexp compiler
  * generic/regcomp.c: [Bug 1810038].  Corrected looping logic in
  * tests/regexp.test: fixempties() to avoid wasting time walking a
  list of dead states [Bug 1832612].  Convert optst() from expensive
  no-op to a cheap no-op.  Improve newline usage in debug output.

  * unix/tclUnixCompat.c (TclpGetHostByName): The six-argument form of
  getaddressbyname_r() uses the fifth argument to indicate whether the
  lookup succeeded or not on at least one platform. [Bug 1618235]

  * generic/regc_lex.c (lexescape): Ensure that backreference numbers
  can't overflow a signed int in a way that breaks things. [Bug 1810264]

  * generic/tclParse.c (Tcl_ParseBraces): fix for possible read
  after the end of buffer, [Bug 1813528] (Joe Mistachkin).

  * generic/tclObj.c (Tcl_FindCommandFromObj): fix finding a deleted
  command; cannot trigger this from Tcl itself, but crash reported
  on xotcl. This check is new to 8.4 but exists in 8.5, so this is a
  backport or something. Thanks Gustaf Neumann.

  * generic/tcl.h (Tcl_DecrRefCount): Update change from 2006-05-29
  to make macro more warning-robust in unbraced if code.

  To generate a diff of this commit:
  cvs rdiff -r1.7 -r1.8 pkgsrc/lang/tcl/Makefile.version
  cvs rdiff -r1.41 -r1.42 pkgsrc/lang/tcl/distinfo

(spz)

pullup ticket #2387

(spz)

Pullup ticket 2387 - requested by tron
security update for net-snmp

Revisions pulled up:
- pkgsrc/net/net-snmp/Makefile 1.68
- pkgsrc/net/net-snmp/distinfo 1.43
- pkgsrc/net/net-snmp/patches/patch-ad 1.5

  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Sun May 18 11:59:54 UTC 2008

  Modified Files:
          pkgsrc/net/net-snmp: Makefile distinfo
  Added Files:
          pkgsrc/net/net-snmp/patches: patch-ad

  Log Message:
  Add patch from the Net-SNMP SVN repository to fix a buffer overflow in
  the Perl SNMP module reported in SA30187.

  To generate a diff of this commit:
  cvs rdiff -r1.67 -r1.68 pkgsrc/net/net-snmp/Makefile
  cvs rdiff -r1.42 -r1.43 pkgsrc/net/net-snmp/distinfo
  cvs rdiff -r0 -r1.5 pkgsrc/net/net-snmp/patches/patch-ad

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

(spz)

add lines for #2361 and #2363

(spz)

Pullup ticket 2363 - requested by tron
security update for rsync

Applied patches supplied by tron for:
- pkgsrc/net/rsync/Makefile
- pkgsrc/net/rsync/distfile

Head uses a different version that is not affected by the vulnerability
fixed here.

(spz)

Pullup ticket 2361 - requested by markd
security update for emacs

Revisions pulled up:
- pkgsrc/editors/emacs/Makefile 1.109,1.110

  Module Name: pkgsrc
  Committed By: markd
  Date: Sun May  4 12:09:33 UTC 2008

  Modified Files:
  pkgsrc/editors/emacs: Makefile

  Log Message:
  Compile the file patched in the previous security update so that it is
  actually used.  Bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -r1.108 -r1.109 pkgsrc/editors/emacs/Makefile

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

---

  Module Name: pkgsrc
  Committed By: markd
  Date: Mon May  5 00:13:59 UTC 2008

  Modified Files:
  pkgsrc/editors/emacs: Makefile

  Log Message:
  Sigh, and the bit I missed out in the last commit. (Touch a couple of
  files so doesn't try to rebuild a bunch of stuff after the compile of
  the lisp file)

  To generate a diff of this commit:
  cvs rdiff -r1.109 -r1.110 pkgsrc/editors/emacs/Makefile

  Please note that diffs are not public domain; they are subject to the
  copyright notices on the relevant files.

(spz)

ticket #2347

(spz)

Pullup ticket 2347 - requested by tonnerre
security update for xpdf

Revisions pulled up:
- pkgsrc/print/xpdf/Makefile          1.65
- pkgsrc/print/xpdf/distinfo          1.33
- pkgsrc/print/xpdf/patches/patch-aq  1.3
- pkgsrc/print/xpdf/patches/patch-ar  1.4

  Module Name: pkgsrc
  Committed By: tonnerre
  Date: Sun Apr 20 15:48:12 UTC 2008

  Modified Files:
  pkgsrc/print/xpdf: Makefile distinfo
  Added Files:
  pkgsrc/print/xpdf/patches: patch-aq patch-ar

  Log Message:
  Fix embedded font handling (CVE-2008-1693). While at it, add a patch
  from upstream CVS which fixes display of 16-bit colors. Update from
  print/poppler.
  Approved-by: joerg

(spz)

ticket #2334

(spz)