Pullup ticket #2957.

(tron)

Pullup ticket #2957 - requested by abs
ampache: security update

Revisions pulled up:
- audio/ampache/Makefile 1.3
- audio/ampache/PLIST 1.4
- audio/ampache/distinfo 1.3
---
Module Name:    pkgsrc
Committed By:  abs
Date:          Mon Jan  4 20:46:06 UTC 2010

Modified Files:
        pkgsrc/audio/ampache: Makefile PLIST distinfo

Log Message:
Updated audio/ampache to 3.5.3

Addresses the following security issue:
        http://secunia.com/advisories/37867/

--------------------------------------------------------------------------
  v.3.5.3 20/12/2009
        - Added local authtype which uses PHP's PAM module
        - Correct potential security issues due to misuse of REQUEST for write
                operations rather then POST
                (Thx Raphael Geissert <geissert%debian.org@localhost>)

--------------------------------------------------------------------------
  v.3.5.2 19/11/2009
        - Fix typo that caused song count to not be set on tag xml response
        - Fix tag methods so that alpha_match and exact_match work
        - Fix limit and offset not working on search_songs API method
        - Fix import m3u on catalog build so it does something
        - Fix inconsistent view during catalog operations
        - Sort malformed files into "Unknown (Broken)" rather then leaving
                them in "Unknown (Orphaned)"
        - Fix API democratic voting methods (Thx kindachris)
        - Add server version information to API ping command
        - Fix Localplay API methods (Thx thomasa)
        - Improve bin/catalog_update.inc to allow only verify, clean or add
                (Thx ascheel)
        - Fix issue with batch download and UNC paths (Thx greengeek)
        - Added config option to turn caching on/off, Default is off
        - Fix issue where file tag pattern was ignored if files have no tag
                structure
        - Add TDRC to list of parsed id3v2 tags
        - Fix issue where rating could get cached and not update the
                display correctly until a page reload
        - Fix User Stats having a formating issue and not listing the
                active playlist correctly
        - Fix incorrect default ogg transcode target format in the default
                config file
        - Fix issue where the user preferences were not respected by
                the streaming code due to caching
        - Fix issue where prevent multiple logins would prevent all logins

--------------------------------------------------------------------------
  v.3.5.1 24/06/2009
        - Make the PHP error a little clearer for windows users by indicating
                that their version of PHP is < 5.3 (required for windows)
        - Fix random methods not working for Localplay
        - Fix extra space on prefixed albums (Thx ibizaman)
        - Add missing operator on tag and rating searches so they will
                work with other methods (Thx kiehnet%netscape.net@localhost)
        - Fix get_art_url() so it returns something...
        - Fix problem with creating new playlists where it doesn't work
                but appending to an existing did.
        - Fixed issue with url_to_song, also cleaned up the code a bit
        - Fixed issue with Random All Catalogs
        - Fixed issues with API and Tag methods not working as advertised
        - Fix endless loop in getid3() with malformed genre tags in mp3s
        - Fixed show test page always returning false on web path
        - Update Man page to adhear to newer Debian rules
        - Fixed issue with Videos being incorrectly registered with stats
                and now playing as songs.
        - Fixed missing > in HTML for song row

--------------------------------------------------------------------------
  v.3.5 05/05/2009
        - Added complete Czech translation (Thx martin hason)
        - Add the AlmightyOatmeal-Sanity check to prevent a clean from
                removing all songs if your mount failed, but is still
                readable by ampache
        - Make the Lang Install page prettier
        - Added Check for hash,inet_pton,windows PHP Version to init so
                that upgrades without pre-reqs are handled correctly
        - Allow mms,mmsh,mmsu,mmst,rstp in Radio Stream URLs
        - Fixed a problem where after adding a track to a saved playlist
                there was no UI response upon deleting the track without
                a page refresh
        - Fix an issue where the full version of the album art was never
                used even when requested
        - Fix maxlength on acl fields being to small for all IPv6 addresses
        - Add error message when file exists but is unreadable do not
                remove unreadable songs from catalog
        - Fixed missing title tag on song browse for the title
                (Thx flowerysong)
        - Fix htmlchar'd rss feed url
        - Fix Port not correctly being added to URL in most cases
                even when defined in config

(tron)

pullup #2955

(spz)

Pullup ticket 2955 - requested by taca
security update

Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.75
- pkgsrc/lang/php5/Makefile.common 1.39
- pkgsrc/lang/php5/PLIST 1.25
- pkgsrc/lang/php5/distinfo 1.71
- pkgsrc/lang/php5/patches/patch-ag 1.4
- pkgsrc/lang/php5/patches/patch-ah 1.3
- pkgsrc/textproc/php5-xsl/Makefile 1.13

Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Wed Dec 23 07:07:35 UTC 2009

  Modified Files:
          pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
          pkgsrc/lang/php5/patches: patch-ag patch-ah
  Removed Files:
          pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
              patch-bc patch-bd

  Log Message:
  Update lang/php5 to 5.2.12, security update.

  Security Enhancements and Fixes in PHP 5.2.12:

  * Fixed a safe_mode bypass in tempnam() identified by Grzegorz
    Stachowiak. (CVE-2009-3557, Rasmus)
  * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
    Stachowiak. (CVE-2009-3558, Rasmus)
  * Added "max_file_uploads" INI directive, which can be set to limit the
    number of file uploads per-request to 20 by default, to prevent possible
    DOS via temporary file exhaustion, identified by Bogdan
    Calin. (CVE-2009-4017, Ilia)
  * Added protection for $_SESSION from interrupt corruption and improved
    "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
    Stas)
  * Fixed bug #49785 (insufficient input string validation of
    htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

  Key enhancements in PHP 5.2.12 include:

  * Fixed unnecessary invocation of setitimer when timeouts have been
    disabled. (Arvind Srinivasan)
  * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
  * Fixed crash in SQLiteDatabase::ArrayQuery() and
    SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
  * Fixed crash when instantiating PDORow and PDOStatement through
    Reflection. (Felipe)
  * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
  * Fixed bug #50207 (segmentation fault when concatenating very large strings
    on 64bit linux). (Ilia)
  * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
    database). (Felipe)
  * Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
  * Fixed bug #50005 (Throwing through Reflection modified Exception object
    makes segmentation fault). (Felipe)
  * Fixed bug #49174 (crash when extending PDOStatement and trying to set
    queryString property). (Felipe)
  * Fixed bug #49098 (mysqli segfault on error). (Rasmus)
  * Over 50 other bug fixes.

  To generate a diff of this commit:
  cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
  cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
  cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
  cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
  cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
      pkgsrc/lang/php5/patches/patch-az
  cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
      pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
      pkgsrc/lang/php5/patches/patch-bd

  --------------------------------------------------------------------------

  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Wed Dec 23 07:08:31 UTC 2009

  Modified Files:
          pkgsrc/textproc/php5-xsl: Makefile

  Log Message:
  Reset PKGREVISION by implicit update to 5.2.12.

  To generate a diff of this commit:
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile

(spz)

pullup #2954

(spz)

Pullup ticket 2954 - requested by tonnerre
security update

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.40
- pkgsrc/net/wireshark/distinfo 1.27

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Thu Dec 10 19:03:31 UTC 2009

  Modified Files:
          pkgsrc/net/wireshark: Makefile distinfo

  Log Message:
  Update "wireshark" package to version 1.2.4. Changes since version 1.2.3:
  - Bug Fixes
    - Can't RTP stream in both directions. (Bug 4120)
  - Updated Protocol Support
    DCERPC, IPFIX/Netflow, IPv4, NAS EPS, RTCP, TIPC

  To generate a diff of this commit:
  cvs rdiff -u -r1.38 -r1.39 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.25 -r1.26 pkgsrc/net/wireshark/distinfo

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tonnerre
  Date:          Sun Dec 20 19:25:34 UTC 2009

  Modified Files:
          pkgsrc/net/wireshark: Makefile distinfo

  Log Message:
  Update wireshark to version 1.2.5 in order to fix wpna-sec-2009-09.

  Changes since 1.2.4:
  Bugfixes:
    * The following vulnerabilities have been fixed. See the security advisory
      for details and a workaround.
    * The Daintree SNA file parser could overflow a buffer. (Bug 4294)
    * The SMB and SMB2 dissectors could crash. (Bug 4301)
    * The IPMI dissector could crash on Windows. (Bug 4319)
    * Wireshark does not graph rtp streams. (Bug 3801)
    * Wireshark showing extraneous data in a TCP stream. (Bug 3955)
    * Wrong decoding of gtp.target identification. (Bug 3974)
    * TTE dissector bug. (Bug 4247)
    * Upper case in Lua pref symbol causes Wireshark to crash. (Bug 4255)
    * OpenBSD 4.5 build fails at epan/dissectors/packet-rpcap.c. (Bug 4258)
    * Incorrect display of stream data using "Follow tcp stream" option.
      (Bug 4288)
    * Custom RADIUS dictionary can cause a crash. (Bug 4316)

  Updated Protocol Support:
    * DAP, eDonkey, GTP, IPMI, MIP, RADIUS, RANAP, SMB, SMB2, TCP, TTE, VNC,
      X.509sat

  Updated Capture File Support:
    * Daintree SNA.

  To generate a diff of this commit:
  cvs rdiff -u -r1.39 -r1.40 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/wireshark/distinfo

(spz)

pullup #2953

(spz)

Pullup ticket 2953 - requested by tnn
security update

Revisions pulled up:
- pkgsrc/devel/xulrunner/Makefile              by patch
- pkgsrc/devel/xulrunner/distinfo              by patch
- pkgsrc/devel/xulrunner/mozilla-common.mk      by patch
- pkgsrc/www/firefox/Makefile                  by patch

  -------------------------------------------------------------------------
  firefox-3.5.6 & xulrunner-1.9.1.6 fix the following vulnerabilities:

  MFSA 2009-71 GeckoActiveXObject exception messages can be used to
                enumerate installed COM objects
  MFSA 2009-70 Privilege escalation via chrome window.opener
  MFSA 2009-69 Location bar spoofing vulnerabilities
  MFSA 2009-68 NTLM reflection vulnerability
  MFSA 2009-67 Integer overflow, crash in libtheora video library
  MFSA 2009-66 Memory safety fixes in liboggplay media library
  MFSA 2009-65 Crashes with evidence of memory corruption

(spz)

Pullup ticket #2952.

(tron)

Pullup ticket #2952 - requested by taca
typolight26: security update
typolight26-example: security update
typolight27: security update
typolight27-example: security update

Revisions pulled up:
- www/typolight/Makefile.common 1.14
- www/typolight26-example/Makefile 1.2
- www/typolight26-translations/Makefile 1.3
- www/typolight26/DEINSTALL 1.2
- www/typolight26/Makefile 1.3-1.5
- www/typolight26/distinfo 1.3
- www/typolight26/patches/patch-ad 1.1
- www/typolight26/patches/patch-ae 1.1
- www/typolight27-example/Makefile 1.2
- www/typolight27-translations/Makefile 1.33
- www/typolight27/DEINSTALL 1.2
- www/typolight27/Makefile 1.10-1.12
- www/typolight27/Makefile.version 1.8
- www/typolight27/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 22 16:18:00 UTC 2009

Modified Files:
pkgsrc/www/typolight: Makefile.common
pkgsrc/www/typolight26: Makefile
pkgsrc/www/typolight26-example: Makefile
pkgsrc/www/typolight26-translations: Makefile
pkgsrc/www/typolight27: Makefile
pkgsrc/www/typolight27-example: Makefile
pkgsrc/www/typolight27-translations: Makefile

Log Message:
Move LICENSE from typolight/Makefile.common to each Makefiles for
license change of forthcoming TYPOlihght 2.8(.RC1).
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 29 06:46:21 UTC 2009

Modified Files:
pkgsrc/www/typolight26: DEINSTALL Makefile

Log Message:
o DEINSTALL: remove .htacces under plugins/tcpdf/cache.
o make plugins/tcpdf/cache writable to web server.

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 29 06:46:37 UTC 2009

Modified Files:
pkgsrc/www/typolight27: DEINSTALL Makefile

Log Message:
o DEINSTALL: remove .htacces under plugins/tcpdf/cache.
o make plugins/tcpdf/cache writable to web server.

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 20 04:21:05 UTC 2009

Modified Files:
pkgsrc/www/typolight26: Makefile distinfo
Added Files:
pkgsrc/www/typolight26/patches: patch-ad patch-ae

Log Message:
Add security fix patches, refering http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html.

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 20 04:22:04 UTC 2009

Modified Files:
pkgsrc/www/typolight27: Makefile Makefile.version distinfo

Log Message:
Update to TYPOlight 2.7.6.

Only security updates: http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html.

(tron)

pullups #2950 + #2951

(spz)

Pullup ticket 2951 - requested by taca
security update

Revisions pulled up:
- pkgsrc/www/drupal6/Makefile 1.18
- pkgsrc/www/drupal6/PLIST 1.5
- pkgsrc/www/drupal6/distinfo 1.14
- pkgsrc/www/drupal6/files/drupal.conf 1.3

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Sat Dec 19 09:29:23 UTC 2009

  Modified Files:
          pkgsrc/www/drupal6: Makefile PLIST distinfo
          pkgsrc/www/drupal6/files: drupal.conf

  Log Message:
  Update www/drupal6 package to 6.15, fixing security problem.

  Drupal 6.15, 2009-12-16
  ----------------------
  - Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
  - Fixed a variety of other bugs.

  other pkgsrc changes:

  * Add PKG_DESTDIR_SUPPORT spport.
  * Use REPLACE_INTERPRETER.
  * Change default.settings.php handling to fix PR pkg/42355.

  To generate a diff of this commit:
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/drupal6/Makefile
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal6/PLIST
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/drupal6/distinfo
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal6/files/drupal.conf

(spz)

Pullup ticket 2950 - requested by taca
security update

Revisions pulled up:
- pkgsrc/www/drupal/Makefile most of the diff 1.42-1.43
- pkgsrc/www/drupal/PLIST 1.9
- pkgsrc/www/drupal/distinfo 1.33

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Sat Dec 19 09:20:23 UTC 2009

  Modified Files:
          pkgsrc/www/drupal: Makefile PLIST distinfo

  Log Message:
  Update www/drupal package to 5.21, fixing security problem.

  Drupal 5.21, 2009-12-16
  -----------------------
  - Fixed a security issue (Cross site scripting), see SA-CORE-2009-009.
  - Fixed a variety of small bugs.

  To generate a diff of this commit:
  cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/drupal/Makefile
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/drupal/PLIST
  cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/drupal/distinfo

(spz)

pullup #2949

(spz)

Pullup ticket 2949 - requested by tnn
security update

Revisions pulled up:
- pkgsrc/net/ntp4/Makefile 1.66
- pkgsrc/net/ntp4/distinfo 1.14

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tnn
  Date:          Tue Dec 15 10:53:21 UTC 2009

  Modified Files:
          pkgsrc/net/ntp4: Makefile distinfo

  Log Message:
  Update to ntp-4.2.4p8. Security fix for CVE-2009-3563 DoS vulnerability.

  To generate a diff of this commit:
  cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/ntp4/Makefile
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/ntp4/distinfo

(spz)

Pullup ticket #2948.

(tron)

Pullup ticket #2948 - requested by wiz
automake: security update

Revisions pulled up:
- devel/automake/Makefile 1.75
- devel/automake/distinfo 1.31
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Dec  9 14:39:18 UTC 2009

Modified Files:
pkgsrc/devel/automake: Makefile distinfo

Log Message:
Update to 1.11.1:

Bugs fixed in 1.11.1:

  - Lots of minor bugfixes.

* Bugs introduced by 1.11:

  - The `parallel-tests' test driver works around a GNU make 3.80 bug with
    trailing white space in the test list (`TESTS = foo $(EMPTY)').

* Long standing bugs:

  - On Darwin 9, `pythondir' and `pyexecdir' pointed below `/Library/Python'
    even if the `--prefix' argument pointed outside of a system directory.
    AM_PATH_PYTHON has been fixed to ignore the value returned from python's
    `get_python_lib' function if it points outside the configured prefix,
    unless the `--prefix' argument was either `/usr' or below `/System'.

  - The testsuite does not try to change the mode of `ltmain.sh' files from
    a Libtool installation (symlinked to test directories) any more.

  - AM_PROG_GCJ uses AC_CHECK_TOOLS to look for `gcj' now, so that prefixed
    tools are preferred in a cross-compile setup.

  - The distribution is tarred up with mode 755 now by the `dist*' targets.
    This fixes a race condition where untrusted users could modify files
    in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel
    build directory was world-searchable.  This is CVE-2009-4029.

(tron)

pullup #2944

(spz)

Pullup ticket 2944 - requested by tron
security update

Revisions pulled up:
- pkgsrc/databases/phpmyadmin/Makefile 1.80
- pkgsrc/databases/phpmyadmin/distinfo 1.42

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Thu Dec  3 12:05:10 UTC 2009

  Modified Files:
          pkgsrc/databases/phpmyadmin: Makefile distinfo

  Log Message:
  Update "phpmyadmin" package to version 2.11.9.6. Changes since 2.11.9.5:
  - [security] XSS and SQL injection, thanks to Herman van Rink

  To generate a diff of this commit:
  cvs rdiff -u -r1.79 -r1.80 pkgsrc/databases/phpmyadmin/Makefile
  cvs rdiff -u -r1.41 -r1.42 pkgsrc/databases/phpmyadmin/distinfo
  -------------------------------------------------------------------------

(spz)

Pullup ticket #2945.

(tron)

Pullup ticket #2945 - requested by spz
rt3: security update

Revisions pulled up:
- devel/rt3/Makefile 1.40
- devel/rt3/Makefile.install 1.14
- devel/rt3/PLIST 1.16
- devel/rt3/distinfo 1.14
---
Module Name:    pkgsrc
Committed By:  spz
Date:          Fri Dec  4 09:30:20 UTC 2009

Modified Files:
        pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo

Log Message:
update of rt3 to next version (without the session hijacking vulnerability)

upstream changelog:
UPGRADING FROM 3.8.5 and earlier - Changes:

You can now forward an entire Ticket history (in addition to specific
transactions) but this requires a new Template called forward ticket.
This template will be added when you run.

/opt/rt3/sbin/rt-setup-database --dba root --prompt-for-dba-password --action
upgrade

Custom fields with categories can optionally be split out into
hierarchical custom fields.  If you wish to convert your old
category-based custom fields, run:

    perl etc/upgrade/split-out-cf-categories

It will prompt you for each custom field with categories that it
finds, and the name of the custom field to create to store the
categories.

If you were using the LocalizedDateTime RT::Date formatter from code
and passing a DateFormat or TimeFormat argument, you need to switch from
the strftime methods to the cldr methods (ie full_date_format becomes
date_format_full)
You may have done this from your RT_SiteConfig.pm by using
Set($DateTimeFormat, { Format => 'LocalizedDateTime', DateFormat =>
'medium_date_format' );

(tron)

Pullup tickets #2940 and #2943.

(tron)

Pullup ticket #2943 - requested by wiz
libvorbis: security patch

Revisions pulled up:
- audio/libvorbis/Makefile 1.49
- audio/libvorbis/distinfo 1.18
- audio/libvorbis/patches/patch-aa 1.5
- audio/libvorbis/patches/patch-ab 1.5
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Dec  2 12:41:25 UTC 2009

Modified Files:
pkgsrc/audio/libvorbis: Makefile distinfo
Added Files:
pkgsrc/audio/libvorbis/patches: patch-aa patch-ab

Log Message:
Apply some possible security fixes from upstream SVN.
Glanced from links in mozilla advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
and Fedora Core patches for 1.2.0.

Bump PKGREVISION.

(tron)

Pullup ticket #2940 - requested by taca
pear-Mail: security update

Revisions pulled up:
- mail/pear-Mail/Makefile 1.10
- mail/pear-Mail/distinfo 1.3-1.4
- mail/pear-Mail/patches/patch-ab 1.1
- mail/pear-Mail/patches/patch-aa 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 30 06:16:56 UTC 2009

Modified Files:
pkgsrc/mail/pear-Mail: Makefile distinfo
Added Files:
pkgsrc/mail/pear-Mail/patches: patch-aa

Log Message:
Add a fix for http://secunia.com/advisories/37410/ refering
Debian's patch via http://secunia.com/advisories/37458/

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Dec  3 08:11:40 UTC 2009

Modified Files:
pkgsrc/mail/pear-Mail: distinfo
Added Files:
pkgsrc/mail/pear-Mail/patches: patch-ab

Log Message:
Try to fix build problem on amd64 (at least).

(tron)

Backout changes related to ticket #2940 which were committed by accident.

(tron)

Backout changes related to ticket #2940 which were committed by accident.

(tron)

Pullup tickets #2941 and #2942.

(tron)

Pullup ticket #2492 - requested by fhajny
apr: security update

Revisions pulled up:
- devel/apr/Makefile 1.60
- devel/apr/distinfo 1.28
---
Module Name:    pkgsrc
Committed By:  fhajny
Date:          Wed Dec  2 11:36:27 UTC 2009

Modified Files:
        pkgsrc/devel/apr: Makefile distinfo

Log Message:
Update to 1.3.9 (security fix).

Changes for APR 1.3.9

  *) SECURITY: CVE-2009-2699 (cve.mitre.org)
    Faulty error handling in the Solaris pollset support
    (Event Port backend) which could trigger hangs in the prefork
    and event MPMs on that platform.  PR 47645.  [Jeff Trawick]

(tron)

Pullup ticket #2941 - requested by minskim
databases/ruby-activerecord: security update
devel/ruby-activesupport: security update
mail/ruby-actionmailer: security update
www/rails: security update
www/ruby-actionpack: security update
www/ruby-activeresource security update

Revisions pulled up:
- databases/ruby-activerecord/Makefile 1.17
- databases/ruby-activerecord/distinfo 1.17
- devel/ruby-activesupport/Makefile 1.20
- devel/ruby-activesupport/PLIST 1.16
- devel/ruby-activesupport/distinfo 1.17
- mail/ruby-actionmailer/Makefile 1.16
- mail/ruby-actionmailer/distinfo 1.17
- www/rails/Makefile 1.17
- www/rails/distinfo 1.13
- www/ruby-actionpack/Makefile 1.18
- www/ruby-actionpack/PLIST 1.18
- www/ruby-actionpack/distinfo 1.19
- www/ruby-activeresource/Makefile 1.7
- www/ruby-activeresource/distinfo 1.7
---
Module Name:    pkgsrc
Committed By:  minskim
Date:          Tue Dec  1 23:24:24 UTC 2009

Modified Files:
        pkgsrc/databases/ruby-activerecord: Makefile distinfo
        pkgsrc/devel/ruby-activesupport: Makefile PLIST distinfo
        pkgsrc/mail/ruby-actionmailer: Makefile distinfo
        pkgsrc/www/rails: Makefile distinfo
        pkgsrc/www/ruby-actionpack: Makefile PLIST distinfo
        pkgsrc/www/ruby-activeresource: Makefile distinfo

Log Message:
Update rails packages to 2.3.5.  This fixes a cross-site scripting
vulnerability in ruby-actionpack.

Major changes:
- Improved compatibility with Ruby 1.9
- RailsXss plugin availability
- Fixes for the Nokogiri backend for XmlMini

(tron)

pullup #2938

(spz)

Pullup ticket 2938 - requested by tron
security update

Revisions pulled up:
- pkgsrc/net/bind95/Makefile 1.13
- pkgsrc/net/bind95/PLIST 1.4
- pkgsrc/net/bind95/distinfo 1.11
- pkgsrc/net/bind95/patches/patch-ac 1.3
- pkgsrc/net/bind95/patches/patch-ad 1.3
- pkgsrc/net/bind95/patches/patch-ai 1.3

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  joerg
  Date:          Wed Nov 25 23:25:44 UTC 2009

  Modified Files:
          pkgsrc/net/bind95: Makefile distinfo
          pkgsrc/net/bind95/patches: patch-ad patch-ai

  Log Message:
  Not MAKE_JOBS_SAFE. Prepare for libtool-2.2.

  To generate a diff of this commit:
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/net/bind95/Makefile
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/bind95/distinfo
  cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/net/bind95/patches/patch-ad \
      pkgsrc/net/bind95/patches/patch-ai

  -------------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tron
  Date:          Mon Nov 30 11:58:30 UTC 2009

  Modified Files:
          pkgsrc/net/bind95: Makefile PLIST distinfo
          pkgsrc/net/bind95/patches: patch-ac patch-ad patch-ai

  Log Message:
  Update "bind95" package to version 9.5.2pl1. Changes since 9.5.1pl3:
  - Security fix for CVE-2009-4022 (incorrect DNSSEC validation)
  - Bug fixes

  To generate a diff of this commit:
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/bind95/Makefile
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind95/PLIST
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/bind95/distinfo
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind95/patches/patch-ac \
      pkgsrc/net/bind95/patches/patch-ad pkgsrc/net/bind95/patches/patch-ai

(spz)

Pullup ticket #2939.

(tron)

Pullup ticket #2939 - requested by taca
php5: security patch

Revisions pulled up:
- lang/php5/Makefile 1.73-1.74
- lang/php5/distinfo 1.69-1.70
- lang/php5/patches/patch-ag 1.3
- lang/php5/patches/patch-ah 1.2
- lang/php5/patches/patch-ay 1.2
- lang/php5/patches/patch-az 1.1-1.2
- lang/php5/patches/patch-ba 1.1
- lang/php5/patches/patch-bb 1.1
- lang/php5/patches/patch-bc 1.1
- lang/php5/patches/patch-bd 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:49:06 UTC 2009

Modified Files:
pkgsrc/lang/php5: Makefile distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-az

Log Message:
Add patch to check byte sequence more strictly in htmlspecialchars().

http://bugs.php.net/bug.php?id=49785

These are patch refrects r289411, r289554, r289565, r289567 and r289605
in PHP svn repositry.

Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 30 06:14:08 UTC 2009

Modified Files:
pkgsrc/lang/php5: Makefile distinfo
pkgsrc/lang/php5/patches: patch-ag patch-ah patch-ay patch-az
Added Files:
pkgsrc/lang/php5/patches: patch-ba patch-bb patch-bc patch-bd

Log Message:
Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry.

1. CVE-2009-3292 is already fixed in 5.2.11.

2. CVE-2009-3558

http://svn.php.net/viewvc?view=revision&revision=288934

3. CVE-2009-3557

http://svn.php.net/viewvc?view=revision&revision=288945
http://svn.php.net/viewvc?view=revision&revision=288971

4. CVE-2009-4017

http://svn.php.net/viewvc?view=revision&revision=289990
http://svn.php.net/viewvc?view=revision&revision=290820
http://svn.php.net/viewvc?view=revision&revision=290885

Other pkgsrc changes:

* Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended.
* Add comments to some of patch files.

Bump PKGREVISION.

(tron)

Pullup ticket #2937.

(tron)

Pullup ticket #2937 - requested by tnn
gtk2: portability fix

Revisions pulled up:
- x11/gtk2/Makefile 1.191 (via patch)
- x11/gtk2/distinfo 1.118 (via patch)
- x11/gtk2/patches/patch-af 1.16
---
Module Name: pkgsrc
Committed By: tnn
Date: Fri Nov 27 16:54:30 UTC 2009

Modified Files:
pkgsrc/x11/gtk2: Makefile distinfo
Added Files:
pkgsrc/x11/gtk2/patches: patch-af

Log Message:
Use ${COMPILER_RPATH_FLAG} instead of -R for X_LIBS in pkg-config files.
This fixes firefox run-time breakage with native X11 on netbsd-4 caused by
pkgsrc wrappers not dealing with -R.
Bump PKGREVISION.

(tron)

Pullup #2936

(spz)

Pullup ticket 2936 - requested by tron
security update

Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile 1.22
- pkgsrc/databases/mysql5-client/Makefile.common 1.36
- pkgsrc/databases/mysql5-client/PLIST 1.12
- pkgsrc/databases/mysql5-client/distinfo 1.27
- pkgsrc/databases/mysql5-server/Makefile 1.29
- pkgsrc/databases/mysql5-server/PLIST 1.15
- pkgsrc/databases/mysql5-server/distinfo 1.23
- pkgsrc/databases/mysql5-server/patches/patch-ab 1.6
- pkgsrc/databases/mysql5-server/patches/patch-al 1.4
- pkgsrc/databases/mysql5-server/patches/patch-an 1.6

Deleted files:
- pkgsrc/databases/mysql5-client/patches/patch-bh
- pkgsrc/databases/mysql5-client/patches/patch-bi
- pkgsrc/databases/mysql5-client/patches/patch-bj
- pkgsrc/databases/mysql5-server/patches/patch-ac
- pkgsrc/databases/mysql5-server/patches/patch-ad

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Nov 26 16:33:30 UTC 2009

  Modified Files:
  pkgsrc/databases/mysql5-client: Makefile Makefile.common PLIST distinfo
  pkgsrc/databases/mysql5-server: Makefile PLIST distinfo
  pkgsrc/databases/mysql5-server/patches: patch-ab patch-al patch-an
  Removed Files:
  pkgsrc/databases/mysql5-client/patches: patch-bh patch-bi patch-bj
  pkgsrc/databases/mysql5-server/patches: patch-ac patch-ad

  Log Message:
  Update "mysql5-client" and "mysql5-server" package to version 5.0.88.
  This release fixes a large number of bugs and security vulnerabilities
  including SA37372.

  For detailed list of all the changes since 5.0.67 have a look here, please:
  http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html

  To generate a diff of this commit:
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/databases/mysql5-client/Makefile
  cvs rdiff -u -r1.35 -r1.36 pkgsrc/databases/mysql5-client/Makefile.common
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/databases/mysql5-client/PLIST
  cvs rdiff -u -r1.26 -r1.27 pkgsrc/databases/mysql5-client/distinfo
  cvs rdiff -u -r1.3 -r0 pkgsrc/databases/mysql5-client/patches/patch-bh
  cvs rdiff -u -r1.1 -r0 pkgsrc/databases/mysql5-client/patches/patch-bi \
      pkgsrc/databases/mysql5-client/patches/patch-bj
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-server/Makefile
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/mysql5-server/PLIST
  cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/mysql5-server/distinfo
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/mysql5-server/patches/patch-ab \
      pkgsrc/databases/mysql5-server/patches/patch-an
  cvs rdiff -u -r1.8 -r0 pkgsrc/databases/mysql5-server/patches/patch-ac
  cvs rdiff -u -r1.4 -r0 pkgsrc/databases/mysql5-server/patches/patch-ad
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/databases/mysql5-server/patches/patch-al

(spz)

Pullup ticket #2922.

(tron)

Pullup ticket 2922 - requested by he
scribus: build fix

Revisions pulled up:
- print/scribus/Makefile 1.64
- print/scribus/distinfo 1.22
- print/scribus/patches/patch-ai 1.2
---
Module Name: pkgsrc
Committed By: he
Date: Sat Oct 24 13:41:05 UTC 2009

Modified Files:
pkgsrc/print/scribus: Makefile

Log Message:
Add INSTALLATION_DIRS of share/pixmap, that way we ensure that it doesn't
end up as a file instead of as a directory.  Fixes old-style bulk builds
for subsequent packages which want to install in that directory.
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 28 00:53:56 UTC 2009

Modified Files:
pkgsrc/print/scribus: distinfo
pkgsrc/print/scribus/patches: patch-ai

Log Message:
We want to stinking lib64, thanks. Fixes packages on amd64 and other
64bit platforms.

(tron)

Pullup ticket #2935.

(tron)

Pullup ticket #2935 - requested by taca
bind96: security update

Revisions pulled up:
- net/bind96/Makefile 1.11
- net/bind96/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Nov 25 09:50:07 UTC 2009

Modified Files:
pkgsrc/net/bind96: Makefile distinfo

Log Message:
Update BIND 9.6.1-P2.

--- 9.6.1-P2 released ---

2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]

(tron)

Pullup ticket #2934.

(tron)

Pullup ticket #2934 - requested by obache
gnats: build fix

Revisions pulled up:
- databases/gnats/distinfo 1.10-1.11
- databases/gnats/patches/patch-ah 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Mon Nov 16 11:47:37 UTC 2009

Modified Files:
pkgsrc/databases/gnats: distinfo

Log Message:
Re-add missing distinfo entries, lost in the previous commit.
PR 42330.
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Nov 17 04:37:02 UTC 2009

Modified Files:
pkgsrc/databases/gnats: distinfo
pkgsrc/databases/gnats/patches: patch-ah

Log Message:
patch-ah was broken (wrong paths).

(tron)

Pullup tickets #2932 and #2933.

(tron)

Pullup ticket #2933 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile 1.6
- www/wordpress/PLIST 1.4
- www/wordpress/distinfo 1.5
---
Module Name:    pkgsrc
Committed By:  adrianp
Date:          Thu Nov 12 22:05:55 UTC 2009

Modified Files:
        pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with
define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in
certain Apache configurations

(tron)

Pullup ticket #2932 - requested by obache
selectwm: portability fix

Revisions pulled up:
- wm/selectwm/distinfo 1.4
- wm/selectwm/patches/patch-ad 1.1
---
Committed By: obache
Date: Thu Nov 12 04:34:45 UTC 2009

Modified Files:
pkgsrc/wm/selectwm: distinfo
Added Files:
pkgsrc/wm/selectwm/patches: patch-ad

Log Message:
Add a patch-ad to avoid conflict with getline(3) in IEEE Std 1003.1-2008.
PR 42292.

(tron)

pullup #2931

(spz)

Pullup ticket 2931 - requested by tron
MASTER_SITES list update

Revisions pulled up:
- pkgsrc/www/apache22/Makefile patch 1.53 to 1.54

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Nov 11 22:28:51 UTC 2009

  Modified Files:
  pkgsrc/www/apache22: Makefile

  Log Message:
  Provide working URLs for fetching old Apache releases.

  To generate a diff of this commit:
  cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/Makefile

(spz)

Pullup ticket #2928.

(tron)

Pullup ticket #2928 - requested by tez
acroread8: security update

Revisions pulled up:
- print/acroread8/Makefile 1.9-1.10
- print/acroread8/PLIST 1.3
- print/acroread8/PLIST.Linux 1.1
- print/acroread8/PLIST.SunOS 1.1
- print/acroread8/distinfo 1.7
- print/acroread8/files/acroread.diff 1.2
---
Module Name:    pkgsrc
Committed By:  tez
Date:          Wed Nov  4 23:37:53 UTC 2009

Modified Files:
        pkgsrc/print/acroread8: Makefile PLIST distinfo
        pkgsrc/print/acroread8/files: acroread.diff
Added Files:
        pkgsrc/print/acroread8: PLIST.Linux PLIST.SunOS

Log Message:
update to 8.1.7 for apsb09-15
add support for solaris-sparc - pr#40154
---
Module Name:    pkgsrc
Committed By:  tez
Date:          Mon Nov  9 19:14:53 UTC 2009

Modified Files:
        pkgsrc/print/acroread8: Makefile

Log Message:
Fix PLIST handling for linux emulation installs (pr#42278)

(tron)

pullup #2927

(spz)

Pullup ticket 2927 - requested by obache
security update

Revisions pulled up:
- pkgsrc/www/p5-HTML-Parser/Makefile 1.47
- pkgsrc/www/p5-HTML-Parser/distinfo 1.22

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: sno
  Date: Sat Oct 24 16:07:16 UTC 2009

  Modified Files:
  pkgsrc/www/p5-HTML-Parser: Makefile distinfo

  Log Message:
  Updating www/p5-HTML-Parser from 3.62 to 3.63

  Upstream changes:
  2009-10-22  Release 3.63

  Gisle Aas (2):
      Take more care to prepare the char range for encode_entities [RT#50170]
      decode_entities confused by trailing incomplete entity

  To generate a diff of this commit:
  cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/p5-HTML-Parser/Makefile
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/p5-HTML-Parser/distinfo

(spz)

pullup #2924

(spz)

Pullup ticket 2924 - requested by tron
security update

Revisions pulled up:
- pkgsrc/net/wireshark/Makefile 1.38
- pkgsrc/net/wireshark/distinfo 1.25

  -------------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Oct 28 11:53:40 UTC 2009

  Modified Files:
  pkgsrc/net/wireshark: Makefile distinfo

  Log Message:
  Update "wireshark" package to version 1.2.3. Changes since version 1.2.2:
  - The following vulnerabilities have been fixed. See the security
    advisory for details and a workaround.
    o The Paltalk dissector could crash on alignment-sensitive
      processors. (Bug 3689)
      Versions affected: 1.2.0 to 1.2.2
    o The DCERPC/NT dissector could crash.
      Versions affected: 0.10.10 to 1.2.2
    o The SMB dissector could crash.
      Versions affected: 1.2.0 to 1.2.2
  - The following bugs have been fixed:
    o Wireshark memory leak with each file open and/or display
      filter change. (Bug 2375)
    o DHCP Dissector displays negative lease time. (Bug 2733)
    o Invalid advertised window line on tcptrace style graph. (Bug
      3417)
    o SMB get_dfs_referral referral entry is not dissected
      correctly. (Bug 3542)
    o Error dissecting eMule sourceOBFU message. (Bug 3848)
    o Typos in Diameter XML files. (Bug 3878)
    o RSL dissector for MS Power IE is broken. (Bug 4017)
    o Manifest problem in 1.2.2 Win64 build. (Bug 4024)
    o FIP dissector throws assertion. (Bug 4046)
    o TCAP problem with indefinite length 'components' SEQ OF. (Bug
      4053)
    o GSM MAP: an-APDU not decoded. (Bug 4095)
    o Add "Drag and Drop entries..." message on Columns preferences
      page. (Bug 4099)
    o Editcap -t and -w option parses fractional digits incorrectly.
      (Bug 4162)
  - Updated Protocol Support
    DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP,
    Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS

  To generate a diff of this commit:
  cvs rdiff -u -r1.37 -r1.38 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/wireshark/distinfo

(spz)

Pullup ticket #2925.

(tron)

Pullup ticket #2925 - requested by martti
clamav: bug fix update

Revisions pulled up:
- mail/clamav/Makefile 1.97
- mail/clamav/distinfo 1.61
- mail/clamav/patches/patch-ad 1.19
- mail/clamav/patches/patch-af 1.10
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Oct 29 07:06:09 UTC 2009

Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
pkgsrc/mail/clamav/patches: patch-ad patch-af

Log Message:
Updated mail/clamav to 0.95.3

* bug fixes

(tron)

Pullup ticket #2926.

(tron)

Pullup ticket #2926 - requested by joerg
mk/pkginstall/usergroup: portability fix

Revisions pulled up:
- mk/pkginstall/usergroup 1.3
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Oct 29 07:06:09 UTC 2009

Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
pkgsrc/mail/clamav/patches: patch-ad patch-af

Log Message:
Updated mail/clamav to 0.95.3

* bug fixes

(tron)

Backout unintentional change which is not related to ticket #2923.

(tron)

Pullup ticket #2923.

(tron)

Pullup ticket #2923 - requested by tnn
xulrunner: security update
firefox: security update

Revisions pulled up:
- devel/xulrunner/Makefile 1.24-1.25
- devel/xulrunner/PLIST 1.17-1.18
- devel/xulrunner/distinfo 1.13-1.14
- devel/xulrunner/mozilla-common.mk 1.2
- devel/xulrunner/patches/patch-aa 1.2
- devel/xulrunner/patches/patch-aq 1.3
- devel/xulrunner/patches/patch-ay 1.1
- devel/xulrunner/patches/patch-mf 1.2
- devel/xulrunner/patches/patch-mn 1.2
- devel/xulrunner/patches/patch-nb delete
- devel/xulrunner/patches/patch-nc delete
- devel/xulrunner/patches/patch-pd 1.2
- devel/xulrunner/patches/patch-ra 1.1
- devel/xulrunner/patches/patch-rb 1.1
- devel/xulrunner/patches/patch-rc 1.1
- www/firefox/Makefile 1.60-1.61
- www/firefox/PLIST 1.39
- www/firefox/distinfo delete
- www/firefox/patches/patch-aa delete
- www/firefox/patches/patch-ao delete
- www/firefox/patches/patch-ma delete
- www/firefox/patches/patch-mi delete
- www/firefox/patches/patch-mk delete
- www/firefox/patches/patch-mm delete
- www/firefox/patches/patch-ra delete
- www/firefox/patches/patch-rb delete
- www/firefox/patches/patch-rc delete
---
Module Name: pkgsrc
Committed By: tnn
Date: Sun Oct 11 10:49:57 UTC 2009

Modified Files:
pkgsrc/devel/xulrunner: Makefile PLIST distinfo
pkgsrc/devel/xulrunner/patches: patch-aa
pkgsrc/www/firefox: Makefile
Added Files:
pkgsrc/devel/xulrunner/patches: patch-ay patch-ra patch-rb
patch-rc Removed Files:
pkgsrc/www/firefox: distinfo
pkgsrc/www/firefox/patches: patch-aa patch-ao patch-ma patch-mi
    patch-mk patch-mm patch-ra patch-rb patch-rc

Log Message:
- allow firefox and xulrunner to share some infrastructure
- install headers for plugin and liveconnect (needed by openjdk7-icedtea-plugin)
- bump revision for both packages
---
Module Name: pkgsrc
Committed By: tnn
Date: Wed Oct 28 11:36:36 UTC 2009

Modified Files:
pkgsrc/devel/xulrunner: Makefile PLIST distinfo
mozilla-common.mk pkgsrc/devel/xulrunner/patches: patch-aq patch-mf
patch-mn patch-pd pkgsrc/www/firefox: Makefile PLIST
Removed Files:
pkgsrc/devel/xulrunner/patches: patch-nb patch-nc

Log Message:
Security and bugfix update of firefox (to 3.5.4) and xulrunner (to
1.9.1.4) Also fix broken DESTDIR support.

Fixes the following security issues:
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/
1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS
() MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing

(tron)

Pullup ticket #2921 - requested by joerg
pkg_install: bug fix

Revisions pulled up:
- pkgtools/pkg_install/files/lib/pkgdb.c 1.36
- pkgtools/pkg_install/files/lib/version.h 1.142
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 22 22:51:29 UTC 2009

Modified Files:
pkgsrc/pkgtools/pkg_install/files/lib: pkgdb.c version.h

Log Message:
pkg_install-20091009:
Do not overwrite a string with itself using snprintf. This breaks
setting the pkgdb directory internally on Linux. Explicitly check
if the string is the same and otherwise just use xstrdup.

(tron)

Pullup tickets #2920 and #2921.

(tron)

Pullup ticket #2920 - requested by taca
typo3: security update

Revisions pulled up:
- www/typo3/Makefile 1.16
- www/typo3/PLIST 1.8
- www/typo3/distinfo 1.10
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:53:09 UTC 2009

Modified Files:
pkgsrc/www/typo3: Makefile PLIST distinfo

Log Message:
Update www/typo3 package to 4.2.10.  It fixes multiple security issues
found in TYPO3 core.

      http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

2009-10-22  Oliver Hader  <oliver@typo3.org>

* Release of TYPO3 4.2.10

2009-10-22  Ernesto Baschny <ernst@cron-it.de>

* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)

2009-10-21  Rupert Germann  <rupi@gmx.li>

* Fixed bug #12280: Error Message while creating empty Folders (thanks to Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for keyboard input in CLI scripts

2009-10-21  Steffen Kamper  <info@sk-typo3.de>

* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)

2009-10-15  Rupert Germann  <rupi@gmx.li>

* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in functions which depend on an existing resultset (thanks to Felix Oertel)

2009-10-11  Rupert Germann  <rupi@gmx.li>

* Fixed bug #10971: Fatal error in impexp module: Call to a member function includeLLFile() on a non-object (thanks to Andre Steiling)

2009-10-10  Rupert Germann  <rupi@gmx.li>

* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with activated output compression (thanks to Steffen Gebert)

2009-09-29  Oliver Hader  <oliver@typo3.org>

* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)

(tron)

Pullup tickets #2918 and #2919.

(tron)

Pullup ticket #2919 - requested by taca
gd: security patch

Revisions pulled up:
- graphics/gd/Makefile 1.81
- graphics/gd/distinfo 1.30-1.31
- graphics/gd/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:39:55 UTC 2009

Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-ad

Log Message:
Fix gd library security problem refering PHP's SVN repositry.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546

Bump PKGREVISION.
(This fix is for php5 only and I don't know about php4.)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 15:20:53 UTC 2009

Modified Files:
pkgsrc/graphics/gd: distinfo

Log Message:
Oops, update distinfo.

(tron)

Pullup ticket #2918 - requested by taca:
php-gd: security patch

Revisions pulled up:
- graphics/php-gd/Makefile 1.20
- lang/php5/distinfo 1.68
- lang/php5/patches/patch-ay 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:37:47 UTC 2009

Modified Files:
pkgsrc/graphics/php-gd: Makefile
pkgsrc/lang/php5: distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-ay

Log Message:
Add a patch from PHP's SVN repositry to fix gd library security problem.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546>

(tron)

Pullup ticket #2916.

(tron)

Pullup ticket #2916 - requested by he
parrot: build fix

Revisions pulled up:
- lang/parrot/Makefile 1.23
- lang/parrot/PLIST.Darwin 1.1
- lang/parrot/PLIST.shared 1.1
- lang/parrot/distinfo 1.17-1.18
- lang/parrot/patches/patch-af 1.3
- lang/parrot/patches/patch-ag 1.3
- lang/parrot/patches/patch-ai 1.1
- lang/parrot/patches/patch-aj 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Wed Oct 21 14:23:14 UTC 2009

Modified Files:
pkgsrc/lang/parrot: Makefile distinfo
Added Files:
pkgsrc/lang/parrot/patches: patch-af patch-ag patch-ai patch-aj

Log Message:
Update parrot from version 1.6.0 to 1.6.0nb1.

Pkgsrc changes:
o Enable shared libraries for NetBSD, and deal with the resulting
  fallout: tests which are written in C need to point their run-path
  to the build version of the shared libraries.
o The default is shared libs with .so, except for on Darwin, where
  shared libs are named differently.  The Darwin part is untested.
---
Module Name: pkgsrc
Committed By: he
Date: Thu Oct 22 11:31:44 UTC 2009

Modified Files:
pkgsrc/lang/parrot: distinfo

Log Message:
I'm terribly sorry, patch-ai had the incorrect checksum.
This update fixes it.
---
Module Name: pkgsrc
Committed By: he
Date: Thu Oct 22 12:59:58 UTC 2009

Added Files:
pkgsrc/lang/parrot: PLIST.Darwin PLIST.shared

Log Message:
Sorry once again, these two files should have been committed
as part of the 1.6.0nb1 update.

(tron)

Pullup ticket #2917.

(tron)

Pullup ticket #2917 - requested by joerg
nbpatch: portability fix

Revisions pulled up:
- devel/nbpatch/Makefile 1.4
- devel/nbpatch/files/inp.c 1.6
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 21 17:17:04 UTC 2009

Modified Files:
pkgsrc/devel/nbpatch: Makefile
pkgsrc/devel/nbpatch/files: inp.c

Log Message:
nbpatch-20091021:
Do not try to mmap a zero length file. This can fail e.g. on Solaris.

(tron)

Pullup ticket #2915.

(tron)

sys/fs/smbfs/smbfs_smb.c 1.41
sys/fs/smbfs/smbfs_subr.h 1.20

Add support for 64 bit file offsets to smbfs_smb_setfsize(), largely
based on code taken from FreeBSD.

This stops truncation of files larger than 4GB by VOP_SETATTR() which e.g.
happened when copying large files "rump_smbfs". Kudos to Antti Kantee
for diagnosing the problem in smbfs_smb_setfsize().
[tron, ticket #4711]

(tron)

Pullup tickets #2913 and #2914.

(tron)

Pullup ticket #2914 - requested by joerg
unbound: security update

Revisions pulled up:
- net/unbound/Makefile 1.5
- net/unbound/distinfo 1.5
---
Module Name: pkgsrc
Committed By: joerg
Date: Mon Oct 19 17:03:33 UTC 2009

Modified Files:
pkgsrc/net/unbound: Makefile distinfo

Log Message:
Update to unbound-1.3.4:
- Fixed bug where NSEC3 signature was not checked. This meant that
  a DS could be spoofed away by a carefully crafted packet.
  A downgrade attack on existing secure delegations.
- updated iana port list.

(tron)

Pullup ticket #2913 - requested by tez
xpdf: security patch

Revisions pulled up:
- print/xpdf/Makefile 1.68
- print/xpdf/distinfo 1.35
---
Module Name:    pkgsrc
Committed By:  tez
Date:          Fri Oct 16 19:36:29 UTC 2009

Modified Files:
        pkgsrc/print/xpdf: Makefile distinfo

Log Message:
update to xpdf-3.02pl4 to fix CVE-2009-3603, CVE-2009-3604, CVE-2009-3606,
CVE-2009-3608 & CVE-2009-3609

(tron)

Pullup tickets #2911 and #2912.

(tron)

Pullup ticket #2912 - requested by hasso
perl5: portability patch

Revisions pulled up:
- lang/perl5/distinfo 1.61
- lang/perl5/patches/patch-db 1.1
---
Module Name:    pkgsrc
Committed By:  hasso
Date:          Tue Oct 13 10:38:31 UTC 2009

Modified Files:
        pkgsrc/lang/perl5: distinfo
Added Files:
        pkgsrc/lang/perl5/patches: patch-db

Log Message:
Fix thread library detection on DragonFly. From corecode via PR 42170.

(tron)

Pullup ticket #2911 - requested by joerg
py-django: bug-fix update

Revisions pulled up:
- www/py-django/Makefile 1.20
- www/py-django/distinfo 1.11
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Oct 13 18:19:24 UTC 2009

Modified Files:
pkgsrc/www/py-django: Makefile distinfo

Log Message:
Django 1.0.4:
Fix a regular expression used by the form validation code to not trigger
pathologoical performance cases for certain inputs.

(tron)

Add a file to track changes on the pkgsrc-2009Q3 branch.

(agc)