[odc] Daily ports changes for 2007-06-17
ODC
auto at squish.net
Mon Jun 18 07:00:08 BST 2007
OpenBSD ports changes summary for 2007-06-17
============================================
INDEX emulators/gxemul
mail/mutt net/maradns
www/firefox-i18n www/lighttpd
www/moinmoin www/mozilla-firefox
www/php5 www/phpmyadmin
x11/gnome x11/mplayer
x11/wmii
== INDEX ============================================================= 01/06 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/INDEX
INDEX
> synch 4445 unzels (espie@)
== emulators ========================================================= 02/06 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/emulators
gxemul
~ Makefile ~ distinfo
~ pkg/PLIST
> Update to gxemul-0.4.6. Quoting author:
> The two most important new "features" are:
> 1. NetBSD/pmppc works (with root on nfs only, no SCSI).
> 2. When running ARM guest OSes (NetBSD/cats, OpenBSD/cats,
> NetBSD/netwinder, or NetBSD/evbarm), the emulator will not use up 100%
> of the host's CPU if the guest OS idles. (grange@)
== mail ============================================================== 03/06 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/mail
mutt
~ stable/Makefile ~ stable/distinfo
~ stable/patches/patch-Makefile_in ~ stable/patches/patch-muttlib_c
TAGGED OPENBSD_4_1
> MFC:
> Security update to 1.4.2.3.
> Fixes an APOP authentication vulnerability (CVE-2007-1558). (sturm@)
~ stable/Makefile ~ stable/distinfo
~ stable/patches/patch-Makefile_in ~ stable/patches/patch-muttlib_c
TAGGED OPENBSD_4_0
> MFC:
> Security update to 1.4.2.3.
> Fixes an APOP authentication vulnerability (CVE-2007-1558). (sturm@)
== net =============================================================== 04/06 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/net
maradns
~ Makefile ~ distinfo
~ patches/patch-build_install_locations
~ patches/patch-build_install_sh ~ patches/patch-configure
+ patches/patch-server_MaraDNS_c
TAGGED OPENBSD_4_1
> MFC:
> update maradns to 1.2.12.06. This version addresses Multiple Remote Denial
> of
> Service Vulnerabilities which affects version 1.2.12.04.
> Reference:
> http://secunia.com/advisories/25406/
> -----
> MFC:
> roll in a distribution patch which fixes:
> CVE-2007-3116 Memory leak allows remote attackers to cause a denial of
> service
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3116 (sturm@)
~ Makefile ~ distinfo
~ patches/patch-build_install_locations
~ patches/patch-build_install_sh ~ patches/patch-configure
~ pkg/PLIST + patches/patch-server_MaraDNS_c
TAGGED OPENBSD_4_0
> MFC:
> update maradns to 1.2.12.06. This version addresses Multiple Remote Denial
> of
> Service Vulnerabilities which affects version 1.2.12.04.
> Reference:
> http://secunia.com/advisories/25406/
> -------
> MFC:
> roll in a distribution patch which fixes:
> CVE-2007-3116 Memory leak allows remote attackers to cause a denial of
> service
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3116 (sturm@)
== www =============================================================== 05/06 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/www
firefox-i18n
~ Makefile ~ distinfo
TAGGED OPENBSD_4_1
> MFC:
> update to 2.0.0.4 (sturm@)
lighttpd
~ Makefile ~ pkg/DESCR
> - remove description of non-existent flavor (from MAINTAINER)
> - bump PKGNAME (jasper@)
moinmoin
~ Makefile ~ distinfo
~ pkg/PLIST
TAGGED OPENBSD_4_1
> MFC:
> update moinmoin to 1.5.8. This version addresses the following security
> flaw
> which affects version 1.5.7
> CVE-2007-2423 Cross-site scripting (XSS) vulnerability
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2423 (sturm@)
~ Makefile ~ distinfo
~ pkg/PLIST
TAGGED OPENBSD_4_0
> MFC:
> update moinmoin to 1.5.8. This version addresses the following security
> flaw
> which affects version 1.5.7
> CVE-2007-2423 Cross-site scripting (XSS) vulnerability
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2423 (sturm@)
mozilla-firefox
- patches/patch-modules_plugin_base_public_nptypes_h
- patches/patch-xpcom_reflect_xptcall_src_md_unix_xptc_platforms_unixish_x86_h
~ Makefile ~ distinfo
~ patches/patch-configure_in ~ pkg/DESCR-main
~ pkg/MESSAGE-main ~ pkg/PLIST-devel
TAGGED OPENBSD_4_1
> MFC:
> security update to mozilla-firefox-2.0.0.4
> http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
> 2.0.0.4
> - use the combination of find(1) and install(1) to install the
> {DATA,DIST}FILES, as suggested by kurt@;
> - remove the two patches that are already upstream;
> - fmt; (sturm@)
php5
~ Makefile.inc ~ core/Makefile
~ extensions/Makefile
~ extensions/patches/patch-ext_gd_config_m4
~ extensions/patches/patch-ext_gd_gdttf_c
~ extensions/patches/patch-ext_gd_libgd_gdkanji_c
~ extensions/patches/patch-ext_xmlrpc_libxmlrpc_encodings_c
~ patches/patch-aclocal_m4 ~ patches/patch-configure_in
~ patches/patch-ext_bcmath_libbcmath_src_output_c
~ patches/patch-ext_bcmath_libbcmath_src_rt_c
~ patches/patch-ext_calendar_calendar_c
~ patches/patch-ext_iconv_iconv_c ~ patches/patch-main_php_h
~ patches/patch-main_php_open_temporary_file_c
~ patches/patch-php_ini-dist ~ patches/patch-php_ini-recommended
+ extensions/patches/patch-ext_imap_php_imap_c
+ extensions/patches/patch-ext_mbstring_mb_gpc_c
+ extensions/patches/patch-ext_mbstring_mbstring_c
+ extensions/patches/patch-ext_odbc_php_odbc_c
+ extensions/patches/patch-ext_soap_php_http_c
+ extensions/patches/patch-ext_sqlite_sess_sqlite_c
+ extensions/patches/patch-ext_sqlite_sqlite_c
+ patches/patch-Zend_zend_hash_c + patches/patch-ext_ftp_ftp_c
+ patches/patch-ext_interbase_ibase_service_c
+ patches/patch-ext_session_session_c
+ patches/patch-ext_standard_formatted_print_c
+ patches/patch-ext_standard_mail_c
+ patches/patch-ext_standard_streamsfuncs_c
+ patches/patch-ext_standard_string_c
+ patches/patch-ext_standard_user_filters_c
+ patches/patch-ext_wddx_wddx_c + patches/patch-main_SAPI_c
+ patches/patch-main_php_variables_c + patches/patch-main_streams_filter_c
+ patches/patch-main_streams_streams_c
+ patches/patch-main_streams_transports_c
TAGGED OPENBSD_4_1
> assorted security patches, from debian (sturm@)
~ Makefile.inc ~ core/Makefile
~ extensions/Makefile
~ extensions/patches/patch-ext_gd_config_m4
~ extensions/patches/patch-ext_gd_gdttf_c
~ extensions/patches/patch-ext_gd_libgd_gdkanji_c
~ extensions/patches/patch-ext_xmlrpc_libxmlrpc_encodings_c
~ patches/patch-aclocal_m4 ~ patches/patch-configure_in
~ patches/patch-ext_bcmath_libbcmath_src_output_c
~ patches/patch-ext_bcmath_libbcmath_src_rt_c
~ patches/patch-ext_calendar_calendar_c
~ patches/patch-ext_iconv_iconv_c ~ patches/patch-main_php_h
~ patches/patch-main_php_open_temporary_file_c
~ patches/patch-php_ini-dist ~ patches/patch-php_ini-recommended
+ extensions/patches/patch-ext_imap_php_imap_c
+ extensions/patches/patch-ext_mbstring_mb_gpc_c
+ extensions/patches/patch-ext_mbstring_mbstring_c
+ extensions/patches/patch-ext_odbc_php_odbc_c
+ extensions/patches/patch-ext_soap_php_http_c
+ extensions/patches/patch-ext_sqlite_sess_sqlite_c
+ extensions/patches/patch-ext_sqlite_sqlite_c
+ patches/patch-Zend_zend_hash_c + patches/patch-ext_ftp_ftp_c
+ patches/patch-ext_interbase_ibase_service_c
+ patches/patch-ext_session_session_c
+ patches/patch-ext_standard_formatted_print_c
+ patches/patch-ext_standard_mail_c
+ patches/patch-ext_standard_streamsfuncs_c
+ patches/patch-ext_standard_string_c
+ patches/patch-ext_standard_user_filters_c
+ patches/patch-ext_wddx_wddx_c + patches/patch-main_SAPI_c
+ patches/patch-main_php_variables_c + patches/patch-main_streams_filter_c
+ patches/patch-main_streams_streams_c
+ patches/patch-main_streams_transports_c
TAGGED OPENBSD_4_0
> assorted security patches, from debian (sturm@)
~ extensions/Makefile
TAGGED OPENBSD_4_0
> typo (sturm@)
~ extensions/Makefile
TAGGED OPENBSD_4_1
> typo (sturm@)
phpmyadmin
~ Makefile
> restore PKGNAME
> we need a whitelist of people actually able to approve commits... (sturm@)
~ Makefile ~ distinfo
~ pkg/PLIST
TAGGED OPENBSD_4_1
> MFC:
> update phpMyAdmin to 2.10.1. This version addresses the following security
> flaw
> which affects versions before 2.10.1.
> CVE-2007-2245 Multiple cross-site scripting (XSS) vulnerabilities
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2245 (sturm@)
~ Makefile ~ distinfo
~ pkg/PLIST
TAGGED OPENBSD_4_0
> MFC:
> update phpMyAdmin to 2.10.1. This version addresses the following security
> flaw
> which affects versions before 2.10.1.
> CVE-2007-2245 Multiple cross-site scripting (XSS) vulnerabilities
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2245 (sturm@)
== x11 =============================================================== 06/06 ==
http://www.openbsd.org/cgi-bin/cvsweb/ports/x11
gnome
+ file-roller/Makefile + file-roller/distinfo
+ file-roller/pkg/DESCR + file-roller/pkg/PLIST
+ file-roller/pkg/PFRAG.shared
> New import:
> import file-roller-2.18.3
~ Makefile
> add file-roller (jasper@)
mplayer
~ Makefile + patches/patch-libmpdemux_cddb_c
TAGGED OPENBSD_4_1
> MFC:
> fix a buffer overflow in mplayer's CDDB parsing code;
> http://secunia.com/advisories/24302/ (sturm@)
~ Makefile + patches/patch-libmpdemux_cddb_c
TAGGED OPENBSD_4_0
> MFC:
> fix a buffer overflow in mplayer's CDDB parsing code;
> http://secunia.com/advisories/24302/ (sturm@)
wmii
~ Makefile
> bump pkgname after removing maintainer. (steven@)
===============================================================================
More information about the odc
mailing list