Commit graph

130965 commits

Author SHA1 Message Date
Thierry Thomas
777026ca2d Unbreak with gcc 3.4.
Approved by:	portmgr (marcus)
2005-08-17 05:22:58 +00:00
Jun Kuriyama
85a0587ce8 Upgrade to 1.0.0.009 (including security fixes).
Approved by:	portmgr (marcus)
2005-08-17 02:10:28 +00:00
Vsevolod Stakhov
0ff7b1cb89 Unbreak building.
Approved by:	portmgr (marcus)
2005-08-16 23:24:57 +00:00
Jimmy Olgeni
de11ea564d Unbreak: the checksums actually match the files on MASTER_SITES.
Approved by:	portmgr (marcus)
2005-08-16 22:30:49 +00:00
Simon L. B. Nielsen
b301e67e49 gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it
as such.

Approved by:	portmgr (blanket, VuXML)
2005-08-16 21:19:30 +00:00
Simon L. B. Nielsen
d9945c5d31 Mark FORBIDDEN, due to remote code execution vulnerability.
Security:	http://vuxml.FreeBSD.org/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html
Approved by:	portmgr (blanket, secteam)
2005-08-16 20:59:25 +00:00
Simon L. B. Nielsen
75172d796f Add eGroupWare to the list of packages affected by "pear-XML_RPC --
remote PHP code injection vulnerability".

Approved by:	portmgr (blanket, VuXML)
2005-08-16 20:56:54 +00:00
Simon Barner
f2db0bcd95 - Fix build with new gcc version (patch-tvchannels.c)
- Remove s/gawk/awk/ patches and introduce build time dependecy to gawk
  because one of the scripts uses `strftime' which is not available in
  our base systems awk.

Approved by:	portmgr (clement)
2005-08-16 20:49:59 +00:00
Vsevolod Stakhov
668ac75430 Fix security issue noted in http://drupal.org/files/sa-2005-004/advisory.txt.
Update to 4.6.3.

Approved by:	portmgr (krion), maintainer timeout (security issue)
2005-08-16 20:46:17 +00:00
Simon L. B. Nielsen
59a6826b92 Document acroread -- plug-in buffer overflow vulnerability.
Approved by:	portmgr (blanket, VuXML)
2005-08-16 18:43:41 +00:00
Remko Lodder
ec9063b927 Add a note about VIM's modeline support. This will instruct users
that do not need the modeline support to disable it, since it contained
remote vulnerabilities.

Reviewed by:		simon
Approved by:		portsmgr (blanket, secteam), obrien (maintainer)
2005-08-16 16:48:41 +00:00
Pav Lucistnik
a02d5df600 - Bump PORTREVISION for recent ownership changes
Approved by:	portmgr (kris)
2005-08-16 16:31:13 +00:00
Mikhail Teterin
e00e74fa11 Add another patch, to fix tests, which fail if the timezone is set to
UTC. Thanks to Boris Samorodov for assistance in debugging this.

Detected by:	pointyhat
Approved by:	portmgr	(krion)
2005-08-16 12:52:28 +00:00
Kirill Ponomarev
9d098b71ed Fix dependencies and build.
Approved by:	portmgr (implicit)
2005-08-16 09:14:43 +00:00
Thierry Thomas
744054b928 Fix handling of incomplete valid multibyte character sequences.
Bump PORTREVISION.

PR:		ports/84938
Submitted by:	Li-Lun Wang <llwang (at) infor.org>
Approved by:	portmgr (linimon)
2005-08-15 21:27:24 +00:00
Simon L. B. Nielsen
3350c80ee0 Mark FORBIDDEN, due to remote code execution vulnerability in embedded
pear-XML_RPC.

Security:	http://vuxml.FreeBSD.org/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html
Approved by:	portmgr (blanket, secteam)
2005-08-15 20:44:54 +00:00
Simon L. B. Nielsen
2836760398 Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.

Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).

Approved by:	portmgr (blanket, VuXML)
2005-08-15 20:38:54 +00:00
Thierry Thomas
1843e3c18f Update to 20050808 and make fetchable again.
Approved by:	portmgr (marcus)
2005-08-15 19:09:06 +00:00
Pav Lucistnik
01331ecadd - Fix plist
Requested by:	krion
Approved by:	portmgr (krion)
2005-08-15 18:46:36 +00:00
Kirill Ponomarev
4325ea7c93 Make fetchable again.
Approved by:	portmgr (implicit)
2005-08-15 18:46:34 +00:00
Michael Nottebrock
0b27f9b516 Patch insecure tempfile handling issue in langen2kvtmlx (kvoctrain).
Security: CAN-2005-2101
Security: http://www.kde.org/info/security/advisory-20050815-1.txt
Security: langen2kvtml uses known filenames in /tmp which allow a
          local attacker to overwrite files writeable by the
          user (manually) invoking the conversion script.

Approved by: portmgr (marcus)
2005-08-15 18:02:35 +00:00
Pav Lucistnik
15456511f9 - Update to 1.4.0 to fix serious security bug
Approved by:	portmgr (krion)
2005-08-15 13:43:45 +00:00
Simon L. B. Nielsen
c5f9c5c989 Mark FORBIDDEN, due to remote code execution vulnerability.
Security:	http://vuxml.FreeBSD.org/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html
Approved by:	portmgr (blanket, secteam)
2005-08-15 13:27:53 +00:00
Simon L. B. Nielsen
a098192895 Document pear-XML_RPC -- remote PHP code injection vulnerability.
Submitted by:	hrs
Approved by:	portmgr (blanket, VuXML)
2005-08-15 13:20:30 +00:00
Pav Lucistnik
36a45cc8c3 - Fix tests on 6.0/i386
PR:		ports/84760
Submitted by:	Marcus Grando <marcus@corp.grupos.com.br>
Approved by:	Matthias Andree <matthias.andree@gmx.de> (maintainer)
Approved by:	portmgr (clement)
2005-08-15 11:46:22 +00:00
Simon L. B. Nielsen
3d831a37be Mark FORBIDDEN and set one month expiration, due to remote code
execution vulnerability.

Security:	http://vuxml.FreeBSD.org/e86fbb5f-0d04-11da-bc08-0001020eed82.html
With hat:	secteam
Approved by:	portmgr (blanket, secteam)
2005-08-14 21:18:21 +00:00
Simon L. B. Nielsen
782374f5c4 Document awstats -- arbitrary code execution vulnerability.
Approved by:	portmgr (blanket, VuXML)
2005-08-14 21:09:10 +00:00
Max Khon
de04276318 - Add dependency on unixODBC (and WITHOUT_ODBC knob).
- Unify WITH_FOO knobs.
- Bump PORTREVISION.

Approved by:	portmgr, MAINTAINER
2005-08-14 18:44:06 +00:00
Max Khon
77414578df - Fix build on RELENG_4.
- Fix dependencies on wxgtk (include lib versions, otherwise
wxgtk2 2.6.x libarries could match)
- Bump PORTREVISION.

Approved by:	portmgr
2005-08-14 13:43:22 +00:00
Max Khon
c53080de9c Fix pkg-plist (this file did not get into previous commit)
Approved by:	portmgr
2005-08-14 13:42:01 +00:00
Max Khon
26186d5918 - Require native JDK.
- Do not hardcode jdk path (use ${JAVA_HOME})

Approved by:	portmgr, maintainer timeout
2005-08-14 13:30:15 +00:00
Pav Lucistnik
9357ce672a - Fix file ownership in packages
Reported by:	krionmail
Approved by:	portmgr (krion)
2005-08-13 12:49:12 +00:00
Maho Nakata
df1f3aaff6 1. if we set CPUTYPE in /etc/make.conf, OOo build fails [1].
2. openoffice-1.1 crashes for second invocation; some file is missing.
this is exactly same as #i22253#, and fortunately OOo worked for some
older version I don't remember.

PR:	84787 [2]
Submitted by: Jack L.[1], achix mantzix <achix@smadev.internal.net> [2]
              and Jens Ressack <rehsack@liwing.de> [2]
Approved by:  portmgr(clement)
2005-08-13 11:32:35 +00:00
Vsevolod Stakhov
415ee51bc7 Fix distfile fetching.
Fix building of lang/erlang as dependency of net/ejabberd.
Take maintainership (requested by former maintainer).

Approved by:	portmgr (clement), gonzo@univ.kiev.ua (former maintainer)
2005-08-13 09:22:24 +00:00
Joe Marcus Clarke
397439cc5b Fix a security problem described at
http://vuxml.FreeBSD.org/24eee285-09c7-11da-bc08-0001020eed82.html.

Reported by:	simon
Obtained from:	graphics/xpdf
Approved by:	portmgr (implicit)
Security:	Fixes xpdf vulnerability
2005-08-13 08:22:51 +00:00
Joe Marcus Clarke
1c87b740d9 Fix the xpdf security issue described at
http://vuxml.FreeBSD.org/24eee285-09c7-11da-bc08-0001020eed82.html.

Reported by:	simon
Obtained from:	graphics/xpdf
Approved by:	portmgr (implicit)
2005-08-13 08:14:55 +00:00
Markus Brueffer
ea7ef2e225 Remove akregator as it is outdated and BROKEN and was integrated into
deskutils/kdepim3 some time ago anyway.

Discussed with:	lofi
Approved by:	portmgr (linimon)
2005-08-13 07:38:18 +00:00
Markus Brueffer
764ab73aef Add patch in order to fix the build on ia64, alpha and sparc64
Submitted by:	pointyhat via kris
Approved by:	portmgr (linimon)
2005-08-12 18:55:09 +00:00
Markus Brueffer
6a8e1b51b3 Replace unreliable mastersite with the sourceforge mirrors as they now carry
the right distfile.

Submitted by:	pointyhat via kris
Approved by:	portmgr (linimon)
2005-08-12 18:41:17 +00:00
Dirk Meyer
e8701c154a - Security Fix:
Secururiy: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757
Reported by: Christian Weisgerber
Approved by:	portmgr (erwin)
2005-08-12 17:11:12 +00:00
Simon L. B. Nielsen
c1bc774e4b After further examination it turns out that gnugadu does not include
libgadu, at least not any in any current version, and from looking at
the gnugadu code there is no direct indication that this code should
actually be vulnerable to the other libgadu vulnerabilities. [1]

The gaim part of libgadu -- multiple vulnerabilities was fixed in
1.4.0_1. [2]

Polish translation clue:	pjd [1]
General clue by:		markus [2]
Not enough checking:		simon
Approved by:			portmgr (blanket, VuXML)
2005-08-12 16:38:54 +00:00
Marius Strobl
8105b98597 - Update to 1.2.0. [1]
<snip>
  Cdrdao changes:
   o  SECURITY FIX: cdrdao now gives up its root privileges after setting
      up real-time scheduling, as well as before saving settings through
      the --save option. This fixes a potential local root exploit when
      cdrdao is installed with the +s chmod flag. Using --save now also
      forces an early exit after the settings are saved.
   o  Added MP3 and Ogg Vorbis file support (through respectively the
      libmad and libvorbis libraries). cdrdao will decode the MP3 and
      Ogg files into temporary WAV files that will be deleted upon exit
      (unless the new option --keep is used). The directory used to
      store those temporary WAV files can be specified with the --tmpdir
      option (default is /tmp).
   o  Improved native CUE file support: replaced old incomplete existing
      parser with the one from Matthias Czapla's excellent
      cue2toc. Added support for cutting binary files.
   o  Added --rspeed option to manually set the device reading speed. Be
      warned not all devices support this.
   o  Packaged scsilib library upgraded from cdrtools 2.01 (previously
      was from 2.01a31).
   o  Added --no-mode2-mixed option. Don't read a MODE2 disk as
      MODE2_FORM_MIXED, only read MODE2_FORM1 or MODE2_FORM2 (Matthieu
      Castet).
   o  Added help for little-known drive-info command.

   GCDMaster changes:
   o  MP3 and Ogg Vorbis support: you can drag and drop .mp3, .m3u and
      .ogg files from Nautilus into the sample display window.
   o  Switched to gtkmm24 API. Improved file browsers.
   o  CUE files support.
   o  Sound output now uses libao library.
   o  Added 'Select All' item in menu.
   o  Added 'Eject' button to progress dialog.
   o  Bug fixes (sample selection weirdness, couldn't close window during
      play, problems with gcdmaster command-line argument, crashes with
      multiple project windows, drive status not reported correctly).
  <snip>

  Note that the FreeBSD ports doesn't install cdrdao setuid root so you are
  not vulnerable by default.
- Fix building on FreeBSD 7.
- Turn on the usage of mlockall(2) again as it no longer causes negative side
  effects on FreeBSD >= 502113.

Requested by:	will [1]
Approved by:	portmgr (linimon)
Security:	http://vuxml.freebsd.org/d51a7e6e-c546-11d9-9aed-000e0c2e438a.html
2005-08-12 16:20:44 +00:00
Simon L. B. Nielsen
41071473f7 Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple
vulnerabilities, since it turns out that they use libgadu from the ekg
port.

Approved by:	portmgr (blanket, VuXML)
2005-08-12 14:45:57 +00:00
Simon L. B. Nielsen
57454f0e97 Document libgadu -- multiple vulnerabilities.
Approved by:	portmgr (blanket, VuXML)
2005-08-12 14:21:10 +00:00
Simon L. B. Nielsen
da8382985a Document gaim -- AIM/ICQ away message buffer overflow and gaim --
AIM/ICQ non-UTF-8 filename crash.

Approved by:	portmgr (blanket, VuXML)
2005-08-12 11:26:44 +00:00
Simon L. B. Nielsen
7cc5d12599 Remove pdftohtml from the list of packages affected by xpdf -- disk
fill DoS vulnerability, since it includes xpdf 2, which should not be
affected.

Approved by:	portmgr (blanket, VuXML)
2005-08-12 10:42:13 +00:00
Vsevolod Stakhov
b1f9c23273 Fix distfile fetching.
PR:		84810
Submitted by:	maintainer
Approved by:	portmgr (krion)
2005-08-12 08:24:11 +00:00
Pav Lucistnik
83577cd064 - Overhaul the port, unbreak, undeprecate
- Drop maintainership (see ports/84011)

Approved by:	portmgr (erwin)
2005-08-12 08:19:46 +00:00
Jean-Yves Lefort
61538b6916 Fix the packing list when WITHOUT_GMAIL is defined.
Reported by:	pav
Approved by:	portmgr (marcus)
2005-08-11 23:10:14 +00:00
Simon L. B. Nielsen
2a2ea79881 Document xpdf -- disk fill DoS vulnerability.
Approved by:	portmgr (blanket, VuXML)
2005-08-11 22:18:53 +00:00