Erik Sjolund discovered several issues in enscript: it suffers from
several buffer overflows (CAN-2004-1186), quotes and shell escape
characters are insufficiently sanitized in filenames (CAN-2004-1185),
and it supported taking input from an arbitrary command pipe, with
unwanted side effects (CAN-2004-1184).
Obtained from: Gentoo
applications where speed is critical and certain advanced features aren't
necessary. It's intended to be as simple as possible to use.
PR: ports/75704
Submitted by: Mooneer Salem <mooneer(at)translator.cx>
if (and only if) there is a password set on the Palm. The Palm claims
that the desktop software is too old and should be upgraded. The patch
below (essentially stolen from ColdSync 3.0) makes ColdSync claim that
it supports DLP 1.3.
Fix .info-handling while here
PR: ports/69212
Submitted by: Helge Oldach
Approved by: maintainer timeout
www/apache13.
This problem is occuring because of a recent change to www/apache2's
Makefile.modules.3rd file (revision 1.18). This change made the
APACHE_PORT variable overrideable even when WITH_APACHE2 is defined.
Previously, it set the variable with APACHE_PORT=www/apache2.
The APACHE_PORT variable gets defined in <bsd.port.mk> to www/apache13
if it wasn't previously defined.
The affected ports include <bsd.port.pre.mk> before "Makefile.modules.3rd".
Submitted by: Scot Hetzel
I blindly committed a change from my dev tree. Since USE_APACHE design
is flacky, it had a very annoying impact.
PR: ports/77391 [1]
Also reported by: pointyhat via kris,
Scot Hetzel <swhetzel@gmail.com> [1]
Pointy hat to: clement
http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
replacing strcat() with strncat(). Please note that I wasn't able to
reproduce the exploit described at
http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
Feedback from someone who can reproduce the exploit with an unpatched unrtf
would be appreciated
- Bump PORTREVISION
- Remove old master site that doesn't seem to have the distfile any more
VuXML: f2d5e56e-67eb-11d9-a9e7-0001020eed82
PR: ports/76852
Submitted by: Stefan Walter <sw(at)gegenunendlich.de>
The PostgreSQL JDBC project has been decoupled from the server
distribution, and is now hosted at http://jdbc.postgresql.org/.
Approved by: ade (mentor)
