kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
135992 commits 42 branches 80 tags 2.7 GiB
Commit graph

842 commits

Author SHA1 Message Date
Pav Lucistnik
70198d1581 - Fix potential endless loop when a port changes his name depending on option 
- Fix plist

PR:		ports/72074
Submitted by:	Michael C. Shultz <ringworm@inbox.lv> (maintainer)
 2004-10-11 23:27:23 +00:00
Kris Kennaway
1acc6df893 BROKEN on 5.x: Does not compile 
Approved by:    portmgr (self)
 2004-09-26 02:08:38 +00:00
Kris Kennaway
3462fa1f72 BROKEN on 5.x: Does not compile 
Approved by:    portmgr (self)
 2004-09-17 23:02:58 +00:00
Christian Brueffer
488bd7efe4 Typo-fix in a comment 
Approved by:	portmgr (krion)
 2004-09-09 13:15:25 +00:00
Oliver Eikemeier
c821b0e337 - star-devel: privilege escalation 
- multi-gnome-terminal: information leak
- usermin: remote shell command injection and insecure installation
- mpg123: layer 2 decoder buffer overflow

Approved by:	portmgr (implicit)
 2004-09-08 21:57:10 +00:00
Oliver Eikemeier
1ea7e0e900 - XSS vulnerability in phpGroupWare wiki module 
- add some references

Approved by:	portmgr (implicit)
 2004-09-07 10:44:11 +00:00
Oliver Eikemeier
a093965a26 multiple vulnerabilities in LHA 2004-09-03 22:30:35 +00:00
Oliver Eikemeier
903db11a21 grrrr... left the test case intact 2004-09-03 21:36:18 +00:00
Oliver Eikemeier
e8a6142888 - update to version 0.5.9 
(first attempts to check the base system for vulnerabilities)
 2004-09-03 20:30:54 +00:00
Oliver Eikemeier
3648da397a - add some references 
- extend ImageMagick entry
- squid ntlm authentication helper DoS
- multiple vpopmail vulnerabilities
- first attempts to check the base system for vulnerabilities:
  + cvs server code
  + zlib DoS
- BSD license portaudit.xml
 2004-09-03 20:27:26 +00:00
Joe Marcus Clarke
cf8b7fbebf Update to 2.6.7 
* Switch the direct use of ``echo'' check to suggest ${ECHO_CMD} or
  ${ECHO_MSG} instead of ${ECHO} [1]
* Tighten the check for improper GConf schema handling so that we only look
  in the GConf schemas directory [2]
* Correct some grammar mistakes [3]
* Avoid erroneous "direct use of command" warnings [4]

PR:		71159 [4]
Submitted by:	gerald [1]
		pav [3]
		eik [4]
Reported by:	pav [2]
 2004-09-01 04:13:32 +00:00
Adam Weinberger
b53f2958fe The recently comitted BPM port fails to handle the new INDEX file 
format, which has had several fields added to it.  In addition, it
reacts badly when parse errors occur on the INDEX file, resulting in
double free()s.  The patch works around both of these problems
until the next formal release.

PR:		ports/71213
Submitted by:	maintainer
 2004-09-01 01:40:34 +00:00
Mark Linimon
76161f4953 Minor bug fix and pkg-plist correction. 
PR:		ports/71138
Submitted by:	Michael C. Shultz <ringworm at inbox dot lv> (maintainer)
 2004-08-31 05:28:33 +00:00
Oliver Eikemeier
bf0beda828 samba printer change notification request DoS 2004-08-30 23:43:44 +00:00
Oliver Eikemeier
41570a3aad add some references, add ru-gaim 2004-08-30 10:58:47 +00:00
Oliver Eikemeier
5f3eb07822 multiple vulnerabilities in gaim 2004-08-30 10:57:42 +00:00
Oliver Eikemeier
14664616fe security bug in rscsi client code 
Submitted by:	marius
 2004-08-30 10:07:22 +00:00
Mark Linimon
3468faaa0b Fix RUN_DEPENDS. 
PR:		ports/70107
Submitted by:	Yen-Ming Lee <leeym at utopia dot leeym dot com>
Approved by:	maintainer timeout (3 weeks)
 2004-08-29 01:27:05 +00:00
Jacques Vidrine
8961228139 Document NSS SSLv2 server buffer overflow (already referenced in 
portaudit.txt).
 2004-08-27 15:29:58 +00:00
Jacques Vidrine
b95b3a3535 Document ripMIME decoding bug (already referenced in portaudit.txt). 2004-08-27 14:43:07 +00:00
Oliver Eikemeier
4262ad369c Argh. Duplicate entry for "Scorched 3D server chat box format string vulnerabilty" 2004-08-27 10:34:05 +00:00
Oliver Eikemeier
e601056789 Mozilla / NSS S/MIME DoS vulnerability & Scorched 3D server chat box format string vulnerability 2004-08-27 10:31:21 +00:00
Jacques Vidrine
975dd4bd17 Note sanitize_path bug in rsync (already referenced in portaudit.txt). 2004-08-26 22:10:50 +00:00
Jacques Vidrine
c57e57ac31 Document buffer overflows in SoX (already referenced in portaudit.txt). 2004-08-26 20:34:41 +00:00
Jacques Vidrine
80e7374bc1 Document cookie bug in Konqueror (already referenced in portaudit.txt). 2004-08-26 20:15:22 +00:00
Jacques Vidrine
e139e5a754 Remove libxine issue which is now documented in the FreeBSD VuXML 
document.

Reminded by:	eik
 2004-08-25 13:58:01 +00:00
Oliver Eikemeier
26458d785a nss library SSL remote buffer overflow 2004-08-25 13:10:29 +00:00
Oliver Eikemeier
bea9f10345 multiple buffer overflows in xv 2004-08-25 11:07:08 +00:00
Dag-Erling Smørgrav
59ec3b081b Watch out for undefined values when resolving port origins. This makes 
-I / -s work properly when some of the installed ports have since been
deleted from the ports tree.

Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
 2004-08-25 09:45:22 +00:00
Adam Weinberger
36223833b7 Fix path to INDEX file on 5.x. 
Submitted by:	nork
 2004-08-24 19:21:12 +00:00
Adam Weinberger
7e42812033 Fix build on current in some situations. 
Submitted by:	krion
 2004-08-24 14:18:53 +00:00
Adam Weinberger
44b3983a8b I am pleased to announce a new GTK+-2 interface to our ports tree! 
BSD Ports Manipuator (BPM) is a graphical ports collection manager for
FreeBSD.  It has a GTK+ 2.0 interface and allows you to add, remove, or
upgrade software packages on your system without requiring you to use a
command-line. In addition, it can display details about available,
installed, and out-of-date ports, as well as allowing you to search
based on port descriptions.

BPM uses the existing ports collection structure, allowing it to build
ports from source and integrate seamlessly with other tools.

This project started out as a clone of Ports Manager.app for
DarwinPorts.

WWW: http://www.meowfishies.com/bpm.rhtml

Submitted by:	sethk@meowfishies.com
 2004-08-24 04:21:59 +00:00
Oliver Eikemeier
13a24db696 Konqueror cross-domain cookie injection 2004-08-23 23:28:36 +00:00
Oliver Eikemeier
a744df8d30 handle some duplicates 2004-08-23 23:12:02 +00:00
Oliver Eikemeier
b88b1935d9 fix "too many open files" error when using the -r flag 
Noted by:	nectar
 2004-08-23 17:39:12 +00:00
Oliver Eikemeier
da80a04ac6 a2ps: Possible execution of shell commands as local user. 2004-08-21 10:45:26 +00:00
Sergey Matveychuk
8965349d14 Update to 0.2.0 
PR:		ports/70701
Submitted by:	maintainer
Patches from:	Gudin Franci
 2004-08-20 16:58:57 +00:00
Oliver Eikemeier
61e848dda0 correct topic of eda0ade6-f281-11d8-81b0-000347a4fa7d 2004-08-20 08:31:09 +00:00
Oliver Eikemeier
e510a55afd QT 3.x BMP (and possibly other graphics formats) heap-based overflow 2004-08-20 08:28:33 +00:00
Oliver Eikemeier
aeb091ef05 potential security flaws in mod_ssl 2004-08-18 20:01:44 +00:00
Oliver Eikemeier
21e5e83c57 move a800386e-ef7e-11d8-81b0-000347a4fa7d to xml 2004-08-17 07:56:37 +00:00
Oliver Eikemeier
539307be33 ruby CGI::Session insecure file creation 2004-08-16 12:23:39 +00:00
Oliver Eikemeier
01977fcaea Don't check the base system when PACKAGE_BUILDING 2004-08-16 02:24:06 +00:00
Oliver Eikemeier
ba24268c8f multiple phpGroupWare vulnerabilities 2004-08-15 23:44:59 +00:00
Oliver Eikemeier
137b94aa13 phpGedView, jftpgw 2004-08-15 17:22:09 +00:00
Oliver Eikemeier
153f0ae562 Remove -a from the default fetch(1) flags, so that the daily security 
report is not delayed when the distribution site is down.

Submitted by:	kuriyama
 2004-08-15 12:26:16 +00:00
Oliver Eikemeier
48af6951c8 apply xlist not to the own files 2004-08-13 17:51:46 +00:00
Oliver Eikemeier
40f8b91153 fix man page nits, 
modify the vulnerability report depending on -q/-v (experimental)

PR:		69935, 68942
Submitted by:	Chris Pepper <pepper@reppep.com>, Johan Karlsson <k@numeri.campus.luth.se>
 2004-08-13 17:07:05 +00:00
Oliver Eikemeier
9665fd1a09 update to 20040811: fix compilation with GCC 3.4 2004-08-13 17:01:01 +00:00
Oliver Eikemeier
ea84ffa8c6 fix some vuxml duplicates, add sympa unauthorized list creation 2004-08-13 16:48:12 +00:00
Michael Nottebrock
57447419e7 Add another entry for kdelibs3 due to another missed patch. 2004-08-12 21:32:15 +00:00
Michael Nottebrock
3f9cf344ae Correct entries for recent kde vuln's and add new entry for kdelibs 
(3.2.3_3 didn't have all patches).
 2004-08-12 21:17:31 +00:00
Oliver Eikemeier
a49bbe0700 fix security hole in non-chroot rsync daemon. 
<http://www.freebsd.org/ports/portaudit/2689f4cb-ec4c-11d8-9440-000347a4fa7d.html>
 2004-08-12 10:45:27 +00:00
Oliver Eikemeier
9fcf94529c 9fb5bb32-d6fa-11d8-b479-02e0185c0b53 is a duplicate of 40800696-c3b0-11d8-864c-02e0185c0b53 2004-08-12 00:08:05 +00:00
Oliver Eikemeier
ab808db926 f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of 6f955451-ba54-11d8-b88c-000d610a3b12, move references 2004-08-11 22:57:51 +00:00
Michael Nottebrock
461f3c5adb Factor out all but one of the build switches of the KDE main module ports 
into separate ports. The OPTIONS will remain as of yet and trigger dependencies
now, for easy transition.

Update KOffice to version 1.3.2.

Add patches to fix a number of issues, including:

- fix kxkb on Xorg
- fix kdemultimedia WITH_MPEGLIB (now mpeglib_artsplug) compilation on gcc 3.4.2
  with optimizations greater than -O

Add security related patches and entries to portaudit.txt.
 2004-08-11 01:27:37 +00:00
Oliver Eikemeier
0826a8f01d libine "vcd:" input source buffer overflow 2004-08-10 08:50:27 +00:00
Sergey Matveychuk
99854e3fcc Update to 0.1.9 
This version corrects bus faults introduced in ver 0.1.8.
Also corrects two pkg-plist errors.

PR:		ports/70239
Submitted by:	maintainer
 2004-08-10 05:34:34 +00:00
Oliver Eikemeier
9b87366d7a SpamAssassin DoS & cfengine authentication heap corruption 2004-08-10 00:56:37 +00:00
Sergey Matveychuk
9c2f4f169f Update to 0.1.8. 
Fully PREFIX compliant now.
Complete run on CURRENT.

PR:		ports/70190
Submitted by:	maintainer
 2004-08-09 08:23:07 +00:00
Thierry Thomas
577a6350ba Upgrade to 0.1.7. 
PR:		ports/70136
Submitted by:	maintainer.
 2004-08-08 15:03:20 +00:00
Thierry Thomas
5127aad1ed Version 0.5 release. 
- Bugfix: sometimes the ports version was wrong;
- A default cvs server can be set;
- Port revision is added to port version number.

PR:		70162
Submitted by:	maintainer.
 2004-08-08 14:15:54 +00:00
Oliver Eikemeier
97a39effba CVStrac arbitrary remote code execution 2004-08-07 09:09:26 +00:00
Sergei Kolobov
511d523c92 - Update to 0.63 (see NEWS for list of changes) 
- Make devel/newfile dependency optional under WITH_NEWFILE knob:
  "port create" command is only useful to some porttools users, not all
 2004-08-06 22:28:42 +00:00
Oliver Eikemeier
4192752964 fold entry 7eded4b8-e6fe-11d8-b12f-0a001f31891a into 2de14f7a-dad9-11d8-b59a-00061bc2ad93 2004-08-06 12:37:01 +00:00
Dirk Meyer
3e4de141f0 putty local command execution 2004-08-06 05:41:01 +00:00
Oliver Eikemeier
e9051fdc9c move abe47a5a-e23c-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of vulnerable ports 2004-08-05 23:35:33 +00:00
Norikatsu Shigemura
828d4f6cc8 o Security Update to 2.2.10-ja-1.0. 
o rcNG-ify obtained from net/samba3.

PR:		ports/70034
Submitted by:	NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer)
 2004-08-05 16:45:52 +00:00
Oliver Eikemeier
6e03db2897 add Opera "location" object write access vulnerability 2004-08-05 15:36:32 +00:00
Oliver Eikemeier
34ec825973 move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of vulnerable ports 2004-08-05 14:27:36 +00:00
Dirk Meyer
13fef83a69 back out last commit 2004-08-05 04:33:45 +00:00
Dirk Meyer
3e024e4469 putty local command execution 2004-08-05 04:31:41 +00:00
Oliver Eikemeier
44cc23b9f5 libPNG stack-based buffer overflow and other code concerns 2004-08-04 20:14:27 +00:00
Oliver Eikemeier
d2a2dca401 Acrobat Reader handling of malformed uuencoded pdf files 2004-08-04 11:43:15 +00:00
Oliver Eikemeier
c7b1c1500e Squid NTLM authentication helper overflow 2004-08-04 11:18:53 +00:00
Oliver Eikemeier
bbf3f18c40 ripMIME attachment extraction bypass 2004-08-04 11:10:43 +00:00
Joe Marcus Clarke
7dc9739e78 Update to a snapshot of CVS from today to fix the build with GCC 3.4. 
Reported by:	pointyhat
Obtained from:	FreeBSD CVS
 2004-08-02 20:41:15 +00:00
Oliver Eikemeier
85c0ee5920 GnuTLS certificate chain verification DoS 2004-08-02 17:54:10 +00:00
Sergey Matveychuk
3f5ee407b0 Add portmanager 0.1.3, freeBSD port management software. 2004-07-31 17:18:26 +00:00
Oliver Eikemeier
75d727f1ba phpMyAdmin configuration manipulation and code injection 2004-07-31 15:00:41 +00:00
Thierry Thomas
a7078ee1b7 Register a vulnerability in mail/imp3. 
This vulnerability only exists when using the Internet Explorer to
access IMP and only when using the inline MIME viewer for HTML messages.
 2004-07-30 17:28:06 +00:00
Oliver Eikemeier
28dfde096c Mozilla Firefox certificate spoofing 2004-07-30 15:28:22 +00:00
Oliver Eikemeier
249e0ee82b DansGuardian banned extension filter bypass vulnerability 2004-07-30 10:00:44 +00:00
Oliver Eikemeier
0ba870a58c add a reference to the SoX buffer overflow entry 2004-07-29 08:15:20 +00:00
Oliver Eikemeier
f6e55182ee SoX buffer overflows when handling .WAV files 2004-07-28 20:33:37 +00:00
Oliver Eikemeier
a62b98fbed LCDProc buffer overflow/format string vulnerabilities 2004-07-28 09:34:18 +00:00
Oliver Eikemeier
b050b96032 pavuk digest auth buffer overflow 2004-07-27 10:40:29 +00:00
Oliver Eikemeier
bf05dd3ccd add Nessus "adduser" race condition and Dropbear DSS verification bug 2004-07-27 10:30:43 +00:00
Oliver Eikemeier
5e008424e7 New option -r: restrict listed entries to selected references. 
Useful for testing new entries.
 2004-07-24 13:34:52 +00:00
Oliver Eikemeier
d003f0073d sync with latest b.p.m 2004-07-24 08:58:50 +00:00
Oliver Eikemeier
a3912db64c l2tpd BSS-based buffer overflow 2004-07-22 19:08:09 +00:00
Oliver Eikemeier
3026d705e1 phpBB cross site scripting vulnerabilities 2004-07-22 13:29:20 +00:00
Oliver Eikemeier
9d8e1dc1ce add subversion-perl, subversion-python 2004-07-20 15:48:58 +00:00
Oliver Eikemeier
aa0d0d585f subversion access control bypass 2004-07-20 10:30:55 +00:00
Oliver Eikemeier
219179b3ae mod_ssl format string vulnerability 2004-07-18 10:49:58 +00:00
Oliver Eikemeier
618d6d0383 create /var/db/options when it doesn't exist 2004-07-17 15:52:46 +00:00
Oliver Eikemeier
6ab61bf311 - synchronize with recent changes in bsd.port.mk 
- work in progress: optionsng, cleanroom installation
 2004-07-17 14:24:59 +00:00
Volker Stolz
9f09203bcf Add missing RUN_DEPENDS on devel/newfile 
PR:		ports/59956
Submitted by:	Nicola Vitale
Approved by:	maintainer timeout
 2004-07-16 16:23:17 +00:00
Oliver Eikemeier
8f4bafac8c Roundup directory traversal 2004-07-16 07:39:24 +00:00
Oliver Eikemeier
2cbfca83a7 wv library datetime field buffer overflow 2004-07-14 06:56:16 +00:00
Oliver Eikemeier
69227d213a multiple vulnerabilities in Bugzilla 2004-07-13 23:47:33 +00:00
Oliver Eikemeier
76de274928 check for a working tr(1). 2004-07-13 19:36:15 +00:00
Akinori MUSHA
463ee95f1c Add a patch to read the index file via sort(1) instead of reading 
directly to avoid core dump.
 2004-07-12 16:12:47 +00:00
Oliver Eikemeier
d09272bb2f correct vulnerable version of linux-png and add a reference 2004-07-11 12:09:03 +00:00
Oliver Eikemeier
53eb6314b5 libpng row buffer overflow 2004-07-11 11:18:58 +00:00
Oliver Eikemeier
070d49a73b typo in 'make master-sites-all' 2004-07-10 11:54:57 +00:00
Oliver Eikemeier
04ded1874e add some references 2004-07-09 14:51:16 +00:00
Oliver Eikemeier
4db3287849 FWIIW, enable the use of 
make DISABLE_SIZE=yes checkdistsites
to check for corrupted files on sites that don't support SIZE
(the files are unfetchable from these sites anyway)
 2004-07-08 23:30:04 +00:00
Oliver Eikemeier
5f1e2eed8c move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml 2004-07-08 14:24:07 +00:00
Oliver Eikemeier
512239b93f add targets master-sites-all, master-sites, patch-sites-all, patch-sites 
which print a sorted list of the respective sites (used e.g. by FreshPorts)
 2004-07-07 14:51:17 +00:00
Oliver Eikemeier
e41c0a0867 fix a warning when GeoIP can't find the country for a site 2004-07-07 14:48:44 +00:00
Oliver Eikemeier
ffacc93b14 eliminate some verbatim uses of mktemp and sort 
PR:		62298
 2004-07-07 09:55:56 +00:00
Akinori MUSHA
be40c29b61 Fix a bug with -P when there are more than one binary package file for 
a package to install or upgrade.

PR:		ports/68598
Submitted by:	Victor Prylipko <vic@liniya.ru>
Bug traced by:	Andrew Bliznak <andrew@ort.lviv.net>
 2004-07-06 19:32:53 +00:00
Oliver Eikemeier
83eeebbaf9 add some references 2004-07-06 14:52:44 +00:00
Oliver Eikemeier
193ffbdfe8 Add devel/portmk, a place where bsd.port.mk development can happen. 2004-07-06 12:41:03 +00:00
Oliver Eikemeier
2fd042326d MySQL versions < 4.1 seem to be unaffected 
Reported by:	Alexander Vasenin <blacksir@number.ru>
 2004-07-06 07:17:53 +00:00
Joe Marcus Clarke
2e3ec09d45 Update to today's pkg_install from HEAD. 2004-07-06 00:17:35 +00:00
Oliver Eikemeier
3c0632af2c add MySQL server authentication bypass / buffer overflow 2004-07-05 19:45:32 +00:00
Oliver Eikemeier
1a7801a6e9 Mark 4aec9d58-ce7b-11d8-858d-000d610a3b12 as a duplicate of the 
already existing c63936c1-caed-11d8-8898-000d6111a684.
 2004-07-05 15:30:35 +00:00
Dag-Erling Smørgrav
80b65796e7 Perform plist substitution for -L. 
Fix bug in origin determination.
 2004-07-05 11:48:35 +00:00
Tom Rhodes
5538ca7e08 Move phpnuke vulnerabilities to VuXML. 2004-07-03 06:48:34 +00:00
Kris Kennaway
b408925a50 Use full path to portsdb instead of assuming ${LOCALBASE}/sbin is in PATH 2004-07-02 08:13:07 +00:00
Akinori MUSHA
46edc73a84 Apply a patch to avoid "undefined method `each' for nil:NilClass" 
error when such configuration variable as MAKE_ARGS, typically
BEFORE_DEINSTALL is not defined.

Reported by:	krion, Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
 2004-07-02 04:23:19 +00:00
Oliver Eikemeier
172c204547 move "phpMyAdmin code injection" to vuxml 2004-07-02 00:48:55 +00:00
Oliver Eikemeier
580eeeff30 Test OSVERSION instead of pkg_info -P to enable cross-version builds 
Requested by:	kris
 2004-07-02 00:31:18 +00:00
Oliver Eikemeier
6de9071e46 phpMyAdmin code injection 2004-07-01 19:03:36 +00:00
Oliver Eikemeier
2e23771c68 - update to version 0.5 
*** NOTE ***

The preferences file format has changed, as have the periodic.conf(5) names.
Normally the default settings should be adequate, except when you need to
configure a proxy. Use $PREFIX/etc/portaudit.conf.sample as an example.

- moved portaudit to sbin
- clean up, merging stuff into the portaudit script
- better return codes and errors to stderr
- -f can check stdin now
- dropped ports tree auditing
- merged the periodic(8) scripts into one
- run daily auditing as `nobody'
 2004-07-01 10:59:48 +00:00
Akinori MUSHA
8f484b7d54 Update to 20040701. New distfile. 
portupgrade:
  - Make -PP/--use-packages-only work better, just as I originally
    intended.  Now packages are correctly identified using
    pkg_info(1), "LATEST_LINK" files are also properly detected.
    Related informational messages have also been improved.

    It turned out that the LATEST_LINK/NO_LATEST_LINK detection was
    broken long ago and hasn't been working for long.

pkg_fetch(1):
  - Properly rename a "latest link" file with a full package name with
    version part.

pkgtools.conf(5):
  - Improve and unify the method for pattern matching in MAKE_ARGS,
    BEFOREBUILD, BEFOREDEINSTALL and AFTERINSTALL variables.

    This should fix some cases where it looks like MAKE_ARGS entries
    are ignored.
 2004-07-01 04:05:16 +00:00
Oliver Eikemeier
9bf7f5a9d0 - SSLtelnet remote format string vulnerability 
(guys, this is a public list)

- add some references
 2004-06-30 23:39:00 +00:00
Oliver Eikemeier
ccceaf623b update to 20040629: sync with -CURRENT 2004-06-30 10:31:45 +00:00
Oliver Eikemeier
f83bfb08cc add MIT Kerberos 5 krb5_aname_to_localname() buffer overflow 2004-06-29 10:33:03 +00:00
Oliver Eikemeier
cbfa0839a2 add isakmpd security association deletion vulnerability 2004-06-29 10:21:53 +00:00
Oliver Eikemeier
0f651b2743 add Apache input header folding DoS vulnerability 2004-06-28 22:09:24 +00:00
Oliver Eikemeier
0c0041370a xine-lib RTSP handling vulnerabilities 2004-06-28 09:55:46 +00:00
Tom Rhodes
4e1d155d33 Move MoinMoin entry to VuXML. 2004-06-28 03:58:47 +00:00
Oliver Eikemeier
8a65d874ab diversify url conversion 2004-06-28 01:16:35 +00:00
Joe Marcus Clarke
35c8dae828 Update to 2.6.6 
* Fix a typo in the libtool archive hint [1]
* Check for ports that have a poorly specified CONFLICTS line as well as ports
  that conflict with themselves [2]
* Check for proper handling of gconf schemas
* Check for explicit listing of %gconf keys in the plist

Spotted by:	lofi [1]
Submitted by:	eik [2]
 2004-06-27 20:58:47 +00:00
Oliver Eikemeier
9c7b32a018 add portaudit2vuxml.pl to easy the migration of entries to VuXML 2004-06-26 00:40:17 +00:00
Tom Rhodes
2da36a743f Add an entry for recent isc-dhcp3-server buffer overflows. 
Remove the one in portaudit.txt.
 2004-06-25 20:01:28 +00:00
Tom Rhodes
e28b04324b Move giFT-FastTrack to VuXML. 2004-06-25 17:18:57 +00:00
Oliver Eikemeier
44285aa4ba giFT-FastTrack remote DoS 2004-06-25 13:34:38 +00:00
Michael Landin
a9c369d7ef Add patch with bugfixes. 
- Fix chmod behavior
	- Ignore irrelevant directories
	- Index creation speedup

Bump PORTREVISION.

Submitted by:		Radim Kolar <hsn@netmag.cz>
 2004-06-25 13:11:30 +00:00
Oliver Eikemeier
627e20be53 Update to 0.2.2 
- correct some URLs
 2004-06-25 12:39:35 +00:00
Oliver Eikemeier
a77dbe0db0 correct rlpr version 2004-06-25 12:37:32 +00:00
Oliver Eikemeier
6a45552c43 Pure-FTPd DoS when the max number of connection is reached 2004-06-25 10:31:30 +00:00
Tom Rhodes
974bc49c9d Move the Gallery entry to VuXML. 2004-06-25 01:35:17 +00:00
Oliver Eikemeier
41c24e6c48 update to version 0.4.1 
Use
  portaudit [packagename ...]
to check if package is listed as vulnerable
 2004-06-25 01:21:20 +00:00
Oliver Eikemeier
979289bd12 rlpr local and remote exploitable buffer overflow (CAN-2004-0393, CAN-2004-0454) 2004-06-24 14:52:26 +00:00
Oliver Eikemeier
f78eb5764e CAN-2004-0451: format string vulnerabilities in sup 2004-06-24 11:23:32 +00:00
Oliver Eikemeier
7fdc9f0a99 Security flaw in rssh 2004-06-24 11:01:56 +00:00
Oliver Eikemeier
96ddfca118 Icecast remote DoS vulnerability 2004-06-24 10:45:20 +00:00
Oliver Eikemeier
8d9c87c405 Add pkg-req file which was forgotten in the last commit. 2004-06-23 16:02:23 +00:00
Oliver Eikemeier
f5b10d70f9 Update to version 0.4, with a new `-f' option. 
To check which of the current ports have known vulnerabilities, do

  portaudit -f /usr/ports/INDEX

This port requires pkg_install(-devel)>=20040623
 2004-06-23 16:01:38 +00:00
Oliver Eikemeier
358542a875 update to version 20040623, which has a new `filter mode' for pkg_version -T. 
If you want to know which ports match '{,??-}apache{,-*}<2.*', do

  /usr/local/sbin/pkg_version -T - '{,??-}apache{,-*}<2.*' < /usr/ports/INDEX | awk -F\| '{print$1}'
 2004-06-23 15:55:44 +00:00
Oliver Eikemeier
bf6d0ee746 it seems like isc-dhcp3-{client,devel} are unaffected 2004-06-23 12:11:34 +00:00
Oliver Eikemeier
d8f20aab80 reword gallery entry 
add multiple isc-dhcp3 vulnerabilities
 2004-06-23 11:56:52 +00:00
Oliver Eikemeier
a1cb510643 Update of port which supports FreeBSD-5 alike INDEX-5 file parsing 
PR:		68212
Submitted by:	Anselm Garbe <anselmg@t-online.de> (maintainer)
 2004-06-22 22:33:38 +00:00
Oliver Eikemeier
dc9ea0fae4 Sqwebmail 4.0.4 XSS vulnerability 2004-06-22 09:41:14 +00:00
Akinori MUSHA
957f9e448a Oops, the previous patch was bogus. Sorry. 2004-06-22 04:09:43 +00:00
Michael Nottebrock
fffa7a8da4 Upgrade to version 0.4 
PR: ports/68175
Submitted by: Heiner Eichmann <h.eichmann@gmx.de>
 2004-06-21 20:24:05 +00:00
Oliver Eikemeier
c60724f5cd Roundup remote file disclosure vulnerability 2004-06-21 18:27:02 +00:00
Akinori MUSHA
67b44cc4ca Support the new, extended INDEX format. 2004-06-21 17:38:48 +00:00
Oliver Eikemeier
9dec4894a1 make expiry date customizable via daily_status_portaudit_expiry 2004-06-21 16:04:27 +00:00
Oliver Eikemeier
d9017ab9ff mailman allows 3rd parties to retrieve member passwords (CAN-2004-0412)w 2004-06-21 15:29:53 +00:00
Oliver Eikemeier
fc1f0d94bc super format string vulnerability 2004-06-21 14:44:44 +00:00
Oliver Eikemeier
5e081dab71 Scorched 3D server chat box format string vulnerability 2004-06-21 09:21:05 +00:00
Oliver Eikemeier
da23cae179 BNBT Authorization Header DoS 2004-06-21 08:46:20 +00:00
Thierry Thomas
f705e2b990 - The previous commit included ruby18-raspell-0.1, which is not affected. 
- Add a separate entry for linux-aspell.

Reported by:	Oliver Eikemeier.
 2004-06-20 16:56:48 +00:00
Thierry Thomas
6fcb668607 Security: fix a buffer overflow in word-list-compress: 
- <http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2>
	- <http://nettwerked.mg2.org/advisories/wlc>

Since I'm there, switch from libtool 1.3 to 1.5, to cope with
PR ports/63944.

Obtained from:	Robert Nagy <robert@openbsd.org>.
 2004-06-20 09:04:32 +00:00
Oliver Eikemeier
017af34e32 ircd-hybrid-7 low-bandwidth DoS 2004-06-20 07:26:27 +00:00
Oliver Eikemeier
cfaf552880 Fetch the database from http://www.FreeBSD.org/ports/ first. 
Thanks to:	kuriyama
 2004-06-18 08:07:29 +00:00
Oliver Eikemeier
99a5cf7b63 make BASEURL customizable 2004-06-18 07:42:06 +00:00
Oliver Eikemeier
5f0c117b40 add subversion-perl, subversion-python 2004-06-18 06:33:31 +00:00
Oliver Eikemeier
a0b53a8c5e added racoon certificate validation bug 2004-06-17 08:02:23 +00:00
Oliver Eikemeier
d3c49ee1e5 update to 0.2 
- add the ability to specify multiple URLs
 2004-06-17 07:13:37 +00:00
Oliver Eikemeier
30afb3b9fd add moinmoin, phpnuke and webmin vulnerabilities 2004-06-17 06:35:51 +00:00
Oliver Eikemeier
f005b4280b SquirrelMail has a localized japanese version 2004-06-16 07:52:45 +00:00
Oliver Eikemeier
832beb11b5 Add SquirrelMail XSS vulnerability 2004-06-16 07:46:18 +00:00
Joe Marcus Clarke
c1b62aafb1 Update to 2.6.5. 
* Fix a bug introduced in the "use strict" conversion, and don't check patch
  files for trailing blank lines
* Add a check to make sure pkg-config files are installed into the correct
  location [1]
* Fix some nearby spacing nits

Requested by:	pav [1]
 2004-06-15 06:26:49 +00:00
Oliver Eikemeier
39ef4085be typo 2004-06-14 17:13:49 +00:00
Oliver Eikemeier
10e0fc75b2 Point all vulnerabilities to the base URL, so that entries 
look a little more official.

Pointed out by:	Matthew George <mdg@secureworks.net>
 2004-06-14 16:57:08 +00:00
Oliver Eikemeier
ce219b23dc update to 0.1.1, supporting some of the VuXML 1.1 features 2004-06-14 08:04:41 +00:00
Oliver Eikemeier
fb939dfac3 reword some descriptions 2004-06-14 07:01:13 +00:00
Thierry Thomas
a89c49c5de Change URLs for a better reference about IMP & Chora vulnerabilities. 
Requested by:	eik (bis).
 2004-06-13 13:04:22 +00:00
Thierry Thomas
5bd2ec8846 Add an entry for Chora and IMP. 
Requested by:	eik
 2004-06-13 10:16:30 +00:00
Oliver Eikemeier
244200695e Added CAN-2004-0488, CAN-2004-0492, DBMail vulnerability, smtpproxy vulnerability, 
CAN-2004-0413 (subversion)
 2004-06-13 08:26:12 +00:00
Oliver Eikemeier
53ec7442a9 portaudit-db generates a portaudit database from a current 
ports tree. It also features a file `database/portaudit.txt'
where UUIDs for vulnerabilities can be allocated quickly
before they are moved to the VuXML database.

Call `packaudit' after upgrading your ports tree.
 2004-06-12 22:43:44 +00:00
Joe Marcus Clarke
3dc11612ee Fix a bug where the wrong path to pkg_add could result when doing recursive 
pkg_adds.

Reported by:	kris
 2004-06-12 22:17:51 +00:00
Oliver Eikemeier
bf2ddf8871 accidentally packaged a wrong distribution file 
Noted by:	Randy Pratt <rpratt1950@earthlink.net>
 2004-06-12 08:45:05 +00:00
Oliver Eikemeier
03c46206b1 fix a problem with adding packages recursively under certain conditions 
Noted by:	kris
Fix from:	marcus
 2004-06-12 01:13:35 +00:00
Kris Kennaway
564ffbc957 Fix package build by using explicit paths in RUN_DEPENDS 2004-06-09 03:20:54 +00:00
Pav Lucistnik
44000a1a4f - Add dependency on portupgrade 
PR:		ports/67662, pending/67679
Submitted by:	Stefan Walter <sw@gegenunendlich.de>
Approved by:	maintainer
 2004-06-07 19:19:45 +00:00
Joe Marcus Clarke
b9675a58cf Update to 2.6.4. 
* Remove check for SIZE and MD5 in distinfo since this was a rush job, and
  missed some common cases. [1]
* Re-enable use strict, and fix portlint to obey it

Requested by:	eik [1]
 2004-06-06 17:04:28 +00:00
Joe Marcus Clarke
0bc1fe6be6 Update to 2.6.3. 
* Add a generic check for deprecated macros (e.g. the recent autotools batch),
  and add USE_MESA to the set [1]
* Only use USE_LIBTOOL_VER for checking .la file installation [1]
* Add a check for USE_LIBLTDL and warn about directly using a libltdl
  dependency [1]
* Check distinfo to make sure each file in DISTFILES has SIZE and MD5 entries
  if NO_SIZE and NO_CHECKSUM are not defined

Submitted by:	krion and tobez [1]
 2004-06-06 01:06:33 +00:00
Will Andrews
204ac3822b Update to 0.7. 
PR:		67595
Submitted by:	Stefan Walter <sw@gegenunendlich.de>
Approved by:	maintainer
 2004-06-05 17:36:33 +00:00
Joe Marcus Clarke
d69ede6402 Update to the latest CVS HEAD snapshot (as of today). Also, make sure we 
use .tgz packages by default on systems that do not support .tbz packages.
Thanks to eik for pointing this little problem out.
 2004-05-30 23:33:32 +00:00
Joe Marcus Clarke
53262e188e Update to 2.6.2. 
* Do not complain about SIZE if NO_SIZE is set [1]
* Allow ``%%PORTDOCS%%@unexec rmdir %D/%%DOCSDIR%% 2>/dev/null || true'' in
  pkg-plist when using PORTDOCS
* Be a little smarter about complaining when .la files are seen in the plist.
  Also, point users to the GNOME site for elimintating .la files altogether [2]
* Super-scrub PKGNAME and PORTVERSION for illegal characters [3]
* Check for port versions that go backwards [3]

PR:		66891 [2]
Submitted by:	krion [1]
		leeym [2] (based on)
		eik [3]
 2004-05-30 19:57:49 +00:00
Akinori MUSHA
4d9be12a2c Update to 20040529. 
overall:
  - Update Copyright years.
  - Apply massive message improvement. (I hope..)

pkgtools.conf(5):
  - pkg_site_mirror(): Use pointyhat.FreeBSD.org instead of bento and
    beta.

portupgrade(1):
  - Indicate some pieces of information on what is going on in the
    process title.

portversion(1):
  - Make a generated script (with -c) accept additional arguments for
    portupgrade(1).
 2004-05-29 04:12:20 +00:00
Mark Linimon
0f906db68c Add two new metaports comprising a set of tools to work with the Ports 
Collection.  One is targeted to the audience of people who wish to
install ports from source and then maintain their system; the other,
more specialized, is intended for ports authors.

These might be good candidates for a "start here" reference for those
new to the ports collection and port maintenance.  They might also serve
to introduce more people to fastest-cvsup, pkg_cutleaves, libchk, and
porttools, which IMHO would be A Good Thing.

PR:		ports/65161
 2004-05-26 23:28:15 +00:00
Dag-Erling Smørgrav
216225e187 Try to fetch an up-to-date index from http://www.freebsd.org/ports/. 2004-05-24 13:10:16 +00:00