file provided by Novell):
glibc-2.3.4-23.4
This update fixes a problem when debugging threaded programs using gdb.
The symptom would be that 'info threads' returns empty in every case.
Everyone who debugs should update.
coreutils-5.3.0-10.2
Fix a bug in the cp and mv utilities that cause them to terminate with
a segmentation fault when copying extended attributes fails.
libtiff-3.7.1-7.8,
This update of libtiff is the result of a source-code audit done by
Tavis Ormandy. It fixes various bugs that can lead to denial-of-service
conditions as well as to remote code execution while parsing a tiff image.
(CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463,
CVE-2006-3464, CVE-2006-3465)
giflib-4.1.3-5.2
This update fixes the following security issues:
- specially crafted GIF files could crash applications
(CVE-2005-2974).
- specially crafted GIF files could overwrite memory which
potentially allowed to execute arbitrary code (CVE-2005-3350).
freetype2-2.1.9-4.4
This security update fixes crashes in the PCF handling of freetype2
which might be used to crash freetype2 using applications or even
to execude code in them.
This issue is tracked by the Mitre CVE ID CVE-2006-3467.
gtk2-2.6.4-6.3
This update fixes the following security problem: a heap overflow in the XPM
reader allowed attackers to execute arbitrary code via specially crafted XPM
images (CVE-2005-3186, CVE-2005-2976).
kdelibs3-3.4.0-20.10
This update contain a fix for kdelibs3.
The package contained libraries or applications having an internal empty
rpath / runpath. This problem leads to programs searching shared libaries
in the current directory.
arts-1.4.0-10.2
The KDE soundserver aRts lacked checks around some setuid() calls. This
could potentially be used by a local attacker to gain root
privileges. (CVE-2006-2916)
Add linux_base-8 to CONFLICTS.
Set PORTREVISION to 4.
Remove deprecation.
bzip2 could crash or run into an enless loop when decompressing
certain specially crafted archives. This problem has been fixed.
(CAN-2005-1260)
An advisory is at
<url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260>.
Update the coreutils RPM (description from the INDEX file provided by Novell):
Fix a bug in the cp and mv utilities that cause them to terminate
with a segmentation fault when copying extended attributes fails.
Update the zlib RPM:
The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that
could allow a carefully crafted compressed stream to crash an
application. While the original patch corrected the reported
overflow, Markus Oberhumer discovered additional ways a stream could
trigger an overflow. This update fixes those problems as well.
This issue is tracked by the Mitre CVE ID CAN-2005-1849.
Since only zlib 1.2.x is affected, older SUSE products are not
affected by this problem.
--<url:http://www.novell.com/linux/security/advisories/2005_43_zlib.html>
Add linux_base-8 and linux_base-suse-9.3 to CONFLICTS.
Remove quotes from RESTRICTED line (portlint).
Remove deprecation.
Remove duplicate $FreeBSD$ tag.
Increment PORTREVISION to 2.
Using any locale with UTF-8 encoding leads to an endless loop
if after a quote a tabluator completion is tried.
Update the bzip2 RPM (description from the INDEX file provided by Novell):
bzip2 could crash or run into an enless loop when decompressing
certain specially crafted archives. This problem has been fixed.
(CAN-2005-1260)
An advisory is at
<url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260>.
Update the coreutils RPM (description from the INDEX file provided by Novell):
Fix a bug in the cp and mv utilities that cause them to terminate
with a segmentation fault when copying extended attributes fails.
Update the libacl RPM (description from the INDEX file provided by Novell):
When specifying multiple files, the X pseudo permission was handled
wrong. (X evaluates to x if any acl entry contains x, and - otherwise.)
Update the ncurses RPM (description from the INDEX file provided by Novell):
Make resizing of the terminal work even with threaded curses programs
Update the zlib RPM:
The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that
could allow a carefully crafted compressed stream to crash an
application. While the original patch corrected the reported
overflow, Markus Oberhumer discovered additional ways a stream could
trigger an overflow. This update fixes those problems as well.
This issue is tracked by the Mitre CVE ID CAN-2005-1849.
Since only zlib 1.2.x is affected, older SUSE products are not
affected by this problem.
--<url:http://www.novell.com/linux/security/advisories/2005_43_zlib.html>
Add linux_base-8, linux_base-suse-9.2 and linux_base-suse-9.3 to CONFLICTS.
Remove quotes from RESTRICTED line (portlint).
Remove deprecation.
Increment PORTREVISION to 2.
PR: 102707
- Pass maintainer-ship to submitter [1]
- Mark it IGNORE on OSVERSION prior 502000 since it depends on PT_SYSCALL
ptrace option
PR: 102325 [1], 100329 (related)
Submitted by: Amnon Aaronsohn <bla@cs.huji.ac.il> [1]
- Addition of -W option and minor bug fixed where whitespace at begin/end of
portglob argument was not properly rejected.
PR: ports/102695
Submitted by: maintainer (Martin Kammerhofer)
within PEAR.php (as mentioned by the joomla developers).
The port should be upgraded to 1.0.11 to solve these issues, maintainer
had been informed.
With hat: secteam
Note that I only documented the high level
threats, there are several others which can
be found at the link provided [1]
Reference: http://www.joomla.org/content/view/1841/78/ [1]
interface to the popular licq program. There were other
efforts, but they are discontinued or just outdated. The
reason for creating this plugin is, regarding the original
qt-gui for licq, on the one hand a question of the integration
of the user interface. In my eyes the qt-gui lacks a certain
usability and good look in some points, also it does not really
integrate with gtk desktops. On the other hand it is a question
of qt itself. I don't want to let all the big qt libs be shoveled
into the memory just for using one program, also I basically
like gtk-2 more. There are other icq clients for gtk, but there
is none that has the completeness of Licq.
by software author
WWW: http://icqnd.sourceforge.net/
PR: ports/102657
Submitted by: Rodrigo Graeff <delphus at gmail.com>
to specify where fetchmail logs to. Default: --syslog (as hardcoded
before). [1]
- Use marco for cp [2]
- Try to remove directories not listed in mtree [2]
- No portrevision bump since the default behaviour remains the same, and
a new fetchmail version is to be exspected soon anyway.
Requested by: Gerard Seibert <gerard@seibercom.net> [1]
Submitted by: Stanislav Sedov <ssedov@mbsd.msk.ru> [2]
PR: ports/101517
- Install manpages appropiately
- Garantee correct permissions by using INSTALL
- Fix script headers and dir location to allow ASK to find it's
libs/configuration files.
- Add pkg-message to point user to setup information
- Install documentation with correct permissions
- Install util/asksenders script to bin directory, fix it also for
library paths/python path.
PR: ports/101717
Submitted by: Stanislav Sedov <ssedov@mbsd.msk.ru>
Approved by: maintainer timeout (21 days)
two cases where the common (file) namespace was polluted by Java-specific
files.
Disable building libgomp on FreeBSD 4.x and early versions of FreeBSD 5.0
due to pthread-related build issues there.[1]
Reported by: kris (pointyhat) [1]
