latter bombs if devel/libidn is installed, and it's preferable to use
the non-bundled, pkgsrc libidn rather than fix build of the bundled version
Fixes PR pkg/30336 by Perry E. Metzger and PR pkg/31413 by Steven M. Bellovin
- use CONFIGURE_ENV during the configure phase to make sure we pick up
QMAKESPEC
- set CONFIG_SHELL to ${SH} to help /bin/sh challenged platforms like
solaris.
- fix insecure file creation in /tmp, patch from silc cvs
the impact of this issue is very low. it allows an attacker to overwrite
arbitrary files owned by the user running silcd ("silcd", in pkgsrc) IFF
the owner of the process or root send SIGUSR1 signal to the process to dump
stats. the only file owned by the "silcd" user is typically the log file
which resides in a directory inaccessible by anyone except the user itself
and root so the potential attacker would need to guess its name.
http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt
please note that the advisory also incorrectly states that silc-toolkit is
vulnerable too. the code in question is never compiled in the toolkit so
it's not affected.
Bump PKGREVISION.
- Updated translations (cs, el, fr, gl, it, nl, sl, sr, vi, zh_TW).
- Fixed incorrect information displayed in Plugins & scripts window
under unix (xc244-fixpluginns.diff).
- Added "/set irc_whois_front 1" option to show WHOIS in front tab.
- Lots of speed ups under the hood, mainly in handling of URL
highlighting during mouse motion. Also now allows underlining
.name and .info domains [1230265].
- Moved the "Insert color code" menu into the input box's right-
click menu.
- Fixed "Your Message" messing up when starting with a comma
[1230269].
- Added /id command to identify yourself to nickserv.
- Added /gui MSGBOX <text> for scripters.
- Added /menu command which lets plugins/scripts add their own
menu items.
- Added support for passive DCC chat via /DCC PCHAT <nick>.
- Added support for DCC sending and receiving very large files
(above 4 GB).
- Improved layout of "Info" button in the DCC windows.
- Improved layout of the nick-name right-click menu.
- Improved /help command's display of plugins/script commands.
- Fixed two bugs in detaching tabs (or CTRL-I) [1228926].
- Added /uselect command for scripters to select nick names in the
channel userlist (Daniel P. Stasinski).
- Fixed possible crashes while using the SJIS (Japanese) charset.
- Fixed various memory leaks in right-click menus.
Closes PR pkg/31291 from Jason White. Jason reports that 2.34 does
not work with jabber, and 2.36 did.
Change since 2.34:
2.38 Added #defines for older gtk to bypass gstdio
Fixed flags on outgoing key messages to avoid un-idling
Changed default auto-accept of unknown keys to false.
Fixed debug output for version warning (Daniel Atallah)
2.37 Bugfix for possible double-free of buffer
Bugfix for preference directories with unicode chars
Relaxed checks on Gaim version to allow minor version bumps
Same relaxed checks on the Win32 installer (Daniel Atallah)
Change to intl code to compile on Solaris (Jonathan Wang)
2.36 Bugfix for users who use a non-default prefs directory
Bugfix for Windows 2000
2.35 Workaround for Jabber bug in Gaim
* gdomain now has a -K flag
* gsend has the -b flag
* the default gsubrc doesn't escape '+' characters
* the time format of the default gsubrc is adjustable
* sundry WQP bugfixes
* bug fix to stop gsub from dropping messages
* MacOSX compatibility fixes
* gkinfo has a -y flag
* much more verbose diagnostics when things go wrong with keys
* partial fix to the galed spum problem (not a real fix though)
* don't be as verbose about "replaced .. with __" messages
* more mostly unrelated liboop fixes
1) Simplify the way how an emacs version is picked when no emacs
is installed, but a user try to install an Emacs Lisp package.
Just pick up the version set as EMACS_TYPE than searching for
versions already installed etc. If the EMACS_TYPE version is
not supported by the Emacs Lisp Package, just fail. EMACS_TYPE
be default to GNU Emacs 21.
(In other words, users should set EMACS_TYPE as they want.
Otherwise GNU Emacs 21 is used.)
2) All Emacs Lisp Packages *must* prepend EMACS_PKGNAME_PREFIX to
a) the PKGNAME itself, and b) PKGNAME in its dependency lines.
EMACS_PKGNAME_PREFIX is expanded to "xemacs-" when XEmacs is
used. This keeps dependency graph of Emacs-Lisp-packages-
installed-for-XEmacs consistent.
3) Document EMACS_* variables as much as possible.
4) Provide more cookies for PLIST. Maybe utilized later.
Note that the 2) change doesn't affect the default, GNU Emacs 21
behaviour. So no version / revision bumps in this commit.
by Linux) in tests, use value of BUILDLINK_LDADD.dl.
Also use PTHREAD_LIBS instead of hard-coded -lpthread.
Include dlopen.buildlink3.mk and include pthread.buildlink3.mk.
This fixes problem on Linux and DragonFly where it was not
built with silc support.
Okayed by maintainer.
I tested this on Linux, DragonFly and NetBSD 2.0.2.
I also filed a bug report with gaim last week so they can fix the
configure.ac correctly.
* This release features a large refactoring to make further development
easier.
* Part of the works has also been to make the current features more stable
and better implement.
* Most of the work on this release has been carried out by Mikael Hallendal
and Martyn Russel.
* UPDATE NOW!
Changes in 1.0:
---------------
* Fix crash when connection goes down using SSL, LM-3 (Mikael Hallendal)
* Fixed some GCC 4.0 warnings (Mikael Hallendal)
* Some API fixups for consistency in LmSLL (Mikael Hallendal)
* Don't try to setup SSL if it's not supported (Martyn Russel)
* Documentation fixes (Mikael Hallendal)
* State fixes when using blocking API, LM-7 (Mikael Hallendal)
* Check that connection is open before using it, LM-6 (Mikael Hallendal)
* Fix infinite loop in blocking open if failed, LM-8 (Mikael Hallendal)
Changes in 0.90:
----------------
* Two crashers for ssl read fixed (Micke, Daniel Lavalliere)
* Fixed a couple of leaks when freeing the connection (Daniel Lavalliere)
* A couple of thread related issues solved (Micke, Daniel Lavalliere)
* Work with latest GnuTLS (foser)
* Improved the example tools some (Micke)
- Updated translations (hi, ko, lt, pa, ru, vi, zh_TW).
- People's away message is now shown in the right-click menu, if
known (Christopher Aillon).
- The "Bind to:" setting can now be set to 0.0.0.0 [1176256].
- Plugin API: Don't crash if a print-event closes the current context
and doesn't eat the event [1175674].
- Disabled parsing of quotation marks for /JOIN, so you can join
channels with a quote in them (Dan Fruehauf).
- Fixed truncation of the URL in the right-click menu. Now handles
UTF-8 properly [1188229].
- Fixed use of CP1255 charset, which would chop the last char when
receiving messages [1122089].
- The DCC windows now allow multiple selection and the columns auto
resize (Dan Fruehauf).
- Added "CTCP Sound to Channel" event [1159445].
- You can now drag and drop files into dialog windows to start file
transfers.
- Fixed: "XChat can't ban users with long idents" (Dan Fruehauf)
[1159447].
- Implemented taskbar flashing on unix. Requires a window manager
or taskbar that supports XUrgency flag (Adil).
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
that these directories will be conditionally removed (based on reference
counts), regardless of the value of PKG_CONFIG. Bump the PKGREVISION
for packages that were modified as a result.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
"this release of gaim has a few security fixes which mirror
the effects of patch-ae patch-af patch-ag"
ChangeLog says:
version 1.5.0 (8/11/2005):
* Ability to set IRC quit message (Lalo Martins)
* OSCAR file transfers now work for 2 users behind the same NAT
(Jonathan Clark)
* Yahoo! buddy requests to add you to their buddy list now prompt for
authorization
* Added a /clear command for conversations/chats
* Fixed ICQ encoding for messages with offline ICQ users
(Ilya Konstantinov, SF Bug #1179452)
* Default Yahoo! chat roomlist locale to 'us'
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
- An error in the handling of away messages can be exploited to cause
a heap-based buffer overflow by sending a specially crafted away message
to a user logged into AIM or ICQ.
Successful exploitation allows execution of arbitrary code.
- An error in the handling of file transfers can be exploited to crash
the application by attempting to upload a file with a non-UTF8 filename
to a user logged into AIM or ICQ.
Patches from RedHat.
will install Perl modules into the "vendor" directories:
chat/vicq math/udunits
databases/rrdtool mbone/beacon
devel/p5-subversion
Bump their PKGREVISIONs.
"Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2
and other packages, allows remote attackers to cause a denial of service (bus
error) on certain architectures such as SPARC via an incoming message."
Bump PKGREVISION, patch from Gaim CVS.
The jabberd project team is pleased to announce the release of jabberd 2.0s9.
This is a security release. There is a buffer overflow that could be used to
perform a DoS attack and possible code execution. It is *HIGHLY* recommended
that you upgrade!
ChangeLog:
* fixed only one user is loaded correctly for each router acl
* fixed s2s segfault under particular connection timeout conditions
* fixed id is being case sensitive
* fixed Users cannot login after a long period of server inactivity
* fixed handling of stream errors
* fixed version attribute reply in stream
* fixed c2s glibc abort and mysql option flags
* fixed sx io mem leak
* fixed Incorrect SASL error message defined in sx/sasl.c
* fixed 3 buffer overflows in jid.c
* fixed second log-in in with similar resource breaks routing for first login
Main changelog entries are:
Security:
- Fixed a bug in http_encode that might have caused buffer overflows
(although not likely to be exploitable) when trying to encode strings
with non-ASCII characters.
- Newline stripping added to prevent newline-in-friendlyname attacks.
(Which allowed remote people to make BitlBee send raw custom IRC lines.)
Bugs:
- Many crashes
- Yahoo! cleanup code to avoid 100% CPU time usage
- fixes for ICQ and MSN
approved by wiz@
