http://www.kb.cert.org/vuls/id/834865
Bump to nb2.
This will change the internal version of sendmail to 8.12.11.20060308.
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
for libtool archives, remove the .a and .so entries. Bump revision.
Add DragonFly detection for shared libraries. Always try to find -lssl
with -lcrypto, unbreaking the test at least on DragonFly, but should
not harm elsewhere.
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
that "gmp" is registered as a direct dependency for any package that
includes ghc/buildlink3.mk to get ghc as a build dependency. This is
needed since software built by ghc requires routines from the "gmp"
shared library. This fixes PR pkg/33100.
Remove the workaround in devel/darcs and x11/wxhaskell.
Use our libtool
Update to 1.1.1
Fixes security issue (DoS):
http://secunia.com/advisories/19300/
> Security fixes
> * Additional state checking in the EAP-MSCHAPv2 module.
> Bug found by Steffen Schuster.
>
> Feature improvements
> * More dictionary updates
> * Additional tests and fixes for Digest module from Phillipe Sultan.
> * Add new "phone" response mode to rlm_otp/cryptocard.
> * Put the eap sessions into a tree, so that looking them up is very
> fast, and no longer O(n) in the number of sessions.
> * Install the schema examples for a set of backends with the rest
> of the documentation.
> * Add support for xlat expansion of attributes from LDAP.
>
> Bug fixes
> * Fix rlm_perl crash. (closes: #348)
> * Fix handling of CoA-Request packets (close#344). Also correct
> name of CoA packets.
> * Fix an error on x86_64 machines when reading dictionaries.
> (closes: #312)
> * Fix compilation errors on FreeBSD and NetBSD because of rlm_otp
> module. (closes: #314#328)
> * Workaround Cisco bug in State attribute handling in rlm_otp.
> * Support LP64 for async mode in rlm_otp.
> * Fix libtool problems on Debian with rlm_eap_peap and rlm_eap_ttls
> modules. (closes: #75)
> * Make "use_tunneled_reply" work properly for PEAP.
> * Copy the whole string when getting a one-to-one-mapped attribute
> from LDAP (closes: #261)
> * Fix net-snmp's ucd-snmp compatibility mode.
Fixes a TFTP packet buffer overflow vulnerability.
See http://curl.haxx.se/docs/adv_20060320.html for details.
Changes:
- added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
Bugfixes:
- TFTP Packet Buffer Overflow Vulnerability
- properly detecting problems with sending the FTP command USER
- wrong error message shown when certificate verification failed
- multi-part formpost with multi interface crash
- the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
- "SSL: couldn't set callback" is now treated as a less serious problem
- Interix build fix
- fixed curl "hang" when out of file handles at start
- prevent FTP uploads to URLs with trailing slash
The list is not exhaustive: I have only picked the ones already listed,
but not added any new ones. And I may have probably missed some of them
in this list anyway.
FYI: I already have a functional gnome-base 2.14.0 package; it's soooo
nice :-)
doing courier-specific things, like accepting the values of certain
environment variables for things like location of the mail folder for
local delivery. This addresses PR pkg/32369 in a way that still allows
for a future courier-mta package that just uses the maildrop package.
where the base system doesn't provide stubs for non-threaded programs
(which is just NetBSD<=2 for now).
This is absolutely primitive and just sufficient to make MesaLib usable
with nonthreaded programs.
