aboutsummaryrefslogtreecommitdiffstats
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* Update to 1.33krion2004-10-132-3/+3
| | | | | PR: ports/72597 Submitted by: maintainer
* - update to version 3.71-PRE1eik2004-10-132-8/+15
|
* Update to version 1.5markus2004-10-132-5/+5
| | | | | PR: ports/72452 Submitted by: Frank J. Laszlo <laszlof@vonostingroup.com> (maintainer)
* The sharutils buffer overflows has been fixed in sharutils 4.2.1_2.simon2004-10-131-1/+1
|
* - Update to 1.0.21sergei2004-10-132-9/+17
| | | | | | - Make security/libtasn1 and security/opencdk into optional dependencies, enabled by knobs: WITH_LIBTASN1 and WITH_OPENCDK, respectively. Default to using their included versions
* Use libtool 15arved2004-10-131-1/+1
|
* Adjust patch.lofi2004-10-131-3/+3
|
* Update: security/samhain 1.8.10b -> 1.8.11edwin2004-10-132-8/+8
| | | | | | | | | | | | | | | | | | | | | | | Updating the Samhain integrity checking system from 1.8.10b to 1.8.11. Code changes include: o for files in the IgnoreAll policy, there are no warnings (anymore) about 'no such user/group' and/or non-printable filenames o there is a new option HardlinkOffset=... to specify an offset from the canonical hardlink count for a directory o ... and a new option AddOKChars=... to modify the set of characters in a filename for which a warning (about obscure/non-printable) filename is issued. Port changes: Turn off kernel integrity checking by default - building this into packages wouldn't work anyhow, since it would only work with an identical kernel as on the build cluster. PR: ports/71169 Submitted by: David Thiel <lx@redundancy.redundancy.org>
* - add USE_GCC=2.95 and unbreak this portleeym2004-10-131-4/+4
| | | | | | | | - remove redundant statement PR: 72127 Submitted by: leeym Approved by: maintainer timeout
* Document a vulnerability in sharutils.simon2004-10-131-0/+31
| | | | Approved by: nectar
* Document 2 DoS attacks possible againstjosef2004-10-131-0/+27
| | | | | | | | | older versions of mail-notifier. Based on the security advisories mentioned in the reference links. Approved by: nectar
* - Update to 1.1.3leeym2004-10-134-15/+11
| | | | | | | | | - Add USE_GETOPT_LONG - Replace pkg-plist with PLIST_FILES and PORTDOCS PR: 71742 Submitted by: leeym Approved by: maintainer timeout
* ale@ reports that the only ports affected are php[45], php[45]-cgi,nectar2004-10-121-124/+2
| | | | and mod_php[45].
* Note squid SNMP DoS. Based on an entry that wasnectar2004-10-121-0/+32
| | | | Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
* add WITH_AUTHDAEMON option to allow use of courier authdaemond.ume2004-10-121-0/+4
| | | | | PR: ports/72093 Submitted by: Marcin Gryszkalis
* Update to version 0.3.6krion2004-10-124-22/+5
| | | | | PR: ports/72328 Submitted by: Ports Fury
* Update to 4397jeh2004-10-122-3/+3
|
* Update to 1.4mat2004-10-122-3/+12
| | | | Add docs
* Update to 1.1.8.linimon2004-10-122-3/+3
| | | | | | | | | Note to maintainer: your mailer is apparently changing tabs to spaces. For short patches like this, it's possible to work around it; for longer patches, it won't work at all. PR: ports/71680 Submitted by: bugghy <bugghy at rootshell dot be> ( maintainer)
* - Upgrade to 2.2.0 [1]sergei2004-10-124-44/+45
| | | | | | | | | - Prevent local.rules from being clobbered [2] - Revive OPTIONS - the time has come... ;) PR: ports/70332 [1], ports/70814 [2] Submitted by: Linh Pham <question+freebsdpr@closedsrc.org> [1], Jez Hancock <jez.hancock@munk.nu> [2]
* - Explicitly specify prefix for iconv and gettext librariessergei2004-10-122-3/+11
| | | | | | | | | | to link properly in case PREFIX != LOCALBASE - Add optional missing files (*.mo) - Add USE_ICONV - Bump PORTREVISION PR: ports/72274 (partly) Submitted by: leeym
* Update to 1.1.7.linimon2004-10-122-3/+3
| | | | | PR: ports/71353 Submitted by: Dan Pelleg <daniel+hunch dot pelleg dot org> (maintainer)
* Add an entry for a XSS vulnerability fixed in IMP-3.2.6.thierry2004-10-121-0/+1
|
* - new option WITH_OPENSSH_CHROOTdinoex2004-10-124-48/+124
| | | | Submitted by: KANAI Makoto
* - cleanup patchesdinoex2004-10-1210-42/+42
| | | | (only context changed)
* - add patch to support AES-192-CBC and AES-256-CBCdinoex2004-10-121-0/+210
| | | | | | | | | to the crypto engine (assuming your card supports them). This make the Hifn cards much more useful as AES-256 is the default encryption for many client applications. Submitted by: Spike Ilacqua Obtained from: OpenBSD
* [MAINTAINER UPDATE] security/freebsd-updateedwin2004-10-122-0/+12
| | | | | | | | | | | | | | If `freebsd-update cron` fails due to a lack of internet connection, two emails will be sent -- one with the error message from fetch(1), and the other from freebsd-update reporting that patches could not be downloaded. This patch corrects this mis-behaviour and causes a single email to be sent in such an event; this will be included in a future version of the distfile. PR: ports/72310 Submitted by: Colin Percival <cperciva@daemonology.net>
* The documented xv vulnerabilities were fixed by dinoex@nectar2004-10-121-1/+2
| | | | Approved by: portmgr
* Note that the image decoding vulnerabilities in gdk-pixbuf have beennectar2004-10-121-2/+5
| | | | | | | fixed. Reported by: marcus Approved by: portmgr
* Document older cyrus-sasl bug affecting DIGEST-MD5.nectar2004-10-121-0/+23
| | | | | Submitted by: simon Approved by: portmgr
* Update the description of and list of packages affected by the PHP filenectar2004-10-121-14/+134
| | | | | | | upload processing bug. Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Update to 0.5.6lofi2004-10-122-3/+3
| | | | | PR: ports/72537 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 1.9.11lofi2004-10-123-4/+4
| | | | | PR: ports/72535 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 0.9.9lofi2004-10-122-3/+3
| | | | | PR: ports/72534 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 0.6.7lofi2004-10-122-3/+3
| | | | | PR: ports/72533 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 2.31.marcus2004-10-126-6/+18
| | | | | PR: 71985 Submitted by: maintainer
* - Update to 0.0.8pav2004-10-126-14/+16
| | | | | PR: ports/72086 Submitted by: rik <freebsd-security@rikrose.net> (maintainer)
* - Update to 2.0pav2004-10-124-5/+36
| | | | | | | - Add gmp dependency on FreeBSD 5.x PR: ports/72172 Submitted by: Marcus Grando <marcus@corp.grupos.com.br>
* - Update to 1.34pav2004-10-122-8/+6
| | | | | | | - Please portlint PR: ports/72036 Submitted by: Daan van de Linde <daan@xs4all.nl>
* - Update to 2.4.0pav2004-10-122-3/+3
| | | | | PR: ports/71896 Submitted by: Olivier Tharan <olive@oban.frmug.org> (maintainer)
* Fix build with bind9 in the base system.marcus2004-10-111-3/+8
| | | | | Reported by: pointyhat via kris Approved by: portmgr (implicit)
* Fix build on ia64krion2004-10-101-3/+8
| | | | | | PR: ports/71741 Submitted by: maintainer Approved by: portmgr (implicit)
* fix http://vuxml.freebsd.org/92268205-1947-11d9-bc4a-000c41e2cdad.htmlume2004-10-092-1/+17
| | | | | | Reported by: nectar Approved by: portmgr (krion) Obtained from: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104
* Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.nectar2004-10-091-0/+31
| | | | Approved by: portmgr
* Mark IGNORE because the package somehow includes a dangling symlink, i.e.kris2004-10-071-0/+2
| | | | | | it is incomplete. Approved by: portmgr (self)
* Fix the code so GCC 3.4.2 likes it better, and unbreak.danfe2004-10-062-7/+10
| | | | | Reported by: kris Approved by: portmgr (krion), fjoe (mentor, implicit)
* Add some more apache ports.trhodes2004-10-061-2/+14
| | | | | | Fix two errors found by nectar. Approved by: portmgr
* Add imp3 issue, add apache13-ssl issue, correct a tag.trhodes2004-10-061-2/+31
| | | | Approved by: portmgr
* Note that older packages of bmon were dangerously installed set-user-ID.nectar2004-10-051-0/+25
| | | | Approved by: portmgr
* Document GnuTLS denial-of-service (already mentioned in portaudit'snectar2004-10-051-0/+39
| | | | | | database). Approved by: portmgr
* Record another PHP vulnerability.nectar2004-10-051-0/+45
| | | | Approved by: portmgr
* Record another PHP security issue.nectar2004-10-051-1/+50
| | | | Approved by: portmgr
* Note that xv should not be used.nectar2004-10-051-0/+40
| | | | Approved by: portmgr
* Note a symlink vulnerability in getmail.nectar2004-10-051-0/+28
| | | | | Submitted by: Shane Kinney <mod6@freebsdhackers.net> Approved by: portmgr
* Fill in empty topic from previous commit.nectar2004-10-051-1/+1
| | | | | Noticed by: Shane Kinney <mod6@freebsdhackers.net> Approved by: portmgr
* Record FreeBSD-SA-04:15.syscons.nectar2004-10-051-0/+38
| | | | Approved by: portmgr
* Add missing PORTEPOCH for samba.nectar2004-10-041-1/+1
| | | | | Noticed by: dinoex Approved by: portmgr
* Note racoon certificate verification bug.nectar2004-10-041-0/+26
| | | | | Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Note distcc IP address ACL bug.nectar2004-10-031-1/+27
| | | | | Submitted by: Jon Passi <cykyc@yahoo.com> Approved by: portmgr
* Remove a duplicate entry.nectar2004-10-031-56/+5
| | | | | Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Correct the version number for latest Mozilla entry.nectar2004-10-011-4/+4
| | | | | | (cut-n-paste damage) Approved by: portmgr
* Document the last few of the relatively recent Mozilla vulnerabilities.nectar2004-10-011-0/+110
| | | | Approved by: portmgr
* Correct mangled CVE name: s/8983/0903/nectar2004-10-011-1/+2
| | | | Approved by: portmgr
* Add another two older vulnerabilities affecting Mozilla & co.nectar2004-10-011-8/+161
| | | | | | | | | Continue to try hard to cover past package names: - I missed el-linux-mozillafirebird previously. - Move all the `obsolete' package names into one place for clarity. Approved by: portmgr
* Don't forget `ja-samba' also.nectar2004-10-011-0/+1
| | | | Approved by: portmgr
* Note samba file disclosure vulnerability.nectar2004-10-011-0/+31
| | | | Approved by: portmgr
* Increase USE_GCC to 3.4 for those ports which compile with it.kris2004-09-302-2/+2
| | | | Approved by: portmgr
* Fix apache version number entry, bump modified date for apache as well.trhodes2004-09-301-2/+2
| | | | Approved by: portmgr
* BROKEN on 5.x: Does not compilekris2004-09-291-0/+4
| | | | Approved by: portmgr (self)
* BROKEN on 5.x: Does not compilekris2004-09-291-1/+7
| | | | Approved by: portmgr (self)
* Make an initial attempt at covering all Mozilla/Firefox/Thunderbirdnectar2004-09-291-9/+36
| | | | | | | package names that we've had. Similar changes need to be made to many other entries, but let's use this one as a test subject first. Approved by: portmgr
* Correct spelling of phpnuke package name.nectar2004-09-281-1/+2
| | | | | Reported by: Dan Langille Approved by: portmgr
* Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.nectar2004-09-281-0/+48
| | | | Approved by: portmgr
* Note stack buffer overflow in Mozilla mail.nectar2004-09-281-1/+41
| | | | Approved by: portmgr
* Document Mozilla/Firefox/Thunderbird heap buffer overflows.nectar2004-09-281-0/+57
| | | | Approved by: portmgr
* Correct the package name for phpMyAdmin.nectar2004-09-281-1/+2
| | | | | Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk> Approved by: portmgr
* Correct another typo. :-(kris2004-09-281-1/+1
| | | | | | Spotted by: eik Approved by: portmgr (self) XL pointy hat to: self
* Correct typo in previouskris2004-09-281-1/+1
| | | | | Approved by: portmgr (self) Pointy hat to: self
* Now builds on amd64kris2004-09-281-2/+2
| | | | Approved by: portmgr (self)
* Add CERT Vulnerability Note references to xpm entry.nectar2004-09-271-1/+3
| | | | Approved by: portmgr
* Note two older vulnerabilities in PHP.nectar2004-09-271-0/+111
| | | | | Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Note subversion information disclosure vulnerability.nectar2004-09-271-0/+36
| | | | | Submitted by: lev Approved by: portmgr
* Add missing PORTEPOCH in a mozilla entry.nectar2004-09-271-3/+5
| | | | | | | Correct package name in an apache entry. Reported by: Dan Langille <dan@langille.org> Approved by: portmgr
* BROKEN on 5.x: Does not compilekris2004-09-264-1/+19
| | | | Approved by: portmgr (self)
* BROKEN: Does not buildkris2004-09-261-0/+2
| | | | Approved by: portmgr (self)
* BROKEN on 5.x: Does not compilekris2004-09-261-1/+7
| | | | Approved by: portmgr (self)
* Forgot to add <modified> element for last commit.nectar2004-09-251-0/+1
| | | | Approved by: portmgr
* Add missing PORTEPOCH on one of the mozilla entries.nectar2004-09-251-1/+1
| | | | | Noticed by: Dan Langille <dan@langille.org> Approved by: portmgr
* Document vulnerabilities in lha.nectar2004-09-231-0/+41
| | | | | Reviewed by: dinoex Approved by: portmgr
* Lately it seems I like to use dashes in topics... but I should atnectar2004-09-231-19/+19
| | | | | | least be consistent with how many. s/---/--/ Approved by: portmgr
* Document mysql buffer overflow.nectar2004-09-231-0/+27
| | | | | Reported by: ale Approved by: portmgr
* Update to pam_alreadyloggedin-0.3 to unbreak. There should be nogreen2004-09-232-12/+4
| | | | | | | | | visible changes. This work was done by Jeremie Le Hen; thanks! Submitted by: Jeremie Le Hen <jeremie@le-hen.org> Approved by: portmgr
* Document Mozilla security icon spoofing vulnerability.nectar2004-09-231-0/+39
| | | | Approved by: portmgr
* Document Mozilla vulnerability involving NULL bytes in FTP URLs.nectar2004-09-231-1/+46
| | | | | | Also, correct s/firebird/firefox/ in a previously documented issue. Approved by: portmgr
* Document Mozilla automatic file upload vulnerability.nectar2004-09-221-3/+28
| | | | Approved by: portmgr
* Document mozilla certificate import denial-of-service vulnerability.nectar2004-09-221-0/+48
| | | | Approved by: portmgr
* Note a file name disclosure issue in rssh.nectar2004-09-221-0/+38
| | | | | Reported by: leeym Approved by: portmgr
* - replace "@dirrm ..." with "@unexec rmdir ..."leeym2004-09-221-1/+1
| | | | | | | | (p5-IO-INET6 will install files in SITE_PERL/PERL_ARCH/auto/IO/Socket/INET6) PR: 70640 Submitted by: leeym Approved by: portmgr (marcus)
* Add entry describe GNU Radius denial-of-service vulnerability.nectar2004-09-211-0/+36
| | | | Approved by: portmgr
* Add sudoedit vulnerability.nectar2004-09-211-0/+24
| | | | Approved by: portmgr
* In latest CVS entry, remove the reference to the exploit. It doesnectar2004-09-201-1/+0
| | | | | | | not apply to any of these vulnerabilities, but to the previous CVS vulnerability (CAN-2004-0396). Approved by: portmgr
* Oh yeah, add affected FreeBSD versions for CVS issues.nectar2004-09-201-1536/+1534
| | | | Approved by: portmgr
* Update CVS entry with some details.nectar2004-09-201-13/+31
| | | | Approved by: portmgr
* Add an entry for the mod_proxy buffer overflow existant in apache13.trhodes2004-09-201-0/+25
| | | | Approved by: portmgr
* Update to 1.6.8p1mharo2004-09-192-4/+4
| | | | | Submitted by: many people Approved by: portsmgr (marcus)
* - unbreak this port on 5.xleeym2004-09-192-9/+27
| | | | | | PR: 71853 Submitted by: leeym Approved by: portmgr (marcus)
* BROKEN on 5.x: Does not compilekris2004-09-194-4/+28
| | | | Approved by: portmgr (self)
* Note some fixes for XPM image decoding vulnerabilities.nectar2004-09-181-4/+16
| | | | | | | | Submitted by: lesi Add references to Chris Evans's advisories while I'm at it. Approved by: portmgr
* BROKEN on 5.x: Does not compilekris2004-09-181-1/+7
| | | | Approved by: portmgr (self)
* BROKEN: Broken pkg-plistkris2004-09-181-0/+2
| | | | Approved by: portmgr (self)
* Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.marcus2004-09-171-1/+2
| | | | Approved by: portmgr( implicit)
* Note that a patched version of webmin 1.150 is now available, thanksnectar2004-09-161-2/+4
| | | | | | | | | | to olengi@. Submitted by: olengi Add a paragraph introducing the Webmin blockquote while I'm here. Approved by: portmgr
* Note gdk-pixbuf image decoding issues.nectar2004-09-161-0/+36
| | | | Approved by: portmgr
* clement@ has patched Apache 2.nectar2004-09-161-3/+3
| | | | Approved by: portmgr
* Note CUPS printer queue browser denial-of-service.nectar2004-09-161-0/+24
| | | | Approved by: portmgr
* Note Apache 2 IPv6 address parsing bug.nectar2004-09-151-0/+28
| | | | Approved by: portmgr
* Note new libXpm vulnerabilities.nectar2004-09-151-0/+46
| | | | Approved by: portmgr
* I appear to have deleted a line at the last minute. Restore it.nectar2004-09-151-0/+1
| | | | Approved by: portmgr
* Add mod_dav denial-of-service issue.nectar2004-09-151-0/+28
| | | | Approved by: portmgr
* Oops, forgot to note that the previous issue affects only the Apache 2.xnectar2004-09-151-1/+1
| | | | | | series. Approved by: portmgr
* Add Apache 2 vulnerability concerning environmental variables innectar2004-09-151-0/+34
| | | | | | configuration files. Approved by: portmgr
* Repair three <freebsdpr> elements. The content of these elementsnectar2004-09-151-3/+3
| | | | | | | must be e.g. "ports/46613", not just "46613". Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk> Approved by: portmgr
* Note that some versions of OpenOffice have been corrected.nectar2004-09-151-1/+2
| | | | Approved by: portmgr
* Fix botched date entry and correct iDefense URL.trhodes2004-09-141-2/+2
| | | | Approved by: portmgr
* Really add Samba 3 vulnerability.trhodes2004-09-141-1/+26
| | | | | | | Remove incorrect URL in mpg123 entry. Approved by: portmgr URL noticed: nectar
* Correct version. Note my last commit here was for mpg123 instead oftrhodes2004-09-141-1/+1
| | | | | | | samba3. Noticed by: nectar Approved by: portmgr
* - There is a WITHOUT_X11 version of ImageMagick that needs to benectar2004-09-141-2/+221
| | | | | | | | | | | | | | | | | taken into account. - Fix transposed characters in `isakmpd'. Noticed by: Dan Langille <dan@langille.org> - Add CVE name reference for ImageMagick. - Add webmin temporary file handling issue. - Add OpenOffice temporary file handling issue. - Widen the `KDE frame injection' issue to cover Mozilla, Firebird, Netscape, and Opera as well - Add Mozilla/Firebird/Netscape SOAPParameter vulnerability - Add Mozilla/Thunderbird/Netscape POP client vulnerability Approved by: portmgr
* Update for recent Samba3 vulnerabilities.trhodes2004-09-141-0/+27
| | | | Approved by: portmgr
* - Update to 1.0.20, fixing GnuTLS certificate chain verification DoSsergei2004-09-103-6/+5
| | | | | | | | | | | vulnerability (portaudit ID: 84ab58cf-e4ac-11d8-9b0a-000347a4fa7d), described in the following advisories: - http://www.hornik.sk/SA/SA-20040802.txt - http://secunia.com/advisories/12156 PR: ports/71502 Submitted by: Koop Mast <kwm@rainbow-runner.nl> Approved by: portmgr (eik, marcus)
* Typo-fix in a commentbrueffer2004-09-091-1/+1
| | | | Approved by: portmgr (krion)
* - star-devel: privilege escalationeik2004-09-092-1/+7
| | | | | | | | - multi-gnome-terminal: information leak - usermin: remote shell command injection and insecure installation - mpg123: layer 2 decoder buffer overflow Approved by: portmgr (implicit)
* - XSS vulnerability in phpGroupWare wiki moduleeik2004-09-072-8/+42
| | | | | | - add some references Approved by: portmgr (implicit)
* managed to break this just in time for the ports freeze.arved2004-09-041-2/+0
| | | | | Submitted by: lofi, eik Approved by: portmgr (eik)
* multiple vulnerabilities in LHAeik2004-09-041-0/+36
|
* Nuke the gnupg sigchecking code. There are bugs and I don't have the timearved2004-09-042-16/+0
| | | | | | | to work on this now. PR: 66417 Submitted by: Lupe Christoph <lupe@lupe-christoph.de>
* grrrr... left the test case intacteik2004-09-041-1/+1
|
* - update to version 0.5.9eik2004-09-043-14/+34
| | | | (first attempts to check the base system for vulnerabilities)
* - add some referenceseik2004-09-043-8/+142
| | | | | | | | | | - extend ImageMagick entry - squid ntlm authentication helper DoS - multiple vpopmail vulnerabilities - first attempts to check the base system for vulnerabilities: + cvs server code + zlib DoS - BSD license portaudit.xml
* Fix build when using ccacheeik2004-09-041-1/+31
| | | | | PR: 71343 Submitted by: Michael Johnson <ahze@ahze.net>
* Update to 3.23.0. This release of super fixes a potential root exploit:obrien2004-09-044-17/+12
| | | | | | | http://xforce.iss.net/xforce/xfdb/16458 PR: 71328 Submitted by: Piet Delport <pjd@point45.com>
* Add CONFLICTS with openvpn-develvs2004-09-043-0/+6
| | | | | PR: ports/71337 Submitted by: maintainer
* - update to 0.19.clsung2004-09-032-3/+3
| | | | Approved by: vanilla (co-mentor)
* Implement a "mgrate" facility that lets one migrate/overwrite the LDAPmarcus2004-09-032-8/+59
| | | | | | | | | | | | | | | | | | userPassword field of the user being authenticated. The PAM and LDAP usernames must be the same. This makes "pam_ldap migrate" similar to "pam_smbpass migrate". This has been submitted to PADL in http://bugzilla.padl.com/show_bug.cgi?id=178. [1] Allow pam_ldap to change user passwords under certain circumstances. This has been submitted to PADL in http://bugzilla.padl.com/show_bug.cgi?id=177. [2] All of this is documented further at http://www.iem.pw.edu.pl/~wielebap/ldap/pam_ldap/pam_ldap_doc.pdf. PR: 71289 [1] 71287 [2] Submitted by: Pawel Wieleba <wielebap@iem.pw.edu.pl>
* Fix the bus error on startup in -CURRENT and 5.x-BETA. It turns outroam2004-09-022-1/+32
| | | | | | | | | | | | | that the OpenSSL ENGINE code is, well, somewhat less than stellar, especially in combo with malloc's 'j' option. Even without it, though, there are some problems that I don't have time to look into right now. So, disable the OpenSSL ENGINE activation on FreeBSD 5.x, unless the WITH_STUNNEL_SSL_ENGINE knob is turned on. Also, while I'm here, fix the CONFIGURE_TARGET so the GNU configure script does not complain quite so loudly. Bump PORTREVISION for the functionality change (well, I guess you could say "not working" -> "working" is a functionality change ;)
* - Update to 20040826 snapshotvs2004-09-024-93/+46
| | | | | | | | | - Fix fetching - Fix -pthread/-lc_r issue for good (courtesy of bsd.autotools.mk, who'd have guessed...) PR: ports/71168 Submitted by: Rob Evers (maintainer), me
* Adjust the affected version for imlib now that the 2nd instance of BMPnectar2004-09-021-1/+2
| | | | loader has been corrected.
* - Update to 0.44pav2004-09-022-5/+3
| | | | | PR: ports/71249 Submitted by: Luiz Eduardo Roncato Cordeiro <cordeiro@nic.br> (maintainer)
* Update to DAT 4389jeh2004-09-022-4/+3
|
* Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilitiescy2004-09-0212-4/+128
| | | | | | in KDC and libraries Heads-up by: nectar
* The recent commit to the krb5 port brought the version to 1.3.4_1 butnectar2004-09-021-1/+1
| | | | | did not correct one of the existing vulnerabilities. Update the affected range to compensate.
* Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.cy2004-09-018-0/+56
| | | | Heads-up by: nectar
* - update to 0.7clsung2004-09-012-3/+3
| | | | | | | | | | | | | - From ChangeLog - Added support for ESMTP [Andreas Steinmetz] - Fixed crash when too many connections established - Announce ourselves as 'clamsmtp' in EHLO/HELO responses which fixes 'loopback' problems with certain versions of Postfix 1.x - Better IO performance under heavy load - Fixed most warnings when compiled with -Wall - Fixed other minor bugs Approved by: vanilla (co-mentor)
* Note recent MIT Kerberos 5 vulnerabilities.nectar2004-09-011-0/+74
|
* - update to version 3.70 (birthday edition, try the verbose mode)eik2004-09-012-9/+3
|
* Document imlib2 BMP decoder bug.nectar2004-08-311-0/+27
|
* Document BMP decoder bugs in imlib1 and ImageMagick.nectar2004-08-311-0/+50
|
* Update to 1.2.6.osa2004-08-316-58/+58
| | | | | | Utilize DOCSDIR and DATADIR macros. Approved by: kuriyama (maintainer)
* Update to 1.7.1.marcus2004-08-312-3/+3
|
* samba printer change notification request DoSeik2004-08-311-0/+1
|
* Update to 0.3.3.marcus2004-08-313-3/+11
| | | | | PR: 71156 Submitted by: maintainer
* Update to KDE 3.3lofi2004-08-316-190/+56
|
* Correct bogus date in mysql entry. (It should be YYYY-MM-DD, notnectar2004-08-301-2/+2
| | | | | | DD-MM-YYYY.) Reported by: robert@openbsd.org
* Add more references (particularly CVE names) for issues affectingnectar2004-08-301-8/+24
| | | | | | | SpamAssassin, tnftpd, ruby, mysql. Place text taken from another source inside <blockquote cite="..."> for ruby issue.
* Fix location of pkg-config data.vs2004-08-302-1/+12
| | | | | | PR: ports/69149 Submitted by: Konstantin Oznobihin Approved by: maintainer timeout
* correct/add some referenceseik2004-08-301-35/+48
|
* add some references, add ru-gaimeik2004-08-301-2/+4
|
* multiple vulnerabilities in gaimeik2004-08-301-4/+4
|
* I have been having a problem since the update to use update.ini insteadjeh2004-08-302-10/+23
| | | | | of readme.txt of flipping between two version of DAT. 'update_dat' now compares the current value with the new one, before updating.
* security bug in rscsi client codeeik2004-08-301-0/+4
| | | | Submitted by: marius
* Update to 2.30.marcus2004-08-304-6/+6
| | | | | PR: 71092 Submitted by: maintainer
* - Update to 1.1.7pav2004-08-304-17/+26
| | | | | PR: ports/71119 Submitted by: bugghy <bugghy@rootshell.be> (maintainer)
* Remove -P option from tar. This patch has already been incorporatedlinimon2004-08-291-0/+1
| | | | | | | into the upstream sources. PR: ports/70806 Submitted by: SANETO Takanori <sanewo at ba2 dot so-net dot ne dot jp>
* Add opieprintmharo2004-08-295-17/+40
| | | | output postscript with 100 OPIE passwords credit card sized
* Patch the default installation locations to be FreeBSD-friendly. Bumplinimon2004-08-2816-2/+201
| | | | | | | portrevision. Users should take care when upgrading. PR: ports/70424 Submitted by: Jean Milanez Melo <jmelo at freebsdbrasil dot com dot br> (maintainer)
* Add WWW line.linimon2004-08-281-0/+2
|
* Document NSS SSLv2 server buffer overflow (already referenced innectar2004-08-272-1/+37
| | | | portaudit.txt).
* Document ripMIME decoding bug (already referenced in portaudit.txt).nectar2004-08-272-2/+38
|
* Update to 0.41mat2004-08-273-5/+6
| | | | | | PR: 70258 Submitted by: skv Approved by: maintainer timeout
* Argh. Duplicate entry for "Scorched 3D server chat box format string ↵eik2004-08-271-2/+1
| | | | vulnerabilty"
* Mozilla / NSS S/MIME DoS vulnerability & Scorched 3D server chat box format ↵eik2004-08-271-0/+2
| | | | string vulnerability
* Remove <modified/> from the gnomevfs vulnerability since it was the samemarcus2004-08-271-1/+0
| | | | | | as <entry/> and it needed to be last anyway. Suggested by: nectar
* Update the gnomevfs entry to reflect the fixed versions.marcus2004-08-271-2/+3
|
* Add entry for moinmoin ACL bypass.trhodes2004-08-271-0/+28
|
* Note sanitize_path bug in rsync (already referenced in portaudit.txt).nectar2004-08-272-1/+32
|
* Unsafe URI handling in gnome-vfs, MidnightCommander.nectar2004-08-271-0/+38
|
* Document buffer overflows in SoX (already referenced in portaudit.txt).nectar2004-08-272-1/+30
|
* Document cookie bug in Konqueror (already referenced in portaudit.txt).nectar2004-08-272-1/+45
|
* Update to 2.1.1sem2004-08-274-17/+26
| | | | | PR: ports/70933 Submitted by: maintainer
* The tarball was rerolled because of security fix.sem2004-08-271-2/+2
| | | | | PR: ports/70978 Submitted by: Omer Faruk Sen <ofsen@enderunix.org>
* - Update to 0.6.6pav2004-08-272-4/+4
| | | | | PR: ports/70941 Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu> (maintainer)
* Add missed file in pkg-plistsem2004-08-271-0/+1
|
* Update to 2.1.2sem2004-08-2710-15/+728
| | | | | | | make portlint happy PR: ports/70951 Submitted by: maintainer
* support building nmap-3.59a5 WITH_PRERELEASE=yeseik2004-08-262-0/+6
|
* - Update to 1.4.0clsung2004-08-265-31/+60
| | | | | | | | - Change MASTER_SITES - fixed build error in 5.x (compare to ports/69194) PR: ports/70444 Approved by: vanilla (co-mentor)
* I forgot to change filename, which md5 info is correct for 0.6.clsung2004-08-261-2/+2
| | | | Approved by: vanilla (co-mentor)
* Update to DAT 4388jeh2004-08-262-3/+3
|
* Update to 20040825vs2004-08-262-3/+3
| | | | | PR: ports/70947 Submitted by: Tim Bishop (maintainer)
* - Fix "make validate" problem when textproc/xhtml-basic ishrs2004-08-254-9/+12
| | | | | | | | installed by adding an SGML declaration and DTDDECL. - Remove the --catalogs option for xmllint(1) in validate.sh. Approved by: nectar (maintainer) PR: ports/63035
* Remove libxine issue which is now documented in the FreeBSD VuXMLnectar2004-08-251-1/+0
| | | | | | document. Reminded by: eik
* update to 3.9.2. Fixes a remote exploitable buffer overflow:eik2004-08-253-5/+4
| | | | <http://www.freebsd.org/ports/portaudit/207f8ff3-f697-11d8-81b0-000347a4fa7d.html>
* nss library SSL remote buffer overfloweik2004-08-251-0/+1
|
* multiple buffer overflows in xveik2004-08-251-2/+3
|
* - update to 0.6clsung2004-08-252-3/+3
| | | | | | | - Proper adding of customized header - Fixes to documentation Approved by: vanilla (co-mentor)
* - Removed now-unneeded patchsergei2004-08-241-11/+0
|
* - Update to 1.0sergei2004-08-242-10/+10
|
* Konqueror cross-domain cookie injectioneik2004-08-241-0/+1
|
* handle some duplicateseik2004-08-243-2/+71
|
* Place port name in the description.trhodes2004-08-241-1/+2
| | | | Suggested by: eik
* fix "too many open files" error when using the -r flageik2004-08-242-2/+2
| | | | Noted by: nectar
* Add libxine vcd URL handling issue.nectar2004-08-241-0/+39
|
* Add DoS in SpamAssassin.nectar2004-08-231-0/+30
|
* Add <modified> date for previous commit.nectar2004-08-231-0/+1
|
* fidogate-ds was also affected by the ``write files as `news' user''nectar2004-08-231-0/+4
| | | | issue.
* Off-by-one error in courier-imap entry.nectar2004-08-231-1/+1
| | | | Noticed by: oliver
* Add a more useful reference for the Qt issue.nectar2004-08-231-0/+1
|
* Add Qt heap overflow issue.nectar2004-08-231-0/+31
|
* Add a security issue affected courier-imap when run with certain debugnectar2004-08-231-0/+26
| | | | flags.
* Add fidogate issue.nectar2004-08-231-0/+26
|
* Add an issue covering a vulnerability in mysqlhotcopy.nectar2004-08-231-0/+32
| | | | Reported by: robert@openbsd.org
* Cancel a VuXML entry for an Apache vulnerability that does not affectnectar2004-08-231-42/+1
| | | | | | FreeBSD. Reminded by: recent conversations :-)
* Fix CC, CFLAGSarved2004-08-231-0/+1
| | | | | PR: 70824 Submitted by: Roman Bogorodskiy <bogorodskiy@inbox.ru>
* Revert previous commit, I lost the race with arved who fixed the port.kris2004-08-221-6/+1
| | | | Pointy hat to: kris
* that should fix the build on freebsd-6oliver2004-08-221-1/+19
| | | | Reported by: pointyhat (via kris)
* Fix the WITHOUT_ knobs to be compliant with the GNOME frameworksem2004-08-212-12/+10
| | | | | PR: ports/70451, ports/70452 Submitted by: maintainer
* a2ps: Possible execution of shell commands as local user.eik2004-08-211-1/+2
|
* Delete files forgotten in last repocopyeik2004-08-219-152/+0
| | | | | | | | | Fix typo <http://docs.freebsd.org/cgi/mid.cgi?200408010854.i718sxCc065477> <http://docs.freebsd.org/cgi/mid.cgi?200408010937.i719b446067158> Pointy hat to: sem
* cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSDeik2004-08-211-27/+1
| | | | <http://docs.FreeBSD.org/cgi/mid.cgi?20040817123651.GB930>
* BROKEN on 5.x: Does not compile with gcc 3.4.2kris2004-08-211-1/+6
|
* Fix build with gcc 3.4arved2004-08-211-2/+10
|
* Update to 1.1.6sem2004-08-202-3/+3
| | | | | PR: ports/70706 Submitted by: maintainer
* correct topic of eda0ade6-f281-11d8-81b0-000347a4fa7deik2004-08-201-1/+1
|
* QT 3.x BMP (and possibly other graphics formats) heap-based overfloweik2004-08-201-0/+1
|
* Update to 1.6.8mharo2004-08-204-21/+9
|
* My territory, suggested by ijliao. :pclsung2004-08-203-3/+3
| | | | Approved by: vanilla (co-mentor)
* Add revelation, a password manager for the GNOME 2 desktop. It stores allmarcus2004-08-205-0/+123
| | | | | | | | your account and passwords in a single, secure, place, and give you access to them all through a user-friendly graphical interface. PR: 70653 Submitted by: ports@c0decafe.net <ports@c0decafe.net>
* Update to 1.25mat2004-08-193-29/+67
| | | | | | | | use EXAMPLESDIR PR: 70093 Submitted by: Jeff Putsch <jdputsch@comcast.net> Approved by: maintainer timeout
* potential security flaws in mod_ssleik2004-08-191-4/+6
|
* Update to DAT 4387jeh2004-08-192-3/+3
|
* patch-kmpstat.c is not necessary anymore.sumikawa2004-08-192-28/+0
| | | | | | PR: ports/70620, ports/70622 Submitted by: Helge Oldach <racoonaug04@oldach.net>, Ying-Chieh Chen <yinjieh@csie.nctu.edu.tw>
* - update to 3.9p1dinoex2004-08-1812-126/+92
| | | | | | | set PORTVERSION 3.9.0.1 to avoid another bump of PORTEPOCH if 3.9.1p1 come out. - new option OPENSSH_SNAPSHOT
* Update to 1.27krion2004-08-182-3/+3
| | | | | PR: ports/70606 Submitted by: maintainer
* Upgrade to 20040818a.sumikawa2004-08-184-6/+6
|
* Add a pointer to Przemyslaw Frasunek's advisory.nectar2004-08-181-0/+1
|
* For the lukemftpd/tnftpd issue, add a reference to NetBSD securitynectar2004-08-181-0/+1
| | | | advisory now that it is available.
* Note a vulnerability in lukemftpd/tnftpd.nectar2004-08-181-0/+47
|
* Don't require a particular version of libexpat. Use sh(1)'s `echo *'mi2004-08-182-3/+3
| | | | | | instead of spawning off ls(1) in pkg_check.sh. Approved by: maintainer
* multiple CVS vulnerabilitieseik2004-08-171-0/+51
|
* move a800386e-ef7e-11d8-81b0-000347a4fa7d to xmleik2004-08-173-9/+36
|
* Correct the version numbers and dates in the last entry.knu2004-08-171-4/+4
|
* Add an entry for:knu2004-08-171-0/+30
| | | | Ruby insecure file permissions in the CGI session management
generated by cgit (git 2.34.1) at 2025-01-17 08:44:22 +0800