Navigation:
Browse pkgsrc
(this page)| 2013-02-20 13:14:43 by Filip Hajny | Files touched by this commit (3) |
Log message: Add apxs to buildlink3, so that packages that use apxs will build properly under restricted pbulk. |
2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) |  |
Log message: PKGREVISION bumps for the security/openssl 1.0.1d update. |
| 2012-10-28 07:31:10 by Aleksej Saushev | Files touched by this commit (600) |
Log message: Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. |
| 2012-10-03 23:59:10 by Thomas Klausner | Files touched by this commit (2798) |
Log message: Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them. |
| 2011-12-18 10:13:11 by OBATA Akio | Files touched by this commit (2) |
Log message: Add a patch for CVE-2011-3192. Bump PKGREVISION. |
| 2011-09-21 13:06:10 by OBATA Akio | Files touched by this commit (1) |
Log message: Remove www.NetBSD.org from MASTER_SITES, not using sitedrivenby.gif logo |
| 2011-09-14 19:51:51 by Hans Rosenfeld | Files touched by this commit (1) |
Log message: Use chown -h to explicitly not dereference any symlinks. Fixes build on SunOS. |
| 2010-11-01 19:03:04 by Adam Ciarcinski | Files touched by this commit (18) |
Log message: Changes 2.0.64: * SECURITY: CVE-2010-1452 (cve.mitre.org) mod_dav: Fix Handling of requests without a path segment. * SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. * SECURITY: CVE-2009-3095 (cve.mitre.org) mod_proxy_ftp: sanity check authn credentials. * SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. * SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the 'SSLInsecureRenegotiation' directive to reopen this vulnerability and offer unsafe legacy renegotiation with clients which do not yet support the new secure renegotiation protocol, RFC 5746. * SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: A partial fix for the TLS renegotiation prefix injection attack for OpenSSL versions prior to 0.9.8l; reject any client-initiated renegotiations. Forcibly disable keepalive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using openssl 0.9.8l or later. * SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. * SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. * SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. * SECURITY: CVE-2008-2939 (cve.mitre.org) mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7. * Fix recursive ErrorDocument handling. * mod_ssl: Do not do overlapping memcpy. * Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass through on a 304 response. * apxs: Fix -A and -a options to ignore whitespace in httpd.conf |
| 2010-03-18 13:47:56 by Joerg Sonnenberger | Files touched by this commit (1) |
Log message: Make sure abs_srcdir is patched for the DESTDIR case too. Bump revision. |
| 2010-02-17 16:14:05 by Joerg Sonnenberger | Files touched by this commit (1) |
Log message: DESTDIR support |
New packages: