CAN-2005-2491, http://securitytracker.com/id?1014744
"A remote or local user may be able to supply a specially crafted
regular expression to trigger a heap integer overflow in PCRE."
ok pvalchev@
packing-lists was changes in significant ways, and they do not have
enough dependencies that pkg_add can detect they changed through their
signature.
Bump the pkgname, so that pkg_add -r will choose to update them.
okay pvalchev@
upgrade to version 200508R1;
This fixes several potential security problems, so everyone
should upgrade immidiately.
From Bernd Ahlers <bernd@ba-net.org>, Matthias Kilian <kili@outback.escape.de>
ok pvalchev@
As noted on ports@ recently, pkg_add -r relies on conflicts, and the
sheer existence of updates means we MUST take the past into account in
conflicts now.
Note the renaming of hugs98 to valid package names where versions are
concerned.
This commit shows clearly the renaming of the xfce4 plugin packages, the
ditching of eclipse flavors, the splitting of nessus into subpackages,
the splitting of various other software documentations, some packaging bugs
in kdeedu, and a lot of files moving around...
okay pvalchev@
More annoyingly, it abort()s the current process (thanks dale),
so comment them out, add the win32 codecs, and use them instead.
For some strange reason, the audio codec insists on being launched
from its own directory.
With this change, realmedia playing works.
okay sturm@, okay pvalchev@
Relevant changes from the changelog:
* added a .asy backend for Asymptote files (
http://asymptote.sourceforge.net/ ). Thanks to John Bowman
* fixed three bugs (one memory leak, two other minor problems)
detected by the Coverity Prevent tool (http://www.coverity.com/)
* PostScript frontend: fixed a bug in tracing the bounding box of
raster images.
* fixed a bug in sub path handling - thanks to Soren Henriksen.
* fixed the handling of some special characters in the LaTeX2e
format driver.
pstopnm called the ghostscript interpreter on potentially untrusted
PostScript without specifying the -dSAFER option. Not running under
-dSAFER allows PostScript code to do file IO and to open pipes to
arbitrary external programs, including /bin/sh.
Originally reported by Max Vozeler/Debian Linux; ok brad@
Check sanity of the TrueType "loca" table. Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table. CAN-2005-2097.
http://www.kde.org/info/security/advisory-20050809-1.txt
Check sanity of the TrueType "loca" table. Specially crafted broken
tables caused disk space exhaustion due to very large generated glyph
descriptions when attempting to fix the table. CAN-2005-2097.
from Ubuntu Linux; ok brad@
