Module Name:	pkgsrc
Committed By:	agc
Date:		Sun Dec 14 20:34:57 UTC 2003

Modified Files:
	pkgsrc/net/lftp [pkgsrc-2003Q4]: Makefile distinfo

Log Message:
Pullup updates to lftp-2.6.9 and 2.6.10 to the pkgsrc-2003Q4 branch to
fix a security hole, requested by Quentin Garnier.

	Module Name:    pkgsrc
	Committed By:   cube
	Date:           Sun Dec 14 15:48:37 UTC 2003

	Modified Files:
		pkgsrc/net/lftp: Makefile distinfo

	Log Message:
	Update to version 2.6.10.  This version contains a fix for a buffer
	overflow vulnerability in the HTML parser code affecting "ls" command on
	malicious HTTP server.

	See
	http://lists.netsys.com/pipermail/full-disclosure/2003-December/014824.html

	Version 2.6.10 - 2003-12-11

	* security fixes in html parsing code.
	* fxp between ftps session is now possible (unencrypted yet).
	* fixed a rare bug with access to freed memory in ftp.
	* fixed a bug in mirror, now it does not incorrectly append directory name
	  when target directory is the root.
	* fixed compilation on AIX.
	* Polish translation updated.

and

	Update to version 2.6.9.

	Addresses PR pkg/23633 by Soren Jacobsen.

	Changes:
	- shorten DESCR
	- style nits

	2.6.9:
	======
	- New setting ftp:ssl-protect-list for encrypting file listings selectively.
	- Don't use PRET again if it is not supported.
	- Added cls --sort=time option (alias for sort=date).
	- Don't set file modification time if it grew while downloading.
	- New setting cmd:verify-path-cached.
	- Added long options for `open' command.


To generate a diff of this commit:
cvs rdiff -r1.28 -r1.28.2.1 pkgsrc/net/lftp/Makefile
cvs rdiff -r1.12 -r1.12.2.1 pkgsrc/net/lftp/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.