[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2013Q2 2013-09-18T09:56:52Z 2013-09-18T09:56:52Z spz spz 2013-09-18T09:56:52Z urn:sha1:886b2fca9df9507aac4b43e38a337aa08c470887 2013-09-18T09:55:31Z spz spz 2013-09-18T09:55:31Z urn:sha1:61e7cc256d482acf7273f74deb422876df1e9e75 net/wireshark: security update Revisions pulled up: - net/wireshark/Makefile by patch - net/wireshark/distinfo by patch ------------------------------------------------------------------- Update "wireshark" package to version 1.8.10. Changes since 1.8.9: - Bug Fixes The following vulnerabilities have been fixed. o wnpa-sec-2013-55 The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9005) Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9. o wnpa-sec-2013-56 The ASSA R3 dissector could go into an infinite loop. Discovered by Ben Schmidt. (Bug 9020 ) Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9. o wnpa-sec-2013-57 The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt. (Bug 9019 ) Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9. o wnpa-sec-2013-58 The MQ dissector could crash. (Bug 9079 ) Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9. o wnpa-sec-2013-59 The LDAP dissector could crash. Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9. o wnpa-sec-2013-60 The Netmon file parser could crash. Discovered by G. Geshev. (Bug 8742 ) Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9. - The following bugs have been fixed: o Lua ByteArray:append() causes wireshark crash. (Bug 4461) o Lua script can not get "data-text-lines" protocol data. (Bug 5200) o PER normally small non-negative whole number decoding is wrong when >= 64. (Bug 8841) o Incorrect parsing of IPFIX *IpTotalLength elements. (Bug 8918) o IO graph/advanced, max/min/summ error on frames with multiple Diameter messages. (Bug 8980) o Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031) o Dissector for EtherCAT: ADS highlighting in the Packet Bytes Pane is incorrect. (Bug 9036) o 802.11 HT Extended Capabilities B10 decode incorrect. (Bug 9038) o Weird malformed HTTP error. (Bug 9101) - Updated Protocol Support ASSA R3, EtherCAT AMS, GTPv2, HTTP, IEEE 802.11, IPFIX, LDAP, MQ, NBAP, NCP SSS, RTPS, SIP, 2013-09-13T13:07:44Z tron tron 2013-09-13T13:07:44Z urn:sha1:aa95e74c12b3193790a29a1189d96cd6a94bae99 2013-09-13T13:07:27Z tron tron 2013-09-13T13:07:27Z urn:sha1:025f9cf382d2a685abdd63a97d43c97ad6b9d499 www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.34-1.35 - www/wordpress/PLIST 1.16-1.17 - www/wordpress/distinfo 1.26-1.27 --- Module Name: pkgsrc Committed By: morr Date: Thu Aug 8 07:50:58 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to newest version of Wordpress 3.6. ChangeLog: New Default Theme - Twenty Thirteen * Focus on blogging * Single column layout with Sidebar / Widgets in the footer * Latest Theme Features support, particularly Post Formats and Semantic Markup * Font-based icons (Genericons) Admin Enhancements * UI improvements on Navigation Menus Screen * Revisions revised to be more dynamic and scalable * Autosave and Post Locking * Preview Audio and Video on Media Edit Screen * In-line login following expired sessions For Developers * External Libraries have been updated. * New audio/video APIs give developers access to powerful media metadata, like ID3 tags. * Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define. * Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists. * Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter. More info on http://codex.wordpress.org/Version_3.6 --- Module Name: pkgsrc Committed By: morr Date: Thu Sep 12 17:19:59 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: This maintenance release addresses 13 bugs with version 3.6. Additionally: Version 3.6.1 fixes three security issues: * Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338. * Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339. * Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340. Additional security hardening: * Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML. More on http://codex.wordpress.org/Version_3.6.1 2013-09-13T12:37:37Z tron tron 2013-09-13T12:37:37Z urn:sha1:210cf6448cdafeb2aff2fdb2d20a571be0c8518e www/mediawiki: security update Revisions pulled up: - www/mediawiki/Makefile 1.34 - www/mediawiki/PLIST 1.17 - www/mediawiki/distinfo 1.23 --- Module Name: pkgsrc Committed By: wen Date: Sat Sep 7 14:49:42 UTC 2013 Modified Files: pkgsrc/www/mediawiki: Makefile PLIST distinfo Log Message: Update to 1.21.2 Upstream changes: Changes since 1.21.1 SECURITY: Fix extension detection with 2 .'s SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. SECURITY: Sanitize ResourceLoader exception messages Purge upstream caches when deleting file assets. Unit test suite now runs the AutoLoader tests. Also fixed the autoloading entry for the PageORMTableForTesting class though it had no impact. 2013-09-11T12:42:31Z tron tron 2013-09-11T12:42:31Z urn:sha1:831345ca2e1812123f90d26e0a624c5d42364060 2013-09-11T12:42:21Z tron tron 2013-09-11T12:42:21Z urn:sha1:0df679db86e5079f30b3da68ecb40202006e4253 multimedia/adobe-flash-plugin11: security update Revisions pulled up: - multimedia/adobe-flash-plugin11/Makefile 1.19 - multimedia/adobe-flash-plugin11/distinfo 1.18 --- Module Name: pkgsrc Committed By: obache Date: Wed Sep 11 07:39:34 UTC 2013 Modified Files: pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo Log Message: Update adobe-flash-plugin11 to 11.2.202.310 for APSB13-21. 2013-09-10T11:59:15Z tron tron 2013-09-10T11:59:15Z urn:sha1:4bef095580d2e53375b6637b383738d696e31e54 2013-09-10T10:56:12Z tron tron 2013-09-10T10:56:12Z urn:sha1:13392a91ab1225219d2612400f3205bd17ffc3fa www/typo3_60: security update Revisions pulled up: - www/typo3_60/Makefile 1.4 - www/typo3_60/PLIST 1.4 - www/typo3_60/distinfo 1.4 --- Module Name: pkgsrc Committed By: taca Date: Fri Sep 6 14:16:46 UTC 2013 Modified Files: pkgsrc/www/typo3_60: Makefile PLIST distinfo Log Message: Update typo3-60 package to 6.0.9. This release contains a security fix, please refer TYPO3 Security Bulle= tin TYPO3-CORE-SA-2013-003: TYPO3-CORE-SA-2013-003: Incomplete Access Manag= ement and Remote Code Execution Vulnerability in TYPO3 Core. http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor= e-sa-2013-003/ 2013-09-04 8506ff6 [RELEASE] Release of TYPO3 6.0.9 (= TYPO3 Release Team) 2013-09-04 952974b #50886 [SECURITY] Prohibit accessing stor= age 0 from backend UI (Steffen Ritter) 2013-09-04 1e710fb #50883 [SECURITY] Identifiers may refer t= o resources outside the storage (Steffen Ritter) 2013-09-04 6073618 #51495 [SECURITY] Deny arbitrary code exe= cution possibility for editors (Helmut Hummel) 2013-09-04 b3e53a0 #51327 [SECURITY] Refactor and fix FAL us= er permission handling (Helmut Hummel) 2013-09-04 31d5b88 #51326 [SECURITY] Add possibility to en-/= disable file permission checks (Helmut Hummel) 2013-09-04 02aa25d #51079 [SECURITY] Check permissions in al= l actions of ResourceStorage (Steffen Ritter) 2013-09-03 77701ad [TASK] CGL Cleanup of ResourceStor= age (Helmut Hummel) 2013-09-03 ec0a99c #49842 [BUGFIX] Storage is offline but is= still used (Frans Saris) 2013-09-03 1cf9d3c #51672 [BUGFIX] Fix fatal error in Extend= edFileUtility (Helmut Hummel) 2013-09-01 55724fb #31998 [BUGFIX] Faulty check for missing = SMTP port (Tomita Militaru) 2013-08-31 c73e4fe #50424 [BUGFIX] Backend Layout Grid Wizar= d not fully visible in Mac Firefox 22 (Roland Schenke) 2013-08-30 0547211 #51585 [BUGIFX] Missing argument in EM Li= st view VH (Francois Suter) 2013-08-29 2b86070 #51328 [BUGFIX] Only log file/directory a= ctions which were done (Helmut Hummel) 2013-08-29 dc01b69 #51544 [BUGFIX] Sprite manager cache impr= ovement (Christian Kuhn) 2013-08-29 01acc60 #50707 [BUGFIX] TCA 'group' selectedListS= tyle with 'width' breaking layout (Ernesto Baschny) 2013-08-29 2727a6a #51460 [BUGFIX] Database integrity check = fatal error (Stefan F=FCrst) 2013-08-29 1a04377 #51474 [BUGFIX] Cast autoload and classAl= iasMap to Array (Michel Georgy) 2013-08-29 f1ab499 #51509 [BUGFIX] Add missing API method Fi= leInterface::getNameWithoutExtension (Ernesto Baschny) 2013-08-28 2c8a999 #36244 [BUGFIX] Exclude empty passwords f= rom password hashing check (Nicole Cordes) 2013-08-27 05fccd0 #50234 [TASK] Make the extension titles l= ink to the configuration (Nicole Cordes) 2013-08-27 774a1e0 #51304 [BUGFIX] Hide translations in cate= gories selector (Francois Suter) 2013-08-27 ed32255 #50870 [BUGFIX] Tests in Localization\Par= ser\LocallangXmlParserTest fail (Nicole Cordes) 2013-08-27 f7e4a7e #50760 [BUGFIX] Escape title tag of image= links (Alexander Stehlik) 2013-08-27 7bd1009 #25327,#37026 [BUGFIX] Page tree filtering broke= n in IE7 & IE8 (Aske Ertmann) 2013-08-25 a735101 #51209 [BUGFIX] Ignore permission checks = for processed files (Helmut Hummel) 2013-08-20 910d820 #37892 [BUGFIX] No version overlay should= be done for sys_language (Lienhart Woitok) 2013-08-20 19a811d #46989 [BUGFIX] Files with unclean path i= ndexed multiple times (Stefan Neufeind) 2013-08-18 fb7b686 #50614 [TASK] FilesContentObject::stdWrap= Value(): only execute stdWrap once (Stefan Neufeind) 2013-08-18 d368497 #43428 [BUGFIX] Language-module icons nee= d to display in correct size (Stefan Neufeind) 2013-08-17 fbbad86 #30636 [BUGFIX] TCA: subtypes_addlist not= processed (Benjamin Mack) 2013-08-17 f39a79d #47844 [BUGFIX] Query parameters of exter= nal link may get altered (Stanislas Rolland) 2013-08-16 a09dc5f #51115 [TASK] Disable scheduler-tests if = EXT:scheduler not loaded (Anja Leichsenring) 2013-08-16 8dfaf9c #51004 [BUGFIX] Fix file permission metho= ds in BackendUserAuthentication (Helmut Hummel) 2013-08-16 db51023 #51007 [BUGFIX] Fix inconsistencies in ge= tTSConfig in BackenuserAuth (Helmut Hummel) 2013-08-16 221a435 Revert "[BUGFIX] Fix inconsistenci= es in getTSConfig in BackenuserAuth" (Helmut Hummel) 2013-08-16 8b33a0d Revert "[BUGFIX] Fix file permissi= on methods in BackendUserAuthentication" (Helmut Hummel) 2013-08-15 d3b7851 #51007 [BUGFIX] Fix inconsistencies in ge= tTSConfig in BackenuserAuth (Helmut Hummel) 2013-08-15 329645c #51004 [BUGFIX] Fix file permission metho= ds in BackendUserAuthentication (Helmut Hummel) 2013-08-14 61506bb #46094 [BUGFIX] Avoid usage of subheader = in mailform (Francois Suter) 2013-08-12 d7ef5a9 #47806 [BUGFIX] Typing after abbr or acro= nym tag is difficult (Stanislas Rolland) 2013-08-12 c8a83e7 #50193 [BUGFIX] FAL: Image Processing doe= sn't respect GFX "thumbnails_png" (Benjamin Mack) 2013-08-12 7b16232 #51010 [BUGFIX] Allow reading files if st= orage is not browsable (Helmut Hummel) 2013-08-11 f92dbbd #51005 [BUGFIX] Take into account all fil= e and folder permissions (Helmut Hummel) 2013-08-11 4943a8f #50844 [BUGFIX] Failing tests in Resource= \Driver\LocalDriverTest on Windows (Nicole Cordes) 2013-08-11 ac39140 #51012 [BUGFIX] Missing \TYPO3\CMS\Core\U= tility\ in ResourceFactory (Wouter Wolters) 2013-08-11 55446c5 #51011 [TASK] Add signal in ResourceFacto= ry for storage creation (Helmut Hummel) 2013-08-11 271e801 #44910 [BUGFIX] LocalDriver: Recursive fi= le listing is broken (Andreas Wolf) 2013-08-11 4978ea7 #50502 [BUGFIX] rtehtmlarea acronym error= with static_info_tables 6.0+ (Stanislas Rolland) 2013-08-08 150e458 #48523 [BUGFIX] Reports module tries to l= oad not-installed extension (Wouter Wolters) 2013-08-08 8ed8066 #50868 [BUGFIX] number_format() expects p= arameter 1 to be double (Wouter Wolters) 2013-08-07 98bc16b #50568 [BUGFIX] Ignore case in file exten= sion filter (Alexander Stehlik) 2013-08-07 20df928 #50872 [BUGFIX] Correctly set user storag= e permissions (Helmut Hummel) 2013-08-07 c941199 #50867 [TASK] Introduce AbstractHierarchi= calFilesystemDriver (Steffen Ritter) 2013-08-07 f3f221d #50843 [BUGFIX] Failing Resource\FactoryT= est on Windows systems (Nicole Cordes) 2013-08-07 c75eefb #47106 [BUGFIX] Indexing of external file= s does not work in indexed_search (Wouter Wolters) 2013-08-07 80aeb3a #50562 [BUGFIX] Callback in CrawlerHook o= f indexed_search sysext buggy (Marius B=FCscher) 2013-08-07 647d075 #50812 [BUGFIX] Backup singletons in unit= tests prior to other setUp operations (Nicole Cordes) 2013-08-06 5250c54 #50628 [BUGFIX] Fix EmConfUtility::fixEmC= onf conflicts generation (Sascha Egerer) 2013-08-06 e3d9d7b #50125 [BUGFIX] Incorrect check for empty= folder (Philipp Gampe) 2013-08-06 0f2a29d #50615 [TASK] Use magic __CLASS__ in getI= nstance()-methods (Stefan Neufeind) 2013-08-06 ad9328c #50751 [BUGFIX] Fix empty href parameter = (Anja Leichsenring) 2013-08-06 9e407f0 #50809 [BUGFIX] Fix failing test in Stora= geRepositoryTest (Anja Leichsenring) 2013-08-06 449dc72 #50803 [BUGFIX] Fatal error: "enableField= s on non-object" in extension manager (Ernesto Baschny) 2013-08-04 3cd1045 #50466 [BUGFIX] MySQL: Use ENGINE (not TY= PE) for storage-engine (Stefan Neufeind) 2013-08-01 db1c38b #43893 [BUGFIX] selected =3D 1 doesn't wo= rk in FormContentObject (Wouter Wolters) 2013-08-01 f827fc9 #47123 [BUGFIX] Suppress double page entr= y in temporary mounted pagetree (Frank Frewer) 2013-07-31 2feccc5 #36031 [TASK] Provide information about i= mport action in TCEmain to hooks (Stefan Galinski) 2013-07-31 07f3578 #43631 [BUGFIX] RTE wizard can't "save do= cument and view page" (Stanislas Rolland) 2013-09-04T09:11:13Z tron tron 2013-09-04T09:11:13Z urn:sha1:e7f7da8d937a0359f63cfabcf431e1c0c46fb3d3