summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2012-05-28 10:50:59 +0000
committertron <tron@pkgsrc.org>2012-05-28 10:50:59 +0000
commit9b5effd5d7522d4e28f07f32cf8d15717d0afc37 (patch)
tree965e80fe1574bc41974496e55c56ae758e30149a
parenteb846ad10894dc45456062a2505415b58edd5704 (diff)
downloadpkgsrc-9b5effd5d7522d4e28f07f32cf8d15717d0afc37.tar.gz
Pullup ticket #3808 - requested by spz
devel/rt3: security update Revisions pulled up: - devel/rt3/Makefile 1.49 - devel/rt3/Makefile.install 1.18 - devel/rt3/PLIST 1.21 - devel/rt3/distinfo 1.22 - devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm deleted - devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm deleted - devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm deleted - devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html deleted - devel/rt3/patches/patch-share_html_Search_Bulk.html deleted - devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType deleted - devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips deleted --- Module Name: pkgsrc Committed By: spz Date: Fri May 25 19:55:44 UTC 2012 Modified Files: pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo Removed Files: pkgsrc/devel/rt3/patches: patch-lib_RT_Action_CreateTickets.pm patch-lib_RT_Ticket__Overlay.pm patch-lib_RT_Transaction__Overlay.pm patch-share_html_Admin_CustomFields_Modify.html patch-share_html_Search_Bulk.html patch-share_html_Search_Elements_SelectChartType patch-share_html_Ticket_Elements_PreviewScrips Log Message: Update RT to version 3.8.12: Changes from 3.8.11 to 3.8.12: This release, in addition to being a bugfix release, also resolves a number of security vulnerabilities. It resolves CVE-2011-2082, CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458, CVE-2011-4459, and CVE-2011-4460. * Upgrade prototype.js to version 1.7, for compatibility with google charts. * Remove ie7.js, which is no longer used. * Ensure that TransactionBatch scripts are only run once. Changes from 3.8.10 to 3.8.11: This release contains a number of bugfixes and minor security updates since the 3.8.10 release, most notably: * Adjust FCGI dependency to one which resolves FCGI's CVE-2011-2766 * New WebHttpOnlyCookies option, enabled by default, which hides RT's cookie from direct Javascript access. * Compatibility with perl 5.12 and 5.14, by removing deprecated "for qw(...)" and "defined %hash" syntax. * MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than TYPE=InnoDB * Ensure that RT::Interface::Web's _Overlay, _Local, and _Vendor files are loaded correctly. * Fix session cleaner for on-disk sessions, broken since 3.8.0. * Ensure that only one "Based on" attribute is stored for each custom field. * Fix the loading of Shredder plugins, broken in 3.8.10.
-rw-r--r--devel/rt3/Makefile5
-rw-r--r--devel/rt3/Makefile.install5
-rw-r--r--devel/rt3/PLIST10
-rw-r--r--devel/rt3/distinfo15
-rw-r--r--devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm24
-rw-r--r--devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm49
-rw-r--r--devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm15
-rw-r--r--devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html15
-rw-r--r--devel/rt3/patches/patch-share_html_Search_Bulk.html31
-rw-r--r--devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType15
-rw-r--r--devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips42
11 files changed, 13 insertions, 213 deletions
diff --git a/devel/rt3/Makefile b/devel/rt3/Makefile
index d02ff6de755..92bb2465056 100644
--- a/devel/rt3/Makefile
+++ b/devel/rt3/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.48 2011/10/25 19:38:09 spz Exp $
+# $NetBSD: Makefile,v 1.48.4.1 2012/05/28 10:50:59 tron Exp $
-DISTNAME= rt-3.8.10
-PKGREVISION= 1
+DISTNAME= rt-3.8.12
CATEGORIES= devel
MASTER_SITES= http://download.bestpractical.com/pub/rt/release/
diff --git a/devel/rt3/Makefile.install b/devel/rt3/Makefile.install
index e7e1ed701b8..425e87701a3 100644
--- a/devel/rt3/Makefile.install
+++ b/devel/rt3/Makefile.install
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.install,v 1.17 2011/02/27 17:05:57 spz Exp $
+# $NetBSD: Makefile.install,v 1.17.10.1 2012/05/28 10:50:59 tron Exp $
.include "dirs.mk"
@@ -67,7 +67,8 @@ RT_ETC_FILES= acl.Oracle acl.Pg acl.mysql constraints.mysql \
upgrade/vulnerable-passwords
RT_UPGRADE_DIRS= 3.3.0 3.3.11 3.5.1 3.7.1 3.7.3 3.7.10 3.7.15 \
3.7.19 3.7.81 3.7.82 3.7.85 3.7.86 3.7.87 \
- 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.6 3.8.8 3.8.9
+ 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.6 3.8.8 3.8.9 \
+ 3.8.12
MESSAGE_SUBST+= RTVARDIR=${RT_VAR_DIR:Q} RTSHAREDIR=${RT_SHARE_DIR:Q}
diff --git a/devel/rt3/PLIST b/devel/rt3/PLIST
index 588453c169a..586b9634baf 100644
--- a/devel/rt3/PLIST
+++ b/devel/rt3/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.20 2011/04/16 09:41:19 spz Exp $
+@comment $NetBSD: PLIST,v 1.20.8.1 2012/05/28 10:50:59 tron Exp $
bin/mason_handler.fcgi
${PLIST.speedycgi}bin/mason_handler.scgi
bin/mason_handler.svc
@@ -330,6 +330,7 @@ share/rt3/etc/upgrade/3.8.4/content
share/rt3/etc/upgrade/3.8.6/content
share/rt3/etc/upgrade/3.8.8/content
share/rt3/etc/upgrade/3.8.9/content
+share/rt3/etc/upgrade/3.8.12/content
share/rt3/etc/vulnerable-passwords
share/rt3/html/Admin/CustomFields/GroupRights.html
share/rt3/html/Admin/CustomFields/Modify.html
@@ -468,6 +469,7 @@ share/rt3/html/Download/CustomFieldValue/dhandler
share/rt3/html/Download/Tabular/dhandler
share/rt3/html/Elements/BevelBoxRaisedEnd
share/rt3/html/Elements/BevelBoxRaisedStart
+share/rt3/html/Elements/CSRF
share/rt3/html/Elements/Callback
share/rt3/html/Elements/Checkbox
share/rt3/html/Elements/CollectionAsTable/Header
@@ -1023,11 +1025,6 @@ share/rt3/html/NoAuth/images/empty_star.gif
share/rt3/html/NoAuth/images/favicon.png
share/rt3/html/NoAuth/images/star.gif
share/rt3/html/NoAuth/images/test.png
-share/rt3/html/NoAuth/js/IE7/IE7.js
-share/rt3/html/NoAuth/js/IE7/IE8.js
-share/rt3/html/NoAuth/js/IE7/blank.gif
-share/rt3/html/NoAuth/js/IE7/ie7-recalc.js
-share/rt3/html/NoAuth/js/IE7/ie7-squish.js
share/rt3/html/NoAuth/js/ahah.js
share/rt3/html/NoAuth/js/autohandler
share/rt3/html/NoAuth/js/cascaded.js
@@ -1212,3 +1209,4 @@ share/rt3/html/autohandler
share/rt3/html/dhandler
share/rt3/html/index.html
share/rt3/html/l
+share/rt3/html/l_unsafe
diff --git a/devel/rt3/distinfo b/devel/rt3/distinfo
index b11468fac58..b6789f6e284 100644
--- a/devel/rt3/distinfo
+++ b/devel/rt3/distinfo
@@ -1,23 +1,16 @@
-$NetBSD: distinfo,v 1.21 2011/10/25 19:38:09 spz Exp $
+$NetBSD: distinfo,v 1.21.4.1 2012/05/28 10:51:00 tron Exp $
-SHA1 (rt-3.8.10.tar.gz) = 98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7
-RMD160 (rt-3.8.10.tar.gz) = 779ba2e04e87d20f30b03a9e7348c23b09062038
-Size (rt-3.8.10.tar.gz) = 5642566 bytes
+SHA1 (rt-3.8.12.tar.gz) = aa657de2fd687c51f31216df6dc1f639a0bc1f7c
+RMD160 (rt-3.8.12.tar.gz) = fa6b251aa1c7851a35243181c3b802a668c1e0ba
+Size (rt-3.8.12.tar.gz) = 5730029 bytes
SHA1 (patch-aa) = 6f78710f4460a25c75afbdf7128c0fe34914927c
SHA1 (patch-ab) = ee455dd683c84d3a745a29a132e28903ba03144d
SHA1 (patch-lib_RT.pm) = f72c6cb6f94acf1296076423d26d7efa4ed78293
-SHA1 (patch-lib_RT_Action_CreateTickets.pm) = d9cac2c0b9125835edf303b203e067ce087e90d7
SHA1 (patch-lib_RT_CustomFieldValues_External.pm) = 4404ca98c9e50687323892df1aa95c8b5a6dedd9
SHA1 (patch-lib_RT_Interface_Email.pm) = 60d0c2c46ac3dc8172bdf16bbf43099b7dd87542
SHA1 (patch-lib_RT_Interface_Email_Auth_GnuPG.pm) = c78c1894a0c058082784a3790fc87684d6a4431c
-SHA1 (patch-lib_RT_Ticket__Overlay.pm) = e39ef54a28f08d34ebf7c7bc3d410e8c1064177e
-SHA1 (patch-lib_RT_Transaction__Overlay.pm) = aad3ea7fb62798e63cee20e82b6cc8e4f11a3f44
SHA1 (patch-sbin_rt-attributes-viewer) = e1c963800b76282cda4ca46e006f30d9abfc29c9
SHA1 (patch-sbin_rt-attributes-viewer.in) = 99a15cca9a394b5743edc3929f43593f1384c8da
-SHA1 (patch-share_html_Admin_CustomFields_Modify.html) = ab8109ff5b2c39f02dc0058d00bc9c4264b58bc7
SHA1 (patch-share_html_Helpers_CalPopup.html) = 3920ac6448d1d21c7ff32ef67344b19aa53616a4
-SHA1 (patch-share_html_Search_Bulk.html) = a08fa8cfbe641ae4d174117167c4f4be97f9151f
-SHA1 (patch-share_html_Search_Elements_SelectChartType) = 0aa993c9f909634da4e65e37dd59afd6531dde01
-SHA1 (patch-share_html_Ticket_Elements_PreviewScrips) = caaccc926bb92d9e7a4fd24bfc6b47263c5dd028
SHA1 (patch-t_approval_admincc.t) = 4fddf5fa844d15e8698e00fe6863daaafa661315
SHA1 (patch-t_approval_basic.t) = 209303cc34370518a2600e28570627e1dc7e698b
diff --git a/devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm b/devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm
deleted file mode 100644
index 107dd2fe8b6..00000000000
--- a/devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-lib_RT_Action_CreateTickets.pm,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- lib/RT/Action/CreateTickets.pm.orig 2011-04-14 00:32:21.000000000 +0000
-+++ lib/RT/Action/CreateTickets.pm
-@@ -723,7 +723,7 @@ sub ParseLines {
- }
- }
-
-- foreach my $date qw(due starts started resolved) {
-+ foreach my $date ( qw(due starts started resolved) ) {
- my $dateobj = RT::Date->new( $self->CurrentUser );
- next unless $args{$date};
- if ( $args{$date} =~ /^\d+$/ ) {
-@@ -1080,7 +1080,7 @@ sub UpdateWatchers {
-
- my @results;
-
-- foreach my $type qw(Requestor Cc AdminCc) {
-+ foreach my $type ( qw(Requestor Cc AdminCc) ) {
- my $method = $type . 'Addresses';
- my $oldaddr = $ticket->$method;
-
diff --git a/devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm b/devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm
deleted file mode 100644
index fb179fcb4cf..00000000000
--- a/devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm
+++ /dev/null
@@ -1,49 +0,0 @@
-$NetBSD: patch-lib_RT_Ticket__Overlay.pm,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- lib/RT/Ticket_Overlay.pm.orig 2011-04-14 00:32:21.000000000 +0000
-+++ lib/RT/Ticket_Overlay.pm
-@@ -471,13 +471,13 @@ sub Create {
- );
-
- # Parameters passed in during an import that we probably don't want to touch, otherwise
-- foreach my $attr qw(id Creator Created LastUpdated LastUpdatedBy) {
-+ foreach my $attr ( qw(id Creator Created LastUpdated LastUpdatedBy) ) {
- $params{$attr} = $args{$attr} if $args{$attr};
- }
-
- # Delete null integer parameters
- foreach my $attr
-- qw(TimeWorked TimeLeft TimeEstimated InitialPriority FinalPriority)
-+ ( qw(TimeWorked TimeLeft TimeEstimated InitialPriority FinalPriority) )
- {
- delete $params{$attr}
- unless ( exists $params{$attr} && $params{$attr} );
-@@ -745,7 +745,7 @@ sub _Parse822HeadersForAttributes {
-
- }
-
-- foreach my $date qw(due starts started resolved) {
-+ foreach my $date ( qw(due starts started resolved) ) {
- my $dateobj = RT::Date->new($RT::SystemUser);
- if ( defined ($args{$date}) and $args{$date} =~ /^\d+$/ ) {
- $dateobj->Set( Format => 'unix', Value => $args{$date} );
-@@ -2600,7 +2600,7 @@ sub MergeInto {
- }
-
- # Update time fields
-- foreach my $type qw(TimeEstimated TimeWorked TimeLeft) {
-+ foreach my $type ( qw(TimeEstimated TimeWorked TimeLeft) ) {
-
- my $mutator = "Set$type";
- $MergeInto->$mutator(
-@@ -2608,7 +2608,7 @@ sub MergeInto {
-
- }
- #add all of this ticket's watchers to that ticket.
-- foreach my $watcher_type qw(Requestors Cc AdminCc) {
-+ foreach my $watcher_type ( qw(Requestors Cc AdminCc) ) {
-
- my $people = $self->$watcher_type->MembersObj;
- my $addwatcher_type = $watcher_type;
diff --git a/devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm b/devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm
deleted file mode 100644
index 2a28a525d53..00000000000
--- a/devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-lib_RT_Transaction__Overlay.pm,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- lib/RT/Transaction_Overlay.pm.orig 2011-04-14 00:32:21.000000000 +0000
-+++ lib/RT/Transaction_Overlay.pm
-@@ -144,7 +144,7 @@ sub Create {
- );
-
- # Parameters passed in during an import that we probably don't want to touch, otherwise
-- foreach my $attr qw(id Creator Created LastUpdated TimeTaken LastUpdatedBy) {
-+ foreach my $attr ( qw(id Creator Created LastUpdated TimeTaken LastUpdatedBy) ) {
- $params{$attr} = $args{$attr} if ($args{$attr});
- }
-
diff --git a/devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html b/devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html
deleted file mode 100644
index 084ac880ffc..00000000000
--- a/devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-share_html_Admin_CustomFields_Modify.html,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- share/html/Admin/CustomFields/Modify.html.orig 2011-04-14 00:32:21.000000000 +0000
-+++ share/html/Admin/CustomFields/Modify.html
-@@ -196,7 +196,7 @@ if ( $ARGS{'Update'} && $id ne 'new' ) {
- # Update any existing values
- my $values = $CustomFieldObj->ValuesObj;
- while ( my $value = $values->Next ) {
-- foreach my $attr qw(Name Description SortOrder Category) {
-+ foreach my $attr ( qw(Name Description SortOrder Category) ) {
- my $param = join("-", $paramtag, $value->Id, $attr);
- next unless exists $ARGS{$param};
- $ARGS{$param} =~ s/^\s+//;
diff --git a/devel/rt3/patches/patch-share_html_Search_Bulk.html b/devel/rt3/patches/patch-share_html_Search_Bulk.html
deleted file mode 100644
index 29eba5d0005..00000000000
--- a/devel/rt3/patches/patch-share_html_Search_Bulk.html
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-share_html_Search_Bulk.html,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- share/html/Search/Bulk.html.orig 2011-04-14 00:32:21.000000000 +0000
-+++ share/html/Search/Bulk.html
-@@ -60,7 +60,7 @@
-
- <& /Elements/ListActions, actions => \@results &>
- <form method="post" action="<% RT->Config->Get('WebPath') %>/Search/Bulk.html" enctype="multipart/form-data">
--% foreach my $var qw(Query Format OrderBy Order Rows Page SavedChartSearchId) {
-+% foreach my $var ( qw(Query Format OrderBy Order Rows Page SavedChartSearchId) ) {
- <input type="hidden" class="hidden" name="<%$var%>" value="<%$ARGS{$var} || ''%>" />
- %}
- <& /Elements/CollectionList,
-@@ -358,13 +358,13 @@ unless ( $ARGS{'AddMoreAttach'} ) {
- my @watchresults =
- ProcessTicketWatchers( TicketObj => $Ticket, ARGSRef => \%ARGS );
-
-- foreach my $type qw(MergeInto DependsOn MemberOf RefersTo) {
-+ foreach my $type ( qw(MergeInto DependsOn MemberOf RefersTo) ) {
- $ARGS{ $Ticket->id . "-" . $type } = $ARGS{"Ticket-$type"};
- $ARGS{ $type . "-" . $Ticket->id } = $ARGS{"$type-Ticket"};
- }
- @linkresults =
- ProcessTicketLinks( TicketObj => $Ticket, ARGSRef => \%ARGS );
-- foreach my $type qw(MergeInto DependsOn MemberOf RefersTo) {
-+ foreach my $type ( qw(MergeInto DependsOn MemberOf RefersTo) ) {
- delete $ARGS{ $type . "-" . $Ticket->id };
- delete $ARGS{ $Ticket->id . "-" . $type };
- }
diff --git a/devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType b/devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType
deleted file mode 100644
index b1e3dd8a96c..00000000000
--- a/devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-share_html_Search_Elements_SelectChartType,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- share/html/Search/Elements/SelectChartType.orig 2011-04-14 00:32:21.000000000 +0000
-+++ share/html/Search/Elements/SelectChartType
-@@ -50,7 +50,7 @@ $Name => 'ChartType'
- $Default => 'bar'
- </%args>
- <select id="<%$Name%>" name="<%$Name%>">
--% foreach my $option qw(bar pie) {
-+% foreach my $option ( qw(bar pie) ) {
- % # 'bar' # loc
- % # 'pie' # loc
- <option value="<%$option%>"<% $option eq $Default ? qq[ selected="selected"] : '' |n %>><%loc($option)%></option>
diff --git a/devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips b/devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips
deleted file mode 100644
index 5db2c8857d4..00000000000
--- a/devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips
+++ /dev/null
@@ -1,42 +0,0 @@
-$NetBSD: patch-share_html_Ticket_Elements_PreviewScrips,v 1.1 2011/10/25 19:38:10 spz Exp $
-
-perl 5.14 qw() in for* fixes
-
---- share/html/Ticket/Elements/PreviewScrips.orig 2011-04-14 00:32:21.000000000 +0000
-+++ share/html/Ticket/Elements/PreviewScrips
-@@ -65,7 +65,7 @@ my @non_recipients = @{ $squelch{'EmailA
- <b><% $scrip->Description || loc('Scrip #[_1]',$scrip->id) %></b><br />
- <&|/l, loc($scrip->ConditionObj->Name), loc($scrip->ActionObj->Name), loc($scrip->TemplateObj->Name)&>[_1] [_2] with template [_3]</&>
- <br />
--%foreach my $type qw(To Cc Bcc) {
-+%foreach my $type ( qw(To Cc Bcc) ) {
- %my @addresses = $scrip->ActionObj->Action->$type();
- <ul>
- %foreach my $addr (@addresses) {
-@@ -90,7 +90,7 @@ my @non_recipients = @{ $squelch{'EmailA
- % next unless $rule->{hints} && $rule->{hints}{class} eq 'SendEmail';
- <b><% $rule->Describe %></b>
- % my $data = $rule->{hints}{recipients};
--% foreach my $type qw(To Cc Bcc) {
-+% foreach my $type ( qw(To Cc Bcc) ) {
- <ul>
- % foreach my $address (@{$data->{$type}}) {
- <li>
-@@ -205,7 +205,7 @@ foreach my $scrip ( @{ $txn->Scrips->Pre
- my $action = $scrip->ActionObj->Action;
- next unless $action->isa('RT::Action::SendEmail');
-
-- foreach my $type qw(To Cc Bcc) {
-+ foreach my $type ( qw(To Cc Bcc) ) {
- push @recipients, $action->$type();
- }
- }
-@@ -250,7 +250,7 @@ foreach my $scrip ( @{ $txn->Scrips->Pre
- my $action = $scrip->ActionObj->Action;
- next unless $action->isa('RT::Action::SendEmail');
-
-- foreach my $type qw(To Cc Bcc) {
-+ foreach my $type ( qw(To Cc Bcc) ) {
- push @recipients, $action->$type();
- }
- }