diff options
| author | salo <salo> | 2006-03-15 14:34:10 +0000 |
|---|---|---|
| committer | salo <salo> | 2006-03-15 14:34:10 +0000 |
| commit | a44705d6374f9a7b3719e7494c9b15705ebcac0c (patch) | |
| tree | 2d90e9b73c0e0a32057dcb5ae8a1e9926ebfc174 | |
| parent | ff52b60edd9c2d7cec36742c2f01177dc3db9dbe (diff) | |
| download | pkgsrc-a44705d6374f9a7b3719e7494c9b15705ebcac0c.tar.gz | |
Pullup ticket 1214 - requested by Julio M. Merino Vidal
security update for monotone
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: jmmv
Date: Thu Mar 9 20:30:16 UTC 2006
Modified Files:
pkgsrc/devel/monotone: Makefile distinfo
Log Message:
Update to 0.25.2:
0.25.2 release. Important security fix for Windows and OS X
users.
With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc". When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.
The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.
All users on Windows and OS X, or otherwise checking out
versioned source on a case-insensitive filesystem, are
recommended to upgrade immediately. Binaries used only for
serving, or only on case-insensitive filesystems (i.e., most
Unix users), are not affected.
(0.25.1 was never released in source form. The original
0.25 build for Windows was found to have problems on NT 4, and
0.25.1 was Windows-only rebuild with NT 4 compatible
libraries.)
| -rw-r--r-- | devel/monotone/Makefile | 4 | ||||
| -rw-r--r-- | devel/monotone/PLIST | 3 | ||||
| -rw-r--r-- | devel/monotone/distinfo | 8 |
3 files changed, 8 insertions, 7 deletions
diff --git a/devel/monotone/Makefile b/devel/monotone/Makefile index 5a38f54a953..d0176ae073e 100644 --- a/devel/monotone/Makefile +++ b/devel/monotone/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.17 2005/11/29 00:27:12 dan Exp $ +# $NetBSD: Makefile,v 1.17.2.1 2006/03/15 14:34:10 salo Exp $ # -DISTNAME= monotone-0.24 +DISTNAME= monotone-0.25.2 CATEGORIES= devel MASTER_SITES= http://www.venge.net/monotone/downloads/ diff --git a/devel/monotone/PLIST b/devel/monotone/PLIST index 2e7a05c1eda..d5a98307907 100644 --- a/devel/monotone/PLIST +++ b/devel/monotone/PLIST @@ -1,5 +1,6 @@ -@comment $NetBSD: PLIST,v 1.3 2005/09/30 13:18:24 jmmv Exp $ +@comment $NetBSD: PLIST,v 1.3.2.1 2006/03/15 14:34:10 salo Exp $ bin/monotone man/man1/monotone.1 ${PKGLOCALEDIR}/locale/fr/LC_MESSAGES/monotone.mo ${PKGLOCALEDIR}/locale/ja/LC_MESSAGES/monotone.mo +${PKGLOCALEDIR}/locale/pt_BR/LC_MESSAGES/monotone.mo diff --git a/devel/monotone/distinfo b/devel/monotone/distinfo index 1a3b2695856..52e3f5281ce 100644 --- a/devel/monotone/distinfo +++ b/devel/monotone/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.11 2005/11/29 00:27:12 dan Exp $ +$NetBSD: distinfo,v 1.11.2.1 2006/03/15 14:34:10 salo Exp $ -SHA1 (monotone-0.24.tar.gz) = 860c9bb6b06ede1c38eb8aeb058466a94832445f -RMD160 (monotone-0.24.tar.gz) = be78eb6f0e97bd8af3ed952f5a9a27494ddb2a9c -Size (monotone-0.24.tar.gz) = 5395860 bytes +SHA1 (monotone-0.25.2.tar.gz) = 84eb3490c261728b0e3d4ece7eb3fb59cd8fe327 +RMD160 (monotone-0.25.2.tar.gz) = 91a69763039c10ff15421c92ee86609c2a5ec739 +Size (monotone-0.25.2.tar.gz) = 5427435 bytes |