diff options
| author | tron <tron> | 2013-05-30 08:29:36 +0000 |
|---|---|---|
| committer | tron <tron> | 2013-05-30 08:29:36 +0000 |
| commit | 4640c107a7854c3af2e338e787d829194f46cb44 (patch) | |
| tree | 1b4b108effe800c44e776a6bf220a47fd2668529 | |
| parent | 48dff364daeda8be539a6af60a9f4291d2980d7d (diff) | |
| download | pkgsrc-4640c107a7854c3af2e338e787d829194f46cb44.tar.gz | |
Pullup ticket #4142 - requested by spz
devel/rt3: security update
Revisions pulled up:
- devel/rt3/Makefile 1.52
- devel/rt3/Makefile.install 1.20
- devel/rt3/PLIST 1.23
- devel/rt3/distinfo 1.24
---
Module Name: pkgsrc
Committed By: spz
Date: Sun May 26 16:55:53 UTC 2013
Modified Files:
pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo
Log Message:
security update for RT3, fixing:
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
It also includes a database upgrade, so please make sure to run `make
upgrade-database`.
Changes in detail are:
3.8.15->3.8.16:
ruz stop RT from locking on "large" mails
ruz make sure data is recorded (tests)
alexmv Remove bogus argument to ->get(), which fail on HTTP::Message >= 5.05
alexmv Ensure that tickets are destroyed before global destruction, in more
alexmv Work around a bug in perl < 5.13.10 with open($fh, ">:raw", \$string)
sunnavy destroy more tickets and objects before global destruction for modern
tsibley Remove the "signature" paragraph from the README's explanation of RT
3.8.16->3.8.17:
alexmv Ensure that filenames in inline image attributes are HTML-escaped
alexmv Deny direct access to callbacks
alexmv Protect calls to $m->comp with user input in ColumnMap
alexmv Ensure that subjects cannot contain embedded newlines
alexmv Remove filename= suggesions from Content-Disposition lines
alexmv Ensure consistent escaping of filenames in attachment URIs
alexmv Ensure that URLs placed in HTML attributes are escaped correctly, to
prevent XSS injection
alexmv Ensure that the default replacement does not pass through unescaped
content
alexmv Use File::Temp for non-predictable temporary filenames
| -rw-r--r-- | devel/rt3/Makefile | 4 | ||||
| -rw-r--r-- | devel/rt3/Makefile.install | 4 | ||||
| -rw-r--r-- | devel/rt3/PLIST | 5 | ||||
| -rw-r--r-- | devel/rt3/distinfo | 8 |
4 files changed, 12 insertions, 9 deletions
diff --git a/devel/rt3/Makefile b/devel/rt3/Makefile index 236a4a71f25..d6c74860574 100644 --- a/devel/rt3/Makefile +++ b/devel/rt3/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.51 2012/10/31 20:39:26 spz Exp $ +# $NetBSD: Makefile,v 1.51.4.1 2013/05/30 08:29:36 tron Exp $ -DISTNAME= rt-3.8.15 +DISTNAME= rt-3.8.17 CATEGORIES= devel MASTER_SITES= http://download.bestpractical.com/pub/rt/release/ diff --git a/devel/rt3/Makefile.install b/devel/rt3/Makefile.install index 3a72b8f3b91..dd87c4452d0 100644 --- a/devel/rt3/Makefile.install +++ b/devel/rt3/Makefile.install @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.install,v 1.19 2012/09/25 07:08:22 sbd Exp $ +# $NetBSD: Makefile.install,v 1.19.6.1 2013/05/30 08:29:36 tron Exp $ .include "dirs.mk" @@ -68,7 +68,7 @@ RT_ETC_FILES= acl.Oracle acl.Pg acl.mysql constraints.mysql \ RT_UPGRADE_DIRS= 3.3.0 3.3.11 3.5.1 3.7.1 3.7.3 3.7.10 3.7.15 \ 3.7.19 3.7.81 3.7.82 3.7.85 3.7.86 3.7.87 \ 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.6 3.8.8 3.8.9 \ - 3.8.12 + 3.8.12 3.8.17 MESSAGE_SUBST+= RTVARDIR=${RT_VAR_DIR:Q} RTSHAREDIR=${RT_SHARE_DIR:Q} diff --git a/devel/rt3/PLIST b/devel/rt3/PLIST index a51600052d0..5cf4fc1a6b6 100644 --- a/devel/rt3/PLIST +++ b/devel/rt3/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.22 2012/10/31 20:39:26 spz Exp $ +@comment $NetBSD: PLIST,v 1.22.4.1 2013/05/30 08:29:36 tron Exp $ bin/mason_handler.fcgi ${PLIST.speedycgi}bin/mason_handler.scgi bin/mason_handler.svc @@ -331,6 +331,9 @@ share/rt3/etc/upgrade/3.8.6/content share/rt3/etc/upgrade/3.8.8/content share/rt3/etc/upgrade/3.8.9/content share/rt3/etc/upgrade/3.8.12/content +share/rt3/etc/upgrade/3.8.17/schema.Oracle +share/rt3/etc/upgrade/3.8.17/schema.Pg +share/rt3/etc/upgrade/3.8.17/schema.mysql share/rt3/etc/vulnerable-passwords share/rt3/html/Admin/CustomFields/GroupRights.html share/rt3/html/Admin/CustomFields/Modify.html diff --git a/devel/rt3/distinfo b/devel/rt3/distinfo index e3f58515531..0c4e0b85225 100644 --- a/devel/rt3/distinfo +++ b/devel/rt3/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.23 2012/10/31 20:39:26 spz Exp $ +$NetBSD: distinfo,v 1.23.4.1 2013/05/30 08:29:36 tron Exp $ -SHA1 (rt-3.8.15.tar.gz) = abb7b0d52cb9843e3154aeff2490211ddcdc59b8 -RMD160 (rt-3.8.15.tar.gz) = a9c32f8e255d47925760716d5ab97efe86381bd4 -Size (rt-3.8.15.tar.gz) = 5650409 bytes +SHA1 (rt-3.8.17.tar.gz) = 4765c68f91a0e8e21ed0fd39397cd8e3970ca992 +RMD160 (rt-3.8.17.tar.gz) = 6da8fca56976233417bd47b26e1a7326fde5d2d0 +Size (rt-3.8.17.tar.gz) = 5728368 bytes SHA1 (patch-aa) = 6f78710f4460a25c75afbdf7128c0fe34914927c SHA1 (patch-ab) = ee455dd683c84d3a745a29a132e28903ba03144d SHA1 (patch-lib_RT.pm) = f72c6cb6f94acf1296076423d26d7efa4ed78293 |