diff options
author | spz <spz> | 2012-10-31 20:39:26 +0000 |
---|---|---|
committer | spz <spz> | 2012-10-31 20:39:26 +0000 |
commit | fd1b144507b492b312e2fdf088d2ebfe9e7fdabb (patch) | |
tree | 39b86dd8391ebda2f34f84956767e45aa2a9f6cb /devel/rt3 | |
parent | 5e4b4ca1cce60ae573ead8cfd63a4f88a5ce015e (diff) | |
download | pkgsrc-fd1b144507b492b312e2fdf088d2ebfe9e7fdabb.tar.gz |
Update to the latest version in the rt3 train. Contains security updates:
3.8.15 Release Notes
This release resolves a number of security vulnerabilities.
It resolves CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735,
and CVE-2012-4884.
In addition to these security fixes, RT 3.8.15 contains support for
partitioned PGP messages.
3.8.14 Release Notes
This release contains two fixes related to the 3.8.12 security release.
Access to search results URLs is now CSRF whitelisted, based on user
feedback.
An error in rt-email-dashboards has been corrected.
3.8.13 Release Notes
This release contains an important bugfix over the 3.8.12 security
release:
* Fix sending email with the 'perl-script' mod_perl handler, by
ensuring that STDIN was always on FD 0 before calling IPC::Open2.
This failure showed as either SIGPIPE or abnormal exit codes when
running sendmail.
* Fix for "Undefined value assigned to typeglob" and "Bad file
descriptor: core_output_filter" errors caused by the above change, by
ensuring that both FD 0 and FD 1 are prevented from being claimed by
Apache. This error only arose with the perfork MPM and mod_perl <=
2.0.4.
Diffstat (limited to 'devel/rt3')
-rw-r--r-- | devel/rt3/Makefile | 5 | ||||
-rw-r--r-- | devel/rt3/PLIST | 3 | ||||
-rw-r--r-- | devel/rt3/distinfo | 10 | ||||
-rw-r--r-- | devel/rt3/patches/patch-lib_RT_Interface_Email_Auth_GnuPG.pm | 13 |
4 files changed, 16 insertions, 15 deletions
diff --git a/devel/rt3/Makefile b/devel/rt3/Makefile index 053b9a94eb4..236a4a71f25 100644 --- a/devel/rt3/Makefile +++ b/devel/rt3/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.50 2012/10/03 21:55:55 wiz Exp $ +# $NetBSD: Makefile,v 1.51 2012/10/31 20:39:26 spz Exp $ -DISTNAME= rt-3.8.12 -PKGREVISION= 1 +DISTNAME= rt-3.8.15 CATEGORIES= devel MASTER_SITES= http://download.bestpractical.com/pub/rt/release/ diff --git a/devel/rt3/PLIST b/devel/rt3/PLIST index e2831fb1287..a51600052d0 100644 --- a/devel/rt3/PLIST +++ b/devel/rt3/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.21 2012/05/25 19:55:43 spz Exp $ +@comment $NetBSD: PLIST,v 1.22 2012/10/31 20:39:26 spz Exp $ bin/mason_handler.fcgi ${PLIST.speedycgi}bin/mason_handler.scgi bin/mason_handler.svc @@ -506,6 +506,7 @@ share/rt3/html/Elements/HeaderJavascript share/rt3/html/Elements/ListActions share/rt3/html/Elements/ListMenu share/rt3/html/Elements/Login +share/rt3/html/Elements/LoginRedirectWarning share/rt3/html/Elements/Logo share/rt3/html/Elements/Logout share/rt3/html/Elements/MakeClicky diff --git a/devel/rt3/distinfo b/devel/rt3/distinfo index a2a9e0ffc30..e3f58515531 100644 --- a/devel/rt3/distinfo +++ b/devel/rt3/distinfo @@ -1,14 +1,14 @@ -$NetBSD: distinfo,v 1.22 2012/05/25 19:55:43 spz Exp $ +$NetBSD: distinfo,v 1.23 2012/10/31 20:39:26 spz Exp $ -SHA1 (rt-3.8.12.tar.gz) = aa657de2fd687c51f31216df6dc1f639a0bc1f7c -RMD160 (rt-3.8.12.tar.gz) = fa6b251aa1c7851a35243181c3b802a668c1e0ba -Size (rt-3.8.12.tar.gz) = 5730029 bytes +SHA1 (rt-3.8.15.tar.gz) = abb7b0d52cb9843e3154aeff2490211ddcdc59b8 +RMD160 (rt-3.8.15.tar.gz) = a9c32f8e255d47925760716d5ab97efe86381bd4 +Size (rt-3.8.15.tar.gz) = 5650409 bytes SHA1 (patch-aa) = 6f78710f4460a25c75afbdf7128c0fe34914927c SHA1 (patch-ab) = ee455dd683c84d3a745a29a132e28903ba03144d SHA1 (patch-lib_RT.pm) = f72c6cb6f94acf1296076423d26d7efa4ed78293 SHA1 (patch-lib_RT_CustomFieldValues_External.pm) = 4404ca98c9e50687323892df1aa95c8b5a6dedd9 SHA1 (patch-lib_RT_Interface_Email.pm) = 60d0c2c46ac3dc8172bdf16bbf43099b7dd87542 -SHA1 (patch-lib_RT_Interface_Email_Auth_GnuPG.pm) = c78c1894a0c058082784a3790fc87684d6a4431c +SHA1 (patch-lib_RT_Interface_Email_Auth_GnuPG.pm) = 60d53a4dcda8f3cda14350f34f74fddc6091c3ce SHA1 (patch-sbin_rt-attributes-viewer) = e1c963800b76282cda4ca46e006f30d9abfc29c9 SHA1 (patch-sbin_rt-attributes-viewer.in) = 99a15cca9a394b5743edc3929f43593f1384c8da SHA1 (patch-share_html_Helpers_CalPopup.html) = 3920ac6448d1d21c7ff32ef67344b19aa53616a4 diff --git a/devel/rt3/patches/patch-lib_RT_Interface_Email_Auth_GnuPG.pm b/devel/rt3/patches/patch-lib_RT_Interface_Email_Auth_GnuPG.pm index efc26495df1..2e86c349b28 100644 --- a/devel/rt3/patches/patch-lib_RT_Interface_Email_Auth_GnuPG.pm +++ b/devel/rt3/patches/patch-lib_RT_Interface_Email_Auth_GnuPG.pm @@ -1,19 +1,20 @@ -$NetBSD: patch-lib_RT_Interface_Email_Auth_GnuPG.pm,v 1.1 2011/10/25 19:38:10 spz Exp $ +$NetBSD: patch-lib_RT_Interface_Email_Auth_GnuPG.pm,v 1.2 2012/10/31 20:39:26 spz Exp $ perl 5.14 qw() in for* fixes ---- lib/RT/Interface/Email/Auth/GnuPG.pm.orig 2011-04-14 00:32:21.000000000 +0000 +--- lib/RT/Interface/Email/Auth/GnuPG.pm.orig 2012-10-25 20:19:10.000000000 +0000 +++ lib/RT/Interface/Email/Auth/GnuPG.pm -@@ -76,10 +76,10 @@ sub GetCurrentUser { +@@ -76,11 +76,11 @@ sub GetCurrentUser { ); foreach my $p ( $args{'Message'}->parts_DFS ) { - $p->head->delete($_) for qw( -+ $p->head->delete($_) for ( qw( - X-RT-GnuPG-Status X-RT-Incoming-Encrypton ++ $p->head->delete($_) for (qw( + X-RT-GnuPG-Status X-RT-Incoming-Encryption X-RT-Incoming-Signature X-RT-Privacy + X-RT-Sign X-RT-Encrypt - ); -+ ) ); ++ )); } my $msg = $args{'Message'}->dup; |