diff options
| author | spz <spz@pkgsrc.org> | 2013-05-26 16:55:53 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2013-05-26 16:55:53 +0000 |
| commit | 92776eb3c0e95050680f5e3a09ae091ba229f34f (patch) | |
| tree | 12e6bcdbb731f616daed5116cc10195da2ccc95b /devel | |
| parent | 4a9dde35ee11b4f61f372b9cc3fd5f8e74f7bc53 (diff) | |
| download | pkgsrc-92776eb3c0e95050680f5e3a09ae091ba229f34f.tar.gz | |
security update for RT3, fixing:
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
It also includes a database upgrade, so please make sure to run `make
upgrade-database`.
Changes in detail are:
3.8.15->3.8.16:
ruz stop RT from locking on "large" mails
ruz make sure data is recorded (tests)
alexmv Remove bogus argument to ->get(), which fail on HTTP::Message >= 5.05
alexmv Ensure that tickets are destroyed before global destruction, in more
alexmv Work around a bug in perl < 5.13.10 with open($fh, ">:raw", \$string)
sunnavy destroy more tickets and objects before global destruction for modern
tsibley Remove the "signature" paragraph from the README's explanation of RT
3.8.16->3.8.17:
alexmv Ensure that filenames in inline image attributes are HTML-escaped
alexmv Deny direct access to callbacks
alexmv Protect calls to $m->comp with user input in ColumnMap
alexmv Ensure that subjects cannot contain embedded newlines
alexmv Remove filename= suggesions from Content-Disposition lines
alexmv Ensure consistent escaping of filenames in attachment URIs
alexmv Ensure that URLs placed in HTML attributes are escaped correctly, to
prevent XSS injection
alexmv Ensure that the default replacement does not pass through unescaped
content
alexmv Use File::Temp for non-predictable temporary filenames
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/rt3/Makefile | 4 | ||||
| -rw-r--r-- | devel/rt3/Makefile.install | 4 | ||||
| -rw-r--r-- | devel/rt3/PLIST | 5 | ||||
| -rw-r--r-- | devel/rt3/distinfo | 8 |
4 files changed, 12 insertions, 9 deletions
diff --git a/devel/rt3/Makefile b/devel/rt3/Makefile index 236a4a71f25..acffe62e2d7 100644 --- a/devel/rt3/Makefile +++ b/devel/rt3/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.51 2012/10/31 20:39:26 spz Exp $ +# $NetBSD: Makefile,v 1.52 2013/05/26 16:55:53 spz Exp $ -DISTNAME= rt-3.8.15 +DISTNAME= rt-3.8.17 CATEGORIES= devel MASTER_SITES= http://download.bestpractical.com/pub/rt/release/ diff --git a/devel/rt3/Makefile.install b/devel/rt3/Makefile.install index 3a72b8f3b91..463d9b6cafc 100644 --- a/devel/rt3/Makefile.install +++ b/devel/rt3/Makefile.install @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.install,v 1.19 2012/09/25 07:08:22 sbd Exp $ +# $NetBSD: Makefile.install,v 1.20 2013/05/26 16:55:53 spz Exp $ .include "dirs.mk" @@ -68,7 +68,7 @@ RT_ETC_FILES= acl.Oracle acl.Pg acl.mysql constraints.mysql \ RT_UPGRADE_DIRS= 3.3.0 3.3.11 3.5.1 3.7.1 3.7.3 3.7.10 3.7.15 \ 3.7.19 3.7.81 3.7.82 3.7.85 3.7.86 3.7.87 \ 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.6 3.8.8 3.8.9 \ - 3.8.12 + 3.8.12 3.8.17 MESSAGE_SUBST+= RTVARDIR=${RT_VAR_DIR:Q} RTSHAREDIR=${RT_SHARE_DIR:Q} diff --git a/devel/rt3/PLIST b/devel/rt3/PLIST index a51600052d0..f412b151449 100644 --- a/devel/rt3/PLIST +++ b/devel/rt3/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.22 2012/10/31 20:39:26 spz Exp $ +@comment $NetBSD: PLIST,v 1.23 2013/05/26 16:55:53 spz Exp $ bin/mason_handler.fcgi ${PLIST.speedycgi}bin/mason_handler.scgi bin/mason_handler.svc @@ -331,6 +331,9 @@ share/rt3/etc/upgrade/3.8.6/content share/rt3/etc/upgrade/3.8.8/content share/rt3/etc/upgrade/3.8.9/content share/rt3/etc/upgrade/3.8.12/content +share/rt3/etc/upgrade/3.8.17/schema.Oracle +share/rt3/etc/upgrade/3.8.17/schema.Pg +share/rt3/etc/upgrade/3.8.17/schema.mysql share/rt3/etc/vulnerable-passwords share/rt3/html/Admin/CustomFields/GroupRights.html share/rt3/html/Admin/CustomFields/Modify.html diff --git a/devel/rt3/distinfo b/devel/rt3/distinfo index e3f58515531..704a853b06a 100644 --- a/devel/rt3/distinfo +++ b/devel/rt3/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.23 2012/10/31 20:39:26 spz Exp $ +$NetBSD: distinfo,v 1.24 2013/05/26 16:55:53 spz Exp $ -SHA1 (rt-3.8.15.tar.gz) = abb7b0d52cb9843e3154aeff2490211ddcdc59b8 -RMD160 (rt-3.8.15.tar.gz) = a9c32f8e255d47925760716d5ab97efe86381bd4 -Size (rt-3.8.15.tar.gz) = 5650409 bytes +SHA1 (rt-3.8.17.tar.gz) = 4765c68f91a0e8e21ed0fd39397cd8e3970ca992 +RMD160 (rt-3.8.17.tar.gz) = 6da8fca56976233417bd47b26e1a7326fde5d2d0 +Size (rt-3.8.17.tar.gz) = 5728368 bytes SHA1 (patch-aa) = 6f78710f4460a25c75afbdf7128c0fe34914927c SHA1 (patch-ab) = ee455dd683c84d3a745a29a132e28903ba03144d SHA1 (patch-lib_RT.pm) = f72c6cb6f94acf1296076423d26d7efa4ed78293 |