diff options
| author | abs <abs@pkgsrc.org> | 2016-05-10 11:06:35 +0000 |
|---|---|---|
| committer | abs <abs@pkgsrc.org> | 2016-05-10 11:06:35 +0000 |
| commit | ffb86059682840ee8fdbed85afc45ddaf9650be4 (patch) | |
| tree | eb753721a5b8645971446b665c0d5aaeea20e072 /net/syncthing | |
| parent | 22c1fb947a95d79458c9ae3b0c2731494c20383d (diff) | |
| download | pkgsrc-ffb86059682840ee8fdbed85afc45ddaf9650be4.tar.gz | |
Updated net/syncthing to 0.12.23
This is a security release to fix three vulnerabilities all related
to the possibility of the automatic upgrade response being intercepted
by a man-in-the-middle. In one case, a downgrade could be enforced
by the attacker; in another, a denial of service could be created
by serving a malformed package archive; in the third, an XSS attack
could be performed against the local web UI. These were all reported
by Sebastian Py.
- lib/upgrade: Enforce limits on download archives (fixes #3045) (calmh)
- lib/upgrade: Auto upgrade signature should cover version & arch (fixes #3044) (calmh)
- gui: Backport angular and angular-translate updates from master (calmh)
Diffstat (limited to 'net/syncthing')
| -rw-r--r-- | net/syncthing/Makefile | 4 | ||||
| -rw-r--r-- | net/syncthing/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/net/syncthing/Makefile b/net/syncthing/Makefile index 284905f5736..37c529c3835 100644 --- a/net/syncthing/Makefile +++ b/net/syncthing/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.15 2016/04/15 17:03:54 abs Exp $ +# $NetBSD: Makefile,v 1.16 2016/05/10 11:06:35 abs Exp $ # Upstream regularly breaks protocol compatibility. While users of # pkgsrc syncthing on multiple systems can update synchronously, an @@ -10,7 +10,7 @@ # Updates to new major versions must be tested against the android # version from f-droid prior to commiting. (This is an attempt to # avoid having to version syncthing in pkgsrc.) -DISTNAME= syncthing-0.12.22 +DISTNAME= syncthing-0.12.23 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_GITHUB:=syncthing/} diff --git a/net/syncthing/distinfo b/net/syncthing/distinfo index 9fe61039947..8164921de65 100644 --- a/net/syncthing/distinfo +++ b/net/syncthing/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.13 2016/04/15 17:03:54 abs Exp $ +$NetBSD: distinfo,v 1.14 2016/05/10 11:06:35 abs Exp $ -SHA1 (syncthing-0.12.22.tar.gz) = 024cf23a891a27ad6aa8cf5278cfb04f80045ad4 -RMD160 (syncthing-0.12.22.tar.gz) = 04089cbc0ab6d2b3b555bb2a3b42dfb40a22462e -SHA512 (syncthing-0.12.22.tar.gz) = f6aa390a7fb7a383d584cdb6c1082c0012a9daec3b2c683640fcf625fc9e7baaf0c3d4d46ae1aac5ca2c180e13b6a6529658d128fb03c5c8df1e8e0ccc4ef28a -Size (syncthing-0.12.22.tar.gz) = 4047399 bytes +SHA1 (syncthing-0.12.23.tar.gz) = 65aeaca97d5872ab89a1eb8084e4ed878ed17343 +RMD160 (syncthing-0.12.23.tar.gz) = 653bf62902eea8d63ff3126b9659571bc4058cff +SHA512 (syncthing-0.12.23.tar.gz) = f61c2fa6a513e2804f249433eddb3ee7e134a0c144902b56e4be90277f7e74dd163921cbc02b8c0ae284401b15f48f200f3bd75b61528789ea323574bde5e911 +Size (syncthing-0.12.23.tar.gz) = 4469246 bytes SHA1 (patch-lib_config_optionsconfiguration.go) = 8ea9446dab9f9345c63cb01a7d50447e6cd550ac |