Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
graphics/optipng: security update
Revisions pulled up:
- graphics/optipng/Makefile 1.26-1.27
- graphics/optipng/distinfo 1.22-1.23
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Sep 1 09:19:20 UTC 2012
Modified Files:
pkgsrc/graphics/optipng: Makefile distinfo
Log Message:
Changes 0.7.2:
* Upgraded libpng to version 1.4.12.
* Upgraded zlib to version 1.2.7-optipng.
! Fixed the display of huge (4GB+) file/IDAT sizes on 32-bit platforms.
! Issued a proper error message if the output IDAT can't fit in 2GB.
Acknowledged this limitation in the user manual.
(Thanks to John Sauter for the report.)
! Fixed the output file cleanup that should occur after a write error.
* Added the option -debug and various undocumented debug features.
* Moved the PNG reduction module (opngreduc) to a separate sub-project.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Sep 21 04:07:22 UTC 2012
Modified Files:
pkgsrc/graphics/optipng: Makefile distinfo
Log Message:
Update optipng to 0.7.3, security fix for SA50654 (CVE-2012-4432).
Version 0.7.3 16-sep-2012
-------------
!! Fixed a use-after-free vulnerability in the palette reduction code.
This vulnerability was accidentally introduced in version 0.7.
|
|
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.81
- www/apache22/PLIST 1.21
- www/apache22/distinfo 1.52
- www/apache22/patches/patch-af deleted
- www/apache22/patches/patch-docs_man_apxs.8 1.1
- www/apache22/patches/patch-support_envvars-std.in deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 16 03:33:10 UTC 2012
Modified Files:
pkgsrc/www/apache22: Makefile PLIST distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-docs_man_apxs.8
Removed Files:
pkgsrc/www/apache22/patches: patch-af patch-support_envvars-std.in
Log Message:
Update apache22 to 2.2.23.
Changes with Apache 2.2.23
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
*) SECURITY: CVE-2012-2687 (cve.mitre.org)
mod_negotiation: Escape filenames in variant list to prevent a
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
[Paul Wouters <pwouters redhat.com>, Joe Orton]
*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
*) core: Add filesystem paths to access denied / access failed messages.
[Eric Covener]
*) core: Fix error handling in ap_scan_script_header_err_brigade() if there
is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]
*) core: Prevent "httpd -k restart" from killing server in presence of
config error. [Joe Orton]
*) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
[Kaspar Brand, William Rowe]
*) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
PR 53104. [Greg Ames]
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
*) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
[Peter Pramberger <peter pramberger.at>, Jim Jagielski]
*) Added SSLProxyMachineCertificateChainFile directive so the proxy client
can select the proper client certificate when using a chain and the
remote server only lists the root CA as allowed.
*) mpm_event, mpm_worker: Remain active amidst prevalent child process
resource shortages. [Jeff Trawick]
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) mod_rewrite: Fix the RewriteEngine directive to work within a
location. Previously, once RewriteEngine was switched on globally,
it was impossible to switch off. [Graham Leggett]
*) mod_proxy_balancer: Restore balancing after a failed worker has
recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick]
*) mod_dumpio: Properly handle errors from subsequent input filters.
PR 52914. [Stefan Fritsch]
*) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
process resource shortages. [Jeff Trawick]
*) mpm_prefork: Reduce spawn rate after a child process exits due to
unexpected poll or accept failure. [Jeff Trawick]
*) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
from logging bogus data in case of errors. [Stefan Fritsch]
*) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
response is a 206 Partial Content. This stops a reverse proxied partial
response from becoming cached, and then being served in subsequent
responses. PR 49113. [Graham Leggett]
*) configure: Fix usage with external apr and apu in non-default paths
and recent gcc versions >= 4.6. [Jean-Frederic Clere]
*) core: Fix building against PCRE 8.30 by switching from the obsolete
pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]
*) mod_proxy: Add the forcerecovery balancer parameter that determines if
recovery for balancer workers is enforced. [Ruediger Pluem]
|
|
|
|
net/freeradius2: security patch
Revisions pulled up:
- net/freeradius2/Makefile 1.24
- net/freeradius2/distinfo 1.13
- net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Sep 12 18:37:10 UTC 2012
Modified Files:
pkgsrc/net/freeradius2: Makefile distinfo
Added Files:
pkgsrc/net/freeradius2/patches:
patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c
Log Message:
Add patch from the freeradius git repository, fixing CVE-2012-3547.
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/net/freeradius2/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/freeradius2/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c
|
|
|
|
net/{isc-dhcp4,isc-dhcpd4,isc-dhclient4,isc-dhcrelay} security fix
Revisions pulled up:
- net/isc-dhcp4/Makefile.common 1.17
- net/isc-dhcp4/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:38:58 UTC 2012
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile.common distinfo
Log Message:
Update ISC DHCP package to 4.2.4p2 (ISC DHCP 4.2.4-P2).
Changes since 4.2.4-P1
! An issue with the use of lease times was found and fixed. Making
certain changes to the end time of an IPv6 lease could cause the
server to abort. Thanks to Glen Eustace of Massey University,
New Zealand for finding this issue.
[ISC-Bugs #30281]
CVE: CVE-2012-3955
|
|
net/bind?? CVE-2012-4244 security fix
Revisions pulled up:
- net/bind96/DESCR 1.2
- net/bind96/Makefile 1.29-1.30
- net/bind96/distinfo 1.20
- net/bind97/DESCR 1.2
- net/bind97/Makefile 1.18-1.19
- net/bind97/distinfo 1.16
- net/bind98/DESCR 1.2
- net/bind98/Makefile 1.15-1.16
- net/bind98/distinfo 1.14
- net/bind99/DESCR 1.2
- net/bind99/Makefile 1.10-1.11
- net/bind99/distinfo 1.8
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 26 14:23:49 UTC 2012
Modified Files:
pkgsrc/net/bind96: DESCR Makefile
pkgsrc/net/bind97: DESCR Makefile
pkgsrc/net/bind98: DESCR Makefile
pkgsrc/net/bind99: DESCR Makefile
Log Message:
Make it clearer which package contains exactly which bind version.
Patch from Bug Hunting.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:32:55 UTC 2012
Modified Files:
pkgsrc/net/bind96: Makefile distinfo
Log Message:
Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3).
--- 9.6-ESV-R7-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
3358 [bug] Fix declaration of fatal in bin/named/server.c
and bin/nsupdate/main.c. [RT #30522]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:33:40 UTC 2012
Modified Files:
pkgsrc/net/bind97: Makefile distinfo
Log Message:
Update bind97 to bind-9.7.6pl3.
--- 9.7.6-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:35:18 UTC 2012
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
Update bind98 to 9.8.3pl3 (BIND 9.8.3-P3).
--- 9.8.3-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Sep 13 01:35:56 UTC 2012
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
Log Message:
Update bind99 to 9.9.1pl3 (BIND 9.9.1-P3).
--- 9.9.1-P3 released ---
3364. [security] Named could die on specially crafted record.
[RT #30416]
|
|
|
|
net/wireshark: security patch
Revisions pulled up:
- distinfo patch
- Makefile patch
- patches/patch-CVE-2012-3548 created by patch
|
|
|
|
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.27
- www/wordpress/distinfo 1.22
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Sep 9 06:56:10 UTC 2012
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Update to Wordpress 3.4.2.
Changes:
* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.
Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:
* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.22
- www/mediawiki/PLIST 1.11
- www/mediawiki/distinfo 1.15
---
Module Name: pkgsrc
Committed By: wen
Date: Sun Sep 2 00:29:34 UTC 2012
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.19.2
It is a security update, fix CVE-2012-4377 CVE-2012-4378 CVE-2012-4379
CVE-2012-4380 CVE-2012-4381 CVE-2012-4382.
Upstream changes:
Changes since 1.19.1
(bug 39700) File: link to non-existing file can inject html
(bug 39823) Hidden block text leaking to admins
(bug 39184) LDAP password leakage
(bug 39180) Disallow framing of api results
(bug 37587) Enforce language codes to be html safe
(bug 39824) Check global blocks on account creation
|
|
|
|
mail/roundcube: security update
Revisions pulled up:
- mail/roundcube/MESSAGE 1.7
- mail/roundcube/Makefile 1.44-1.46
- mail/roundcube/PLIST 1.24
- mail/roundcube/distinfo 1.25
---
Module Name: pkgsrc
Committed By: fhajny
Date: Wed Jul 25 11:24:21 UTC 2012
Modified Files:
pkgsrc/mail/roundcube: Makefile
Log Message:
Make package more portable by pre-creating destination for pax
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 16:19:41 UTC 2012
Modified Files:
pkgsrc/mail/roundcube: MESSAGE Makefile
Log Message:
Some tweak in MESSAGE.
* Note UPGRADING document which describes update process.
* Remove note for older package.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Aug 21 15:26:32 UTC 2012
Modified Files:
pkgsrc/mail/roundcube: Makefile PLIST distinfo
Log Message:
Update roundcube to 0.8.1.
Fixes two XSS issue.
Here is quote from changelog of 0.8.1, please refer CHAGNGELOG file for
full changes from 0.7.2.
- Fix bug where domain name was converted to lower-case even with login_lc=false (#1488593)
- Fix lower-casing email address on replies (#1488598)
- Fix line separator in exported messages (#1488603)
- Fix XSS issue where plain signatures wasn't secured in HTML mode (#1488613)
- Fix XSS issue where href="javascript:" wasn't secured (#1488613)
- Fix impossible to create message with empty plain text part (#1488610)
- Fix stripped apostrophes when replying in plain text to HTML message (#1488606)
- Fix inactive Save search option after advanced search (#1488607)
- Fix Remove from group option is active for contact search result (#1488608)
- Disable autocapitalization in login form on iPad/iPhone (#1488609)
- Fix focus on the list when list row is clicked (#1488600)
- Added separate From and To columns apart from smart From/To column (#1486891)
- Fix fallback to Larry skin when configured skin isn't available (#1488591)
- Fix (workaround) delete operations with some versions of memcache (#1488592)
- Fix (disable) request validation for spell and spell_html actions
|
|
|
|
lang/sun-jdk6: security update
lang/sun-jre6: security update
Revisions pulled up:
- lang/sun-jdk6/Makefile 1.31
- lang/sun-jdk6/distinfo 1.20
- lang/sun-jre6/Makefile 1.39
- lang/sun-jre6/distinfo 1.23
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 31 11:34:01 UTC 2012
Modified Files:
pkgsrc/lang/sun-jdk6: Makefile distinfo
pkgsrc/lang/sun-jre6: Makefile distinfo
Log Message:
Update sun-{jdk,jre}6 to 6.0.35.
Java(TM) SE Development Kit 6, Update 35 (JDK 6u35)
The full version string for this update release is 1.6.0_35-b10 (where "b" means
"build") and the version number is 6u35.
JDK Demos and Samples remain the same as in JDK 6u34
The vulnerabilities addressed by this security release do not affect the demos
and samples code. Therefore there is no need to update Demos and Samples as long
as the JDK itself is updated to 6u35.
Olson Data 2012c
JDK 6u35 contains Olson time zone data version 2012c. For more information,
refer to Timezone Data Versions in the JRE
Bug Fixes
This release contains a security-in-depth fix. For more information, see Oracle
Security Alert for CVE-2012-4681.
Java(TM) SE Development Kit 6, Update 34 (JDK 6u34)
The full version string for this update release is 1.6.0_34-b04 (where "b" means
"build") and the version number is 6u34.
Olson Data 2012c
JDK 6u34 contains Olson time zone data version 2012c. For more information,
refer to Timezone Data Versions in the JRE Software.
Bug Fixes
Notable Bug Fixes in JDK 6u34
Bug Id Category Sub_Category Description
7162955 hotspot attach Attach api on Solaris, too many
open files
7100757 hotspot compiler2 The BitSet.nextSetBit() produces
incorrect result in 32bit VM on
Sparc
7108221 hotspot compiler2 Backport to jdk6 Hotspot defaults
for AMD Bulldozer processor
7167142 hotspot runtime_arguments Issue warning when finding a
.hotspotrc or .hotspot_compiler
file that isn't used
6941923 hotspot runtime_logging RFE: Handling large log files
produced by long running Java
Applications
7059899 hotspot runtime_system Stack overflows in Java code cause
64-bit JVMs to exit due to SIGSEGV
7145587 hotspot runtime_system Stack overflows in Java code cause
64-bit JVMs to exit due to
SIGSEGV (solaris sparc)
7177216 java char_encodings native2ascii changes file
permissions of input file
7027300 java classes_2d Unsynchronized HashMap access
causes endless loop
7183251 java classes_2d Netbeans editor renders text
wrong on JDK 7u6 build 17
6707273 java classes_awt TrayIcon does not support 8-bit
alpha channel in Windows XP
7145980 java classes_awt Dispose method of window.java
takes long
6521014 java classes_net IOException thrown when Socket
tries to bind to an local IPv6
address on SuSE Linux
6543428 java classes_net BindException when binding to a
link-local address on Windows
6886436 java classes_net Lightwight HTTP Container
(com.sun.* package) is unstable
7118373 java classes_nio (se) Potential leak file descriptor
when deregistrating at around
the same time as an async close
7093090 java classes_security Reduce synchronization in
java.security.Policy.getPolicyNoCheck
7152564 java classes_security Improve CodeSource.matchLocation
(CodeSource) performance
7165725 java classes_swing JAVA6 HTML PARSER CANNOT PARSE
MULTIPLE SCRIPT TAGS IN A LINE
CORRECTLY
7071826 java classes_util UUID.randomUUID() race condition
7144488 java classes_util (coll) Infinite recursion for
some equals tests in Collections
7133138 java classes_util_i18n Improve io performance around
timezone lookups
7149608 java classes_util_i18n (tz): Default TZ detection fails
on linux when symbolic links to
non default location used.
7167359 java classes_util_i18n (tz) SEGV on solaris if TZ
variable not set
7141852 java compiler 1.6 v30 no longer compiles
particular interface inheritance
hierarchy
7158412 java install JRE installer does not delete
its installation files from the
user's Application Data folder
7148584 java jar Jar tools fails to generate
manifest correctly when boundary
condition hit
7175845 java jar "jar uf" changes file permissions
unexpectedly
7070619 java localization locale issue for keytool with
pt_BR
7168110 java serviceability Misleading jstack error message
7063183 java_deployment general AIOB exception in the
RemoveCommentReader
7063790 java_deployment general SunAutoProxyHandlerTest hangs
7119269 java_deployment general Tune URLUtils
7173533 java_deployment general Discoverer 10g olap is slower
when using java 1.6 than with 1.5
7175548 java_deployment security Regression: Fix 7110690 breaks
crossdomain functionality for
applets running on 6u33-b03 (FCS/GA)
6670362 jgss krb5plugin HTTP/SPNEGO should work across
realms
7067974 jgss krb5plugin multiple ETYPE-INFO-ENTRY with
same etype and different salt
7155051 jndi dns DNS provider may return incorrect
results
7157903 jsse runtime JSSE client sockets are very slow
7166570 jsse runtime JSSE certificate validation has
started to fail for certificate
chains
|
|
www/opera: security update
Revisions pulled up:
- www/opera/Makefile 1.98
- www/opera/PLIST 1.8
- www/opera/distinfo 1.41
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 31 10:58:49 UTC 2012
Modified Files:
pkgsrc/www/opera: Makefile PLIST distinfo
Log Message:
Update opera to 12.02.
Fixes and Stability Enhancements since Opera 12.01
* General and User Interface
* Several general fixes and stability improvements
* Resolved an issue with Speed Dial thumbnails when automatic scaling is enabled
Security
* Fixed an issue where truncated dialogs may be used to trick users; see our advisory:
http://www.opera.com/support/kb/view/1028/
|
|
|
|
multimedia/adobe-flash-plugin10.1: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin10.1/Makefile 1.20
- multimedia/adobe-flash-plugin10.1/distinfo 1.12
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Aug 23 11:51:22 UTC 2012
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo
Log Message:
Update adobe-flash-plugin10.1 to 10.3.183.23 for APSB12-19.
|
|
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.81
- net/wireshark/distinfo 1.57
- net/wireshark/options.mk 1.6-1.7
- net/wireshark/patches/patch-ca 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 16 14:52:27 UTC 2012
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo options.mk
Added Files:
pkgsrc/net/wireshark/patches: patch-ca
Log Message:
update to 1.6.10
changes:
-security fixes for dissectors: DCP ETSI, XTP, AFP, RTPS2, GSM RLC MAC,
CIP. STUN, EtherCAT Mailbox, CTDB
(CVE-2012-4285, CVE-2012-4288, CVE-2012-4289..4293, CVE-2012-4296,
CVE-2012-4297)
-minor fixes
pkgsrc change: fix build with gnutls3
approved by the maintainer
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 16 15:11:49 UTC 2012
Modified Files:
pkgsrc/net/wireshark: options.mk
Log Message:
back out change I didn't want to commit
|
|
|
|
net/tor: security update
Revisions pulled up:
- net/tor/Makefile 1.88
- net/tor/distinfo 1.55
---
Module Name: pkgsrc
Committed By: drochner
Date: Mon Aug 13 17:13:45 UTC 2012
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
update to 0.2.2.38
Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
fixes a remotely triggerable crash bug; and fixes a timing attack that
could in theory leak path information.
|
|
|
|
graphics/gimp: security patch
Revisions pulled up:
- graphics/gimp/Makefile 1.218 via patch
- graphics/gimp/distinfo 1.68
- graphics/gimp/patches/patch-plug-ins_common_file-gif-load.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 20 12:54:01 UTC 2012
Modified Files:
pkgsrc/graphics/gimp: Makefile distinfo
Added Files:
pkgsrc/graphics/gimp/patches: patch-plug-ins_common_file-gif-load.c
Log Message:
Fix CVE-2012-3481 using Nils Philippsen's patch.
Bump PKGREVISION.
|
|
|
|
www/typo3_47 security update
Revisions pulled up:
- www/typo3_47/Makefile 1.4
- www/typo3_47/PLIST 1.3
- www/typo3_47/distinfo 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 13:53:50 UTC 2012
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.7.4.
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 ccf6b0a [RELEASE] Release of TYPO3 4.7.4 (TYPO3 Release Team)
2012-08-15 14d5d72 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 a1c3165 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 8cf7db7 #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 59e028a #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 758c217 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 44e8ae6 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 7c778d3 #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 044ae9a #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Marcus Krause)
2012-08-15 0bcecd8 #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 774537c #23226Security [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
2012-08-15 a9383b1 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-15 7edbd63 [TASK] Update version numbers to 4.7.4 (Steffen Ritter)
2012-08-08 9fe9e97 [RELEASE] Release of TYPO3 4.7.3 (TYPO3 Release Team)
2012-08-07 ae9d18c #36616 [BUGFIX] sectionIndex menu is not i18n ready (Stefan Galinski)
2012-08-07 6985616 #39583 [BUGFIX] Exception "Could not create directory" (Michael Klapper)
2012-08-06 8824193 #38548 [BUGFIX] Incorrect search-results when searching for part of word (Tymoteusz Motylewski)
2012-08-05 943c50e #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 cb8d2a6 #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 5b8d6c4 #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 569164c #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-29 8700d8a #39203 [BUGFIX] BE User Settings cannot be saved by clicking enter (Mario Rimann)
2012-07-28 fa8b919 #39338 [BUGFIX] RTE: Installation of AllowClipboardHelper is not triggered (Stanislas Rolland)
2012-07-25 02442d8 #38691 [BUGFIX] Exclude E_STRICT from errors with PHP 5.4 (Philipp Gampe)
2012-07-25 a3e05a3 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 5a9b3ea #39220 [BUGFIX] Invalid fallback for non-localized labels (Xavier Perseguers)
2012-07-23 fc1a8f0 #37967 [BUGFIX] YouTube videos can not be played with Media CE (Kai Vogel)
2012-07-23 ac4f234 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-21 7c56214 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-21 e3e08c1 #39067 [TASK] Change @deprecated annotation to the correct version (Wouter Wolters)
2012-07-20 e931425 #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 a450514 #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-15 51823dc #38104 [BUGFIX] Remove bogus template in template analyzer (Helmut Hummel)
2012-07-09 2cce3f0 #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 8d29e26 #18771 [BUG] t3lib_div::getFilesInDir order differs from order in File list (Benjamin Mack)
2012-07-06 83672e8 #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 c0ba55f #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
2012-07-05 d35320b #38657 [BUGFIX] RTE 4.7: Incorrect behaviours in IE9 native mode (Stanislas Rolland)
|
|
www/typo3_46 security update
Revisions pulled up:
- www/typo3_46/Makefile 1.12-1.13
- www/typo3_46/PLIST 1.6-1.7
- www/typo3_46/distinfo 1.11-1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 15:52:21 UTC 2012
Modified Files:
pkgsrc/www/typo3_46: Makefile PLIST distinfo
Log Message:
Update typo3_46 to 4.6.11.
2012-08-08 74fd6bb [RELEASE] Release of TYPO3 4.6.11 (TYPO3 Release Team)
2012-08-08 e809cd3 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-07 a5cd4df #39583 [BUGFIX] Exception "Could not create directory" (Michael Klapper)
2012-08-05 e96eedc #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 b6a6c6d #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 731d547 #32282 [BUGFIX] unlink issues warnings for lock files (Markus Klein)
2012-08-01 38ca29a #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 fef9743 #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-31 102d0c8 #33625 [BUGFIX] Properly check disabled versioning within tcemain (Tolleiv Nietsch)
2012-07-30 aef25cd #22152 [BUGFIX] PHP warnings may show up in the List module (Dmitry Dulepov)
2012-07-29 689bb9d #31278 [BUGFIX] Shell command arguments are not escaped (Dmitry Dulepov)
2012-07-26 349da10 #26815 [BUGFIX] RTE transformation transforms LF/CR between div and hr into space (Stanislas Rolland)
2012-07-25 ce5ba95 #35154,#38691 [BUGFIX] Exclude E_STRICT from errors with PHP 5.4 (Philipp Gampe)
2012-07-25 8affd66 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 f35b46d #39220 [BUGFIX] Invalid fallback for non-localized labels (Xavier Perseguers)
2012-07-24 bde9302 #33082 [TASK] Improve error message of "broken rootline" (Georg Ringer)
2012-07-23 8621c14 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-22 612d705 #33895 [BUGFIX] Update extension must invalidate autoloader cache (Philipp Gampe)
2012-07-21 37ecea2 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-20 8851d23 #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 2b103fa #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-15 9a71681 #38104 [BUGFIX] Remove bogus template in template analyzer (Helmut Hummel)
2012-07-12 3d19540 #24626 [BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible (Stefan Galinski)
2012-07-12 cdee4ff #33546 [BUGFIX] Check if user is allowed to paste page to pagetree (Max Roesch)
2012-07-12 c3e4fcb #36313 [BUGFIX] Add rootline workspace overlay for backend_layouts. (Timo Webler)
2012-07-09 2fd0f62 #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 cb139fe #18771 [BUG] t3lib_div::getFilesInDir order differs from order in Filelist (Benjamin Mack)
2012-07-06 d693daa #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 78a7a0c #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
2012-07-05 999624f #38658 [BUGFIX] RTE 4.6: Force IE9 to use IE8 mode in frontend (Stanislas Rolland)
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 13:51:01 UTC 2012
Modified Files:
pkgsrc/www/typo3_46: Makefile PLIST distinfo
Log Message:
Update typo3_46 to 4.6.12.
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 a1e439e [RELEASE] Release of TYPO3 4.6.12 (TYPO3 Release Team)
2012-08-15 7a839a3 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 2ae69c8 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 1eaebd3 #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 9b2b8fb #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 6376643 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 a4a20e9 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 829e391 #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 dc6529c #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Helmut Hummel)
2012-08-15 8c0b4dc #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 4c8c0fd #23226 [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
|
|
www/typo3_45 security update
Revisions pulled up:
- www/typo3_45/Makefile 1.13-1.14
- www/typo3_45/PLIST 1.6-1.7
- www/typo3_45/distinfo 1.11-1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 15:51:39 UTC 2012
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 package to 4.5.18.
2012-08-08 c9ae56c [RELEASE] Release of TYPO3 4.5.18 (TYPO3 Release Team)
2012-08-05 2bb16e8 #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 83af91c #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 08b29b8 #25079 [BUGFIX] Suggest Wizard crashes in Frontend Editing (Dennis Ahrens)
2012-08-01 1e11fd1 #32282 [BUGFIX] unlink issues warnings for lock files (Markus Klein)
2012-08-01 9dab257 #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 239d66d #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-31 1d5e85e #33625 [BUGFIX] Properly check disabled versioning within tcemain (Tolleiv Nietsch)
2012-07-30 35045a3 #22152 [BUGFIX] PHP warnings may show up in the List module (Dmitry Dulepov)
2012-07-29 5935394 #31278 [BUGFIX] Shell command arguments are not escaped (Mario Rimann)
2012-07-26 54761c2 #26815 [BUGFIX] RTE transformation transforms LF/CR between div and hr into space (Stanislas Rolland)
2012-07-25 73bf1fa #38691 [BUGFIX] Exclude E_STRICT on PHP 5.4 and unify error reporting (Philipp Gampe)
2012-07-25 d9868f6 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 c85d6be #33082 [TASK] Improve error message of "broken rootline" (Georg Ringer)
2012-07-23 bc0feed #28684 [BUGFIX] Formmail doesn't always use correct character set (Jigal van Hemert)
2012-07-23 baba7fa #38927 [BUGFIX] $_EXTCONF was not filled in ext_tables.php (Ernesto Baschny)
2012-07-23 8e944f0 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-21 b0f3efd [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-20 259c25c #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 0f83ce4 #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-18 71781f1 #36777 [BUGFIX] Unnecessary warning in css_styled_content (division by zero) (Thomas Layh)
2012-07-17 218f304 #33629 [BUGFIX] datepicker does not set current time as default (Simon Schaufelberger)
2012-07-12 fe76723 #24626 [BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible (Stefan Galinski)
2012-07-12 eb215ba #33546 [BUGFIX] Check if user is allowed to paste page to pagetree (Max Roesch)
2012-07-12 bc21789 #36313 [BUGFIX] Add rootline workspace overlay for backend_layouts. (Timo Webler)
2012-07-09 82e0d0b #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 042dc4a #18771 [BUG] t3lib_div::getFilesInDir order differs from order in File list (Benjamin Mack)
2012-07-06 277ea81 #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 eb317e7 #38645 [BUGFIX] E_DEPRECATED does not exist in PHP 5.2 (Ivan Kartolo)
2012-07-05 5eb31a1 #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 13:49:25 UTC 2012
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.19.
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 9bcf5eb [RELEASE] Release of TYPO3 4.5.19 (TYPO3 Release Team)
2012-08-15 76748b7 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 85df0e4 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 605d05f #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 6840097 #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 fb1e204 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 6fd6768 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 11abbaa #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 a3293a7 #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Helmut Hummel)
2012-08-15 ccbbfc3 #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 f046457 #23226 [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
|
|
www/drupal7 security update
Revisions pulled up:
- www/drupal7/Makefile 1.10
- www/drupal7/PLIST 1.5
- www/drupal7/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 15:46:38 UTC 2012
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update drupal7 package to 7.15.
Release notes says "no security fix" but it really fixes SA49131:
<http://secunia.com/advisories/49131/>.
Release notes
Maintenance release of the Drupal 7 series. Includes bugfixes and small
API/feature improvements only (no major new functionality); significant new
features are only being added to the forthcoming Drupal 8.0 release.
No security fixes are included in this release.
Besides documentation fixes, no changes have been made to the .htaccess,
robots.txt or settings.php files in this release, so upgrading custom versions
of those files is not necessary. Known issues:
#1708722: Call to undefined function drupal_find_base_themes() in
drupal-7.15/includes/module.inc on line 184: Under rare circumstances
which are still under investigation (most likely, sites with a sub-theme
enabled and a module enabled that calls certain code early in Drupal's
page request), upgrading to Drupal 7.15 may lead to a fatal error. A
patch to fix this is available.
http://drupal.org/node/1708292
|
|
Ruby on Rails 3.2.8 security update
Revisions pulled up:
- databases/ruby-activerecord32/distinfo 1.6
- devel/ruby-activemodel32/distinfo 1.6
- devel/ruby-activesupport32/distinfo 1.6
- devel/ruby-railties32/distinfo 1.6
- lang/ruby/rails.mk 1.30
- mail/ruby-actionmailer32/distinfo 1.6
- www/ruby-actionpack32/distinfo 1.6
- www/ruby-activeresource32/distinfo 1.6
- www/ruby-rails32/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:37:06 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.2.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:38:09 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport32: distinfo
Log Message:
Update ruby-activesupport32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* Fix ActiveSupport integration with Mocha > 0.12.1. *Mike Gunderloy*
* Reverted the deprecation of ActiveSupport::JSON::Variable.
*Rafael Mendonça França*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:38:41 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel32: distinfo
Log Message:
Update ruby-activemodel32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:40:00 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack32: distinfo
Log Message:
Update ruby-actionpack32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value, there
is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:41:02 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord32: distinfo
Log Message:
Update ruby-activerecord32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* Do not consider the numeric attribute as changed if the old value is zero
and the new value is not a string.
Fixes #7237.
*Rafael Mendonça França*
* Removes the deprecation of `update_attribute`. *fxn*
* Reverted the deprecation of `composed_of`. *Rafael Mendonça França*
* Reverted the deprecation of `*_sql` association options. They will be
deprecated in 4.0 instead. *Jon Leighton*
* Do not eager load AR session store. ActiveRecord::SessionStore depends on
the abstract store in Action Pack. Eager loading this class would break
client code that eager loads Active Record standalone.
Fixes #7160
*Xavier Noria*
* Do not set RAILS_ENV to "development" when using `db:test:prepare` and
related rake tasks.
This was causing the truncation of the development database data when using
RSpec.
Fixes #7175.
*Rafael Mendonça França*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:41:37 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource32: distinfo
Log Message:
Update ruby-activeresource32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:42:14 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer32: distinfo
Log Message:
Update ruby-actionmailer32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:43:08 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties32: distinfo
Log Message:
Update ruby-railties32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* ERB scaffold generator use the `:data => { :confirm => "Text" }` syntax
instead of `:confirm`.
*Rafael Mendonça França*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:44:30 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails32: distinfo
Log Message:
Update ruby-rails32 to 3.2.8.
This is a meta-like package and no changes.
|
|
Ruby on Rails 3.1.8 security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.6
- devel/ruby-activemodel31/distinfo 1.6
- devel/ruby-activesupport31/distinfo 1.7
- devel/ruby-railties31/distinfo 1.6
- lang/ruby/rails.mk 1.29
- mail/ruby-actionmailer31/distinfo 1.6
- www/ruby-actionpack31/distinfo 1.7
- www/ruby-activeresource31/distinfo 1.6
- www/ruby-rails31/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:32:52 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start Ruby on Rails 3.1.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:48 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:34:38 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:35:20 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:36:35 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:22 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:52 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:38:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update ruby-rails31 to 3.1.8.
This is a meta-like package and no changes.
|
|
Ruby on Rails 3.0.17 security update.
Revisions pulled up:
- databases/ruby-activerecord3/distinfo 1.15
- devel/ruby-activemodel/distinfo 1.15
- devel/ruby-activesupport3/distinfo 1.16
- devel/ruby-railties/distinfo 1.15
- lang/ruby/rails.mk 1.28
- mail/ruby-actionmailer3/distinfo 1.17
- www/ruby-actionpack3/distinfo 1.16
- www/ruby-activeresource3/distinfo 1.15
- www/ruby-rails3/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:44:22 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.0.17.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:44:58 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport3: distinfo
Log Message:
Update ruby-activesupport3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:45:45 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel: distinfo
Log Message:
Update ruby-activemodel to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:46:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack3: distinfo
Log Message:
Update ruby-actionpack3 to 3.0.17
## Rails 3.0.17 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped. If untrusted data is not escaped, and is supplied as
the prompt value, there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:47:45 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord3: distinfo
Log Message:
Update ruby-activerecord3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:48:26 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer3: distinfo
Log Message:
Update ruby-actionmailer3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:49:01 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties: distinfo
Log Message:
Update ruby-railties to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:50:41 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails3: distinfo
Log Message:
Update ruby-rails3 to 3.0.17.
This is a meta-like package and no changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 15:58:23 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource3: distinfo
Log Message:
Oops, missed from commit for ruby-activeresource3.
|
|
|
|
databases/phpmyadmin: security update
Revisions pulled up:
- databases/phpmyadmin/Makefile 1.104
- databases/phpmyadmin/distinfo 1.64
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Fri Aug 17 23:08:21 UTC 2012
Modified Files:
pkgsrc/databases/phpmyadmin: Makefile distinfo
Log Message:
Updatep "phpmyadmin" package to version 3.5.2.2. Changes since 3.5.2.1:
- [security] Fixed XSS vulnerabilities, see PMASA-2012-4
To generate a diff of this commit:
cvs rdiff -u -r1.103 -r1.104 pkgsrc/databases/phpmyadmin/Makefile
cvs rdiff -u -r1.63 -r1.64 pkgsrc/databases/phpmyadmin/distinfo
|
|
|
|
misc/kdepimlibs4: functionality fix
Revisions pulled up:
- misc/kdepimlibs4/Makefile 1.34
- misc/kdepimlibs4/buildlink3.mk 1.21
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: markd
Date: Tue Jul 24 22:14:35 UTC 2012
Modified Files:
pkgsrc/misc/kdepimlibs4: Makefile buildlink3.mk
Log Message:
Only depend on libuuid on Linux, for the time being. Adding it causes
Plasma Desktop to break on at least NetBSD. Fixes PR pkg/46674.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/misc/kdepimlibs4/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/misc/kdepimlibs4/buildlink3.mk
|
|
|
|
editors/emacs-nox11: security patch
editors/emacs: security patch
Revisions pulled up:
- editors/emacs-nox11/Makefile 1.36
- editors/emacs/Makefile 1.146
- editors/emacs/distinfo 1.58
- editors/emacs/patches/patch-lisp_files.el 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 13 06:53:07 UTC 2012
Modified Files:
pkgsrc/editors/emacs: Makefile distinfo
pkgsrc/editors/emacs-nox11: Makefile
Added Files:
pkgsrc/editors/emacs/patches: patch-lisp_files.el
Log Message:
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
|
|
editors/emacs24-nox11: security patch
editors/emacs24: security patch
Revisions pulled up:
- editors/emacs24-nox11/Makefile 1.3
- editors/emacs24-nox11/version.mk 1.2
- editors/emacs24/Makefile 1.4
- editors/emacs24/distinfo 1.3-1.4
- editors/emacs24/patches/patch-aa 1.2
- editors/emacs24/patches/patch-ab 1.2
- editors/emacs24/patches/patch-lisp_files.el 1.1
---
Module Name: pkgsrc
Committed By: marino
Date: Fri Aug 10 10:08:14 UTC 2012
Modified Files:
pkgsrc/editors/emacs24: distinfo
pkgsrc/editors/emacs24/patches: patch-aa patch-ab
Log Message:
editors/emacs24: update configure* patches for DragonFly
DragonFly needs libc explicitly defined for its linker.
The temacs utility still segfaults, but at least it builds now.
---
Module Name: pkgsrc
Committed By: jmmv
Date: Sat Aug 11 17:21:04 UTC 2012
Modified Files:
pkgsrc/editors/emacs24-nox11: version.mk
Log Message:
Fix the build of emacs modules when EMACS_TYPE=emacs24nox.
The emacs flavor is 'emacs' and the package dependency is 'emacs-nox11',
not 'emacs24' nor 'emacs24-nox11' (respectively).
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 13 06:38:50 UTC 2012
Modified Files:
pkgsrc/editors/emacs24: Makefile distinfo
pkgsrc/editors/emacs24-nox11: Makefile
Log Message:
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 13 06:39:06 UTC 2012
Added Files:
pkgsrc/editors/emacs24/patches: patch-lisp_files.el
Log Message:
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
|
|
|
|
databases/ruby-activerecord32: security update
devel/ruby-activemodel32: security update
devel/ruby-activesupport32: security update
devel/ruby-railties32: security update
mail/ruby-actionmailer32: security update
www/ruby-actionpack32: security update
www/ruby-activeresource32: security update
www/ruby-rails32: security update
Revisions pulled up:
- databases/ruby-activerecord32/distinfo 1.5
- devel/ruby-activemodel32/distinfo 1.5
- devel/ruby-activesupport32/distinfo 1.5
- devel/ruby-railties32/distinfo 1.5
- lang/ruby/rails.mk 1.27
- mail/ruby-actionmailer32/distinfo 1.5
- www/ruby-actionpack32/distinfo 1.5
- www/ruby-activeresource32/distinfo 1.5
- www/ruby-rails32/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:50:28 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.2.7.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:51:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport32: distinfo
Log Message:
Update ruby-activesupport32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* Hash#fetch(fetch) is not the same as doing hash[key]
* adds a missing require [fixes #6896]
* make sure the inflection rules are loaded when cherry-picking
active_support/core_ext/string/inflections.rb [fixes #6884]
* Merge pull request #6857 from rsutphin/as_core_ext_time_missing_require
* bump AS deprecation_horizon to 4.0
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:52:25 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel32: distinfo
Log Message:
Update ruby-activemodel32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* `validates_inclusion_of` and `validates_exclusion_of` now accept `:within`
option as alias of `:in` as documented.
* Fix the the backport of the object dup with the ruby 1.9.3p194.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:53:01 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource32: distinfo
Log Message:
Update ruby-activeresource32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:53:46 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord32: distinfo
Log Message:
Update ruby-activerecord32 to 3.2.7.
## Rails 3.2.7 (unreleased) ##
* `:finder_sql` and `:counter_sql` options on collection associations
are deprecated. Please transition to using scopes.
*Jon Leighton*
* `:insert_sql` and `:delete_sql` options on `has_and_belongs_to_many`
associations are deprecated. Please transition to using `has_many
:through`
*Jon Leighton*
* `composed_of` has been deprecated. You'll have to write your own accessor
and mutator methods if you'd like to use value objects to represent some
portion of your models.
*Steve Klabnik*
* `update_attribute` has been deprecated. Use `update_column` if
you want to bypass mass-assignment protection, validations, callbacks,
and touching of updated_at. Otherwise please use `update_attributes`.
*Steve Klabnik*
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:55:32 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack32: distinfo
Log Message:
Update ruby-actionpack32 to 3.2.7.
## Rails 3.2.7 (unreleased) ##
* Do not convert digest auth strings to symbols. CVE-2012-3424
* Bump Journey requirements to 1.0.4
* Add support for optional root segments containing slashes
* Fixed bug creating invalid HTML in select options
* Show in log correct wrapped keys
* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered
instead of line continuations.
* ActionController::Metal doesn't have logger method, check it and then
delegate
* ActionController::Caching depends on RackDelegation and
AbstractController::Callbacks
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:56:13 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer32: distinfo
Log Message:
Update ruby-actionmailer32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:56:46 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties32: distinfo
Log Message:
Update ruby-railties32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* Since Rails 3.2, use layout false to render no layout
* Use strict_args_position! if available from Thor
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:57:33 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails32: distinfo
Log Message:
Update Update ruby-rails32 to 3.2.17.
This is a meta-like package and no changes.
|
|
databases/ruby-activerecord31: security update
devel/ruby-activemodel31: security update
devel/ruby-activesupport31: security update
devel/ruby-railties31: security update
mail/ruby-actionmailer31: security update
www/ruby-actionpack31: security update
www/ruby-activeresource31: security update
www/ruby-rails31: security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.5
- devel/ruby-activemodel31/distinfo 1.5
- devel/ruby-activesupport31/distinfo 1.6
- devel/ruby-railties31/distinfo 1.5
- lang/ruby/rails.mk 1.26
- mail/ruby-actionmailer31/distinfo 1.5
- www/ruby-actionpack31/distinfo 1.6
- www/ruby-activeresource31/distinfo 1.5
- www/ruby-rails31/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:34:39 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.1.7.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:35:07 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:35:47 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:36:18 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:36:59 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:38:13 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* Do not convert digest auth strings to symbols. CVE-2012-3424
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:38:47 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:39:16 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:41:23 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update Update ruby-rails31 to 3.1.17.
This is a meta-like package and no changes.
|
|
databases/ruby-activerecord3: security update
devel/ruby-activemodel: security update
devel/ruby-activesupport3: security update
devel/ruby-railties: security update
mail/ruby-actionmailer3: security update
mail/ruby-mail22/Makefile
www/ruby-actionpack3: security update
www/ruby-activeresource3: security update
www/ruby-rails3: security update
Revisions pulled up:
- databases/ruby-activerecord3/distinfo 1.14
- devel/ruby-activemodel/distinfo 1.14
- devel/ruby-activesupport3/distinfo 1.15
- devel/ruby-railties/distinfo 1.14
- lang/ruby/rails.mk 1.25
- mail/ruby-actionmailer3/distinfo 1.16
- mail/ruby-mail22/Makefile 1.5
- www/ruby-actionpack3/distinfo 1.15
- www/ruby-activeresource3/distinfo 1.14
- www/ruby-rails3/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:20:08 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails to 3.0.16.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:21:03 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport3: distinfo
Log Message:
Update ruby-activesupport3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:21:54 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel: distinfo
Log Message:
Update ruby-activemodel to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:22:56 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource3: distinfo
Log Message:
Update ruby-activeresource3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:24:29 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack3: distinfo
Log Message:
Update ruby-actionpack3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* Do not convert digest auth strings to symbols. CVE-2012-3424
## Rails 3.0.14 (Jun 12, 2012)
* nil is removed from array parameter values
CVE-2012-2694
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:25:14 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord3: distinfo
Log Message:
Update ruby-activerecord3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:25:49 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer3: distinfo
Log Message:
Update ruby-actionmailer3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:26:47 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties: distinfo
Log Message:
Update ruby-railties to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:27:36 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails3: distinfo
Log Message:
Update ruby-rails3 to 3.0.16.
This is a meta-like package and no changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 13:02:49 UTC 2012
Modified Files:
pkgsrc/mail/ruby-mail22: Makefile
Log Message:
Bump PKGREVISION to reflect dependency to devel/ruby-activesupport3.
|
|
emulators/suse121_libxml2: security update
Revisions pulled up:
- emulators/suse121_libxml2/Makefile 1.4
- emulators/suse121_libxml2/distinfo 1.4
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Aug 11 02:10:23 UTC 2012
Modified Files:
pkgsrc/emulators/suse121_libxml2: Makefile distinfo
Log Message:
Update libxml2-2.7.8 rpm to 3.11.1 for CVE-2012-2807.
Bump PKGREVISION.
|
|
|
|
sysutils/mtools: bug fix patch
Revisions pulled up:
- sysutils/mtools/Makefile 1.51
- sysutils/mtools/patches/patch-llong.h 1.1
---
Module Name: pkgsrc
Committed By: is
Date: Fri Aug 10 14:59:58 UTC 2012
Modified Files:
pkgsrc/sysutils/mtools: Makefile
Added Files:
pkgsrc/sysutils/mtools/patches: patch-llong.h
Log Message:
Forgot patch file...
|
|
|
|
sysutils/mtools: bug fix patch
Revisions pulled up:
- sysutils/mtools/Makefile 1.50
- sysutils/mtools/distinfo 1.18
---
Module Name: pkgsrc
Committed By: is
Date: Wed Aug 8 08:46:27 UTC 2012
Modified Files:
pkgsrc/sysutils/mtools: Makefile distinfo
Log Message:
mtools-(at least)4.0.17 tries hard to configure and conditionally set types
to use 64bit file offsets where available for seek()ing etc. However, the
easy case (sizeof(off_t)>4) is handled incorrectly: mt_size_t is set to
size_t - maybe a copy and paste from the fall-back-to-32bit case.
This type is used at least in init.c, when detecting media size and comparing
to the FAT geometry, consequently failing and erroring out with the message
"Big disks not supported on this architecture."
The patch does handle the (e.g. NetBSD) case of 64bit off_t the same as
the case where a off64_t is available (and the other 64bit off_t-equivalent
cases); namely using off_t as mt_size_t.
Thanks to riastradh@ for pointing out where the bug in llong.h was.
|