| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
emulators/suse131_libdbus: security update
Revisions pulled up:
- emulators/suse131_libdbus/Makefile 1.3
- emulators/suse131_libdbus/distinfo 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Jun 21 13:52:49 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_libdbus: Makefile distinfo
Log Message:
Apply openSUSE Security Update: dbus-1: Fixed possible DoS
Announcement ID: openSUSE-SU-2014:0821-1
Description:
dbus-1 was updated to fix a possible DoS (CVE-2014-3477).
Bump PKGREVISION.
|
|
emulators/suse131_mozilla-nspr: security update
Revisions pulled up:
- emulators/suse131_mozilla-nspr/Makefile 1.2-1.3
- emulators/suse131_mozilla-nspr/distinfo 1.2-1.3
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Apr 4 10:02:24 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_mozilla-nspr: Makefile distinfo
Log Message:
Update suse131_mozilla-nspr RPM to 4.10.4-8.1 from openSUSE-SU-2014:0448-1.
Changes in mozilla-nspr:
- update to version 4.10.4
* bmo#767759: Add support for new x32 abi
* bmo#844784: Thread data race in PR_EnterMonitor
* bmo#939786: data race
nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root
* bmo#958796: Users of _beginthreadex that set a custom
stack size may not be getting the behavior they want
* bmo#963033: AArch64 support update for NSPR
* bmo#969061: Incorrect end-of-list test when iterating
over a PRCList in prcountr.c and prtrace.c
* bmo#971152: IPv6 detection on linux depends on
availability of /proc/net/if_inet6
- update to version 4.10.3
* bmo#749849: ensure we'll free the thread-specific data
key.
* bmo#941461: don't compile android with unaligned memory
access.
* bmo#932398: Add PR_SyncMemMap, a portable version of
msync/FlushViewOfFile.
* bmo#952621: Fix a thread-unsafe access to lock->owner
in PR_Lock.
* bmo#957458: Fix several bugs in the lock rank checking
code.
* bmo#936320: Use an alternative test for IPv6 support on
Linux to avoid opening a socket.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Jun 21 13:35:54 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_mozilla-nspr: Makefile distinfo
Log Message:
Apply openSUSE Security Update: MozillaFirefox, mozilla-nspr:
Update fixes nine security issues
Announcement ID: openSUSE-SU-2014:0819-1
Description:
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* OOB write with sprintf and console functions (CVE-2014-1545)
Bump PKGREVISION.
|
|
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.123
- net/wireshark/distinfo 1.75
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jun 14 09:17:51 UTC 2014
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Log Message:
Update "wireshark" package to version 1.10.8. Changes since 1.10.7:
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-07
The frame metadissector could crash. (Bug 9999, Bug 10030)
Versions affected: 1.10.0 to 1.10.7
CVE-2014-4020
= The following bugs have been fixed:
* VoIP flow graph crash upon opening. (Bug 9179)
* Tshark with "-F pcap" still generates a pcapng file. (Bug 9991)
* IPv6 Next Header 0x3d recognized as SHIM6. (Bug 9995)
* Failed to export pdml on large pcap. (Bug 10081)
* TCAP: set a fence on info column after calling sub
dissector (Bug 10091)
* Dissector bug in JSON protocol. (Bug 10115)
* GSM RLC MAC: do not skip too many lines of the CSN_DESCR
when the field is missing (Bug 10120)
* Wireshark PEEKREMOTE incorrectly decoding QoS data packets
from Cisco Sniffer APs. (Bug 10139)
* IEEE 802.11: fix dissection of HT Capabilities (Bug 10166)
- Updated Protocol Support
CIP, EtherNet/IP, GSM RLC MAC, IEEE 802.11, IPv6, and TCAP
- New and Updated Capture File Support
pcap-ng, and PEEKREMOTE
To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.74 -r1.75 pkgsrc/net/wireshark/distinfo
|
|
|
|
emulators/suse131_openssl: security update
Revisions pulled up:
- emulators/suse131_openssl/Makefile 1.9
- emulators/suse131_openssl/distinfo 1.9
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Jun 6 09:53:29 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_openssl: Makefile distinfo
Log Message:
Apply openSUSE-SU-2014:0764-1
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
|
|
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.30
- multimedia/adobe-flash-plugin11/distinfo 1.28
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Jun 11 01:56:57 UTC 2014
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.378 for APSB14-16.
|
|
|
|
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.193
- security/openssl/builtin.mk 1.42
- security/openssl/distinfo 1.106-1.107
- security/openssl/patches/patch-Configure 1.2
- security/openssl/patches/patch-Makefile.org 1.2
- security/openssl/patches/patch-Makefile.shared 1.2
- security/openssl/patches/patch-apps_Makefile 1.2
- security/openssl/patches/patch-config 1.2
- security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.2
- security/openssl/patches/patch-crypto_des_Makefile 1.1
- security/openssl/patches/patch-crypto_dso_dso__dlfcn.c 1.2
- security/openssl/patches/patch-doc_apps_cms.pod deleted
- security/openssl/patches/patch-doc_apps_smine.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__COMP__add__compression__method.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__add__session.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__load__verify__locations.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__session__id__context.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__ssl__version.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__accept.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__clear.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__connect.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__read.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__session__reused.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__set__fd.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__set__session.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__write.pod deleted
- security/openssl/patches/patch-engines_ccgost_Makefile 1.2
- security/openssl/patches/patch-tools_Makefile 1.2
---
Module Name: pkgsrc
Committed By: rodent
Date: Tue May 13 02:23:11 UTC 2014
Modified Files:
pkgsrc/security/openssl: distinfo
pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
patch-Makefile.shared patch-apps_Makefile patch-config
patch-crypto_bn_bn__prime.pl patch-crypto_dso_dso__dlfcn.c
patch-doc_apps_cms.pod patch-doc_apps_smine.pod
patch-doc_ssl_SSL__COMP__add__compression__method.pod
patch-doc_ssl_SSL__CTX__add__session.pod
patch-doc_ssl_SSL__CTX__load__verify__locations.pod
patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
patch-doc_ssl_SSL__CTX__set__session__id__context.pod
patch-doc_ssl_SSL__CTX__set__ssl__version.pod
patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod
patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod
patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod
patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod
patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod
patch-engines_ccgost_Makefile patch-tools_Makefile
Added Files:
pkgsrc/security/openssl/patches: patch-crypto_des_Makefile
Log Message:
Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying).
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 5 12:16:06 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile builtin.mk distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-doc_apps_cms.pod
patch-doc_apps_smine.pod
patch-doc_ssl_SSL__COMP__add__compression__method.pod
patch-doc_ssl_SSL__CTX__add__session.pod
patch-doc_ssl_SSL__CTX__load__verify__locations.pod
patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
patch-doc_ssl_SSL__CTX__set__session__id__context.pod
patch-doc_ssl_SSL__CTX__set__ssl__version.pod
patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod
patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod
patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod
patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod
patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod
Log Message:
Update to 1.0.1h:
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
o Fix for CVE-2014-0224
o Fix for CVE-2014-0221
o Fix for CVE-2014-0195
o Fix for CVE-2014-3470
o Fix for CVE-2010-5298
|
|
|
|
security/gnutls: security update
Revisions pulled up:
- security/gnutls/Makefile 1.146
- security/gnutls/distinfo 1.106
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri May 30 13:20:23 UTC 2014
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 3.2.15:
* Version 3.2.15 (released 2014-05-30)
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.
** libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.
** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
** gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.
** ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
** API and ABI modifications:
No changes since last version.
* Version 3.2.14 (released 2014-05-06)
** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
** libgnutls: Several small bug fixes found by coverity.
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
** configure: Added --with-nettle-mini option, which allows linking
with a libnettle that contains gmp.
** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.
** API and ABI modifications:
No changes since last version.
* Version 3.2.13 (released 2014-04-07)
** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently
if there are no base64 data. Report and patch by Ramkumar Chinchani.
** libgnutls: gnutls_record_send is now safe to be called under DTLS when
in corked mode.
** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are
only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for
these algorithms.
** libgnutls: Changed the behaviour in wildcard acceptance in certificates.
Wildcards are only accepted when there are more than two domain components
after the wildcard. This drops support for the permissive RFC2818 wildcards
and adds more conservative support based on the suggestions in RFC6125. Suggested
by Jeffrey Walton.
** certtool: When no password is provided to export a PKCS #8 keys, do
not encrypt by default. This reverts to the certtool behavior of gnutls
3.0. The previous behavior of encrypting using an empty password can be
replicating using the new parameter --empty-password.
** p11tool: Avoid dual initialization of the PKCS #11 subsystem when
the --provider option is given.
** API and ABI modifications:
No changes since last version.
|
|
|
|
lang/php53: match option handling of "php54" and "php55"
Revisions pulled up:
- lang/php53/Makefile.php 1.39
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 31 04:30:30 UTC 2014
Modified Files:
pkgsrc/lang/php53: Makefile.php
Log Message:
Use PKG_OPTIONS.${PHP_PKG_PREFIX} as PKG_OPTIONS_VAR in order to consistent
PKG_OPTIONS amaong packages which use lang/php/Makefile.php.
|
|
lang/php54: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.64
- lang/php54/Makefile.php 1.8
- lang/php54/distinfo 1.40
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 31 04:28:57 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile.php distinfo
Log Message:
Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238.
29 May 2014, PHP 5.4.29
- COM:
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
zend_exceptions.c). (Bob)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
- Date:
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
(CVE-2014-0238)
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation). (CVE-2014-0237)
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
|
|
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.63
- lang/php55/Makefile.php 1.3
- lang/php55/distinfo 1.22
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 31 04:26:40 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile.php distinfo
Log Message:
Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.
29 May 2014, PHP 5.5.13
- CLI server:
. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
- COM:
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
zend_exceptions.c). (Bob)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
- Curl:
. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
- Date:
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
|
|
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.41
- www/mediawiki/distinfo 1.29
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wen
Date: Sun Jun 1 08:24:32 UTC 2014
Modified Files:
pkgsrc/www/mediawiki: Makefile distinfo
Log Message:
Update to 1.22.7
Upstream changes:
1.22.7
== Security ==
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
== Bugfixes in 1.22.7 ==
* (bug 36356) Add space between two feed links.
* (bug 63269) Email notifications were not correctly handling the
[[MediaWiki:Helppage]] message being set to a full URL. This is a regression
from the 1.22.5 point release, which made the default value for it a URL.
If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
you'll need to edit it locally to include the URL via the new variable
$HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
you don't have to do anything.
* Add missing uploadstash.us_props for PostgreSQL.
* (bug 56047) Fixed stream wrapper in PhpHttpRequest.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 pkgsrc/www/mediawiki/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/www/mediawiki/distinfo
|
|
graphics/php-gd: version bump
lang/php: version bump
lang/php53: security update
lang/php54: security update
lang/php55: security update
Revisions pulled up:
- graphics/php-gd/Makefile 1.36
- lang/php/phpversion.mk 1.59-1.62
- lang/php53/distinfo 1.73
- lang/php53/patches/patch-ext_gd_libgd_gdxpm.c 1.1
- lang/php54/Makefile 1.21
- lang/php54/Makefile.php 1.7
- lang/php54/distinfo 1.37-1.39
- lang/php54/patches/patch-configure 1.7
- lang/php54/patches/patch-ext_fileinfo_data__file.c deleted
- lang/php54/patches/patch-ext_gd_libgd_gdxpm.c 1.1
- lang/php54/patches/patch-php.ini-development 1.3
- lang/php54/patches/patch-php.ini-production 1.3
- lang/php55/Makefile 1.12
- lang/php55/distinfo 1.18-1.21
- lang/php55/patches/patch-configure 1.6
- lang/php55/patches/patch-ext_fileinfo_data__file.c deleted
- lang/php55/patches/patch-ext_gd_libgd_gdxpm.c 1.1
- lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c 1.2
- lang/php55/patches/patch-php.ini-development 1.4
- lang/php55/patches/patch-php.ini-production 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri Apr 4 03:05:00 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
pkgsrc/lang/php55/patches: patch-php.ini-development
patch-php.ini-production
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_fileinfo_data__file.c
Log Message:
Update php55 to 5.5.11.
CVE-2013-7345 is already fixed in 5.5.10nb2.
03 Apr 2014, PHP 5.5.11
- Core:
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- SPL:
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
- cURL:
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
(Adam)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- GD:
. Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
. Fixed bug #66890 (imagescale segfault). (Remi)
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
- Hash:
. hash_pbkdf2() now works correctly if the $length argument is not specified.
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- OPCache
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
- GMP
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
- SQLite:
. Updated bundled libsqlite to 3.8.3.1 (Anatol)
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/php55/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/php55/patches/patch-ext_fileinfo_data__file.c
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php55/patches/patch-php.ini-development \
pkgsrc/lang/php55/patches/patch-php.ini-production
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 5 03:43:40 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile Makefile.php distinfo
pkgsrc/lang/php54/patches: patch-php.ini-development
patch-php.ini-production
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_fileinfo_data__file.c
Log Message:
Update php54 to 5.4.27. CVE-2013-7345 is already fixed in 5.4.26nb2.
03 Apr 2014, PHP 5.4.27
- Core:
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- GMP
. fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php54/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/Makefile.php
cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/php54/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php54/patches/patch-php.ini-development \
pkgsrc/lang/php54/patches/patch-php.ini-production
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Mon Apr 14 10:17:19 UTC 2014
Modified Files:
pkgsrc/lang/php55: distinfo
Added Files:
pkgsrc/lang/php55/patches: patch-ext_sqlite3_libsqlite_sqlite3.c
Log Message:
Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environment
from the PHP build.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 1 15:52:33 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
pkgsrc/lang/php55/patches: patch-configure
patch-ext_sqlite3_libsqlite_sqlite3.c
Log Message:
Update php55 to 5.5.12.
01 May 2014, PHP 5.5.12
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- mysqli:
. Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
(extra comma) and third parameters (lack of escaping). (Andrey)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- SQLite:
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Apache2 Handler SAPI:
. Fixed Apache log issue caused by APR's lack of support for %zu
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
(Jeff Trawick)
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.19 -r1.20 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/php55/patches/patch-configure
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri May 2 13:04:12 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: distinfo
pkgsrc/lang/php54/patches: patch-configure
Log Message:
Update php54 to 5.4.28.
01 May 2014, PHP 5.4.28
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
(Jann Horn, Stas)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
default configuration) (CVE-2014-0185). (Stas)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Apache2 Handler SAPI:
. Fixed Apache log issue caused by APR's lack of support for %zu
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
(Jeff Trawick)
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php54/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/patches/patch-configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Sun May 11 11:20:48 UTC 2014
Modified Files:
pkgsrc/graphics/php-gd: Makefile
pkgsrc/lang/php53: distinfo
pkgsrc/lang/php54: distinfo
pkgsrc/lang/php55: distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-ext_gd_libgd_gdxpm.c
pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c
Log Message:
Apply a patch to fix CVE-2014-2497, taken from
https://bugs.php.net/patch-display.php?bug_id=66901
Bump PKGREVISION for php-gd correspondingly.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/graphics/php-gd/Makefile
cvs rdiff -u -r1.72 -r1.73 pkgsrc/lang/php53/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php54/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c
|
|
|
|
www/p5-LWP-Protocol-https: security patch
Apply patch to fix CVE-2014-3230.
|
|
mail/dovecot2-pigeonhole: keep in step with mail/dovecot2
Revisions pulled up:
- mail/dovecot2-pigeonhole/Makefile 1.18
- mail/dovecot2-pigeonhole/PLIST 1.6
- mail/dovecot2-pigeonhole/distinfo 1.12
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 14 06:10:36 UTC 2014
Modified Files:
pkgsrc/mail/dovecot2-pigeonhole: Makefile PLIST distinfo
Log Message:
Changes 0.4.3:
* Editheader extension: Made control characters allowed for editheader,
except NUL. Before, this would cause a runtime error.
+ Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to
match the new draft "duplicate" extension.
- Fixed sieve_result_global_log_error to log only as i_info in
administrator log (syslog) if executed from multiscript context.
- Sieve redirect extension: Adjusted loop detection to show leniency to
resent messages.
- Sieve include extension: Fixed problem with handling of duplicate
includes with different parameters :once or :optional.
- Sieve spamtest/virustest extensions: Tests were erroneously performed
against the original message. When used together with extprograms
filter to add the spam headers, the changes were not being used by
the spamtest and virustest extensions.
- Deprecated Sieve notify extension: Fixed segfault problems in message
string substitution.
- ManageSieve: Fixed active link verification to handle redundant path
slashes correctly.
- Sieve vacation extension:
- Fixed interaction of sieve_vacation_dont_check_recipient with
sieve_vacation_send_from_recipient setting.
- Fixed log message for discarded response.
- Sieve extprograms plugin:
- Forgot to disable the alarm() timeouts set for script execution.
- Fixed fd leak and handling of output shutdown.
- Fixed 'Bad filedescriptor' error occurring when disconnecting
script client.
- Made sure that programs are never forked with root privileges.
|
|
mail/dovecot2: security update
Revisions pulled up:
- mail/dovecot2/Makefile 1.61-1.62
- mail/dovecot2/PLIST 1.35
- mail/dovecot2/distinfo 1.46
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Apr 9 07:27:19 UTC 2014
Modified Files:
pkgsrc/mail/dovecot2: Makefile
Log Message:
recursive bump from icu shlib major bump.
---
Module Name: pkgsrc
Committed By: adam
Date: Wed May 14 06:09:53 UTC 2014
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.13:
* Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
handshake was started but wasn't finished, the login process
attempted to eventually forcibly disconnect the client, but failed
to do it correctly. This could have left the connections hanging
arond for a long time. (Affected Dovecot v1.1+)
+ mdbox: Added mdbox_purge_preserve_alt setting to keep the file
within alt storage during purge. (Should become enforced in v2.3.0?)
+ fts: Added support for parsing attachments via Apache Tika. Enable
with: plugin { fts_tika = http://tikahost:9998/tika/ }
+ virtual plugin: Delay opening backend mailboxes until it's necessary.
This requires mailbox_list_index=yes to work. (Currently IMAP IDLE
command still causes all backend mailboxes to be opened.)
+ mail_never_cache_fields=* means now to disable all caching. This may
be a useful optimization as doveadm/dsync parameter for some admin
tasks which shouldn't really update the cache file.
+ IMAP: Return SPECIAL-USE flags always for LSUB command.
- pop3 server was still crashing in v2.2.12 with some settings
- maildir: Various fixes and improvements to handling compressed mails,
especially when they have broken/missing S=sizes in filenames.
- fts-lucene, fts-solr: Fixed crash on search when the index contained
duplicate entries.
- Many fixes and performance improvements to dsync and replication
- director was somewhat broken when there were exactly two directors
in the ring. It caused errors about "weak users" getting stuck.
- mail_attachment_dir: Attachments with the last base64-encoded line
longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
matched the mailbox name. (Only the first entry was used.)
|
|
www/typo3_61: security update
Revisions pulled up:
- www/typo3_61/Makefile 1.5
- www/typo3_61/PLIST 1.3
- www/typo3_61/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:52:14 UTC 2014
Modified Files:
pkgsrc/www/typo3_61: Makefile PLIST distinfo
Log Message:
Update typo3_61 to 6.1.9 (TYPO3 6.1.9), contains several security fixes=
.=
2014-05-22 2bb8360 [RELEASE] Release of TYPO3 6.1.9 (=
TYPO3 Release Team)
2014-05-22 6fafbf7 #30377 [SECURITY] Add trusted HTTP_HOST c=
onfiguration (Helmut Hummel)
2014-05-22 2994a1c #54111,#54113 [SECURITY] XSS in (old) extension =
manager information function (Nicole Cordes)
2014-05-22 12741ad #48695 [SECURITY] XSS in new content elem=
ent wizard (Marcus Krause)
2014-05-22 7595ad4 #54109 [SECURITY] XSS in template tools o=
n root page (Marc Bastian Heinrichs)
2014-05-22 6965806 #57576 [SECURITY] XSS in Backend Layout W=
izard (Helmut Hummel)
2014-05-22 54e4691 #48693 [SECURITY] Encode URL for use in J=
avaScript (Jigal van Hemert)
2014-05-22 b6826ff #56458 [SECURITY] Fix insecure unserializ=
e in colorpicker (Helmut Hummel)
2014-05-22 32efb1b #54526 [SECURITY] Remove charts.swf to ge=
t rid of XSS vulnerability (Helmut Hummel)
2014-05-21 6a91a90 #54917 [BUGFIX] Indexer tries to insert N=
ULL into DB (Markus Klein)
2014-05-15 3ee99e9 #58842 [BUGFIX] Wrong system requirements=
link (Markus Klein)
2014-05-14 f86e016 #58529 [BUGFIX] DependencyUtility does co=
unt() on an integer (Markus Klein)
2014-05-08 fb8370d #58187 [BUGFIX] Solve stackoverflow in pr=
ototype in IE8 (Jigal van Hemert)
2014-05-08 3abc703 #58373 [BUGFIX] Default image title in RT=
E contains the file name (Stanislas Rolland)
2014-05-05 db90a26 #45183 [BUGFIX] Wrong result on empty str=
ing globalString condition (Marc Bastian Heinrichs)
2014-05-04 d422bf6 #58504 [BUGFIX] saltedpasswords: Check rs=
aauth loading (Nicole Cordes)
2014-05-04 05ef8fe #58484 [BUGFIX] SoftReferenceIndex suppor=
t for more values in class attribute (Marc Bastian Heinrichs)
2014-05-02 a49ddfd #58418 [BUGFIX] Retrieving extension fail=
s with some PHP versions (Sascha Wilking)
2014-04-29 0150f9c #58166 [BUGFIX] Wrong comment in ActionMe=
nuViewHelper (Markus Klein)
2014-04-25 8cf4f78 #58180 [BUGFIX] Database query error for =
non-workspaces tables (Oliver Hader)
2014-04-16 a4f013a [TASK] Set TYPO3 version to 6.1.9-=
dev (TYPO3 Release Team)
2014-04-16 d94f80d [RELEASE] Release of TYPO3 6.1.8 (=
TYPO3 Release Team)
2014-04-16 68763fa #57957 [BUGFIX] DBAL sql_fetch_* must ret=
urn boolean or array (Jigal van Hemert)
2014-04-16 65896ee #24925,#24871 [BUGFIX] Followup: Mandatory for S=
electbox with TCA not possible (Stefan Neufeind)
2014-04-15 8e8b020 #24925,#24871 [BUGFIX] Mandatory for Selectbox w=
ith TCA not possible (Benjamin Mack)
2014-04-15 d124103 #56580 [BUGFIX] SoftReferenceIndex typoli=
nk lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-15 6139c97 #56991 [BUGFIX] Fix refindex for FlexForm=
fields type group file_reference (Marc Bastian Heinrichs)
2014-04-15 1dbfe75 #56353,#56352 [BUGFIX] Fields of type group file=
are not properly indexed (Marc Bastian Heinrichs)
2014-04-15 b22b39d #57010 [BUGFIX] Add SoftIndex parser typo=
link to link in sys_file_reference (Marc Bastian Heinrichs)
2014-04-15 5dd53b1 #51768 [TASK] Updates prototype and scrip=
taculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-12 a60b6dc #47694 [BUGFIX] Follow up foreign_match_f=
ields not fully supported (Marc Bastian Heinrichs)
2014-04-12 b93d9b4 #50378 [BUGFIX] sql_free_result does not =
work with all allowed types (Wouter Wolters)
2014-04-07 a896350 #57690 [BUGFIX] User settings do not obey=
setup.override (Markus Klein)
2014-04-05 21f0d12 #55683 [BUGFIX] ClickMenu: Visibility-opt=
ions only if fields allowed (Stefan Neufeind)
2014-04-04 2b3dd27 #57656 [TASK] Integrate default README.tx=
t (Oliver Hader)
2014-04-04 1329a96 #57603 [SECURITY] Prevent XSS in schedule=
r form (Nicole Cordes)
2014-04-01 6ae6b40 #57518 [BUGFIX] Make Extbase EnvironmentS=
ervice a Singleton (Marc Bastian Heinrichs)
2014-03-31 03ec17a #57296 [BUGFIX] Test typeof TBE_EDITOR fo=
r object not function (Alexander Opitz)
2014-03-26 2b5c50e #54394 [BUGFIX] Exception if thumbnail do=
es not exist (Markus Klein)
2014-03-24 cbdd065 #57238 [BUGFIX] Typo in Extbase localizat=
ion file (Xavier Perseguers)
2014-03-23 fc5b7b2 #57179 [BUGFIX] Module Menu throws PHP wa=
rning for top level menu items (Benjamin Mack)
2014-03-23 9b36936 #57202 [BUGFIX] Parsetime: config.debug s=
hould override LocalConfiguration (Stefan Neufeind)
2014-03-19 819218a #55340 [BUGFIX] Several typos in Page Bro=
wsing ViewHelper (Benjamin Rau)
2014-03-19 f8233c1 #56205 [BUGFIX] Cannot use contain with m=
ultivalued static enumeration column (Xavier Perseguers)
2014-03-14 d5160a9 #56150 [BUGFIX] RootlineUtility does not =
consider disablefield (Christian Reiter)
2014-03-13 2a80fcd #56855 [BUGFIX] Extbase tries to overlay =
pages_language_overlay records (Stanislas Rolland)
2014-03-13 2ee3509 #56720 [BUGFIX] Alignment of button "add =
a new element at this place" (Patrick Broens)
2014-03-13 bed1054 #56830 [BUGFIX] Show thumbnails in list m=
odule (Markus Klein)
2014-03-13 3800d8b #56084 [BUGFIX] Followup: Ajax handler TY=
PO3_tcefile::process is broken (Frans Saris)
2014-03-12 d405041 #23864 [BUGFIX] Correctly validate New Co=
ntent Element entries (Ludwig Rafelsberger)
2014-03-10 06e5ad9 #52386 [BUGFIX] Allow record insert on ro=
otlevel (Benjamin Serfhos)
2014-03-08 2df9cb9 #43885 [BUGFIX] Temporary DB tree mount n=
otice missing in ElementBrowser (Lorenz Ulrich)
2014-03-07 472a2f2 #55457 [BUGFIX] RTE on first new IRRE rec=
ord keeps loading in IE (Stanislas Rolland)
2014-03-07 e61b2cf #23552 [BUGFIX] Default size for group-ty=
pe fields (Christian Plattner)
2014-03-05 f8c9a77 #46185 [BUGFIX] IdentityProperties were n=
ot set (Stefan Froemken)
2014-03-05 e7cf550 #11771 [BUGFIX] Catch all errors while st=
arting installer (Alexander Opitz)
2014-03-03 28d25c9 #56262 [BUGFIX] Double escape of title in=
indexed search (Markus Klein)
2014-02-28 ded338b #56378 [BUGFIX] Do not log with severity =
1320177676 (Christian Weiske)
2014-02-28 8f0ce1c #56421 [BUGFIX] @return for TYPO3\CMS\Sv\=
AuthenticationService::authUser (Christian Weiske)
2014-02-28 342686b #41413 [BUGFIX] URL-encoded title in link=
wizard (Helmut Hummel)
2014-02-27 5ce3128 #55966 [BUGFIX] Revert "[TASK] Use a 401 =
header if login is not successful" (Markus Klein)
2014-02-25 a5d8893 #56184 [BUGFIX] Paginator in TER list not=
using ajax (Jigal van Hemert)
2014-02-25 b4a8235 #23984 [BUGFIX] felogin reset password li=
nks not clickable (Jigal van Hemert)
2014-02-24 5da89e2 #56242 [BUGFIX] Fix JS concat if first fi=
le is forced on top (Benjamin Kott)
2014-02-21 c47d8c5 #54724 [BUGFIX] Use count on storage afte=
r initialization of LazyObjectStorage (Marc Bastian Heinrichs)
2014-02-21 6512f65 #49499 [BUGFIX] Fix possible language han=
dling issue (Markus Klein)
2014-02-20 b09e7f9 #39048 [BUGFIX] Rendering inline TCEforms=
without AJAX is broken (Alexander Jahn)
2014-02-20 c9ae284 #53116,#56019 [BUGFIX] concatenateJs/Css does no=
t consider forceOnTop (Markus Klein)
2014-02-20 b8eeb55 #56135 [BUGFIX] DatabaseConnection::listQ=
uery wrong usage of strpos() (Markus Klein)
2014-02-19 bd607e2 #55286 [BUGFIX] Suppress EXIF warnings in=
dexing images (Felix Althaus)
2014-02-19 45f944c #56067 [BUGFIX] Various static calls to n=
on-static functions (Markus Klein)
2014-02-19 d2ef187 #56057 [BUGFIX] Add missing htmlspecialch=
ars for thumbnail URL (Wouter Wolters)
2014-02-18 b7169bb #52955 [BUGFIX] Show labels of additional=
doktypes in new page drag area (Caspar Stuebs)
2014-02-18 7af5ad6 #54304 [BUGFIX] Missing encoding in flexf=
orms IRRE javascript (Alexey Gafiulov)
2014-02-17 48eab76 #52527 [BUGFIX] addToAllTCAtypes() doesn'=
t add new field (Tomita Militaru)
2014-02-17 6344793 #56037 [BUGFIX] Fix clipboard thumbnail r=
endering (Frans Saris)
2014-02-17 dc0ec8a #55998 [BUGFIX] Usage of undefined variab=
les in ShortcutToolbarItem (Tim Lochmueller)
2014-02-17 52c294b #55362 [BUGFIX] CommandController is not =
executed at same time (Tom Ruether)
2014-02-11 c9ffade #49440 [BUGFIX] Missing label felogin_for=
gotHash (Karol Lamparski)
2014-02-11 edbef68 #53028 [BUGFIX] cache_clearAtMidnight con=
flicts with content start/endtime (Dmitry Dulepov)
2014-02-10 474380f [TASK] Execute lint in parallel (H=
elmut Hummel)
2014-02-09 e36633a #53768,#28745 [BUGFIX] Allow to render the same =
TS object twice (Markus Klein)
2014-02-09 9971136 #55821 [BUGFIX] Tests: Remove unstable Ge=
neralUtilityTest::getUrl* (Christian Kuhn)
2014-02-09 101be25 #18797 [BUGFIX] "New page" wizard disclos=
es existence of pages outside DB mount (Nicole Cordes)
2014-02-09 5f6d783 #53564 [TASK] Add possibility creating ac=
cessible mock for abstract classes (Marc Bastian Heinrichs)
2014-02-08 cead255 #16491 [BUGFIX] CSV-Download not working =
in IE and HTTPS backend (Wouter Wolters)
2014-02-08 98c8e0a #55698 [BUGFIX] Fix "action" labels in BE=
log (Thorsten Kahler)
2014-02-07 9e79487 #55611 [TASK] Move cursor::pointer to com=
plete header area in IRRE (Georg Ringer)
2014-02-06 79d2bac #54131 [BUGFIX] Followup to #54131 (Frans=
Saris)
2014-02-06 ad267f8 #55713 [BUGFIX] Missing namespace in Cont=
entObjectRenderer (Markus Klein)
2014-02-05 27c1f61 #54112 [BUGFIX] Set missing markers to em=
pty string (Bernhard Kraft)
2014-02-04 4d7947a #55434 [BUGFIX] Various PHP Warnings with=
invalid credentials (Xavier Perseguers)
2014-02-03 1263413 #54467 [BUGFIX] TSFE->altPageTitle can no=
t be set in extensions (Markus Klein)
2014-02-03 a070a5c #54371 [BUGFIX] Add stdWrap on value prop=
erty of TEXT (Markus Klein)
2014-02-03 85b3fed #52048 [BUGFIX] Locker throws exception i=
f semaphore can not be acquired (Markus Klein)
2014-02-02 af8f6eb #54289 [BUGFIX] PropertyMapper does not w=
ork with class aliasses (Frans Saris)
2014-01-31 9596d4d #54131 [BUGFIX] getLabelsFromItemsList() =
retuns no value when no item found (Frans Saris)
2014-01-30 3dcc61d #55475 [BUGFIX] Regression in DataHandler=
(Wouter Wolters)
2014-01-30 a5e884f #55458 [BUGFIX] DocumentTemplate class in=
serts inDocStyles twice (Stefan Neufeind)
2014-01-30 084b5a9 #41450 [BUGFIX] Handle empty tags in lang=
uage pack index files (Alexander Stehlik)
2014-01-29 b81c5d5 #55407 [BUGFIX] ClickMenu does not show d=
estination-foldername (Stefan Neufeind)
2014-01-28 d6803b7 #55350 [BUGFIX] Invalid constant in the d=
omain redirect function (Tim Lochmueller)
2014-01-27 91b1db0 #55377 [TASK] Change repository url for i=
ntroduction package (Philipp Gampe)
2014-01-27 1af64b0 #55366 [TASK] Change phpunit repository u=
rl for travis (Philipp Gampe)
2014-01-24 3cefa40 #53964 [BUGFIX] Better description of [BE=
][unzip_path]/[BE][diff_path] (Markus Klein)
2014-01-24 041780f #55093 [BUGFIX] Simulate time in TYPO3 ad=
min panel broken (Peter Niederlag)
2014-01-23 8f55af7 #53201 [BUGFIX] sys_category table not li=
sted in allowed excludefields (Tomita Militaru)
2014-01-23 eec8579 #53665 [BUGFIX] Removing single category =
item not possible (Francois Suter)
2014-01-23 57b70f7 #54849 [BUGFIX] CLI context cannot write =
to backend log (Oliver Hader)
2014-01-22 b865ad9 #55246 [BUGFIX] Class 'TYPO3\CMS\Recordli=
st\Browser\GeneralUtility' not found (Oliver Hader)
2014-01-21 c96321d #37539 [BUGFIX] Static method cannot be a=
bstract (Xavier Perseguers)
2014-01-21 ae54769 #54884 [BUGFIX] RootlineUtility does not =
consider foreign_sorting (Markus Klein)
2014-01-16 0965b22 #53712 [BUGFIX] Create valid file referen=
ce index data (Alexander Stehlik)
2014-01-16 b7ce3ef #50266 [BUGFIX] File browser fails on ine=
xistent expandFolder (Mario Rimann)
2014-01-15 429e13d #34631 [BUGFIX] Show correct record title=
for be_groups and be_users (Markus Klein)
2014-01-15 5b23142 #54995 [BUGFIX] PHP warnings in ElementBr=
owser (Markus Klein)
2014-01-14 0ac8948 #54959 [TASK] Speedup typolink root-line =
handling (Steffen Ritter)
2014-01-14 714fca7 #53826 [BUGFIX] Folder tree in popup thro=
ws JS error (Aske Ertmann)
2014-01-14 f68832a #53352 [BUGFIX] Add defaultTypoScript to =
hierachyInfo (Peter Niederlag)
2014-01-13 22d3be1 #51805 [BUGFIX] Template dropdown doesn't=
refresh template title after save (Torben Hansen)
2014-01-11 72f5d5a #54909 [BUGFIX] Add missing logger names =
(Steffen M=FCller)
2014-01-09 2620cb5 #53975 [BUGFIX] Allow empty values in sta=
rt/stop filter of belog (Steffen M=FCller)
2014-01-09 c99a07a #53862 [BUGFIX] isValidUrl() idna convert=
s whole URI (Michiel Roos)
2014-01-09 4e3e3dc #52554 [TASK] Change list view delete ico=
n if record is deleted in WS (Sascha Egerer)
2014-01-09 f378b40 #31797 [BUGFIX] Properly escape the Image=
Magick frame selector (Georg Ringer)
2014-01-09 7d3eb35 #24877,#6708 [BUGFIX] Only create one keypair i=
n rsaauth (Tom Ruether)
2014-01-09 a31b325 #38767 [BUGFIX] use search word(s) for or=
dering search results (again) (Ralf Hettinger)
2014-01-08 03d6320 #47694 [BUGFIX] foreign_match_fields not =
fully supported (Stefan Froemken)
2014-01-08 e959451 #53727 [BUGFIX] Form Wizard saving destro=
ys Radio Buttons (Markus Klein)
2014-01-08 42a3eb3 #52133 [BUGFIX] Display relations' titles=
when TCA label field is type inline (Claus Due)
2014-01-07 272f80c #54807 [BUGFIX] PageBrowsing ViewHelper d=
efines unused method argument (Benjamin Rau)
2014-01-07 e09b381 #54808 [BUGFIX] Repository uses wrong pro=
perty to calc current result page (Benjamin Rau)
2014-01-04 81a30e8 #53662 [BUGFIX] Allow NULL values in INSE=
RT queries (Alexander Stehlik)
2014-01-04 67ac84c #53682 [TASK] Optimize speed for instanti=
ating class with arguments (Helmut Hummel)
2013-12-23 9283d4b #54115 [BUGFIX] ClassAliasMap, Tx_ VH nam=
espace and closing tag throws Exception (Claus Due)
2013-12-21 8379b1a #54531 [BUGFIX] Fix message for install t=
ool warning (Cynthia Mattingly)
2013-12-18 a95ab93 #54369 [TASK] Fix travis builds (Markus K=
lein)
2013-12-18 2a4d603 #51752 [BUGFIX] ArrayIterator::seek() war=
ning in ElementBrowser (Markus Klein)
2013-12-18 e4590fe #52059 [BUGFIX] felogin: Unknown modifier=
in regular expression (Wouter Wolters)
2013-12-18 e8978f9 #47648 [BUGFIX] Remove ElementBrowser::is=
ReadOnlyFolder (Markus Klein)
2013-12-13 be7505a #54027 [BUGFIX] No double htmlspecialchar=
s for filemount select (Alexander Stehlik)
2013-12-12 41fe22d #53818 [BUGFIX] Cleanly unset cookies on =
login in cookie-check (Stefan Neufeind)
|
|
www/typo3_60: security update
Revisions pulled up:
- www/typo3_60/Makefile 1.8
- www/typo3_60/PLIST 1.7
- www/typo3_60/distinfo 1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:50:48 UTC 2014
Modified Files:
pkgsrc/www/typo3_60: Makefile PLIST distinfo
Log Message:
Update typo3_60 to 6.0.14 (TYPO3 6.0.14), contains several security fixes.
2014-05-22 d1d252f [RELEASE] Release of TYPO3 6.0.14 (TYPO3 Release Team)
2014-05-22 37273fb #30377 [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22 edd27ad #54111,#54113 [SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
2014-05-22 00f00b1 #48695 [SECURITY] XSS in new content element wizard (Marcus Krause)
2014-05-22 6b7f3a8 #54109 [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22 5935348 #57576 [SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
2014-05-22 dda1739 #48693 [SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
2014-05-22 5e00a13 #56458 [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22 0f29e1f #54526 [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-21 e50f6a6 #54917 [BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
2014-05-15 53c830f #53079 [BUGFIX] FlashMessageService not available in TYPO3 6.0 (Oliver Hader)
2014-05-14 459c34d #58529 [BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
2014-04-25 bd704d5 #58180 [BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
2014-04-16 d1fc88d [TASK] Set TYPO3 version to 6.0.14-dev (TYPO3 Release Team)
2014-04-16 be80735 [RELEASE] Release of TYPO3 6.0.13 (TYPO3 Release Team)
2014-04-15 d9e6546 #51768 [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15 48f974e #56580 [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-15 9d1c880 #56991 [BUGFIX] Fix refindex for FlexForm fields type group file_reference (Marc Bastian Heinrichs)
2014-04-15 75f6b1b #56353,#56352 [BUGFIX] Fields of type group file are not properly indexed (Marc Bastian Heinrichs)
2014-04-15 4e64a39 #57010 [BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference (Marc Bastian Heinrichs)
2014-04-04 72be9f3 #57656 [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04 de4e047 #57603 [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-03-31 03646f1 #57296 [BUGFIX] Test typeof TBE_EDITOR for object not function (Alexander Opitz)
2014-03-24 87d3d40 #57238 [BUGFIX] Typo in Extbase localization file (Xavier Perseguers)
2014-03-13 be10ede #56855 [BUGFIX] Extbase tries to overlay pages_language_overlay records (Stanislas Rolland)
2014-03-08 15b15c0 #43885 [BUGFIX] Temporary DB tree mount notice missing in ElementBrowser (Lorenz Ulrich)
2014-03-05 99025c1 #46185 [BUGFIX] IdentityProperties were not set (Stefan Froemken)
2014-03-03 69c103b #56262 [BUGFIX] Double escape of title in indexed search (Markus Klein)
2014-02-28 cf83948 #56378 [BUGFIX] Do not log with severity 1320177676 (Christian Weiske)
2014-02-28 432a7bd #56421 [BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser (Christian Weiske)
2014-02-28 1474e2c #41413 [BUGFIX] URL-encoded title in link wizard (Helmut Hummel)
2014-02-27 ab4ef14 #55966 [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25 95cb16e #56184 [BUGFIX] Paginator in TER list not using ajax (Jigal van Hemert)
2014-02-25 8c2179f #23984 [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-21 9ebf4bb #54724 [BUGFIX] Use count on storage after initialization of LazyObjectStorage (Marc Bastian Heinrichs)
2014-02-21 4b44141 #49499 [BUGFIX] Fix possible language handling issue (Markus Klein)
2014-02-20 568b9bf #56135 [BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() (Markus Klein)
2014-02-19 40d97d5 #56067 [BUGFIX] Various static calls to non-static functions (Markus Klein)
2014-02-18 e428692 #54304 [BUGFIX] Missing encoding in flexforms IRRE javascript (Alexey Gafiulov)
2014-02-17 a335bcf #52527 [BUGFIX] addToAllTCAtypes() doesn't add new field (Tomita Militaru)
2014-02-17 88fd2df #55998 [BUGFIX] Usage of undefined variables in ShortcutToolbarItem (Tim Lochmueller)
2014-02-11 e2ebdfd #53028 [BUGFIX] cache_clearAtMidnight conflicts with content start/endtime (Dmitry Dulepov)
2014-02-10 e73b549 [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09 d2881f5 #53768,#28745 [BUGFIX] Allow to render the same TS object twice (Markus Klein)
2014-02-09 228fbc5 #55821 [BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* (Christian Kuhn)
2014-02-09 d9bf811 #18797 [BUGFIX] "New page" wizard discloses existence of pages outside DB mount (Nicole Cordes)
2014-02-09 2a233ef #53564 [TASK] Add possibility creating accessible mock for abstract classes (Marc Bastian Heinrichs)
2014-02-08 33a058b #16491 [BUGFIX] CSV-Download not working in IE and HTTPS backend (Wouter Wolters)
2014-02-06 0fe2509 #55713 [BUGFIX] Missing namespace in ContentObjectRenderer (Markus Klein)
2014-02-05 0004322 #54112 [BUGFIX] Set missing markers to empty string (Bernhard Kraft)
2014-02-03 8623b17 #54371 [BUGFIX] Add stdWrap on value property of TEXT (Markus Klein)
2014-02-03 e5a844d #52048 [BUGFIX] Locker throws exception if semaphore can not be acquired (Markus Klein)
2014-01-30 dc271e4 #55475 [BUGFIX] Regression in DataHandler (Wouter Wolters)
2014-01-30 460da13 #41450 [BUGFIX] Handle empty tags in language pack index files (Alexander Stehlik)
2014-01-29 3a84755 #55407 [BUGFIX] ClickMenu does not show destination-foldername (Stefan Neufeind)
2014-01-28 e5df843 #55350 [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-27 3b2cb07 #55366,#55377 [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-24 72db639 #55093 [BUGFIX] Simulate time in TYPO3 admin panel broken (Peter Niederlag)
2014-01-23 68057cf #54849 [BUGFIX] CLI context cannot write to backend log (Oliver Hader)
2014-01-16 c4703db #53712 [BUGFIX] Create valid file reference index data (Alexander Stehlik)
2014-01-16 42cd027 #50266 [BUGFIX] File browser fails on inexistent expandFolder (Mario Rimann)
2014-01-15 f76c7ea #34631 [BUGFIX] Show correct record title for be_groups and be_users (Markus Klein)
2014-01-14 f3d324d #53826 [BUGFIX] Folder tree in popup throws JS error (Aske Ertmann)
2014-01-14 df52d4a #53352 [BUGFIX] Add defaultTypoScript to hierachyInfo (Peter Niederlag)
2014-01-09 d0c4276 #53862 [BUGFIX] isValidUrl() idna converts whole URI (Michiel Roos)
2014-01-09 9f330b7 #52554 [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-09 ffc3f2b #24877,#6708 [BUGFIX] Only create one keypair in rsaauth (Tom Ruether)
2014-01-09 583a51b #38767 [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08 74be2df #38766 [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel)
2014-01-08 d1e2110 #53727 [BUGFIX] Form Wizard saving destroys Radio Buttons (Markus Klein)
2014-01-08 96ff927 #52133 [BUGFIX] Display relations' titles when TCA label field is type inline (Claus Due)
2014-01-04 2c40d1b #53662 [BUGFIX] Allow NULL values in INSERT queries (Alexander Stehlik)
2014-01-04 dd187dd #53682 [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2013-12-23 c2211f5 #54115 [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception (Claus Due)
2013-12-18 6be4de6 #54369 [TASK] Fix travis builds (Markus Klein)
2013-12-18 e6bfc6e #51752 [BUGFIX] ArrayIterator::seek() warning in ElementBrowser (Markus Klein)
2013-12-18 1294fe7 #52059 [BUGFIX] felogin: Unknown modifier in regular expression (Wouter Wolters)
2013-12-18 4f8c872 #47648 [BUGFIX] Remove ElementBrowser::isReadOnlyFolder (Markus Klein)
2013-12-13 78b00f3 #54027 [BUGFIX] No double htmlspecialchars for filemount select (Alexander Stehlik)
2013-12-12 28ca149 #53818 [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
|
|
www/typo3_47: security update
Revisions pulled up:
- www/typo3_47/Makefile 1.21
- www/typo3_47/PLIST 1.11
- www/typo3_47/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:49:11 UTC 2014
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update to typo3_47 to 4.7.19 (TYPO3 4.7.19), contains several securify fixes.
2014-05-22 4ebc6ca [RELEASE] Release of TYPO3 4.7.19 (TYPO3 Release Team)
2014-05-22 07eba3e #30377 [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22 ec33beb #54111,#54113 [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
2014-05-22 fb096e3 #48695 [SECURITY] XSS in new content element wizard (Markus Klein)
2014-05-22 1389da5 #54109 [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22 65fc32f #57576 [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
2014-05-22 7bec5c8 #48693 [SECURITY] Encode URL for use in JavaScript (Markus Klein)
2014-05-22 b907b64 #56458 [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22 c39bca9 #54526 [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-04-16 53b74d7 [TASK] Set TYPO3 version to 4.7.19-dev (TYPO3 Release Team)
2014-04-16 26f503d [RELEASE] Release of TYPO3 4.7.18 (TYPO3 Release Team)
2014-04-15 f329f76 #51768 [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15 9a2f402 #56580 [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-04 d470aa5 #57656 [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04 be342b4 #57603 [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-02-25 4dfb4d3 #23984 [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-10 0345de6 [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09 df8e21b #55811 [BUGFIX] Namespace usage in test (Christian Kuhn)
2014-02-08 84d2050 #16491 [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
2014-01-27 a42059c #55366,#55377 [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-17 3d40e0a #53682 [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2014-01-16 394e421 #54748 [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
2014-01-09 66bb350 #38767 [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08 f3b8711 #52133 [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
2013-12-18 53a6a36 #54369 [TASK] Fix travis builds (Markus Klein)
2013-12-12 019d6b7 #53818 [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
|
|
www/typo3_45: security update
Revisions pulled up:
- www/typo3_45/Makefile 1.30
- www/typo3_45/PLIST 1.14
- www/typo3_45/distinfo 1.25
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 27 13:47:25 UTC 2014
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.34 (TYPO4 4.5.34), contains several security fixes.
2014-05-22 2ee368c [RELEASE] Release of TYPO3 4.5.34 (TYPO3 Release Team)
2014-05-22 55d5f38 #30377 [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22 efb098b #54111,#54113 [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
2014-05-22 94011a3 #48695 [SECURITY] XSS in new content element wizard (Markus Klein)
2014-05-22 b62651b #54109 [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22 a98ae3c #57576 [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
2014-05-22 4f7258c #48693 [SECURITY] Encode URL for use in JavaScript (Markus Klein)
2014-05-22 742ad49 #56458 [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22 9bd7776 #54526 [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-08 6ffdcee #58187 [BUGFIX] Solve stackoverflow in prototype in IE8 (Jigal van Hemert)
2014-04-16 5d6a16e [TASK] Set TYPO3 version to 4.5.34-dev (TYPO3 Release Team)
2014-04-16 5bd6b52 [RELEASE] Release of TYPO3 4.5.33 (TYPO3 Release Team)
2014-04-15 aebc244 #51768 [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15 51a3897 #57934 [BUGFIX] Use validEmail() instead of deprecated checkEmail() (Stefan Neufeind)
2014-04-15 fcdaec0 #56580 [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-04 4316e98 #57656 [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04 9d36515 #57603 [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-02-27 e34a90b #55966 [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25 5c4554b #23984 [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-09 7d6a8cc #55811 [BUGFIX] Namespace usage in test (Christian Kuhn)
2014-02-08 44d7cfc #16491 [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
2014-01-30 138b13a #55458 [BUGFIX] DocumentTemplate class inserts inDocStyles twice (Stefan Neufeind)
2014-01-28 b867b04 #55350 [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-17 ab6256f Revert "[TASK] Optimize speed for instantiating class with arguments" (Ernesto Baschny)
2014-01-17 2526bdd #53682 [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2014-01-16 102307f #54748 [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
2014-01-09 e6643e1 #52554 [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-08 765882e #52133 [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
2013-12-12 d3e9494 #53818 [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
|
|
emulators/suse131_x11: security update
Revisions pulled up:
- emulators/suse131_x11/Makefile 1.6-1.7
- emulators/suse131_x11/distinfo 1.6
---
Module Name: pkgsrc
Committed By: obache
Date: Fri May 23 13:18:56 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_x11: Makefile distinfo
Log Message:
Apply openSUSE Security Update: openSUSE-SU-2014:0711-1
libXfont: Fixed multiple vulnerabilities
An update that fixes three vulnerabilities is now available.
Description:
libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing
(CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies
(CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies
(CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to
raise privileges
or by a remote attacker with control of the font server to execute code
with the privileges of the X server.
---
Module Name: pkgsrc
Committed By: obache
Date: Fri May 23 13:20:50 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_x11: Makefile
Log Message:
Bump PKGREVISION to refrect libXfont rpm update.
|
|
|
|
graphics/gimp: security patch
Revisions pulled up:
- graphics/gimp/Makefile 1.243 via patch
- graphics/gimp/distinfo 1.81-1.82
- graphics/gimp/patches/patch-plug-ins_common_file-xwd.c 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Wed May 21 13:50:22 UTC 2014
Modified Files:
pkgsrc/graphics/gimp: Makefile distinfo
Added Files:
pkgsrc/graphics/gimp/patches: patch-plug-ins_common_file-xwd.c
Log Message:
Sanity check colormap size (CVE-2013-1913), valid range is 0 .. 256.
Sanity check # of colors and map entries (CVE-2013-1978)
From
https://git.gnome.org/browse/gimp/patch/?id=32ae0f83e5748299641cceaabe3f80f1b3afd03e
and
https://git.gnome.org/browse/gimp/patch/?id=23f685931e5f000dd033a45c60c1e60d7f78caf4
Bump PKGREVISION to 2.
---
Module Name: pkgsrc
Committed By: he
Date: Thu May 22 12:02:19 UTC 2014
Modified Files:
pkgsrc/graphics/gimp: distinfo
Log Message:
Uh-oh, forgot to update distinfo with new patch checksum.
|
|
|
|
www/moodle: security update
Revisions pulled up:
- www/moodle/Makefile 1.27
- www/moodle/distinfo 1.19
---
Module Name: pkgsrc
Committed By: wen
Date: Thu May 22 00:58:07 UTC 2014
Modified Files:
pkgsrc/www/moodle: Makefile distinfo
Log Message:
Update to 2.5.6
Upstream changes:
Moodle 2.5.6 release notes
Release date: 12 May, 2014
Here is the full list of fixed issues in 2.5.6.
Functional changes
MDL-43985 - Checkbox added to control sending of feedback when grading
Assignment (backport of MDL-33600)
Security issues
MSA-14-0014 Cross-site request forgery possible in Assignment
MSA-14-0015 Web service token expiry issue for MoodleMobile
MSA-14-0016 Anonymous student identity revealed in Assignment
MSA-14-0017 File access issue in HTML block
MSA-14-0019 Reflected XSS in URL downloader repository
Fixes and improvements
MDL-45119 - When student opens assignment feedback PDF no error
messages are shown
MDL-41551 - Block drag-drop fixed for Clean theme on My Home page
MDL-44936 - CSS chunking is now more reliable on IE
MDL-45154 - Warnings and errors in user profile page fixed
MDL-43721 - Poor performance on Assignment grading page fixed
|
|
|
|
textproc/libxml2: security patch
Revisions pulled up:
- textproc/libxml2/Makefile 1.129
- textproc/libxml2/distinfo 1.103
- textproc/libxml2/patches/patch-parser.c 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sat May 10 22:45:42 UTC 2014
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/patches: patch-parser.c
Log Message:
add a patch for CVE-2014-0191 aka http://secunia.com/advisories/58018/
from https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
|
|
|
|
x11/fontsproto: security update
x11/libXfont: security patch
Revisions pulled up:
- x11/fontsproto/Makefile 1.7
- x11/fontsproto/distinfo 1.4
- x11/libXfont/Makefile 1.31-1.32
- x11/libXfont/distinfo 1.22-1.23
- x11/libXfont/patches/patch-src_fc_fsconvert.c 1.1
- x11/libXfont/patches/patch-src_fc_fserve.c 1.1
- x11/libXfont/patches/patch-src_util_patcache.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 15 08:22:53 UTC 2014
Modified Files:
pkgsrc/x11/fontsproto: Makefile distinfo
Log Message:
Update to 2.1.3:
2.1.3:
This release features a number of spec formatting improvements, and some
header adjustments for current xserver.
Adam Jackson (1):
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (35):
spec: Replace ASCII => & -> arrows with Unicode ▶ & ◀
spec: add olinks to X11 protocol & XLFD specs
spec: fixup bibliography entries (correct authors, link to references)
spec: convert from article with sections to book with chapters
spec: markup introduction of new terms with <firstterm>
spec: fixup markup/formatting of the naming syntax section
spec: change ids for encoding sections from *_2 to Encoding::*
spec: add links to references to other sections
spec: Use <figure> markup for figure labels
spec: remove some extra quotes from nroff conversion
spec: add <acronym> markup
spec: convert list of license models from itemizedlist to variablelist
spec: Convert .IN comments to indexterm tags
spec: add autogenerated index
spec: fix boundaries of <function> tags
spec: Use <errorname> instead of <function> for error names
spec: Convert Requests chapter to have a section per request
spec: Convert Events chapter to have a section per request
spec: Convert Errors chapter to have a section per request
spec: make links from encoding section to definitions
spec: Use <personname> markup in Acknowledgements
spec: Use tables for contents of Requests, Events & Errors
spec: Convert a bunch of AccessContext references from <function> to </type>
spec: Use <superscript> for exponents
spec: markup data type names with <type>
spec: Finish replacing nroff .sp macros with <para> breaks
spec: Convert Data Types section to have a section per type, with tables
spec: give footnotes ids for more stable links
spec: fixup quote characters
spec: add enumerated constants to index
spec: markup enumerated constant names with <constant>
spec: Make links to data types, requests, events & errors
spec: Remove <!- .LP --> comments leftover from nroff migration
spec: use <parameter> markup for elements of requests & replies
spec: Make alignment of columns in Encoding section more consistent
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Gaetan Nadon (1):
config: replace deprecated use of AC_OUTPUT with AC_CONFIG_FILES
Julien Cristau (1):
fontsproto 2.1.3
Keith Packard (2):
Replace 'pointer' with the equivalent 'void *'.
Allow paths and patterns to be const
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 15 16:47:26 UTC 2014
Modified Files:
pkgsrc/x11/libXfont: Makefile distinfo
Added Files:
pkgsrc/x11/libXfont/patches: patch-src_util_patcache.c
Log Message:
Fix compatibility with fontsproto-2.1.3 and depend on it.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu May 15 23:48:05 UTC 2014
Modified Files:
pkgsrc/x11/libXfont: Makefile distinfo
Added Files:
pkgsrc/x11/libXfont/patches: patch-src_fc_fsconvert.c
patch-src_fc_fserve.c
Log Message:
Fix CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211, validation errors
triggerable via XFS or local font directories under user control.
Bump revision.
|
|
|
|
sysutils/xentools41: Fix build on NetBSD 6.x and NetBSD 5.x
Revisions pulled up:
- sysutils/xentools41/distinfo 1.36
- sysutils/xentools41/patches/patch-xenstat_libxenstat_Makefile 1.2
- sysutils/xentools41/patches/patch-xenstat_xentop_Makefile 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed May 14 20:22:41 UTC 2014
Modified Files:
pkgsrc/sysutils/xentools41: distinfo
pkgsrc/sysutils/xentools41/patches: patch-xenstat_libxenstat_Makefile
Added Files:
pkgsrc/sysutils/xentools41/patches: patch-xenstat_xentop_Makefile
Log Message:
Make it build on netbsd-6 (and maybe netbsd-5):
Don't include other libraries in an archive, our ar seems to not
support it. Instead, list all libraries at link time.
|
|
sysutils/xenkernel3: fix build on NetBSD 6.x
Revisions pulled up:
- sysutils/xenkernel3/distinfo 1.19
- sysutils/xenkernel3/patches/patch-ae 1.4
- sysutils/xenkernel3/patches/patch-xen_include_xen_compat.h 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed May 14 20:21:19 UTC 2014
Modified Files:
pkgsrc/sysutils/xenkernel3: distinfo
pkgsrc/sysutils/xenkernel3/patches: patch-ae
Added Files:
pkgsrc/sysutils/xenkernel3/patches: patch-xen_include_xen_compat.h
Log Message:
Make it build on netbsd-6:
- use proper va_start for gcc >= 4.5
- disable the CHECK_* macros, the newer gcc is more strict about what can
be used as array size outside functions
|
|
|
|
emulators/suse131_libxml2: Fetch the RPM from the update site.
Revisions pulled up:
- emulators/suse131_libxml2/Makefile 1.2,1.3
- emulators/suse131_libxml2/distfile 1.2
---
Module Name: pkgsrc
Committed By: obache
Date: Thu May 15 11:27:22 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_libxml2: Makefile distinfo
Log Message:
Apply openSUSE Security Update: openSUSE-SU-2014:0645-1
libxml2
Description:
- fix for CVE-2014-0191 (bnc#876652)
* libxml2: external parameter entity loaded when entity substitution is
disabled
* added libxml2-CVE-2014-0191.patch
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu May 15 18:39:28 UTC 2014
Modified Files:
pkgsrc/emulators/suse131_libxml2: Makefile
Log Message:
Fix fetch.
|
|
|
|
net/ldns: security update
Revisions pulled up:
- net/ldns/Makefile 1.30
- net/ldns/patches/patch_examples_ldns-keygen.c 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Sat May 17 14:55:51 UTC 2014
Modified Files:
pkgsrc/net/ldns: Makefile
Added Files:
pkgsrc/net/ldns/patches: patch_examples_ldns-keygen.c
Log Message:
Add a patch to fix CVE-2014-3209:
Let ldns-keygen create private key file with mode 0600.
Bump PKGREVISION.
|
|
|
|
emulators/qemu: security update
Revisions pulled up:
- emulators/qemu/Makefile patch
- emulators/qemu/PLIST patch
- emulators/qemu/distinfo patch
- emulators/qemu/patches/patch-hw_virtio_virtio.c patch
- emulators/qemu/patches/patch-include_exec_softmmu__template.h patch
---
Apply patch to update qemu package to version 2.0.0nb2 which
fixes multiple security vulnerabilities.
|
|
print/cups: security patch
Revisions pulled up:
- print/cups/Makefile 1.204
- print/cups/distinfo 1.98
- print/cups/patches/patch-scheduler_client.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu May 15 12:51:58 UTC 2014
Modified Files:
pkgsrc/print/cups: Makefile distinfo
Added Files:
pkgsrc/print/cups/patches: patch-scheduler_client.c
Log Message:
Fix CVE-2014-2856 using upstream patch.
Bump PKGREVISION.
|
|
|
|
lang/python33 OpenSSL security fix
Revisions pulled up:
- lang/python33/Makefile 1.24
- lang/python33/distinfo 1.15
- lang/python33/patches/patch-Lib_os.py 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu May 15 12:33:10 UTC 2014
Modified Files:
pkgsrc/lang/python33: Makefile distinfo
Added Files:
pkgsrc/lang/python33/patches: patch-Lib_os.py
Log Message:
Add fix for CVE-2014-2667.
Bump PKGREVISION.
|
|
|
