| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
www/drupal7: security fix
Revisions pulled up:
- www/drupal7/Makefile 1.34-1.35
- www/drupal7/PLIST 1.13
- www/drupal7/distinfo 1.27-1.28
---
Module Name: pkgsrc
Committed By: wen
Date: Sun Oct 18 03:30:53 UTC 2015
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update to 7.40
Upstream changes:
Drupal 7.40, 2015-10-14
-----------------------
- Made Drupal's code for parsing .info files run much faster and use much less
memory.
- Prevented drupal_http_request() from returning an error when it receives a
201 through 206 HTTP status code.
- Added support for autoloading traits via the registry on sites running PHP
5.4 or higher.
- Allowed the user-picture.tpl.php theme template to have HTML classes besides
the default "user-picture" class printed in it (markup change).
- Fixed the URL text filter to convert e-mail addresses with plus signs into
mailto: links.
- Added alternate text to file icons displayed by the File module, to improve
accessibility (string change, and minor API addition to theme_file_icon()).
- Changed one-time login link failure messages to be displayed as errors or
warnings as appropriate, rather than as regular status messages (minor UI
change and data structure change).
- Changed the default settings.php configuration to exclude private files from
the "404_fast_paths" behavior.
- Changed the page that displays filter tips for a particular text format, for
example filter/tips/full_html, to return "page not found" or "access denied"
if the format does not exist or the user does not have access to it. This
change adds a new menu item to the Filter module's hook_menu() entry (minor
data structure change).
- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the
cache keys used for caching a particular block.
- Made drupal_set_message() display and return messages when "0" is passed in
as the message to set.
- Fixed non-functional "Files displayed by default" setting on file fields.
- The "worker callback" provided in hook_cron_queue_info() and the "finished"
callback specified during batch processing can now be any PHP callable
instead of just functions.
- Prevented drupal_set_time_limit() from decreasing the time limit in the case
where the PHP maximum execution time is already unlimited.
- Changed the default thousand marker for numeric fields from a space ("1 000")
to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
- Prevented malformed theme .info files (without a "name" key) from causing
exceptions during menu rebuilds. If an .info file without a "name" key is
found in a module or theme directory, Drupal will now use the module or
theme's machine name as the display name instead.
- Made the format column in the {date_format_locale} database table
case-sensitive, to match the equivalent column in the {date_formats} table.
- Fixed a bug in the Statistics module that caused JavaScript files attached to
a node while it is being viewed to be omitted from the page.
- Added an optional 'project:' prefix that can be added to dependencies in a
module's .info file to indicate which project the dependency resides in (API
addition: https://www.drupal.org/node/2299747).
- Fixed various bugs that occurred after hooks were invoked early in the Drupal
bootstrap and that caused module_implements() and drupal_alter() to cache an
incomplete set of hook implementations for later use.
- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent
certain web browsers from picking an unsafe MIME type.
- Prevented the database API from executing multiple queries at once on MySQL,
if the site's PHP version is new enough to do so. This is a secondary defense
against SQL injection (API change: https://www.drupal.org/node/2463973).
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade
to fail when there were multiple file records pointing to the same file.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 09:59:44 UTC 2015
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
Update drupal7 to 7.41.
Drupal 7.41, 2015-10-21
-----------------------
- Fixed security issues (open redirect). See SA-CORE-2015-004.
|
|
net/unbound: SMF support
Revisions pulled up:
- net/unbound/Makefile 1.38
- net/unbound/files/smf/manifest.xml 1.1
- net/unbound/files/smf/unbound.sh 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 21 21:30:14 UTC 2015
Modified Files:
pkgsrc/net/unbound: Makefile
Added Files:
pkgsrc/net/unbound/files/smf: manifest.xml unbound.sh
Log Message:
Add SMF support. Bump revision.
|
|
security/botan-devel: build fix
Revisions pulled up:
- security/botan-devel/Makefile 1.11
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Oct 21 21:29:14 UTC 2015
Modified Files:
pkgsrc/security/botan-devel: Makefile
Log Message:
For amd64 builds, override the automatic CPU detection. It fails on
SmartOS for 64bit builds.
|
|
|
|
devel/netbsd-iscsi-lib: SmartOS build fix
Revisions pulled up:
- devel/netbsd-iscsi-lib/Makefile 1.5
- devel/netbsd-iscsi-lib/distinfo 1.6
- devel/netbsd-iscsi-lib/patches/patch-ac 1.2
- devel/netbsd-iscsi-lib/patches/patch-include_iscsi-md5.h 1.1
- devel/netbsd-iscsi-lib/patches/patch-src_lib_md5c.c 1.1
- devel/netbsd-iscsi-lib/patches/patch-src_lib_md5hl.c 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 15 13:15:50 UTC 2015
Modified Files:
pkgsrc/devel/netbsd-iscsi-lib: Makefile distinfo
pkgsrc/devel/netbsd-iscsi-lib/patches: patch-ac
Added Files:
pkgsrc/devel/netbsd-iscsi-lib/patches: patch-include_iscsi-md5.h
patch-src_lib_md5c.c patch-src_lib_md5hl.c
Log Message:
Fix for non-BSD platforms by avoiding sys/cdefs.h dependency.
Avoid system namespace for headers. Add missing RCS ID.
|
|
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.50,1.52
- multimedia/adobe-flash-plugin11/distinfo 1.47,1.49
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tsutsui
Date: Sun Oct 18 14:15:23 UTC 2015
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.540.
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: October 16, 2015
Vulnerability identifier: APSB15-27
CVE number: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Platform: All Platforms
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 pkgsrc/multimedia/adobe-flash-plugin11/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/multimedia/adobe-flash-plugin11/distinfo
|
|
lang/perl5: fix for sparc
Revisions pulled up:
- lang/perl5/hacks.mk 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: mrg
Date: Thu Oct 15 00:15:52 UTC 2015
Modified Files:
pkgsrc/lang/perl5: hacks.mk
Log Message:
enable the GCC 4.5 op.c hack for sparc.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/perl5/hacks.mk
|
|
sysutils/dbus: build fix
Revisions pulled up:
- sysutils/dbus/distinfo 1.67
- sysutils/dbus/patches/patch-tools_dbus-print-message.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 8 14:32:09 UTC 2015
Modified Files:
pkgsrc/sysutils/dbus: distinfo
Added Files:
pkgsrc/sysutils/dbus/patches: patch-tools_dbus-print-message.c
Log Message:
Fix build on NetBSD 5.x and 6.x.
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.67 pkgsrc/sysutils/dbus/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/dbus/patches/patch-tools_dbus-print-message.c
|
|
|
|
www/webkit-gtk: build fix
Revisions pulled up:
- www/webkit-gtk/Makefile 1.99
- www/webkit-gtk/hacks.mk 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Mon Oct 5 16:25:30 UTC 2015
Modified Files:
pkgsrc/www/webkit-gtk: Makefile
Added Files:
pkgsrc/www/webkit-gtk: hacks.mk
Log Message:
Add a workaround and fixes PR pkg/50284 forcing building webkit-gtk with
- -march=i586 in order to avoid on i386 the "-latomic" flag when linking
libwebkit2gtk-4.0.so.
Bump PKGREVISION.
Thanks joerg@, jperkin@ and tnn@ for various suggestions.
To generate a diff of this commit:
cvs rdiff -u -r1.98 -r1.99 pkgsrc/www/webkit-gtk/Makefile
cvs rdiff -u -r0 -r1.1 pkgsrc/www/webkit-gtk/hacks.mk
|
|
|
|
misc/pciids: build fix
Revisions pulled up:
- misc/pciids/Makefile 1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Mon Oct 5 12:23:21 UTC 2015
Modified Files:
pkgsrc/misc/pciids: Makefile
Log Message:
Don't use master site with dynamically generated file. We have it on nbftp.
PR pkg/50297
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/misc/pciids/Makefile
|
|
mail/postfix-lmdb: build fix
mail/postfix-mysql: build fix
mail/postfix-pcre: build fix
mail/postfix-pgsql: build fix
mail/postfix-sqlite: build fix
Revisions pulled up:
- mail/postfix-lmdb/Makefile 1.1-1.3
- mail/postfix-mysql/Makefile 1.1-1.3
- mail/postfix-pcre/Makefile 1.1-1.3
- mail/postfix-pgsql/Makefile 1.1-1.3
- mail/postfix-sqlite/Makefile 1.1-1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Oct 5 00:05:31 UTC 2015
Modified Files:
pkgsrc/mail/postfix-lmdb: Makefile
pkgsrc/mail/postfix-mysql: Makefile
pkgsrc/mail/postfix-pcre: Makefile
pkgsrc/mail/postfix-pgsql: Makefile
pkgsrc/mail/postfix-sqlite: Makefile
Log Message:
Link with corect rpath. Fix PR pkg/50299.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-lmdb/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-mysql/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-pcre/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-pgsql/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-sqlite/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Oct 5 00:14:13 UTC 2015
Modified Files:
pkgsrc/mail/postfix-lmdb: Makefile
pkgsrc/mail/postfix-mysql: Makefile
pkgsrc/mail/postfix-pcre: Makefile
pkgsrc/mail/postfix-pgsql: Makefile
pkgsrc/mail/postfix-sqlite: Makefile
Log Message:
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-lmdb/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-mysql/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-pcre/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-pgsql/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-sqlite/Makefile
|
|
graphics/exiv2: security update
graphics/exiv2-organize: dependant update
Revisions pulled up:
- graphics/exiv2-organize/Makefile 1.28
- graphics/exiv2/Makefile.common 1.5
- graphics/exiv2/PLIST 1.17
- graphics/exiv2/distinfo 1.25
- graphics/exiv2/patches/patch-aa 1.5
- graphics/exiv2/patches/patch-configure 1.2
- graphics/exiv2/patches/patch-src_Makefile 1.1
- graphics/exiv2/patches/patch-src_http.cpp 1.1
- graphics/exiv2/patches/patch-src_svn_version.sh 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Oct 3 12:08:37 UTC 2015
Modified Files:
pkgsrc/graphics/exiv2: Makefile.common PLIST distinfo
pkgsrc/graphics/exiv2-organize: Makefile
pkgsrc/graphics/exiv2/patches: patch-aa patch-configure
Added Files:
pkgsrc/graphics/exiv2/patches: patch-src_Makefile patch-src_http.cpp
patch-src_svn_version.sh
Log Message:
Update exiv2 to 0.25, fixing a security issue. Patch from
Timo Buhrmester via mail.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/graphics/exiv2/Makefile.common
cvs rdiff -u -r1.16 -r1.17 pkgsrc/graphics/exiv2/PLIST
cvs rdiff -u -r1.24 -r1.25 pkgsrc/graphics/exiv2/distinfo
cvs rdiff -u -r1.27 -r1.28 pkgsrc/graphics/exiv2-organize/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/graphics/exiv2/patches/patch-aa
cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/exiv2/patches/patch-configure
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/exiv2/patches/patch-src_Makefile \
pkgsrc/graphics/exiv2/patches/patch-src_http.cpp \
pkgsrc/graphics/exiv2/patches/patch-src_svn_version.sh
|
|
lang/go14: security update
Revisions pulled up:
- lang/go/version.mk 1.9
- lang/go14/Makefile 1.5
- lang/go14/PLIST 1.2
- lang/go14/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Sun Sep 27 00:36:02 UTC 2015
Modified Files:
pkgsrc/lang/go14: Makefile
Log Message:
more REPLACE_BASH
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go14/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Sep 26 17:37:01 UTC 2015
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go14: Makefile PLIST distinfo
Log Message:
Update go14 to 1.4.3. It fixes four security-related issues.
The issues were reported in Go's net/http package. They affect programs usi=
ng
that package to proxy HTTP requests. We recommend that all users upgrade to=
Go
1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we ha=
ve
released version 1.4.3, which is based on Go 1.4.2 plus fixes for these iss=
ues.
Affected Go programs=E2=80=94those that use the net/http package as a proxy=
server=E2=80=94must
be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.
The CVE issue descriptions and fixes are linked below.
CVE-2015-5739
"Content Length" treated as valid header:
https://go-review.googlesource.com/#/c/11772/
CVE-2015-5740
Double content-length headers does not return 400 error:
https://go-review.googlesource.com/#/c/11810/
CVE-2015-5741
Additional hardening, not sending Content-Length w/Transfer-Encoding,
Closing connections:
https://go-review.googlesource.com/#/c/11810/
https://go-review.googlesource.com/#/c/12865/
https://go-review.googlesource.com/#/c/13148/
The Go team would like to thank Jed Denlea and R=C3=A9gis Leroy for their
contributions to this release. They have been awarded 1337 USD under the Go=
ogle
Security Bounty program.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go14/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go14/PLIST
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go14/distinfo
|
|
|
|
lang/php56: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.114
- lang/php56/distinfo 1.16
- lang/php56/patches/patch-aclocal.m4 deleted
- lang/php56/patches/patch-build_libtool.m4 deleted
- lang/php56/patches/patch-configure 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 2 14:37:40 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: distinfo
pkgsrc/lang/php56/patches: patch-configure
Removed Files:
pkgsrc/lang/php56/patches: patch-aclocal.m4 patch-build_libtool.m4
Log Message:
Update php56 to 5.6.14.
01 Oct 2015, PHP 5.6.14
- Core:
. Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
building extensions). (Adam)
- CLI server:
. Fixed bug #68291 (404 on urls with '+'). (cmb)
- DOM:
. Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
encoding). (cmb)
- Mysqlnd:
. Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
a server). (Sergei Turchanov)
- OpenSSL:
. Fixed bug #55259 (openssl extension does not get the DH parameters from
DH key resource). (Jakub Zelenka)
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
. Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
. Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)
- PDO:
. Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
- Phpdbg:
. Fix phpdbg_break_next() sometimes not breaking. (Bob)
- Standard:
. Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
- Streams:
. Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
(Niklas Keller)
- Zip:
. Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)
|
|
lang/php55: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.113
- lang/php55/distinfo 1.46
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 2 14:36:35 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
Log Message:
Update php55 to 5.5.30.
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
** PHP 5.5 is in security-only mode , please do not commit to this branch **
01 Oct 2015, PHP 5.5.30
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
|
|
|
|
mail/mhonarc: build fix
Revisions pulled up:
- mail/mhonarc/Makefile 1.39
- mail/mhonarc/distinfo 1.20
- mail/mhonarc/patches/patch-lib_mhamain.pl 1.3
- mail/mhonarc/patches/patch-lib_mhopt.pl 1.3
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Sep 26 14:30:24 UTC 2015
Modified Files:
pkgsrc/mail/mhonarc: Makefile distinfo
Added Files:
pkgsrc/mail/mhonarc/patches: patch-lib_mhamain.pl patch-lib_mhopt.pl
Log Message:
defined(%hash) is not valid any more in perl 5.22; change to %hash
|
|
www/p5-HTML-StripScripts: build fix
Revisions pulled up:
- www/p5-HTML-StripScripts/Makefile 1.12
- www/p5-HTML-StripScripts/distinfo 1.3
- www/p5-HTML-StripScripts/patches/patch-StripScripts.pm 1.1
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Sep 26 14:22:56 UTC 2015
Modified Files:
pkgsrc/www/p5-HTML-StripScripts: Makefile distinfo
Added Files:
pkgsrc/www/p5-HTML-StripScripts/patches: patch-StripScripts.pm
Log Message:
Fix Bug/typo which causes a fatal error in perl 5.22
|
|
|
|
www/firefox: build fix
Revisions pulled up:
- www/firefox/mozilla-common.mk 1.64
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Sep 29 15:22:07 UTC 2015
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
Fix build under NetBSD/i386.
|
|
sysutils/findutils: build fix
Revisions pulled up:
- sysutils/findutils/Makefile 1.35
---
Module Name: pkgsrc
Committed By: dholland
Date: Mon Sep 28 01:40:53 UTC 2015
Modified Files:
pkgsrc/sysutils/findutils: Makefile
Log Message:
add bison to tools since we patched a .y file; noticed by Joerg
|
|
|
|
textproc/icu: security fix
Revisions pulled up:
- textproc/icu/Makefile 1.100
- textproc/icu/distinfo 1.55
- textproc/icu/patches/patch-common_ucnv__io.cpp 1.1
---
Module Name: pkgsrc
Committed By: tnn
Date: Tue Sep 29 02:15:54 UTC 2015
Modified Files:
pkgsrc/textproc/icu: Makefile distinfo
Added Files:
pkgsrc/textproc/icu/patches: patch-common_ucnv__io.cpp
Log Message:
Patch CVE-2015-1270. Via Debian.
|
|
|
|
multimedia/adobe-flash-plugin11: security fix
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.50
- multimedia/adobe-flash-plugin11/distinfo 1.47
---
Module Name: pkgsrc
Committed By: tsutsui
Date: Fri Sep 25 15:35:39 UTC 2015
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.521.
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: September 21, 2015
Last updated: September 23, 2015
Vulnerability identifier: APSB15-23
CVE number: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571,
CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576,
CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581,
CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676,
CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
Platform: All Platforms
|
|
|
|
www/php-owncloud: documentation fix
Revisions pulled up:
- www/php-owncloud/MESSAGE 1.19
- www/php-owncloud/Makefile 1.55
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sun Sep 27 19:42:57 UTC 2015
Modified Files:
pkgsrc/www/php-owncloud: MESSAGE Makefile
Log Message:
owncloud wants pdo_mysql or pdo_pgsql
bump PKGREVISION
|
|
|
|
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/Makefile 1.144
- emulators/qemu/distinfo 1.106
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Sep 25 14:57:59 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile distinfo
Log Message:
Update to 2.4.0.1
Changelog:
* net: avoid infinite loop when receiving packets(CVE-2015-5278)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 737d2b3c41d59eb8f94ab7eb419b957938f24943)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
* net: add checks to validate ring buffer pointers(CVE-2015-5279)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9bbdbc66e5765068dce76e9269dce4547afd8ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
* e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)
While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.
[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
(cherry picked from commit b947ac2bf26479e710489739c465c8af336599e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
* vnc: fix memory corruption (CVE-2015-5225)
The _cmp_bytes variable added by commit "bea60dd ui/vnc: fix potential
memory corruption issues" can become negative. Result is (possibly
exploitable) memory corruption. Reason for that is it uses the stride
instead of bytes per scanline to apply limits.
For the server surface is is actually fine. vnc creates that itself,
there is never any padding and thus scanline length always equals stride.
For the guest surface scanline length and stride are typically identical
too, but it doesn't has to be that way. So add and use a new variable
(guest_ll) for the guest scanline length. Also rename min_stride to
line_bytes to make more clear what it actually is. Finally sprinkle
in an assert() to make sure we never use a negative _cmp_bytes again.
Reported-by: 范祚至(库特) <zuozhi.fzz@alibaba-inc.com>
Reviewed-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit eb8934b0418b3b1d125edddc4fc334a54334a49b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
|
|
net/ruby-userstream: correct dependency
Revisions pulled up:
- net/ruby-userstream/Makefile 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 27 04:11:36 UTC 2015
Modified Files:
pkgsrc/net/ruby-userstream: Makefile
Log Message:
Correct dependency to textproc/ruby-yajl; do not override gemspec yajl
but yajl-ruby. Fix run time problem of ruby-tw.
Bump PKGREVISION.
|
|
|
|
www/firefox: build fix
Revisions pulled up:
- www/firefox/mozilla-common.mk 1.63
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Sep 24 22:36:27 UTC 2015
Modified Files:
pkgsrc/www/firefox: mozilla-common.mk
Log Message:
Fix NetBSD/i386 build.
flag for c++ compiler is CXXFLAGS.
To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/firefox/mozilla-common.mk
|
|
sysutils/findutils: build fix
Revisions pulled up:
- sysutils/findutils/distinfo 1.17
- sysutils/findutils/patches/patch-gnulib_lib_getdate.y 1.1
---
Module Name: pkgsrc
Committed By: dholland
Date: Sat Sep 26 18:49:50 UTC 2015
Modified Files:
pkgsrc/sysutils/findutils: distinfo
Added Files:
pkgsrc/sysutils/findutils/patches: patch-gnulib_lib_getdate.y
Log Message:
Remove wrong compile-time assertion about the size of time_t. (I'm
sure this wrong code has popped up before, but I can't find any other
patches for it in pkgsrc right now.) PR 50273.
|
|
|
|
security/netpgpverify: bug fix patch
security/libnetpgpverify: bug fix patch
Revisions pulled up:
- pkgsrc/security/netpgpverify: Makefile 1.17
- pkgsrc/security/netpgpverify/files/digest.c 1.4
- pkgsrc/security/netpgpverify/files/misc.c 1.4
- pkgsrc/security/netpgpverify/files/rsa.c 1.4
- pkgsrc/security/netpgpverify/files/verify.h 1.16
---
Module Name: pkgsrc
Committed By: agc
Date: Fri Sep 25 15:46:58 UTC 2015
Modified Files:
pkgsrc/security/netpgpverify: Makefile
pkgsrc/security/netpgpverify/files: digest.c misc.c rsa.c verify.h
Log Message:
Update netpgpverify, and libnetpgpverify, from version 20150911 to
version 20150919
Changes:
+ get rid of unnecessary header inclusion (sys/syslog.h), which gives
problems on HP/UX and is unused
from Tobias Nygren
|
|
|
|
|
|
- buffer: Fixed a bug introduced in v4.1.0 where allocating
a new zero-length buffer can result in the next allocation
of a TypedArray in JavaScript not being zero-filled. In
certain circumstances this could result in data leakage
via reuse of memory space in TypedArrays, breaking the
normally safe assumption that TypedArrays should be always
zero-filled.
- http: Guard against response-splitting of HTTP trailing headers
added via response.addTrailers() by removing new-line ([\r\n])
characters from values. Note that standard header values are
already stripped of new-line characters. The expected security
impact is low because trailing headers are rarely used.
- npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for
full details
- Upgrades graceful-fs on multiple dependencies to no longer rely
on monkey-patching fs
- Fix npm link for pre-release / RC builds of Node
- v8: Update post-mortem metadata to allow post-mortem debugging tools
to find and inspect:
- JavaScript objects that use dictionary properties
- ScopeInfo and thus closures
|
|
Not supported since 1.3.8 (we have 1.8.x and 1.9.x in pkgsrc).
Reported by Timshel Knoll-Miller in PR 50272.
|
|
|
|
Changelog:
Bugs fixed compared to 5.0.2 RC1:
rhbz#1134285 Open a file in a mounted WebDAV drive and LibreOffice asks for user and password [Stephan Bergmann]
rhbz#1259746 Writer fails to open correct ODT file from WebDAV share [Stephan Bergmann]
tdf#92145 Writer text table rows can't be resized (with disabled rulers) [László Németh]
tdf#92357 Tab type switcher in ruler does not clear previous icon when clicking it [László Németh]
tdf#92843 UI: The case of the disappearing zoom slider [László Németh]
tdf#92982 rendercontext: blinking cursor is drawn directly [Miklos Vajna]
tdf#92995 EDITING: Undo of Drag&Drop with annotation/comment object causes crash [Eike Rathke]
tdf#93666 GL / area fill scaling issue. [Tomaž Vajngerl]
tdf#93778 gestureLongPress cores being passed a NULL frame [Szymon Kłos]
tdf#93814 cache binary compiled versions of shaders ... [Marco Cecchetti]
tdf#93884 odd text rendering artifacts in slideshow [Miklos Vajna]
tdf#93989 crash on chart insert ... [Markus Mohrhard]
tdf#93996 gltf rendering timer is far too fast ... [Michael Meeks]
tdf#94006 OpenGLContext - ref-counted and manually managed ... [Michael Meeks]
tdf#94031 Some 3D OpenGL transitions don't work in GL mode ... [Lubosz Sarnecki]
tdf#94213 horrible flickering on window resize [Michael Meeks]
tdf#94249 EDITING: Calc sort crashes [Eike Rathke]
tdf#94252 Gratuitous GL context switching. [Michael Meeks]
tdf#94281 mis-use of legacy GL contexts ... [Michael Meeks]
Bugs fixed compared to 5.0.1 RC2:
bnc#835985 revert "When printing ... 'Order' did not count." [Jan Holesovsky]
cid#1315264 DOCX import: rot=90 and vert=vert270 means no text rotation [Miklos Vajna]
coverity#1320472 uninitialized scalar field [Caolán McNamara]
i#121407 fix mis-merge [Stephan Bergmann]
i#124638 xmloff: fix Calc header background image saving [Miklos Vajna]
i#65128 handle the NULL clip correctly for pdf output [Thorsten Behrens]
i#95318 svtools: don't commit SvtMenuOptions too early [Michael Stahl]
rhbz#1255200 [abrt] libreoffice-core: sdr::table::SvxTableController::SetTableStyle(): soffice.bin killed by SIGSEGV [Caolán McNamara]
rhbz#1255811 [fix available] Calc: Random Number generator can't be edited and applied for cell location [Eike Rathke]
tdf#44388 Printing/Exporting to PDF adds text to the side of form elements ('checkbox',...) [Thorsten Behrens]
tdf#44399 UI: Format Cells dialog displays misleading value for 'Decimal places' [Laurent Balland-Poirier]
tdf#60381 The operation on <path> was started with an invalid parameter [Giuseppe Castagno]
tdf#73071 Sidebar: Styles are missing from Properties tab [Yousuf Philips]
tdf#75973 password protected library does not honnor end user type definition [Laurent Godard]
tdf#76649 Trend line invisible if first data point is missing x value [Laurent Balland-Poirier]
tdf#77514 FORMATTING: CJK ruby text (furigana) in vertical mode pushes characters to the left of the base line [Mark Hung]
tdf#78111 UI: "Freakout"-behaviour and freeze during resize of docked sidebar [Maxim Monastirsky]
tdf#79018 FILEOPEN: DOCX with a footnote hangs LO on open [Oliver Specht]
tdf#79741 Macro with Find @ Replace crash Calc [Julien Nabet]
tdf#80512 UI: Horizontal scrollbar backwards with RTL sheet and kde4 ui [Jan-Marek Glogowski]
tdf#80866 Layout of custom handouts is ignored [Jan Holesovsky]
tdf#83546 SIDEBAR: content panels in tray don't open with accelerators when sidebar is enabled but fully hidden [Maxim Monastirsky]
tdf#87922 4.4.0.x Automatic font color no longer works [Miklos Vajna]
tdf#87924 FILEOPEN: DOCX - text in shape is wrong direction [Miklos Vajna]
tdf#88986 EDITING: Insert Frame dialog shows empty lists for area fill types [Miklos Vajna]
tdf#89245 FORMATTING, FILESAVE: Header and footer background images are not saved [Miklos Vajna]
tdf#89381 ValueSet has rendering issues in RTL interface [Maxim Monastirsky]
tdf#89720 Highlighted comment text with replies have dark color [Miklos Vajna]
tdf#89954 FORMATTING: Autocapitalisation does not happen if the last word in the previous sentence has a comment in the middle of the word [Miklos Vajna]
tdf#91022 Incorrect Dates in Report created with legacy report wizard [Julien Nabet]
tdf#91060 LO impress crashes when opening pptx with comments [Caolán McNamara]
tdf#91882 UI: Dialogue for Advanced filter is transparent. [Michael Meeks]
tdf#91969 FORMATTING: Parts of Paragraph Border missing when Border around more than one Paragraph [Zolnai Tamás]
tdf#92019 Implement texture atlas for OpenGL [Tomaž Vajngerl]
tdf#92242 UI - StartCenter and Application windows can not be resized diagonally with mouse after initial window size increase and covers OSX Dock [andreask]
tdf#92256 INDIRECT function lost interoperabilty with calc documents migrated by OOo3.2.1 [Katarina Behrens]
tdf#92324 printing of labels (Next dataset fields) via file->print is broken [Vasily Melenchuk]
tdf#92379 ODF import: styles with fo:background-color wrongly imported causing wrong frame and paragraph backgrounds [Michael Stahl]
tdf#92612 Right-clicking after applying "paint buckets" leads to multiple Undo [Ashod Nakashian]
tdf#92885 Incorrect cell border drawing in DOC file after saving in 5.0 [Noel Grandin]
tdf#92982 rendercontext: blinking cursor is drawn directly [Miklos Vajna]
tdf#92997 Chart: Data table category view format bad for table of times [Eike Rathke]
tdf#93064 START CENTER: Icon sizes in breeze cause help and extensions buttons not to be visible [andreask]
tdf#93071 UI: General format: useless trailing zeroes for scientific notation [Laurent Balland-Poirier]
tdf#93077 Dialog editor: adding a language crashes LibO [Michael Meeks]
tdf#93096 Selecting text with keyboard (partially outside current view) results in wrong highlighting and mangled text [Miklos Vajna]
tdf#93098 Unexpectedly quit when use Data->Sort (crash) [Eike Rathke]
tdf#93188 Closing media player crashes Writer [Michael Meeks]
tdf#93233 clock face emoji autocorrect collisions in some languages [Christian Lohmaier]
tdf#93284 FILEOPEN: LibO crashes on loading .RTF [Miklos Vajna]
tdf#93325 rendercontext: animgifs are painted directly [Miklos Vajna]
tdf#93351 FORMATTING: "Edit style" button in "Schema & Numbering" tab in paragraph style edition navigates wrong [Julien Nabet]
tdf#93353 Master document does not show diagrams included and properly shown in documents linked into the master [Bjoern Michaelsen]
tdf#93358 Copy/paste of a range of cells with IF formula and format set to General causes crash [Eike Rathke]
tdf#93364 rendercontext: style combo box is not always updated [Miklos Vajna]
tdf#93384 rendercontext: comment spelling is drawn directly [Miklos Vajna]
tdf#93388 Crash when deleting cell contents [Eike Rathke]
tdf#93404 status indicator progress bar not shown while loading big file [Stephan Bergmann]
tdf#93407 Draw crashes when changing line width using sidebar [Maxim Monastirsky]
tdf#93410 NullPointerException while connecting to LibreOffice via Java UNO API [Noel Grandin]
tdf#93437 Once the Function Wizard has been Displayed, it is not Possible to Select Columns or Rows or to Open the Context Menu of Columns and Rows [Katarina Behrens]
tdf#93451 Menu-Icons are always hidden [Michael Stahl]
tdf#93514 Non free cs_CZ (Czech) thesaurus dictionary [Christian Lohmaier]
tdf#93529 OpenGL tracker bug ... [Michael Meeks]
tdf#93530 menu non-rendering on click ... [Michael Meeks]
tdf#93532 Image / CRC32 not enough ... [Michael Meeks, Marco Cecchetti]
tdf#93536 Crash when launching Tools > AutoText (comment 6) [Michael Meeks]
tdf#93546 Need way to hard disable any OpenGL usage / probing etc. [Michael Meeks, Stephan Bergmann]
tdf#93547 detect OpenGL crashes and disable it [Michael Meeks]
tdf#93558 Preview of Bullets is hard to see with a dark theme [Maxim Monastirsky]
tdf#93569 Linux: no save on crash [Michael Meeks]
tdf#93600 Condition Formatting: Entering "=" in comparison value crashes program [Katarina Behrens]
tdf#93614 Detect hanging OpenGL drivers & disable GL ... [Michael Meeks]
tdf#93620 help -> about should list GL status ... [László Németh]
tdf#93662 white-list only the latest GL hardware and drivers [Michael Meeks]
tdf#93713 "Unprotect Cells" missing from Table Menu and Table Toolbar (comment 6) [Yousuf Philips]
tdf#93736 Bottom stroke line of a rectangle is half-drawn when using OpenGL [Tomaž Vajngerl]
tdf#93750 EMF+ is not displayed at all [Mike Kaganski]
tdf#93751 GL textures destroyed while still bound to framebuffers [Michael Meeks]
tdf#93772 switching context does not un-bind framebuffers correctly ... [Michael Meeks]
tdf#93781 Impress copy wrong style name to clipboard when style name contains Chinese character [Mark Hung]
tdf#93798 apitrace and glerrors ... [Michael Meeks]
tdf#93822 disable background saving with GL enabled ... [Michael Meeks]
tdf#93830 PPTX import: DrawingML fallback of Vertical Picture List SmartArt is not imported correctly [Andras Timar]
tdf#93838 opengl glyph caching misplaces start center text [Miklos Vajna]
tdf#93839 vdevs shared OpenGLContexts - end up broken. [Michael Meeks]
tdf#93850 shader compilation can take a while ... [Michael Meeks]
tdf#93857 opengl glyph caching misplaces writer text [Miklos Vajna]
tdf#93859 Radio buttons are all "selected" when using OpenGL [Tomaž Vajngerl]
tdf#93867 using GL threads across threads incorrectly ... [Michael Meeks]
tdf#93870 Disable DirectX slideshow when in OpenGL mode ... [Michael Meeks]
tdf#93892 The close button in menubar is empty with openGL [Jan Holesovsky]
|
|
|
|
- make it find libgcc_s.so from lang/gcc-aux if system has no libgcc_s.s
This fixes the package build, but it still complains that libgnat-4.9.so
is not found at run time and I don't know how to fix that.
|
|
|
