| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
net/bind99: security update
Revisions pulled up:
- net/bind99/Makefile 1.21-1.23
- net/bind99/distinfo 1.12-1.14
- net/bind99/options.mk 1.5-1.6
- net/bind99/patches/patch-configure 1.4
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Feb 6 23:24:19 UTC 2013
Modified Files:
pkgsrc/net/bind99: Makefile
Log Message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Mar 2 20:33:35 UTC 2013
Modified Files:
pkgsrc/net/bind96: Makefile
Log Message:
Bump PKGREVISION for mysql default change to 55.
---
Module Name: pkgsrc
Committed By: pettai
Date: Sat Feb 9 00:14:34 UTC 2013
Modified Files:
pkgsrc/net/bind99: distinfo options.mk
Log Message:
Updated rrl patch version + source
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 26 22:12:14 UTC 2013
Modified Files:
pkgsrc/net/bind99: Makefile distinfo
pkgsrc/net/bind99/patches: patch-configure
Log Message:
Update bind99 to 9.9.2pl2 (BIND 9.9.2-P2).
--- 9.9.2-P2 released ---
3516. [security] Removed the check for regex.h in configure in order
to disable regex syntax checking, as it exposes
BIND to a critical flaw in libregex on some
platforms. [RT #32688]
---
Module Name: pkgsrc
Committed By: pettai
Date: Wed Mar 27 12:08:24 UTC 2013
Modified Files:
pkgsrc/net/bind99: distinfo options.mk
Log Message:
Also update the corresponding RRL patch + distinfo file
|
|
net/bind98: security update
Revisions pulled up:
- net/bind98/Makefile 1.27 via patch
- net/bind98/distinfo 1.19-1.20 via patch
- net/bind98/options.mk 1.5 via patch
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 26 22:12:56 UTC 2013
Modified Files:
pkgsrc/net/bind98: Makefile distinfo
Log Message:
Update bind98 to 9.8.4pl2 (BIND 9.8.4-P2).
--- 9.8.4-P2 released ---
3516. [security] Removed the check for regex.h in configure in order
to disable regex syntax checking, as it exposes
BIND to a critical flaw in libregex on some
platforms. [RT #32688]
|
|
|
|
emulators/suse121_libxml2: security update
Revisions pulled up:
- emulators/suse121_libxml2/Makefile 1.6
- emulators/suse121_libxml2/distinfo 1.6
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Mar 30 09:31:15 UTC 2013
Modified Files:
pkgsrc/emulators/suse121_libxml2: Makefile distinfo
Log Message:
Update libxml2 RPM to 2.7.8+git20110708-3.20.1 for CVE-2013-0338.
Bump PKGREVISION.
|
|
net/isc-dhclient4: security update
net/isc-dhcp4: security update
net/isc-dhcpd4: security update
net/isc-dhcrelay4: security update
Revisions pulled up:
- net/isc-dhclient4/Makefile 1.7
- net/isc-dhcp4/Makefile 1.9-1.10
- net/isc-dhcp4/Makefile.common 1.18-1.19
- net/isc-dhcp4/distinfo 1.14-1.15
- net/isc-dhcpd4/Makefile 1.7
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Feb 6 23:24:19 UTC 2013
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile
Log Message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 11 13:35:58 UTC 2013
Modified Files:
pkgsrc/net/isc-dhclient4: Makefile
pkgsrc/net/isc-dhcp4: Makefile.common distinfo
pkgsrc/net/isc-dhcpd4: Makefile
Log Message:
Update ISC DHCP to 4.2.5.
Changes are too many to write here, please refer RELNOTES.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 26 16:25:06 UTC 2013
Modified Files:
pkgsrc/net/isc-dhcp4: Makefile Makefile.common distinfo
Log Message:
Update ISC DHCP packages to 4.2.5p1 (4.2.5-P1).
isc-dhclient4
isc-dhcp4
isc-dhcpd4
isc-dhcrelay4
|
|
net/bind97: security patch
Revisions pulled up:
- net/bind97/Makefile 1.25-1.27
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Feb 6 23:24:19 UTC 2013
Modified Files:
pkgsrc/net/bind97: Makefile
Log Message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Mar 2 20:33:35 UTC 2013
Modified Files:
pkgsrc/net/bind97: Makefile
Log Message:
Bump PKGREVISION for mysql default change to 55.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Mar 27 00:34:32 UTC 2013
Modified Files:
pkgsrc/net/bind97: Makefile
Log Message:
Disable use of regex.h for fixing CVE-2013-2266.
Bump PKGREVISION.
|
|
|
|
net/proftpd: security update
Revisions pulled up:
- net/proftpd/Makefile 1.72
- net/proftpd/PLIST 1.24
- net/proftpd/distinfo 1.40
- net/proftpd/patches/patch-ab deleted
- net/proftpd/patches/patch-ac deleted
---
Module Name: pkgsrc
Committed By: kim
Date: Fri Mar 15 13:34:32 UTC 2013
Modified Files:
pkgsrc/net/proftpd: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/proftpd/patches: patch-ab patch-ac
Log Message:
Updated net/proftpd to 1.3.4c:
- addresses CVE-2012-6095 <http://bugs.proftpd.org/show_bug.cgi?id=3841>
|
|
lang/perl5: security patch
Revisions pulled up:
- lang/perl5/Makefile 1.198
- lang/perl5/distinfo 1.95
- lang/perl5/patches/patch-CVE-2013-1667 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Fri Mar 8 21:28:18 UTC 2013
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-CVE-2013-1667
Log Message:
add patch for CVE-2013-1667 from:
https://bugzilla.redhat.com/show_bug.cgi?id=912276
bump PKGREVISION
|
|
textproc/libxml2: security patch
Revisions pulled up:
- textproc/libxml2/Makefile 1.123
- textproc/libxml2/distinfo 1.98
- textproc/libxml2/patches/patch-CVE-2013-0338-CVE-2013-0339 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Fri Mar 8 23:59:31 UTC 2013
Modified Files:
pkgsrc/textproc/libxml2: Makefile distinfo
Added Files:
pkgsrc/textproc/libxml2/
patches: patch-CVE-2013-0338-CVE-2013-0339
Log Message:
Fix for CVE-2013-0338 & CVE-2013-0339
from
https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
bump PKGREVISION
|
|
|
|
|
|
|
|
multimedia/adobe-flash-plugin10.1: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin10.1/Makefile 1.26
- multimedia/adobe-flash-plugin10.1/distinfo 1.17
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Mar 13 13:08:42 UTC 2013
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo
Log Message:
Update adoble-flash-plugin101 to 10.3.183.68 for APSB-13-09.
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.14
- multimedia/adobe-flash-plugin11/distinfo 1.13
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Mar 13 13:07:40 UTC 2013
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adoble-flash-plugin11 to 11.2.202.275 for APSB-13-09.
|
|
|
|
emulators/suse121_qt4: security update
Revisions pulled up:
- emulators/suse121_qt4/Makefile 1.4
- emulators/suse121_qt4/distinfo 1.4
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Mar 12 11:25:18 UTC 2013
Modified Files:
pkgsrc/emulators/suse121_qt4: Makefile distinfo
Log Message:
Update libqt4 rpm to 4.7.4-19.21.1 for CVE-2013-0254.
Bump PKGREVISION.
|
|
|
|
security/stunnel: security update
Revisions pulled up:
- security/stunnel/Makefile 1.80,1.82 via patch
- security/stunnel/distinfo 1.36-1.37
---
Module Name: pkgsrc
Committed By: jym
Date: Tue Jan 8 23:45:40 UTC 2013
Modified Files:
pkgsrc/security/stunnel: Makefile distinfo
Log Message:
Update to 4.54. Changelog:
New Win32 features
FIPS module updated to version 2.0.
OpenSSL DLLs updated to version 1.0.1c.
zlib DLL updated to version 1.2.7.
Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost,
nuron, padlock, sureware, ubsec.
Other new features
"session" option renamed to more readable "sessionCacheTimeout". The
old name remains accepted for backward compatibility.
New service-level "sessionCacheSize" option to control session cache
size.
New service-level option "reset" to control whether TCP RST flag is
used to indicate errors. The default value is "reset = yes".
New service-level option "renegotiation" to disable SSL renegotiation.
This feature is based on a public-domain patch by Janusz Dziemidowicz.
New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx
to Janusz Dziemidowicz).
New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or
higher (thx to Henrik Riomar).
Bugfixes
Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
Fixed missing SSL state debug log entries.
Fixed a race condition in libwrap code resulting in random stalls (thx
to Andrew Skalski).
Session cache purged at configuration file reload to reduce memory
leak. Remaining leak of a few kilobytes per section is yet to be fixed.
Fixed regression bug in "transparent = destination" functionality (thx
to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
"transparent = destination" is now a valid endpoint in inetd mode.
"delay = yes" fixed to work even if specified *after* "connect" option.
Multiple "connect" targets fixed to also work with delayed resolver.
The number of resolver retries of EAI_AGAIN error has been limited to 3
in order to prevent infinite loops.
Fix some directory owner/group rights and take over maintainership as I
use it almost daily.
---
Module Name: pkgsrc
Committed By: jym
Date: Wed Mar 6 22:50:31 UTC 2013
Modified Files:
pkgsrc/security/stunnel: Makefile distinfo
Log Message:
Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.
Changelog:
Version 4.55, 2013.03.03, urgency: HIGH:
Security bugfix
OpenSSL updated to version 1.0.1e in Win32/Android builds.
Buffer overflow vulnerability fixed in the NTLM authentication of the
CONNECT protocol negotiation. See [10]https://www.stunnel.org/CVE-2013-1762.html
for details.
New features
SNI wildcard matching in server mode.
Terminal version of stunnel (tstunnel.exe) build for Win32.
Bugfixes
Fixed write half-close handling in the transfer() function (thx to
Dustin Lundquist).
Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee).
Restored default signal handlers before execvp() (thx to Michael
Weiser).
Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
Fixed a file descriptor leak during configuration file reload (thx to
Arthur Mesh).
Closed SSL sockets were removed from the the transfer() c->fds poll.
Minor fix in handling exotic inetd-mode configurations.
WCE compilation fixes.
IPv6 compilation fix in protocol.c.
Windows installer fixes.
|
|
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.27
- www/mediawiki/PLIST 1.13
- www/mediawiki/distinfo 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wen
Date: Fri Mar 8 07:57:29 UTC 2013
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.20.3
Upstream changes:
MediaWiki 1.20.3
This is a security and maintenance release of the MediaWiki 1.20 branch.
Changes since 1.20.2
New preference type - 'api'. Preferences of this type are not shown on
Special:Preferences, but are still available via the action=options
API. (Unbreaks MLEB.)
(bug 44010) Context is passed to UserGetLanguageObject.
The recursion guard on RequestContext::getLanguage() was weakened.
(bug 40585) Don't drop 'step="any"' in HTML input fields.
(bug 44024) Fixed problems in ObjectCache when using XCache.
(bug 44010) FauxRequest leaked cookie data from primary request.
(bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
(bug 43518) API action=unblock should return the user name, not the
full user object
(Bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/www/mediawiki/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/mediawiki/PLIST
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/mediawiki/distinfo
|
|
|
|
www/typo3_47: security update
Revisions pulled up:
- www/typo3_47/Makefile 1.9-1.10
- www/typo3_47/PLIST 1.6
- www/typo3_47/distinfo 1.7-1.8
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 5 13:59:04 UTC 2013
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update typo3_47 to 4.7.8.
2013-02-14 e83abe1 [RELEASE] Release of TYPO3 4.7.8 (TYPO3 Release Team)
2013-02-14 71ef699 #44099 [BUGFIX] L10n fallback does not work for TS labels (Xavier Perseguers)
2013-02-14 f2aeff0 #44273 [BUGFIX] L10n fallback does not work for ExtJS in BE (Xavier Perseguers)
2013-02-14 a930bdf [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-02-14 915bf76 #42084 [BUGFIX] Allow "en" as language key (Xavier Perseguers)
2013-02-08 efbce7b [TASK] Raise submodule pointer (Christian Kuhn)
2013-02-07 f1c43bb #34129 [BUGFIX][Cache][PDO] Duplicate cache entry possible (Leon Dietsch)
2013-02-03 a0cf1c9 #36364 [BUGFIX] IE9 compatibility clear cache menu (Andreas Kiessling)
2013-02-02 44942df #44416 [BUGFIX] Hook call modifyDBRow in ContentContentObject (Alina Fleser)
2013-02-02 9dba7d3 #43886 [BUGFIX] Fix misspelling in RTE meta menu (Tomita Militaru)
2013-02-02 b088faa #38505 [BUGFIX] load TCA before manipulation (Jigal van Hemert)
2013-02-01 c81aa5f #28606 [BUGFIX] add check for empty form values in FORM View (Christian Kuhn)
2013-01-31 850a316 #45050 [TASK] DataHandler::getAutoVersionId() should be public (Oliver Hader)
2013-01-28 d8c61c6 #44892 [BUGFIX] Possible warning in about module (Christian Kuhn)
2013-01-27 dcb3a23 #42845 [BUGFIX] Quick Edit triggers warnings of missing key uid (Philipp Gampe)
2013-01-26 d2d5127 [TASK] Raise submodule pointer (Christian Kuhn)
2013-01-25 3845cc6 #39680 [BUGFIX] Fix warnings in em on tab Maintenance (Philipp Gampe)
2013-01-25 9eca09b #19938,#23324, [BUGFIX] EXT:felogin: Multiple bugs with preserveGETvars (Jigal van Hemert)
2013-01-25 c62aca6 #44145 [BUGFIX] Correct TCA inclusion for uploads rendering (Georg Ringer)
2013-01-24 04f83a8 #43874 [BUGFIX] array_merge_recursive_overrule: __UNSET for array values (Sebastian Michaelsen)
2013-01-24 b8d869c #38240 [BUGFIX] Update description on changed error reporting defaults (Mario Rimann)
2013-01-24 78bc877 #43919 [BUGFIX] Fix typos in stdWrap_crop description (Wouter Wolters)
2013-01-24 05d35ee #44152 [TASK] Add save only button to Scheduler task (Lorenz Ulrich)
2013-01-12 db6aad0 #38135 [BUGFIX] Apc Cache backend has side effects (Daniel Pötzinger)
2013-01-04 f515d66 #44301 [BUGFIX] Invalid call to t3lib_TCEmain::processRemapStack() (Oliver Hader)
2013-01-04 abd5389 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-01-02 84b978f #42092 [BUGFIX] Suggest wizard is behind form inputs (Xavier Perseguers)
2013-01-01 728ad7c #44263 [BUGFIX] phpdoc: $urlParameters can be a string (Stefan Neufeind)
2012-12-20 34af104 #34964 [BUGFIX] FE session records are never removed (Steffen Müller)
2012-12-20 63c8b8d #32278 [BUGFIX] INTincScript_loadJSCode() causes PHP warnings (Markus Klein)
2012-12-20 4658cd9 #43426 [BUGFIX] Fix broken logo file in Install Tool (Tomita Militaru)
2012-12-10 de4c85d #43603 [BUGFIX] Enable the RTE with WebKit version 534 on iOS and Android (Stanislas Rolland)
2012-12-10 4167917 #43766 [BUGFIX] IE9 crashes after saving with RTE (Stanislas Rolland)
2012-12-10 bab481b #38472 [BUGFIX] Remove HTML in RuntimeException from sysext 'install' (Philipp Gampe)
2012-12-06 082fd0c #39287 [BUGFIX] Compatibility fix for get_html_translation_table() (Michael Stucki)
2012-12-01 4c8eb91 #25113 [BUGFIX] Fix wrong column title in web>list for field colpos (Martin Kästner)
2012-12-01 5b03172 #43470 [BUGFIX] SqlParser: trim all kinds of whitespaces (Stefan Neufeind)
2012-11-30 7605a68 #43459 [TASK] Remove typo3.pageModule.js (Falk Kühnel)
2012-11-30 fcd137b #42292 [BUGFIX] Installer: Reference images wrong (Christian Kuhn)
2012-11-29 b69a525 #41608 [BUGFIX] Page Information shows incorrect number of total hits (Andrew Moore)
2012-11-29 c0221e9 #42908 [BUGFIX] Old logo on "Install Tool is locked" page (Nikolas Schmidt-Voigt)
2012-11-29 f0d8ed0 #32515 [BUGFIX] Form values with newlines escaped in email (Helmut Hummel)
2012-11-27 c308d1d #42236 [TASK] openid: Update php-openid to 2.2.2 (Stefan Neufeind)
2012-11-24 2656dd8 #43264 [BUGFIX] Hide version selector if workspaces are used (Helmut Hummel)
2012-11-23 912603d #35787 [BUGFIX] Subject field in FormWizard (Florian Scholz)
2012-11-21 c790dbd [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-20 7c02b0c #33700 [BUGFIX] Invalid behavior of search for integer in Backend search (Soren Malling)
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/typo3_47/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/typo3_47/PLIST
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/typo3_47/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Mar 6 14:25:27 UTC 2013
Modified Files:
pkgsrc/www/typo3_47: Makefile distinfo
Log Message:
Update typo3_47 to 4.7.9 (TYPO3 4.7.9).
2013-03-06 fb3f3b6 [RELEASE] Release of TYPO3 4.7.9 (TYPO3 Release Team)
2013-03-06 d816f5b [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-03-06 85a52fe #28587 [SECURITY] Open redirection with jumpurl (Franz G. Jahn)
2013-02-17 236defa #40085 [BUGFIX] Invalid RSA key when submitting form twice (Benjamin Mack)
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/typo3_47/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/typo3_47/distinfo
|
|
www/typo3_46: security update
Revisions pulled up:
- www/typo3_46/Makefile 1.18-1.19
- www/typo3_46/PLIST 1.10
- www/typo3_46/distinfo 1.16-1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 5 13:56:23 UTC 2013
Modified Files:
pkgsrc/www/typo3_46: Makefile PLIST distinfo
Log Message:
Update typo3_46 to 4.6.16.
2013-02-14 2385b8d [RELEASE] Release of TYPO3 4.6.16 (TYPO3 Release Team)
2013-02-14 fc50341 #44099 [BUGFIX] L10n fallback does not work for TS labels (Xavier Perseguers)
2013-02-14 ffcf2db #44273 [BUGFIX] L10n fallback does not work for ExtJS in BE (Xavier Perseguers)
2013-02-14 1788e32 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-02-14 2c4bffa #42084 [BUGFIX] Allow "en" as language key (Xavier Perseguers)
2013-02-08 81ac8ac [TASK] Raise submodule pointer (Christian Kuhn)
2013-02-07 57756d5 #34129 [BUGFIX][Cache][PDO] Duplicate cache entry possible (Leon Dietsch)
2013-02-03 6c3bef2 #36364 [BUGFIX] IE9 compatibility clear cache menu (Andreas Kiessling)
2013-02-02 0af6da1 #44416 [BUGFIX] Hook call modifyDBRow in ContentContentObject (Alina Fleser)
2013-02-02 df59226 #43886 [BUGFIX] Fix misspelling in RTE meta menu (Tomita Militaru)
2013-02-02 a06d3c6 #38505 [BUGFIX] load TCA before manipulation (Jigal van Hemert)
2013-02-01 928f016 #28606 [BUGFIX] add check for empty form values in FORM View (Christian Kuhn)
2013-01-31 3367c8b #45050 [TASK] DataHandler::getAutoVersionId() should be public (Oliver Hader)
2013-01-27 50e3610 #42845 [BUGFIX] Quick Edit triggers warnings of missing key uid (Philipp Gampe)
2013-01-27 80b80a0 [TASK] Raise submodule pointer (Christian Kuhn)
2013-01-25 4c8c176 #39680 [BUGFIX] Fix warnings in em on tab Maintenance (Philipp Gampe)
2013-01-25 1502773 #44145 [BUGFIX] Correct TCA inclusion for uploads rendering (Georg Ringer)
2013-01-24 4b792b9 #38240 [BUGFIX] Update description on changed error reporting defaults (Mario Rimann)
2013-01-24 cf7af09 #43919 [BUGFIX] Fix typos in stdWrap_crop description (Wouter Wolters)
2013-01-11 86c97ee #38135 [BUGFIX] Apc Cache backend has side effects (Daniel Pötzinger)
2013-01-04 26fdc3f #44301 [BUGFIX] Invalid call to t3lib_TCEmain::processRemapStack() (Oliver Hader)
2013-01-04 6648447 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-01-02 aa893a0 #42092 [BUGFIX] Suggest wizard is behind form inputs (Xavier Perseguers)
2013-01-01 1d523bd #44263 [BUGFIX] phpdoc: $urlParameters can be a string (Stefan Neufeind)
2012-12-20 d4d9e0d #34964 [BUGFIX] FE session records are never removed (Steffen Müller)
2012-12-20 48d51a1 #32278 [BUGFIX] INTincScript_loadJSCode() causes PHP warnings (Markus Klein)
2012-12-20 2456037 #43426 [BUGFIX] Fix broken logo file in Install Tool (Tomita Militaru)
2012-12-10 0b2288d #38472 [BUGFIX] Remove HTML in RuntimeException from sysext 'install' (Philipp Gampe)
2012-12-01 1f5fe25 #25113 [BUGFIX] Fix wrong column title in web>list for field colpos (Martin Kästner)
2012-12-01 f808df4 #43470 [BUGFIX] SqlParser: trim all kinds of whitespaces (Stefan Neufeind)
2012-11-30 26d0e1a #43459 [TASK] Remove typo3.pageModule.js (Falk Kühnel)
2012-11-30 646c546 #42292 [BUGFIX] Installer: Reference images wrong (Christian Kuhn)
2012-11-30 8684a61 #41608 [BUGFIX] Page Information shows incorrect number of total hits (Andrew Moore)
2012-11-29 7c81671 #42908 [BUGFIX] Old logo on "Install Tool is locked" page (Nikolas Schmidt-Voigt)
2012-11-29 04b2e6c #32515 [BUGFIX] Form values with newlines escaped in email (Helmut Hummel)
2012-11-27 c667e98 #42236 [TASK] openid: Update php-openid to 2.2.2 (Stefan Neufeind)
2012-11-24 ba065d9 #33813 [BUGFIX] Wizard in HTML element moved to t3editor (Georg Ringer)
2012-11-24 c1a2299 #32890 [BUGFIX] Livesearch toolbar should close others (Tolleiv Nietsch)
2012-11-24 c17a292 #43264 [BUGFIX] Hide version selector if workspaces are used (Helmut Hummel)
2012-11-23 a81bdec #35787 [BUGFIX] Subject field in FormWizard (Florian Scholz)
2012-11-21 683a356 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-20 8e85043 #33700 [BUGFIX] Invalid behavior of search for integer in Backend search (Soren Malling)
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/typo3_46/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/typo3_46/PLIST
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/typo3_46/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Mar 6 14:24:29 UTC 2013
Modified Files:
pkgsrc/www/typo3_46: Makefile distinfo
Log Message:
Update typo3_46 to 4.6.17 (TYPO3 4.6.17).
2013-03-06 e0d3f5a [RELEASE] Release of TYPO3 4.6.17 (TYPO3 Release Team)
2013-03-06 425ff87 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-03-06 da32bbb #28587 [SECURITY] Open redirection with jumpurl (Franz G. Jahn)
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/typo3_46/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/typo3_46/distinfo
|
|
www/typo3_45: security update
Revisions pulled up:
- www/typo3_45/Makefile 1.19-1.20
- www/typo3_45/PLIST 1.9
- www/typo3_45/distinfo 1.16-1.17
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Mar 5 13:57:48 UTC 2013
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.23.
2013-02-14 de390e0 [RELEASE] Release of TYPO3 4.5.23 (TYPO3 Release Team)
2013-02-14 63a1e27 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-02-09 c9ef82d #24248 [BUGFIX] t3lib_iconWorks must check if array exists before using it (Jigal van Hemert)
2013-02-09 83f1185 #32686 [BUGFIX] BE user switch impossible when in adminOnly mode (Philipp Kitzberger)
2013-02-09 3d289da #34460 [BUGFIX] Excludefieds must exclude admin only tables (Georg Ringer)
2013-02-09 6d006e2 #33214 [BUGFIX] TypoLink: absolute urls when installed in subfolder (Nils Seinschedt)
2013-02-08 50372c5 [TASK] Raise submodule pointer (Christian Kuhn)
2013-02-07 6c8214e #34129 [BUGFIX][Cache][PDO] Duplicate cache entry possible (Leon Dietsch)
2013-02-03 cf0fb91 #36364 [BUGFIX] IE9 compatibility clear cache menu (Andreas Kiessling)
2013-02-02 05d9084 #44416 [BUGFIX] Hook call modifyDBRow in ContentContentObject (Alina Fleser)
2013-02-02 6f5e19f #43886 [BUGFIX] Fix misspelling in RTE meta menu (Tomita Militaru)
2013-02-02 b1a5a4b #38505 [BUGFIX] load TCA before manipulation (Jigal van Hemert)
2013-01-31 05c879f #45050 [TASK] DataHandler::getAutoVersionId() should be public (Oliver Hader)
2013-01-28 9c32684 #31027 [BUGFIX] Load date-time picker in scheduler module (Christian Kuhn)
2013-01-27 8ff08c4 #42845 [BUGFIX] Quick Edit triggers warnings of missing key uid (Philipp Gampe)
2013-01-27 d808455 [TASK] Raise submodule pointer (Christian Kuhn)
2013-01-25 ede6862 #39680 [BUGFIX] Fix warnings in em on tab Maintenance (Philipp Gampe)
2013-01-25 1e0c188 #44145 [BUGFIX] Correct TCA inclusion for uploads rendering (Georg Ringer)
2013-01-24 2b64b11 #38240 [BUGFIX] Update description on changed error reporting defaults (Mario Rimann)
2013-01-24 e16d0f1 #43919 [BUGFIX] Fix typos in stdWrap_crop description (Wouter Wolters)
2013-01-12 306b134 #38135 [BUGFIX] Apc Cache backend has side effects (Daniel Pötzinger)
2013-01-04 44f7fdd #44301 [BUGFIX] Invalid call to t3lib_TCEmain::processRemapStack() (Oliver Hader)
2013-01-04 ea7de49 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-01-02 94fb5a7 #42092 [BUGFIX] Suggest wizard is behind form inputs (Xavier Perseguers)
2013-01-01 04fca2a #44263 [BUGFIX] phpdoc: $urlParameters can be a string (Stefan Neufeind)
2012-12-20 da58b20 #34964 [BUGFIX] FE session records are never removed (Steffen Müller)
2012-12-20 3ed1ba5 #32278 [BUGFIX] INTincScript_loadJSCode() causes PHP warnings (Markus Klein)
2012-12-10 ec03f10 #43603 [BUGFIX] Enable the RTE with WebKit version 534 on iOS and Android (Stanislas Rolland)
2012-12-10 10688b1 #38472 [BUGFIX] Remove HTML in RuntimeException from sysext 'install' (Philipp Gampe)
2012-12-01 236e831 #25113 [BUGFIX] Fix wrong column title in web>list for field colpos (Martin Kästner)
2012-12-01 339f739 #43470 [BUGFIX] SqlParser: trim all kinds of whitespaces (Stefan Neufeind)
2012-11-30 1666d38 #43459 [TASK] Remove typo3.pageModule.js (Falk Kühnel)
2012-11-30 8892bbe #42292 [BUGFIX] Installer: Reference images wrong (Christian Kuhn)
2012-11-30 9716cf8 #41608 [BUGFIX] Page Information shows incorrect number of total hits (Andrew Moore)
2012-11-29 209d607 #42908 [BUGFIX] Old logo on "Install Tool is locked" page (Nikolas Schmidt-Voigt)
2012-11-27 e87270e #42236 [TASK] openid: Update php-openid to 2.2.2 (Stefan Neufeind)
2012-11-24 7199e5d #34098 [TASK] Group excludefields by table (Johannes Feustel)
2012-11-24 971145f #43264 [BUGFIX] Hide version selector if workspaces are used (Helmut Hummel)
2012-11-21 8402d9b [TASK] Raise submodule pointer (TYPO3 Release Team)
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/typo3_45/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/typo3_45/PLIST
cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/typo3_45/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Mar 6 14:23:39 UTC 2013
Modified Files:
pkgsrc/www/typo3_45: Makefile distinfo
Log Message:
Update typo3_45 to 4.5.24 (TYPO3 4.5.24).
2013-03-06 3cbef1f [RELEASE] Release of TYPO3 4.5.24 (TYPO3 Release Team)
2013-03-06 79e2370 [TASK] Raise submodule pointer (TYPO3 Release Team)
2013-03-06 71135d8 #28587 [SECURITY] Open redirection with jumpurl (Franz G. Jahn)
2013-03-01 0d77b86 #25003 [BUGFIX] Check minitems for TCAtree (Georg Ringer)
2013-03-01 796680a #34371 [BUGFIX] Keep hyphens in custom HTML5 attributes (Jigal van Hemert)
2013-02-25 06571e6 #45570 Revert "[BUGFIX] FE session records are never removed" (Oliver Hader)
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/typo3_45/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/typo3_45/distinfo
|
|
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile 1.97
- net/wireshark/distinfo 1.63
- net/wireshark/patches/patch-ae deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Thu Mar 7 12:44:11 UTC 2013
Modified Files:
pkgsrc/net/wireshark: Makefile distinfo
Removed Files:
pkgsrc/net/wireshark/patches: patch-ae
Log Message:
Update "wireshark" package to version 1.8.6. Changes since 1.8.5:
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-10
The TCP dissector could crash. (Bug 8274)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2475
o wnpa-sec-2013-11
The HART/IP dissectory could go into an infinite loop. (Bug
8360)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2476
o wnpa-sec-2013-12
The CSN.1 dissector could crash. Discovered by Laurent Butti.
(Bug 8383)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2477
o wnpa-sec-2013-13
The MS-MMS dissector could crash. Discovered by Laurent Butti.
(Bug 8382)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2478
o wnpa-sec-2013-14
The MPLS Echo dissector could go into an infinite loop.
Discovered by Laurent Butti. (Bug 8039)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2479
o wnpa-sec-2013-15
The RTPS and RTPS2 dissectors could crash. Discovered by
Alyssa Milburn. (Bug 8332)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2480
o wnpa-sec-2013-16
The Mount dissector could crash. Discovered by Alyssa Milburn.
(Bug 8335)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2481
o wnpa-sec-2013-17
The AMPQ dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8337)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2482
o wnpa-sec-2013-18
The ACN dissector could attempt to divide by zero. Discovered
by Alyssa Milburn. (Bug 8340)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2483
o wnpa-sec-2013-19
The CIMD dissector could crash. Discovered by Moshe Kaplan.
(Bug 8346)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2484
o wnpa-sec-2013-20
The FCSP dissector could go into an infinite loop. Discovered
by Moshe Kaplan. (Bug 8359)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2485
o wnpa-sec-2013-21
The RELOAD dissector could go into an infinite loop.
Discovered by Even Jensen. (Bug 8364)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2486
CVE-2013-2487
o wnpa-sec-2013-22
The DTLS dissector could crash. Discovered by Laurent Butti.
(Bug 8380)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2488
The following bugs have been fixed:
o Lua pinfo.cols.protocol not holding value in postdissector.
(Bug 6020)
o data combined via ssl_desegment_app_data not visible via
"Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)
o HTTP application/json-rpc should be decoded/shown as
application/json. (Bug 7939)
o Maximum value of 802.11-2012 Duration field should be 32767.
(Bug 8056)
o Voice RTP player crash if player is closed while playing. (Bug
8065)
o Display Filter Macros crash. (Bug 8073)
o RRC RadioBearerSetup message decoding issue. (Bug 8290)
o R-click filters add ! in front of field when choosing "apply
as filter>selected". (Bug 8297)
o BACnet - Loop Object - Setpoint-Reference property does not
decode correctly. (Bug 8306)
o WMM TSPEC Element Parsing is not done is wrong due to a wrong
switch case number. (Bug 8320)
o Incorrect RTP statistics (Lost Packets indication not ok).
(Bug 8321)
o Registering ieee802154 dissector for IEEE802.15.4 frames
inside Linux SLL frames. (Bug 8325)
o Version Field is skipped while parsing WMM_TSPEC causing wrong
dissecting (1 byte offset missing) of all fields in the TSPEC.
(Bug 8330)
o [BACnet] UCS-2 strings longer than 127 characters do not
decode correctly. (Bug 8331)
o Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug
8345)
o Decoding of GSM MAP SMS Diagnostics. (Bug 8378)
o Incorrect packet length displayed for Flight Message Transfer
Protocol (FMTP). (Bug 8407)
o Netflow dissector flowDurationMicroseconds nanosecond
conversion wrong. (Bug 8410)
o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)
- Updated Protocol Support
ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS,
FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE
802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow,
RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP
To generate a diff of this commit:
cvs rdiff -u -r1.96 -r1.97 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/wireshark/distinfo
cvs rdiff -u -r1.3 -r0 pkgsrc/net/wireshark/patches/patch-ae
|
|
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.87
- www/apache22/PLIST 1.22
- www/apache22/distinfo 1.54
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sun Mar 3 20:05:04 UTC 2013
Modified Files:
pkgsrc/www/apache22: Makefile PLIST distinfo
Log Message:
Update "apache" package to version 2.2.24. Changes since 2.2.23:
- SECURITY: CVE-2012-3499 (cve.mitre.org)
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
- SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
- mod_rewrite: Stop merging RewriteBase down to subdirectories
unless new option 'RewriteOptions MergeBase' is configured.
Merging RewriteBase was unconditionally turned on in 2.2.23.
Bug Report 53963. [Eric Covener]
- mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. Bug Report 50823. [Stefan Fritsch]
- mod_ssl: log revoked certificates at level INFO
instead of DEBUG. Bug Report 52162. [Stefan Fritsch]
- mod_proxy_ajp: Support unknown HTTP methods. Bug Report 54416.
[Rainer Jung]
- mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
- mod_ldap: Fix regression in handling "server unavailable" errors on
Windows. Bug Report 54140. [Eric Covener]
- mod_ssl: fix a regression with the string rendering of the "UID" RDN
introduced in 2.2.15. Bug Report 54510. [Kaspar Brand]
- ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
to more accurately report the negotiated protocol. Bug Report 53916.
[Nicol=E1s Pernas Maradei <nico emutex com>, Kaspar Brand]
- mod_cache: Explicitly allow cache implementations to cache a 206 Partial
Response if they so choose to do so. Previously an attempt to cache a 206
was arbitrarily allowed if the response contained an Expires or
Cache-Control header, and arbitrarily denied if both headers were missing.
Currently the disk and memory cache providers do not cache 206 Partial
Responses. [Graham Leggett]
- core: Remove unintentional APR dependency introduced with
Apache 2.2.22. [Eric Covener]
- core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
- mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. Bug Report 53219. [Bj=F6rn Jacke <bjoern j3e de>, Stefan Fri=
tsch]
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 pkgsrc/www/apache22/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/apache22/PLIST
cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache22/distinfo
|
|
|
|
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.140 via patch
- security/sudo/distinfo 1.79
- security/sudo/patches/patch-aa 1.30
- security/sudo/patches/patch-af 1.29
- security/sudo/patches/patch-ag 1.20
- security/sudo/patches/patch-pwutil.c deleted
---
Module Name: pkgsrc
Committed By: kim
Date: Fri Mar 1 14:24:59 UTC 2013
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-aa patch-af patch-ag
Removed Files:
pkgsrc/security/sudo/patches: patch-pwutil.c
Log Message:
Upgrade to address CVE-2013-1775
What's new in Sudo 1.7.10p7?
* A time stamp file with the date set to the epoch by "sudo -k"
is now completely ignored regardless of what the local clock is
set to. Previously, if the local clock was set to a value between
the epoch and the time stamp timeout value, a time stamp reset
by "sudo -k" would be considered current.
What's new in Sudo 1.7.10p6?
* The tty-specific time stamp file now includes the session ID
of the sudo process that created it. If a process with the same
tty but a different session ID runs sudo, the user will now be
prompted for a password (assuming authentication is required for
the command).
What's new in Sudo 1.7.10p5?
* On systems where the controlling tty can be determined via /proc
or sysctl(), sudo will no longer fall back to using ttyname()
if the process has no controlling tty. This prevents sudo from
using a non-controlling tty for logging and time stamp purposes.
What's new in Sudo 1.7.10?
* If the user is a member of the "exempt" group in sudoers, they
will no longer be prompted for a password even if the -k flag
is specified with the command. This makes "sudo -k command"
consistent with the behavior one would get if the user ran "sudo
-k" immediately before running the command.
* The sudoers file may now be a symbolic link. Previously, sudo
would refuse to read sudoers unless it was a regular file.
* The user/group/mode checks on sudoers files have been relaxed.
As long as the file is owned by the sudoers uid, not world-writable
and not writable by a group other than the sudoers gid, the file
is considered OK. Note that visudo will still set the mode to
the value specified at configure time.
* /etc/environment is no longer read directly on Linux systems
when PAM is used. Sudo now merges the PAM environment into the
user's environment which is typically set by the pam_env module.
* The initial evironment created when env_reset is in effect now
includes the contents of /etc/environment on AIX systems and the
"setenv" and "path" entries from /etc/login.conf on BSD systems.
* On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
file is now uses to determine the controlling terminal, if possible.
This allows tty-based tickets to work properly even when, e.g.
standard input, output and error are redirected to /dev/null.
* The sudoreplay command can now properly replay sessions where
no tty was present.
* Fixed a race condition that could cause sudo to receive SIGTTOU
(and stop) when resuming a shell that was run via sudo when I/O
logging (and use_pty) is not enabled.
|
|
|
|
security/mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.65 via patch
- security/mit-krb5/distinfo 1.39
- security/mit-krb5/patches/patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Thu Feb 28 14:19:37 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/
patches:
patch-plugins_preauth_pkinit_pkinit_crypto_openssl.c
Log Message:
Add patch for CVE-2013-1415 (SA52390)
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.13
- multimedia/adobe-flash-plugin11/distinfo 1.12
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Feb 28 10:32:37 UTC 2013
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.273 for APSB13-08.
|
|
|
|
multimedia/adobe-flash-plugin10.1: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin10.1/Makefile 1.25
- multimedia/adobe-flash-plugin10.1/distinfo 1.16
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Feb 28 10:31:12 UTC 2013
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo
Log Message:
Update adobe-flash-plugin10.1 to 10.3.183.67 for APSB13-08.
|
|
|
|
www/php-owncloud: security update
Revisions pulled up:
- www/php-owncloud/MESSAGE 1.10
- www/php-owncloud/Makefile 1.25-1.26
- www/php-owncloud/PLIST 1.11-1.12
- www/php-owncloud/distinfo 1.12-1.13
- www/php-owncloud/options.mk 1.4
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Jan 25 20:02:25 UTC 2013
Modified Files:
pkgsrc/www/php-owncloud: MESSAGE Makefile PLIST distinfo options.mk
Log Message:
Update to 4.5.6
* Add PostgreSQL support, not tested.
Changelog:
Version 4.5.6 Jan 22th 2013
Improved language detection
Improved translations
Fix link to bugtracker
Several IE 6/7/8 fixes
SabreDAV updated to 1.6.6
Improved error reporting
Support special characters in mountpoint
Interpret http 403 and 401 as not authorized in user_webdavauth
Several fixes for special characters in files and folders
Improved PostgreSQL support
Check database names for valid characters
Fix default email address calculation
Remove debug output on send password page
Add SMTP port configuration option
Only show the max possible upload of 2GB on a 32 bit system
Show progress during file downloads
Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203
Security: Fix Code execution in external storage: CVE-2013-0204
Security: Removed remoteStorage app because of unfixed security problems.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Feb 25 21:30:18 UTC 2013
Modified Files:
pkgsrc/www/php-owncloud: Makefile PLIST distinfo
Log Message:
Update to 4.5.7
Changelog:
Version 4.5.7 Feb 20th 2013
Fix for 3rd party apps dropping the database
Fix SubAdmins management
Fix PHP warnings
Fix compatibility with some CIFS shares
More robust apps management
Remove not needed AWS tests
Improved mime type parsing
Several sharing fixes
Offer the option to change the password only supported by the backend
More robust auto language detection
Revoke DB rights on install only if the db is newly created
Fix rendering of database connection error page
LDAP: update quota more often
Multiple XSS vulnerabilities (oC-SA-2013-003)
Multiple CSRF vulnerabilities (oC-SA-2013-004)
PHP settings disclosure (oC-SA-2013-005)
Multiple code executions (oC-SA-2013-006)
Privilege escalation in the calendar application (oC-SA-2013-007)
|
|
|
|
emulators/suse121_openssl: security update
Revisions pulled up:
- emulators/suse121_openssl/Makefile 1.5
- emulators/suse121_openssl/distinfo 1.5
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Feb 26 11:51:13 UTC 2013
Modified Files:
pkgsrc/emulators/suse121_openssl: Makefile distinfo
Log Message:
Update to use libopenssl1_0_0-1.0.0k-34.20.1 for
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027
CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686
CVE-2013-0166 CVE-2013-0169
Bump PKGREVISION.
|
|
www/apache24: security update
Revisions pulled up:
- www/apache24/Makefile 1.15 via patch
- www/apache24/PLIST 1.9
- www/apache24/distinfo 1.7
- www/apache24/patches/patch-ad 1.2
- www/apache24/patches/patch-ag 1.2
- www/apache24/patches/patch-modules_ssl_ssl__private.h 1.3
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Feb 25 21:16:38 UTC 2013
Modified Files:
pkgsrc/www/apache24: Makefile PLIST distinfo
pkgsrc/www/apache24/patches: patch-ad patch-ag
patch-modules_ssl_ssl__private.h
Log Message:
Update to 2.4.4
Changelog:
Fix the following security bugs.
SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
SECURITY: CVE-2012-4558 (cve.mitre.org) XSS in mod_proxy_balancer manager interface.
|
|
|
|
lang/ruby193-base: security update
Revisions pulled up:
- lang/ruby/rubyversion.mk 1.95
- lang/ruby193-base/Makefile 1.26
- lang/ruby193-base/distinfo 1.18
- lang/ruby193-base/patches/patch-ext_json_lib_json_add_core.rb deleted
- lang/ruby193-base/patches/patch-ext_json_lib_json_common.rb deleted
- lang/ruby193-base/patches/patch-ext_json_lib_json_version.rb deleted
- lang/ruby193-base/patches/patch-ext_json_parser_parser.c deleted
- lang/ruby193-base/patches/patch-ext_json_parser_parser.rl deleted
- lang/ruby193-base/patches/patch-test_json_test__json.rb deleted
- lang/ruby193-base/patches/patch-test_json_test__json__addition.rb deleted
- lang/ruby193-base/patches/patch-test_json_test__json__string__matching.rb deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 22 16:20:48 UTC 2013
Modified Files:
pkgsrc/lang/ruby: rubyversion.mk
pkgsrc/lang/ruby193-base: Makefile distinfo
Removed Files:
pkgsrc/lang/ruby193-base/patches: patch-ext_json_lib_json_add_core.rb
patch-ext_json_lib_json_common.rb
patch-ext_json_lib_json_version.rb patch-ext_json_parser_parser.c
patch-ext_json_parser_parser.rl patch-test_json_test__json.rb
patch-test_json_test__json__addition.rb
patch-test_json_test__json__string__matching.rb
Log Message:
Update ruby193-base package (and related) to 1.9.3-p392.
Security problem of CVE-2013-0269 was already handled but REXML security
problem is fixed by this package.
Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently.
This release includes security fixes about bundled JSON and REXML.
* Denial of Service and Unsafe Object Creation Vulnerability in JSON
(CVE-2013-0269)
* Entity expansion DoS vulnerability in REXML (XML bomb)
And some small bugfixes are also included.
|
|
www/geeklog: security update
Revisions pulled up:
- www/geeklog/Makefile 1.37
- www/geeklog/distinfo 1.21
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 21 13:01:24 UTC 2013
Modified Files:
pkgsrc/www/geeklog: Makefile distinfo
Log Message:
Update geeklog to 1.8.2.1 (Geeklog 1.8.2sr1).
Geeklog History/Changes:
Feb 19, 2013 (1.8.2sr1)
------------
This release addresses the following security issues:
- High-Tech Bridge Security Research Lab reported an XSS in the calendar_type
parameter in the Calendar plugin (HTB23143).
- Trustwave Spiderlabs reported XSS in the install script, the Configuration,
as well as in the Admin interfaces for the Polls plugin and the Topic editor
(TWSL2013-001).
Not security-related:
- Fixed Twitter OAuth login by switching to version 1.1 of the Twitter API
(feature request #0001506).
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.17
- www/drupal7/distinfo 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 21 12:59:19 UTC 2013
Modified Files:
pkgsrc/www/drupal7: Makefile distinfo
Log Message:
Update drupal7 to 7.20.
Drupal 7.20, 2013-02-20
-----------------------
- Fixed security issues (denial of service). See SA-CORE-2013-002.
|
|
|
|
net/netatalk: build fix
Revisions pulled up:
- net/netatalk/distinfo 1.48
- net/netatalk/patches/patch-etc_uams_uams_gss.c 1.1
---
Module Name: pkgsrc
Committed By: markd
Date: Fri Feb 22 22:41:32 UTC 2013
Modified Files:
pkgsrc/net/netatalk: distinfo
Added Files:
pkgsrc/net/netatalk/patches: patch-etc_uams_uams_gss.c
Log Message:
Dont override the value of GSS_C_NT_HOSTBASED_SERVICE that recent
Heimdal's set.
|
|
print/acroread9: security update
Revisions pulled up:
- print/acroread9/Makefile 1.9
- print/acroread9/distinfo 1.8
---
Module Name: pkgsrc
Committed By: obache
Date: Sat Feb 23 12:56:16 UTC 2013
Modified Files:
pkgsrc/print/acroread9: Makefile distinfo
Log Message:
Update acroread9 to 9.5.4 for APSA13-02.
|
|
|
|
devel/jenkins: security update
Revisions pulled up:
- devel/jenkins/Makefile 1.12
- devel/jenkins/PLIST 1.9
- devel/jenkins/distinfo 1.10
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Feb 19 18:21:41 UTC 2013
Modified Files:
pkgsrc/devel/jenkins: Makefile PLIST distinfo
Log Message:
Update to 1.480.3
* Fix https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
Changelog:
What's new in 1.480.3 (2013/02/15)
"Remember me on this computer" does not work, cookie is not accepted in new session (issue 16278)
Slow/hung web UI in 1.483+ (stuck in parseURI) (issue 16474)
Failure to delete old config files during rekeying on Windows (issue 16319)
NoClassDefFoundError on Base64 when launching an headless slave with -jnlpCredential option (issue 9679)
Loading asynchPeople calls (synch) People constructor (issue 16397)
Jenkins briefly displays build queue and then it disappears until the page is reloaded (issue 15335)
View.hasPeople too slow to use in sidepanel.jelly (issue 16244)
XSS (SECURITY-46)
File parameter causing data lost after Jenkins restart (issue 13536)
|
