| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
net/wireshark: security update
Revisions pulled up:
- net/wireshark/Makefile by patch
- net/wireshark/distinfo by patch
-------------------------------------------------------------------
Update "wireshark" package to version 1.8.10. Changes since 1.8.9:
- Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2013-55
The NBAP dissector could crash. Discovered by Laurent Butti.
(Bug 9005)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9.
o wnpa-sec-2013-56
The ASSA R3 dissector could go into an infinite loop.
Discovered by Ben Schmidt. (Bug 9020 )
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9.
o wnpa-sec-2013-57
The RTPS dissector could overflow a buffer. Discovered by Ben
Schmidt. (Bug 9019 )
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9.
o wnpa-sec-2013-58
The MQ dissector could crash. (Bug 9079 )
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9.
o wnpa-sec-2013-59
The LDAP dissector could crash.
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9.
o wnpa-sec-2013-60
The Netmon file parser could crash. Discovered by G. Geshev.
(Bug 8742 )
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9.
- The following bugs have been fixed:
o Lua ByteArray:append() causes wireshark crash. (Bug 4461)
o Lua script can not get "data-text-lines" protocol data. (Bug
5200)
o PER normally small non-negative whole number decoding is wrong
when >= 64. (Bug 8841)
o Incorrect parsing of IPFIX *IpTotalLength elements. (Bug 8918)
o IO graph/advanced, max/min/summ error on frames with multiple
Diameter messages. (Bug 8980)
o Wireshark fails to decode single-line, multiple Contact: URIs
in SIP responses. (Bug 9031)
o Dissector for EtherCAT: ADS highlighting in the Packet Bytes
Pane is incorrect. (Bug 9036)
o 802.11 HT Extended Capabilities B10 decode incorrect. (Bug
9038)
o Weird malformed HTTP error. (Bug 9101)
- Updated Protocol Support
ASSA R3, EtherCAT AMS, GTPv2, HTTP, IEEE 802.11, IPFIX, LDAP, MQ,
NBAP, NCP SSS, RTPS, SIP,
|
|
|
|
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.34-1.35
- www/wordpress/PLIST 1.16-1.17
- www/wordpress/distinfo 1.26-1.27
---
Module Name: pkgsrc
Committed By: morr
Date: Thu Aug 8 07:50:58 UTC 2013
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to newest version of Wordpress 3.6.
ChangeLog:
New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)
Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions
For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like
ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc
instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search
forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode
attributes with a new filter.
More info on http://codex.wordpress.org/Version_3.6
---
Module Name: pkgsrc
Committed By: morr
Date: Thu Sep 12 17:19:59 UTC 2013
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
This maintenance release addresses 13 bugs with version 3.6.
Additionally: Version 3.6.1 fixes three security issues:
* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.
Additional security hardening:
* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.
More on http://codex.wordpress.org/Version_3.6.1
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.34
- www/mediawiki/PLIST 1.17
- www/mediawiki/distinfo 1.23
---
Module Name: pkgsrc
Committed By: wen
Date: Sat Sep 7 14:49:42 UTC 2013
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.21.2
Upstream changes:
Changes since 1.21.1
SECURITY: Fix extension detection with 2 .'s
SECURITY: Support for the 'gettoken' parameter to action=block and
action=unblock, deprecated since 1.20, has been removed.
SECURITY: Sanitize ResourceLoader exception messages
Purge upstream caches when deleting file assets.
Unit test suite now runs the AutoLoader tests. Also fixed the autoloading
entry for the PageORMTableForTesting class though it had no impact.
|
|
|
|
multimedia/adobe-flash-plugin11: security update
Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile 1.19
- multimedia/adobe-flash-plugin11/distinfo 1.18
---
Module Name: pkgsrc
Committed By: obache
Date: Wed Sep 11 07:39:34 UTC 2013
Modified Files:
pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
Log Message:
Update adobe-flash-plugin11 to 11.2.202.310 for APSB13-21.
|
|
|
|
www/typo3_60: security update
Revisions pulled up:
- www/typo3_60/Makefile 1.4
- www/typo3_60/PLIST 1.4
- www/typo3_60/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Sep 6 14:16:46 UTC 2013
Modified Files:
pkgsrc/www/typo3_60: Makefile PLIST distinfo
Log Message:
Update typo3-60 package to 6.0.9.
This release contains a security fix, please refer TYPO3 Security Bulle=
tin
TYPO3-CORE-SA-2013-003: TYPO3-CORE-SA-2013-003: Incomplete Access Manag=
ement
and Remote Code Execution Vulnerability in TYPO3 Core.
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-cor=
e-sa-2013-003/
2013-09-04 8506ff6 [RELEASE] Release of TYPO3 6.0.9 (=
TYPO3 Release Team)
2013-09-04 952974b #50886 [SECURITY] Prohibit accessing stor=
age 0 from backend UI (Steffen Ritter)
2013-09-04 1e710fb #50883 [SECURITY] Identifiers may refer t=
o resources outside the storage (Steffen Ritter)
2013-09-04 6073618 #51495 [SECURITY] Deny arbitrary code exe=
cution possibility for editors (Helmut Hummel)
2013-09-04 b3e53a0 #51327 [SECURITY] Refactor and fix FAL us=
er permission handling (Helmut Hummel)
2013-09-04 31d5b88 #51326 [SECURITY] Add possibility to en-/=
disable file permission checks (Helmut Hummel)
2013-09-04 02aa25d #51079 [SECURITY] Check permissions in al=
l actions of ResourceStorage (Steffen Ritter)
2013-09-03 77701ad [TASK] CGL Cleanup of ResourceStor=
age (Helmut Hummel)
2013-09-03 ec0a99c #49842 [BUGFIX] Storage is offline but is=
still used (Frans Saris)
2013-09-03 1cf9d3c #51672 [BUGFIX] Fix fatal error in Extend=
edFileUtility (Helmut Hummel)
2013-09-01 55724fb #31998 [BUGFIX] Faulty check for missing =
SMTP port (Tomita Militaru)
2013-08-31 c73e4fe #50424 [BUGFIX] Backend Layout Grid Wizar=
d not fully visible in Mac Firefox 22 (Roland Schenke)
2013-08-30 0547211 #51585 [BUGIFX] Missing argument in EM Li=
st view VH (Francois Suter)
2013-08-29 2b86070 #51328 [BUGFIX] Only log file/directory a=
ctions which were done (Helmut Hummel)
2013-08-29 dc01b69 #51544 [BUGFIX] Sprite manager cache impr=
ovement (Christian Kuhn)
2013-08-29 01acc60 #50707 [BUGFIX] TCA 'group' selectedListS=
tyle with 'width' breaking layout (Ernesto Baschny)
2013-08-29 2727a6a #51460 [BUGFIX] Database integrity check =
fatal error (Stefan F=FCrst)
2013-08-29 1a04377 #51474 [BUGFIX] Cast autoload and classAl=
iasMap to Array (Michel Georgy)
2013-08-29 f1ab499 #51509 [BUGFIX] Add missing API method Fi=
leInterface::getNameWithoutExtension (Ernesto Baschny)
2013-08-28 2c8a999 #36244 [BUGFIX] Exclude empty passwords f=
rom password hashing check (Nicole Cordes)
2013-08-27 05fccd0 #50234 [TASK] Make the extension titles l=
ink to the configuration (Nicole Cordes)
2013-08-27 774a1e0 #51304 [BUGFIX] Hide translations in cate=
gories selector (Francois Suter)
2013-08-27 ed32255 #50870 [BUGFIX] Tests in Localization\Par=
ser\LocallangXmlParserTest fail (Nicole Cordes)
2013-08-27 f7e4a7e #50760 [BUGFIX] Escape title tag of image=
links (Alexander Stehlik)
2013-08-27 7bd1009 #25327,#37026 [BUGFIX] Page tree filtering broke=
n in IE7 & IE8 (Aske Ertmann)
2013-08-25 a735101 #51209 [BUGFIX] Ignore permission checks =
for processed files (Helmut Hummel)
2013-08-20 910d820 #37892 [BUGFIX] No version overlay should=
be done for sys_language (Lienhart Woitok)
2013-08-20 19a811d #46989 [BUGFIX] Files with unclean path i=
ndexed multiple times (Stefan Neufeind)
2013-08-18 fb7b686 #50614 [TASK] FilesContentObject::stdWrap=
Value(): only execute stdWrap once (Stefan Neufeind)
2013-08-18 d368497 #43428 [BUGFIX] Language-module icons nee=
d to display in correct size (Stefan Neufeind)
2013-08-17 fbbad86 #30636 [BUGFIX] TCA: subtypes_addlist not=
processed (Benjamin Mack)
2013-08-17 f39a79d #47844 [BUGFIX] Query parameters of exter=
nal link may get altered (Stanislas Rolland)
2013-08-16 a09dc5f #51115 [TASK] Disable scheduler-tests if =
EXT:scheduler not loaded (Anja Leichsenring)
2013-08-16 8dfaf9c #51004 [BUGFIX] Fix file permission metho=
ds in BackendUserAuthentication (Helmut Hummel)
2013-08-16 db51023 #51007 [BUGFIX] Fix inconsistencies in ge=
tTSConfig in BackenuserAuth (Helmut Hummel)
2013-08-16 221a435 Revert "[BUGFIX] Fix inconsistenci=
es in getTSConfig in BackenuserAuth" (Helmut Hummel)
2013-08-16 8b33a0d Revert "[BUGFIX] Fix file permissi=
on methods in BackendUserAuthentication" (Helmut Hummel)
2013-08-15 d3b7851 #51007 [BUGFIX] Fix inconsistencies in ge=
tTSConfig in BackenuserAuth (Helmut Hummel)
2013-08-15 329645c #51004 [BUGFIX] Fix file permission metho=
ds in BackendUserAuthentication (Helmut Hummel)
2013-08-14 61506bb #46094 [BUGFIX] Avoid usage of subheader =
in mailform (Francois Suter)
2013-08-12 d7ef5a9 #47806 [BUGFIX] Typing after abbr or acro=
nym tag is difficult (Stanislas Rolland)
2013-08-12 c8a83e7 #50193 [BUGFIX] FAL: Image Processing doe=
sn't respect GFX "thumbnails_png" (Benjamin Mack)
2013-08-12 7b16232 #51010 [BUGFIX] Allow reading files if st=
orage is not browsable (Helmut Hummel)
2013-08-11 f92dbbd #51005 [BUGFIX] Take into account all fil=
e and folder permissions (Helmut Hummel)
2013-08-11 4943a8f #50844 [BUGFIX] Failing tests in Resource=
\Driver\LocalDriverTest on Windows (Nicole Cordes)
2013-08-11 ac39140 #51012 [BUGFIX] Missing \TYPO3\CMS\Core\U=
tility\ in ResourceFactory (Wouter Wolters)
2013-08-11 55446c5 #51011 [TASK] Add signal in ResourceFacto=
ry for storage creation (Helmut Hummel)
2013-08-11 271e801 #44910 [BUGFIX] LocalDriver: Recursive fi=
le listing is broken (Andreas Wolf)
2013-08-11 4978ea7 #50502 [BUGFIX] rtehtmlarea acronym error=
with static_info_tables 6.0+ (Stanislas Rolland)
2013-08-08 150e458 #48523 [BUGFIX] Reports module tries to l=
oad not-installed extension (Wouter Wolters)
2013-08-08 8ed8066 #50868 [BUGFIX] number_format() expects p=
arameter 1 to be double (Wouter Wolters)
2013-08-07 98bc16b #50568 [BUGFIX] Ignore case in file exten=
sion filter (Alexander Stehlik)
2013-08-07 20df928 #50872 [BUGFIX] Correctly set user storag=
e permissions (Helmut Hummel)
2013-08-07 c941199 #50867 [TASK] Introduce AbstractHierarchi=
calFilesystemDriver (Steffen Ritter)
2013-08-07 f3f221d #50843 [BUGFIX] Failing Resource\FactoryT=
est on Windows systems (Nicole Cordes)
2013-08-07 c75eefb #47106 [BUGFIX] Indexing of external file=
s does not work in indexed_search (Wouter Wolters)
2013-08-07 80aeb3a #50562 [BUGFIX] Callback in CrawlerHook o=
f indexed_search sysext buggy (Marius B=FCscher)
2013-08-07 647d075 #50812 [BUGFIX] Backup singletons in unit=
tests prior to other setUp operations (Nicole Cordes)
2013-08-06 5250c54 #50628 [BUGFIX] Fix EmConfUtility::fixEmC=
onf conflicts generation (Sascha Egerer)
2013-08-06 e3d9d7b #50125 [BUGFIX] Incorrect check for empty=
folder (Philipp Gampe)
2013-08-06 0f2a29d #50615 [TASK] Use magic __CLASS__ in getI=
nstance()-methods (Stefan Neufeind)
2013-08-06 ad9328c #50751 [BUGFIX] Fix empty href parameter =
(Anja Leichsenring)
2013-08-06 9e407f0 #50809 [BUGFIX] Fix failing test in Stora=
geRepositoryTest (Anja Leichsenring)
2013-08-06 449dc72 #50803 [BUGFIX] Fatal error: "enableField=
s on non-object" in extension manager (Ernesto Baschny)
2013-08-04 3cd1045 #50466 [BUGFIX] MySQL: Use ENGINE (not TY=
PE) for storage-engine (Stefan Neufeind)
2013-08-01 db1c38b #43893 [BUGFIX] selected =3D 1 doesn't wo=
rk in FormContentObject (Wouter Wolters)
2013-08-01 f827fc9 #47123 [BUGFIX] Suppress double page entr=
y in temporary mounted pagetree (Frank Frewer)
2013-07-31 2feccc5 #36031 [TASK] Provide information about i=
mport action in TCEmain to hooks (Stefan Galinski)
2013-07-31 07f3578 #43631 [BUGFIX] RTE wizard can't "save do=
cument and view page" (Stanislas Rolland)
|
|
|
|
mk/defaults/mk.conf: build fix for various packages
Revisions pulled up:
- mk/defaults/mk.conf 1.225
---
Module Name: pkgsrc
Committed By: spz
Date: Thu Jul 4 22:35:06 UTC 2013
Modified Files:
pkgsrc/mk/defaults: mk.conf
Log Message:
typo fix (one blank needed)
|
|
|
|
lang/php53: build fix
lang/php54: build fix
Revisions pulled up:
- lang/php53/Makefile 1.42
- lang/php54/Makefile 1.12
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Aug 13 10:22:26 UTC 2013
Modified Files:
pkgsrc/lang/php53: Makefile
pkgsrc/lang/php54: Makefile
Log Message:
Allow only the PHP version itself, otherwise the multi-version logic
will trigger with failing distinfo entries.
|
|
|
|
graphics/MesaLib: build fix
Revisions pulled up:
- graphics/MesaLib/dri.mk 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Aug 27 11:14:53 UTC 2013
Modified Files:
pkgsrc/graphics/MesaLib: dri.mk
Log Message:
MesaLib's configure insists on glproto>=1.4.11, so depend on that version.
Might help on NetBSD-5.2_STABLE.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/graphics/MesaLib/dri.mk
|
|
|
|
mail/roundcube: security update
Revisions pulled up:
- mail/roundcube/Makefile 1.58
- mail/roundcube/PLIST 1.30
- mail/roundcube/distinfo 1.32
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 22 17:08:10 UTC 2013
Modified Files:
pkgsrc/mail/roundcube: Makefile PLIST distinfo
Log Message:
Update roundcube to 0.9.3.
RELEASE 0.9.3
-------------
- Fix setting refresh_interval to "Never" in Preferences (#1489286)
- Optimized UI behavior for touch devices
- Fix purge action in folder manager (#1489280)
- Fix base URL resolving on attribute values with no quotes (#1489275)
- Fix wrong handling of links with '|' character (#1489276)
- Fix colorspace issue on image conversion using ImageMagick (#1489270)
- Fix XSS vulnerability when saving HTML signatures (#1489251)
- Fix XSS vulnerability when editing a message "as new" or draft (#1489251)
- Fix rewrite rule in .htaccess (#1489240)
- Fix detecting Turkish language in ISO-8859-9 encoding (#1489252)
- Fix identity-selection using Return-Path headers (#1489241)
- Fix parsing of links with ... in URL (#1489192)
- Fix compose priority selector when opening in new window (#1489257)
- Fix bug where signature wasn't changed on identity selection when editing
a draft (#1489229)
- Fix IMAP SETMETADATA parameters quoting (#1489231)
- Fix "could not load message" error on valid empty message body (#1489228)
- Fix handling of message/rfc822 attachments on message forward and edit
(#1489214)
- Fix parsing of square bracket characters in IMAP response strings (#1489223)
- Don't clear References and in-Reply-To when a message is "edited as new"
(#1489216)
- Fix messages list sorting with THREAD=REFS
- Remove deprecated (in PHP 5.5) PREG /e modifier usage (#1489174)
- Fix empty messages list when register_globals is enabled (#1489157)
- Fix so valid and set date.timezone is not required by installer checks
(#1489180)
- Canonize boolean ini_get() results (#1489189)
- Fix so install do not fail when one of DB driver checks fails but other
drivers exist (#1489178)
- Fix so exported vCard specifies encoding in v3-compatible format (#1489183)
|
|
www/contao211: bug fix patch
www/contao30: bug fix patch
www/contao31: bug fix patch
Revisions pulled up:
- www/contao211/Makefile 1.9
- www/contao211/PLIST 1.6
- www/contao30/Makefile 1.10
- www/contao30/PLIST 1.5
- www/contao31/Makefile 1.4
- www/contao31/PLIST 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 15 17:50:04 UTC 2013
Modified Files:
pkgsrc/www/contao211: Makefile PLIST
Log Message:
Since system/config/config.php isn't configuration file, install it as
normal files. It caused trouble with old config.php.
Also, remove extra install process of system/config/.htaccess.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 15 17:52:11 UTC 2013
Modified Files:
pkgsrc/www/contao30: Makefile PLIST
Log Message:
Since system/config/default.php isn't configuration file, install it as
normal files. It might cause trouble with old default.php.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 15 17:53:23 UTC 2013
Modified Files:
pkgsrc/www/contao31: Makefile PLIST
Log Message:
Since system/config/default.php isn't configuration file, install it as
normal files. It might cause trouble with old default.php.
Bump PKGREVISION.
|
|
lang/php54: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.40,1.42 via patch
- lang/php54/Makefile 1.13-1.14
- lang/php54/Makefile.common patch
- lang/php54/PLIST 1.5
- lang/php54/distinfo 1.22-1.26 via patch
- lang/php54/patches/patch-configure 1.3
- lang/php54/patches/patch-ext_openssl_openssl.c deleted
- lang/php54/patches/patch-ext_xml_xml.c deleted
- lang/php54/patches/patch-sapi_cgi_Makefile.frag 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 14 15:43:22 UTC 2013
Modified Files:
pkgsrc/lang/php54: Makefile distinfo
Added Files:
pkgsrc/lang/php54/patches: patch-ext_openssl_openssl.c
Log Message:
Add fix fo openssl, CVE-2013-4073.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 16 00:38:24 UTC 2013
Modified Files:
pkgsrc/lang/php54: distinfo
pkgsrc/lang/php54/patches: patch-ext_openssl_openssl.c
Log Message:
Since openssl's security problem has assigned CVE-2013-4248, update comment
in the patch file.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 16 15:28:23 UTC 2013
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile PLIST distinfo
pkgsrc/lang/php54/patches: patch-configure patch-sapi_cgi_Makefile.frag
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_openssl_openssl.c
patch-ext_xml_xml.c
Log Message:
Update php54 to 5.4.18.
15 Aug 2013, PHP 5.4.18
- Core:
. Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
avp200681 gmail com).
. Fixed bug #65254 (Exception not catchable when exception thrown in autoload
with a namespace). (Laruence)
. Fixed bug #65108 (is_callable() triggers Fatal Error).
(David Soria Parra, Laruence)
. Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
(Adam)
. Fixed bug #62964 (Possible XSS on "Registered stream filters" info).
(david at nnucomputerwhiz dot com)
. Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan)
. Fixed bug #62475 (variant_* functions causes crash when null given as an
argument). (Felipe)
. Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana)
. Fixed bug #65226 (chroot() does not get enabled). (Anatol)
- CGI:
. Fixed Bug #65143 (Missing php-cgi man page). (Remi)
- CLI server:
. Fixed bug #65066 (Cli server not responsive when responding with 422 http
status code). (Adam)
- CURL:
. Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan)
- FPM:
. Fixed bug #63983 (enabling FPM borks compile on FreeBSD).
(chibisuke at web dot de, Felipe)
- FTP:
. Fixed bug #65228 (FTPs memory leak with SSL).
(marco dot beierer at mbsecurity dot ch)
- GMP:
. Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe)
- Imap:
. Fixed bug #64467 (Segmentation fault after imap_reopen failure).
(askalski at gmail dot com)
- Intl:
. Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas)
. Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
(Stas)
- mysqlnd:
. Fixed segfault in mysqlnd when doing long prepare. (Andrey)
- ODBC:
. Fixed bug #61387 (NULL valued anonymous column causes segfault in
odbc_fetch_array). (Brandon Kirsch)
- Openssl:
. Fixed handling null bytes in subjectAltName (CVE-2013-4073).
(Christian Heimes)
- PDO:
. Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
(Chris Jones)
- PDO_dblib:
. Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)).
(Stanley Sufficool)
- PDO_pgsql:
. Fixed meta data retrieve when OID is larger than 2^31. (Yasuo)
- Phar:
. Fixed Bug #65142 (Missing phar man page). (Remi)
- Session
. Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as
documented). (Arpad)
. Fixed bug #35703 (when session_name("123") consist only digits,
should warning). (Yasuo)
. Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by
oorza2k5 at gmail dot com (Yasuo)
- Sockets:
. Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
(Damjan Cvetko)
- SPL:
. Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence)
. Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator
/Spl(Temp)FileObject ctor twice). (Laruence)
. Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0,
keys are strings). (Adam)
- XML:
. Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 17 00:35:08 UTC 2013
Modified Files:
pkgsrc/lang/php54: distinfo
Log Message:
Make sure to update distinfo. Thanks to Greg Oster noted the problem to me.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 23 03:11:55 UTC 2013
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: distinfo
Log Message:
Update php54 to 5.4.19.
22 Aug 2013, PHP 5.4.19
- Core:
. Fixed bug #64503 (Compilation fails with error: conflicting types for
'zendparse'). (Laruence)
- Openssl:
. Fixed UMR in fix for CVE-2013-4248.
|
|
lang/php*: apply framework changes to make pullup requests possible
Revisions pulled up:
- lang/php/common.mk 1.1
- lang/php/ext.mk 1.30
- lang/php/phpversion.mk 1.37-1.39
- lang/php53/DESCR 1.2
- lang/php53/Makefile 1.40-1.42
- lang/php53/Makefile.common 1.28-1.29
- lang/php53/Makefile.php 1.37
- lang/php54/DESCR 1.2
- lang/php54/MESSAGE.suhosin deleted
- lang/php54/Makefile 1.9-1.10,1.12
- lang/php54/Makefile.common 1.15-1.16
- lang/php54/Makefile.php 1.6
- lang/php54/PLIST 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 21 17:29:47 UTC 2013
Modified Files:
pkgsrc/lang/php: ext.mk phpversion.mk
pkgsrc/lang/php53: Makefile.common Makefile.php
pkgsrc/lang/php54: Makefile.common Makefile.php PLIST
Added Files:
pkgsrc/lang/php: common.mk
Removed Files:
pkgsrc/lang/php54: MESSAGE.suhosin
Log Message:
Clean up php's framework.
* Define PHP's version at one place.
* Remove obsolete description in comments.
* Add "used by www/php-fpm/Makefile" in php5[34]/Makefile.php.
* Remove commented out support for suhosin extension from php54.
* Add PHP_CHECK_INSTALLED and PHP_EXTENSION_DIR to php/phpversion.mk.
No functional should be made.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 29 03:59:44 UTC 2013
Modified Files:
pkgsrc/lang/php53: Makefile Makefile.common
Log Message:
Move PHP_CHECK_INSTALLED to before including Makefile.php since it should
be defined before including lang/php/phpversion.mk.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 29 04:20:55 UTC 2013
Modified Files:
pkgsrc/lang/php54: Makefile Makefile.common
Log Message:
Move PHP_CHECK_INSTALLED to before including Makefile.php since it should
be defined before including lang/php/phpversion.mk.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 29 16:19:24 UTC 2013
Modified Files:
pkgsrc/lang/php53: DESCR Makefile
Log Message:
Explicitly note it is PHP 5.3.x pacakge in COMMENT of Makefile and DESCR
file.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 29 16:21:07 UTC 2013
Modified Files:
pkgsrc/lang/php54: DESCR Makefile
Log Message:
Explicitly note it is PHP 5.4.x pacakge in COMMENT of Makefile and DESCR
file.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 29 16:38:12 UTC 2013
Modified Files:
pkgsrc/lang/php: phpversion.mk
Log Message:
* Add php55 support.
* Make PKG_PHP's value as description in comment.
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Aug 13 10:22:26 UTC 2013
Modified Files:
pkgsrc/lang/php53: Makefile
pkgsrc/lang/php54: Makefile
pkgsrc/lang/php55: Makefile
Log Message:
Allow only the PHP version itself, otherwise the multi-version logic
will trigger with failing distinfo entries.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 14 14:53:03 UTC 2013
Modified Files:
pkgsrc/lang/php: phpversion.mk
Log Message:
Correct checking condition of PHP_CHECK_INSTALLED.
|
|
lang/php53: security patch
Revisions pulled up:
- lang/php53/Makefile 1.43 via patch
- lang/php53/distinfo 1.67-1.68
- lang/php53/patches/patch-ext_openssl_openssl.c 1.1-1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 14 15:42:56 UTC 2013
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c
Log Message:
Add fix fo openssl, CVE-2013-4073.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 16 00:38:13 UTC 2013
Modified Files:
pkgsrc/lang/php53: distinfo
pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c
Log Message:
Since openssl's security problem has assigned CVE-2013-4248, update comment
in the patch file.
|
|
emulators/suse121_compat: security update
Revisions pulled up:
- emulators/suse121_compat/Makefile 1.2
- emulators/suse121_compat/distinfo 1.2
- emulators/suse121_compat/suse.i386.mk 1.1
---
Module Name: pkgsrc
Committed By: obache
Date: Sun Aug 25 12:20:25 UTC 2013
Modified Files:
pkgsrc/emulators/suse121_compat: Makefile distinfo
Added Files:
pkgsrc/emulators/suse121_compat: suse.i386.mk
Log Message:
Add missing compat RPM for i386.
PR pkg/48153.
Bump PKGREVISION.
|
|
in pullup ticket #4218.
|
|
|
|
devel/xulrunner17: security update
Revisions pulled up:
- devel/xulrunner17/Makefile 1.12-1.15
- devel/xulrunner17/PLIST 1.5
- devel/xulrunner17/buildlink3.mk 1.10
- devel/xulrunner17/dist.mk 1.7-1.8
- devel/xulrunner17/distinfo 1.10-1.12
- devel/xulrunner17/patches/patch-dist_stl__wrappers_ios 1.1
- devel/xulrunner17/patches/patch-dist_stl__wrappers_ostream 1.1
- devel/xulrunner17/patches/patch-ipc_chromium_src_base_file__util.cc 1.1
- devel/xulrunner17/patches/patch-ipc_chromium_src_base_file__util__posix.cc 1.2
- devel/xulrunner17/patches/patch-ipc_chromium_src_base_pickle.cc 1.1
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Jul 9 10:53:14 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile dist.mk distinfo
Log Message:
Update to 17.0.7
Changelog:
FIXED
Security fixes can be found here
Fixed in Firefox ESR 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Jul 16 22:27:45 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: distinfo
pkgsrc/devel/xulrunner17/patches:
patch-ipc_chromium_src_base_file__util__posix.cc
Added Files:
pkgsrc/devel/xulrunner17/patches: patch-dist_stl__wrappers_ios
patch-dist_stl__wrappers_ostream
patch-ipc_chromium_src_base_file__util.cc
patch-ipc_chromium_src_base_pickle.cc
Log Message:
Add visibility wrapper around ios and ostream. Don't use false as null
pointer.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Aug 2 12:17:57 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile PLIST buildlink3.mk
Log Message:
Remove pkg-config *.pc files from standard place.
* Avoid potential conflicts between xulrunners.
* Fix buildlink3.mk to handle pc files properly.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Aug 2 12:18:41 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile
Log Message:
Bump PKGREVISION for previous.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Aug 8 13:01:38 UTC 2013
Modified Files:
pkgsrc/devel/xulrunner17: Makefile dist.mk distinfo
Log Message:
Update to 17.0.8
Changelog:
Fixed in Firefox ESR 17.0.8
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
|
|
|
|
net/filezilla: security update
Revisions pulled up:
- net/filezilla/Makefile 1.44-1.45
- net/filezilla/PLIST 1.10
- net/filezilla/distinfo 1.17-1.18
- net/filezilla/patches/patch-CVE-2013-4206 1.1
- net/filezilla/patches/patch-CVE-2013-4208 1.1
- net/filezilla/patches/patch-CVE-2013-4852-1 deleted
- net/filezilla/patches/patch-CVE-2013-4852-2 deleted
- net/filezilla/patches/patch-CVE-2013-4852-3 deleted
- net/filezilla/patches/patch-aa deleted
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 6 12:55:10 UTC 2013
Modified Files:
pkgsrc/net/filezilla: Makefile distinfo
Added Files:
pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2 patch-CVE-2013-4852-3
Log Message:
apply patches from pkgsrc/security/putty to fix embedded sftp client
bump PKGREV
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Aug 7 16:48:49 UTC 2013
Modified Files:
pkgsrc/net/filezilla: Makefile PLIST distinfo
Added Files:
pkgsrc/net/filezilla/patches: patch-CVE-2013-4206
patch-CVE-2013-4208 Removed Files:
pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2 patch-CVE-2013-4852-3 patch-aa
Log Message:
update to 3.7.2
This is a major update, many fixes and improvements.
Main reason for the update was to sync the embedded sftp client
with putty after fixes for vulnerabilities.
|
|
security/putty: security update
Revisions pulled up:
- security/putty/Makefile 1.34-1.35
- security/putty/distinfo 1.14-1.15
- security/putty/patches/patch-CVE-2013-4852-1 deleted
- security/putty/patches/patch-CVE-2013-4852-2 deleted
- security/putty/patches/patch-import.c 1.2-1.3
- security/putty/patches/patch-terminal.c deleted
- security/putty/patches/patch-timing.c 1.2
- security/putty/patches/patch-unix_gtkfont_c deleted
- security/putty/patches/patch-unix_gtkwin.c 1.3
- security/putty/patches/patch-unix_uxnet.c 1.2
- security/putty/patches/patch-unix_uxucs.c 1.2
- security/putty/patches/patch-windows_window.c 1.2
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 6 12:23:37 UTC 2013
Modified Files:
pkgsrc/security/putty: Makefile distinfo
pkgsrc/security/putty/patches: patch-import.c
Added Files:
pkgsrc/security/putty/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2
Log Message:
add patch from upstream to fix possible heap overflow in SSH handshake
due to integer overflow (CVE-2013-4852)
bump PKGREV
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Aug 7 11:06:39 UTC 2013
Modified Files:
pkgsrc/security/putty: Makefile distinfo
pkgsrc/security/putty/patches: patch-import.c patch-timing.c
patch-unix_gtkwin.c patch-unix_uxnet.c patch-unix_uxucs.c
patch-windows_window.c
Removed Files:
pkgsrc/security/putty/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2 patch-terminal.c patch-unix_gtkfont_c
Log Message:
update to 0.63
This fixes a buffer overflow which was patched in pkgsrc
(CVE-2013-4852), two other buffer overflows (CVE-2013-4206,
CVE-2013-4207), and it clears private keys after use now
(CVE-2013-4208). Other than that, there are mostly bug fixes from 0.62
and a few small features.
|
|
|
|
net/chrony: security update
Revisions pulled up:
- net/chrony/Makefile 1.29
- net/chrony/PLIST 1.5
- net/chrony/distinfo 1.8
- net/chrony/files/chronyd.sh 1.5
- net/chrony/patches/patch-aa 1.5
- net/chrony/patches/patch-ab 1.5
- net/chrony/patches/patch-ac 1.5
- net/chrony/patches/patch-ad 1.4
- net/chrony/patches/patch-ae 1.5
- net/chrony/patches/patch-af 1.4
- net/chrony/patches/patch-ag 1.4
---
Module Name: pkgsrc
Committed By: hannken
Date: Fri Aug 16 08:30:20 UTC 2013
Modified Files:
pkgsrc/net/chrony: Makefile PLIST distinfo
pkgsrc/net/chrony/files: chronyd.sh
pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae
patch-af
Added Files:
pkgsrc/net/chrony/patches: patch-ag
Log Message:
Update chrony to version 1.29. For a full list of changes
since 1.24 see file NEWS in the distfile.
Security fixes since 1.24:
* Fix crash when processing crafted commands (CVE-2012-4502)
(possible with IP addresses allowed by cmdallow and localhost)
* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES
replies (CVE-2012-4503) (not used by chronyc)
Reviewed by: Joerg Sonnenberger <joerg%netbsd.org@localhost>
|
|
devel/doxygen: build fix
Revisions pulled up:
- devel/doxygen/distinfo 1.50
- devel/doxygen/patches/patch-tmake_lib_macosx-c++_tmake.conf 1.1
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Aug 20 17:41:15 UTC 2013
Modified Files:
pkgsrc/devel/doxygen: distinfo
Added Files:
pkgsrc/devel/doxygen/patches: patch-tmake_lib_macosx-c++_tmake.conf
Log Message:
Fix build on Mac OS 10.8 by removing an unsupported compiler option.
|
|
lang/python27: security patch
Revisions pulled up:
- lang/python27/Makefile 1.27
- lang/python27/PLIST.common 1.6
- lang/python27/distinfo 1.25
- lang/python27/patches/patch-Lib_test_nullbytecert.pem 1.1
- lang/python27/patches/patch-Lib_test_test__ssl.py 1.1
- lang/python27/patches/patch-Misc_NEWS 1.1
- lang/python27/patches/patch-Modules___ssl.c 1.2
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Aug 18 13:42:14 UTC 2013
Modified Files:
pkgsrc/lang/python27: Makefile PLIST.common distinfo
pkgsrc/lang/python27/patches: patch-Modules___ssl.c
Added Files:
pkgsrc/lang/python27/patches: patch-Lib_test_nullbytecert.pem
patch-Lib_test_test__ssl.py patch-Misc_NEWS
Log Message:
patch for CVE-2013-4238 taken from
http://hg.python.org/cpython/rev/bd2360476bdb
|
|
|
|
mail/dovecot2: security update
Revisions pulled up:
- mail/dovecot2/Makefile 1.46,1.50 via patch
- mail/dovecot2/PLIST 1.25-1.26
- mail/dovecot2/distinfo 1.36,1.38
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Jul 2 15:38:19 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.4:
+ doveadm: Added "flags" command to modify message flags.
+ doveadm: Added "deduplicate" command to expunge message duplicates.
+ dsync: Show the state in process title with verbose_proctitle=yes.
- imap/pop3 proxy: Master user logins were broken in v2.2.3
- sdbox/mdbox: A corrupted index header with wrong size was never
automatically fixed in v2.2.3.
- mbox: Fixed assert-crashes related to locking
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Aug 15 09:42:41 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.5:
+ SSL: Added support for ECDH/ECDHE cipher suites
+ Added some missing man pages
+ quota-status: Added quota_status_toolarge setting
- director: Users near expiration could have been redirected to
different servers at the same time.
- pop3: Avoid assert-crash if client disconnects during LIST.
- mdbox: Corrupted index header still wasn't automatically fixed.
- dsync: Various fixes to work better with imapc and pop3c storages.
- ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl
symbols conflicted with Cyrus SASL library.
- imap: Various error handling fixes to CATENATE. (Found using
Apple's stress test script.)
|
|
|
|
www/cvsweb: Perl compatibility patch
Revisions pulled up:
- www/cvsweb/Makefile 1.40
- www/cvsweb/distinfo 1.17
- www/cvsweb/patches/patch-cvsweb.cgi 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Jul 30 13:01:11 UTC 2013
Modified Files:
pkgsrc/www/cvsweb: Makefile distinfo
Added Files:
pkgsrc/www/cvsweb/patches: patch-cvsweb.cgi
Log Message:
Fix warnings from newer perl versions
|
|
www/py-werkzeug-docs: packaging fix
Revisions pulled up:
- www/py-werkzeug-docs/Makefile 1.2
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 5 08:40:14 UTC 2013
Modified Files:
pkgsrc/www/py-werkzeug-docs: Makefile
Log Message:
Simplify PKGNAME for older make(1)s or other parsers.
|
|
|
|
net/samba35: security update
Revisions pulled up:
- net/samba35/Makefile 1.31
- net/samba35/distinfo 1.16
- net/samba35/patches/patch-af 1.6
- net/samba35/patches/patch-ah 1.3
- net/samba35/patches/patch-ap 1.2
- net/samba35/patches/patch-aq 1.4
- net/samba35/patches/patch-av 1.3
- net/samba35/patches/patch-aw 1.2
- net/samba35/patches/patch-ba 1.2
- net/samba35/patches/patch-bb 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 12 02:47:32 UTC 2013
Modified Files:
pkgsrc/net/samba35: Makefile distinfo
pkgsrc/net/samba35/patches: patch-af patch-ah patch-ap patch-aq
patch-av patch-aw patch-ba patch-bb
Log Message:
Update samba35 to 3.5.22, security release.
==============================
Release Notes for Samba 3.5.22
August 05, 2013
==============================
This is a security release in order to address
CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
server to loop with DOS).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes since 3.5.21:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
|
|
net/samba: security update
Revisions pulled up:
- net/samba/Makefile 1.235,1.237
- net/samba/Makefile.mirrors 1.10
- net/samba/PLIST 1.54
- net/samba/distinfo 1.91-1.92
- net/samba/patches/patch-ac 1.15
- net/samba/patches/patch-ad 1.19
- net/samba/patches/patch-ae 1.11
- net/samba/patches/patch-af 1.12
- net/samba/patches/patch-ah 1.7
- net/samba/patches/patch-ai 1.7
- net/samba/patches/patch-aj 1.7
- net/samba/patches/patch-ak 1.6
- net/samba/patches/patch-an 1.4
- net/samba/patches/patch-ao 1.4
- net/samba/patches/patch-aq 1.4
- net/samba/patches/patch-as 1.4
- net/samba/patches/patch-av 1.5
- net/samba/patches/patch-aw 1.4
- net/samba/patches/patch-ba 1.11
- net/samba/patches/patch-bb 1.5
- net/samba/patches/patch-bf 1.6
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 3 20:00:48 UTC 2013
Modified Files:
pkgsrc/net/samba: Makefile PLIST distinfo
pkgsrc/net/samba/patches: patch-bf
Log Message:
Changes 3.6.16:
* BUG 9881: Link dbwrap_tool and dbwrap_torture against libtevent.
* BUG 9722: Properly handle Oplock breaks in compound requests.
* BUG 9822: Fix crash bug during Win8 sync.
* BUG 9927: errno gets overwritten in call to check_parent_exists().
* BUG 8997: Change libreplace GPL source to LGPL.
* BUG 9900: is_printer_published GUID retrieval.
* BUG 9941: Fix a bug of drvupgrade of smbcontrol.
* BUG 9868: Don't know how to make LIBNDR_PREG_OBJ.
* BUG 9688: Remove "experimental" label on "max protocol=SMB2" parameter.
* BUG 9881: Check for system libtevent.
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jul 4 19:31:10 UTC 2013
Modified Files:
pkgsrc/net/samba: Makefile.mirrors
Log Message:
Fix URL.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 12 02:45:55 UTC 2013
Modified Files:
pkgsrc/net/samba: Makefile distinfo
pkgsrc/net/samba/patches: patch-ac patch-ad patch-ae patch-af patch-ah
patch-ai patch-aj patch-ak patch-an patch-ao patch-aq patch-as
patch-av patch-aw patch-ba patch-bb
Log Message:
Update samba to 3.6.17, security release.
==============================
Release Notes for Samba 3.6.17
August 05, 2013
==============================
This is a security release in order to address
CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
server to loop with DOS).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes since 3.6.16:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
|
|
|
|
graphics/glx-utils: build fix
Revisions pulled up:
- graphics/glx-utils/Makefile 1.11
- graphics/glx-utils/hacks.mk 1.1
---
Module Name: pkgsrc
Committed By: khorben
Date: Sat Aug 10 23:02:26 UTC 2013
Modified Files:
pkgsrc/graphics/glx-utils: Makefile
Added Files:
pkgsrc/graphics/glx-utils: hacks.mk
Log Message:
Crude compilation fix for graphics/glx-utils:
- MesaDemos 7.11.2 was never released
- fall back to MesaDemos 7.4.4 for the time being (as still found in
distinfo)
|
|
mail/thunderbird: security update
Revisions pulled up:
- mail/thunderbird/Makefile 1.118-1.119
- mail/thunderbird/distinfo 1.123-1.124,1.126-1.127
---
Module Name: pkgsrc
Committed By: ryoon
Date: Tue Jul 9 10:57:20 UTC 2013
Modified Files:
pkgsrc/mail/thunderbird: Makefile distinfo
Log Message:
Update to 17.0.7
Changelog:
FIXED
Security fixes can be found here
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jul 9 21:25:24 UTC 2013
Modified Files:
pkgsrc/mail/thunderbird: distinfo
Log Message:
restore enigmail checksums, again.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Aug 10 00:31:20 UTC 2013
Modified Files:
pkgsrc/mail/thunderbird: Makefile distinfo
Log Message:
Update to 17.0.8
Changelog:
Security bugfixes.
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)
---
Module Name: pkgsrc
Committed By: khorben
Date: Sat Aug 10 23:26:31 UTC 2013
Modified Files:
pkgsrc/mail/thunderbird: distinfo
Log Message:
Fixed building thunderbird with the "mozilla-enigmail" option enabled.
|
|
time/kronolith: packaging fix patch
Revisions pulled up:
- time/kronolith/Makefile 1.22
- time/kronolith/PLIST 1.13
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Aug 7 19:19:58 UTC 2013
Modified Files:
pkgsrc/time/kronolith: Makefile PLIST
Log Message:
Install missing files, especially kronolith/calendars/ which contains code
needed to manage calendars.
|
|
|
|
mail/dovecot2: bug fix patch
Revisions pulled up:
- mail/dovecot2/Makefile 1.48
- mail/dovecot2/distinfo 1.37
- mail/dovecot2/patches/patch-src_plugins_quota_quota-fs.c 1.4
- mail/dovecot2/patches/patch-src_plugins_quota_quota-fs.h 1.4
---
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Aug 5 23:12:42 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile distinfo
Added Files:
pkgsrc/mail/dovecot2/patches: patch-src_plugins_quota_quota-fs.c
patch-src_plugins_quota_quota-fs.h
Log Message:
Fix (again) NetBSD libquota support.
|
|
lang/php54: security update
Revisions pulled up:
- lang/php54/Makefile.common 1.14 via patch
- lang/php54/distinfo 1.19-1.20 via patch
- lang/php54/patches/patch-main_streams_cast.c 0-1.3 via patch
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 7 13:37:53 UTC 2013
Modified Files:
pkgsrc/lang/php54: Makefile.common distinfo
Removed Files:
pkgsrc/lang/php54/patches: patch-main_streams_cast.c
Log Message:
Update php54 to 5.4.17.
04 Jul 2013, PHP 5.4.17
- Core:
. Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence)
. Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence)
. Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence)
. Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas,
Jonathan Oddy)
. Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol)
. Fixed bug #64166 (quoted-printable-encode stream filter incorrectly
discarding whitespace). (Michael M Slusarz)
- DateTime:
. Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
(Gustavo, Derick, Anatol)
- FPM:
. Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi)
. Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan)
- PDO:
. Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to
the same db server). (Laruence)
- PDO_DBlib:
. Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib).
(Stanley Sufficool)
. Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley
Sufficool)
. Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed
statement crashes). (Stanley Sufficool)
- PDO_firebird:
. Fixed bug #64037 (Firebird return wrong value for numeric field).
(Matheus Degiovani, Matteo)
. Fixed bug #62024 (Cannot insert second row with null using parametrized
query). (patch by james@kenjim.com, Matheus Degiovani, Matteo)
- PDO_mysql:
. Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT,
TINYINT and YEAR). (Antony, Daniel Beardsley)
- PDO_pgsql:
. Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
- pgsql:
. Fixed bug #64609 (pg_convert enum type support). (Matteo)
- Readline:
. Implement FR #55694 (Expose additional readline variable to prevent
default filename completion). (Hartmel)
- SPL:
. Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on
64-bits systems). (Laruence)
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jul 8 13:16:22 UTC 2013
Modified Files:
pkgsrc/lang/php54: distinfo
Added Files:
pkgsrc/lang/php54/patches: patch-main_streams_cast.c
Log Message:
Correct condition for NetBSD 6.0 and later to fix build problem on NetBSD
6.0. Reported by Jörn Clausen as PR pkg/48029.
|
|
net/nagios-base: security update
Revisions pulled up:
- net/nagios-base/Makefile 1.47
- net/nagios-base/distinfo 1.17
---
Module Name: pkgsrc
Committed By: obache
Date: Mon Aug 5 10:43:55 UTC 2013
Modified Files:
pkgsrc/net/nagios-base: Makefile distinfo
Log Message:
Update nagios-base to 3.4.4.
3.4.4 - 01/12/2013
------------------
* Reenabled check for newer versions of Nagios Core (Mike Guthrie)
* Fixed bug #408: service checks get duplicated on reload (Eric Stanley)
* Fixed bug #401: segmentation fault on Solaris when parsing unknown timeperiod
directives. (Eric Stanley)
* Added NULL pointer checks to CGI code. (Eric Stanley)
* Fixed buffer overflow vulnerability in CGI code. Thanks to Neohapsis
(http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html)
for finding this. (Eric Stanley)
|
|
|
|
databases/mysql55-client: distfile update
databases/mysql55-server: distfile update
Revisions pulled up:
- databases/mysql55-client/Makefile 1.10 via patch
- databases/mysql55-client/Makefile.common 1.29
- databases/mysql55-client/distinfo 1.24
- databases/mysql55-server/Makefile 1.14 via patch
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 17 21:22:40 UTC 2013
Modified Files:
pkgsrc/databases/mysql55-client: Makefile Makefile.common distinfo
pkgsrc/databases/mysql55-server: Makefile
Log Message:
Distfile got changed (licence clause in mans). Revision bump.
Don't use mk/readline.buildlink3.mk! Must be devel/readline/buildlink3.mk!
|
