pkgsrc - [no description]

Age	Commit message (Collapse)	Author	Files	Lines
2013-12-29	Pullup ticket #4278.pkgsrc_2013Q3	tron	1	-1/+3

2013-12-29	Pullup ticket #4278 - requested by pettai	tron	3	-11/+44
	security/py-denyhosts: security patch Revisions pulled up: - security/py-denyhosts/Makefile 1.9 - security/py-denyhosts/distinfo 1.4-1.5 - security/py-denyhosts/patches/patch-af 1.2 --- Module Name: pkgsrc Committed By: pettai Date: Thu Dec 26 23:30:41 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: Makefile distinfo pkgsrc/security/py-denyhosts/patches: patch-af Log Message: Fix for CVE-2013-6890 --- Module Name: pkgsrc Committed By: pettai Date: Sun Dec 29 20:27:55 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: distinfo Log Message: Fixed broken checksum
2013-12-20	pullups 4276 and 4277	spz	1	-1/+5

2013-12-20	Pullup ticket #4277 - requested by is	spz	2	-1/+22
	graphics/gd: build fix for e.g. arm Revisions pulled up: - graphics/gd/distinfo 1.34-1.35 - graphics/gd/patches/patch-src_gd__bmp.c 1.1-1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: dholland Date: Mon Nov 11 20:38:16 UTC 2013 Modified Files: pkgsrc/graphics/gd: distinfo Added Files: pkgsrc/graphics/gd/patches: patch-src_gd__bmp.c Log Message: Don't use ceill(); it isn't needed here and causes problems. See PR 48334. Technically this change should bump PKGREVISION (as it changes the binary package ever so slightly for platforms where the ceill() didn't cause a build failure) but I'm going to let it slide. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 pkgsrc/graphics/gd/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c ------------------------------------------------------------------- Module Name: pkgsrc Committed By: dholland Date: Mon Nov 11 21:34:40 UTC 2013 Modified Files: pkgsrc/graphics/gd: distinfo pkgsrc/graphics/gd/patches: patch-src_gd__bmp.c Log Message: Add upstream report URL per PR 48334. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 pkgsrc/graphics/gd/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c
2013-12-20	Pullup ticket #4276 - requested by tron	spz	6	-18/+29
	net/wireshark: security update Revisions pulled up: - net/wireshark/DESCR 1.4 - net/wireshark/Makefile 1.112 - net/wireshark/distinfo 1.71 - net/wireshark/patches/patch-aa 1.13 - net/wireshark/patches/patch-ab 1.4 - net/wireshark/patches/patch-ac 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Dec 18 11:52:26 UTC 2013 Modified Files: pkgsrc/net/wireshark: DESCR Makefile distinfo pkgsrc/net/wireshark/patches: patch-aa patch-ab patch-ac Log Message: Update "wireshark" package to version 1.10.4. Changes since version 1.10.3: - Bug Fixes The following vulnerabilities have been fixed. * wnpa-sec-2013-66 The SIP dissector could go into an infinite loop. Discovered by Alain Botti. (Bug 9388) Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 CVE-2013-7112 * wnpa-sec-2013-67 The BSSGP dissector could crash. Discovered by Laurent Butti. (Bug 9488) Versions affected: 1.10.0 to 1.10.3 CVE-2013-7113 * wnpa-sec-2013-68 The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 CVE-2013-7114 The following bugs have been fixed: * "On-the-wire" packet lengths are limited to 65535 bytes. (Bug 8808, ws-buglink:9390) * Tx MCS set is not interpreted properly in WLAN beacon frame. (Bug 8894) * VoIP Graph Analysis window - some calls are black. (Bug 8966) * Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031) * epan/follow.c - Incorrect "bytes missing in capture file" in "check_fragments" due to an unsigned int wraparound?. (Bug 9112) * gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus result. (Bug 9382) * Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383) * Timestamp decoded for Gigamon trailer is not padded correctly. (Bug 9433) * SEL Fast Message Bug-fix for Signed 16-bit Integer Fast Meter Messages. (Bug 9435) * DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug 9442) * GSM SMS User Data header fill bits are wrong when using a 7 bits ASCII / IA5 encoding. (Bug 9478) * WCDMA RLC dissector cannot assemble PDUs with SNs skipped and wrap-arounded. (Bug 9505) * DTLS: fix buffer overflow in mac check. (Bug 9512) * Correct data length in SCSI_DATA_IN packets (within iSCSI). (Bug 9521) * GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th. (Bug 9550) * Fix "decode as ..." for packet-time.c. (Bug 9563) - Updated Protocol Support ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS, IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/DESCR cvs rdiff -u -r1.111 -r1.112 pkgsrc/net/wireshark/Makefile cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/wireshark/distinfo cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/wireshark/patches/patch-aa cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/patches/patch-ab cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/wireshark/patches/patch-ac
2013-12-18	Pullup ticket #4275.	tron	1	-1/+3

2013-12-18	Pullup ticket #4275 - requested by taca	tron	3	-8/+7
	devel/ruby-i18n: security update Revisions pulled up: - devel/ruby-i18n/Makefile 1.9 - devel/ruby-i18n/PLIST 1.5 - devel/ruby-i18n/distinfo 1.8 --- Module Name: pkgsrc Committed By: taca Date: Mon Dec 16 09:21:34 UTC 2013 Modified Files: pkgsrc/devel/ruby-i18n: Makefile PLIST distinfo Log Message: Update ruby-i18n to 0.6.9. This is security fix. * Add I18n::exists? method. * Add I18n.locale_available? method. * Delete unused files. * I18n::MissingTranslation exception escapes key names for its html_message, fixing CVE-2013-4492. * Use CGI.escapeHTML instead of CGI.escape_html for Ruby 1.8.7. * Fix an issue with setting I18n.config.enforce_available_locales.
2013-12-17	Pullup ticket #4274.	tron	1	-1/+3

2013-12-17	Pullup ticket #4274 - requested by taca	tron	3	-10/+11
	www/typo3_45: security update Revisions pulled up: - www/typo3_45/Makefile 1.28-1.29 - www/typo3_45/PLIST 1.13 - www/typo3_45/distinfo 1.23-1.24 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:41:07 UTC 2013 Modified Files: pkgsrc/www/typo3_45: Makefile distinfo Log Message: Update typo345 to 4.5.31 (TYPO3 4.5.31). 2013-11-26 434ce71 [RELEASE] Release of TYPO3 4.5.31 (TYPO3 Release Team) 2013-11-19 396534e #53758 [BUGFIX] Table cache_imagesizes is defined twice (Michiel Roos) 2013-11-19 3f2ed1d #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-15 428baac #17493 [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind) 2013-11-11 6755f40 #37948 [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar) 2013-11-11 082facd #31998 [BUGFIX] Faulty check for missing SMTP port (Stefan Neufeind) 2013-11-09 c581f33 #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Stefan Neufeind) 2013-11-09 7b08aa9 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-11-04 d372f5f #38055 [BUGFIX] Remove declare(encoding=) (Josef Florian Glatz) 2013-10-28 5ae438c #53075 [BUGFIX] Cannot auto-load SC_* classes (Ernesto Baschny) 2013-10-22 b5d6e9f #50881 [TASK] Added missing core autoloaded files (Ernesto Baschny) 2013-10-13 5b072ff #52759 [BUGFIX] Object passed to date() (Philipp Gampe) 2013-10-12 6371e46 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-12 78871e2 #37611 [BUGFIX] Select available page when changing WS (Thorsten Kahler) 2013-10-11 ce02c01 #36573 [BUGFIX] Add workspace overlay for fetched records. (Anja Leichsenring) 2013-10-11 d114ddb #37065 [BUGFIX] Don't show duplicates in workspace preview (Timo Webler) 2013-10-06 3289c39 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 cd1e12b #52091,#51684 [BUGFIX] Check for string before using strlen (Markus Klein) 2013-09-26 c8d2033 #34886 [BUGFIX] CF FileBackend unlimited lifetime support (Dominique Feyer) 2013-09-18 ef6dc06 [BUGFIX] Fix cropping of transparent gifs with im6. (Felix Bu$(Q+m(Bnemann) 2013-09-12 70ce540 #51803 [TASK] Use a 401 header if login is not successful (Georg Ringer) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:18:33 UTC 2013 Modified Files: pkgsrc/www/typo3_45: Makefile PLIST distinfo Log Message: Update typo3_45 package to 4.5.32 (TYPO3 4.5.32). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ - Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous commit. 2013-12-10 1956962 [RELEASE] Release of TYPO3 4.5.32 (TYPO3 Release Team) 2013-12-10 60576d1 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 77dc1c4 #42772 [SECURITY] XSS in colorpicker wizard (Anja Leichsenring) 2013-12-10 52d3bff #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 cae8739 #20811 [SECURITY] XSS vulnerability in extension manager (Marcus Krause) 2013-12-10 ba92f0a #41714 [SECURITY] Information Disclosure in Wizards (Anja Leichsenring) 2013-12-10 63ff910 #54099 [SECURITY] Fix open redirection in openid extension (Anja Leichsenring) 2013-12-10 c4d1336 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter) 2013-12-10 5342284 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 b360a1a #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 78ee538 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause) 2013-12-08 5aa4ab2 #54282 [BUGFIX] Fix failing test (Anja Leichsenring) 2013-12-08 6add221 #54280 [BUGFIX] Fix failing test (Anja Leichsenring) 2013-12-02 0c3fa95 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 d353ab0 #54120 Revert "[BUGFIX] Object passed to date()" (Markus Klein) 2013-11-29 309e93a #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn) 2013-11-26 1d95cad #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)
2013-12-16	Pullup tickets #4267, #4269, #4270, #4271, #4272 and #4273.	tron	1	-1/+15

2013-12-16	Pullup ticket #4273 - requested by taca	tron	2	-6/+6
	net/samba: security update Revisions pulled up: - net/samba/Makefile 1.241 - net/samba/distinfo 1.96 --- Module Name: pkgsrc Committed By: taca Date: Mon Dec 9 10:44:22 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Update samba to 3.6.22; Security fix for CVE-2012-6150. Changes since 3.6.21: --------------------- o Jeremy Allison <jra@samba.org> * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. o Stefan Metzmacher <metze@samba.org> * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. o Noel Power <noel.power@suse.com> * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't member of any require_membership_of specified groups. Changes since 3.6.20: --------------------- o Jeremy Allison <jra@samba.org> * BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages. * BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory". * BUG 10187: Missing talloc_free can leak stackframe in error path. * BUG 10247: xattr: Fix listing EAs on BSD for non-root users. o Korobkin <korobkin+samba@gmail.com> BUG 10118: Raise debug level for being unable to open a printer. o Volker Lendecke <vl@samba.org> * BUG 10195: nsswitch: Fix short writes in winbind_write_sock. o Arvid Requate <requate@univention.de> * BUG 10267: Fix Windows 8 printing via local printer drivers. o Andreas Schneider <asn@cryptomilk.org> * BUG 10194: Make offline logon cache updating for cross child domain group membership.
2013-12-16	Pullup ticket #4272 - requested by taca	tron	3	-10/+11
	www/typo3_61: security update Revisions pulled up: - www/typo3_61/Makefile 1.2-1.3 - www/typo3_61/PLIST 1.2 - www/typo3_61/distinfo 1.2-1.3 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:45:04 UTC 2013 Modified Files: pkgsrc/www/typo3_61: Makefile PLIST distinfo Log Message: Update typo3_61 to 6.1.6 (TYPO3 6.1.6). 2013-11-26 3f69433 [RELEASE] Release of TYPO3 6.1.6 (TYPO3 Release Team) 2013-11-26 3eda399 #53918 [BUGFIX] t3skin calls addIconSprite for each lang (Michiel Roos) 2013-11-24 93ed8d2 #51650 [BUGFIX] TS: Allow "0" as strPad.padWith (Lars Peipmann) 2013-11-24 aed6051 #15958 [BUGFIX] Reload list module on clickmenu action (Bernhard Kraft) 2013-11-21 7042298 #53802 [BUGFIX] Fix moving/copying files and folders between storages (Frans Saris) 2013-11-21 b78c694 #53844 [BUGFIX] Fix regression in ResourceCompressor (Markus Klein) 2013-11-20 3d3de05 #53243 [BUGFIX] Filemtime / Filesize trigger warning (Tomita Militaru) 2013-11-20 6c5d53d #53458 [BUGFIX] Fluid paginate widget wrong number of links (Klaas Johan Kooistra) 2013-11-20 52b751e Revert "[BUGFIX] Page module: Allow to paste in empty columns" (Markus Klein) 2013-11-20 dbcaf93 #44002,#35980, [BUGFIX] Page module: Allow to paste in empty columns (Bernhard Kraft) 2013-11-19 023014c #38766 [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel) 2013-11-19 9d97a70 #53773 [BUGFIX] Fix JS error in lang module (Markus Klein) 2013-11-19 170f084 #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-19 abcd5e9 #34544 [BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action (Ralf Hettinger) 2013-11-19 ba82fac #51998 [BUGFIX] ExtDirect StateProvider should store all settings (Johannes Feustel) 2013-11-19 571c8c9 #53746 [TASK] Optimization in AbstractViewHelper (Wouter Wolters) 2013-11-18 33b0d1b #53707 [BUGFIX] Rename hook in VariableFrontend.php (Nicole Cordes) 2013-11-18 fbd9379 #53711 [BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc (Markus Klein) 2013-11-18 fa87ad9 #53014 [BUGFIX] Check for query failures in admin methods (Thomas Maroschik) 2013-11-15 7223b78 Revert "[BUGFIX] EM: Fetch list as html, not as json" (Helmut Hummel) 2013-11-14 62f7e87 #45724 [BUGFIX] FILES.folder does not work (Stefan Froemken) 2013-11-14 c65640d #51234 [BUGFIX] Move beuser property mappings to global scope (Philipp Gampe) 2013-11-14 35a95b0 #17493 [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind) 2013-11-13 fd66dfc #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Georg Ringer) 2013-11-13 0641f4f #51918 [BUGFIX] Native date and datetime values do not consider timezone (Oliver Hader) 2013-11-12 9aa1fa2 #52926 [BUGFIX] Compressor resolves dots in filenames correctly (Christian Kuhn) 2013-11-12 fa77640 #53115 [BUGFIX] T3editor: Make errors/exceptions show correctly (Stefan Neufeind) 2013-11-12 259c64d #22136 [BUGFIX] Fix menu popup for all IE versions (Alexander Opitz) 2013-11-12 ffd8480 #52934 [BUGFIX] dataTables: Avoid sending cookie-data too often (Stefan Neufeind) 2013-11-12 c3b0ebc #53399 [BUGFIX] Wrong usage-text for cli_dispatch (Tomita Militaru) 2013-11-12 dcdb7bb #52904 [BUGFIX] Evaluator in JS fails with namespaces (Stefan Aebischer) 2013-11-12 cf50919 #53538 [BUGFIX] Make be.buttons.icon-ViewHelper extensible (Stefan Neufeind) 2013-11-11 fbb19b4 #52727 [TASK] Hard-coded labels in file collections (Tomita Militaru) 2013-11-11 3dd29c3 #37948 [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar) 2013-11-11 a3153a3 #52488 [BUGFIX] Call to FlashMessageQueue::addMessage() method in extbase (Markus Klein) 2013-11-11 b61f34f #53423 [BUGFIX] EM: Fetch list as html, not as json (Stefan Neufeind) 2013-11-10 093d7ac #52173 [BUGFIX] Correct storage selection (follow-up) (Ernesto Baschny) 2013-11-09 7015242 #53477 [TASK] Fix superfluous strlen() on constant strings (Steffen Ritter) 2013-11-09 827bf21 #47040 [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Froemken) 2013-11-09 0b03e72 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-11-08 6f1625f #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Tomita Militaru) 2013-10-23 d34bde3 #31572 [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche) 2013-10-18 840a3a6 #35073 [BUGFIX] Enable BE search for multiple mountpoints (Georg Ringer) 2013-10-17 775a077 #52931 [TASK] Exclude central Modernizr from concatenation (Stefan Neufeind) 2013-10-17 0382419 #52570 [TASK] Tests for Persistence\Generic\Backend::getIdentifierByObject (Stefan Neufeind) 2013-10-17 b78dc4e #50548 [BUGFIX] Getting the identifier for a lazy object fails (Marc Bastian Heinrichs) 2013-10-16 2f1fb3f #52529 [BUGFIX] Suppress empty tag names in output of array2xml (Markus Hoelzle) 2013-10-16 b218036 #52823 [BUGFIX] Preserve vendor name in refering request (Thomas Maroschik) 2013-10-16 88cc508 [BUGFIX] Follow-Up: Fatal error due to missing use statement (Sascha Egerer) 2013-10-15 1761850 #52845 [BUGFIX] Moving folders fails (Oliver Hader) 2013-10-15 be9b7c7 #50802 [BUGFIX] Only load folder contents if folder is initialised (Frans Saris) 2013-10-15 ce693d8 #52824 [BUGFIX] Superfluous usage of ObjectManagerException (Oliver Hader) 2013-10-15 8be996a #51707 [FEATURE] Add getValidators to AbstractCompositeValidator (Stefan Froemken) 2013-10-15 992e4ef #52771 [BUGFIX] Use callback in preg_replace in RemoveXSS (Jigal van Hemert) 2013-10-14 50942c2 #52773 [BUGFIX] Detect unix-styled absolute paths on Windows systems (Nicole Cordes) 2013-10-13 2889f13 #52759 [BUGFIX] Object passed to date() (Xavier Perseguers) 2013-10-12 f4f2756 #52731 [TASK] Use 6.1 branch in travis-integration for travis (Christian Kuhn) 2013-10-12 d68c114 #52728 [BUGFIX] Use BackendUtility use statement (Anja Leichsenring) 2013-10-12 33d4415 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-12 e3d02ef #52715 [BUGFIX] Prevent empty newline below scheduler-task-name (Stefan Neufeind) 2013-10-11 a3f8dfe #52708 [BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes (Alexander Schnitzler) 2013-10-11 9b4462b #50912 [BUGFIX] BackendUtility::viewOnClick() called with non-integer (Oliver Hader) 2013-10-11 d910b2b #51051 [BUGFIX] Clear_cache() must not consider page ids lower than 0 (Oliver Hader) 2013-10-11 1483967 #37611 [BUGFIX] Select available page when changing WS (Thorsten Kahler) 2013-10-11 f4e1b0e #52636 [BUGFIX] Copy records to target page before origin page is deleted (Timo Webler) 2013-10-11 ed4e368 #17551 [BUGFIX] Create workspace placeholder with processed field content (Sascha Egerer) 2013-10-11 6f47aa5 #36573 [BUGFIX] Add workspace overlay for fetched records. (Timo Webler) 2013-10-11 d6b57e8 #37209 [BUGFIX] WS preview shows pages changes from all WS (Thorsten Kahler) 2013-10-11 fcad15e #52530 [BUGFIX] Delete modified record in WS just deletes WS version (Sascha Egerer) 2013-10-11 3ac3429 #37065 [BUGFIX] Don't show duplicates in workspace preview (Timo Webler) 2013-10-10 394d12e #52178 [BUGFIX] Cannot upload an extension as zip (Xavier Perseguers) 2013-10-07 8f1afaf #49538 [BUGFIX] Fields of type file_reference are not properly indexed (Martin Borer) 2013-10-07 98625ae #52546 [BUGFIX] Missing closing tag in ElementBrowser (Philipp Gampe) 2013-10-05 dc5b2f1 #52469 [TASK] Use instanceof comparison instead of string comparison (Benjamin Serfhos) 2013-09-30 6b2512a #43540 [BUGFIX] TS is fetched from cache incorrectly sometimes (Dmitry Dulepov) 2013-09-28 3a3edf1 #48809,#51730, [BUGFIX] Fix wrong handling of php and TYPO3 dependencies (Susanne Moog) 2013-09-28 9535891 #51329 [BUGFIX] Initialize extension name in command requests (Alexander Stehlik) 2013-09-27 06723a0 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 219c381 #51588 [BUGFIX] Clear cached menu by tag (Zbigniew Jacko) 2013-09-27 b41847a #50437 [BUGFIX] Fix jumpToUrl()-Usage in Element Browser (Benjamin Pick) 2013-09-26 6bdc8ad #52091,#51684 [BUGFIX] Check for string before using strlen (Kilian Hann) 2013-09-26 9be6739 #52266 [BUGFIX] groupFor-VH does not work with @lazy (Stefan Froemken) 2013-09-26 d3bf620 #50913 [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier) 2013-09-26 993dd5d #52316 [BUGFIX] Fatal in DefaultConfiguration (Christian Kuhn) 2013-09-26 bb94fe0 #52305 [BUGFIX] Configure main extbase caches for unlimited entry lifetime (Christian Kuhn) 2013-09-26 52ff400 #52295 [TASK] Use SimpleFileBackend for t3lib_l10n cache (Christian Kuhn) 2013-09-25 f0fe1c4 #52226 [BUGFIX] EM does not link to docs.typo3.org (Xavier Perseguers) 2013-09-25 db5fb24 #51116 [BUGFIX] Increase performance of exports for caches (Markus Klein) 2013-09-25 28ee210 #52243 [BUGFIX] Remove duplicate exception code (Fabien Udriot) 2013-09-24 3f53e6b #52173 [BUGFIX] Correct storage selection (common prefixes) (Ernesto Baschny) 2013-09-24 1d17a21 #52201 [BUGFIX] Fix broken Unit-test for #44825 (Wouter Wolters) 2013-09-23 ae9b606 #44825 [BUGFIX] Fix page.headerData + USER_INT (Helmut Hummel) 2013-09-20 7d08d29 #48912 [BUGFIX] Increase length of identifier field in sys_file (Nicole Cordes) 2013-09-20 e0600ed #52056 [BUGFIX] Wrong exception on renaming folder (Francois Suter) 2013-09-19 9423c2c #49328 [BUGFIX] Fix PHP warning when writing to Backend user log (Alexander Stehlik) 2013-09-17 fd534b6 #45859 [BUGFIX] Faulty expand/collapse behavior in Element Browser (Oliver Hader) 2013-09-17 ce68bcd #19045 [BUGFIX] Fix cropping of transparent gifs with im6. (Stefan Neufeind) 2013-09-17 fb5bbbf #50907 [BUGFIX] Form Wizard: Adds mouse pointer to docheader icons (Ernesto Baschny) 2013-09-13 0fe373b #51981 [BUGFIX] Also consider JPEG files for IM/GM (Markus Klein) 2013-09-12 b0c54dc #51803 [TASK] Use a 401 header if login is not successful (Georg Ringer) 2013-09-12 7169032 #47744 [BUGFIX] Replace SHOW DATABASE by query to schema (Alexander Opitz) 2013-09-12 ddf74b0 #51891 [BUGFIX] Call to undefined method setTemplateFile (Wouter Wolters) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:22:20 UTC 2013 Modified Files: pkgsrc/www/typo3_61: Makefile distinfo Log Message: Update typo3_61 package to 6.1.7 (TYPO3 6.1.7). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ 2013-12-10 afbadea [RELEASE] Release of TYPO3 6.1.7 (TYPO3 Release Team) 2013-12-10 7481971 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 cb8db28 #42772 [SECURITY] XSS in colorpicker wizard (Marcus Krause) 2013-12-10 2d29894 #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 dca9c88 #48691 [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs) 2013-12-10 450e5d3 #41714 [SECURITY] Information Disclosure in Wizards (Helmut Hummel) 2013-12-10 7e7f9e3 #54099 [SECURITY] Fix open redirection in openid extension (Helmut Hummel) 2013-12-10 ad11945 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 18e0491 #47086 [SECURITY] XSS in beuser VH (Anja Leichsenring) 2013-12-10 cbbeefd #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 163947a #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter) 2013-12-02 d21a628 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 e538020 #54117 [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind) 2013-11-29 3a66a0e #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
2013-12-16	Pullup ticket #4271 - requested by taca	tron	4	-10/+28
	www/typo3_60: security update Revisions pulled up: - www/typo3_60/MESSAGE 1.1 - www/typo3_60/Makefile 1.6-1.7 - www/typo3_60/PLIST 1.6 - www/typo3_60/distinfo 1.6-1.7 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:44:04 UTC 2013 Modified Files: pkgsrc/www/typo3_60: Makefile PLIST distinfo Added Files: pkgsrc/www/typo3_60: MESSAGE Log Message: Update typo60 to 6.0.11 (TYPO3 6.0.11). Also add MESSAGE file. 2013-11-26 5e5f1d2 [RELEASE] Release of TYPO3 6.0.11 (TYPO3 Release Team) 2013-11-26 762cb0a #53918 [BUGFIX] t3skin calls addIconSprite for each lang (Michiel Roos) 2013-11-24 96944c0 #15958 [BUGFIX] Reload list module on clickmenu action (Bernhard Kraft) 2013-11-21 9e2a0a1 #53802 [BUGFIX] Fix moving/copying files and folders between storages (Frans Saris) 2013-11-21 487903a #53844 [BUGFIX] Fix regression in ResourceCompressor (Markus Klein) 2013-11-20 aed68c8 #53243 [BUGFIX] Filemtime / Filesize trigger warning (Tomita Militaru) 2013-11-20 2857828 #53458 [BUGFIX] Fluid paginate widget wrong number of links (Klaas Johan Kooistra) 2013-11-19 3d6f5be #53773 [BUGFIX] Fix JS error in lang module (Markus Klein) 2013-11-19 ea58bd5 #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-19 055e6a5 #34544 [BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action (Ralf Hettinger) 2013-11-19 6c6582a #51998 [BUGFIX] ExtDirect StateProvider should store all settings (Johannes Feustel) 2013-11-19 9a5858d #53746 [TASK] Optimization in AbstractViewHelper (Wouter Wolters) 2013-11-18 464a804 #53707 [BUGFIX] Rename hook in VariableFrontend.php (Nicole Cordes) 2013-11-18 ad98c0a #53711 [BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc (Markus Klein) 2013-11-15 d33b4eb Revert "[BUGFIX] EM: Fetch list as html, not as json" (Helmut Hummel) 2013-11-14 ecd873f #45724 [BUGFIX] FILES.folder does not work (Stefan Froemken) 2013-11-14 2fef8ad #51234 [BUGFIX] Move beuser property mappings to global scope (Philipp Gampe) 2013-11-14 c9c7551 #17493 [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind) 2013-11-13 c372d65 #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Georg Ringer) 2013-11-13 e6b77d8 #51918 [BUGFIX] Native date and datetime values do not consider timezone (Oliver Hader) 2013-11-12 0e4f15a #52926 [BUGFIX] Compressor resolves dots in filenames correctly (Christian Kuhn) 2013-11-12 6163c42 #53115 [BUGFIX] T3editor: Make errors/exceptions show correctly (Stefan Neufeind) 2013-11-12 4435311 #22136 [BUGFIX] Fix menu popup for all IE versions (Alexander Opitz) 2013-11-12 53a5a1a #52934 [BUGFIX] dataTables: Avoid sending cookie-data too often (Stefan Neufeind) 2013-11-12 94c4d70 #53399 [BUGFIX] Wrong usage-text for cli_dispatch (Tomita Militaru) 2013-11-12 f113773 #52904 [BUGFIX] Evaluator in JS fails with namespaces (Stefan Aebischer) 2013-11-12 9678fc6 #53538 [BUGFIX] Make be.buttons.icon-ViewHelper extensible (Stefan Neufeind) 2013-11-11 e9bc5e1 #52727 [TASK] Hard-coded labels in file collections (Tomita Militaru) 2013-11-11 bc9a847 #37948 [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar) 2013-11-11 a8f0d86 #53423 [BUGFIX] EM: Fetch list as html, not as json (Stefan Neufeind) 2013-11-11 6f4ae27 #48809,#51730, [BUGFIX] Fix wrong handling of php and TYPO3 dependencies (Susanne Moog) 2013-11-10 907d5b1 #52173 [BUGFIX] Correct storage selection (follow-up) (Ernesto Baschny) 2013-11-09 b7a6f48 #53477 [TASK] Fix superfluous strlen() on constant strings (Steffen Ritter) 2013-11-09 58f1fa5 #47040 [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Froemken) 2013-11-09 cb14179 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-11-08 c3773a4 #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Tomita Militaru) 2013-10-23 648018e #31572 [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche) 2013-10-18 8c21be4 #35073 [BUGFIX] Enable BE search for multiple mountpoints (Georg Ringer) 2013-10-17 fe876a8 #52931 [TASK] Exclude central Modernizr from concatenation (Stefan Neufeind) 2013-10-16 04e4a4b #52529 [BUGFIX] Suppress empty tag names in output of array2xml (Markus Hoelzle) 2013-10-16 ac2b59e #52823 [BUGFIX] Preserve vendor name in refering request (Thomas Maroschik) 2013-10-15 693b575 #52845 [BUGFIX] Moving folders fails (Oliver Hader) 2013-10-15 85d0653 #50802 [BUGFIX] Only load folder contents if folder is initialised (Frans Saris) 2013-10-15 38958f0 #52824 [BUGFIX] Superfluous usage of ObjectManagerException (Oliver Hader) 2013-10-15 4ba140a #51707 [FEATURE] Add getValidators to AbstractCompositeValidator (Stefan Froemken) 2013-10-15 1156074 #52771 [BUGFIX] Use callback in preg_replace in RemoveXSS (Jigal van Hemert) 2013-10-14 c577f9e #52773 [BUGFIX] Detect unix-styled absolute paths on Windows systems (Nicole Cordes) 2013-10-13 6cc1f7a #52759 [BUGFIX] Object passed to date() (Xavier Perseguers) 2013-10-12 f272d54 #52731 [TASK] Use 6.1 branch in travis-integration for travis (Christian Kuhn) 2013-10-12 6cbf164 #52728 [BUGFIX] Use BackendUtility use statement (Anja Leichsenring) 2013-10-12 13c6602 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-12 23b8d11 #52715 [BUGFIX] Prevent empty newline below scheduler-task-name (Stefan Neufeind) 2013-10-11 a909546 #52708 [BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes (Alexander Schnitzler) 2013-10-11 5faa4da #50912 [BUGFIX] BackendUtility::viewOnClick() called with non-integer (Oliver Hader) 2013-10-11 13c5bf9 #51051 [BUGFIX] Clear_cache() must not consider page ids lower than 0 (Oliver Hader) 2013-10-11 17fe304 #37611 [BUGFIX] Select available page when changing WS (Thorsten Kahler) 2013-10-11 e30b70b #52636 [BUGFIX] Copy records to target page before origin page is deleted (Timo Webler) 2013-10-11 db7d3e5 #17551 [BUGFIX] Create workspace placeholder with processed field content (Sascha Egerer) 2013-10-11 660e030 #36573 [BUGFIX] Add workspace overlay for fetched records. (Timo Webler) 2013-10-11 7c837df #37209 [BUGFIX] WS preview shows pages changes from all WS (Thorsten Kahler) 2013-10-11 5aeddac #52530 [BUGFIX] Delete modified record in WS just deletes WS version (Sascha Egerer) 2013-10-11 f561b99 #37065 [BUGFIX] Don't show duplicates in workspace preview (Timo Webler) 2013-10-10 b4b0b0e #52178 [BUGFIX] Cannot upload an extension as zip (Xavier Perseguers) 2013-10-07 31e44bd #46845 [BUGFIX] Fix namespace in FileMountRepositoryTest (Marc Bastian Heinrichs) 2013-10-07 a7da230 #49538 [BUGFIX] Fields of type file_reference are not properly indexed (Martin Borer) 2013-10-07 388c02d #52546 [BUGFIX] Missing closing tag in ElementBrowser (Philipp Gampe) 2013-10-06 30d93b4 #50756 [FEATURE] Backport ClassNamingUtility (Stefan Neufeind) 2013-10-05 d6a8e68 #52469 [TASK] Use instanceof comparison instead of string comparison (Benjamin Serfhos) 2013-09-30 8e1ea88 #43540 [BUGFIX] TS is fetched from cache incorrectly sometimes (Dmitry Dulepov) 2013-09-28 a2532bb #51329 [BUGFIX] Initialize extension name in command requests (Alexander Stehlik) 2013-09-28 7144eb5 #52346 [BUGFIX] Incomplete backup in AbstractUserAuthenticationTest (Christian Kuhn) 2013-09-27 9c200ea #52091,#51684 [BUGFIX] Check for string before using strlen (Kilian Hann) 2013-09-27 128d147 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 9fa9f15 #51588 [BUGFIX] Clear cached menu by tag (Zbigniew Jacko) 2013-09-27 30af6a5 #50437 [BUGFIX] Fix jumpToUrl()-Usage in Element Browser (Benjamin Pick) 2013-09-26 77c69e7 #52266 [BUGFIX] groupFor-VH does not work with @lazy (Stefan Froemken) 2013-09-26 3f0cc99 #50913 [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier) 2013-09-26 919541b #52316 [BUGFIX] Fatal in DefaultConfiguration (Christian Kuhn) 2013-09-26 0deefa0 #52305 [BUGFIX] Configure main extbase caches for unlimited entry lifetime (Christian Kuhn) 2013-09-26 d00db27 #52295 [TASK] Use SimpleFileBackend for t3lib_l10n cache (Christian Kuhn) 2013-09-25 d01851c #52226 [BUGFIX] EM does not link to docs.typo3.org (Xavier Perseguers) 2013-09-25 68bb292 #51116 [BUGFIX] Increase performance of exports for caches (Markus Klein) 2013-09-25 3f8cd14 #52243 [BUGFIX] Remove duplicate exception code (Fabien Udriot) 2013-09-24 7151ce0 #52173 [BUGFIX] Correct storage selection (common prefixes) (Ernesto Baschny) 2013-09-24 0a80fb6 #52201 [BUGFIX] Fix broken Unit-test for #44825 (Wouter Wolters) 2013-09-23 be4627f #44825 [BUGFIX] Fix page.headerData + USER_INT (Helmut Hummel) 2013-09-20 580a576 #48912 [BUGFIX] Increase length of identifier field in sys_file (Nicole Cordes) 2013-09-20 cb6bf25 #52056 [BUGFIX] Wrong exception on renaming folder (Francois Suter) 2013-09-19 cdba66b #49328 [BUGFIX] Fix PHP warning when writing to Backend user log (Alexander Stehlik) 2013-09-17 23e6007 #45859 [BUGFIX] Faulty expand/collapse behavior in Element Browser (Oliver Hader) 2013-09-17 c79315a #19045 [BUGFIX] Fix cropping of transparent gifs with im6. (Stefan Neufeind) 2013-09-17 aa4ab27 #50907 [BUGFIX] Form Wizard: Adds mouse pointer to docheader icons (Ernesto Baschny) 2013-09-13 22ee660 #51981 [BUGFIX] Also consider JPEG files for IM/GM (Markus Klein) 2013-09-12 40cb0a4 #51803 [TASK] Use a 401 header if login is not successful (Georg Ringer) 2013-09-12 903046f #51891 [BUGFIX] Call to undefined method setTemplateFile (Wouter Wolters) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:21:30 UTC 2013 Modified Files: pkgsrc/www/typo3_60: Makefile distinfo Log Message: Update typo3_60 package to 6.0.12 (TYPO3 6.0.12). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ 2013-12-10 55ea17b [RELEASE] Release of TYPO3 6.0.12 (TYPO3 Release Team) 2013-12-10 c703d1d #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 0f1e28b #42772 [SECURITY] XSS in colorpicker wizard (Marcus Krause) 2013-12-10 1cbe889 #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 79f6850 #48691 [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs) 2013-12-10 b22cbce #41714 [SECURITY] Information Disclosure in Wizards (Helmut Hummel) 2013-12-10 e4134ae #54099 [SECURITY] Fix open redirection in openid extension (Helmut Hummel) 2013-12-10 2fb0277 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Anja Leichsenring) 2013-12-10 bd6095f #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 872cf3d #47086 [SECURITY] XSS in beuser VH (Anja Leichsenring) 2013-12-10 cb55c53 #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 578cc80 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter) 2013-12-02 9757d0c #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 5bf7430 #54117 [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind) 2013-11-29 30e1f41 #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
2013-12-16	Pullup ticket #4270 - requested by taca	tron	4	-10/+26
	www/typo3_47: security update Revisions pulled up: - www/typo3_47/MESSAGE 1.1 - www/typo3_47/Makefile 1.19-1.20 - www/typo3_47/PLIST 1.10 - www/typo3_47/distinfo 1.14-1.15 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:42:21 UTC 2013 Modified Files: pkgsrc/www/typo3_47: Makefile distinfo Added Files: pkgsrc/www/typo3_47: MESSAGE Log Message: Update typo347 to 4.7.16 (TYPO3 4.7.16). 2013-11-26 95a730f [RELEASE] Release of TYPO3 4.7.16 (TYPO3 Release Team) 2013-11-19 5975854 #53758 [BUGFIX] Table cache_imagesizes is defined twice (Michiel Roos) 2013-11-19 7d0a241 #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-11 90f4945 #31998 [BUGFIX] Faulty check for missing SMTP port (Stefan Neufeind) 2013-11-11 f328884 #47040 [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Neufeind) 2013-11-09 2c82f33 #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Stefan Neufeind) 2013-11-09 d683693 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-10-28 37c4f0b #53075 [BUGFIX] Cannot auto-load SC_* classes (Ernesto Baschny) 2013-10-23 ceba809 #31572 [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche) 2013-10-23 f8f155e #43540 [BUGFIX] TS is fetched from cache incorrectly sometimes (Jigal van Hemert) 2013-10-22 2ce69d2 #50881 [TASK] Added missing core autoloaded files (Ernesto Baschny) 2013-10-13 d361b29 #52759 [BUGFIX] Object passed to date() (Philipp Gampe) 2013-10-12 3699866 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-11 073dd57 #36573 [BUGFIX] Add workspace overlay for fetched records. (Anja Leichsenring) 2013-10-06 f26f2f1 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 fda9783 #52091,#51684 [BUGFIX] Check for string before using strlen (Markus Klein) 2013-09-26 9673d7e #50913 [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier) 2013-09-26 e06f05a #34886 [BUGFIX] CF FileBackend unlimited lifetime support (Dominique Feyer) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:20:03 UTC 2013 Modified Files: pkgsrc/www/typo3_47: Makefile PLIST distinfo Log Message: Update typo3_47 package to 4.7.17 (TYPO3 4.7.17). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ - Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous commit. 2013-12-10 9e378dd [RELEASE] Release of TYPO3 4.7.17 (TYPO3 Release Team) 2013-12-10 efa9e0b #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 d207548 #42772 [SECURITY] XSS in colorpicker wizard (Anja Leichsenring) 2013-12-10 92712d6 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 573f720 #20811 [SECURITY] XSS vulnerability in extension manager (Marcus Krause) 2013-12-10 b7eac59 #41714 [SECURITY] Information Disclosure in Wizards (Anja Leichsenring) 2013-12-10 319a06c #54099 [SECURITY] Fix open redirection in openid extension (Anja Leichsenring) 2013-12-10 834afa5 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter) 2013-12-10 aa08f14 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 f3b5a6a #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 0bc4fc4 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause) 2013-12-02 c400e94 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 124a913 #54120 Revert "[BUGFIX] Object passed to date()" (Markus Klein) 2013-12-01 3f2e971 Revert "[BUGFIX] Distinguish unassigend columns and colPos 0" (Steffen Ritter) 2013-11-29 a7dbbbf #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn) 2013-11-26 542bd7d #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)
2013-12-16	Pullup ticket #4269 - requested by taca	tron	19	-145/+185
	lang/php53: security update lang/php54: security update lang/php55: security update Revisions pulled up: - lang/php/phpversion.mk 1.46-1.52 - lang/php53/Makefile 1.44-1.45 - lang/php53/Makefile.php 1.38 - lang/php53/distinfo 1.69-1.70 - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1 - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1 - lang/php53/patches/patch-ext_openssl_openssl.c deleted - lang/php54/Makefile 1.15-1.16 - lang/php54/distinfo 1.28-1.31 - lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1 - lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1 - lang/php55/Makefile 1.6-1.7 - lang/php55/PLIST 1.2 - lang/php55/distinfo 1.7-1.12 - lang/php55/patches/patch-configure 1.3 - lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1 - lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1 - lang/php55/patches/patch-ext_opcache_config.m4 1.1 - lang/php55/patches/patch-ext_sockets_sockaddr__conv.c 1.1 - lang/php55/patches/patch-sockaddr__conv.c deleted - net/php-sockets/Makefile 1.12 --- Module Name: pkgsrc Committed By: joerg Date: Tue Oct 15 14:43:51 UTC 2013 Modified Files: pkgsrc/lang/php55: distinfo Added Files: pkgsrc/lang/php55/patches: patch-sockaddr__conv.c Log Message: Add patch that would fix the build of net/php-sockets for PHP 5.5, if I knew how to get it applied. --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 15 15:46:37 UTC 2013 Modified Files: pkgsrc/lang/php55: distinfo pkgsrc/net/php-sockets: Makefile Added Files: pkgsrc/lang/php55/patches: patch-ext_sockets_sockaddr__conv.c Removed Files: pkgsrc/lang/php55/patches: patch-sockaddr__conv.c Log Message: Fix php-socket with php55. - Use USE_PHP_EXT_PATCHES in net/php-sockets. - Make AI_V4MAPPED noop if platform dosen't have it. It is poor assumption that AI_V4MAPPED is always defined and V4 mapped address is always available. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 12:25:12 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: distinfo Log Message: Update php54 to 5.4.21 (PHP 5.4.21). 17 Oct 2013, PHP 5.4.21 - Core: . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) - Datetime: . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message). (Boro Sitnikovski) - DBA extension: . Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write). (Adam) - Filter: . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). (Syra) - IMAP: . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap). (ryotakatsuki at gmail dot com) - Standard: . Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) - Build system: . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike) --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:49:08 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: distinfo pkgsrc/lang/php55/patches: patch-configure Added Files: pkgsrc/lang/php55/patches: patch-ext_opcache_config.m4 Log Message: Update php55 to 5.5.5. 17 Oct 2013, PHP 5.5.5 - Core: . Fixed bug #64979 (Wrong behavior of static variables in closure generators). (Nikita) . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) . Fixed bug #65821 (By-ref foreach on property access of string offset segfaults). (Nikita) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). (Felipe) . Added application/pdf to PHP CLI Web Server mime types (Chris Jones) - Datetime: . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message). (Boro Sitnikovski) . Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime). (Boro Sitnikovski) . Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work). (Boro Sitnikovski) - DBA extension: . Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write). (Adam) - Filter: . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). (Syra) - FTP: . Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter) - GD . Ensure that the defined interpolation method is used with the generic scaling methods. (Pierre) - IMAP: . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap). (ryotakatsuki at gmail dot com) - OPcache: . Added support for GNU Hurd. (Svante Signell) . Added function opcache_compile_file() to load PHP scripts into cache without execution. (Julien) . Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled). (Dmitry) . Fixed bug #65665 (Exception not properly caught when opcache enabled). (Laruence) . Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry) . Fixed issue #135 (segfault in interned strings if initial memory is too low). (Julien) - Sockets: . Fixed bug #65808 (the socket_connect() won't work with IPv6 address). (Mike) - SPL: . Fix bug #64782 (SplFileObject constructor make $context optional / give it a default value). (Nikita) - Standard: . Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) - XMLReader: . Fixed bug #51936 (Crash with clone XMLReader). (Mike) . Fixed bug #64230 (XMLReader does not suppress errors). (Mike) - Build system: . Fixed bug #51076 (race condition in shtool's mkdir -p implementation). (Mike, Raphael Geissert) . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike) --- Module Name: pkgsrc Committed By: taca Date: Fri Nov 15 16:33:14 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: PLIST distinfo Log Message: Update php55 package to 5.5.6. 14 Nov 2013, PHP 5.5.6 - Core: . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) . Improved performance of array_merge() and func_get_args() by eliminating useless copying. (Dmitry) . Fixed bug #65939 (Space before ";" breaks php.ini parsing). (brainstorm at nopcode dot org) . Fixed bug #65911 (scope resolution operator - strange behavior with $this). (Bob Weinand) . Fixed bug #65936 (dangling context pointer causes crash). (Tony) - FPM: . Changed default listen() backlog to 65535. (Tony) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - OPcache . Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris) . Fixed issue #115 (path issue when using phar). (Dmitry) . Fixed issue #149 (Phar mount points not working with OPcache enabled). (Dmitry) - ODBC . Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) - PDO: . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception). (Laruence) . Fixed bug 65946 (sql_parser permanently converts values bound to strings) - Standard: . Fixed bug #64760 (var_export() does not use full precision for floating-point numbers) (Yasuo) --- Module Name: pkgsrc Committed By: taca Date: Sat Nov 16 09:45:26 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: distinfo Log Message: Update php54 to 5.4.22. Version 5.4.22 14-Nov-2013 * Core: - Fixed bug #65911 (scope resolution operator - strange behavior with $this). CLI server: - Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). * Exif: - Fixed crash on unknown encoding. * FTP: - Fixed bug #65667 (ftp_nb_continue produces segfault). * ODBC: - Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). * Sockets: - Fixed bug #65808 (the socket_connect() won't work with IPv6 address). * Standard: - Fixed bug #64760 (var_export() does not use full precision for floating-point numbers). * XMLReader: - Fixed bug #51936 (Crash with clone XMLReader). - Fixed bug #64230 (XMLReader does not suppress errors). --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:16:40 UTC 2013 Modified Files: pkgsrc/lang/php53: Makefile distinfo Added Files: pkgsrc/lang/php53/patches: patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:17:15 UTC 2013 Modified Files: pkgsrc/lang/php54: Makefile distinfo Added Files: pkgsrc/lang/php54/patches: patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:17:48 UTC 2013 Modified Files: pkgsrc/lang/php55: Makefile distinfo Added Files: pkgsrc/lang/php55/patches: patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 13 15:30:35 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php53: Makefile Makefile.php distinfo Removed Files: pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c Log Message: Update php53 to 5.3.28 (PHP 5.3.28). 12 Dec 2013, PHP 5.3.28 - Openssl: . Fixed handling null bytes in subjectAltName (CVE-2013-4073). (Christian Heimes) . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 13 15:32:21 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: Makefile distinfo Log Message: Update php54 to 5.4.23 (PHP 5.4.23). 28 Nov 2013, PHP 5.4.23 - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) - JSON . Fixed whitespace part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly"). (Andrea Faulds) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - mysqlnd: . Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i'). (Andrey) . Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query). (Andrey) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - PDO . Fixed bug 65946 (sql_parser permanently converts values bound to strings) --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 13 15:33:22 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: Makefile distinfo Log Message: Update php55 to 5.5.7 (PHP 5.5.7). 12 Dec 2013, PHP 5.5.7 - CLI server: . Added some MIME types to the CLI web server (Chris Jones) . Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers() (Andrea Faulds) - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) - OPCache . Fixed bug #66176 (Invalid constant substitution). (Dmitry) . Fixed bug #65915 (Inconsistent results with require return value). (Dmitry) . Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - readline . Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
2013-12-16	Pullup ticket #4267 - requested by taca	tron	3	-2/+41
	textproc/icu: security patch Revisions pulled up: - textproc/icu/Makefile patch - textproc/icu/distinfo patch - textproc/icu/patches/patch-i18n_csrucode.cpp patch --- Apply patch to fix the security vulnerability reported in CVE-2013-2924.
2013-12-11	Pullup ticket #4268.	tron	1	-1/+3

2013-12-11	Pullup ticket #4268 - requested by obache	tron	2	-6/+6
	multimedia/adobe-flash-plugin11: security update Revisions pulled up: - multimedia/adobe-flash-plugin11/Makefile 1.21 - multimedia/adobe-flash-plugin11/distinfo 1.20 --- Module Name: pkgsrc Committed By: obache Date: Wed Dec 11 10:40:42 UTC 2013 Modified Files: pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo Log Message: Update adobe-flash-plugin11 to 11.2.202.332 for APSB13-28.
2013-12-09	Pullup ticket #4266.	tron	1	-1/+10

2013-12-09	Pullup ticket #4266 - requested by taca	tron	9	-34/+34
	databases/ruby-activerecord32: security update devel/ruby-activemodel32: security update devel/ruby-activesupport32: security update devel/ruby-railties32: security update mail/ruby-actionmailer32: security update www/ruby-actionpack32: security update www/ruby-activeresource32: security update www/ruby-rails32: security update Revisions pulled up: - databases/ruby-activerecord32/distinfo 1.14 - devel/ruby-activemodel32/distinfo 1.14 - devel/ruby-activesupport32/distinfo 1.14 - devel/ruby-railties32/distinfo 1.14 - lang/ruby/rails.mk 1.46 - mail/ruby-actionmailer32/distinfo 1.14 - www/ruby-actionpack32/distinfo 1.14 - www/ruby-activeresource32/distinfo 1.14 - www/ruby-rails32/distinfo 1.14 --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:41:48 UTC 2013 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: Start update of Ruby on Rails 3.2.16. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:42:52 UTC 2013 Modified Files: pkgsrc/devel/ruby-activesupport32: distinfo Log Message: Update ruby-activesupport32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:43:29 UTC 2013 Modified Files: pkgsrc/devel/ruby-activemodel32: distinfo Log Message: Update ruby-activemodel32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:44:05 UTC 2013 Modified Files: pkgsrc/databases/ruby-activerecord32: distinfo Log Message: ruby-activerecord32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:44:42 UTC 2013 Modified Files: pkgsrc/www/ruby-activeresource32: distinfo Log Message: Update ruby-activeresource32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:45:38 UTC 2013 Modified Files: pkgsrc/www/ruby-actionpack32: distinfo Log Message: Update ruby-actionpack32 to 3.2.16, security update. * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417 * Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491 * Escape the unit value provided to number_to_currency Fixes CVE-2013-6415 * Only use valid mime type symbols as cache keys CVE-2013-6414 --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:46:15 UTC 2013 Modified Files: pkgsrc/mail/ruby-actionmailer32: distinfo Log Message: Update ruby-actionmailer32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:46:48 UTC 2013 Modified Files: pkgsrc/devel/ruby-railties32: distinfo Log Message: Update ruby-railties32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:47:17 UTC 2013 Modified Files: pkgsrc/www/ruby-rails32: distinfo Log Message: Update ruby-rails32 to 3.2.16. Only version number has updated.
2013-12-08	Pullup tickets #4264 and #4265.	tron	1	-1/+3

2013-12-08	Pullup tickets #4264 and #4265.	tron	1	-1/+3

2013-12-08	Pullup ticket #4265 - requested by taca	tron	3	-7/+12
	mail/dovecot2: security update Revisions pulled up: - mail/dovecot2/Makefile 1.51,1.53 via patch - mail/dovecot2/PLIST 1.28-1.29 - mail/dovecot2/distinfo 1.39-1.40 --- Module Name: pkgsrc Committed By: adam Date: Tue Oct 8 13:52:47 UTC 2013 Modified Files: pkgsrc/mail/dovecot2: Makefile PLIST distinfo Log Message: Changes 2.2.6: * acl: If public/shared namespace has a shared subscriptions file for all users, don't list subscription entries that are not visible to the user accessing it. + doveadm: Added "auth lookup" command for doing passdb lookup. + login_log_format_elements: Added %{orig_user}, %{orig_username} and %{orig_domain} expanding to the username exactly as sent by the client (before any changes auth process made). + Added ssl_prefer_server_ciphers setting. + auth_verbose_passwords: Log the password also for unknown users. + Linux: Added optional support for SO_REUSEPORT with inet_listener { reuse_port=yes } - director: v2.2.5 changes caused "SYNC lost" errors - dsync: Many fixes and error handling improvements - doveadm -A: Don't waste CPU by doing a separate config lookup for each user - Long-running ssl-params process no longer prevents Dovecot restart - mbox: Fixed mailbox_list_index=yes to work correctly --- Module Name: pkgsrc Committed By: adam Date: Wed Nov 6 14:20:58 UTC 2013 Modified Files: pkgsrc/mail/dovecot2: Makefile PLIST distinfo Log Message: Changes 2.2.7: * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords (see 10-logging.conf comment) + mdbox: Added "mdbox_deleted" storage, which can be used to access messages with refcount=0. For example: doveadm import mdbox_deleted:~/mdbox "" mailbox inbox subject oops + ssl-params: Added ssl_dh_parameters_length setting. - master process was doing a hostname.domain lookup for each created process, which may have caused a lot of unnecessary DNS lookups. - dsync: Syncing over 100 messages at once caused problems in some situations, causing messages to get new UIDs. - fts-solr: Different Solr hosts for different users didn't work.
2013-12-08	Pullup ticket #4264 - requested by taca	tron	2	-6/+6
	net/samba: security update Revisions pulled up: - net/samba/Makefile 1.239-1.240 - net/samba/distinfo 1.94-1.95 --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 9 14:46:35 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Update samba to 3.6.19. Changes since 3.6.18: --------------------- o Jeremy Allison <jra@samba.org> * BUG 5917: Make Samba work on site with Read Only Domain Controlle= r. o Christian Ambach <ambi@samba.org> * BUG 8955: NetrServerPasswordSet2 timeout is too short. o G=FCnther Deschner <gd@samba.org> * BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat(). * BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat(). * BUG 10127: Fix 'smbstatus' as non-root user. o Volker Lendecke <vl@samba.org> * BUG 8955: Give machine password changes 10 minutes of time. * BUG 10106: Honour output buffer length set by the client for SMB2= GetInfo requests. * BUG 10114: Handle Dropbox (write-only-directory) case correctly i= n pathname lookup. o Karolin Seeger <kseeger@samba.org> * BUG 10076: Fix variable list in man vfs_crossrename. o Andreas Schneider <asn@samba.org> * BUG 9994: s3-winbind: Do not delete an existing valid credential = cache. * BUG 10073: 'net ads join': Fix segmentation fault in create_local_private_krb5_conf_for_domain. o Richard Sharpe <realrichardsharpe@gmail.com> * BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals h= anded out by Samba. --- Module Name: pkgsrc Committed By: adam Date: Tue Nov 12 11:30:01 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Changes 3.6.20: These are security releases in order to address CVE-2013-4475 (ACLs are= not checked on opening an alternate data stream on a file or directory= ) and CVE-2013-4476 (Private key in key.pem world readable).
2013-12-05	Pullup ticket #4263	schnoebe	1	-1/+5

2013-12-05	pullup to pkgsrc-2013Q3, resolves ticket #4263	schnoebe	6	-117/+113
	Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 ) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. ) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". ) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. ) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. ) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. ) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. ) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. ) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. ) Bugfix: in error handling in ngx_http_gunzip_filter_module. ) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. ) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 ) Feature: the "fastcgi_buffering" directive. ) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. ) Feature: optimization of SSL handshakes when using long certificate chains. ) Feature: the mail proxy supports SMTP pipelining. ) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. ) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. ) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. ) Bugfix: in the mail proxy server. ) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 ) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. ) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. ) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. ) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. ) Bugfix: the $request_time variable did not work in nginx/Windows. ) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. ) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 ) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. ) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. ) Feature: the ngx_http_auth_request_module. ) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. ) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. ) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. ) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. ) Bugfix: in the ngx_http_autoindex_module. ) Bugfix: in the ngx_http_spdy_module.
2013-12-05	pull-up to pkgsrc-2013Q3, ticket #4264	schnoebe	2	-7/+6
	Updated to nginx 1.4.4 Changes with nginx 1.4.4 19 Nov 2013 ) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. Changes with nginx 1.4.3 08 Oct 2013 ) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used with the "client_body_in_file_only" directive. ) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. ) Bugfix: the $request_time variable did not work in nginx/Windows. ) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. ) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the mail proxy server.
2013-12-05	Pullup ticket #4262.	tron	1	-1/+3

2013-12-05	Pullup ticket #4262 - requested by taca	tron	17	-93/+112
	security/openssh: security update Revisions pulled up: - security/openssh/Makefile 1.214 - security/openssh/distinfo 1.85 - security/openssh/options.mk 1.26 - security/openssh/patches/patch-Makefile.in 1.2 - security/openssh/patches/patch-auth.c 1.2 - security/openssh/patches/patch-auth1.c 1.2 - security/openssh/patches/patch-auth2.c 1.2 - security/openssh/patches/patch-config.h.in 1.2 - security/openssh/patches/patch-configure 1.2 - security/openssh/patches/patch-configure.ac 1.2 - security/openssh/patches/patch-includes.h 1.2 - security/openssh/patches/patch-scp.c 1.2 - security/openssh/patches/patch-session.c 1.2 - security/openssh/patches/patch-sftp-common.c 1.1 - security/openssh/patches/patch-ssh.c 1.2 - security/openssh/patches/patch-sshd.c 1.2 - security/openssh/patches/patch-uidswap.c 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 1 06:11:41 UTC 2013 Modified Files: pkgsrc/security/openssh: Makefile distinfo options.mk pkgsrc/security/openssh/patches: patch-Makefile.in patch-auth.c patch-auth1.c patch-auth2.c patch-config.h.in patch-configure patch-configure.ac patch-includes.h patch-scp.c patch-session.c patch-ssh.c patch-sshd.c patch-uidswap.c Added Files: pkgsrc/security/openssh/patches: patch-sftp-common.c Log Message: Update openssh to 6.4.1 (OpenSSH 6.4p1). Changes since OpenSSH 6.3 ========================= This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Changes since OpenSSH 6.2 is too many to write here, please refer the release note: http://www.openssh.com/txt/release-6.3.
2013-12-01	Pullup tickets #4259, #4260 and #4261.	tron	1	-1/+9

2013-12-01	Pullup ticket #4261 - requested by taca	tron	16	-129/+75
	lang/ruby200-base: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.106 - lang/ruby200-base/Makefile 1.5 - lang/ruby200-base/PLIST 1.2 - lang/ruby200-base/distinfo 1.7 - lang/ruby200-base/patches/patch-configure 1.4 - lang/ruby200-base/patches/patch-ext_tk_extconf.rb deleted - lang/ruby200-base/patches/patch-lib_rubygems.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_commands_setup__command.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_config__file.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_dependency__installer.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_ext_ext__conf__builder.rb deleted - lang/ruby200-base/patches/patch-lib_rubygems_installer.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_specification.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_version.rb deleted - lang/ruby200-base/patches/patch-man_ri.1 1.2 - lang/ruby200-base/patches/patch-tool_rbinstall.rb 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:22:03 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby200-base: Makefile PLIST distinfo pkgsrc/lang/ruby200-base/patches: patch-configure patch-lib_rubygems.rb patch-lib_rubygems_commands_setup__command.rb patch-lib_rubygems_config__file.rb patch-lib_rubygems_dependency__installer.rb patch-lib_rubygems_installer.rb patch-lib_rubygems_specification.rb patch-man_ri.1 patch-tool_rbinstall.rb Removed Files: pkgsrc/lang/ruby200-base/patches: patch-ext_tk_extconf.rb patch-lib_rubygems_ext_ext__conf__builder.rb patch-lib_rubygems_version.rb Log Message: Update ruby200-base, ruby200 and ruby-mode package to 2.00-p353. Ruby 2.0.0-p353 is released Now Ruby 2.0.0-p353 is released. This release includes a security fix about floating point parsing. Heap Overflow in Floating Point Parsing (CVE-2013-4164) And some bugfixes are also included. See tickets and ChangeLog for details.
2013-12-01	Pullup ticket #4260 - requested by taca	tron	6	-44/+27
	lang/ruby193-base: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.105 - lang/ruby193-base/Makefile 1.36 - lang/ruby193-base/distinfo 1.28 via patch - lang/ruby193-base/patches/patch-configure 1.11 - lang/ruby193-base/patches/patch-configure.in 1.10 - lang/ruby193-base/patches/patch-ext_tk_extconf.rb deleted --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:17:19 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby193-base: Makefile distinfo pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in Removed Files: pkgsrc/lang/ruby193-base/patches: patch-ext_tk_extconf.rb Log Message: Update ruby193-base (and related packages to 1.9.3-p484). Ruby 1.9.3-p484 is released Now Ruby 1.9.3-p484 is released. This release includes a security fix about ruby interpreter core: Heap Overflow in Floating Point Parsing (CVE-2013-4164) And some bugfixes are also included. See tickets and ChangeLog for details.
2013-12-01	Pullup ticket #4259 - requested by taca	tron	4	-7/+14
	databases/ruby-dm-serializer: dependency fix databases/ruby-dm-types/Makefile: dependency fix net/ruby-tw/Makefile: dependency fix Revisions pulled up: - databases/ruby-dm-serializer/Makefile 1.7 - databases/ruby-dm-types/Makefile 1.10 - lang/ruby/json.mk 1.3 - net/ruby-tw/Makefile 1.7 --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:05:08 UTC 2013 Modified Files: pkgsrc/lang/ruby: json.mk Log Message: Correct versions of json as bundled with Ruby. --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:07:50 UTC 2013 Modified Files: pkgsrc/databases/ruby-dm-serializer: Makefile pkgsrc/databases/ruby-dm-types: Makefile pkgsrc/net/ruby-tw: Makefile Log Message: Bump PKGREVISION for json version handling change.
2013-11-26	Pullup tickets #4257 and #4258.	tron	1	-1/+5

2013-11-26	Pullup ticket #4258 - requested by taca	tron	2	-8/+7
	www/drupal7: security update Revisions pulled up: - www/drupal7/Makefile 1.22 - www/drupal7/distinfo 1.15 --- Module Name: pkgsrc Committed By: taca Date: Thu Nov 21 15:14:11 UTC 2013 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: Update drupal7 to 7.24 (Drupal 7.24). Drupal 7.24, 2013-11-20 ---------------------- - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.
2013-11-26	Pullup ticket #4257 - requested by taca	tron	2	-8/+7
	www/drupal6: security update Revisions pulled up: - www/drupal6/Makefile 1.44 - www/drupal6/distinfo 1.28 --- Module Name: pkgsrc Committed By: taca Date: Thu Nov 21 15:13:09 UTC 2013 Modified Files: pkgsrc/www/drupal6: Makefile distinfo Log Message: Update drupal6 to 6.29 (Drupal 6.29). Drupal 6.29, 2013-11-20 ---------------------- - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.
2013-11-25	Pullup ticket #4256.	tron	1	-1/+3

2013-11-25	Pullup ticket #4256 - requested by spz	tron	7	-356/+30
	lang/python26: security update Revisions pulled up: - lang/python26/Makefile 1.56 - lang/python26/PLIST.common 1.15 - lang/python26/buildlink3.mk 1.6 - lang/python26/dist.mk 1.4 - lang/python26/distinfo 1.52 - lang/python26/patches/patch-CVE-2013-4238 deleted - lang/python26/patches/patch-al 1.12 --- Module Name: pkgsrc Committed By: adam Date: Wed Nov 6 07:25:49 UTC 2013 Modified Files: pkgsrc/lang/python26: Makefile PLIST.common buildlink3.mk dist.mk distinfo pkgsrc/lang/python26/patches: patch-al Removed Files: pkgsrc/lang/python26/patches: patch-CVE-2013-4238 Log Message: Python 2.6.9 is a security-fix source-only release for Python 2.6.8, fixing several reported security issues: issue 16037, issue 16038, issue 16039, issue 16040, issue 16041, and issue 16042 (CVE-2013-1752, long lines consuming too much memory), as well as issue 14984 (security enforcement on $HOME/.netrc files), issue 16248 (code execution vulnerability in tkinter), and issue 18709 (CVE-2013-4238, SSL module handling of NULL bytes inside subjectAltName).
2013-11-13	Pullup ticket #4254.	tron	1	-1/+3

2013-11-13	Pullup ticket #4254 - requested by obache	tron	2	-6/+6
	multimedia/adobe-flash-plugin11: security update Revisions pulled up: - multimedia/adobe-flash-plugin11/Makefile 1.20 - multimedia/adobe-flash-plugin11/distinfo 1.19 --- Module Name: pkgsrc Committed By: obache Date: Wed Nov 13 02:26:54 UTC 2013 Modified Files: pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo Log Message: Update adobe-flash-plugin11 to 11.2.202.327 for APSB13-26.
2013-11-11	Pullup ticket #4253.	tron	1	-1/+5

2013-11-11	Pullup ticket #4253 - requested by taca	tron	1	-2/+2
	lang/ruby18-base: build fix lang/ruby193-base: build fix lang/ruby200-base: build fix Revisions pulled up: - lang/ruby/rubyversion.mk 1.103-1.104 --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 29 23:25:33 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Replace LOWER_ARCH to MACHINE_ARCH in definition of RUBY_ARCH. Fix build problem on FreeBSD. --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 6 12:42:35 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Use MACHINE_GNU_ARCH instead of MACHINE_ARCH. Fix build problem on NetBSD/i386.
2013-11-10	pullup 4252	spz	1	-1/+4

2013-11-10	Pullup ticket #4252 - requested by bsiegert	spz	3	-6/+35
	lang/ruby200-base: build fix lang/ruby: build fix for lang/ruby200-base Revisions pulled up: - lang/ruby/rubyversion.mk 1.102 - lang/ruby200-base/distinfo 1.6 - lang/ruby200-base/patches/patch-configure 1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Oct 28 14:26:59 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby200-base: distinfo pkgsrc/lang/ruby200-base/patches: patch-configure Log Message: Fix build problem on some platforms; FreeBSD and MirBSD. For FreeBSD: * Fix careless mistake of patch to configure. For MirBSD (and possibly OpenBSD): * Don't pass empy string (before semicolon to sed(1). * Correct suffix for libruby's shared library. No PKGREVISION bump since this is simply fix for build problem. To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 pkgsrc/lang/ruby/rubyversion.mk cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby200-base/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby200-base/patches/patch-configure
2013-11-05	pullup 4250	spz	1	-1/+3

2013-11-05	Pullup ticket #4250 - requested by joerg	spz	1	-1/+6
	security/openssl: build fix for Linux/POWERPC64 Revisions pulled up: - security/openssl/Makefile by patch ------------------------------------------------------------------- Module Name: pkgsrc Committed By: joerg Date: Tue Oct 29 21:33:21 UTC 2013 Modified Files: pkgsrc/security/openssl: Makefile Log Message: For Linux/POWERPC64 override the default target, otherwise bad things happen (TM). To generate a diff of this commit: cvs rdiff -u -r1.181 -r1.182 pkgsrc/security/openssl/Makefile
2013-11-02	pullup 4251	spz	1	-1/+3

2013-11-02	Pullup ticket #4251 - requested by tron	spz	2	-6/+6
	net/wireshark: security update Revisions pulled up: - net/wireshark/Makefile 1.111 - net/wireshark/distinfo 1.70 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Nov 2 10:30:00 UTC 2013 Modified Files: pkgsrc/net/wireshark: Makefile distinfo Log Message: Update "wireshark" package to version 1.10.3. Changes since 1.10.2: - Bug Fixes The following vulnerabilities have been fixed. * wnpa-sec-2013-61 The IEEE 802.15.4 dissector could crash. (Bug 9139) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6336 * wnpa-sec-2013-62 The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9168) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6337 * wnpa-sec-2013-63 The SIP dissector could crash. (Bug 9228) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6338 * wnpa-sec-2013-64 The OpenWire dissector could go into a large loop. Discovered by Murali. (Bug 9248) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6339 * wnpa-sec-2013-65 The TCP dissector could crash. (Bug 9263) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6340 - The following bugs have been fixed: * new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (Bug 5349) * TLS decryption fails with XMPP start_tls. (Bug 8871) * Wrong Interpretation of GTS starting slot. (Bug 8946) * "Follow TCP Stream" shows only the first HTTP req+res. (Bug 9044) * The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126) * Crash then try to delete the same entry (length range) twice. (Bug 9129) * Crash if wrong "packet lengths range" entered. (Bug 9130) * Bssgp =3D> SGSN-INVOKE-TRACE use the wrong function... (Bug 9157) * Minor correction to dissection of DLR frames in Ethernet/IP dissector. (Bug 9186) * WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198) * EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c. (Bug 9199) * Files with pcap-ng Simple Packet Blocks can't be read. (Bug 9200) * Bug in RTP dissector if RTP extension is present. (Bug 9204) * Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request. (Bug 9206) * "make debian-package" fails, missing wsicon32.xpm. (Bug 9209) * Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218) * Ring buffer crash when tshark gets too far behind dumpcap. (Bug 9258) * PTP Dissector Wrongfully Reports Malformed Packet. (Bug 9262) * Wireshark lua dissector unable to load for media_type=3Dapplication/octet-stream. (Bug 9296) * Wireshark crash when dissecting packet with NTLMSSP. (Bug 9299) * Padding in uint64 field in DCERPC protocol wrongly reported. (Bug 9300) * DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (Bug 9301) * Multiple PDUs in the same DCERPC packet are not correctly decrypted. (Bug 9302) * The tshark summary line doesn't display the frame number or displays it sporadically. (Bug 9317) * Bluetooth: SDP improvements and minor fixes. (Bug 9327) * Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (Bug 9360) - Updated Protocol Support 3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT, DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP, WiMax, and XMPP To generate a diff of this commit: cvs rdiff -u -r1.110 -r1.111 pkgsrc/net/wireshark/Makefile cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/wireshark/distinfo
2013-10-28	Pullup tickets #4248 and #4249.	tron	1	-1/+12

2013-10-28	Pullup ticket #4248 - requested by taca	tron	9	-34/+34
	databases/ruby-activerecord32: security update devel/ruby-activemodel32: security update devel/ruby-activesupport32: security update devel/ruby-railties32: security update mail/ruby-actionmailer32: security update www/ruby-actionpack32: security update www/ruby-activeresource32: security update www/ruby-rails32: security update Revisions pulled up: - databases/ruby-activerecord32/distinfo 1.13 - devel/ruby-activemodel32/distinfo 1.13 - devel/ruby-activesupport32/distinfo 1.13 - devel/ruby-railties32/distinfo 1.13 - lang/ruby/rails.mk 1.45 - mail/ruby-actionmailer32/distinfo 1.13 - www/ruby-actionpack32/distinfo 1.13 - www/ruby-activeresource32/distinfo 1.13 - www/ruby-rails32/distinfo 1.13 --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:22:42 UTC 2013 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: Start update of Ruby on Rails 3.2.15. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:24:38 UTC 2013 Modified Files: pkgsrc/devel/ruby-activesupport32: distinfo Log Message: Update ruby-activesupport32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * Fix ActiveSupport::Cache::FileStore#cleanup to no longer rely on missing each_key method. Murray Steele * Add respond_to_missing? for TaggedLogging which is best practice when overriding method_missing. This permits wrapping TaggedLogging by another log abstraction such as em-logger. Wolfram Arnold --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:26:02 UTC 2013 Modified Files: pkgsrc/devel/ruby-activemodel32: distinfo Log Message: Update ruby-activemodel32 to ## Rails 3.2.15 (Oct 16, 2013) ## * No changes. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:27:20 UTC 2013 Modified Files: pkgsrc/www/ruby-actionpack32: distinfo Log Message: Update ruby-actionpack32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set. Fixes #12410 Backports #10844 Tamir Duberstein * Fix the assert_recognizes test method so that it works when there are constraints on the querystring. Issue/Pull Request #9368 Backport #5219 Brian Hahn * Fix to render partial by context(#11605). Kassio Borges * Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to` does not show user-supplied message. Issue: when `assert_redirected_to` fails due to the response redirect not matching the expected redirect the user-supplied message (second parameter) is not shown. This message is only shown if the response is not a redirect. Alexey Chernenkov --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:30:05 UTC 2013 Modified Files: pkgsrc/databases/ruby-activerecord32: distinfo Log Message: Update ruby-activerecord32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * When calling the method .find_or_initialize_by_* from a collection_proxy it should set the inverse_of relation even when the entry was found on the db. arthurnn * Callbacks on has_many should access the in memory parent if a inverse_of is set. arthurnn * Fix `FinderMethods#last` unscoped primary key. Fixes #11917. Eugene Kalenkovich * Load fixtures from linked folders. Kassio Borges * When using optimistic locking, `update` was not passing the column to `quote_value` to allow the connection adapter to properly determine how to quote the value. This was affecting certain databases that use specific colmn types. Fixes: #6763 Alfred Wong --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:31:00 UTC 2013 Modified Files: pkgsrc/www/ruby-activeresource32: distinfo Log Message: Update ruby-activeresource32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * No changes. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:33:16 UTC 2013 Modified Files: pkgsrc/mail/ruby-actionmailer32: distinfo Log Message: Update ruby-actionmailer32 to 3.2.15. CHANGELOG.md says "No changes." but it fixes possible dos vulnerability. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:34:47 UTC 2013 Modified Files: pkgsrc/devel/ruby-railties32: distinfo Log Message: Update ruby-railties32 to 3.2.15. CHANGELOG.md says "No changes." but really it contains a few bug fixes. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:38:03 UTC 2013 Modified Files: pkgsrc/www/ruby-rails32: distinfo Log Message: Update ruby-rails32 to 3.2.15. This is a bug fix release and also contains one security fix.

security/py-denyhosts: security patch Revisions pulled up: - security/py-denyhosts/Makefile 1.9 - security/py-denyhosts/distinfo 1.4-1.5 - security/py-denyhosts/patches/patch-af 1.2 --- Module Name: pkgsrc Committed By: pettai Date: Thu Dec 26 23:30:41 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: Makefile distinfo pkgsrc/security/py-denyhosts/patches: patch-af Log Message: Fix for CVE-2013-6890 --- Module Name: pkgsrc Committed By: pettai Date: Sun Dec 29 20:27:55 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: distinfo Log Message: Fixed broken checksum

graphics/gd: build fix for e.g. arm Revisions pulled up: - graphics/gd/distinfo 1.34-1.35 - graphics/gd/patches/patch-src_gd__bmp.c 1.1-1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: dholland Date: Mon Nov 11 20:38:16 UTC 2013 Modified Files: pkgsrc/graphics/gd: distinfo Added Files: pkgsrc/graphics/gd/patches: patch-src_gd__bmp.c Log Message: Don't use ceill(); it isn't needed here and causes problems. See PR 48334. Technically this change should bump PKGREVISION (as it changes the binary package ever so slightly for platforms where the ceill() didn't cause a build failure) but I'm going to let it slide. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 pkgsrc/graphics/gd/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c ------------------------------------------------------------------- Module Name: pkgsrc Committed By: dholland Date: Mon Nov 11 21:34:40 UTC 2013 Modified Files: pkgsrc/graphics/gd: distinfo pkgsrc/graphics/gd/patches: patch-src_gd__bmp.c Log Message: Add upstream report URL per PR 48334. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 pkgsrc/graphics/gd/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c

net/wireshark: security update Revisions pulled up: - net/wireshark/DESCR 1.4 - net/wireshark/Makefile 1.112 - net/wireshark/distinfo 1.71 - net/wireshark/patches/patch-aa 1.13 - net/wireshark/patches/patch-ab 1.4 - net/wireshark/patches/patch-ac 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Dec 18 11:52:26 UTC 2013 Modified Files: pkgsrc/net/wireshark: DESCR Makefile distinfo pkgsrc/net/wireshark/patches: patch-aa patch-ab patch-ac Log Message: Update "wireshark" package to version 1.10.4. Changes since version 1.10.3: - Bug Fixes The following vulnerabilities have been fixed. * wnpa-sec-2013-66 The SIP dissector could go into an infinite loop. Discovered by Alain Botti. (Bug 9388) Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 CVE-2013-7112 * wnpa-sec-2013-67 The BSSGP dissector could crash. Discovered by Laurent Butti. (Bug 9488) Versions affected: 1.10.0 to 1.10.3 CVE-2013-7113 * wnpa-sec-2013-68 The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 CVE-2013-7114 The following bugs have been fixed: * "On-the-wire" packet lengths are limited to 65535 bytes. (Bug 8808, ws-buglink:9390) * Tx MCS set is not interpreted properly in WLAN beacon frame. (Bug 8894) * VoIP Graph Analysis window - some calls are black. (Bug 8966) * Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031) * epan/follow.c - Incorrect "bytes missing in capture file" in "check_fragments" due to an unsigned int wraparound?. (Bug 9112) * gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus result. (Bug 9382) * Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383) * Timestamp decoded for Gigamon trailer is not padded correctly. (Bug 9433) * SEL Fast Message Bug-fix for Signed 16-bit Integer Fast Meter Messages. (Bug 9435) * DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug 9442) * GSM SMS User Data header fill bits are wrong when using a 7 bits ASCII / IA5 encoding. (Bug 9478) * WCDMA RLC dissector cannot assemble PDUs with SNs skipped and wrap-arounded. (Bug 9505) * DTLS: fix buffer overflow in mac check. (Bug 9512) * Correct data length in SCSI_DATA_IN packets (within iSCSI). (Bug 9521) * GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th. (Bug 9550) * Fix "decode as ..." for packet-time.c. (Bug 9563) - Updated Protocol Support ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS, IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/DESCR cvs rdiff -u -r1.111 -r1.112 pkgsrc/net/wireshark/Makefile cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/wireshark/distinfo cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/wireshark/patches/patch-aa cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/patches/patch-ab cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/wireshark/patches/patch-ac

devel/ruby-i18n: security update Revisions pulled up: - devel/ruby-i18n/Makefile 1.9 - devel/ruby-i18n/PLIST 1.5 - devel/ruby-i18n/distinfo 1.8 --- Module Name: pkgsrc Committed By: taca Date: Mon Dec 16 09:21:34 UTC 2013 Modified Files: pkgsrc/devel/ruby-i18n: Makefile PLIST distinfo Log Message: Update ruby-i18n to 0.6.9. This is security fix. * Add I18n::exists? method. * Add I18n.locale_available? method. * Delete unused files. * I18n::MissingTranslation exception escapes key names for its html_message, fixing CVE-2013-4492. * Use CGI.escapeHTML instead of CGI.escape_html for Ruby 1.8.7. * Fix an issue with setting I18n.config.enforce_available_locales.

www/typo3_45: security update Revisions pulled up: - www/typo3_45/Makefile 1.28-1.29 - www/typo3_45/PLIST 1.13 - www/typo3_45/distinfo 1.23-1.24 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:41:07 UTC 2013 Modified Files: pkgsrc/www/typo3_45: Makefile distinfo Log Message: Update typo345 to 4.5.31 (TYPO3 4.5.31). 2013-11-26 434ce71 [RELEASE] Release of TYPO3 4.5.31 (TYPO3 Release Team) 2013-11-19 396534e #53758 [BUGFIX] Table cache_imagesizes is defined twice (Michiel Roos) 2013-11-19 3f2ed1d #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-15 428baac #17493 [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind) 2013-11-11 6755f40 #37948 [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar) 2013-11-11 082facd #31998 [BUGFIX] Faulty check for missing SMTP port (Stefan Neufeind) 2013-11-09 c581f33 #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Stefan Neufeind) 2013-11-09 7b08aa9 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-11-04 d372f5f #38055 [BUGFIX] Remove declare(encoding=) (Josef Florian Glatz) 2013-10-28 5ae438c #53075 [BUGFIX] Cannot auto-load SC_* classes (Ernesto Baschny) 2013-10-22 b5d6e9f #50881 [TASK] Added missing core autoloaded files (Ernesto Baschny) 2013-10-13 5b072ff #52759 [BUGFIX] Object passed to date() (Philipp Gampe) 2013-10-12 6371e46 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-12 78871e2 #37611 [BUGFIX] Select available page when changing WS (Thorsten Kahler) 2013-10-11 ce02c01 #36573 [BUGFIX] Add workspace overlay for fetched records. (Anja Leichsenring) 2013-10-11 d114ddb #37065 [BUGFIX] Don't show duplicates in workspace preview (Timo Webler) 2013-10-06 3289c39 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 cd1e12b #52091,#51684 [BUGFIX] Check for string before using strlen (Markus Klein) 2013-09-26 c8d2033 #34886 [BUGFIX] CF FileBackend unlimited lifetime support (Dominique Feyer) 2013-09-18 ef6dc06 [BUGFIX] Fix cropping of transparent gifs with im6. (Felix Bu$(Q+m(Bnemann) 2013-09-12 70ce540 #51803 [TASK] Use a 401 header if login is not successful (Georg Ringer) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:18:33 UTC 2013 Modified Files: pkgsrc/www/typo3_45: Makefile PLIST distinfo Log Message: Update typo3_45 package to 4.5.32 (TYPO3 4.5.32). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ - Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous commit. 2013-12-10 1956962 [RELEASE] Release of TYPO3 4.5.32 (TYPO3 Release Team) 2013-12-10 60576d1 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 77dc1c4 #42772 [SECURITY] XSS in colorpicker wizard (Anja Leichsenring) 2013-12-10 52d3bff #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 cae8739 #20811 [SECURITY] XSS vulnerability in extension manager (Marcus Krause) 2013-12-10 ba92f0a #41714 [SECURITY] Information Disclosure in Wizards (Anja Leichsenring) 2013-12-10 63ff910 #54099 [SECURITY] Fix open redirection in openid extension (Anja Leichsenring) 2013-12-10 c4d1336 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter) 2013-12-10 5342284 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 b360a1a #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 78ee538 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause) 2013-12-08 5aa4ab2 #54282 [BUGFIX] Fix failing test (Anja Leichsenring) 2013-12-08 6add221 #54280 [BUGFIX] Fix failing test (Anja Leichsenring) 2013-12-02 0c3fa95 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 d353ab0 #54120 Revert "[BUGFIX] Object passed to date()" (Markus Klein) 2013-11-29 309e93a #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn) 2013-11-26 1d95cad #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)

net/samba: security update Revisions pulled up: - net/samba/Makefile 1.241 - net/samba/distinfo 1.96 --- Module Name: pkgsrc Committed By: taca Date: Mon Dec 9 10:44:22 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Update samba to 3.6.22; Security fix for CVE-2012-6150. Changes since 3.6.21: --------------------- o Jeremy Allison <jra@samba.org> * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. o Stefan Metzmacher <metze@samba.org> * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. o Noel Power <noel.power@suse.com> * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups. Changes since 3.6.20: --------------------- o Jeremy Allison <jra@samba.org> * BUG 10139: Valid utf8 filenames cause "invalid conversion error" messages. * BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory". * BUG 10187: Missing talloc_free can leak stackframe in error path. * BUG 10247: xattr: Fix listing EAs on *BSD for non-root users. o Korobkin <korobkin+samba@gmail.com> * BUG 10118: Raise debug level for being unable to open a printer. o Volker Lendecke <vl@samba.org> * BUG 10195: nsswitch: Fix short writes in winbind_write_sock. o Arvid Requate <requate@univention.de> * BUG 10267: Fix Windows 8 printing via local printer drivers. o Andreas Schneider <asn@cryptomilk.org> * BUG 10194: Make offline logon cache updating for cross child domain group membership.

www/typo3_61: security update Revisions pulled up: - www/typo3_61/Makefile 1.2-1.3 - www/typo3_61/PLIST 1.2 - www/typo3_61/distinfo 1.2-1.3 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:45:04 UTC 2013 Modified Files: pkgsrc/www/typo3_61: Makefile PLIST distinfo Log Message: Update typo3_61 to 6.1.6 (TYPO3 6.1.6). 2013-11-26 3f69433 [RELEASE] Release of TYPO3 6.1.6 (TYPO3 Release Team) 2013-11-26 3eda399 #53918 [BUGFIX] t3skin calls addIconSprite for each lang (Michiel Roos) 2013-11-24 93ed8d2 #51650 [BUGFIX] TS: Allow "0" as strPad.padWith (Lars Peipmann) 2013-11-24 aed6051 #15958 [BUGFIX] Reload list module on clickmenu action (Bernhard Kraft) 2013-11-21 7042298 #53802 [BUGFIX] Fix moving/copying files and folders between storages (Frans Saris) 2013-11-21 b78c694 #53844 [BUGFIX] Fix regression in ResourceCompressor (Markus Klein) 2013-11-20 3d3de05 #53243 [BUGFIX] Filemtime / Filesize trigger warning (Tomita Militaru) 2013-11-20 6c5d53d #53458 [BUGFIX] Fluid paginate widget wrong number of links (Klaas Johan Kooistra) 2013-11-20 52b751e Revert "[BUGFIX] Page module: Allow to paste in empty columns" (Markus Klein) 2013-11-20 dbcaf93 #44002,#35980, [BUGFIX] Page module: Allow to paste in empty columns (Bernhard Kraft) 2013-11-19 023014c #38766 [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel) 2013-11-19 9d97a70 #53773 [BUGFIX] Fix JS error in lang module (Markus Klein) 2013-11-19 170f084 #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-19 abcd5e9 #34544 [BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action (Ralf Hettinger) 2013-11-19 ba82fac #51998 [BUGFIX] ExtDirect StateProvider should store all settings (Johannes Feustel) 2013-11-19 571c8c9 #53746 [TASK] Optimization in AbstractViewHelper (Wouter Wolters) 2013-11-18 33b0d1b #53707 [BUGFIX] Rename hook in VariableFrontend.php (Nicole Cordes) 2013-11-18 fbd9379 #53711 [BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc (Markus Klein) 2013-11-18 fa87ad9 #53014 [BUGFIX] Check for query failures in admin methods (Thomas Maroschik) 2013-11-15 7223b78 Revert "[BUGFIX] EM: Fetch list as html, not as json" (Helmut Hummel) 2013-11-14 62f7e87 #45724 [BUGFIX] FILES.folder does not work (Stefan Froemken) 2013-11-14 c65640d #51234 [BUGFIX] Move beuser property mappings to global scope (Philipp Gampe) 2013-11-14 35a95b0 #17493 [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind) 2013-11-13 fd66dfc #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Georg Ringer) 2013-11-13 0641f4f #51918 [BUGFIX] Native date and datetime values do not consider timezone (Oliver Hader) 2013-11-12 9aa1fa2 #52926 [BUGFIX] Compressor resolves dots in filenames correctly (Christian Kuhn) 2013-11-12 fa77640 #53115 [BUGFIX] T3editor: Make errors/exceptions show correctly (Stefan Neufeind) 2013-11-12 259c64d #22136 [BUGFIX] Fix menu popup for all IE versions (Alexander Opitz) 2013-11-12 ffd8480 #52934 [BUGFIX] dataTables: Avoid sending cookie-data too often (Stefan Neufeind) 2013-11-12 c3b0ebc #53399 [BUGFIX] Wrong usage-text for cli_dispatch (Tomita Militaru) 2013-11-12 dcdb7bb #52904 [BUGFIX] Evaluator in JS fails with namespaces (Stefan Aebischer) 2013-11-12 cf50919 #53538 [BUGFIX] Make be.buttons.icon-ViewHelper extensible (Stefan Neufeind) 2013-11-11 fbb19b4 #52727 [TASK] Hard-coded labels in file collections (Tomita Militaru) 2013-11-11 3dd29c3 #37948 [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar) 2013-11-11 a3153a3 #52488 [BUGFIX] Call to FlashMessageQueue::addMessage() method in extbase (Markus Klein) 2013-11-11 b61f34f #53423 [BUGFIX] EM: Fetch list as html, not as json (Stefan Neufeind) 2013-11-10 093d7ac #52173 [BUGFIX] Correct storage selection (follow-up) (Ernesto Baschny) 2013-11-09 7015242 #53477 [TASK] Fix superfluous strlen() on constant strings (Steffen Ritter) 2013-11-09 827bf21 #47040 [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Froemken) 2013-11-09 0b03e72 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-11-08 6f1625f #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Tomita Militaru) 2013-10-23 d34bde3 #31572 [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche) 2013-10-18 840a3a6 #35073 [BUGFIX] Enable BE search for multiple mountpoints (Georg Ringer) 2013-10-17 775a077 #52931 [TASK] Exclude central Modernizr from concatenation (Stefan Neufeind) 2013-10-17 0382419 #52570 [TASK] Tests for Persistence\Generic\Backend::getIdentifierByObject (Stefan Neufeind) 2013-10-17 b78dc4e #50548 [BUGFIX] Getting the identifier for a lazy object fails (Marc Bastian Heinrichs) 2013-10-16 2f1fb3f #52529 [BUGFIX] Suppress empty tag names in output of array2xml (Markus Hoelzle) 2013-10-16 b218036 #52823 [BUGFIX] Preserve vendor name in refering request (Thomas Maroschik) 2013-10-16 88cc508 [BUGFIX] Follow-Up: Fatal error due to missing use statement (Sascha Egerer) 2013-10-15 1761850 #52845 [BUGFIX] Moving folders fails (Oliver Hader) 2013-10-15 be9b7c7 #50802 [BUGFIX] Only load folder contents if folder is initialised (Frans Saris) 2013-10-15 ce693d8 #52824 [BUGFIX] Superfluous usage of ObjectManagerException (Oliver Hader) 2013-10-15 8be996a #51707 [FEATURE] Add getValidators to AbstractCompositeValidator (Stefan Froemken) 2013-10-15 992e4ef #52771 [BUGFIX] Use callback in preg_replace in RemoveXSS (Jigal van Hemert) 2013-10-14 50942c2 #52773 [BUGFIX] Detect unix-styled absolute paths on Windows systems (Nicole Cordes) 2013-10-13 2889f13 #52759 [BUGFIX] Object passed to date() (Xavier Perseguers) 2013-10-12 f4f2756 #52731 [TASK] Use 6.1 branch in travis-integration for travis (Christian Kuhn) 2013-10-12 d68c114 #52728 [BUGFIX] Use BackendUtility use statement (Anja Leichsenring) 2013-10-12 33d4415 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-12 e3d02ef #52715 [BUGFIX] Prevent empty newline below scheduler-task-name (Stefan Neufeind) 2013-10-11 a3f8dfe #52708 [BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes (Alexander Schnitzler) 2013-10-11 9b4462b #50912 [BUGFIX] BackendUtility::viewOnClick() called with non-integer (Oliver Hader) 2013-10-11 d910b2b #51051 [BUGFIX] Clear_cache() must not consider page ids lower than 0 (Oliver Hader) 2013-10-11 1483967 #37611 [BUGFIX] Select available page when changing WS (Thorsten Kahler) 2013-10-11 f4e1b0e #52636 [BUGFIX] Copy records to target page before origin page is deleted (Timo Webler) 2013-10-11 ed4e368 #17551 [BUGFIX] Create workspace placeholder with processed field content (Sascha Egerer) 2013-10-11 6f47aa5 #36573 [BUGFIX] Add workspace overlay for fetched records. (Timo Webler) 2013-10-11 d6b57e8 #37209 [BUGFIX] WS preview shows pages changes from all WS (Thorsten Kahler) 2013-10-11 fcad15e #52530 [BUGFIX] Delete modified record in WS just deletes WS version (Sascha Egerer) 2013-10-11 3ac3429 #37065 [BUGFIX] Don't show duplicates in workspace preview (Timo Webler) 2013-10-10 394d12e #52178 [BUGFIX] Cannot upload an extension as zip (Xavier Perseguers) 2013-10-07 8f1afaf #49538 [BUGFIX] Fields of type file_reference are not properly indexed (Martin Borer) 2013-10-07 98625ae #52546 [BUGFIX] Missing closing tag in ElementBrowser (Philipp Gampe) 2013-10-05 dc5b2f1 #52469 [TASK] Use instanceof comparison instead of string comparison (Benjamin Serfhos) 2013-09-30 6b2512a #43540 [BUGFIX] TS is fetched from cache incorrectly sometimes (Dmitry Dulepov) 2013-09-28 3a3edf1 #48809,#51730, [BUGFIX] Fix wrong handling of php and TYPO3 dependencies (Susanne Moog) 2013-09-28 9535891 #51329 [BUGFIX] Initialize extension name in command requests (Alexander Stehlik) 2013-09-27 06723a0 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 219c381 #51588 [BUGFIX] Clear cached menu by tag (Zbigniew Jacko) 2013-09-27 b41847a #50437 [BUGFIX] Fix jumpToUrl()-Usage in Element Browser (Benjamin Pick) 2013-09-26 6bdc8ad #52091,#51684 [BUGFIX] Check for string before using strlen (Kilian Hann) 2013-09-26 9be6739 #52266 [BUGFIX] groupFor-VH does not work with @lazy (Stefan Froemken) 2013-09-26 d3bf620 #50913 [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier) 2013-09-26 993dd5d #52316 [BUGFIX] Fatal in DefaultConfiguration (Christian Kuhn) 2013-09-26 bb94fe0 #52305 [BUGFIX] Configure main extbase caches for unlimited entry lifetime (Christian Kuhn) 2013-09-26 52ff400 #52295 [TASK] Use SimpleFileBackend for t3lib_l10n cache (Christian Kuhn) 2013-09-25 f0fe1c4 #52226 [BUGFIX] EM does not link to docs.typo3.org (Xavier Perseguers) 2013-09-25 db5fb24 #51116 [BUGFIX] Increase performance of exports for caches (Markus Klein) 2013-09-25 28ee210 #52243 [BUGFIX] Remove duplicate exception code (Fabien Udriot) 2013-09-24 3f53e6b #52173 [BUGFIX] Correct storage selection (common prefixes) (Ernesto Baschny) 2013-09-24 1d17a21 #52201 [BUGFIX] Fix broken Unit-test for #44825 (Wouter Wolters) 2013-09-23 ae9b606 #44825 [BUGFIX] Fix page.headerData + USER_INT (Helmut Hummel) 2013-09-20 7d08d29 #48912 [BUGFIX] Increase length of identifier field in sys_file (Nicole Cordes) 2013-09-20 e0600ed #52056 [BUGFIX] Wrong exception on renaming folder (Francois Suter) 2013-09-19 9423c2c #49328 [BUGFIX] Fix PHP warning when writing to Backend user log (Alexander Stehlik) 2013-09-17 fd534b6 #45859 [BUGFIX] Faulty expand/collapse behavior in Element Browser (Oliver Hader) 2013-09-17 ce68bcd #19045 [BUGFIX] Fix cropping of transparent gifs with im6. (Stefan Neufeind) 2013-09-17 fb5bbbf #50907 [BUGFIX] Form Wizard: Adds mouse pointer to docheader icons (Ernesto Baschny) 2013-09-13 0fe373b #51981 [BUGFIX] Also consider JPEG files for IM/GM (Markus Klein) 2013-09-12 b0c54dc #51803 [TASK] Use a 401 header if login is not successful (Georg Ringer) 2013-09-12 7169032 #47744 [BUGFIX] Replace SHOW DATABASE by query to schema (Alexander Opitz) 2013-09-12 ddf74b0 #51891 [BUGFIX] Call to undefined method setTemplateFile (Wouter Wolters) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:22:20 UTC 2013 Modified Files: pkgsrc/www/typo3_61: Makefile distinfo Log Message: Update typo3_61 package to 6.1.7 (TYPO3 6.1.7). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ 2013-12-10 afbadea [RELEASE] Release of TYPO3 6.1.7 (TYPO3 Release Team) 2013-12-10 7481971 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 cb8db28 #42772 [SECURITY] XSS in colorpicker wizard (Marcus Krause) 2013-12-10 2d29894 #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 dca9c88 #48691 [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs) 2013-12-10 450e5d3 #41714 [SECURITY] Information Disclosure in Wizards (Helmut Hummel) 2013-12-10 7e7f9e3 #54099 [SECURITY] Fix open redirection in openid extension (Helmut Hummel) 2013-12-10 ad11945 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 18e0491 #47086 [SECURITY] XSS in beuser VH (Anja Leichsenring) 2013-12-10 cbbeefd #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 163947a #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter) 2013-12-02 d21a628 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 e538020 #54117 [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind) 2013-11-29 3a66a0e #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)

www/typo3_60: security update Revisions pulled up: - www/typo3_60/MESSAGE 1.1 - www/typo3_60/Makefile 1.6-1.7 - www/typo3_60/PLIST 1.6 - www/typo3_60/distinfo 1.6-1.7 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:44:04 UTC 2013 Modified Files: pkgsrc/www/typo3_60: Makefile PLIST distinfo Added Files: pkgsrc/www/typo3_60: MESSAGE Log Message: Update typo60 to 6.0.11 (TYPO3 6.0.11). Also add MESSAGE file. 2013-11-26 5e5f1d2 [RELEASE] Release of TYPO3 6.0.11 (TYPO3 Release Team) 2013-11-26 762cb0a #53918 [BUGFIX] t3skin calls addIconSprite for each lang (Michiel Roos) 2013-11-24 96944c0 #15958 [BUGFIX] Reload list module on clickmenu action (Bernhard Kraft) 2013-11-21 9e2a0a1 #53802 [BUGFIX] Fix moving/copying files and folders between storages (Frans Saris) 2013-11-21 487903a #53844 [BUGFIX] Fix regression in ResourceCompressor (Markus Klein) 2013-11-20 aed68c8 #53243 [BUGFIX] Filemtime / Filesize trigger warning (Tomita Militaru) 2013-11-20 2857828 #53458 [BUGFIX] Fluid paginate widget wrong number of links (Klaas Johan Kooistra) 2013-11-19 3d6f5be #53773 [BUGFIX] Fix JS error in lang module (Markus Klein) 2013-11-19 ea58bd5 #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-19 055e6a5 #34544 [BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action (Ralf Hettinger) 2013-11-19 6c6582a #51998 [BUGFIX] ExtDirect StateProvider should store all settings (Johannes Feustel) 2013-11-19 9a5858d #53746 [TASK] Optimization in AbstractViewHelper (Wouter Wolters) 2013-11-18 464a804 #53707 [BUGFIX] Rename hook in VariableFrontend.php (Nicole Cordes) 2013-11-18 ad98c0a #53711 [BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc (Markus Klein) 2013-11-15 d33b4eb Revert "[BUGFIX] EM: Fetch list as html, not as json" (Helmut Hummel) 2013-11-14 ecd873f #45724 [BUGFIX] FILES.folder does not work (Stefan Froemken) 2013-11-14 2fef8ad #51234 [BUGFIX] Move beuser property mappings to global scope (Philipp Gampe) 2013-11-14 c9c7551 #17493 [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind) 2013-11-13 c372d65 #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Georg Ringer) 2013-11-13 e6b77d8 #51918 [BUGFIX] Native date and datetime values do not consider timezone (Oliver Hader) 2013-11-12 0e4f15a #52926 [BUGFIX] Compressor resolves dots in filenames correctly (Christian Kuhn) 2013-11-12 6163c42 #53115 [BUGFIX] T3editor: Make errors/exceptions show correctly (Stefan Neufeind) 2013-11-12 4435311 #22136 [BUGFIX] Fix menu popup for all IE versions (Alexander Opitz) 2013-11-12 53a5a1a #52934 [BUGFIX] dataTables: Avoid sending cookie-data too often (Stefan Neufeind) 2013-11-12 94c4d70 #53399 [BUGFIX] Wrong usage-text for cli_dispatch (Tomita Militaru) 2013-11-12 f113773 #52904 [BUGFIX] Evaluator in JS fails with namespaces (Stefan Aebischer) 2013-11-12 9678fc6 #53538 [BUGFIX] Make be.buttons.icon-ViewHelper extensible (Stefan Neufeind) 2013-11-11 e9bc5e1 #52727 [TASK] Hard-coded labels in file collections (Tomita Militaru) 2013-11-11 bc9a847 #37948 [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar) 2013-11-11 a8f0d86 #53423 [BUGFIX] EM: Fetch list as html, not as json (Stefan Neufeind) 2013-11-11 6f4ae27 #48809,#51730, [BUGFIX] Fix wrong handling of php and TYPO3 dependencies (Susanne Moog) 2013-11-10 907d5b1 #52173 [BUGFIX] Correct storage selection (follow-up) (Ernesto Baschny) 2013-11-09 b7a6f48 #53477 [TASK] Fix superfluous strlen() on constant strings (Steffen Ritter) 2013-11-09 58f1fa5 #47040 [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Froemken) 2013-11-09 cb14179 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-11-08 c3773a4 #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Tomita Militaru) 2013-10-23 648018e #31572 [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche) 2013-10-18 8c21be4 #35073 [BUGFIX] Enable BE search for multiple mountpoints (Georg Ringer) 2013-10-17 fe876a8 #52931 [TASK] Exclude central Modernizr from concatenation (Stefan Neufeind) 2013-10-16 04e4a4b #52529 [BUGFIX] Suppress empty tag names in output of array2xml (Markus Hoelzle) 2013-10-16 ac2b59e #52823 [BUGFIX] Preserve vendor name in refering request (Thomas Maroschik) 2013-10-15 693b575 #52845 [BUGFIX] Moving folders fails (Oliver Hader) 2013-10-15 85d0653 #50802 [BUGFIX] Only load folder contents if folder is initialised (Frans Saris) 2013-10-15 38958f0 #52824 [BUGFIX] Superfluous usage of ObjectManagerException (Oliver Hader) 2013-10-15 4ba140a #51707 [FEATURE] Add getValidators to AbstractCompositeValidator (Stefan Froemken) 2013-10-15 1156074 #52771 [BUGFIX] Use callback in preg_replace in RemoveXSS (Jigal van Hemert) 2013-10-14 c577f9e #52773 [BUGFIX] Detect unix-styled absolute paths on Windows systems (Nicole Cordes) 2013-10-13 6cc1f7a #52759 [BUGFIX] Object passed to date() (Xavier Perseguers) 2013-10-12 f272d54 #52731 [TASK] Use 6.1 branch in travis-integration for travis (Christian Kuhn) 2013-10-12 6cbf164 #52728 [BUGFIX] Use BackendUtility use statement (Anja Leichsenring) 2013-10-12 13c6602 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-12 23b8d11 #52715 [BUGFIX] Prevent empty newline below scheduler-task-name (Stefan Neufeind) 2013-10-11 a909546 #52708 [BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes (Alexander Schnitzler) 2013-10-11 5faa4da #50912 [BUGFIX] BackendUtility::viewOnClick() called with non-integer (Oliver Hader) 2013-10-11 13c5bf9 #51051 [BUGFIX] Clear_cache() must not consider page ids lower than 0 (Oliver Hader) 2013-10-11 17fe304 #37611 [BUGFIX] Select available page when changing WS (Thorsten Kahler) 2013-10-11 e30b70b #52636 [BUGFIX] Copy records to target page before origin page is deleted (Timo Webler) 2013-10-11 db7d3e5 #17551 [BUGFIX] Create workspace placeholder with processed field content (Sascha Egerer) 2013-10-11 660e030 #36573 [BUGFIX] Add workspace overlay for fetched records. (Timo Webler) 2013-10-11 7c837df #37209 [BUGFIX] WS preview shows pages changes from all WS (Thorsten Kahler) 2013-10-11 5aeddac #52530 [BUGFIX] Delete modified record in WS just deletes WS version (Sascha Egerer) 2013-10-11 f561b99 #37065 [BUGFIX] Don't show duplicates in workspace preview (Timo Webler) 2013-10-10 b4b0b0e #52178 [BUGFIX] Cannot upload an extension as zip (Xavier Perseguers) 2013-10-07 31e44bd #46845 [BUGFIX] Fix namespace in FileMountRepositoryTest (Marc Bastian Heinrichs) 2013-10-07 a7da230 #49538 [BUGFIX] Fields of type file_reference are not properly indexed (Martin Borer) 2013-10-07 388c02d #52546 [BUGFIX] Missing closing tag in ElementBrowser (Philipp Gampe) 2013-10-06 30d93b4 #50756 [FEATURE] Backport ClassNamingUtility (Stefan Neufeind) 2013-10-05 d6a8e68 #52469 [TASK] Use instanceof comparison instead of string comparison (Benjamin Serfhos) 2013-09-30 8e1ea88 #43540 [BUGFIX] TS is fetched from cache incorrectly sometimes (Dmitry Dulepov) 2013-09-28 a2532bb #51329 [BUGFIX] Initialize extension name in command requests (Alexander Stehlik) 2013-09-28 7144eb5 #52346 [BUGFIX] Incomplete backup in AbstractUserAuthenticationTest (Christian Kuhn) 2013-09-27 9c200ea #52091,#51684 [BUGFIX] Check for string before using strlen (Kilian Hann) 2013-09-27 128d147 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 9fa9f15 #51588 [BUGFIX] Clear cached menu by tag (Zbigniew Jacko) 2013-09-27 30af6a5 #50437 [BUGFIX] Fix jumpToUrl()-Usage in Element Browser (Benjamin Pick) 2013-09-26 77c69e7 #52266 [BUGFIX] groupFor-VH does not work with @lazy (Stefan Froemken) 2013-09-26 3f0cc99 #50913 [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier) 2013-09-26 919541b #52316 [BUGFIX] Fatal in DefaultConfiguration (Christian Kuhn) 2013-09-26 0deefa0 #52305 [BUGFIX] Configure main extbase caches for unlimited entry lifetime (Christian Kuhn) 2013-09-26 d00db27 #52295 [TASK] Use SimpleFileBackend for t3lib_l10n cache (Christian Kuhn) 2013-09-25 d01851c #52226 [BUGFIX] EM does not link to docs.typo3.org (Xavier Perseguers) 2013-09-25 68bb292 #51116 [BUGFIX] Increase performance of exports for caches (Markus Klein) 2013-09-25 3f8cd14 #52243 [BUGFIX] Remove duplicate exception code (Fabien Udriot) 2013-09-24 7151ce0 #52173 [BUGFIX] Correct storage selection (common prefixes) (Ernesto Baschny) 2013-09-24 0a80fb6 #52201 [BUGFIX] Fix broken Unit-test for #44825 (Wouter Wolters) 2013-09-23 be4627f #44825 [BUGFIX] Fix page.headerData + USER_INT (Helmut Hummel) 2013-09-20 580a576 #48912 [BUGFIX] Increase length of identifier field in sys_file (Nicole Cordes) 2013-09-20 cb6bf25 #52056 [BUGFIX] Wrong exception on renaming folder (Francois Suter) 2013-09-19 cdba66b #49328 [BUGFIX] Fix PHP warning when writing to Backend user log (Alexander Stehlik) 2013-09-17 23e6007 #45859 [BUGFIX] Faulty expand/collapse behavior in Element Browser (Oliver Hader) 2013-09-17 c79315a #19045 [BUGFIX] Fix cropping of transparent gifs with im6. (Stefan Neufeind) 2013-09-17 aa4ab27 #50907 [BUGFIX] Form Wizard: Adds mouse pointer to docheader icons (Ernesto Baschny) 2013-09-13 22ee660 #51981 [BUGFIX] Also consider JPEG files for IM/GM (Markus Klein) 2013-09-12 40cb0a4 #51803 [TASK] Use a 401 header if login is not successful (Georg Ringer) 2013-09-12 903046f #51891 [BUGFIX] Call to undefined method setTemplateFile (Wouter Wolters) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:21:30 UTC 2013 Modified Files: pkgsrc/www/typo3_60: Makefile distinfo Log Message: Update typo3_60 package to 6.0.12 (TYPO3 6.0.12). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ 2013-12-10 55ea17b [RELEASE] Release of TYPO3 6.0.12 (TYPO3 Release Team) 2013-12-10 c703d1d #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 0f1e28b #42772 [SECURITY] XSS in colorpicker wizard (Marcus Krause) 2013-12-10 1cbe889 #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 79f6850 #48691 [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs) 2013-12-10 b22cbce #41714 [SECURITY] Information Disclosure in Wizards (Helmut Hummel) 2013-12-10 e4134ae #54099 [SECURITY] Fix open redirection in openid extension (Helmut Hummel) 2013-12-10 2fb0277 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Anja Leichsenring) 2013-12-10 bd6095f #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 872cf3d #47086 [SECURITY] XSS in beuser VH (Anja Leichsenring) 2013-12-10 cb55c53 #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 578cc80 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter) 2013-12-02 9757d0c #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 5bf7430 #54117 [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind) 2013-11-29 30e1f41 #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)

www/typo3_47: security update Revisions pulled up: - www/typo3_47/MESSAGE 1.1 - www/typo3_47/Makefile 1.19-1.20 - www/typo3_47/PLIST 1.10 - www/typo3_47/distinfo 1.14-1.15 --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:42:21 UTC 2013 Modified Files: pkgsrc/www/typo3_47: Makefile distinfo Added Files: pkgsrc/www/typo3_47: MESSAGE Log Message: Update typo347 to 4.7.16 (TYPO3 4.7.16). 2013-11-26 95a730f [RELEASE] Release of TYPO3 4.7.16 (TYPO3 Release Team) 2013-11-19 5975854 #53758 [BUGFIX] Table cache_imagesizes is defined twice (Michiel Roos) 2013-11-19 7d0a241 #53750 [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos) 2013-11-11 90f4945 #31998 [BUGFIX] Faulty check for missing SMTP port (Stefan Neufeind) 2013-11-11 f328884 #47040 [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Neufeind) 2013-11-09 2c82f33 #29179 [BUGFIX] Escape title, extension, description of scheduler tasks (Stefan Neufeind) 2013-11-09 d683693 #53195 [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind) 2013-10-28 37c4f0b #53075 [BUGFIX] Cannot auto-load SC_* classes (Ernesto Baschny) 2013-10-23 ceba809 #31572 [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche) 2013-10-23 f8f155e #43540 [BUGFIX] TS is fetched from cache incorrectly sometimes (Jigal van Hemert) 2013-10-22 2ce69d2 #50881 [TASK] Added missing core autoloaded files (Ernesto Baschny) 2013-10-13 d361b29 #52759 [BUGFIX] Object passed to date() (Philipp Gampe) 2013-10-12 3699866 #52104 [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes) 2013-10-11 073dd57 #36573 [BUGFIX] Add workspace overlay for fetched records. (Anja Leichsenring) 2013-10-06 f26f2f1 #52045 [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein) 2013-09-27 fda9783 #52091,#51684 [BUGFIX] Check for string before using strlen (Markus Klein) 2013-09-26 9673d7e #50913 [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier) 2013-09-26 e06f05a #34886 [BUGFIX] CF FileBackend unlimited lifetime support (Dominique Feyer) --- Module Name: pkgsrc Committed By: taca Date: Tue Dec 10 15:20:03 UTC 2013 Modified Files: pkgsrc/www/typo3_47: Makefile PLIST distinfo Log Message: Update typo3_47 package to 4.7.17 (TYPO3 4.7.17). - Fix multiple vulnerabilities in TYPO3 CMS: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ - Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous commit. 2013-12-10 9e378dd [RELEASE] Release of TYPO3 4.7.17 (TYPO3 Release Team) 2013-12-10 efa9e0b #45043 [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn) 2013-12-10 d207548 #42772 [SECURITY] XSS in colorpicker wizard (Anja Leichsenring) 2013-12-10 92712d6 #31206 [SECURITY] XSS in header link of all content elements (Anja Leichsenring) 2013-12-10 573f720 #20811 [SECURITY] XSS vulnerability in extension manager (Marcus Krause) 2013-12-10 b7eac59 #41714 [SECURITY] Information Disclosure in Wizards (Anja Leichsenring) 2013-12-10 319a06c #54099 [SECURITY] Fix open redirection in openid extension (Anja Leichsenring) 2013-12-10 834afa5 #48187 [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter) 2013-12-10 aa08f14 #36768 [SECURITY] XSS in be_layout wizard (Anja Leichsenring) 2013-12-10 f3b5a6a #54074 [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring) 2013-12-10 0bc4fc4 #54073 [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause) 2013-12-02 c400e94 #54124 [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind) 2013-12-02 124a913 #54120 Revert "[BUGFIX] Object passed to date()" (Markus Klein) 2013-12-01 3f2e971 Revert "[BUGFIX] Distinguish unassigend columns and colPos 0" (Steffen Ritter) 2013-11-29 a7dbbbf #42651 [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn) 2013-11-26 542bd7d #25157,#45550 [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)

lang/php53: security update lang/php54: security update lang/php55: security update Revisions pulled up: - lang/php/phpversion.mk 1.46-1.52 - lang/php53/Makefile 1.44-1.45 - lang/php53/Makefile.php 1.38 - lang/php53/distinfo 1.69-1.70 - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1 - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1 - lang/php53/patches/patch-ext_openssl_openssl.c deleted - lang/php54/Makefile 1.15-1.16 - lang/php54/distinfo 1.28-1.31 - lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1 - lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1 - lang/php55/Makefile 1.6-1.7 - lang/php55/PLIST 1.2 - lang/php55/distinfo 1.7-1.12 - lang/php55/patches/patch-configure 1.3 - lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1 - lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1 - lang/php55/patches/patch-ext_opcache_config.m4 1.1 - lang/php55/patches/patch-ext_sockets_sockaddr__conv.c 1.1 - lang/php55/patches/patch-sockaddr__conv.c deleted - net/php-sockets/Makefile 1.12 --- Module Name: pkgsrc Committed By: joerg Date: Tue Oct 15 14:43:51 UTC 2013 Modified Files: pkgsrc/lang/php55: distinfo Added Files: pkgsrc/lang/php55/patches: patch-sockaddr__conv.c Log Message: Add patch that would fix the build of net/php-sockets for PHP 5.5, if I knew how to get it applied. --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 15 15:46:37 UTC 2013 Modified Files: pkgsrc/lang/php55: distinfo pkgsrc/net/php-sockets: Makefile Added Files: pkgsrc/lang/php55/patches: patch-ext_sockets_sockaddr__conv.c Removed Files: pkgsrc/lang/php55/patches: patch-sockaddr__conv.c Log Message: Fix php-socket with php55. - Use USE_PHP_EXT_PATCHES in net/php-sockets. - Make AI_V4MAPPED noop if platform dosen't have it. It is poor assumption that AI_V4MAPPED is always defined and V4 mapped address is always available. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 12:25:12 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: distinfo Log Message: Update php54 to 5.4.21 (PHP 5.4.21). 17 Oct 2013, PHP 5.4.21 - Core: . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) - Datetime: . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message). (Boro Sitnikovski) - DBA extension: . Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write). (Adam) - Filter: . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). (Syra) - IMAP: . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap). (ryotakatsuki at gmail dot com) - Standard: . Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) - Build system: . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike) --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:49:08 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: distinfo pkgsrc/lang/php55/patches: patch-configure Added Files: pkgsrc/lang/php55/patches: patch-ext_opcache_config.m4 Log Message: Update php55 to 5.5.5. 17 Oct 2013, PHP 5.5.5 - Core: . Fixed bug #64979 (Wrong behavior of static variables in closure generators). (Nikita) . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) . Fixed bug #65821 (By-ref foreach on property access of string offset segfaults). (Nikita) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). (Felipe) . Added application/pdf to PHP CLI Web Server mime types (Chris Jones) - Datetime: . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message). (Boro Sitnikovski) . Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime). (Boro Sitnikovski) . Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work). (Boro Sitnikovski) - DBA extension: . Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write). (Adam) - Filter: . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). (Syra) - FTP: . Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter) - GD . Ensure that the defined interpolation method is used with the generic scaling methods. (Pierre) - IMAP: . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap). (ryotakatsuki at gmail dot com) - OPcache: . Added support for GNU Hurd. (Svante Signell) . Added function opcache_compile_file() to load PHP scripts into cache without execution. (Julien) . Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled). (Dmitry) . Fixed bug #65665 (Exception not properly caught when opcache enabled). (Laruence) . Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry) . Fixed issue #135 (segfault in interned strings if initial memory is too low). (Julien) - Sockets: . Fixed bug #65808 (the socket_connect() won't work with IPv6 address). (Mike) - SPL: . Fix bug #64782 (SplFileObject constructor make $context optional / give it a default value). (Nikita) - Standard: . Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) - XMLReader: . Fixed bug #51936 (Crash with clone XMLReader). (Mike) . Fixed bug #64230 (XMLReader does not suppress errors). (Mike) - Build system: . Fixed bug #51076 (race condition in shtool's mkdir -p implementation). (Mike, Raphael Geissert) . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike) --- Module Name: pkgsrc Committed By: taca Date: Fri Nov 15 16:33:14 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: PLIST distinfo Log Message: Update php55 package to 5.5.6. 14 Nov 2013, PHP 5.5.6 - Core: . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) . Improved performance of array_merge() and func_get_args() by eliminating useless copying. (Dmitry) . Fixed bug #65939 (Space before ";" breaks php.ini parsing). (brainstorm at nopcode dot org) . Fixed bug #65911 (scope resolution operator - strange behavior with $this). (Bob Weinand) . Fixed bug #65936 (dangling context pointer causes crash). (Tony) - FPM: . Changed default listen() backlog to 65535. (Tony) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - OPcache . Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris) . Fixed issue #115 (path issue when using phar). (Dmitry) . Fixed issue #149 (Phar mount points not working with OPcache enabled). (Dmitry) - ODBC . Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) - PDO: . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception). (Laruence) . Fixed bug 65946 (sql_parser permanently converts values bound to strings) - Standard: . Fixed bug #64760 (var_export() does not use full precision for floating-point numbers) (Yasuo) --- Module Name: pkgsrc Committed By: taca Date: Sat Nov 16 09:45:26 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: distinfo Log Message: Update php54 to 5.4.22. Version 5.4.22 14-Nov-2013 * Core: - Fixed bug #65911 (scope resolution operator - strange behavior with $this). CLI server: - Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). * Exif: - Fixed crash on unknown encoding. * FTP: - Fixed bug #65667 (ftp_nb_continue produces segfault). * ODBC: - Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). * Sockets: - Fixed bug #65808 (the socket_connect() won't work with IPv6 address). * Standard: - Fixed bug #64760 (var_export() does not use full precision for floating-point numbers). * XMLReader: - Fixed bug #51936 (Crash with clone XMLReader). - Fixed bug #64230 (XMLReader does not suppress errors). --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:16:40 UTC 2013 Modified Files: pkgsrc/lang/php53: Makefile distinfo Added Files: pkgsrc/lang/php53/patches: patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:17:15 UTC 2013 Modified Files: pkgsrc/lang/php54: Makefile distinfo Added Files: pkgsrc/lang/php54/patches: patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 5 16:17:48 UTC 2013 Modified Files: pkgsrc/lang/php55: Makefile distinfo Added Files: pkgsrc/lang/php55/patches: patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 13 15:30:35 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php53: Makefile Makefile.php distinfo Removed Files: pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c Log Message: Update php53 to 5.3.28 (PHP 5.3.28). 12 Dec 2013, PHP 5.3.28 - Openssl: . Fixed handling null bytes in subjectAltName (CVE-2013-4073). (Christian Heimes) . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 13 15:32:21 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: Makefile distinfo Log Message: Update php54 to 5.4.23 (PHP 5.4.23). 28 Nov 2013, PHP 5.4.23 - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) - JSON . Fixed whitespace part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly"). (Andrea Faulds) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - mysqlnd: . Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i'). (Andrey) . Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query). (Andrey) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - PDO . Fixed bug 65946 (sql_parser permanently converts values bound to strings) --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 13 15:33:22 UTC 2013 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: Makefile distinfo Log Message: Update php55 to 5.5.7 (PHP 5.5.7). 12 Dec 2013, PHP 5.5.7 - CLI server: . Added some MIME types to the CLI web server (Chris Jones) . Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers() (Andrea Faulds) - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) - OPCache . Fixed bug #66176 (Invalid constant substitution). (Dmitry) . Fixed bug #65915 (Inconsistent results with require return value). (Dmitry) . Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - readline . Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

textproc/icu: security patch Revisions pulled up: - textproc/icu/Makefile patch - textproc/icu/distinfo patch - textproc/icu/patches/patch-i18n_csrucode.cpp patch --- Apply patch to fix the security vulnerability reported in CVE-2013-2924.

multimedia/adobe-flash-plugin11: security update Revisions pulled up: - multimedia/adobe-flash-plugin11/Makefile 1.21 - multimedia/adobe-flash-plugin11/distinfo 1.20 --- Module Name: pkgsrc Committed By: obache Date: Wed Dec 11 10:40:42 UTC 2013 Modified Files: pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo Log Message: Update adobe-flash-plugin11 to 11.2.202.332 for APSB13-28.

databases/ruby-activerecord32: security update devel/ruby-activemodel32: security update devel/ruby-activesupport32: security update devel/ruby-railties32: security update mail/ruby-actionmailer32: security update www/ruby-actionpack32: security update www/ruby-activeresource32: security update www/ruby-rails32: security update Revisions pulled up: - databases/ruby-activerecord32/distinfo 1.14 - devel/ruby-activemodel32/distinfo 1.14 - devel/ruby-activesupport32/distinfo 1.14 - devel/ruby-railties32/distinfo 1.14 - lang/ruby/rails.mk 1.46 - mail/ruby-actionmailer32/distinfo 1.14 - www/ruby-actionpack32/distinfo 1.14 - www/ruby-activeresource32/distinfo 1.14 - www/ruby-rails32/distinfo 1.14 --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:41:48 UTC 2013 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: Start update of Ruby on Rails 3.2.16. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:42:52 UTC 2013 Modified Files: pkgsrc/devel/ruby-activesupport32: distinfo Log Message: Update ruby-activesupport32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:43:29 UTC 2013 Modified Files: pkgsrc/devel/ruby-activemodel32: distinfo Log Message: Update ruby-activemodel32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:44:05 UTC 2013 Modified Files: pkgsrc/databases/ruby-activerecord32: distinfo Log Message: ruby-activerecord32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:44:42 UTC 2013 Modified Files: pkgsrc/www/ruby-activeresource32: distinfo Log Message: Update ruby-activeresource32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:45:38 UTC 2013 Modified Files: pkgsrc/www/ruby-actionpack32: distinfo Log Message: Update ruby-actionpack32 to 3.2.16, security update. * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417 * Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491 * Escape the unit value provided to number_to_currency Fixes CVE-2013-6415 * Only use valid mime type symbols as cache keys CVE-2013-6414 --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:46:15 UTC 2013 Modified Files: pkgsrc/mail/ruby-actionmailer32: distinfo Log Message: Update ruby-actionmailer32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:46:48 UTC 2013 Modified Files: pkgsrc/devel/ruby-railties32: distinfo Log Message: Update ruby-railties32 to 3.2.16. Only version number has updated. --- Module Name: pkgsrc Committed By: taca Date: Wed Dec 4 15:47:17 UTC 2013 Modified Files: pkgsrc/www/ruby-rails32: distinfo Log Message: Update ruby-rails32 to 3.2.16. Only version number has updated.

mail/dovecot2: security update Revisions pulled up: - mail/dovecot2/Makefile 1.51,1.53 via patch - mail/dovecot2/PLIST 1.28-1.29 - mail/dovecot2/distinfo 1.39-1.40 --- Module Name: pkgsrc Committed By: adam Date: Tue Oct 8 13:52:47 UTC 2013 Modified Files: pkgsrc/mail/dovecot2: Makefile PLIST distinfo Log Message: Changes 2.2.6: * acl: If public/shared namespace has a shared subscriptions file for all users, don't list subscription entries that are not visible to the user accessing it. + doveadm: Added "auth lookup" command for doing passdb lookup. + login_log_format_elements: Added %{orig_user}, %{orig_username} and %{orig_domain} expanding to the username exactly as sent by the client (before any changes auth process made). + Added ssl_prefer_server_ciphers setting. + auth_verbose_passwords: Log the password also for unknown users. + Linux: Added optional support for SO_REUSEPORT with inet_listener { reuse_port=yes } - director: v2.2.5 changes caused "SYNC lost" errors - dsync: Many fixes and error handling improvements - doveadm -A: Don't waste CPU by doing a separate config lookup for each user - Long-running ssl-params process no longer prevents Dovecot restart - mbox: Fixed mailbox_list_index=yes to work correctly --- Module Name: pkgsrc Committed By: adam Date: Wed Nov 6 14:20:58 UTC 2013 Modified Files: pkgsrc/mail/dovecot2: Makefile PLIST distinfo Log Message: Changes 2.2.7: * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords (see 10-logging.conf comment) + mdbox: Added "mdbox_deleted" storage, which can be used to access messages with refcount=0. For example: doveadm import mdbox_deleted:~/mdbox "" mailbox inbox subject oops + ssl-params: Added ssl_dh_parameters_length setting. - master process was doing a hostname.domain lookup for each created process, which may have caused a lot of unnecessary DNS lookups. - dsync: Syncing over 100 messages at once caused problems in some situations, causing messages to get new UIDs. - fts-solr: Different Solr hosts for different users didn't work.

net/samba: security update Revisions pulled up: - net/samba/Makefile 1.239-1.240 - net/samba/distinfo 1.94-1.95 --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 9 14:46:35 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Update samba to 3.6.19. Changes since 3.6.18: --------------------- o Jeremy Allison <jra@samba.org> * BUG 5917: Make Samba work on site with Read Only Domain Controlle= r. o Christian Ambach <ambi@samba.org> * BUG 8955: NetrServerPasswordSet2 timeout is too short. o G=FCnther Deschner <gd@samba.org> * BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat(). * BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat(). * BUG 10127: Fix 'smbstatus' as non-root user. o Volker Lendecke <vl@samba.org> * BUG 8955: Give machine password changes 10 minutes of time. * BUG 10106: Honour output buffer length set by the client for SMB2= GetInfo requests. * BUG 10114: Handle Dropbox (write-only-directory) case correctly i= n pathname lookup. o Karolin Seeger <kseeger@samba.org> * BUG 10076: Fix variable list in man vfs_crossrename. o Andreas Schneider <asn@samba.org> * BUG 9994: s3-winbind: Do not delete an existing valid credential = cache. * BUG 10073: 'net ads join': Fix segmentation fault in create_local_private_krb5_conf_for_domain. o Richard Sharpe <realrichardsharpe@gmail.com> * BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals h= anded out by Samba. --- Module Name: pkgsrc Committed By: adam Date: Tue Nov 12 11:30:01 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Changes 3.6.20: These are security releases in order to address CVE-2013-4475 (ACLs are= not checked on opening an alternate data stream on a file or directory= ) and CVE-2013-4476 (Private key in key.pem world readable).

Updated to nginx 1.5.7 Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module.

Updated to nginx 1.4.4 Changes with nginx 1.4.4 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. Changes with nginx 1.4.3 08 Oct 2013 *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used with the "client_body_in_file_only" directive. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the mail proxy server.

security/openssh: security update Revisions pulled up: - security/openssh/Makefile 1.214 - security/openssh/distinfo 1.85 - security/openssh/options.mk 1.26 - security/openssh/patches/patch-Makefile.in 1.2 - security/openssh/patches/patch-auth.c 1.2 - security/openssh/patches/patch-auth1.c 1.2 - security/openssh/patches/patch-auth2.c 1.2 - security/openssh/patches/patch-config.h.in 1.2 - security/openssh/patches/patch-configure 1.2 - security/openssh/patches/patch-configure.ac 1.2 - security/openssh/patches/patch-includes.h 1.2 - security/openssh/patches/patch-scp.c 1.2 - security/openssh/patches/patch-session.c 1.2 - security/openssh/patches/patch-sftp-common.c 1.1 - security/openssh/patches/patch-ssh.c 1.2 - security/openssh/patches/patch-sshd.c 1.2 - security/openssh/patches/patch-uidswap.c 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 1 06:11:41 UTC 2013 Modified Files: pkgsrc/security/openssh: Makefile distinfo options.mk pkgsrc/security/openssh/patches: patch-Makefile.in patch-auth.c patch-auth1.c patch-auth2.c patch-config.h.in patch-configure patch-configure.ac patch-includes.h patch-scp.c patch-session.c patch-ssh.c patch-sshd.c patch-uidswap.c Added Files: pkgsrc/security/openssh/patches: patch-sftp-common.c Log Message: Update openssh to 6.4.1 (OpenSSH 6.4p1). Changes since OpenSSH 6.3 ========================= This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Changes since OpenSSH 6.2 is too many to write here, please refer the release note: http://www.openssh.com/txt/release-6.3.

lang/ruby200-base: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.106 - lang/ruby200-base/Makefile 1.5 - lang/ruby200-base/PLIST 1.2 - lang/ruby200-base/distinfo 1.7 - lang/ruby200-base/patches/patch-configure 1.4 - lang/ruby200-base/patches/patch-ext_tk_extconf.rb deleted - lang/ruby200-base/patches/patch-lib_rubygems.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_commands_setup__command.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_config__file.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_dependency__installer.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_ext_ext__conf__builder.rb deleted - lang/ruby200-base/patches/patch-lib_rubygems_installer.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_specification.rb 1.2 - lang/ruby200-base/patches/patch-lib_rubygems_version.rb deleted - lang/ruby200-base/patches/patch-man_ri.1 1.2 - lang/ruby200-base/patches/patch-tool_rbinstall.rb 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:22:03 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby200-base: Makefile PLIST distinfo pkgsrc/lang/ruby200-base/patches: patch-configure patch-lib_rubygems.rb patch-lib_rubygems_commands_setup__command.rb patch-lib_rubygems_config__file.rb patch-lib_rubygems_dependency__installer.rb patch-lib_rubygems_installer.rb patch-lib_rubygems_specification.rb patch-man_ri.1 patch-tool_rbinstall.rb Removed Files: pkgsrc/lang/ruby200-base/patches: patch-ext_tk_extconf.rb patch-lib_rubygems_ext_ext__conf__builder.rb patch-lib_rubygems_version.rb Log Message: Update ruby200-base, ruby200 and ruby-mode package to 2.00-p353. Ruby 2.0.0-p353 is released Now Ruby 2.0.0-p353 is released. This release includes a security fix about floating point parsing. Heap Overflow in Floating Point Parsing (CVE-2013-4164) And some bugfixes are also included. See tickets and ChangeLog for details.

lang/ruby193-base: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.105 - lang/ruby193-base/Makefile 1.36 - lang/ruby193-base/distinfo 1.28 via patch - lang/ruby193-base/patches/patch-configure 1.11 - lang/ruby193-base/patches/patch-configure.in 1.10 - lang/ruby193-base/patches/patch-ext_tk_extconf.rb deleted --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:17:19 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby193-base: Makefile distinfo pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in Removed Files: pkgsrc/lang/ruby193-base/patches: patch-ext_tk_extconf.rb Log Message: Update ruby193-base (and related packages to 1.9.3-p484). Ruby 1.9.3-p484 is released Now Ruby 1.9.3-p484 is released. This release includes a security fix about ruby interpreter core: Heap Overflow in Floating Point Parsing (CVE-2013-4164) And some bugfixes are also included. See tickets and ChangeLog for details.

databases/ruby-dm-serializer: dependency fix databases/ruby-dm-types/Makefile: dependency fix net/ruby-tw/Makefile: dependency fix Revisions pulled up: - databases/ruby-dm-serializer/Makefile 1.7 - databases/ruby-dm-types/Makefile 1.10 - lang/ruby/json.mk 1.3 - net/ruby-tw/Makefile 1.7 --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:05:08 UTC 2013 Modified Files: pkgsrc/lang/ruby: json.mk Log Message: Correct versions of json as bundled with Ruby. --- Module Name: pkgsrc Committed By: taca Date: Sun Nov 24 14:07:50 UTC 2013 Modified Files: pkgsrc/databases/ruby-dm-serializer: Makefile pkgsrc/databases/ruby-dm-types: Makefile pkgsrc/net/ruby-tw: Makefile Log Message: Bump PKGREVISION for json version handling change.

www/drupal7: security update Revisions pulled up: - www/drupal7/Makefile 1.22 - www/drupal7/distinfo 1.15 --- Module Name: pkgsrc Committed By: taca Date: Thu Nov 21 15:14:11 UTC 2013 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: Update drupal7 to 7.24 (Drupal 7.24). Drupal 7.24, 2013-11-20 ---------------------- - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.

www/drupal6: security update Revisions pulled up: - www/drupal6/Makefile 1.44 - www/drupal6/distinfo 1.28 --- Module Name: pkgsrc Committed By: taca Date: Thu Nov 21 15:13:09 UTC 2013 Modified Files: pkgsrc/www/drupal6: Makefile distinfo Log Message: Update drupal6 to 6.29 (Drupal 6.29). Drupal 6.29, 2013-11-20 ---------------------- - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.

lang/python26: security update Revisions pulled up: - lang/python26/Makefile 1.56 - lang/python26/PLIST.common 1.15 - lang/python26/buildlink3.mk 1.6 - lang/python26/dist.mk 1.4 - lang/python26/distinfo 1.52 - lang/python26/patches/patch-CVE-2013-4238 deleted - lang/python26/patches/patch-al 1.12 --- Module Name: pkgsrc Committed By: adam Date: Wed Nov 6 07:25:49 UTC 2013 Modified Files: pkgsrc/lang/python26: Makefile PLIST.common buildlink3.mk dist.mk distinfo pkgsrc/lang/python26/patches: patch-al Removed Files: pkgsrc/lang/python26/patches: patch-CVE-2013-4238 Log Message: Python 2.6.9 is a security-fix source-only release for Python 2.6.8, fixing several reported security issues: issue 16037, issue 16038, issue 16039, issue 16040, issue 16041, and issue 16042 (CVE-2013-1752, long lines consuming too much memory), as well as issue 14984 (security enforcement on $HOME/.netrc files), issue 16248 (code execution vulnerability in tkinter), and issue 18709 (CVE-2013-4238, SSL module handling of NULL bytes inside subjectAltName).

multimedia/adobe-flash-plugin11: security update Revisions pulled up: - multimedia/adobe-flash-plugin11/Makefile 1.20 - multimedia/adobe-flash-plugin11/distinfo 1.19 --- Module Name: pkgsrc Committed By: obache Date: Wed Nov 13 02:26:54 UTC 2013 Modified Files: pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo Log Message: Update adobe-flash-plugin11 to 11.2.202.327 for APSB13-26.

lang/ruby18-base: build fix lang/ruby193-base: build fix lang/ruby200-base: build fix Revisions pulled up: - lang/ruby/rubyversion.mk 1.103-1.104 --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 29 23:25:33 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Replace LOWER_ARCH to MACHINE_ARCH in definition of RUBY_ARCH. Fix build problem on FreeBSD. --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 6 12:42:35 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Use MACHINE_GNU_ARCH instead of MACHINE_ARCH. Fix build problem on NetBSD/i386.

lang/ruby200-base: build fix lang/ruby: build fix for lang/ruby200-base Revisions pulled up: - lang/ruby/rubyversion.mk 1.102 - lang/ruby200-base/distinfo 1.6 - lang/ruby200-base/patches/patch-configure 1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Oct 28 14:26:59 UTC 2013 Modified Files: pkgsrc/lang/ruby: rubyversion.mk pkgsrc/lang/ruby200-base: distinfo pkgsrc/lang/ruby200-base/patches: patch-configure Log Message: Fix build problem on some platforms; FreeBSD and MirBSD. For FreeBSD: * Fix careless mistake of patch to configure. For MirBSD (and possibly OpenBSD): * Don't pass empy string (before semicolon to sed(1). * Correct suffix for libruby's shared library. No PKGREVISION bump since this is simply fix for build problem. To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 pkgsrc/lang/ruby/rubyversion.mk cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/ruby200-base/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby200-base/patches/patch-configure

security/openssl: build fix for Linux/POWERPC64 Revisions pulled up: - security/openssl/Makefile by patch ------------------------------------------------------------------- Module Name: pkgsrc Committed By: joerg Date: Tue Oct 29 21:33:21 UTC 2013 Modified Files: pkgsrc/security/openssl: Makefile Log Message: For Linux/POWERPC64 override the default target, otherwise bad things happen (TM). To generate a diff of this commit: cvs rdiff -u -r1.181 -r1.182 pkgsrc/security/openssl/Makefile

net/wireshark: security update Revisions pulled up: - net/wireshark/Makefile 1.111 - net/wireshark/distinfo 1.70 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Nov 2 10:30:00 UTC 2013 Modified Files: pkgsrc/net/wireshark: Makefile distinfo Log Message: Update "wireshark" package to version 1.10.3. Changes since 1.10.2: - Bug Fixes The following vulnerabilities have been fixed. * wnpa-sec-2013-61 The IEEE 802.15.4 dissector could crash. (Bug 9139) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6336 * wnpa-sec-2013-62 The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9168) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6337 * wnpa-sec-2013-63 The SIP dissector could crash. (Bug 9228) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6338 * wnpa-sec-2013-64 The OpenWire dissector could go into a large loop. Discovered by Murali. (Bug 9248) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6339 * wnpa-sec-2013-65 The TCP dissector could crash. (Bug 9263) Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 CVE-2013-6340 - The following bugs have been fixed: * new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (Bug 5349) * TLS decryption fails with XMPP start_tls. (Bug 8871) * Wrong Interpretation of GTS starting slot. (Bug 8946) * "Follow TCP Stream" shows only the first HTTP req+res. (Bug 9044) * The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126) * Crash then try to delete the same entry (length range) twice. (Bug 9129) * Crash if wrong "packet lengths range" entered. (Bug 9130) * Bssgp =3D> SGSN-INVOKE-TRACE use the wrong function... (Bug 9157) * Minor correction to dissection of DLR frames in Ethernet/IP dissector. (Bug 9186) * WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198) * EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c. (Bug 9199) * Files with pcap-ng Simple Packet Blocks can't be read. (Bug 9200) * Bug in RTP dissector if RTP extension is present. (Bug 9204) * Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request. (Bug 9206) * "make debian-package" fails, missing wsicon32.xpm. (Bug 9209) * Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218) * Ring buffer crash when tshark gets too far behind dumpcap. (Bug 9258) * PTP Dissector Wrongfully Reports Malformed Packet. (Bug 9262) * Wireshark lua dissector unable to load for media_type=3Dapplication/octet-stream. (Bug 9296) * Wireshark crash when dissecting packet with NTLMSSP. (Bug 9299) * Padding in uint64 field in DCERPC protocol wrongly reported. (Bug 9300) * DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (Bug 9301) * Multiple PDUs in the same DCERPC packet are not correctly decrypted. (Bug 9302) * The tshark summary line doesn't display the frame number or displays it sporadically. (Bug 9317) * Bluetooth: SDP improvements and minor fixes. (Bug 9327) * Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (Bug 9360) - Updated Protocol Support 3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT, DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP, WiMax, and XMPP To generate a diff of this commit: cvs rdiff -u -r1.110 -r1.111 pkgsrc/net/wireshark/Makefile cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/wireshark/distinfo

databases/ruby-activerecord32: security update devel/ruby-activemodel32: security update devel/ruby-activesupport32: security update devel/ruby-railties32: security update mail/ruby-actionmailer32: security update www/ruby-actionpack32: security update www/ruby-activeresource32: security update www/ruby-rails32: security update Revisions pulled up: - databases/ruby-activerecord32/distinfo 1.13 - devel/ruby-activemodel32/distinfo 1.13 - devel/ruby-activesupport32/distinfo 1.13 - devel/ruby-railties32/distinfo 1.13 - lang/ruby/rails.mk 1.45 - mail/ruby-actionmailer32/distinfo 1.13 - www/ruby-actionpack32/distinfo 1.13 - www/ruby-activeresource32/distinfo 1.13 - www/ruby-rails32/distinfo 1.13 --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:22:42 UTC 2013 Modified Files: pkgsrc/lang/ruby: rails.mk Log Message: Start update of Ruby on Rails 3.2.15. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:24:38 UTC 2013 Modified Files: pkgsrc/devel/ruby-activesupport32: distinfo Log Message: Update ruby-activesupport32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * Fix ActiveSupport::Cache::FileStore#cleanup to no longer rely on missing each_key method. *Murray Steele* * Add respond_to_missing? for TaggedLogging which is best practice when overriding method_missing. This permits wrapping TaggedLogging by another log abstraction such as em-logger. *Wolfram Arnold* --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:26:02 UTC 2013 Modified Files: pkgsrc/devel/ruby-activemodel32: distinfo Log Message: Update ruby-activemodel32 to ## Rails 3.2.15 (Oct 16, 2013) ## * No changes. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:27:20 UTC 2013 Modified Files: pkgsrc/www/ruby-actionpack32: distinfo Log Message: Update ruby-actionpack32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set. Fixes #12410 Backports #10844 *Tamir Duberstein* * Fix the assert_recognizes test method so that it works when there are constraints on the querystring. Issue/Pull Request #9368 Backport #5219 *Brian Hahn* * Fix to render partial by context(#11605). *Kassio Borges* * Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to` does not show user-supplied message. Issue: when `assert_redirected_to` fails due to the response redirect not matching the expected redirect the user-supplied message (second parameter) is not shown. This message is only shown if the response is not a redirect. *Alexey Chernenkov* --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:30:05 UTC 2013 Modified Files: pkgsrc/databases/ruby-activerecord32: distinfo Log Message: Update ruby-activerecord32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * When calling the method .find_or_initialize_by_* from a collection_proxy it should set the inverse_of relation even when the entry was found on the db. *arthurnn* * Callbacks on has_many should access the in memory parent if a inverse_of is set. *arthurnn* * Fix `FinderMethods#last` unscoped primary key. Fixes #11917. *Eugene Kalenkovich* * Load fixtures from linked folders. *Kassio Borges* * When using optimistic locking, `update` was not passing the column to `quote_value` to allow the connection adapter to properly determine how to quote the value. This was affecting certain databases that use specific colmn types. Fixes: #6763 *Alfred Wong* --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:31:00 UTC 2013 Modified Files: pkgsrc/www/ruby-activeresource32: distinfo Log Message: Update ruby-activeresource32 to 3.2.15. ## Rails 3.2.15 (Oct 16, 2013) ## * No changes. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:33:16 UTC 2013 Modified Files: pkgsrc/mail/ruby-actionmailer32: distinfo Log Message: Update ruby-actionmailer32 to 3.2.15. CHANGELOG.md says "No changes." but it fixes possible dos vulnerability. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:34:47 UTC 2013 Modified Files: pkgsrc/devel/ruby-railties32: distinfo Log Message: Update ruby-railties32 to 3.2.15. CHANGELOG.md says "No changes." but really it contains a few bug fixes. --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 18 15:38:03 UTC 2013 Modified Files: pkgsrc/www/ruby-rails32: distinfo Log Message: Update ruby-rails32 to 3.2.15. This is a bug fix release and also contains one security fix.