| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
www/apache22: security update
Revisions pulled up:
- www/apache22/Makefile 1.81
- www/apache22/PLIST 1.21
- www/apache22/distinfo 1.52
- www/apache22/patches/patch-af deleted
- www/apache22/patches/patch-docs_man_apxs.8 1.1
- www/apache22/patches/patch-support_envvars-std.in deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 16 03:33:10 UTC 2012
Modified Files:
pkgsrc/www/apache22: Makefile PLIST distinfo
Added Files:
pkgsrc/www/apache22/patches: patch-docs_man_apxs.8
Removed Files:
pkgsrc/www/apache22/patches: patch-af patch-support_envvars-std.in
Log Message:
Update apache22 to 2.2.23.
Changes with Apache 2.2.23
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
*) SECURITY: CVE-2012-2687 (cve.mitre.org)
mod_negotiation: Escape filenames in variant list to prevent a
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
[Paul Wouters <pwouters redhat.com>, Joe Orton]
*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
*) core: Add filesystem paths to access denied / access failed messages.
[Eric Covener]
*) core: Fix error handling in ap_scan_script_header_err_brigade() if there
is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]
*) core: Prevent "httpd -k restart" from killing server in presence of
config error. [Joe Orton]
*) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
[Kaspar Brand, William Rowe]
*) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
PR 53104. [Greg Ames]
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
*) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
[Peter Pramberger <peter pramberger.at>, Jim Jagielski]
*) Added SSLProxyMachineCertificateChainFile directive so the proxy client
can select the proper client certificate when using a chain and the
remote server only lists the root CA as allowed.
*) mpm_event, mpm_worker: Remain active amidst prevalent child process
resource shortages. [Jeff Trawick]
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) mod_rewrite: Fix the RewriteEngine directive to work within a
location. Previously, once RewriteEngine was switched on globally,
it was impossible to switch off. [Graham Leggett]
*) mod_proxy_balancer: Restore balancing after a failed worker has
recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick]
*) mod_dumpio: Properly handle errors from subsequent input filters.
PR 52914. [Stefan Fritsch]
*) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
process resource shortages. [Jeff Trawick]
*) mpm_prefork: Reduce spawn rate after a child process exits due to
unexpected poll or accept failure. [Jeff Trawick]
*) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
from logging bogus data in case of errors. [Stefan Fritsch]
*) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
response is a 206 Partial Content. This stops a reverse proxied partial
response from becoming cached, and then being served in subsequent
responses. PR 49113. [Graham Leggett]
*) configure: Fix usage with external apr and apu in non-default paths
and recent gcc versions >= 4.6. [Jean-Frederic Clere]
*) core: Fix building against PCRE 8.30 by switching from the obsolete
pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]
*) mod_proxy: Add the forcerecovery balancer parameter that determines if
recovery for balancer workers is enforced. [Ruediger Pluem]
|
|
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.27
- www/wordpress/distinfo 1.22
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Sep 9 06:56:10 UTC 2012
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Update to Wordpress 3.4.2.
Changes:
* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.
Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:
* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().
|
|
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.22
- www/mediawiki/PLIST 1.11
- www/mediawiki/distinfo 1.15
---
Module Name: pkgsrc
Committed By: wen
Date: Sun Sep 2 00:29:34 UTC 2012
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.19.2
It is a security update, fix CVE-2012-4377 CVE-2012-4378 CVE-2012-4379
CVE-2012-4380 CVE-2012-4381 CVE-2012-4382.
Upstream changes:
Changes since 1.19.1
(bug 39700) File: link to non-existing file can inject html
(bug 39823) Hidden block text leaking to admins
(bug 39184) LDAP password leakage
(bug 39180) Disallow framing of api results
(bug 37587) Enforce language codes to be html safe
(bug 39824) Check global blocks on account creation
|
|
www/opera: security update
Revisions pulled up:
- www/opera/Makefile 1.98
- www/opera/PLIST 1.8
- www/opera/distinfo 1.41
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 31 10:58:49 UTC 2012
Modified Files:
pkgsrc/www/opera: Makefile PLIST distinfo
Log Message:
Update opera to 12.02.
Fixes and Stability Enhancements since Opera 12.01
* General and User Interface
* Several general fixes and stability improvements
* Resolved an issue with Speed Dial thumbnails when automatic scaling is enabled
Security
* Fixed an issue where truncated dialogs may be used to trick users; see our advisory:
http://www.opera.com/support/kb/view/1028/
|
|
www/typo3_47 security update
Revisions pulled up:
- www/typo3_47/Makefile 1.4
- www/typo3_47/PLIST 1.3
- www/typo3_47/distinfo 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 13:53:50 UTC 2012
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.7.4.
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 ccf6b0a [RELEASE] Release of TYPO3 4.7.4 (TYPO3 Release Team)
2012-08-15 14d5d72 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 a1c3165 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 8cf7db7 #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 59e028a #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 758c217 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 44e8ae6 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 7c778d3 #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 044ae9a #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Marcus Krause)
2012-08-15 0bcecd8 #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 774537c #23226Security [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
2012-08-15 a9383b1 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-15 7edbd63 [TASK] Update version numbers to 4.7.4 (Steffen Ritter)
2012-08-08 9fe9e97 [RELEASE] Release of TYPO3 4.7.3 (TYPO3 Release Team)
2012-08-07 ae9d18c #36616 [BUGFIX] sectionIndex menu is not i18n ready (Stefan Galinski)
2012-08-07 6985616 #39583 [BUGFIX] Exception "Could not create directory" (Michael Klapper)
2012-08-06 8824193 #38548 [BUGFIX] Incorrect search-results when searching for part of word (Tymoteusz Motylewski)
2012-08-05 943c50e #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 cb8d2a6 #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 5b8d6c4 #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 569164c #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-29 8700d8a #39203 [BUGFIX] BE User Settings cannot be saved by clicking enter (Mario Rimann)
2012-07-28 fa8b919 #39338 [BUGFIX] RTE: Installation of AllowClipboardHelper is not triggered (Stanislas Rolland)
2012-07-25 02442d8 #38691 [BUGFIX] Exclude E_STRICT from errors with PHP 5.4 (Philipp Gampe)
2012-07-25 a3e05a3 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 5a9b3ea #39220 [BUGFIX] Invalid fallback for non-localized labels (Xavier Perseguers)
2012-07-23 fc1a8f0 #37967 [BUGFIX] YouTube videos can not be played with Media CE (Kai Vogel)
2012-07-23 ac4f234 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-21 7c56214 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-21 e3e08c1 #39067 [TASK] Change @deprecated annotation to the correct version (Wouter Wolters)
2012-07-20 e931425 #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 a450514 #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-15 51823dc #38104 [BUGFIX] Remove bogus template in template analyzer (Helmut Hummel)
2012-07-09 2cce3f0 #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 8d29e26 #18771 [BUG] t3lib_div::getFilesInDir order differs from order in File list (Benjamin Mack)
2012-07-06 83672e8 #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 c0ba55f #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
2012-07-05 d35320b #38657 [BUGFIX] RTE 4.7: Incorrect behaviours in IE9 native mode (Stanislas Rolland)
|
|
www/typo3_46 security update
Revisions pulled up:
- www/typo3_46/Makefile 1.12-1.13
- www/typo3_46/PLIST 1.6-1.7
- www/typo3_46/distinfo 1.11-1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 15:52:21 UTC 2012
Modified Files:
pkgsrc/www/typo3_46: Makefile PLIST distinfo
Log Message:
Update typo3_46 to 4.6.11.
2012-08-08 74fd6bb [RELEASE] Release of TYPO3 4.6.11 (TYPO3 Release Team)
2012-08-08 e809cd3 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-07 a5cd4df #39583 [BUGFIX] Exception "Could not create directory" (Michael Klapper)
2012-08-05 e96eedc #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 b6a6c6d #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 731d547 #32282 [BUGFIX] unlink issues warnings for lock files (Markus Klein)
2012-08-01 38ca29a #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 fef9743 #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-31 102d0c8 #33625 [BUGFIX] Properly check disabled versioning within tcemain (Tolleiv Nietsch)
2012-07-30 aef25cd #22152 [BUGFIX] PHP warnings may show up in the List module (Dmitry Dulepov)
2012-07-29 689bb9d #31278 [BUGFIX] Shell command arguments are not escaped (Dmitry Dulepov)
2012-07-26 349da10 #26815 [BUGFIX] RTE transformation transforms LF/CR between div and hr into space (Stanislas Rolland)
2012-07-25 ce5ba95 #35154,#38691 [BUGFIX] Exclude E_STRICT from errors with PHP 5.4 (Philipp Gampe)
2012-07-25 8affd66 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 f35b46d #39220 [BUGFIX] Invalid fallback for non-localized labels (Xavier Perseguers)
2012-07-24 bde9302 #33082 [TASK] Improve error message of "broken rootline" (Georg Ringer)
2012-07-23 8621c14 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-22 612d705 #33895 [BUGFIX] Update extension must invalidate autoloader cache (Philipp Gampe)
2012-07-21 37ecea2 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-20 8851d23 #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 2b103fa #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-15 9a71681 #38104 [BUGFIX] Remove bogus template in template analyzer (Helmut Hummel)
2012-07-12 3d19540 #24626 [BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible (Stefan Galinski)
2012-07-12 cdee4ff #33546 [BUGFIX] Check if user is allowed to paste page to pagetree (Max Roesch)
2012-07-12 c3e4fcb #36313 [BUGFIX] Add rootline workspace overlay for backend_layouts. (Timo Webler)
2012-07-09 2fd0f62 #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 cb139fe #18771 [BUG] t3lib_div::getFilesInDir order differs from order in Filelist (Benjamin Mack)
2012-07-06 d693daa #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 78a7a0c #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
2012-07-05 999624f #38658 [BUGFIX] RTE 4.6: Force IE9 to use IE8 mode in frontend (Stanislas Rolland)
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 13:51:01 UTC 2012
Modified Files:
pkgsrc/www/typo3_46: Makefile PLIST distinfo
Log Message:
Update typo3_46 to 4.6.12.
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 a1e439e [RELEASE] Release of TYPO3 4.6.12 (TYPO3 Release Team)
2012-08-15 7a839a3 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 2ae69c8 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 1eaebd3 #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 9b2b8fb #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 6376643 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 a4a20e9 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 829e391 #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 dc6529c #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Helmut Hummel)
2012-08-15 8c0b4dc #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 4c8c0fd #23226 [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
|
|
www/typo3_45 security update
Revisions pulled up:
- www/typo3_45/Makefile 1.13-1.14
- www/typo3_45/PLIST 1.6-1.7
- www/typo3_45/distinfo 1.11-1.12
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 15:51:39 UTC 2012
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 package to 4.5.18.
2012-08-08 c9ae56c [RELEASE] Release of TYPO3 4.5.18 (TYPO3 Release Team)
2012-08-05 2bb16e8 #39527 [BUGFIX] Pass $fieldName when processing FlexForm DS in t3lib_transferData (Claus Due)
2012-08-03 83af91c #39509 [BUGFIX] t3lib_db - expects parameter 1 to be resource, boolean given (Michael Klapper)
2012-08-01 08b29b8 #25079 [BUGFIX] Suggest Wizard crashes in Frontend Editing (Dennis Ahrens)
2012-08-01 1e11fd1 #32282 [BUGFIX] unlink issues warnings for lock files (Markus Klein)
2012-08-01 9dab257 #38849 [BUGFIX] IRRE childs don't expand in Internet Explorer (Stefan Aebischer)
2012-08-01 239d66d #39417 [BUGFIX] t3lib_db::exec_SELECTgetRows method annotation (Nicole Cordes)
2012-07-31 1d5e85e #33625 [BUGFIX] Properly check disabled versioning within tcemain (Tolleiv Nietsch)
2012-07-30 35045a3 #22152 [BUGFIX] PHP warnings may show up in the List module (Dmitry Dulepov)
2012-07-29 5935394 #31278 [BUGFIX] Shell command arguments are not escaped (Mario Rimann)
2012-07-26 54761c2 #26815 [BUGFIX] RTE transformation transforms LF/CR between div and hr into space (Stanislas Rolland)
2012-07-25 73bf1fa #38691 [BUGFIX] Exclude E_STRICT on PHP 5.4 and unify error reporting (Philipp Gampe)
2012-07-25 d9868f6 #38604 [TASK] Always return a boolean in t3lib_div::validPathStr (Andy Grunwald)
2012-07-24 c85d6be #33082 [TASK] Improve error message of "broken rootline" (Georg Ringer)
2012-07-23 bc0feed #28684 [BUGFIX] Formmail doesn't always use correct character set (Jigal van Hemert)
2012-07-23 baba7fa #38927 [BUGFIX] $_EXTCONF was not filled in ext_tables.php (Ernesto Baschny)
2012-07-23 8e944f0 #34152 [BUGFIX] stdWrap numRows fails due to wrong SELECT clause (Ernesto Baschny)
2012-07-21 b0f3efd [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-07-20 259c25c #39026 [BUGFIX] QT movies prefixed abusively in Media CE (Francois Suter)
2012-07-20 0f83ce4 #39052 [BUGFIX] Send sane HTTP response in showpic on error (Christian Kuhn)
2012-07-18 71781f1 #36777 [BUGFIX] Unnecessary warning in css_styled_content (division by zero) (Thomas Layh)
2012-07-17 218f304 #33629 [BUGFIX] datepicker does not set current time as default (Simon Schaufelberger)
2012-07-12 fe76723 #24626 [BUGFIX] Drag&Drop inside the root page of the pagetree isn't possible (Stefan Galinski)
2012-07-12 eb215ba #33546 [BUGFIX] Check if user is allowed to paste page to pagetree (Max Roesch)
2012-07-12 bc21789 #36313 [BUGFIX] Add rootline workspace overlay for backend_layouts. (Timo Webler)
2012-07-09 82e0d0b #38791 [BUGFIX] accessibilityWrap ignores simple value (Jigal van Hemert)
2012-07-07 042dc4a #18771 [BUG] t3lib_div::getFilesInDir order differs from order in File list (Benjamin Mack)
2012-07-06 277ea81 #36316 [BUGFIX] RTE: Importing google webfonts breaks style sheet parsing (Stanislas Rolland)
2012-07-05 eb317e7 #38645 [BUGFIX] E_DEPRECATED does not exist in PHP 5.2 (Ivan Kartolo)
2012-07-05 5eb31a1 #36438 [BUGFIX] RTE spellcheck issue on Windows server (Stanislas Rolland)
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 13:49:25 UTC 2012
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.19.
This release fixes several security problems TYPO3-CORE-SA-2012-004,
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/>
2012-08-15 9bcf5eb [RELEASE] Release of TYPO3 4.5.19 (TYPO3 Release Team)
2012-08-15 76748b7 #21634 [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15 85df0e4 #32653 [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15 605d05f #25052 [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15 6840097 #25356 [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15 fb1e204 #30967 [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15 6fd6768 #37127 [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15 11abbaa #39345 [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15 a3293a7 #33520 [SECURITY] Untrusted GP data is unserialized in old CSH handling (Helmut Hummel)
2012-08-15 ccbbfc3 #31927 [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15 f046457 #23226 [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
|
|
www/drupal7 security update
Revisions pulled up:
- www/drupal7/Makefile 1.10
- www/drupal7/PLIST 1.5
- www/drupal7/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 15:46:38 UTC 2012
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
Update drupal7 package to 7.15.
Release notes says "no security fix" but it really fixes SA49131:
<http://secunia.com/advisories/49131/>.
Release notes
Maintenance release of the Drupal 7 series. Includes bugfixes and small
API/feature improvements only (no major new functionality); significant new
features are only being added to the forthcoming Drupal 8.0 release.
No security fixes are included in this release.
Besides documentation fixes, no changes have been made to the .htaccess,
robots.txt or settings.php files in this release, so upgrading custom versions
of those files is not necessary. Known issues:
#1708722: Call to undefined function drupal_find_base_themes() in
drupal-7.15/includes/module.inc on line 184: Under rare circumstances
which are still under investigation (most likely, sites with a sub-theme
enabled and a module enabled that calls certain code early in Drupal's
page request), upgrading to Drupal 7.15 may lead to a fatal error. A
patch to fix this is available.
http://drupal.org/node/1708292
|
|
Ruby on Rails 3.2.8 security update
Revisions pulled up:
- databases/ruby-activerecord32/distinfo 1.6
- devel/ruby-activemodel32/distinfo 1.6
- devel/ruby-activesupport32/distinfo 1.6
- devel/ruby-railties32/distinfo 1.6
- lang/ruby/rails.mk 1.30
- mail/ruby-actionmailer32/distinfo 1.6
- www/ruby-actionpack32/distinfo 1.6
- www/ruby-activeresource32/distinfo 1.6
- www/ruby-rails32/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:37:06 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.2.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:38:09 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport32: distinfo
Log Message:
Update ruby-activesupport32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* Fix ActiveSupport integration with Mocha > 0.12.1. *Mike Gunderloy*
* Reverted the deprecation of ActiveSupport::JSON::Variable.
*Rafael Mendonça França*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:38:41 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel32: distinfo
Log Message:
Update ruby-activemodel32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:40:00 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack32: distinfo
Log Message:
Update ruby-actionpack32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value, there
is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:41:02 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord32: distinfo
Log Message:
Update ruby-activerecord32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* Do not consider the numeric attribute as changed if the old value is zero
and the new value is not a string.
Fixes #7237.
*Rafael Mendonça França*
* Removes the deprecation of `update_attribute`. *fxn*
* Reverted the deprecation of `composed_of`. *Rafael Mendonça França*
* Reverted the deprecation of `*_sql` association options. They will be
deprecated in 4.0 instead. *Jon Leighton*
* Do not eager load AR session store. ActiveRecord::SessionStore depends on
the abstract store in Action Pack. Eager loading this class would break
client code that eager loads Active Record standalone.
Fixes #7160
*Xavier Noria*
* Do not set RAILS_ENV to "development" when using `db:test:prepare` and
related rake tasks.
This was causing the truncation of the development database data when using
RSpec.
Fixes #7175.
*Rafael Mendonça França*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:41:37 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource32: distinfo
Log Message:
Update ruby-activeresource32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:42:14 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer32: distinfo
Log Message:
Update ruby-actionmailer32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:43:08 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties32: distinfo
Log Message:
Update ruby-railties32 to 3.2.8.
## Rails 3.2.8 (Aug 9, 2012) ##
* ERB scaffold generator use the `:data => { :confirm => "Text" }` syntax
instead of `:confirm`.
*Rafael Mendonça França*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 12:44:30 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails32: distinfo
Log Message:
Update ruby-rails32 to 3.2.8.
This is a meta-like package and no changes.
|
|
Ruby on Rails 3.1.8 security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.6
- devel/ruby-activemodel31/distinfo 1.6
- devel/ruby-activesupport31/distinfo 1.7
- devel/ruby-railties31/distinfo 1.6
- lang/ruby/rails.mk 1.29
- mail/ruby-actionmailer31/distinfo 1.6
- www/ruby-actionpack31/distinfo 1.7
- www/ruby-activeresource31/distinfo 1.6
- www/ruby-rails31/distinfo 1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:32:52 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start Ruby on Rails 3.1.8.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:33:48 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:34:38 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the
"prompt" value is not escaped.
If untrusted data is not escaped, and is supplied as the prompt value,
there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:35:20 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:36:35 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:22 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:37:52 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.8.
## Rails 3.1.8 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 10:38:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update ruby-rails31 to 3.1.8.
This is a meta-like package and no changes.
|
|
Ruby on Rails 3.0.17 security update.
Revisions pulled up:
- databases/ruby-activerecord3/distinfo 1.15
- devel/ruby-activemodel/distinfo 1.15
- devel/ruby-activesupport3/distinfo 1.16
- devel/ruby-railties/distinfo 1.15
- lang/ruby/rails.mk 1.28
- mail/ruby-actionmailer3/distinfo 1.17
- www/ruby-actionpack3/distinfo 1.16
- www/ruby-activeresource3/distinfo 1.15
- www/ruby-rails3/distinfo 1.16
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:44:22 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.0.17.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:44:58 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport3: distinfo
Log Message:
Update ruby-activesupport3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:45:45 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel: distinfo
Log Message:
Update ruby-activemodel to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:46:45 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack3: distinfo
Log Message:
Update ruby-actionpack3 to 3.0.17
## Rails 3.0.17 (Aug 9, 2012)
* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
helper doesn't correctly handle malformed html. As a result an attacker can
execute arbitrary javascript through the use of specially crafted malformed
html.
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
* When a "prompt" value is supplied to the `select_tag` helper, the "prompt"
value is not escaped. If untrusted data is not escaped, and is supplied as
the prompt value, there is a potential for XSS attacks.
Vulnerable code will look something like this:
select_tag("name", options, :prompt => UNTRUSTED_INPUT)
*Santiago Pastorino*
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:47:45 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord3: distinfo
Log Message:
Update ruby-activerecord3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:48:26 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer3: distinfo
Log Message:
Update ruby-actionmailer3 to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:49:01 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties: distinfo
Log Message:
Update ruby-railties to 3.0.17.
## Rails 3.0.17 (Aug 9, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 12 09:50:41 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails3: distinfo
Log Message:
Update ruby-rails3 to 3.0.17.
This is a meta-like package and no changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 15 15:58:23 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource3: distinfo
Log Message:
Oops, missed from commit for ruby-activeresource3.
|
|
databases/ruby-activerecord32: security update
devel/ruby-activemodel32: security update
devel/ruby-activesupport32: security update
devel/ruby-railties32: security update
mail/ruby-actionmailer32: security update
www/ruby-actionpack32: security update
www/ruby-activeresource32: security update
www/ruby-rails32: security update
Revisions pulled up:
- databases/ruby-activerecord32/distinfo 1.5
- devel/ruby-activemodel32/distinfo 1.5
- devel/ruby-activesupport32/distinfo 1.5
- devel/ruby-railties32/distinfo 1.5
- lang/ruby/rails.mk 1.27
- mail/ruby-actionmailer32/distinfo 1.5
- www/ruby-actionpack32/distinfo 1.5
- www/ruby-activeresource32/distinfo 1.5
- www/ruby-rails32/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:50:28 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.2.7.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:51:18 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport32: distinfo
Log Message:
Update ruby-activesupport32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* Hash#fetch(fetch) is not the same as doing hash[key]
* adds a missing require [fixes #6896]
* make sure the inflection rules are loaded when cherry-picking
active_support/core_ext/string/inflections.rb [fixes #6884]
* Merge pull request #6857 from rsutphin/as_core_ext_time_missing_require
* bump AS deprecation_horizon to 4.0
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:52:25 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel32: distinfo
Log Message:
Update ruby-activemodel32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* `validates_inclusion_of` and `validates_exclusion_of` now accept `:within`
option as alias of `:in` as documented.
* Fix the the backport of the object dup with the ruby 1.9.3p194.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:53:01 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource32: distinfo
Log Message:
Update ruby-activeresource32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:53:46 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord32: distinfo
Log Message:
Update ruby-activerecord32 to 3.2.7.
## Rails 3.2.7 (unreleased) ##
* `:finder_sql` and `:counter_sql` options on collection associations
are deprecated. Please transition to using scopes.
*Jon Leighton*
* `:insert_sql` and `:delete_sql` options on `has_and_belongs_to_many`
associations are deprecated. Please transition to using `has_many
:through`
*Jon Leighton*
* `composed_of` has been deprecated. You'll have to write your own accessor
and mutator methods if you'd like to use value objects to represent some
portion of your models.
*Steve Klabnik*
* `update_attribute` has been deprecated. Use `update_column` if
you want to bypass mass-assignment protection, validations, callbacks,
and touching of updated_at. Otherwise please use `update_attributes`.
*Steve Klabnik*
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:55:32 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack32: distinfo
Log Message:
Update ruby-actionpack32 to 3.2.7.
## Rails 3.2.7 (unreleased) ##
* Do not convert digest auth strings to symbols. CVE-2012-3424
* Bump Journey requirements to 1.0.4
* Add support for optional root segments containing slashes
* Fixed bug creating invalid HTML in select options
* Show in log correct wrapped keys
* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered
instead of line continuations.
* ActionController::Metal doesn't have logger method, check it and then
delegate
* ActionController::Caching depends on RackDelegation and
AbstractController::Callbacks
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:56:13 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer32: distinfo
Log Message:
Update ruby-actionmailer32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:56:46 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties32: distinfo
Log Message:
Update ruby-railties32 to 3.2.7.
## Rails 3.2.7 (unreleased)
* Since Rails 3.2, use layout false to render no layout
* Use strict_args_position! if available from Thor
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:57:33 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails32: distinfo
Log Message:
Update Update ruby-rails32 to 3.2.17.
This is a meta-like package and no changes.
|
|
databases/ruby-activerecord31: security update
devel/ruby-activemodel31: security update
devel/ruby-activesupport31: security update
devel/ruby-railties31: security update
mail/ruby-actionmailer31: security update
www/ruby-actionpack31: security update
www/ruby-activeresource31: security update
www/ruby-rails31: security update
Revisions pulled up:
- databases/ruby-activerecord31/distinfo 1.5
- devel/ruby-activemodel31/distinfo 1.5
- devel/ruby-activesupport31/distinfo 1.6
- devel/ruby-railties31/distinfo 1.5
- lang/ruby/rails.mk 1.26
- mail/ruby-actionmailer31/distinfo 1.5
- www/ruby-actionpack31/distinfo 1.6
- www/ruby-activeresource31/distinfo 1.5
- www/ruby-rails31/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:34:39 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails 3.1.7.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:35:07 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport31: distinfo
Log Message:
Update ruby-activesupport31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:35:47 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel31: distinfo
Log Message:
Update ruby-activemodel31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:36:18 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource31: distinfo
Log Message:
Update ruby-activeresource31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:36:59 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord31: distinfo
Log Message:
Update ruby-activerecord31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:38:13 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack31: distinfo
Log Message:
Update ruby-actionpack31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* Do not convert digest auth strings to symbols. CVE-2012-3424
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:38:47 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer31: distinfo
Log Message:
Update ruby-actionmailer31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:39:16 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties31: distinfo
Log Message:
Update ruby-railties31 to 3.1.7.
## Rails 3.1.7 (Jul 26, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:41:23 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails31: distinfo
Log Message:
Update Update ruby-rails31 to 3.1.17.
This is a meta-like package and no changes.
|
|
databases/ruby-activerecord3: security update
devel/ruby-activemodel: security update
devel/ruby-activesupport3: security update
devel/ruby-railties: security update
mail/ruby-actionmailer3: security update
mail/ruby-mail22/Makefile
www/ruby-actionpack3: security update
www/ruby-activeresource3: security update
www/ruby-rails3: security update
Revisions pulled up:
- databases/ruby-activerecord3/distinfo 1.14
- devel/ruby-activemodel/distinfo 1.14
- devel/ruby-activesupport3/distinfo 1.15
- devel/ruby-railties/distinfo 1.14
- lang/ruby/rails.mk 1.25
- mail/ruby-actionmailer3/distinfo 1.16
- mail/ruby-mail22/Makefile 1.5
- www/ruby-actionpack3/distinfo 1.15
- www/ruby-activeresource3/distinfo 1.14
- www/ruby-rails3/distinfo 1.15
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:20:08 UTC 2012
Modified Files:
pkgsrc/lang/ruby: rails.mk
Log Message:
Start update of Ruby on Rails to 3.0.16.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:21:03 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activesupport3: distinfo
Log Message:
Update ruby-activesupport3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:21:54 UTC 2012
Modified Files:
pkgsrc/devel/ruby-activemodel: distinfo
Log Message:
Update ruby-activemodel to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:22:56 UTC 2012
Modified Files:
pkgsrc/www/ruby-activeresource3: distinfo
Log Message:
Update ruby-activeresource3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:24:29 UTC 2012
Modified Files:
pkgsrc/www/ruby-actionpack3: distinfo
Log Message:
Update ruby-actionpack3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* Do not convert digest auth strings to symbols. CVE-2012-3424
## Rails 3.0.14 (Jun 12, 2012)
* nil is removed from array parameter values
CVE-2012-2694
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:25:14 UTC 2012
Modified Files:
pkgsrc/databases/ruby-activerecord3: distinfo
Log Message:
Update ruby-activerecord3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:25:49 UTC 2012
Modified Files:
pkgsrc/mail/ruby-actionmailer3: distinfo
Log Message:
Update ruby-actionmailer3 to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:26:47 UTC 2012
Modified Files:
pkgsrc/devel/ruby-railties: distinfo
Log Message:
Update ruby-railties to 3.0.16.
## Rails 3.0.16 (Jul 26, 2012)
* No changes.
## Rails 3.0.14 (Jun 12, 2012)
* No changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 12:27:36 UTC 2012
Modified Files:
pkgsrc/www/ruby-rails3: distinfo
Log Message:
Update ruby-rails3 to 3.0.16.
This is a meta-like package and no changes.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 31 13:02:49 UTC 2012
Modified Files:
pkgsrc/mail/ruby-mail22: Makefile
Log Message:
Bump PKGREVISION to reflect dependency to devel/ruby-activesupport3.
|
|
www/opera: security update
Revisions pulled up:
- www/opera/Makefile 1.97
- www/opera/distinfo 1.40
---
Module Name: pkgsrc
Committed By: obache
Date: Fri Aug 3 13:08:24 UTC 2012
Modified Files:
pkgsrc/www/opera: Makefile distinfo
Log Message:
Update opera to 12.01.
Opera 12.01 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.00
General and User Interface
* Several general fixes and stability improvements
* Website thumbnail memory usage improvements
* Address bar inline auto-completion no longer prefers shortest domain
* Corrected an error that could occur after removing the plugin wrapper
* Resolved an issue where favicons were squeezed too much when many tabs were
open
Display and Scripting
* Resolved an error with XHR transfers where content-type was incorrectly
determined
* Improved handling of object literals with numeric duplicate properties
* Changed behavior of nested/chained comma expressions: now expressing and
compiling them as a list rather than a tree
* Aligned behavior of the #caller property on function code objects in
ECMAScript 5 strict mode with the specification
* Fixed an issue where input type=month would return an incorrect value in its
valueAsDate property
* Resolved an issue with JSON.stringify() that could occur on cached number
conversion
* Fixed a problem with redefining special properties using
Object.defineProperty()
Network and Site-Specific
* Fixed an issue where loading would stop at "Document 100%" but the page
would still be loading
* tuenti.com: Corrected behavior when long content was displayed
* https://twitter.com: Fixed an issue with secure transaction errors
* Fixed an issue with Google Maps Labs that occured when compiling top-level
loops inside strict evals
* Corrected a problem that could occur with DISQUS
* Fixed a crash occurring on Lenovo's "Shop now" page
* Corrected issues when calling window.console.log via a variable at watch4you
* Resolved an issue with Yahoo! chat
Mail, News, Chat
* Resolved an issue where under certain conditions the mail panel would
continuously scroll up
* Fixed a crash occurring when loading mail databases on startup
Security
* Re-fixed an issue where certain URL constructs could allow arbitrary code
execution, as reported by Andrey Stroganov; see our advisory
http://www.opera.com/support/kb/view/1016/
* Fixed an issue where certain characters in HTML could incorrectly be
ignored, which could facilitate XSS attacks; see our advisory
http://www.opera.com/support/kb/view/1026/
* Fixed another issue where small windows could be used to trick users into
executing downloads as reported by Jordi Chancel; see our advisory
http://www.opera.com/support/kb/view/1027/
* Fixed an issue where an element's HTML content could be incorrectly
returned without escaping, bypassing some HTML sanitizers; see our advisory
http://www.opera.com/support/kb/view/1025/
* Fixed a low severity issue, details will be disclosed at a later date
|
|
www/moodle: security update
Revisions pulled up:
- www/moodle/Makefile 1.13
- www/moodle/PLIST 1.10
- www/moodle/distinfo 1.10
---
Module Name: pkgsrc
Committed By: wen
Date: Fri Jul 27 12:44:21 UTC 2012
Modified Files:
pkgsrc/www/moodle: Makefile PLIST distinfo
Log Message:
Update to 2.1.7
Approved by: obache@
Upstream changes:
Highlights
MDL-28557 Group event now appears to teachers, managers and administrators
MDL-33398 MDL-27368 Cron works when course completion is enabled
Functional changes
MDL-24401 Lesson string changes
MDL-33401 Managers can add blocks at the site level
Security issues
MSA-12-0042 File access issue in blocks
MSA-12-0043 Early information access issue in forum
MSA-12-0044 Capability check issue in forum subscriptions
MSA-12-0045 Injection potential in admin for repositories
MSA-12-0046 Insecure protocol redirection in LDAP authentication
MSA-12-0047 SQL injection potential in Feedback module
MSA-12-0048 Possible XSS in cohort administration
MSA-12-0049 Group restricted activity displayed to all users
MSA-12-0050 Potential DOS attack through database activity
Fixes and improvements
MDL-32866 Filemanager in private files now saves changes
MDL-33583 "Keep all" automated backups now works
MDL-33607 Add new wiki page no longer reports error writing to database
MDL-33603 Database activity entries are linked correctly
MDL-26892 Question images not lost during upgrade
MDL-29924 Glossary attachments appear in filter popups
|
|
www/contao211: security update
Revisions pulled up:
- www/contao/Makefile.common 1.19
- www/contao211/Makefile 1.4
- www/contao211/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 26 03:06:05 UTC 2012
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao211: Makefile distinfo
Log Message:
Update contao211 package to 2.11.5.
It also fixes a little security problem of permission check about undo
processing.
Quote from release announce: http://www.contao.org/en/news/contao-2_11_5.html
The bugfix release fixes a couple of issues, including the SOAP
compression problem in PHP 5.4, the IDNA URL converting issue and
the TinyMCE relative URLs problem.
|
|
archivers/php-bz2: security update
archivers/php-zip: security update
archivers/php-zlib: security update
converters/php-iconv: security update
converters/php-mbstring: security update
databases/php-dba: security update
databases/php-ldap: security update
databases/php-mssql: security update
databases/php-mysql: security update
databases/php-mysqli: security update
databases/php-pdo: security update
databases/php-pdo_dblib: security update
databases/php-pdo_mysql: security update
databases/php-pdo_pgsql: security update
databases/php-pdo_sqlite: security update
databases/php-pgsql: security update
databases/php-sqlite: security update
devel/php-gettext: security update
devel/php-gmp: security update
devel/php-pcntl: security update
devel/php-posix: security update
devel/php-shmop: security update
devel/php-sysvmsg: security update
devel/php-sysvsem: security update
devel/php-sysvshm: security update
graphics/php-exif: security update
graphics/php-gd: security update
lang/php53: security update
lang/php54: security update
mail/php-imap: security update
math/php-bcmath: security update
net/php-ftp: security update
net/php-snmp: security update
net/php-soap: security update
net/php-sockets: security update
net/php-xmlrpc: security update
security/php-mcrypt: security update
textproc/php-dom: security update
textproc/php-enchant: security update
textproc/php-intl: security update
textproc/php-json: security update
textproc/php-pspell: security update
textproc/php-wddx: security update
textproc/php-xsl: security update
time/php-calendar: security update
www/ap-php: security update
www/php-curl: security update
www/php-fpm: security update
www/php-tidy: security update
Revisions pulled up:
- archivers/php-zip/Makefile 1.15
- databases/php-dba/Makefile 1.15
- databases/php-mssql/Makefile 1.14
- databases/php-pdo_dblib/Makefile 1.15
- databases/php-pdo_sqlite/Makefile 1.12
- databases/php-sqlite/Makefile 1.16
- devel/php-gettext/Makefile 1.11
- devel/php-shmop/Makefile 1.11
- graphics/php-exif/Makefile 1.11
- graphics/php-gd/Makefile 1.28
- lang/php53/Makefile.common 1.15
- lang/php53/Makefile.php 1.19
- lang/php53/distinfo 1.46
- lang/php53/patches/patch-aj 1.2
- lang/php54/Makefile.common 1.2
- lang/php54/distinfo 1.2
- lang/php54/patches/patch-run-tests.php 1.2
- net/php-soap/Makefile 1.4
- net/php-xmlrpc/Makefile 1.15
- textproc/php-dom/Makefile 1.4
- textproc/php-intl/Makefile 1.13
- textproc/php-pspell/Makefile 1.13
- textproc/php-wddx/Makefile 1.17
- textproc/php-xsl/Makefile 1.5
- www/ap-php/Makefile 1.27
- www/php-curl/Makefile 1.18
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:28:18 UTC 2012
Modified Files:
pkgsrc/lang/php53: Makefile.common Makefile.php distinfo
pkgsrc/lang/php53/patches: patch-aj
Log Message:
Update php53 pacakge to 5.3.15 (PHP 5.3.15).
19-July-2012
o Zend Engine
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
o COM
* Fixed bug #62146 com_dotnet cannot be built shared
o Core
* Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
o Fileinfo
* Fixed magic file regex support
o FPM
* Fixed bug #61045 (fpm don't send error log to fastcgi clients)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user' for
non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances
can be launched without errors)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr))
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
o JSON
* Reverted fix for bug #61537
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o SPL
* Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
o SQLite
* Fixed open_basedir bypass, CVE-2012-3365
o XML Write
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:29:05 UTC 2012
Modified Files:
pkgsrc/lang/php54: Makefile.common distinfo
pkgsrc/lang/php54/patches: patch-run-tests.php
Log Message:
Update php54 package to 5.4.5 (PHP 5.4.5).
19-July-2012
o Core
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62373 (serialize() generates wrong reference to the
object).
* Fixed bug #62357 (compile failure: (S) Arguments missing for
built-in function __memcmp)
* Fixed bug #61998 (Using traits with method aliases appears to result
in crash during execution)
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
* Fixed potential overflow in _php_stream_scandir (CVE-2012-2688)
o EXIF
* Fixed information leak in ext exi
o FPM
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user'
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #61045 (fpm don't send error log to fastcgi clients).
(fat) for non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address).
(fat) can be launched without errors)
o Iconv
* Fixed bug #55042 (Erealloc in iconv.c unsafe)
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
* ResourceBundle constructor now accepts NULL for the first two arguments
o JSON
* Fixed bug #61359 (json_encode() calls too many reallocs)
o libxml
* Fixed bug #62266 (Custom extension segfaults during xmlParseFile
with FPM SAPI)
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Readline
* Fixed bug #62186 (readline fails to compile - void function should
not return a value)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o Sockets
* Fixed bug #62025 (__ss_family was changed on AIX 5.3)
o SPL
* Fixed bug #62433 (Inconsistent behavior of
RecursiveDirectoryIterator to dot files)
* Fixed bug #62262 (RecursiveArrayIterator does not implement
Countable)
o XML Writer
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10.
{
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 12:30:38 UTC 2012
Modified Files:
pkgsrc/archivers/php-zip: Makefile
pkgsrc/databases/php-dba: Makefile
pkgsrc/databases/php-mssql: Makefile
pkgsrc/databases/php-pdo_dblib: Makefile
pkgsrc/databases/php-pdo_sqlite: Makefile
pkgsrc/databases/php-sqlite: Makefile
pkgsrc/devel/php-gettext: Makefile
pkgsrc/devel/php-shmop: Makefile
pkgsrc/graphics/php-exif: Makefile
pkgsrc/graphics/php-gd: Makefile
pkgsrc/net/php-soap: Makefile
pkgsrc/net/php-xmlrpc: Makefile
pkgsrc/textproc/php-dom: Makefile
pkgsrc/textproc/php-intl: Makefile
pkgsrc/textproc/php-pspell: Makefile
pkgsrc/textproc/php-wddx: Makefile
pkgsrc/textproc/php-xsl: Makefile
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php-curl: Makefile
Log Message:
- Reset PKG_REVISION by both php53 and php54 are updated.
- Remove supporting php5 (PHP 5.2.x) supporting codes.
|
|
www/seamonkey-l10n: sync with seamonkey package
Revisions pulled up:
- www/seamonkey-l10n/Makefile 1.11
- www/seamonkey-l10n/PLIST 1.7
- www/seamonkey-l10n/distinfo 1.10
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Jul 19 17:44:09 UTC 2012
Modified Files:
pkgsrc/www/seamonkey-l10n: Makefile PLIST distinfo
Log Message:
Update to 2.11
* Sync with www/seaonkey
|
|
www/seamonkey: security update
Revisions pulled up:
- www/seamonkey/Makefile 1.74 via patch
- www/seamonkey/PLIST 1.28
- www/seamonkey/PLIST.lightning 1.4
- www/seamonkey/distinfo 1.84
- www/seamonkey/enigmail.mk 1.5
- www/seamonkey/patches/patch-av 1.5
- www/seamonkey/patches/patch-bd 1.5
- www/seamonkey/patches/patch-mk 1.7
- www/seamonkey/patches/patch-mm 1.9
- www/seamonkey/patches/patch-mozilla_js_src_config_rules.mk 1.2
- www/seamonkey/patches/patch-mozilla_memory_mozalloc_mozalloc.cpp 1.1
- www/seamonkey/patches/patch-mozilla_netwerk_protocol_http_HttpChannelParent.cpp 1.3
- www/seamonkey/patches/patch-mozilla_storage_src_Makefile.in 1.2
- www/seamonkey/patches/patch-mozilla_storage_src_mozStorageService.cpp deleted
- www/seamonkey/patches/patch-mozilla_xpcom_idl-parser_Makefile.in 1.2
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Jul 19 17:33:29 UTC 2012
Modified Files:
pkgsrc/www/seamonkey: Makefile PLIST PLIST.lightning distinfo
enigmail.mk
pkgsrc/www/seamonkey/patches: patch-av patch-bd patch-mk patch-mm
patch-mozilla_js_src_config_rules.mk
patch-mozilla_netwerk_protocol_http_HttpChannelParent.cpp
patch-mozilla_storage_src_Makefile.in
patch-mozilla_xpcom_idl-parser_Makefile.in
Added Files:
pkgsrc/www/seamonkey/patches:
patch-mozilla_memory_mozalloc_mozalloc.cpp
Removed Files:
pkgsrc/www/seamonkey/patches:
patch-mozilla_storage_src_mozStorageService.cpp
Log Message:
Update to 2.11
* Use Lightning 1.6 release
* Enigmail is not tested fully
Changelog: from http://www.seamonkey-project.org/releases/seamonkey2.11/
SeaMonkey-specific changes
A click-to-play option (off by default for now) has been implemented for plugins.
Mozilla platform changes
The Pointer Lock API has been implemented.
A new API to prevent your display from sleeping is available.
New text-transform and font-variant CSS improvements have been made for Turkic languages and Greek.
Fixed several stability issues.
|
|
www/apache24: bug fix
Revisions pulled up:
- www/apache24/Makefile 1.8
- www/apache24/distinfo 1.4
- www/apache24/patches/patch-modules_ssl_ssl__private.h 1.1
---
Module Name: pkgsrc
Committed By: ryoon
Date: Thu Jul 5 12:50:44 UTC 2012
Modified Files:
pkgsrc/www/apache24: Makefile distinfo
Added Files:
pkgsrc/www/apache24/patches: patch-modules_ssl_ssl__private.h
Log Message:
Bump PKGREVISION
Fix PR pkg/46655.
With NetBSD current and 6.0's OpenSSL, OPENSSL_NO_SSL_INTERN should not
be defined, due to it lacks some functions.
Exclude version 0x10001000 from OPENSSL_NO_SSL_INTERN definition.
|
|
www/typo3_47: security update
Revisions pulled up:
- www/typo3_47/Makefile 1.3
- www/typo3_47/PLIST 1.2
- www/typo3_47/distinfo 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 5 14:24:02 UTC 2012
Modified Files:
pkgsrc/www/typo3_47: Makefile PLIST distinfo
Log Message:
Update typo3_47 to 4.7.2 (TYPO3 4.7.2).
Fix XSS in swfupload.
2012-07-04 9fc6c2d [RELEASE] Release of TYPO3 4.7.2 (=
TYPO3 Release Team)
2012-07-04 0f4f749 #38578 [SECURITY] XSS in swfupload (Olive=
r Hader)
2012-07-04 4997fe8 [TASK] Raise submodule pointer (TY=
PO3 Release Team)
2012-07-04 a061bc8 [TASK] Update version number to 4.=
7.2 (Steffen Ritter)
2012-07-04 cebcc3c #38608 [BUGFIX] Remove t3ver_swapmode cod=
e blocks (Oliver Hader)
2012-07-04 0f35e7c #38617 [BUGFIX] RTE: Enable dialogue wind=
ow resizing in IE (Stanislas Rolland)
2012-07-03 d67822d #38574 [BUGFIX] In IE9, RTE does not work=
correctly in compat modes IE8/IE7 (Stanislas Rolland)
2012-07-03 d9b33b0 Revert "[BUGFIX] In IE9, RTE does =
not work correctly in compat modes IE8/IE7" (Stanislas Rolland)
2012-07-03 9cfe9c2 #38574 [BUGFIX] In IE9, RTE does not work=
correctly in compat modes IE8/IE7 (Stanislas Rolland)
2012-07-02 d08559e #38567 [BUGFIX] Add missing link to travi=
s script (Helmut Hummel)
2012-07-02 145eb2c #37615 [BUGFIX] IRRE records can't be exp=
anded without an hidden field (Oliver Hader)
2012-07-02 e4a9d5c #29254 [BUGFIX] TSFE->additionalFooterDat=
a for USER_INT (Oliver Hader)
2012-07-02 a1f0932 #38567 [TASK] Activate travis build for 4=
.7 (Helmut Hummel)
2012-07-02 9794bd2 #36313 [BUGFIX] Add rootline workspace ov=
erlay for backend_layouts. (Timo Webler)
2012-07-02 351a23c #33546 [BUGFIX] Check if user is allowed =
to paste page to pagetree (Max Roesch)
2012-07-02 de46359 #27020 [BUGFIX] TCEForms.Suggest wizard i=
n IRRE records (Nicole Cordes)
2012-07-02 0bd8d06 #34786 [BUGFIX] Custom HTML tags no longe=
r malformed in IE (Bart Dubelaar)
2012-07-01 4bf154d #38511 [BUGFIX] Remove a rather dubious u=
nit test for Redis cache backend (Christian Kuhn)
2012-06-30 7957d03 #38503 [BUGFIX] Page tree unit test fails=
if pages don't exist (Susanne Moog)
2012-06-30 9e7e687 #36344 [BUGFIX] Icon for save action in s=
cheduler should be save-close (Philipp Gampe)
2012-06-30 30bf42f #38501 [BUGFIX] Fix unit test failure if=
gif compress is disabled (Susanne Moog)
2012-06-30 24e27c6 #35915 [BUGFIX] VariableFrontend initiali=
zeObject not called (Daniel P=F6tzinger)
2012-06-30 3a83fac #37618 [BUGFIX] Remove class of td if "No=
CSS styles for this table" is set (Juergen Furrer)
2012-06-30 3a9501e #36290 [BUGFIX] Markers (%s) are not repl=
aced in TCEmain error messages (Bart Dubelaar)
2012-06-30 2766d48 #33444 [BUGFIX] Fatal error in configurat=
ion ($BE_USER->uc) (Susanne Moog)
2012-06-29 d891eb5 #38357 [TASK] Add travis configuration fi=
le (Helmut Hummel)
2012-06-29 04d3f82 #24626 [BUGFIX] Drag&Drop inside the root=
page of the pagetree isn't possible (Stefan Galinski)
2012-06-29 1107b6a #36093 [BUGFIX] Reports: Wrong indication=
for saltedpasswords (Markus Klein)
2012-06-28 14a2946 #37541 [BUGFIX] Declaration of tx_rtehtml=
area_base::drawRTE() not compatible (Stanislas Rolland)
2012-06-28 d04fe14 #36194 [BUGFIX] Ensure $output is used as=
string (Peter Niederlag)
2012-06-28 8d2dcc1 #38300 [BUGFIX] RTE link insertion issues=
with IE9 (Stanislas Rolland)
2012-06-27 cdee1af [TASK] Raise submodule pointer (TY=
PO3 Release Team)
2012-06-24 4b3513d #36541 [BUGFIX] Wrong margin calculation =
for Text/Image (derhansen)
2012-06-21 af95023 #36300 [BUGFIX] Properly load existing us=
ergroups in task (Bart Dubelaar)
2012-06-21 18332ca #35154 [BUGFIX] Exclude E_STRICT from exc=
eptionalErrors (Steffen M=FCller)
2012-06-18 45bf97b #36308 [BUGFIX] Correct Path Calculation =
in Cardlayout (Kay Strobach)
2012-06-17 8fb2ed5 #36777 [BUGFIX] Unnecessary warning in cs=
s_styled_content (division by zero) (Thomas Layh)
2012-06-15 ab720c0 #36947 [BUGFIX] Fix refactoring regressio=
n in imagecopyresized (Lorenz)
2012-06-13 d4fb1b0 #35944 [BUGFIX] Hide the field "Selected =
Pages" for menu type "Sitemap" (Marco Huber)
2012-05-28 4a564c5 #37553 BUGFIX] Illegal string offset (Jig=
al van Hemert)
|
|
www/typo3_46: security update
Revisions pulled up:
- www/typo3_46/Makefile 1.11
- www/typo3_46/PLIST 1.5
- www/typo3_46/distinfo 1.10
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 5 14:23:04 UTC 2012
Modified Files:
pkgsrc/www/typo3_46: Makefile PLIST distinfo
Log Message:
Update typo3_46 to 4.6.10 (TYPO3 4.6.10).
Fix XSS in swfupload.
2012-07-04 38d29a9 [RELEASE] Release of TYPO3 4.6.10 =
(TYPO3 Release Team)
2012-07-04 96ccf99 #38578 [SECURITY] XSS in swfupload (Olive=
r Hader)
2012-07-04 ac6fda8 [TASK] Raise submodule pointer (TY=
PO3 Release Team)
2012-07-04 d8f537d #35154 [BUGFIX] Exclude E_STRICT from exc=
eptionalErrors (Mario Rimann)
2012-07-04 b061b84 #37615 [BUGFIX] IRRE records can't be exp=
anded without an hidden field (Oliver Hader)
2012-07-04 ca50ec0 #29254 [BUGFIX] TSFE->additionalFooterDat=
a for USER_INT (Oliver Hader)
2012-07-03 e4267b5 #38574 [BUGFIX] In IE9, RTE does not work=
correctly in compat modes IE8/IE7 (Stanislas Rolland)
2012-07-03 0b98eb7 Revert "[BUGFIX] In IE9, RTE does =
not work correctly in compat modes IE8/IE7" (Stanislas Rolland)
2012-07-03 2a25577 #38574 [BUGFIX] In IE9, RTE does not work=
correctly in compat modes IE8/IE7 (Stanislas Rolland)
2012-07-02 8d1d267 #34786 [BUGFIX] Custom HTML tags no longe=
r malformed in IE (Bart Dubelaar)
2012-07-01 3b74b25 #38511 [BUGFIX] Remove a rather dubious u=
nit test for Redis cache backend (Christian Kuhn)
2012-06-30 3d24c7e #33446 [BUGFIX] canBeInterpretedAsInteger=
fatals if given an object (Philipp Gampe)
2012-06-30 09e1a88 #38501 [BUGFIX] Fix unit test failure if=
gif compress is disabled (Susanne Moog)
2012-06-30 7ff3dce #35915 [BUGFIX] VariableFrontend initiali=
zeObject not called (Daniel P=F6tzinger)
2012-06-30 68125fa #37618 [BUGFIX] Remove class of td if "No=
CSS styles for this table" is set (Juergen Furrer)
2012-06-30 e4ce956 #36290 [BUGFIX] Markers (%s) are not repl=
aced in TCEmain error messages (Bart Dubelaar)
2012-06-30 2c83967 #33444 [BUGFIX] Fatal error in configurat=
ion ($BE_USER->uc) (Susanne Moog)
2012-06-29 065670f #38357 [TASK] Add travis configuration fi=
le (Helmut Hummel)
2012-06-29 0712cc1 #36093 [BUGFIX] Reports: Wrong indication=
for saltedpasswords (Markus Klein)
2012-06-28 56c9837 #37541 [BUGFIX] Declaration of tx_rtehtml=
area_base::drawRTE() not compatible (Stanislas Rolland)
2012-06-28 825886e #34303 [BUGFIX] IRRE hide/unhide broken (=
dkd-egerer Sascha Egerer)
2012-06-28 fa1d287 #34685 [TASK] PHP 5.4 adjustments (Markus=
Klein)
2012-06-28 0f6bc15 #36194 [BUGFIX] Ensure $output is used as=
string (Peter Niederlag)
2012-06-27 c75df95 #32773 [BUGFIX] fe_adminLib.inc uses unde=
fined function (Sven Burkert)
2012-06-21 0602c31 #36300 [BUGFIX] Properly load existing us=
ergroups in task (Bart Dubelaar)
2012-06-17 4526c0d #36777 [BUGFIX] Unnecessary warning in cs=
s_styled_content (division by zero) (Thomas Layh)
2012-06-13 98ccffb #35944 [BUGFIX] Hide the field "Selected =
Pages" for menu type "Sitemap" (Marco Huber)
2012-05-30 4114744 #21943 [BUGFIX] redirect to referrer when=
changing password (Jigal van Hemert)
2012-05-28 c32cf60 #37553 BUGFIX] Illegal string offset (Jig=
al van Hemert)
|
|
www/typo3_45: security update
Revisions pulled up:
- www/typo3_45/Makefile 1.12
- www/typo3_45/PLIST 1.5
- www/typo3_45/distinfo 1.10
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 5 14:21:36 UTC 2012
Modified Files:
pkgsrc/www/typo3_45: Makefile PLIST distinfo
Log Message:
Update typo3_45 to 4.5.17 (TYPO3 4.5.17).
Fix XSS in swfupload.
2012-07-04 acf7796 [RELEASE] Release of TYPO3 4.5.17 =
(TYPO3 Release Team)
2012-07-04 4356de4 #38578 [SECURITY] XSS in swfupload (Olive=
r Hader)
2012-07-04 d5cb5fb #35154 [BUGFIX] Exclude E_STRICT from exc=
eptionalErrors (Mario Rimann)
2012-07-04 4cca68b #37615 [BUGFIX] IRRE records can't be exp=
anded without an hidden field (Oliver Hader)
2012-07-04 5fd49b5 #29254 [BUGFIX] TSFE->additionalFooterDat=
a for USER_INT (Oliver Hader)
2012-07-03 15847d2 #38574 [BUGFIX] In IE9, RTE does not work=
correctly in compat modes IE8/IE7 (Stanislas Rolland)
2012-07-03 9a1c36c #34786 [BUGFIX] Custom HTML tags no longe=
r malformed in IE (Bart Dubelaar)
2012-07-01 8ea1408 #38511 [BUGFIX] Remove a rather dubious u=
nit test for Redis cache backend (Christian Kuhn)
2012-06-30 353ab74 #38501 [BUGFIX] Fix unit test failure if=
gif compress is disabled (Susanne Moog)
2012-06-30 74701ef #35915 [BUGFIX] VariableFrontend initiali=
zeObject not called (Daniel P=F6tzinger)
2012-06-30 2cc2efb #37618 [BUGFIX] Remove class of td if "No=
CSS styles for this table" is set (Juergen Furrer)
2012-06-30 364926e #36290 [BUGFIX] Markers (%s) are not repl=
aced in TCEmain error messages (Bart Dubelaar)
2012-06-29 880f256 #38357 [TASK] Add travis configuration fi=
le (Helmut Hummel)
2012-06-29 027a9b3 #36093 [BUGFIX] Reports: Wrong indication=
for saltedpasswords (Markus Klein)
2012-06-28 885d256 #37541 [BUGFIX] Declaration of tx_rtehtml=
area_base::drawRTE() not compatible (Stanislas Rolland)
2012-06-28 50b5136 #34303 [BUGFIX] IRRE hide/unhide broken (=
dkd-egerer Sascha Egerer)
2012-06-28 6918eda #34685 [TASK] PHP 5.4 adjustments (Markus=
Klein)
2012-06-28 1f7ebfd #36194 [BUGFIX] Ensure $output is used as=
string (Peter Niederlag)
2012-06-27 7366511 #32773 [BUGFIX] fe_adminLib.inc uses unde=
fined function (Sven Burkert)
2012-06-27 b82dfa5 [TASK] Raise submodule pointer (TY=
PO3 Release Team)
2012-06-21 3f3c200 #36300 [BUGFIX] Properly load existing us=
ergroups in task (Bart Dubelaar)
2012-06-13 1e97470 #35944 [BUGFIX] Hide the field "Selected =
Pages" for menu type "Sitemap" (Marco Huber)
2012-05-30 bbc55bf #21943 [BUGFIX] redirect to referrer when=
changing password (Jigal van Hemert)
2012-05-28 1c43954 #37553 BUGFIX] Illegal string offset (Jig=
al van Hemert)
|
|
ChangeLog:
Wordpress 3.4.1:
* Fixes an issue where a theme’s page templates were sometimes not detected.
* Addresses problems with some category permalink structures.
* Better handling for plugins or themes loading JavaScript incorrectly.
* Adds early support for uploading images on iOS 6 devices.
* Allows for a technique commonly used by plugins to detect a network-wide activation.
* Better compatibility with servers running certain versions of PHP (5.2.4, 5.4)
or with uncommon setups (safe mode, open_basedir), which had caused warnings or
in some cases prevented emails from being sent.
Additionally: Version 3.4.1 fixes a few security issues and contains some security
hardening. These issues were discovered and fixed by the WordPress security team:
* Privilege Escalation/XSS. Critical. Administrators and editors in multisite
were accidentally allowed to use unfiltered_html for 3.4.0.
* CSRF. Additional CSRF protection in the customizer.
* Information Disclosure: Disclosure of post contents to authors and contributors
(such as private or draft posts).
* Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
* Hardening: Require a child theme to be activated with its intended parent only.
Wordpress 3.4:
* Enhanced theme control
* Customize theme options before activating a new theme using Theme Customizer
* Use Theme Previewer to customize current theme without changing the front-end design
* Custom Headers
* Improved Custom Headers with flexible sizes
* Selecting Custom Header Images and Custom Background Images from Media Library Screen
* Media improvements
* Support HTML in image captions
* Under the Hood improvements
* Improvements in WordPress internationalization and localization (more info)
* Different split in translation POT files for faster translations
* Codex XML-RPC information update accessed via XML-RPC_WordPress_API
* WP_Query improvements
|
|
|
|
|
|
|
|
|
|
http://mail-index.netbsd.org/pkgsrc-users/2012/06/21/msg016616.html
|
|
|
|
=== Changes since 1.19.0 ===
* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
|
|
* Remove a duplicated line to www/php-phrasea2.
|
|
Previously, I added a dependency on pdo_sqlite3 because an owncloud
instance failed to run without PDO. This commit moves the dependency
to be conditional on the sqlite option, so that it doesn't apply if
mysql is selected.
The upstream method selection code is hard to follow, and in
particular I don't understand how dbtype=sqlite is expected to use
MDB2 and dbtype=sqlite3 PDO. So with the sqlite option both chunks of
code are availale. I suspect there is an upstream bug lurking, but I
can't point to it.
|
|
|
|
|
|
contao/Makefile.translations.
|
|
|
|
|
|
|
|
|
|
|
|
php54, so mark this incompatible so pbulk stops croaking.
XXX: someone please fix this correctly
|
|
version A.B.C is at least D.E.F is to be done by checking A >= D, B >=
E, *and* C >= F. Therefore, it believes that the most recent libxml2
update, which is 2.8.0, is less than its minimum requirement 2.4.1.
Rather than trying to repair this curious logic, just patch the test
to always succeed, as pkgsrc always provides a suitable libxml2.
|
|
|
|
|
|
|
|
Bug fixes.
|
|
PHP 5.3.x and PHP 5.4.x.
|
|
|
