- Switched to automake 1.11.6, see CVE-2012-3386.
- #14669: Fixed extraction of CC from gmp.h.
- Fixed case of intermediate zero real or imaginary part in mpc_fma,
found by hydra with GMP_CHECK_RANDOMIZE=1346362345.
This is on top of the following changes from version 1.0
- Licence change towards LGPLv3+ for the code and GFDLv1.3+ (with no
invariant sections) for the documentation.
- 100% of all lines are covered by tests
- Renamed functions
. mpc_mul_2exp to mpc_mul_2ui
. mpc_div_2exp to mpc_div_2ui
- 0^0, which returned (NaN,NaN) previously, now returns (1,+0).
- Removed compatibility with K&R compilers, which was untestable due
to lack of such compilers.
- New functions
. mpc_log10
. mpc_mul_2si, mpc_div_2si
- Speed-ups
. mpc_fma
- Bug fixes
. mpc_div and mpc_norm now return a value indicating the effective
rounding direction, as the other functions.
. mpc_mul, mpc_sqr and mpc_norm now return correct results even if
there are over- or underflows during the computation.
. mpc_asin, mpc_proj, mpc_sqr: Wrong result when input variable has
infinite part and equals output variable is corrected.
. mpc_fr_sub: Wrong return value for imaginary part is corrected.
Convert to the new LIB_DEPENDS standard and remove hard-coded
.so versions from a couple of dependent ports.
Bump PORTREVISIONS of all dependent ports.
PR: 183141
Approved by: portmgr (bdrewery)
- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743