- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
Proudly brought to you by the KDE on FreeBSD team, with commits by makc@,
Schaich Alonso and yours truly.
Besides the tons of upstream fixes, we have mkspecs for GCC 4.9 and clang33
(from ports), staging support in the Makefiles and dependency fixes related
to pkg-config.
Many thanks to the people who helped test the ports using our area51
repository, and also to the people who provided patches and bug reports via
GNATS!
PR: ports/180615
ports/181921
ports/182049
2013-10-10 audio/ruby-xmms: Does not work with Ruby 1.9
2013-10-10 databases/ruby-interbase: Does not work with Ruby 1.9
2013-10-10 databases/ruby-bdb1: Does not work with Ruby 1.9
2013-10-10 devel/ruby-fam: Does not work with Ruby 1.9
2013-10-10 devel/ruby-rcov: Does not work with Ruby 1.9
2013-10-10 devel/ruby-rudl: Does not work with Ruby 1.9
2013-10-10 devel/ruby-gemfinder: Does not work with Ruby 1.9
2013-10-10 devel/ruby-sysvipc: Does not work with Ruby 1.9
2013-10-10 devel/rubygem-sdl: Does not work with Ruby 1.9
2013-10-10 devel/rubygem-ncurses: Does not work with Ruby 1.9
2013-10-10 devel/rubygem-parsetree: Does not work with Ruby 1.9
2013-10-10 devel/ruby-sexp: Does not work with Ruby 1.9
2013-10-10 devel/rubygem-getopt-declare: Does not work with Ruby 1.9
2013-10-10 devel/ruby-slang: Does not work with Ruby 1.9
2013-10-10 japanese/ruby-slang: Does not work with Ruby 1.9
2013-10-10 devel/ruby-gettext: Does not work with Ruby 1.9
2013-10-10 devel/ruby-jttui: Does not work with Ruby 1.9
2013-10-10 devel/ruby-mmap: Does not work with Ruby 1.9
2013-10-10 devel/ruby-racc: Does not work with Ruby 1.9
2013-10-10 devel/rubygem-rparsec: Does not work with Ruby 1.9
2013-10-10 devel/rubygem-zoom: Does not work with Ruby 1.9
2013-10-10 games/ruby-exmars: Does not work with Ruby 1.9
2013-10-10 graphics/ruby-pgplot: Does not work with Ruby 1.9
2013-10-10 graphics/ruby-opengl: Does not work with Ruby 1.9
2013-10-10 graphics/rubygem-turing: Does not work with Ruby 1.9
2013-10-10 japanese/ruby-chasen: Does not work with Ruby 1.9
2013-10-10 japanese/ruby-gyokuro: Does not work with Ruby 1.9
2013-10-10 japanese/ruby-rdic: Does not work with Ruby 1.9
2013-10-10 lang/ruby-mode.el: Does not work with Ruby 1.9
2013-10-10 misc/rubygem-ohcount: Does not work with Ruby 1.9
2013-10-10 net-im/rubygem-xmpp4r: Does not work with Ruby 1.9
2013-10-10 security/ruby-acl: Does not work with Ruby 1.9
2013-10-10 textproc/ruby-xslt: Does not work with Ruby 1.9
2013-10-10 textproc/ruby-erbscan: Does not work with Ruby 1.9
2013-10-10 textproc/ruby-mwdom: Does not work with Ruby 1.9
2013-10-10 textproc/ruby-xmlscan-old: Does not work with Ruby 1.9
2013-10-10 textproc/rubygem-formosa: Does not work with Ruby 1.9
2013-10-10 textproc/rubygem-htmltools: Does not work with Ruby 1.9
2013-10-10 www/ruby-cruisecontrolrb: Does not work with Ruby 1.9
2013-10-10 www/rubygem-rubyfulsoup: Does not work with Ruby 1.9
2013-10-10 x11/ruby-gtktrayicon: Does not work with Ruby 1.9
The following ports will not build with a binutils 2.22+ linker built
with standard options. This has been obvious with DPorts, but difficult
to see on FreeBSD. However, setting the ports compiler as a recent gcc
(e.g lang/gcc48) is an excellent way to detect the unspecified but needed
libraries as these recent GCC compilers use the latest binutils linkers.
These patches were tested on FreeBSD 8.4 and DragonFly 3.5
- Allow staging
- Add Created by in Makefile header
- Convert lib depends to new format
PR: ports/182393
Submitted by: Yasuhiro KIMURA <yasu utahime.org> (maintainer)
