mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-28 10:08:24 +00:00
Code Issues Releases Activity
289,295 Commits 46 Branches 101 Tags 3.4 GiB
abbf32d4b2
Commit Graph

16722 Commits

Author SHA1 Message Date
Florian Smeets
abbf32d4b2 - Update backports patch to 20121114 
- Bump PORTREVISION

Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function

Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len

- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.

- Timezone database updated to version 2012.9 (2012i)

PR:		ports/173685
Submitted by:	Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
Approved by:	maintainer
Feature safe:	yes
 2012-11-25 15:42:22 +00:00
Wesley Shields
5fb60dc50f Add entries for the following advisories: 
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind

Feature safe:	yes
 2012-11-25 04:02:28 +00:00
Steve Wills
ebdf97f80b - Update to 0.8.7.1 
- Fix installation so it doesn't overwrite your config files every time you
  upgrade the port
- Fix some space/tab issues to make portlint happy
- Use dirrmtry in a few places because some people have their own custom
  filters, actions, etc.

PR:		ports/171708
Submitted by:	Mark Felder <feld@feld.me>
Approved by:	Christoph Theis <theis@gmx.at> (maintainer)
Feature safe:	yes
 2012-11-24 03:08:36 +00:00
Jase Thew
8c849a82df - Remove hardcoded dependency on security/gpg. Instead, add OPTIONS to allow 
choice of GnuPG version.

PR:		ports/172323
Approved by:	jadawin (perl@)

Feature safe:	yes
 2012-11-23 15:55:30 +00:00
Dirk Meyer
96e5bf3440 - opera -- execution of arbitrary code 
Feature safe: yes
 2012-11-22 20:27:45 +00:00
Brendan Fabeny
a6d283edd6 update to 0.2.4.6-alpha 
Feature safe:	yes
 2012-11-22 11:30:22 +00:00
David Thiel
0a7059d585 Update to 3.0.8, unbreak with utmpx. 
Feature safe: Yes
 2012-11-21 20:36:28 +00:00
Martin Matuska
1d8470b15e Document new vulnerability in www/lighttpd 1.4.31 
Feature safe:	yes
 2012-11-21 14:35:31 +00:00
Florian Smeets
9aafe503d0 - Update firefox and thunderbird to 17.0 
- Update seamonkey to 2.14
- Update ESR ports and libxul to 10.0.11
- support more h264 codecs when using GSTREAMER with YouTube
- Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1]
- Buildsystem is not python 3 aware, use python up to 2.7 [2]

PR:		ports/173679 [1]
Submitted by:	swills [1], demon [2]
In collaboration with:	Jan Beich <jbeich@tormail.org>
Security:	d23119df-335d-11e2-b64c-c8600054b392
Approved by:	portmgr (beat)
Feature safe:	yes
 2012-11-20 23:01:15 +00:00
Brendan Fabeny
12311574e9 update to 0.2.3.25 
Feature safe:	yes
 2012-11-20 15:08:34 +00:00
Renato Botelho
70953c6d15 Update to 20121120 
Feature safe:	yes
 2012-11-20 14:17:04 +00:00
Frederic Culot
f51195062a - Update to 0.14 
- Add LICENSE (Artistic 1 & GPL 1)

Changes:	http://search.cpan.org/dist/Crypt-OpenSSL-DSA/Changes
Feature safe:	yes
 2012-11-19 10:34:45 +00:00
Frederic Culot
e40b0f02b3 - Update to 2.31 
Changes:	http://search.cpan.org/dist/Crypt-CBC/Changes
Feature safe:	yes
 2012-11-19 09:57:33 +00:00
Frederic Culot
f9d48ff0a9 - Update to 0.22 
Changes:	http://search.cpan.org/dist/RadiusPerl/Changes
Feature safe:	yes
 2012-11-19 09:47:49 +00:00
Martin Matuska
41df8feeb2 horde4 update: 
archivers/pear-Horde_Compress 1.0.7 -> 1.0.8
databases/pear-Horde_Db 1.2.1 -> 1.2.2
deskutils/horde4-groupware 4.0.8 -> 4.0.9
deskutils/horde4-kronolith 3.0.17 -> 3.0.18
deskutils/horde4-mnemo 3.0.6 -> 3.0.7
deskutils/horde4-nag 3.0.8 -> 3.0.9
devel/pear-Horde_Alarm 1.0.7 -> 1.0.8
devel/pear-Horde_Cache 1.0.5 -> 1.0.6
devel/pear-Horde_Core 1.9.2 -> 1.9.3
devel/pear-Horde_Date 1.0.11 -> 1.0.12
devel/pear-Horde_Nls 1.1.6 -> 1.1.7
mail/horde4-imp 5.0.23 -> 5.0.24
mail/horde4-ingo 2.0.9 -> 2.0.10
mail/horde4-turba 3.0.15 -> 3.0.16
mail/horde4-webmail 4.0.8 -> 4.0.9
mail/pear-Horde_Imap_Client 1.5.5 -> 1.5.11
mail/pear-Horde_Mime 1.6.1 -> 1.6.2
mail/pear-Horde_Mime_Viewer 1.0.8 -> 1.0.9
security/pear-Horde_Auth 1.4.9 -> 1.4.10
security/pear-Horde_Secret 1.0.2 -> 1.0.4
textproc/pear-Horde_Text_Filter 1.1.5 -> 1.1.6
www/horde4-ansel 2.0.1 -> 2.0.2
www/horde4-base 4.0.15 -> 4.0.16
www/horde4-wicked 1.0.1 -> 1.0.2
www/pear-Horde_Browser 1.0.8 -> 1.0.9
www/pear-Horde_Service_Weather 1.1.2 -> 1.1.3
www/pear-Horde_SessionHandler 1.0.5 -> 1.0.6

Feature safe:	yes
 2012-11-19 08:02:01 +00:00
Jase Thew
04822a6d48 - Fix copy and paste error in latest weechat entry 
(81826d12-317a-11e2-9186-406186f3d89d)

Feature safe:	yes
 2012-11-18 12:51:26 +00:00
Jase Thew
7d1870cfd5 - Document new vulnerability in irc/weechat and irc/weechat-devel 
Feature safe:	yes
 2012-11-18 12:46:39 +00:00
Ryan Steinmetz
9e979e7feb - Update to 1.3.4 
Feature safe:	yes
 2012-11-18 05:52:07 +00:00
Philippe Audeoud
bbabd4e43e - Update to 1.77 
- Changelog: http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.77/Changes

Feature safe:	yes
 2012-11-16 10:20:21 +00:00
Tom Judge
1f97bf62dc * Fix build against libcli 0.9.6 
* Make dependance on ActiveMQ off by default.

Feature safe:	yes
Approved by:	eadler (mentor)
 2012-11-16 03:44:09 +00:00
Matthias Andree
43c5928d90 Add CONFLICTS. 
Suggested by:	ketas's ports conflicts checker
Feature safe:	yes
 2012-11-15 23:33:59 +00:00
Sofian Brabez
c2e8e5f1d6 - Update to 1.9.0 
Feature safe:	yes
 2012-11-15 20:57:00 +00:00
Olli Hauer
bb7daf8882 - bugzilla security updates to version(s) 
3.6.11, 4.0.8, 4.2.4

Summary
=======

The following security issues have been discovered in Bugzilla:

* Confidential product and component names can be disclosed to
  unauthorized users if they are used to control the visibility of
  a custom field.

* When calling the 'User.get' WebService method with a 'groups'
  argument, it is possible to check if the given group names exist
  or not.

* Due to incorrectly filtered field values in tabular reports, it is
  possible to inject code which can lead to XSS.

* When trying to mark an attachment in a bug you cannot see as
  obsolete, the description of the attachment is disclosed in the
  error message.

* A vulnerability in swfstore.swf from YUI2 can lead to XSS.

Feature safe: yes

Security:	CVE-2012-4199
		https://bugzilla.mozilla.org/show_bug.cgi?id=731178

		CVE-2012-4198
		https://bugzilla.mozilla.org/show_bug.cgi?id=781850

		CVE-2012-4189
		https://bugzilla.mozilla.org/show_bug.cgi?id=790296

		CVE-2012-4197
		https://bugzilla.mozilla.org/show_bug.cgi?id=802204

		CVE-2012-5475
		https://bugzilla.mozilla.org/show_bug.cgi?id=808845
		http://yuilibrary.com/support/20121030-vulnerability/
 2012-11-14 19:29:42 +00:00
Pawel Pekala
8c5957c966 - Update to version 2.1.5 
- Add LICENSE
- Convert to optionsNG
- Don't overwrite user modified config

PR:		ports/172058
Submitted by:	KATO Tsuguru <tkato432@yahoo.com>
Feature safe:	yes
 2012-11-13 18:54:15 +00:00
Jase Thew
fe3e63dcfc - Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c) 
- Document assigned CVE Identifier
- Document workaround for vulnerable versions

Feature safe:	yes
 2012-11-13 18:17:13 +00:00
Rene Ladan
616eda309b Document vulnerabilities in two typo3 components. 
Obtained from:	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Feature safe:	yes
 2012-11-12 21:47:27 +00:00
Pawel Pekala
2b97404cf4 Update pkg-descr to current project state 
PR:		ports/173445
Submitted by:	Jr Aquino <tanawts@gmail.com>  (maintainer)
Feature safe:	yes
 2012-11-12 21:06:19 +00:00
Emanuel Haupt
bd73cda3a7 Mark IGNORE on ${OSVERSION} >= 1000024 where the script got added to the base 
system.

Feature safe:	yes
 2012-11-12 14:44:24 +00:00
Guido Falsi
edee9b21b3 Fix typo. 
Feature safe:	yes
 2012-11-12 13:07:30 +00:00
Guido Falsi
864702607f - Update to 2.7.1 
- Convert to new options framework
- Document US-CERT VU#268267
- Trim Makefile headers

PR:		ports/173226
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer)
Feature safe:	yes
 2012-11-12 13:04:37 +00:00
Pawel Pekala
b7bec7d93b - Update MASTER_SITES and WWW: line 
- Support CFLAGS properly
- Add MAKE_JOBS_SAFE
- Don't install license file twice

PR:		ports/172064
Submitted by:	KATO Tsuguru <tkato432@yahoo.com>
Feature safe:	yes
 2012-11-10 18:16:38 +00:00
Pawel Pekala
d01f1f8167 - Add LICENSE 
- Add MAKE_JOBS_SAFE
- Support PORTEXAMPLES
- Replace patch with REINPLACE_CMD

PR:             ports/172063
Submitted by:   KATO Tsuguru <tkato432@yahoo.com>
Feature safe:   yes
 2012-11-10 17:38:33 +00:00
Pawel Pekala
a6d974d908 - Add LICENSE 
- Switch to PLIST_FILES, PORTDOCS
- Remove bunch of patches, replaced by REINPLACE_CMD

PR:		ports/172062
Submitted by:	KATO Tsuguru <tkato432@yahoo.com>
Feature safe:	yes
 2012-11-10 17:07:42 +00:00
Pawel Pekala
ada2e37f3b - Add LICENSE 
- Switch to PLIST_FILES

PR:		ports/172061
Submitted by:	KATO Tsuguru <tkato432@yahoo.com>
Feature safe:	yes
 2012-11-10 16:52:43 +00:00
Steve Wills
80df39460a - Improve latest ruby entry slightly 
Feature safe:	yes
 2012-11-10 15:17:31 +00:00
Jase Thew
b5f3820240 - Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry 
- Add constraints to vulnerable versions
- Add additional references
- Improve topic
- Correct description

Feature safe:	yes
 2012-11-10 14:45:55 +00:00
Eitan Adler
236f5555af Apply an upstream patch that fixes a security hole 
when receiving a special colored message.

The maintainer was contacted but due to the nature of
the issue apply the patch ASAP.

Approved by:	secteam-ports (swills)
Security:	e02c572f-2af0-11e2-bb44-003067b2972c
Feature safe:	yes
 2012-11-10 04:55:47 +00:00
Steve Wills
dd14410e21 - Update lang/ruby19 to 1.9.3p327 
- Document security issue in earlier versions

Security:	5e647ca3-2aea-11e2-b745-001fd0af1a4c
Feature safe:	yes
 2012-11-10 04:00:41 +00:00
Jason Helfman
90461f79f5 - clarification that ASF reported issue for: 
- 152e4c7e-2a2e-11e2-99c7-00a0d181e71d
 - 4ca26574-2a2c-11e2-99c7-00a0d181e71d

Feature safe:	yes
 2012-11-09 23:02:15 +00:00
Jason Helfman
c5d5f48eb2 - document tomcat vulnerabilities 
Feature safe:	yes
 2012-11-09 19:09:32 +00:00
Bryan Drewery
8e52ee3253 - Update to 0.4.3 
- Trim header

Feature safe:	yes
 2012-11-09 16:18:33 +00:00
Eitan Adler
528c35064c Update latest version and document security issues 
PR:	ports/173487
Submitted by:	 Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:	4b8b748e-2a24-11e2-bb44-003067b2972c
Feature safe:	yes
 2012-11-09 04:31:13 +00:00
Pietro Cerutti
8d1275d48a - fix MASTER_SITES 
Reported by:	PH (via beat@)
Approved by:	portmgr@ (implicit)
Feature safe:	yes
 2012-11-08 11:16:48 +00:00
Jason E. Hale
4f7ec695a7 - Update to 1.2.0 
While here:
- Trim Makefile header
- Fix capitalization and spacing in COMMENT and pkg-descr

PR:		ports/173466
Submitted by:	John Chen <johnpupu@gmail.com>
Approved by:	makc, avilla (mentors, implicit)
Feature safe:	yes
 2012-11-08 10:50:29 +00:00
Pietro Cerutti
37a282d06d - fix mtree by avoiding to install a .in CMake configure file 
Reported by:	PH (via beat@)
Approved by:	portmgr@ (implicit)
Feature safe:	yes
 2012-11-08 09:49:04 +00:00
Rene Ladan
98f8f6fd1f Document new vulnerabilities in www/chromium < 23.0.1271.64 
Obtained from:	http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe:	yes
 2012-11-07 10:15:19 +00:00
Tom Judge
8ba5b30b50 Update to 4.42. 
Changes:

http://clamtk.sourceforge.net/CHANGES

Feature safe:	yes
Approved by:	eadler (mentor)
 2012-11-07 02:48:57 +00:00
Chris Rees
a17bd43f2f Document opera vulnerabilities 
Feature safe:	yes
 2012-11-06 20:45:14 +00:00
Felippe de Meirelles Motta
02595801c1 pev is a multiplatform PE analysis toolkit that 
includes tools to retrieve and parsing information
about Windows PE files.

PR:		ports/173390
Submitted by:	Danilo Egea Gondolfo <danilogondolfo@gmail.com>
Feature safe:	yes
 2012-11-06 19:40:03 +00:00
Raphael Kubo da Costa
ba5714cb8e Pass maintainership to Jr Aquino <tanawts@gmail.com>. 
The previous maintainer has timed out on many of the recent updates,
and Jr Aquino has expressed interest in maintaining the port in PR
171800.

I sent an email to both maintainers on Oct 21 and got no response from
Yonatan so far; considering the usual timeout period for PRs of 14
days, I guess it is safe to also use it to pass maintainership to
someone who is more interested in the port.

Feature safe:	yes
 2012-11-06 09:20:41 +00:00