Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Nov 28, 2012
  1. MFH r307665 by ohauer:

    beat authored
    - update japanese bugzilla templates
    
    Feature safe:	yes
Commits on Nov 27, 2012
  1. MFH r307828: describe new vulnerabilities in www/chromium < 23.0.1271.91

    rene authored
    Obtained from:	http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
    
    MFH r307855:	update www/chromium to 23.0.1271.91
    Security:	http://www.vuxml.org/freebsd/4d64fc61-3878-11e2-a4eb-00262d5ed8ee.html
    
    Approved by:	portmgr (tabthorpe)
    Feature safe:	yes
Commits on Nov 26, 2012
  1. MFH r307621 by dinoex:

    beat authored
    - mark FORBIDDEN
    Security: http://www.opera.com/support/kb/view/1036/
    
    MFH r307811:
    - Update to 12.11
    
    PR:		ports/173853
    Submitted by:	dinoex (maintainer)
    Security:	0925716f-34e2-11e2-aa75-003067c2616f
    Feature safe:	yes
  2. @fsmeets

    MFH r307747

    fsmeets authored
    - Update backports patch to 20121114
    - Bump PORTREVISION
    
    Changes:
    - CVE-2006-7243
    PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
    context-dependent attackers to bypass intended access restrictions by placing a
    safe file extension after this character, as demonstrated by .php\0.jpg at the
    end of the argument to the file_exists function
    
    Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
    for strlen(filename) != filename_len
    
    - CVE-2012-4388
    The sapi_header_op function in main/SAPI.c does not properly determine a pointer
    during checks for %0D sequences (aka carriage return characters), which allows
    remote attackers to bypass an HTTP response-splitting protection mechanism via a
    crafted URL, this vulnerability exists because of an incorrect fix for
    CVE-2011-1398.
    
    - Timezone database updated to version 2012.9 (2012i)
    
    Approved by:	portmgr (beat)
    Feature safe:	yes
  3. MFH r307666 by dinoex:

    beat authored
    - opera -- execution of arbitrary code
    
    MFH r307733 by wxs:
    Add entries for the following advisories:
    
    FreeBSD-SA-12:08.linux
    FreeBSD-SA-12:07.hostapd
    FreeBSD-SA-12:06.bind
    
    Feature safe:	yes
  4. MFH r307616 by mm:

    beat authored
    Document new vulnerability in www/lighttpd 1.4.31
    
    MFH r307617 by mm:
    Update lighttpd to 1.4.32 (fixes CVE-2012-5533)
    
    Feature safe:	yes
  5. MFH r307534 by jase:

    beat authored
    - Document new vulnerability in irc/weechat and irc/weechat-devel
    
    MFH r307535 by jase:
    - Fix copy and paste error in latest weechat entry
      (81826d12-317a-11e2-9186-406186f3d89d)
    
    MFH r307536 by jase:
    - Update to 0.3.9.2
    
    Changes:	http://www.weechat.org/files/changelog/ChangeLog-0.3.9.2.html
    Security:	81826d12-317a-11e2-9186-406186f3d89d
    
    MFH r307537 by jase:
    - Update to 20121118
    
    Security:	81826d12-317a-11e2-9186-406186f3d89d
    
    Feature safe:	yes
Commits on Nov 22, 2012
  1. MFH 307524:

    nox authored
    - Fix pulseaudio segfault. [1]
    - No PORTREVISION bump as PULSEAUDIO isn't a default option.
    
    Reported by:	Rainer Hurling <rhurlin@gwdg.de> on -multimedia [1]
    Feature safe:	yes
    Approved by:	portmgr (beat)
Commits on Nov 21, 2012
  1. @fsmeets

    MFH 307413 by ale:

    fsmeets authored
     - Update enigmail to 1.4.6 release.
    
    MFH 307414 by ale:
     -  Use enigmail 1.4.3 (the last working release for thunderbird-esr).
    
    MFH 307606:
     - Update firefox and thunderbird to 17.0
     - Update seamonkey to 2.14
     - Update ESR ports and libxul to 10.0.11
     - support more h264 codecs when using GSTREAMER with YouTube
     - Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024
     - Buildsystem is not python 3 aware, use python up to 2.7
    
    Feature safe:	yes
    Approved by:	portmgr (beat)
Commits on Nov 19, 2012
  1. MFH r307471:

    tj authored
    * Fix build against libcli 0.9.6
    * Make dependance on ActiveMQ off by default.
    
    Feature safe:	yes
    Approved by:	portmgr (beat)
    Approved by:	eadler, db (mentors, implicit)
  2. MFH r307299:

    tj authored
    * Fix memory leak
    * Take over maintainer
    
    Feature safe:	yes
    Approved by:	bapt
    Approved by:	portmgr (beat)
    Approved by:	eadler, db (mentors, implicit)
Commits on Nov 16, 2012
  1. MFH r307465:

    rene authored
    - fix font rendering issues [1]
    - bump PORTREVISION
    Submitted by:	George Liaskos
    Reported by:	freebsd-chromium@
    Approved by:	portmgr (beat)
    Feature safe:	yes
  2. MFH r307474 by ohauer:

    beat authored
    - update german and russian bugzilla templates to official new versions
    - remove hotfixes from german templates
    
    Feature safe:	yes
Commits on Nov 15, 2012
  1. MFH r307428: update to 4.5.22, 4.6.15, and 4.7.7 to fix some regressions

    rene authored
    introduced by the latest security update.
    
    Changelog:	http://typo3.org/news/article/typo3-cms-4522-4615-and-477-released/
    Submitted by:	maintainer via private mail
    Approved by:	portmgr (beat)
    Feature safe:	yes
  2. MFH 307425 by ohauer:

    beat authored
    - bugzilla security updates to version(s)
      3.6.11, 4.0.8, 4.2.4
    
    Summary
    =======
    
    The following security issues have been discovered in Bugzilla:
    
    * Confidential product and component names can be disclosed to
      unauthorized users if they are used to control the visibility of
      a custom field.
    
    * When calling the 'User.get' WebService method with a 'groups'
      argument, it is possible to check if the given group names exist
      or not.
    
    * Due to incorrectly filtered field values in tabular reports, it is
      possible to inject code which can lead to XSS.
    
    * When trying to mark an attachment in a bug you cannot see as
      obsolete, the description of the attachment is disclosed in the
      error message.
    
    * A vulnerability in swfstore.swf from YUI2 can lead to XSS.
    
    Feature safe:	yes
    
    Security:	CVE-2012-4199
    		https://bugzilla.mozilla.org/show_bug.cgi?id=731178
    
    		CVE-2012-4198
    		https://bugzilla.mozilla.org/show_bug.cgi?id=781850
    
    		CVE-2012-4189
    		https://bugzilla.mozilla.org/show_bug.cgi?id=790296
    
    		CVE-2012-4197
    		https://bugzilla.mozilla.org/show_bug.cgi?id=802204
    
    		CVE-2012-5475
    		https://bugzilla.mozilla.org/show_bug.cgi?id=808845
    		http://yuilibrary.com/support/20121030-vulnerability/
    
    MFH 307429 by ohauer:
    - adjust required PgSQL module for bugzilla42
    
    From Release Notes:
     PostgreSQL 9.2 requires DBD::Pg 2.19.3. (Bug 799721)
    
     No revision bump, p5-DBD-Pg-2.19.3
     a) not on per default
     b) in the tree since a view months
    
    - add deprecation message to bugzilla3
    
    From the announcement:
     Note that when Bugzilla 4.4 is released, the Bugzilla 3.6.x series
     will reach end of life. If you are using that series, we encourage
     you to upgrade to 4.2.4 now.
    
     http://groups.google.com/group/mozilla.support.bugzilla/browse_thread/thread/d8dcc99be0f89421
    
    MFH 307430 by ohauer:
    - fix german bugzilla templates (security fixes)
Commits on Nov 13, 2012
  1. MFH r307263 by eadler:

    beat authored
    Apply an upstream patch that fixes a security hole
    when receiving a special colored message.
    
    The maintainer was contacted but due to the nature of
    the issue apply the patch ASAP.
    
    Approved by:	secteam-ports (swills)
    Security:	e02c572f-2af0-11e2-bb44-003067b2972c
    
    MFH r307275 by jase:
    - Update to 0.3.9.1
    
    Changes:	http://www.weechat.org/files/changelog/ChangeLog-0.3.9.1.html
    
    MFH r307276 by jase:
    - Remove extraneous patch
    
    MFH r307279 by jase:
    - Update to 20121110
    - Remove extraneous patch
    
    MFH r307387 by jase:
    - Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)
    
    - Document assigned CVE Identifier
    - Document workaround for vulnerable versions
    
    Feature safe:	yes
  2. @mexicarne

    MFH r307375

    mexicarne authored
    - add missing build dependency on devel/py-hgtools. This should fix
      build on pointyhat [1]
    - bump PORTREVISION because of dependency change
    
    while here:
    - trim Makefile header
    - remove trailing whitespace in pkg-descr
    
    PR:		173507 [1]
    PR: 173501 [2]
    Submitted by:	William Grzybowski <william88 at gmail dot com> (maintainer)
    Reported by:	bdrewery [2]
    Approved by:	portmgr (beat)
    Feature safe:	yes
  3. @mexicarne

    MFH r307374

    mexicarne authored
     Classes and setuptools plugin for Mercurial repositories
    
      hgtools builds on the setuptools_hg plugin for setuptools.
      Provides classes for inspecting and working with repositories in the
      Mercurial version control system.
    
      WWW: http://bitbucket.org/jaraco/hgtools/
    
    PR:		173506
    Submitted by:	William Grzybowski <william88 at gmail dot com>
    Approved by:	portmgr (beat)
    Feature safe:	yes
  4. @madpilot78

    MFH r307334, r307335:

    madpilot78 authored
    - Update to 2.7.1
    - Convert to new options framework
    - Document US-CERT VU#268267
    - Trim Makefile headers
    
    PR:		ports/173226
    Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer)
    
    This commit fixes mergeinfo for r307335.
    
    Approved by:	portmgr (beat)
    Feature safe:	yes
Commits on Nov 12, 2012
  1. MFH r307349:

    rene authored
    Update www/typo3 to 4.7.6 [2]
    
    MFH r307350:
    Update www/typo345 to 4.5.21 [1]
    
    MFH r307351:
    Update www/typo346 to 4.6.14 [3]
    
    PR:		ports/173472 [1]
    PR:		ports/173473 [2]
    PR:		ports/173474 [3]
    Submitted by:	maintainer
    Approved by:	portmgr (beat)
    Security:	79818ef9-2d10-11e2-9160-00262d5ed8ee
    Feature safe:	yes
  2. MFH r307348: document typo3 vulnerabilities [1]

    rene authored
    This also merges the changes to vuln.xml of r307247, r307259, r307261,
      r307263, r307282, r307286, r307334, and r307335
    Approved by:	portmgr (beat)
    Obtained from:	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ [1]
    Feature safe:	yes
  3. @juikim

    MFH: r307194, r307256

    juikim authored
    - Update to 1.3.1.
    - Tidy up dependencies, trim Makefile header, and clean up style.
    
    Approved by:	portmgr (tabthorpe)
    Feature safe:	yes
  4. @juikim

    MFH: r307218

    juikim authored
    Update to 1.8.4.
    
    Approved by:	portmgr (tabthorpe)
    Feature safe:	yes
Commits on Nov 10, 2012
  1. MFH r307260

    adamw authored
    Convert remaining squirrelmail plugins to bsd.squirrelmail.mk. Because they
    were duplicating the content there, php version mismatches were created and
    package building broke. Also includes a few whitespace and header fixes due
    to OCD.
    
    Feature safe:	yes
    Approved by:	portmgr
  2. @swills

    MFH r307261

    swills authored
    - Update lang/ruby19 to 1.9.3p327
    
    Security:	5e647ca3-2aea-11e2-b745-001fd0af1a4c
    Feature safe:	yes
    Approved by:	portmgr (tabthorpe)
  3. MFH r307220

    jhale authored
    - Fix build with base gcc
    
    Reported by:	pointyhat via beat
    Approved by:	portmgr (tabthorpe)
    		makc, avilla (mentors, implicit)
    Obtained from:	joyent/node#4186
    Feature safe:	yes
Commits on Nov 9, 2012
  1. @bdrewery

    MFH r307248

    bdrewery authored
    - Restore linking to libtermcap by default by
      setting TERMCAP as default.
    - Remove use of bsd.port.pre.mk
    - Bump PORTREVISION as built package will be
      different now.
    
    Approved by:	eadler (maintainer, implicit)
    Approved by:	portmgr (beat)
    Feature safe:	yes
  2. @grimreaper

    MFH r307221:

    grimreaper authored
    ------------------------------------------------------------------------
    r307221 | eadler | 2012-11-08 23:31:13 -0500 (Thu, 08 Nov 2012) | 7 lines
    
    Update latest version and document security issues
    
    PR:	ports/173487
    Submitted by:	 Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
    Security:	4b8b748e-2a24-11e2-bb44-003067b2972c
    Feature safe:	yes
    
    ------------------------------------------------------------------------
    
    Approved by:	portmgr (beat)
  3. MFH r307217

    adamw authored
    Jabber/iskemel detection requires pkg-config.
    Fixes package building for -server and -proxy.
    
    Feature safe:	yes
    Approved by:	portmgr
  4. MFH r307210

    adamw authored
    - fix plist
    - sort plist to make it legible
    - use GNU_CONFIGURE instead of HAS_CONFIGURE to make it PREFIX-safe
    
    Feature safe:	yes
    Approved by:	portmgr
  5. MFH r307206

    adamw authored
    - fix NLS support, which was wired backwards
    - actually enable NLS in OPTIONS
    - change LOCALBASE to PREFIX, as it was attempting to create a directory in
      one, and then install a file into another
    - this fixes package building
    
    Feature safe:	yes
    Approved by:	portmgr
  6. MFH r307219

    jhale authored
    - Update MASTER_SITES to fix fetch [1]
    - Update WWW
    - Trim Makefile header
    
    Reported by:	pointyhat via beat
    Approved by:	portmgr (beat)
    		makc, avilla (mentors, implicit)
    Feature safe:	yes
  7. @mexicarne

    MFH r307198

    mexicarne authored
    - add missing dependency, it should fix build on pointyhat
    
    Reported by:	pointyhat (beat)
    Approved by:	portmgr (beat)
    Feature safe:	yes
  8. @mexicarne

    MFH r307197

    mexicarne authored
    This package is a setuptools plugin: it adds a file to the generated .egg-info
    directory, capturing the information used by the setup.py test command when
    running tests.
    
    WWW: http://pypi.python.org/pypi/eggtestinfo
    
    Approved by:	portmgr (beat)
    Feature safe:	yes
  9. MFH r307208

    jhale authored
    - Add upstream patch to fix build with lcms 2.4
    
    Reported by:	pointyhat via beat
    Approved by:	portmgr (beat)
    		makc, avilla (mentors, implicit)
    Feature safe:	yes
Something went wrong with that request. Please try again.