| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Add RedHat's patch for CVE-2014-7186, commonly known as "redir_stack" overflow,
which has not been shown to be as critical as "shellshock" currently.
Security: CVE-2014-7186
Notes:
svn path=/branches/2014Q3/; revision=369685
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to 2.1.1
Security: CVE-2014-2905
Security: CVE-2014-2906
Security: CVE-2014-3856
Security: CVE-2014-2914
Security: CVE-2014-3219
Notes:
svn path=/branches/2014Q3/; revision=369564
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to patchlevel 27 which changes how functions are exported.
This should eliminate the recent vulnerabilities, but keep the
requirement for --import-functions/IMPORTFUNCTIONS option for now.
- Loosen the --import-functions requirement so it is not needed when running
an interactive shell. It is already disallowed for privileged/setuid mode.
- Show an error on stderr when an imported function is ignored.
Notes:
svn path=/branches/2014Q3/; revision=369468
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Apply patch to fix timed out SSL connections from spinning CPU
Tested by: bdrewery
Submitted by: kajetan.staszkiewicz@innogames.de
Submitted by: ohauer
PR: 176438
Approved by: maintainer timeout
Notes:
svn path=/branches/2014Q3/; revision=369417
|
|
|
|
|
|
|
| |
Update to patchlevel 26. This is a NOP as r369261 already covered it.
Notes:
svn path=/branches/2014Q3/; revision=369348
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disable function importing from the environment by default. This can be
enabled by using --import-functions or enabling the IMPORTFUNCTIONS option.
This removes the risk of further parser bugs leading to code execution, as
well as the risk to setuid scripts and poorly written applications that
do not cleanse their environment [1][2].
Also note that there is an unofficial 4.3.26 floating around that has not yet
been officially released. r369261 covers the change in 4.3.26.
See also:
http://seclists.org/oss-sec/2014/q3/747 [1]
http://seclists.org/oss-sec/2014/q3/746 [2]
http://seclists.org/oss-sec/2014/q3/755 [3]
Obtained from: NetBSD (based on) [3]
PR: 193932
Reviewed by: Eric Vangyzen
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=369345
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport Adobe's Flash upgrade to fix twelve vulnerabilities.
While here, set maintainer to emulation@ in line with r369160.
Approved by: swills (mentor)
Approved by: portmgr (erwin)
Security: ca44b64c-4453-11e4-9ea1-c485083ca99c
Notes:
svn path=/branches/2014Q3/; revision=369304
|
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2014-3659. The original fix in 25 was not enough.
Obtained from: http://seclists.org/oss-sec/2014/q3/690 (bash developer)
Security: CVE-2014-3659
Notes:
svn path=/branches/2014Q3/; revision=369262
|
|
|
|
|
|
|
|
|
|
|
|
| |
because these ports have very complex revision history interleaved with
other Mozilla ports.
Approved by: ports-secteam
Security: CVE-2014-1544
Security: 48108fb0-751c-4cbb-8f33-09239ead4b55.html
Notes:
svn path=/branches/2014Q3/; revision=369250
|
|
|
|
|
|
|
|
|
|
| |
Update www/chromium to 37.0.2062.124 to fix the NSS vulnerability.
Security: http://vuxml.freebsd.org/freebsd/bd2ef267-4485-11e4-b0b7-00262d5ed8ee.html
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=369246
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add upstream patches for CVE-2014-6055 (more vulnerabilities in libvncserver).
Don't worry, more recent krfb versions will stop bundling libvncserver.
Security: fb25333d-442f-11e4-98f3-5453ed2e2b49
Approved by: portmgr (erwin), ports-secteam (rea)
Notes:
svn path=/branches/2014Q3/; revision=369224
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document new vulnerability in www/chromium < 37.0.2062.124
Obtained from: http://googlechromereleases.blogspot.nl/
Document krfb -- Multiple security issues in bundled libvncserver (while here)
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=369222
|
|
|
|
|
|
|
|
|
| |
Document bash remote code execution vulnerability.
Approved by: portmgr (ports-security blanket)
Notes:
svn path=/branches/2014Q3/; revision=369193
|
|
|
|
|
|
|
|
|
|
|
| |
- Provide CPE information [1]
Provided by: des [1]
Security: CVE-2014-6271
Approved by: portmgr (bdrewery)
Notes:
svn path=/branches/2014Q3/; revision=369191
|
|
|
|
|
|
|
|
|
| |
Fixing it would require major upgrade of some dependencies
Approved by: portmgr (self)
Notes:
svn path=/branches/2014Q3/; revision=369177
|
|
|
|
|
|
|
|
|
|
| |
- Fix build with Clang.
PR: 189043
Approved by: portmgr (rea)
Notes:
svn path=/branches/2014Q3/; revision=369163
|
|
|
|
|
|
|
|
|
| |
Document new asterisk11 vulnerability.
Approved by: portmgr (zi)
Notes:
svn path=/branches/2014Q3/; revision=368528
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix build failure with perl 5.20 due to error in documentation
PR: 193267
Submitted by: John.Marshall@riverwillow.com.au
Approved by: portmgr
Notes:
svn path=/branches/2014Q3/; revision=368489
|
|
|
|
|
|
|
| |
@sample: Alert user that there is a stale file to be removed.
Notes:
svn path=/branches/2014Q3/; revision=368396
|
|
|
|
|
|
|
|
|
|
| |
- Update to 3.17.7
Changes:
* Use PM_SU_CMD for pkg set -o
Notes:
svn path=/branches/2014Q3/; revision=368391
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to 3.0.19
Changes:
* Fix improper call to 'msg_warn'. Bad backport from 3.1.
Reported by: sunpoet
Notes:
svn path=/branches/2014Q3/; revision=368390
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to 3.0.18
Changes:
* Add a check for 3.1 repository and reject the build. 3.0 does not know
how to handle 3.1's repository format. Downgrading is not supported
at this point.
* Allow securelevel>=1 with USE_TMPFS=all
* Add a warning that DEVELOPER=yes is ignored in lieu of bulk -t/testport
Notes:
svn path=/branches/2014Q3/; revision=368389
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to 3.0.17
Changes:
* Workaround regression with pkg-1.3 causing all packages to have new options.
* distclean: Fix some false-positives
* Fix dead link in poudriere.conf
Notes:
svn path=/branches/2014Q3/; revision=368388
|
|
|
|
|
|
|
|
|
|
|
| |
Update to 1.8.8.
Security update.
Approved by: portmgr (erwin@)
Notes:
svn path=/branches/2014Q3/; revision=368375
|
|
|
|
|
|
|
|
|
|
| |
- Fix off-by-one with 'make checksum' which caused it to not properly
download files from the last site (distcache).
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=368346
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security update to 4.2.8.1
Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
Security: cc627e6c-3b89-11e4-b629-6805ca0b3d42
Approved by: portmgr (zi)
Notes:
svn path=/branches/2014Q3/; revision=368150
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix heap-based buffer overflow in formisc.c
- Bump PORTREVISION for package change
Security: CVE-2014-3618
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=368028
|
|
|
|
|
|
|
|
|
|
|
|
| |
www/chromium: update to 37.0.2062.120
Obtained from: FreeBSD Chromium Project
Security: http://vuxml.freebsd.org/freebsd/36a415c8-3867-11e4-b522-00262d5ed8ee.html
Approved by: ports-secteam (zi)
Notes:
svn path=/branches/2014Q3/; revision=367854
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update www/chromium to 37.0.2062.94
Obtained from: freebsd-chromium@ (especially Carlos Medina)
Security: http://www.vuxml.org/freebsd/fd5f305d-2d3d-11e4-aa3d-00262d5ed8ee.html
Approved by: portmgr (erwin, on 2014-08-27)
Notes:
svn path=/branches/2014Q3/; revision=367852
|
|
|
|
|
|
|
|
|
|
|
| |
Document new vulnerabilities in www/chromium < 37.0.2062.120
Obtained from: http://googlechromereleases.blogspot.nl/
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=367785
|
|
|
|
|
|
|
|
|
| |
Document trafficserver vulnerability
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=367350
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- update to 2.2.29
- use PTHREAD_LIBS/CFLAGS instead -pthread
Changes with Apache 2.2.29
http://www.apache.org/dist/httpd/CHANGES_2.2.29
*) Corrected docs/manual pages for new MergeTrailers directive and other
out of date documentation. [William Rowe]
Changes with Apache 2.2.28
*) SECURITY: CVE-2014-0118 (cve.mitre.org) [1]
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of service via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
*) SECURITY: CVE-2014-0231 (cve.mitre.org) [1]
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
[Rainer Jung, Eric Covener, Yann Ylavic]
*) SECURITY: CVE-2014-0226 (cve.mitre.org) [1]
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener, Jeff Trawick]
*) SECURITY: CVE-2013-5704 (cve.mitre.org) [2]
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
*) core: Detect incomplete request and response bodies, log an error and
forward it to the underlying filters. PR 55475. [Yann Ylavic]
*) mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks. PR 46146. [Yann Ylavic]
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs. PR 55782. [Yann Ylavic]
*) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
[Lukas Bezdicka <social v3.sk>]
*) mod_dav: Fix improper encoding in PROPFIND responses. PR 56480.
[Ben Reser]
*) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077). [Rainer Jung]
*) mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port. [Rainer Jung]
*) mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
*) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
header might not get the benefit of the thundering herd protection due to
an incorrect internal cache key. PR 50317.
[Ruediger Pluem, Jan Kaluza, Yann Ylavic]
*) mod_rewrite: Support session cookies with the CO= flag when later
parameters are used. The doc for this implied the feature had been
backported for quite some time. PR56014 [Eric Covener]
*) mod_cache: Don't remove stale cache entries that cannot be conditionally
revalidated. This prevents the thundering herd protection from serving
stale responses during a revalidation. PR 50317.
[Eric Covener, Jan Kaluza, Ruediger Pluem]
*) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds.
PR 41270. [Dean Gaudet <dean arctic org>]
[1] CVE issues already fixed since FreeBSD-ports r362845
[2] new CVE-2013-5704 issue fixed in 2.2.29
Approved by: portmgr (erwin@)
Security: f927e06c-1109-11e4-b090-20cf30e32f6d
Security: CVE-2013-5704
Notes:
svn path=/branches/2014Q3/; revision=367234
|
|
|
|
|
|
|
|
|
|
| |
- update vid f927e06c-1109-11e4-b090-20cf30e32f6d
(httpd-2.2.29 was released today)
Approved by: portmgr (erwin@)
Notes:
svn path=/branches/2014Q3/; revision=367232
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Stagify
- Fix build on clang
- Add MAKE_JOBS_UNSAFE
- Add LICENSE
- Add DOCS option
- Bump PORTREVISION
- Pet portlint
PR: 191049
Submitted by: k@stereochro.me
Reviewed by: cpm@fbsd.es, joemann@beefree.free.de, marino, riggs
Final patch by: cpm@fbsd.es, riggs
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=367226
|
|
|
|
|
|
|
| |
MIT license with a copyright holder can be distributed
Notes:
svn path=/branches/2014Q3/; revision=366340
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore ports setting NO_PACKAGE when PACKAGE_BUILDING is set
Side effect is that we will no longer mirror their distfiles, sad for them,
but we will no longer spend cpu cycles building them for nothing every week
and have strange errors from dependent ports unable to install NO_PACKAGE
dependencies
Users willing to package those ports can still set FORCE_PACKAGE
Poudriere users can also package by not setting NO_FORCE_PACKAGE in poudriere.conf (by default it's already not set)
Differential Revision: https://reviews.freebsd.org/D670
Reviewed by: bdrewery
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=366339
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Unbreak by updating to 0.8.19
- Fix LICENSE_PERMS
- Add lang/gawk to (BUILD|TEST)_DEPENDS
- Remove conflicts with misc/translate
- Add 3 new options (default off) to support RTL languages,
enable text-to-speech functionality and readline-style
editing and history in interactive mode
- Remove pkg-plist
Build Log: https://redports.org/buildarchive/20140824220804-65990/
Notes:
svn path=/branches/2014Q3/; revision=366338
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document new vulnerabilities in www/chromium < 37.0.2062.94
Obtained from: http://googlechromereleases.blogspot.nl
Also merge entries for file, django, php, and phpMyAdmin
Approved by: portmgr (erwin)
Notes:
svn path=/branches/2014Q3/; revision=366294
|
|
|
|
|
|
|
|
|
| |
- Fix link for SQL option
Approved by: portmgr blanket
Notes:
svn path=/branches/2014Q3/; revision=366201
|
|
|
|
|
|
|
|
|
| |
- Fix build by disabling warning which shoots on libdbi and is fatal due to -Werror
Approved by: portmgr blanket
Notes:
svn path=/branches/2014Q3/; revision=366200
|
|
|
|
|
|
|
|
|
| |
- Fix link for SQL option
Approved by: portmgr blanket
Notes:
svn path=/branches/2014Q3/; revision=366199
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- update to 6.4.7
- add CPE entry
- sort pkg-plist
Changelog (entries related to the command line tools)
Nmap 6.47 [2014-08-20]
o Integrated all of your IPv4 OS fingerprint submissions since June 2013
(2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]
o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
was added in 6.45, and resulted in trouble for Nmap XML parsers without
network access, as well as increased traffic to Nmap's servers. The doctype
is now:
<!DOCTYPE nmaprun>
o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
being written in the wrong place, so authentication could not succeed.
Reported with patch by Pierluigi Vittori.
o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
this to the string "(null)", but it caused segfault on Solaris. [Daniel Miller]
o Handle ICMP admin-prohibited messages when doing service version detection.
Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
callback. Error code: 101 (Network is unreachable) [David Fifield]
o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]
Approved by: portmgr (zi)
Notes:
svn path=/branches/2014Q3/; revision=365727
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update all Django ports to new security releases
On August 20, the Django team issued new security releases addressing
multiple vulnerabilities [1]. Update all of our Django ports accordingly:
- www/py-django: Update to 1.6.6
- www/py-django14: Update to 1.4.14
- www/py-django15: Update to 1.5.9
- www/py-django-devel: Update to 1.7 release candidate 3
While I'm here:
- Switch to USES=python and USE_PYTHON=<features>
- Deprecate OPTIONSFILE
- Add CPE information
- Add LICENSE_FILE
- Tweak HTMLDOCS option description
And for www/py-django-devel:
- Switch to GITHUB for distribution files
[1] https://www.djangoproject.com/weblog/2014/aug/20/security/
Approved by: lwhsu (maintainer)
Security: 3c5579f7-294a-11e4-99f6-00e0814cab4e
Notes:
svn path=/branches/2014Q3/; revision=365594
|
|
|
|
|
|
|
|
|
|
|
| |
- Make 'clean-restricted' tell that it is deleting the package.
Don't show this verbose output when calling delete-package on
failures from do-package though.
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=365577
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove unneeded LIB_DEPENDS for avahi.
padevchooser does not link directly to avahi. Pulseaudio links directly to it
and already depends on it. Pkg only considers library dependencies for
DT_NEEDED links. Because avahi is not actually needed it is not registered as
a dependency in the package. This causes poudriere to rebuild this port
on every build because it sees avahi in LIB_DEPENDS but not registered in
the package.
ldd(1) shows the indirect dependency on avahi, however the direct deps can
be seen with ldd -a or readelf -d.
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=365529
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
was causing poudriere to rebuild the package on every run even if the port
was not updated.
Direct commit as head did a major release to the Haskell ports in r364579
which covered this.
With hat: portmgr
Obtained from: https://github.com/freebsd-haskell/ports/commit/8a17f83af2b4793103f5ef6ffced95dfd6d831fe.patch
Notes:
svn path=/branches/2014Q3/; revision=365526
|
|
|
|
|
|
|
|
|
| |
LIB_DEPENDS. This was causing needless rebuilding with poudriere.
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=365519
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix dependency line for p5-Net. This was causing needless rebuilding of
p5-Test-OpenLDAP with poudriere as it always thought the dependencies
were changed. This also correctly registers the p5-Net as a dependency
for package use.
With hat: portmgr
Notes:
svn path=/branches/2014Q3/; revision=365515
|
|
|
|
|
|
|
|
|
| |
- Fix plist for WITH_DBI case
Approved by: portmgr
Notes:
svn path=/branches/2014Q3/; revision=365463
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mark BROKEN: fails to link
cc -O2 -pipe -fno-strict-aliasing -I/usr/local/include -I../flx -I/usr/local/include -DCSRG_BASED -DFUNCPROTO=15 -DNARROWPROTO -DHELP_DIR=\"/usr/local/lib/X11/xfpovray/help\" -c ./util.c
rm -f xfpovray
cc -o xfpovray -L/usr/local/lib ./build_pages.o ./callbacks.o ./show_image.o ./xfpovray.o ./tips.o ./state.o ./config.o ./run_program.o ./util.o ../flx/libflx.a -L/usr/local/lib -lforms -lXpm -lm -lXext -lX11 -Wl,-rpath,/usr/local/lib
../flx/libflx.a(flx_return_button.o): In function `draw_return_button':
flx_return_button.c:(.text+0x178): undefined reference to `fl_drw_box'
flx_return_button.c:(.text+0x1a9): undefined reference to `fl_drw_box'
flx_return_button.c:(.text+0x1ff): undefined reference to `fl_drw_box'
*** [xfpovray] Error code 1
Reported by: pkg-fallout
Notes:
svn path=/branches/2014Q3/; revision=365446
|