From owner-svn-ports-branches@FreeBSD.ORG Mon Nov 26 20:55:54 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EDC8190F; Mon, 26 Nov 2012 20:55:53 +0000 (UTC) (envelope-from beat@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id C8B6A8FC15; Mon, 26 Nov 2012 20:55:53 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQKtr55072997; Mon, 26 Nov 2012 20:55:53 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAQKtrMj072990; Mon, 26 Nov 2012 20:55:53 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201211262055.qAQKtrMj072990@svn.freebsd.org> From: Beat Gaetzi Date: Mon, 26 Nov 2012 20:55:53 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307797 - in branches/RELENG_9_1_0: irc/weechat irc/weechat-devel security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 20:55:54 -0000 Author: beat Date: Mon Nov 26 20:55:53 2012 New Revision: 307797 URL: http://svnweb.freebsd.org/changeset/ports/307797 Log: MFH r307534 by jase: - Document new vulnerability in irc/weechat and irc/weechat-devel MFH r307535 by jase: - Fix copy and paste error in latest weechat entry (81826d12-317a-11e2-9186-406186f3d89d) MFH r307536 by jase: - Update to 0.3.9.2 Changes: http://www.weechat.org/files/changelog/ChangeLog-0.3.9.2.html Security: 81826d12-317a-11e2-9186-406186f3d89d MFH r307537 by jase: - Update to 20121118 Security: 81826d12-317a-11e2-9186-406186f3d89d Feature safe: yes Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile branches/RELENG_9_1_0/irc/weechat-devel/distinfo branches/RELENG_9_1_0/irc/weechat/Makefile branches/RELENG_9_1_0/irc/weechat/distinfo branches/RELENG_9_1_0/security/vuxml/vuln.xml Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/Makefile Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat-devel/Makefile Mon Nov 26 20:55:53 2012 (r307797) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 20121110 +PORTVERSION= 20121118 CATEGORIES= irc MASTER_SITES= http://perturb.me.uk/distfiles/ \ ${MASTER_SITE_LOCAL} @@ -26,7 +26,7 @@ WANT_PERL= yes LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl \ gcrypt:${PORTSDIR}/security/libgcrypt -GITREV= 7cd376b +GITREV= 57293ff WRKSRC= ${WRKDIR}/${PORTNAME}-${GITREV} # Please note: the DEBUG option is *NOT* empty, it is utilised by Modified: branches/RELENG_9_1_0/irc/weechat-devel/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/distinfo Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat-devel/distinfo Mon Nov 26 20:55:53 2012 (r307797) @@ -1,2 +1,2 @@ -SHA256 (weechat-devel-7cd376b.tar.gz) = dd10c1ab81051ec3476ad95a12c4c70cd8161a5f0dbcc7f0659e3d2602a79ef2 -SIZE (weechat-devel-7cd376b.tar.gz) = 2517031 +SHA256 (weechat-devel-57293ff.tar.gz) = c4aa77d7ba73fc2994215ca0ae8527b0661a19d8f9df011983168348fbb257c5 +SIZE (weechat-devel-57293ff.tar.gz) = 2518572 Modified: branches/RELENG_9_1_0/irc/weechat/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/Makefile Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat/Makefile Mon Nov 26 20:55:53 2012 (r307797) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 0.3.9.1 +PORTVERSION= 0.3.9.2 CATEGORIES= irc MASTER_SITES= http://weechat.org/files/src/ Modified: branches/RELENG_9_1_0/irc/weechat/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/distinfo Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat/distinfo Mon Nov 26 20:55:53 2012 (r307797) @@ -1,2 +1,2 @@ -SHA256 (weechat-0.3.9.1.tar.gz) = 9a6ad4aacbda9c5524dc519cc8782621d59ba1bf0556e64f5ae4f9102f28b29d -SIZE (weechat-0.3.9.1.tar.gz) = 3756617 +SHA256 (weechat-0.3.9.2.tar.gz) = 03949cfc4cd6b6c1d5b7791804ff54c44f1209d3e753dd48461d67cbb1738c84 +SIZE (weechat-0.3.9.2.tar.gz) = 3757977 Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:55:53 2012 (r307797) @@ -204,6 +204,40 @@ Note: Please add new entries to the beg + + weechat -- Arbitrary shell command execution via scripts + + + weechat + 0.3.00.3.9.2 + + + weechat-devel + 20121118 + + + + +

Sebastien Helleu reports:

+
+

Untrusted command for function hook_process could lead to + execution of commands, because of shell expansions.

+

Workaround with a non-patched version: remove/unload all scripts + calling function hook_process (for maximum safety).

+
+ + + + http://weechat.org/security/ + https://savannah.nongnu.org/bugs/?37764 + + + 2012-11-15 + 2012-11-18 + 2012-11-18 + + + bugzilla -- multiple vulnerabilities From owner-svn-ports-branches@FreeBSD.ORG Mon Nov 26 21:04:11 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E40E5FBD; Mon, 26 Nov 2012 21:04:11 +0000 (UTC) (envelope-from beat@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id BF0298FC13; Mon, 26 Nov 2012 21:04:11 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQL4Btk074654; Mon, 26 Nov 2012 21:04:11 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAQL4B5D074649; Mon, 26 Nov 2012 21:04:11 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201211262104.qAQL4B5D074649@svn.freebsd.org> From: Beat Gaetzi Date: Mon, 26 Nov 2012 21:04:11 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307798 - in branches/RELENG_9_1_0: security/vuxml www/lighttpd www/lighttpd/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 21:04:12 -0000 Author: beat Date: Mon Nov 26 21:04:11 2012 New Revision: 307798 URL: http://svnweb.freebsd.org/changeset/ports/307798 Log: MFH r307616 by mm: Document new vulnerability in www/lighttpd 1.4.31 MFH r307617 by mm: Update lighttpd to 1.4.32 (fixes CVE-2012-5533) Feature safe: yes Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml branches/RELENG_9_1_0/www/lighttpd/Makefile branches/RELENG_9_1_0/www/lighttpd/distinfo branches/RELENG_9_1_0/www/lighttpd/files/patch-configure.ac Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:55:53 2012 (r307797) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 21:04:11 2012 (r307798) @@ -51,6 +51,38 @@ Note: Please add new entries to the beg --> + + lighttpd -- remote DoS in header parsing + + + lighttpd + 1.4.301.4.32 + + + + +

Lighttpd security advisory reports:

+
+

Certain Connection header values will trigger an endless loop, for example: + "Connection: TE,,Keep-Alive"

+

On receiving such value, lighttpd will enter an endless loop, + detecting an empty token but not incrementing the current string + position, and keep reading the ',' again and again.

+

This bug was introduced in 1.4.31, when we fixed an "invalid read" + bug (it would try to read the byte before the string if it started + with ',', although the value wasn't actually used).

+
+ + + + CVE-2012-5533 + + + 2012-11-17 + 2012-11-21 + + + mozilla -- multiple vulnerabilities Modified: branches/RELENG_9_1_0/www/lighttpd/Makefile ============================================================================== --- branches/RELENG_9_1_0/www/lighttpd/Makefile Mon Nov 26 20:55:53 2012 (r307797) +++ branches/RELENG_9_1_0/www/lighttpd/Makefile Mon Nov 26 21:04:11 2012 (r307798) @@ -6,8 +6,7 @@ # PORTNAME?= lighttpd -PORTVERSION= 1.4.31 -PORTREVISION= 5 +PORTVERSION= 1.4.32 CATEGORIES?= www MASTER_SITES?= http://download.lighttpd.net/lighttpd/releases-1.4.x/ Modified: branches/RELENG_9_1_0/www/lighttpd/distinfo ============================================================================== --- branches/RELENG_9_1_0/www/lighttpd/distinfo Mon Nov 26 20:55:53 2012 (r307797) +++ branches/RELENG_9_1_0/www/lighttpd/distinfo Mon Nov 26 21:04:11 2012 (r307798) @@ -1,5 +1,5 @@ -SHA256 (lighttpd-1.4.31.tar.bz2) = 5209e7a25d3044cb21b34d6a2bb3a6f6c216ba903ea486a803d070582e5e26ac -SIZE (lighttpd-1.4.31.tar.bz2) = 675275 +SHA256 (lighttpd-1.4.32.tar.bz2) = 60691b2dcf3ad2472c06b23d75eb0c164bf48a08a630ed3f308f61319104701f +SIZE (lighttpd-1.4.32.tar.bz2) = 681065 SHA256 (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch.gz) = d7c3704d5253c4f3c18459f89059063b311e50096cd2c38fc982cec683c32e61 SIZE (lighttpd-1.4.26_mod_h264_streaming-2.2.9.patch.gz) = 44695 SHA256 (lighttpd-1.4.26_mod_geoip.patch.gz) = db43cc0ed7c808b5eed3185d97346e70dea0f1ef4fa9ed436d08e4faff7f97e7 Modified: branches/RELENG_9_1_0/www/lighttpd/files/patch-configure.ac ============================================================================== --- branches/RELENG_9_1_0/www/lighttpd/files/patch-configure.ac Mon Nov 26 20:55:53 2012 (r307797) +++ branches/RELENG_9_1_0/www/lighttpd/files/patch-configure.ac Mon Nov 26 21:04:11 2012 (r307798) @@ -1,10 +1,16 @@ ---- configure.ac.orig 2011-07-03 09:33:11.000000000 -0700 -+++ configure.ac 2012-05-03 16:49:19.000000000 -0700 -@@ -18,2 +18,3 @@ +--- configure.ac.orig 2012-11-19 11:05:29.000000000 +0100 ++++ configure.ac 2012-11-21 14:22:53.723233779 +0100 +@@ -16,6 +16,7 @@ + dnl Checks for programs. + AC_PROG_CC AM_PROG_CC_C_O +AM_PROG_AR AC_PROG_LD -@@ -26,7 +27,2 @@ + AC_PROG_INSTALL + AC_PROG_AWK +@@ -30,11 +31,6 @@ + dnl AM_PROG_AR requires automake 1.11 (and uses AC_COMPILE_IFELSE which wants AC_USE_SYSTEM_EXTENSIONS) + m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) -dnl check environment -AC_AIX @@ -12,9 +18,5 @@ -AC_MINIX - dnl AC_CANONICAL_HOST -@@ -40,5 +36,2 @@ - --dnl more automake stuff --AM_C_PROTOTYPES -- - dnl libtool + case $host_os in + *darwin*|*cygwin*|*aix*|*mingw* ) NO_RDYNAMIC=yes;; From owner-svn-ports-branches@FreeBSD.ORG Mon Nov 26 21:15:46 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B51DF355; Mon, 26 Nov 2012 21:15:46 +0000 (UTC) (envelope-from beat@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 99AC58FC08; Mon, 26 Nov 2012 21:15:46 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQLFk4E076910; Mon, 26 Nov 2012 21:15:46 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAQLFkjo076908; Mon, 26 Nov 2012 21:15:46 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201211262115.qAQLFkjo076908@svn.freebsd.org> From: Beat Gaetzi Date: Mon, 26 Nov 2012 21:15:46 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307799 - branches/RELENG_9_1_0/security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 21:15:46 -0000 Author: beat Date: Mon Nov 26 21:15:46 2012 New Revision: 307799 URL: http://svnweb.freebsd.org/changeset/ports/307799 Log: MFH r307666 by dinoex: - opera -- execution of arbitrary code MFH r307733 by wxs: Add entries for the following advisories: FreeBSD-SA-12:08.linux FreeBSD-SA-12:07.hostapd FreeBSD-SA-12:06.bind Feature safe: yes Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 21:04:11 2012 (r307798) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 21:15:46 2012 (r307799) @@ -51,6 +51,131 @@ Note: Please add new entries to the beg --> + + FreeBSD -- Linux compatibility layer input validation error + + + FreeBSD + 7.47.4_11 + 8.38.3_5 + 9.09.0_5 + + + + +

Problem description:

+
+

A programming error in the handling of some Linux system calls + may result in memory locations being accessed without proper + validation.

+
+ + + + SA-12:08.linux + CVE-2012-4576 + + + 2012-11-22 + 2012-11-24 + + + + + FreeBSD -- Insufficient message length validation for EAP-TLS messages + + + FreeBSD + 8.38.3_5 + 9.09.0_5 + + + + +

Problem description:

+
+

The internal authentication server of hostapd does not + sufficiently validate the message length field of EAP-TLS + messages.

+
+ + + + SA-12:07.hostapd + CVE-2012-4445 + + + 2012-11-22 + 2012-11-24 + + + + + FreeBSD -- Multiple Denial of Service vulnerabilities with named(8) + + + FreeBSD + 7.47.4_11 + 8.38.3_5 + 9.09.0_5 + + + + +

Problem description:

+
+

The BIND daemon would crash when a query is made on a resource + record with RDATA that exceeds 65535 bytes.

+

The BIND daemon would lock up when a query is made on specific + combinations of RDATA.

+
+ + + + SA-12:06.bind + CVE-2012-4244 + CVE-2012-5166 + + + 2012-11-22 + 2012-11-24 + + + + + opera -- execution of arbitrary code + + + opera + opera-devel + linux-opera + linux-opera-devel + 12.11 + + + + +

Opera reports:

+
+

When requesting pages using HTTP, Opera temporarily stores the + response in a buffer. In some cases, Opera may incorrectly allocate + too little space for a buffer, and may then store too much of the + response in that buffer. This causes a buffer overflow, which in + turn can lead to a memory corruption and crash. It is possible to + use this crash to execute the overflowing data as code, which may + be controlled by an attacking site.

+
+ + + + http://www.opera.com/support/kb/view/1036/ + + + 2012-11-19 + 2012-11-22 + + + lighttpd -- remote DoS in header parsing From owner-svn-ports-branches@FreeBSD.ORG Mon Nov 26 21:23:26 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F1B958AE; Mon, 26 Nov 2012 21:23:25 +0000 (UTC) (envelope-from flo@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id CCD828FC0C; Mon, 26 Nov 2012 21:23:25 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQLNPE2078272; Mon, 26 Nov 2012 21:23:25 GMT (envelope-from flo@svn.freebsd.org) Received: (from flo@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAQLNP9A078268; Mon, 26 Nov 2012 21:23:25 GMT (envelope-from flo@svn.freebsd.org) Message-Id: <201211262123.qAQLNP9A078268@svn.freebsd.org> From: Florian Smeets Date: Mon, 26 Nov 2012 21:23:25 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307800 - in branches/RELENG_9_1_0: lang/php52 security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 21:23:26 -0000 Author: flo Date: Mon Nov 26 21:23:25 2012 New Revision: 307800 URL: http://svnweb.freebsd.org/changeset/ports/307800 Log: MFH r307747 - Update backports patch to 20121114 - Bump PORTREVISION Changes: - CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions for strlen(filename) != filename_len - CVE-2012-4388 The sapi_header_op function in main/SAPI.c does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, this vulnerability exists because of an incorrect fix for CVE-2011-1398. - Timezone database updated to version 2012.9 (2012i) Approved by: portmgr (beat) Feature safe: yes Modified: branches/RELENG_9_1_0/lang/php52/Makefile (contents, props changed) branches/RELENG_9_1_0/lang/php52/distinfo (contents, props changed) branches/RELENG_9_1_0/security/vuxml/vuln.xml Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/lang/php52/Makefile ============================================================================== --- branches/RELENG_9_1_0/lang/php52/Makefile Mon Nov 26 21:15:46 2012 (r307799) +++ branches/RELENG_9_1_0/lang/php52/Makefile Mon Nov 26 21:23:25 2012 (r307800) @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -26,7 +26,7 @@ USE_BZIP2= yes MAKE_JOBS_SAFE= yes # BACKPORTS patch for lang/php52 and all php52-extensions -PATCHFILES= php52-backports-security-20120911.patch +PATCHFILES= php52-backports-security-20121114.patch PATCH_SITES+= http://php52-backports.googlecode.com/files/ .if !defined(PKGNAMESUFFIX) Modified: branches/RELENG_9_1_0/lang/php52/distinfo ============================================================================== --- branches/RELENG_9_1_0/lang/php52/distinfo Mon Nov 26 21:15:46 2012 (r307799) +++ branches/RELENG_9_1_0/lang/php52/distinfo Mon Nov 26 21:23:25 2012 (r307800) @@ -1,7 +1,7 @@ SHA256 (php-5.2.17.tar.bz2) = e81beb13ec242ab700e56f366e9da52fd6cf18961d155b23304ca870e53f116c SIZE (php-5.2.17.tar.bz2) = 9092312 -SHA256 (php52-backports-security-20120911.patch) = 4911e2a5abb72d0558b2baf07ff64ca054d71219bde183e41b591894fb7cb1f6 -SIZE (php52-backports-security-20120911.patch) = 356599 +SHA256 (php52-backports-security-20121114.patch) = 59dc139b9acf86bbb2e281696765de513c3bec7d43392a10b5f3b36a9881ab00 +SIZE (php52-backports-security-20121114.patch) = 410829 SHA256 (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 354ce451417d14ef47761ae55147e9cee30fa0ff6f59447da021194c539f4d7f SIZE (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 43550 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b932febb1b0c743c0b398003ebe122f91 Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 21:15:46 2012 (r307799) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 21:23:25 2012 (r307800) @@ -16660,7 +16660,7 @@ Note: Please add new entries to the beg php52 - 0 + 5.2.17_12 @@ -16679,11 +16679,6 @@ Note: Please add new entries to the beg

Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).

-
-

The php52 backports maintainer reports that this issue is unlikely - to be fixed in 5.2 due to design roadblocks. Users are strongly - encouraged to upgrade as soon as possible.

-
@@ -16694,7 +16689,7 @@ Note: Please add new entries to the beg 2010-12-10 2011-01-13 - 2012-09-19 + 2012-11-25 From owner-svn-ports-branches@FreeBSD.ORG Mon Nov 26 23:49:01 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D895D501; Mon, 26 Nov 2012 23:49:00 +0000 (UTC) (envelope-from beat@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id BCFAD8FC0C; Mon, 26 Nov 2012 23:49:00 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQNn0XM008172; Mon, 26 Nov 2012 23:49:00 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAQNn0LY008168; Mon, 26 Nov 2012 23:49:00 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201211262349.qAQNn0LY008168@svn.freebsd.org> From: Beat Gaetzi Date: Mon, 26 Nov 2012 23:49:00 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307812 - in branches/RELENG_9_1_0/www: opera opera-linuxplugins X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 23:49:01 -0000 Author: beat Date: Mon Nov 26 23:49:00 2012 New Revision: 307812 URL: http://svnweb.freebsd.org/changeset/ports/307812 Log: MFH r307621 by dinoex: - mark FORBIDDEN Security: http://www.opera.com/support/kb/view/1036/ MFH r307811: - Update to 12.11 PR: ports/173853 Submitted by: dinoex (maintainer) Security: 0925716f-34e2-11e2-aa75-003067c2616f Feature safe: yes Modified: branches/RELENG_9_1_0/www/opera-linuxplugins/Makefile branches/RELENG_9_1_0/www/opera-linuxplugins/distinfo branches/RELENG_9_1_0/www/opera/Makefile branches/RELENG_9_1_0/www/opera/distinfo Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/www/opera-linuxplugins/Makefile ============================================================================== --- branches/RELENG_9_1_0/www/opera-linuxplugins/Makefile Mon Nov 26 23:29:26 2012 (r307811) +++ branches/RELENG_9_1_0/www/opera-linuxplugins/Makefile Mon Nov 26 23:49:00 2012 (r307812) @@ -20,8 +20,8 @@ COMMENT= Linux plugin support for the na RUN_DEPENDS= ${LOCALBASE}/lib/opera/pluginwrapper/operapluginwrapper:${PORTSDIR}/${PKGCATEGORY}/opera -OPERA_VER?= 12.10 -OPERA_BUILD?= 1652 +OPERA_VER?= 12.11 +OPERA_BUILD?= 1661 MASTER_SITES_VER_PATH= linux/${OPERA_VER:S/.//}/ USE_XZ= yes Modified: branches/RELENG_9_1_0/www/opera-linuxplugins/distinfo ============================================================================== --- branches/RELENG_9_1_0/www/opera-linuxplugins/distinfo Mon Nov 26 23:29:26 2012 (r307811) +++ branches/RELENG_9_1_0/www/opera-linuxplugins/distinfo Mon Nov 26 23:49:00 2012 (r307812) @@ -1,2 +1,2 @@ -SHA256 (opera-12.10-1652.i386.linux.tar.xz) = e7a099b0ca20307e7682fdec4aaec4bd2856cf1d3ae75e1da67b76cfda5fe619 -SIZE (opera-12.10-1652.i386.linux.tar.xz) = 13514036 +SHA256 (opera-12.11-1661.i386.linux.tar.xz) = 735299d288c4cf55bfde50e02a685f8adb365494ec2566ca776741402d9ba22b +SIZE (opera-12.11-1661.i386.linux.tar.xz) = 13552952 Modified: branches/RELENG_9_1_0/www/opera/Makefile ============================================================================== --- branches/RELENG_9_1_0/www/opera/Makefile Mon Nov 26 23:29:26 2012 (r307811) +++ branches/RELENG_9_1_0/www/opera/Makefile Mon Nov 26 23:49:00 2012 (r307812) @@ -21,8 +21,8 @@ LIB_DEPENDS= freetype.9:${PORTSDIR}/prin BUILD_DEPENDS= ${LOCALBASE}/bin/update-mime-database:${PORTSDIR}/misc/shared-mime-info RUN_DEPENDS= ${LOCALBASE}/bin/update-mime-database:${PORTSDIR}/misc/shared-mime-info -OPERA_VER?= 12.10 -OPERA_BUILD?= 1652 +OPERA_VER?= 12.11 +OPERA_BUILD?= 1661 MASTER_SITES_VER_PATH= unix/${OPERA_VER:S/.//} USE_XZ= yes Modified: branches/RELENG_9_1_0/www/opera/distinfo ============================================================================== --- branches/RELENG_9_1_0/www/opera/distinfo Mon Nov 26 23:29:26 2012 (r307811) +++ branches/RELENG_9_1_0/www/opera/distinfo Mon Nov 26 23:49:00 2012 (r307812) @@ -1,4 +1,4 @@ -SHA256 (opera-12.10-1652.amd64.freebsd.tar.xz) = 886be150a11a914562d5e6237081b5956efef71a3bbe564b5b414a52dac44f41 -SIZE (opera-12.10-1652.amd64.freebsd.tar.xz) = 13471112 -SHA256 (opera-12.10-1652.i386.freebsd.tar.xz) = d14b37d74db549573fbdd517df6da0e8b02630c7c1de1aaa7f2e75cbf558ae78 -SIZE (opera-12.10-1652.i386.freebsd.tar.xz) = 13476352 +SHA256 (opera-12.11-1661.amd64.freebsd.tar.xz) = eacad0109c3bed8f890d9f360e32a37f1809c104ccb2f50cbb4b559c27faa64d +SIZE (opera-12.11-1661.amd64.freebsd.tar.xz) = 13436532 +SHA256 (opera-12.11-1661.i386.freebsd.tar.xz) = de0675401defd2caa3b40525fdf4a3cd793308017ba0545ff4a6b3fc24b5938b +SIZE (opera-12.11-1661.i386.freebsd.tar.xz) = 13472248 From owner-svn-ports-branches@FreeBSD.ORG Tue Nov 27 19:32:45 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CEC3BCB; Tue, 27 Nov 2012 19:32:45 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 528998FC1A; Tue, 27 Nov 2012 19:32:45 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qARJWjZP041095; Tue, 27 Nov 2012 19:32:45 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qARJWiNQ041091; Tue, 27 Nov 2012 19:32:44 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201211271932.qARJWiNQ041091@svn.freebsd.org> From: Rene Ladan Date: Tue, 27 Nov 2012 19:32:44 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307860 - in branches/RELENG_9_1_0: security/vuxml www/chromium X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2012 19:32:45 -0000 Author: rene Date: Tue Nov 27 19:32:44 2012 New Revision: 307860 URL: http://svnweb.freebsd.org/changeset/ports/307860 Log: MFH r307828: describe new vulnerabilities in www/chromium < 23.0.1271.91 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates MFH r307855: update www/chromium to 23.0.1271.91 Security: http://www.vuxml.org/freebsd/4d64fc61-3878-11e2-a4eb-00262d5ed8ee.html Approved by: portmgr (tabthorpe) Feature safe: yes Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml branches/RELENG_9_1_0/www/chromium/Makefile branches/RELENG_9_1_0/www/chromium/distinfo Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Tue Nov 27 19:25:51 2012 (r307859) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Tue Nov 27 19:32:44 2012 (r307860) @@ -51,6 +51,48 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 23.0.1271.91 + + + + +

Google Chrome Releases reports:

+
+

[156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit + to miaubiz.

+

[148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit + to Atte Kettunen of OUSPG.

+

[155711] Low CVE-2012-5132: Browser crash with chunked encoding. + Credit to Attila Szász.

+

[158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to + Google Chrome Security Team (Jüri Aedla).

+

[159165] Medium CVE-2012-5135: Use-after-free with printing. + Credit to Fermin Serna of Google Security Team.

+

[159829] Medium CVE-2012-5136: Bad cast in input element handling. + Credit to Google Chrome Security Team (Inferno).

+
+ + + + CVE-2012-5130 + CVE-2012-5132 + CVE-2012-5133 + CVE-2012-5134 + CVE-2012-5135 + CVE-2012-5136 + http://googlechromereleases.blogspot.nl/search/label/Stable%20updates + + + 2012-11-26 + 2012-11-27 + + + FreeBSD -- Linux compatibility layer input validation error Modified: branches/RELENG_9_1_0/www/chromium/Makefile ============================================================================== --- branches/RELENG_9_1_0/www/chromium/Makefile Tue Nov 27 19:25:51 2012 (r307859) +++ branches/RELENG_9_1_0/www/chromium/Makefile Tue Nov 27 19:32:44 2012 (r307860) @@ -3,8 +3,7 @@ PORTNAME= chromium DISTVERSIONPREFIX= courgette-redacted- -DISTVERSION= 23.0.1271.64 -PORTREVISION= 1 +DISTVERSION= 23.0.1271.91 CATEGORIES= www MASTER_SITES= http://download.goodking.org/downloads/ \ ftp://rene-ladan.nl/pub/distfiles/ \ Modified: branches/RELENG_9_1_0/www/chromium/distinfo ============================================================================== --- branches/RELENG_9_1_0/www/chromium/distinfo Tue Nov 27 19:25:51 2012 (r307859) +++ branches/RELENG_9_1_0/www/chromium/distinfo Tue Nov 27 19:32:44 2012 (r307860) @@ -1,2 +1,2 @@ -SHA256 (chromium-courgette-redacted-23.0.1271.64.tar.xz) = da86614142ea34d27b0e566fe2c7823cb07ef45a9161d77cfdf715d6c018ca39 -SIZE (chromium-courgette-redacted-23.0.1271.64.tar.xz) = 179486396 +SHA256 (chromium-courgette-redacted-23.0.1271.91.tar.xz) = f5b45eeab5b292a81b70ee8d0cf5db4c1b76b9a98db60f7602b12f373ffe62b1 +SIZE (chromium-courgette-redacted-23.0.1271.91.tar.xz) = 179453608 From owner-svn-ports-branches@FreeBSD.ORG Wed Nov 28 20:30:09 2012 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2B794AEB; Wed, 28 Nov 2012 20:30:09 +0000 (UTC) (envelope-from beat@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 06AF48FC15; Wed, 28 Nov 2012 20:30:09 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qASKU8kX025528; Wed, 28 Nov 2012 20:30:08 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qASKU8L0025522; Wed, 28 Nov 2012 20:30:08 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201211282030.qASKU8L0025522@svn.freebsd.org> From: Beat Gaetzi Date: Wed, 28 Nov 2012 20:30:08 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307934 - in branches/RELENG_9_1_0/japanese: bugzilla bugzilla3 bugzilla42 X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2012 20:30:09 -0000 Author: beat Date: Wed Nov 28 20:30:08 2012 New Revision: 307934 URL: http://svnweb.freebsd.org/changeset/ports/307934 Log: MFH r307665 by ohauer: - update japanese bugzilla templates Feature safe: yes Modified: branches/RELENG_9_1_0/japanese/bugzilla/Makefile branches/RELENG_9_1_0/japanese/bugzilla/distinfo branches/RELENG_9_1_0/japanese/bugzilla3/Makefile branches/RELENG_9_1_0/japanese/bugzilla3/distinfo branches/RELENG_9_1_0/japanese/bugzilla42/Makefile branches/RELENG_9_1_0/japanese/bugzilla42/distinfo Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/japanese/bugzilla/Makefile ============================================================================== --- branches/RELENG_9_1_0/japanese/bugzilla/Makefile Wed Nov 28 20:17:03 2012 (r307933) +++ branches/RELENG_9_1_0/japanese/bugzilla/Makefile Wed Nov 28 20:30:08 2012 (r307934) @@ -1,12 +1,12 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.0.8 +PORTVERSION= 4.0.9 CATEGORIES= japanese MASTER_SITES= http://bug-ja.org/releases/4.0/ \ LOCAL MASTER_SITE_SUBDIR= tota/bugzilla-ja -DISTNAME= Bugzilla-ja-${PORTVERSION}-template-rel01 +DISTNAME= Bugzilla-ja-${PORTVERSION}-template MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla Modified: branches/RELENG_9_1_0/japanese/bugzilla/distinfo ============================================================================== --- branches/RELENG_9_1_0/japanese/bugzilla/distinfo Wed Nov 28 20:17:03 2012 (r307933) +++ branches/RELENG_9_1_0/japanese/bugzilla/distinfo Wed Nov 28 20:30:08 2012 (r307934) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/Bugzilla-ja-4.0.8-template-rel01.tar.bz2) = b605a73870b4784c02bed391211c0f3ac1f8f8b6fbcb2634116ed694dc587c36 -SIZE (bugzilla/Bugzilla-ja-4.0.8-template-rel01.tar.bz2) = 224159 +SHA256 (bugzilla/Bugzilla-ja-4.0.9-template.tar.bz2) = 9fa0c99cec4041b7cf9047ff04dfd2a878cf1dd2af69b1fabdd0d6712b010c3d +SIZE (bugzilla/Bugzilla-ja-4.0.9-template.tar.bz2) = 224250 Modified: branches/RELENG_9_1_0/japanese/bugzilla3/Makefile ============================================================================== --- branches/RELENG_9_1_0/japanese/bugzilla3/Makefile Wed Nov 28 20:17:03 2012 (r307933) +++ branches/RELENG_9_1_0/japanese/bugzilla3/Makefile Wed Nov 28 20:30:08 2012 (r307934) @@ -1,12 +1,12 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 3.6.11 +PORTVERSION= 3.6.12 CATEGORIES= japanese MASTER_SITES= http://bug-ja.org/releases/3.6/ \ LOCAL MASTER_SITE_SUBDIR= tota/bugzilla-ja -DISTNAME= Bugzilla-ja-${PORTVERSION}-template-rel01 +DISTNAME= Bugzilla-ja-${PORTVERSION}-template MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla Modified: branches/RELENG_9_1_0/japanese/bugzilla3/distinfo ============================================================================== --- branches/RELENG_9_1_0/japanese/bugzilla3/distinfo Wed Nov 28 20:17:03 2012 (r307933) +++ branches/RELENG_9_1_0/japanese/bugzilla3/distinfo Wed Nov 28 20:30:08 2012 (r307934) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/Bugzilla-ja-3.6.11-template-rel01.tar.bz2) = 7dd6114602581b0f126ccd03511422e821a94bd824da0f11e2081bdf46bcd440 -SIZE (bugzilla/Bugzilla-ja-3.6.11-template-rel01.tar.bz2) = 215052 +SHA256 (bugzilla/Bugzilla-ja-3.6.12-template.tar.bz2) = 1833c57774efa0ac1aef5b639ade8600170fff66e69205a5ee9c91d98f37ae54 +SIZE (bugzilla/Bugzilla-ja-3.6.12-template.tar.bz2) = 214967 Modified: branches/RELENG_9_1_0/japanese/bugzilla42/Makefile ============================================================================== --- branches/RELENG_9_1_0/japanese/bugzilla42/Makefile Wed Nov 28 20:17:03 2012 (r307933) +++ branches/RELENG_9_1_0/japanese/bugzilla42/Makefile Wed Nov 28 20:30:08 2012 (r307934) @@ -1,12 +1,12 @@ # $FreeBSD$ PORTNAME= bugzilla -PORTVERSION= 4.2.3 +PORTVERSION= 4.2.4 CATEGORIES= japanese MASTER_SITES= http://bug-ja.org/releases/4.2/ \ LOCAL MASTER_SITE_SUBDIR= tota/bugzilla-ja -DISTNAME= Bugzilla-ja-${PORTVERSION}-template-rel01 +DISTNAME= Bugzilla-ja-${PORTVERSION}-template MAINTAINER= bugzilla@FreeBSD.org COMMENT= Japanese localization for Bugzilla Modified: branches/RELENG_9_1_0/japanese/bugzilla42/distinfo ============================================================================== --- branches/RELENG_9_1_0/japanese/bugzilla42/distinfo Wed Nov 28 20:17:03 2012 (r307933) +++ branches/RELENG_9_1_0/japanese/bugzilla42/distinfo Wed Nov 28 20:30:08 2012 (r307934) @@ -1,2 +1,2 @@ -SHA256 (bugzilla/Bugzilla-ja-4.2.3-template-rel01.tar.bz2) = dfaee286fa4a8d4a5fd29909eefc127ad2d4ceb9be758b80d75474d07536850c -SIZE (bugzilla/Bugzilla-ja-4.2.3-template-rel01.tar.bz2) = 236331 +SHA256 (bugzilla/Bugzilla-ja-4.2.4-template.tar.bz2) = d1d6c0ad8cc7aaa784dbc5be9bbd17c3dab60253a08459fb97976520690c07da +SIZE (bugzilla/Bugzilla-ja-4.2.4-template.tar.bz2) = 236619