- use PKGNAMESUFFIX instead LATEST_LINK
- whitespace cleanup
- svn mv */bugzilla to */bugzilla40
- add vuxml entry
4.4.1, 4.2.7, and 4.0.11 Security Advisory
Wednesday Oct 16th, 2013
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.
* A CSRF vulnerability in attachment.cgi can lead to an attachment
being edited without the user consent.
* Several unfiltered parameters when editing flagtypes can lead to XSS.
* Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered
field values in tabular reports can lead to XSS.
All affected installations are encouraged to upgrade as soon as
possible.
[1] even bugzilla40 gets upstream fixes an upgrade to bugzilla42/44 is recommend
Security: vid e135f0c9-375f-11e3-80b7-20cf30e32f6d
CVE-2013-1733
CVE-2013-1734
CVE-2013-1742
CVE-2013-1743
- Use options helpers
- Fix a problem when PYTHON and BUNDLED_READLINE options are active
PR: ports/183048
Submitted by: Luca Pizzamiglio <luca.pizzamiglio@gmail.com> (maintainer)
Changes:
* pkgclean: Detect and cleanup duplicated packages due to PKGNAME
renaming
* Misc typo fixes
* ports -m git
- Use --depth=1 to not download all history for the repository.
- Support -v to show output
Switch to USES=gmake.
STAGIFY.
Don't try to build when the default compiler uses libc++.
Initiate deorbit burn sequence.
Submitted by: John Marino <freebsd@marino.st> [1]
(as it has always been before using iconv.mk);
. bump PORTREVISION.
Reported by: Marko Cupać <marko.cupac@mimar.rs>
Tested by: Marko Cupać <marko.cupac@mimar.rs>
Approved by: garga (maintainer)
Changes:
20131013:
- Libraries for TLS (Transport Layer Security), SSL (Secure Sockets
Layer) and HTTPS (HyperText Transfer Protocol Secure) support have
been added. The new libraries are: arc4.s7i, asn1.s7i, cipher.s7i,
gethttps.s7i, hmac.s7i, pkcs1.s7i, tls.s7i and x509cert.s7i.
- Comparison operators for < (proper subset) and > (proper superset)
have been added to hashsetof.s7i.
- The type digestAlgorithm and the functions msgDigest, blockSize
and digestSize have been added to msgdigest.s7i.
- The function hex has been added to bytedata.s7i.
- The example program castle.sd7 has been improved to avoid, that
an item can be dropped on an illegal place.
- The library make.s7i has been improved to accept the option -p for
the cp command.
- Documentation comments have been added to sockbase.s7i,
socket.s7i, atom.c, entutl.c, soclib.c, soc_rtl.c and striutl.c.
- The padding in the message digest functions of msgdigest.s7i has
been corrected. Now the functions pad nothing instead of 64 bytes,
when the message length is 55 (mod 64).
- The function getHttp in gethttp.s7i has been improved to use
a case-insensitive comparison for HTTP header field names.
- In exec.c the functions eval_arg_list and dump_arg_list have been
improved to avoid reading from freed memory. This occured in very
rare cases.
- The functions find_action (in actutl.c), fltParse (in flt_rtl.c),
cmdConfigValue (in cmd_rtl.c) and find_sysvar (in syvarutl.c)
have been improved to use the macros MAX_STRI_EXPORT_LEN and
max_utf8_size.
- Interpreter and runtime library have been improved to ignore the
signal SIGPIPE. Writing to a broken pipe or socket raises the
exception FILE_ERROR instead.
- The functions bln_and and bln_or in blnlib.c have been improved
to return either SYS_TRUE_OBJECT or SYS_FALSE_OBJECT.
- The program chkccomp.c has been improved to determine the
alignment used by malloc and whether an access to unaligned memory
succeeds.
- Usages of ALLOC_CHUNK in flistutl.h have been improved to allocate
aligned memory the same way as malloc returns aligned memory.
- The program chkccomp.c has been improved to define the macro
'inline', when the C compiler does not support the keyword inline.
- Occurances of 'INLINE' have been replaced with 'inline' in the
files analyze.c, atom.c, big_gmp.c, big_rtl.c, chr_rtl.c, exec.c,
findid.c, infile.c, int_rtl.c, numlit.c, parser.c, rfl_data.c,
scanner.c, striutl.c, strlib.c, str_rtl.c, syntax.c and ut8_rtl.c.
20130929:
- The functions bStriLe, bytesLe, bStriBe and bytesBe have been
added to bytedata.s7i. This functions convert an integer to a
sequence of bytes.
- The compiler has been improved to generate inline code for the
action STR_PUSH. This action is used when a character is appended
to a string (with the operator &:= ).
- The function sendGet has been added to gethttp.s7i.
- The functions str_yy_mm_dd and str_hh_mm_ss have been added to
time.s7i.
- Checks for +:= and -:= have been added to chkbig.sd7.
- Checks for bytesBe and bytesLe have been added to chkint.sd7.
- Checks for & and &:= have been added to chkstr.sd7.
- The function doLocalDeclsOfStatement has been added to the
compiler. This function is used to simplify the processing
of various statements.
- The functions that process the statement actions BIG_GROW,
BIG_LSHIFT_ASSIGN, BIG_MULT_ASSIGN, BIG_RSHIFT_ASSIGN,
BIG_SHRINK, BLN_CPY, CHR_CPY, CHR_GROW, CHR_SHRINK, ENU_CPY,
FIL_CPY, FLT_CPY, FLT_DIV_ASSIGN, FLT_GROW, FLT_MULT_ASSIGN,
FLT_SHRINK, INT_AND_ASSIGN, INT_CPY, INT_GROW, INT_LSHIFT_ASSIGN,
INT_MULT_ASSIGN, INT_OR_ASSIGN, INT_RSHIFT_ASSIGN, INT_SHRINK,
INT_URSHIFT_ASSIGN, REF_CPY, RFL_INCL, SET_EXCL, SET_INCL,
SOC_CPY, STR_PUSH and TYP_CPY in the compiler have been
simplified.
- The functions int_toBStriBe and int_toBStriLe have been added to
intlib.c.
- The functions intToBStriBe and intToBStriLe have been added to
int_rtl.c
- In big_rtl.c and big_gmp.c the functions bigFromBytesBe and
bigFromBytesLe have been renamed to bigFromByteBufferBe
respectively bigFromByteBufferLe.
- The performance of the functions bst_cmp (in bstlib.c), bstCmp
(in bst_rtl.c) and strMult (in str_rtl.c) has been improved.
- The macro 'unlikely' has been added to functions in bst_rtl.c.
