e5166e09fc
This update includes a security update for possible arbitrary code
execution from package manifest parsing. All users are advised to
upgrade ASAP. The base pkg(7) was never affected by this. [1]
Changes:
* Fix libyaml head-based buffer overflow [1]
* Fix pkg info -E support for ports, which namely affected
net/openldap* usage. [2]
* Fix packages registering themselves as dependencies [3]
* Bash autocompletion fixes [4]
* autoremove: Don't try to remove locked packages
* Support 'pkg bootstrap -f', which will force a reinstall of pkg
on FreeBSD 10.0+
* Fix %t timestamp formatter with %{...%} modifiers [5]
* pkg info: Show date installed
* Add $daily_status_security_pkgaudit_quiet to control 410.pkg-audit.in
output verbosity level
* Add an error when trying to update repository and none are defined [6]
* Fix typos in manpages [7]
Security: CVE-2013-6393 [1]
Reported by: secteam (delphij) [1]
PR: ports/184797 [2]
Reported by: Pavel Timofeev <timp87@gmail.com> [2], many
Submitted by: smh@ [3]
Submitted by: brd@ [4]
Submitted by: Jamie Landeg Jones [5]
Submitted by: Rodrigo Osorio [6]
Submitted by: Michael Gehring, wblock [7]
With hat: portmgr
MFH: 2014Q1
|
||
|---|---|---|
| .. | ||
| files | ||
| distinfo | ||
| Makefile | ||
| pkg-descr | ||
| pkg-message | ||
| pkg-plist | ||