sthen
195eaac041
SECURITY update; py-Django 1.4.5
...
https://www.djangoproject.com/weblog/2013/feb/19/security/
- Host header poisoning: an attacker could cause Django to generate
and display URLs that link to arbitrary domains.
- Formset denial-of-service: an attacker can abuse Django's tracking
of the number of forms in a formset to cause a denial-of-service attack.
- XML attacks: Django's serialization framework was vulnerable to
attacks via XML entity expansion and external references.
- Data leakage via admin history log: Django's admin interface could
expose supposedly-hidden information via its history log.
2013-03-02 12:47:49 +00:00
jasper
6686fa807f
for ports built from source, bump the MODJAVA_VER from 1.5 to 1.6.
...
as discussed with/ok kurt@
2013-03-02 12:45:19 +00:00
jasper
3bd2806f69
- update HOMEPAGE
2013-03-02 12:42:39 +00:00
sthen
7315927d04
zap -no-pie stuff no longer needed for static bins.
2013-03-02 12:42:33 +00:00
jasper
6d3f8104b7
disable -Werror which breaks at least hppa/mips64/sparc64
...
ok landry@ aja@
2013-03-02 12:42:03 +00:00
sthen
c59262b392
icinga-web 1.8.2
2013-03-02 12:41:55 +00:00
sthen
cfeb576100
SECURITY update to isync 1.0.6
...
CVE-2013-0289 - does not verify hostnames from SSL certificates
2013-03-02 12:39:56 +00:00
sthen
7ac16f3659
Make alephone scenarios BUILD_DEPENDS on alephone. It's not technically
...
required but scenarios are useless without the game and very big, so this
saves excessively large files being uncompressed/recompressed and shipped
out to mirrors on arch where the game won't run anyway. ok phessler
2013-03-02 12:38:46 +00:00
sthen
715843528d
update to p5-Error 0.17019
2013-03-02 12:36:36 +00:00
jasper
45987be890
- add $V to SUBST_VARS to minimize future diffs.
2013-03-02 12:35:01 +00:00
jasper
15e553cf97
- update to apache-maven-3.0.5
2013-03-02 12:33:57 +00:00
jasper
ee9c1c3220
- update to apache-ant-1.8.4
...
tested in a bulk by landry@
ok kurt@
2013-03-02 12:33:01 +00:00
jasper
9e4c660d68
- update to clutter-gst-2.0.2.
2013-03-02 12:32:11 +00:00
jasper
79684e7f37
- update to apache-activemq-5.8.0
2013-03-02 12:31:35 +00:00
jasper
b594444971
- update py-pygments to 1.6
...
- reset maintainer as per djm@'s request
ok djm@
2013-03-02 12:30:10 +00:00
jasper
1148d8193d
- update to node-canvas-1.0.0
2013-03-02 12:29:09 +00:00
jasper
ce1871cb41
- update to libvirt-glib-0.1.5
2013-03-02 12:28:26 +00:00
jasper
45186755ed
- update to gtkhtml4- 4.6.4
2013-03-02 12:27:42 +00:00
jasper
0023e677a1
- update to coffeescript-1.5.0
2013-03-02 12:22:28 +00:00
jasper
e406ed523f
- fix MASTER_SITES
2013-03-02 12:21:26 +00:00
jasper
4bf2fc7c44
- add missing build dependency, spotted by several
...
ok aja@
2013-03-02 12:21:10 +00:00
naddy
bacef4041b
sync, 7893
2013-02-25 19:14:32 +00:00
jasper
e378789687
add RUN_DEPENDS on php-curl; while it's sort-of-optional dep, it's light and
...
useful.
ok landry@ (MAINTAINER) sthen@
2013-02-24 16:31:54 +00:00
sthen
c0a59f9671
force opus support to be disabled for now (hidden dep); to be enabled
...
later. ok naddy@ espie@
2013-02-24 14:47:52 +00:00
sthen
80b61379f2
hidden build dep on libgcrypt (which shouldn't be necessary, but to be
...
fixed properly later). ok naddy@ espie@
2013-02-24 14:46:29 +00:00
sthen
950eac2a39
build dep on wdg-sgml-lib, no package change. ok naddy@ espie@
2013-02-24 14:45:08 +00:00
sthen
089ff7e0cd
oops, wrong tree, add a REVISION bump
2013-02-24 14:44:45 +00:00
sthen
3e66370f14
don't pick up openal/freeglut (hidden deps). should probably be enabled at a
...
different time in the release cycle. ok naddy@ espie@
2013-02-24 14:44:25 +00:00
espie
c90669c473
fix LIB_DEPENDS for arches that need the gcc4 modules (multi-packages are
...
fun that way). Bump affected pkgs just in case.
problem noticed by rpe@
okay naddy@, sthen@
2013-02-24 11:18:38 +00:00
jeremy
1f6d81dd85
Update to ruby 1.9.3-p392, fixing CVE-2013-0269 and a DoS
...
vulnerability in REXML.
OK jasper@ sthen@
2013-02-23 01:22:26 +00:00
espie
a1ccfe7ec7
with live debug help from phessler@ : don't register lib signatures from dead
...
hosts, thus precluding live hosts from starting up correctly.
okay naddy@
2013-02-22 19:58:12 +00:00
espie
5d89e474d0
security update, okay jasper@, naddy@
2013-02-22 17:04:24 +00:00
ajacoutot
f44bdb4a47
Remove an annoying warning at pkg_add/delete time due to an empty manpage.
...
Theo confirmed this can still go in.
prodded by and ok sthen@, ok jasper@
2013-02-21 15:55:32 +00:00
jasper
d3a132e124
add missing build dependency on dbus, as spotted by rpe@
...
ok aja@
2013-02-21 08:07:34 +00:00
naddy
eca3112a43
5.2 CD packages
2013-02-20 20:22:30 +00:00
ajacoutot
bac61701e3
SECURITY update to owncloud-4.5.7.
...
Multiple XSS vulnerabilities (oC-SA-2013-003)
Multiple CSRF vulnerabilities (oC-SA-2013-004)
PHP settings disclosure (oC-SA-2013-005)
Multiple code executions (oC-SA-2013-006)
Privilege escalation in the calendar application (oC-SA-2013-007)
2013-02-20 15:32:21 +00:00
jasper
64dbe6e3e0
- security update of jenkins to 1.502 which addresses three vulnerabilities,
...
as described in https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
ok aja@
(no response from maintainer as of yet, committing now to make sure it makes 5.3)
2013-02-19 17:50:44 +00:00
ajacoutot
86e08285c5
Sanitize this package and provide a working runtime out of the box:
...
* remove USE_GROFF to prevent warnings
* fix the examples directory
* use .conf files from upcoming 3.1 version (they work by default and the patches can be easily removed when we upgrade)
* add a default minimal puppet.conf that works instead of the currently broken one we ship
* only include conf files we need
* no need to create the hierarchy under /var/puppet since puppet will take care of it
ok robert@ (maintainer), jasper@
2013-02-19 16:11:16 +00:00
ajacoutot
5de6c24ff0
Unbreak rule parsing by opening the proper libmozjs.
...
spotted by landry@
ok landry@ jasper@
2013-02-19 16:09:15 +00:00
espie
f783cefe01
give a clue to clueless people
...
okay sthen@
2013-02-18 12:07:42 +00:00
jasper
a650be30e4
sync with gtkhtml4 by adding a build dependency on libsoup as used for
...
testgtkhtml.
found by naddy@
ok aja@
2013-02-18 07:53:54 +00:00
sthen
7f9dc60721
The pkg_create magic to handle stripping dynamic libraries on static-only
...
arch works by converting the .so to .a (which covers the case where a
shared arch builds an .so with no associated .a). As gettext has a couple
of shared libraries with no associated static library this scheme doesn't
work, so split it back out to PFRAG.shared to disable the magic. Fixes vax.
ok espie@ naddy@
2013-02-16 18:17:49 +00:00
ajacoutot
8f0aa87e02
Fix for CVE-2013-0292: authentication bypass vulnerability
...
ok jasper@ sthen@ espie@
2013-02-16 09:05:36 +00:00
sthen
106aa47da7
Fix mixed code/decl's in gettext. ok jasper@ aja@ naddy@
2013-02-15 23:47:04 +00:00
kili
217bf15d14
Ensure that cups/gdevcups.c is compiled with the same flags as
...
everything else, especially to get the same value for GX_COLOR_INDEX_TYPE
(and the same field sizes and offsets for the gx_device type).
This fixes crashes with the cups driver on 32 bit archs.
Reported and fix tested by Martin Crossley <martin@crossleys.biz>.
ok aja@ dcoppa@ sthen@
2013-02-15 12:40:00 +00:00
sthen
34d753f122
unbreak build on a clean system. reported by nigel (and I hit it too),
...
ok jasper@ nigel@
2013-02-15 12:06:11 +00:00
fgsch
5321f2a662
SECURITY UPDATE: fix remote DoS.
...
aja@ sthen@ ok
2013-02-15 09:54:36 +00:00
jasper
7ada00f584
Security fix for CVE-2013-0256, an XSS exploit in RDoc
...
ok jeremy@ sthen@
2013-02-13 18:19:37 +00:00
sthen
4764baf432
add bootstraps to SUPDISTFILES, don't use $ARCH in DISTFILES as (despite
...
ONLY_FOR_ARCHS) dpb still fetches the files. fixes spurious dpb errors with
!amd64/i386. ok espie@ kurt@
2013-02-13 18:13:12 +00:00
robert
66b9154738
add devel/swig as a build dependency and regenerate the swig code
...
ok aja@
2013-02-13 08:02:37 +00:00