Updated lang/go to 1.3.2

(wiz)

Update to 1.3.2 for a security fix:

We've just released Go version 1.3.2, a minor point release.

This release includes bug fixes to cgo and the crypto/tls package.
    https://golang.org/doc/devel/release.html#go1.3.minor

The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.

(wiz)

Mark explicitly as broken due to incompatibility with current versions
of libwpg and co.

(joerg)

SunOS requires -lsocket -lnsl.

(jperkin)

Updated sysutils/xenkernel41 to 4.1.6.1nb11

(bouyer)

Add patch for:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts

bump PKGREVISION

(bouyer)

Updated sysutils/xenkernel42 to 4.2.5
Updated sysutils/xentools42 to 4.2.5

(bouyer)

Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
  created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts

(bouyer)

Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
  created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts

(bouyer)

current bootstrap binary kit for SmartOS is built with ncurses5

(obache)

security update fixing:
- Incorrect DigestInfo validation in NSS (CVE-2014-1568)
- RSA signature verification vulnerabilities in parsing of DigestInfo
(see https://www.mozilla.org/security/announce/2014/mfsa2014-73.html)

(spz)

SunOS needs -lsocket.

(jperkin)

bump pkgrevision for previous

(jmcneill)

Disable function import by default, enabled only with -import-functions.

(christos)

Requires USE_TOOLS+=pkg-config.

(jperkin)

USE_TOOLS+=gm4, requires -I support.

(jperkin)

SunOS needs -lsocket -lnsl.

(jperkin)

Try to only chmod extracted files, recursively chmod'ing WRKDIR runs
into problems with e.g. TOOLS_DIR.

(jperkin)

SunOS needs an explicit -lX11.

(jperkin)

Requires zlib.

(jperkin)

Extract using bsdtar, GNU tar cannot handle pre-1970 timestamps.

(jperkin)

Ensure the correct msgfmt tools are picked up.

(jperkin)

Requires OpenSSL and BerkeleyDB.

(jperkin)

Requires editline.

(jperkin)

Requires OpenSSL.

(jperkin)

Pass correct location to OpenSSL.

(jperkin)

Pass correct location of OpenSSL.

(jperkin)

Requires USE_TOOLS+=flex.

(jperkin)

Pass correct location to OpenSSL.

(jperkin)

Requires OpenSSL.

(jperkin)

pullup 4504

(spz)

Pullup ticket #4504 - requested by tron
shells/bash: security patch

Revisions pulled up:
- shells/bash/Makefile                                          1.65
- shells/bash/distinfo                                          1.32
- shells/bash/patches/patch-parse.y                            1.1

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Thu Sep 25 14:02:34 UTC 2014

  Modified Files:
  pkgsrc/shells/bash: Makefile distinfo
  Added Files:
  pkgsrc/shells/bash/patches: patch-parse.y

  Log Message:
  Add fix for CVE-2014-7169.

  To generate a diff of this commit:
  cvs rdiff -u -r1.64 -r1.65 pkgsrc/shells/bash/Makefile
  cvs rdiff -u -r1.31 -r1.32 pkgsrc/shells/bash/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/shells/bash/patches/patch-parse.y

(spz)

Fix TOOLS_DIR reference in installed file.

(jperkin)

Force file from pkgsrc on SunOS, it needs stdin support.

(jperkin)

Needs -lsocket on SunOS.  Also required libpcap.

(jperkin)

Fix build on SunOS (needs -lsocket -lnsl and strings.h for bzero()).

(jperkin)

Add SunOS 5.10+ to the NOT_FOR_PLATFORMS list.

(jperkin)

SunOS needs -lnsl -lresolv.

(jperkin)

Mark as not for SunOS, has hardcoded BSD/Linux support.

(jperkin)

Solaris build fix

(prlw1)

Fix empty shell 'if's.  Uses libiconv.

(jperkin)

Fix pkglocaledir.

(jperkin)

Requires USE_TOOLS+=lex.

(jperkin)

Avoid sys/dir.h on SunOS.

(jperkin)

SunOS needs -lsocket -lnsl.

(jperkin)

Make bdb a suggested option.  The package doesn't actually build without
a bdb present.  Not bumping PKGREVISION as the only way the package would
have built previously is by using a builtin version anyway.

(jperkin)

Fix IPv6 build on SunOS 5.10 and newer.

(jperkin)

Add fix for CVE-2014-7169.

(tron)

Support builtin libmilter.

(jperkin)

Support builtin libmilter.

(jperkin)

Apply some patches to get the build further on SunOS.  May build
depending on compiler.

(jperkin)

Remove broken CPPFLAGS.SunOS.

(jperkin)

Fix PLIST for SunOS.

(fhajny)

Ensure we use a sane shell.  Fixes build on SunOS.

(jperkin)

Don't define _XOPEN_SOURCE to a bogus value on SunOS.

(jperkin)

Fix build on SunOS, use portable egrep construct.

(jperkin)

Fix build on SunOS.  Make it more likely that other OPSYS can build this
package too.

(jperkin)

Make diff call portable. Fixes ruby-clearsilver on SunOS at least.

(fhajny)

Put back Mac distfile, lost in previous update.

(jperkin)

strerror() fixes for SunOS.

(jperkin)

Use -d rather than non-portable --make-directories cpio argument.

(jperkin)

When using EXTRACT_ELEMENTS with wildcards we need to set EXTRACT_USING
to bsdtar, as the default tar implementation may be GNU tar which
requires explicitly using --wildcards for inclusion matches.

(jperkin)

This package needs OpenSSL to build (no change where OpenSSL is built-in).

(fhajny)

Fix directory permissions manually rather than relying on find(1)
which may not be able to traverse if building as non-root.

(jperkin)

Fix SunOS configure and build for the (default) pam option.

(fhajny)

pullups 4502 and 4503

(spz)

Pullup ticket #4502 - requested by tron
databases/phpmyadmin: security update

Revisions pulled up:
- databases/phpmyadmin/Makefile                                1.134
- databases/phpmyadmin/PLIST                                    1.39
- databases/phpmyadmin/distinfo                                1.91

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Tue Sep 23 13:47:31 UTC 2014

  Modified Files:
  pkgsrc/databases/phpmyadmin: Makefile PLIST distinfo

  Log Message:
  Update "phpmyadmin" package to version 4.2.9.

  The following bugs have been fixed since version 4.2.7.1:
  - bug      ajax.js responseHandler: cannot read property of null
  - bug      sql.js: str is undefined
  - bug #4524 Allow for direct selection of "0" on the "user overview" page
  - bug #4529 Undefined index: pos
  - bug #4523 tbl_change.js: insert as new row submit type on multiple
              selected records does not set all AUTO_INCREMENTs to 0 value
  - bug      ajax.js responseHandler: another "cannot read property"
  - bug      tbl_structure.js "cannot read property"
  - bug #4530 [security] DOM based XSS that results to a CSRF that creates a
              ROOT account in certain conditions
  - bug #4516 Odd export behavior
  - bug #4519 Uncaught TypeError: Cannot read property 'success' of null
  - bug #4520 sql.js: cannot read property
  - bug #4521 Initially allowed chart types do not match selected data
  - bug #4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT ignored
  - bug #4522 Duplicate column names while assigning index
  - bug #4487 Export of partitioned table does not import
  - bug      server_privileges.js: cannot read property
  - bug #4527 Importing ODS files with column names having trailing spaces fa=
  ils
  - bug #4413 Navigation Error in Nav Tree for Search Results Past the First =
  Page
  - bug      functions.js: Cannot read property 'replace' of undefined

  To generate a diff of this commit:
  cvs rdiff -u -r1.133 -r1.134 pkgsrc/databases/phpmyadmin/Makefile
  cvs rdiff -u -r1.38 -r1.39 pkgsrc/databases/phpmyadmin/PLIST
  cvs rdiff -u -r1.90 -r1.91 pkgsrc/databases/phpmyadmin/distinfo

(spz)

Remove NOT_FOR_BULK_PLATFORM for SunOS, it builds in under 10 minutes
on modern hardware.

(jperkin)

Pullup ticket #4503 - requested by tron
shells/bash: security update

NOTE: this version is still vulnerable to CVE-2014-7169

Revisions pulled up:
- shells/bash/Makefile                                          1.64
- shells/bash/distinfo                                          1.31

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: wiz
  Date: Wed Sep 24 15:24:35 UTC 2014

  Modified Files:
  pkgsrc/shells/bash: Makefile distinfo

  Log Message:
  Add all current upstream bash patches including 025, which fixes
  a security issue. Version number bumped in the usual way.

  To generate a diff of this commit:
  cvs rdiff -u -r1.63 -r1.64 pkgsrc/shells/bash/Makefile
  cvs rdiff -u -r1.30 -r1.31 pkgsrc/shells/bash/distinfo

(spz)

devel/zlib is needed not just by the main package. Fixes building where
zlib is not built-in.

(fhajny)

Set INSTALLATION_DIRS properly. Fixes installation on at least SunOS.

(fhajny)

Remove NOT_FOR_BULK_PLATFORM, builds fine for me.

(jperkin)

Use portable find constructs.

(jperkin)

Needs zlib.

(jperkin)

Use portable find constructs.

(jperkin)

Replace patch with a MAKE_FLAGS line.

(wiz)

Find zlib correctly.

(jperkin)

Find builtin Kerberos headers on SunOS, and fix Texinfo 5.x.

(jperkin)

USE_TOOLS+=gm4, required on SunOS.

(jperkin)

Depend on dos2unix and run it on two files. From jperkin.

(wiz)

Revert jperkin's patch until we find a dos2unix solution.
Ok jperkin

(wiz)

Avoid "error: call of overloaded <func> is ambiguous".

(jperkin)

+ anjuta-3.14.0, atk-2.14.0, cmake-3.0.2,
  ffmpeg2-2.4, gdl-3.14.0, glu-10.3, gnome-common-3.14.0,
  gst-plugins1-base-1.4.2, gstreamer1-1.4.2, gtk3-3.14.0,
  lablgtk-2.18.2, libdvdcss-5.0.1, libdvdread-5.0.0, libgpg-error-1.16,
  modular-xorg-server-1.16.1, mono-3.8.0, ocaml-findlib-1.5.3,
  puzzles-10233, py-anki2-2.0.29, py-gobject3-3.14.0, py-py-2.4,
  py-setuptools-5.8, py-sqlparse-0.1.12, py-twisted-14.0.2,
  py-vdirsyncer-0.3.0, ruby21-2.1.3, sound-juicer-3.14.0, stella-4.1.1,
  vala-0.26.0, wine-devel-1.7.27, x264-devel-20140920, xscreensaver-5.30,
  xterm-311.

(wiz)

Updated shells/bash to 4.3.025

(wiz)

Add all current upstream bash patches including 025, which fixes
a security issue. Version number bumped in the usual way.

(wiz)

Include strings.h for bzero() and add socket libraries on SunOS.

(jperkin)

USE_TOOLS+=tar as the package contains a hardcoded 'tar' call which may
find the wrong one (needs to support bzip2).

(jperkin)

Avoid "error: call of overloaded <func> is ambiguous".

(jperkin)

Requires USE_TOOLS+=groff to build mandatory documentation.

(jperkin)

Requires USE_TOOLS+=groff, fix $INSTALL command on SunOS.

(jperkin)

Requires USE_TOOLS+=groff.

(jperkin)

Trick dos2unix into actually converting configure.ac, fixes patching
on SunOS at least.

(jperkin)

Regen. Hi jnementh@!

(joerg)

Fix broken patch file.

(jperkin)

Fix broken patch files and install files with non-world-writeable perms.

(jperkin)

Fix broken patch files.

(jperkin)

Fix broken patch files.

(jperkin)

Fix broken patch file.

(jperkin)

USE_TOOLS+=xgettext and work around broken configure test for strcasecmp
on SunOS.

(jperkin)

Remove obsolete patch breaking the build.

(jperkin)

USE_TOOLS+=xgettext, fixes build on SunOS.

(jperkin)

USE_TOOLS+=xgettext, fixes build on SunOS.

(jperkin)

USE_TOOLS+=xgettext, fixes build on SunOS.

(jperkin)

USE_TOOLS+=xgettext, fixes build on SunOS.

(jperkin)

Fix printing of getpid().

(jperkin)

USE_TOOLS+=gsed for -r, plus various patches to fix build on SunOS.

(jperkin)

Ensure RUNPATH is empty to avoid bogus rpaths.

(jperkin)

USE_TOOLS+=gsed for -r support, plus various patches to fix SunOS build.

(jperkin)

USE_TOOLS+=gsed for -r support.

(jperkin)

Replace WRAPPER_BINDIR reference with real path in generated file.

(jperkin)

Avoid reference to WRAPPER_BINDIR in final binaries.

(jperkin)

Remove WRAPPER_BINDIR references in mysqlbug.

(jperkin)

Remove WRAPPER_BINDIR references in mysqlbug.

(jperkin)

Explicitly disable epoll on SunOS, the MySQL implementation is specific
to Linux at this time.

(jperkin)

Use C++ frontend to link the code.
This makes the package build and function on FreeBSD 10 with Clang.

(asau)

Updated www/nginx to 1.6.2

(kim)

Upgrade to nginx-1.6.2 to fix security vulnerability CVE-2014-3616.
Restore module checksums that were lost in last update.

Changes with nginx 1.6.2                                        16 Sep 2014

    *) Security: it was possible to reuse SSL sessions in unrelated contexts
      if a shared SSL session cache or the same TLS session ticket key was
      used for multiple "server" blocks (CVE-2014-3616).
      Thanks to Antoine Delignat-Lavaud.

    *) Bugfix: requests might hang if resolver was used and a DNS server
      returned a malformed response; the bug had appeared in 1.5.8.

    *) Bugfix: requests might hang if resolver was used and a timeout
      occurred during a DNS request.

(kim)

Updated devel/mantis to 1.2.17

(rodent)

Update to 1.2.17. pkgsrc changes: Add bash:run to USE_TOOLS and
REPLACE_BASH in installed file. Replace PHP interpreter in installed *.php
files. Move options framework into options.mk. Use INSTALLATION_DIRS
instead of INSTALL_DATA_DIR. From doc/RELEASE:

1.2.17 Security Release (2014-03-04)
-------------------------------------------------

MantisBT 1.2.17 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are strongly advised
to upgrade to this release. Download it from [3].

An SQL injection vulnerability (CVE-2014-2238) in adm_config_report.php was
patched. Refer to issue #17055 for detailed information.

This release also includes a few bug fixes for the tracker, including News API
correction for the regression issue #16940 introduced in 1.2.16, as well as
updated translations in many languages.

A full changelog for the 1.2.x series can be found on the official site. [1]

1.2.16 Security Release (2014-02-07)
-------------------------------------------------

MantisBT 1.2.16 is a security update for the stable 1.2.x branch. All
installations that are currently running any 1.2.x version are strongly advised
to upgrade to this release. Download it from [3].

The following security issues were resolved:

- Cross-site scripting (XSS) issue in account_sponsor_page.php, allowing a
  malicious user with project manager access to execute arbitrary JavaScript
  code (CVE-2013-4460). Affects MantisBT 1.1.0 and later.
  Refer to issue #16513 for detailed information.

- SQL injection attacks through the SOAP API's mc_attachment_get() function
  (CVE-2014-1608). Affects MantisBT 1.1.0a4 and later.
  Refer to issue #16879 for detailed information.

- Additional cases of unsanitized SQL query parameters usage were identified,
  potentially allowing SQL injection attacks (CVE-2014-1609).
  Refer to issue #16880 for detailed information.

This release also includes many bug fixes and enhancements to the tracker
and the SOAP api, as well as updated translations in many languages.

A full changelog for the 1.2.x series can be found on the official site. [1]

[1] The changelog is split between multiple releases:

1.2.17    http://www.mantisbt.org/bugs/changelog_page.php?version_id=189
1.2.16    http://www.mantisbt.org/bugs/changelog_page.php?version_id=183

(rodent)

Don't include termcap.h on SunOS.

(jperkin)

Don't include termcap.h on SunOS.

(jperkin)

Don't include termcap.h on SunOS.

(jperkin)

Use appropriate build target on SunOS.

(jperkin)

fix arm build

(jmcneill)

Don't include termcap.h on SunOS.

(jperkin)

Don't include termcap.h on SunOS.

(jperkin)

Fix build on systems which lack BSD termcap.

(jperkin)

Fix build on SunOS when epoll is available.

(jperkin)

SunOS needs -lm.

(jperkin)

SunOS needs -lnsl -lresolv.

(jperkin)