pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2019Q3]: pkgsrc/www/davical Pullup ticket #6100 - requested by...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c63b6ace20f6
branches:  pkgsrc-2019Q3
changeset: 408134:c63b6ace20f6
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Dec 12 12:13:11 2019 +0000

description:
Pullup ticket #6100 - requested by hauke
www/davical: security fix

Revisions pulled up:
- www/davical/Makefile                                          1.42
- www/davical/PLIST                                             1.12
- www/davical/distinfo                                          1.17

---
   Module Name:    pkgsrc
   Committed By:   hauke
   Date:           Thu Dec 12 08:12:27 UTC 2019

   Modified Files:
            pkgsrc/www/davical: Makefile PLIST distinfo

   Log Message:
   Update www/davical to v1.1.9.2

    >From upstream's changelog:

   1.1.9.2:

   Bug Fixes

        Fix CSRF not being checked in collection-edit.php

   Other Changes

        use foreach() instead of deprecated each()

   1.1.9.1:

   Bug Fixes

        Corrects reflected cross-site scripting (XSS) vulnerability
        Corrects persistent XSS vulnerability in user/group/resource details
        Corrects persistent XSS vulnerability in user/group/resource list
        Adds token to address cross-site request forgery (CSRF) vulnerability
        Corrects syntax error in name of collection_id
        Make calquery aware of default timezone
        Corrections to range-based calendar queries
        Add missing 'break' to rrule.php

   Other Changes

        Updated PHP version requirement

diffstat:

 www/davical/Makefile |   9 ++++-----
 www/davical/PLIST    |   3 ++-
 www/davical/distinfo |  10 +++++-----
 3 files changed, 11 insertions(+), 11 deletions(-)

diffs (61 lines):

diff -r b033d94ebaca -r c63b6ace20f6 www/davical/Makefile
--- a/www/davical/Makefile      Thu Dec 12 11:50:51 2019 +0000
+++ b/www/davical/Makefile      Thu Dec 12 12:13:11 2019 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.38 2019/09/20 07:45:21 triaxx Exp $
+# $NetBSD: Makefile,v 1.38.2.1 2019/12/12 12:13:11 bsiegert Exp $
 
 DISTNAME=      davical-${DAVICAL_VERSION}
 PKGNAME=       ${PHP_PKG_PREFIX}-davical-${DAVICAL_VERSION}
-PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES=  -https://gitlab.com/davical-project/davical/repository/archive.tar.gz?ref=${GITLAB_TAG}
 
@@ -11,9 +10,9 @@
 COMMENT=       Simple CalDAV server using a PostgreSQL backend
 LICENSE=       gnu-gpl-v2 AND gnu-gpl-v3
 
-DAVICAL_VERSION=1.1.8
-GITLAB_TAG=    r${DAVICAL_VERSION}
-GITLAB_REV=    4af9595f4d0530268ac1289ba4ab2adb4890802e
+DAVICAL_VERSION=       1.1.9.2
+GITLAB_TAG=            r${DAVICAL_VERSION}
+GITLAB_REV=            699d0778345e6b054e885efdd7348b8c676ba83f
 
 DAVICALDIR=    ${PREFIX}/share/davical
 EGDIR=         ${PREFIX}/share/examples/davical
diff -r b033d94ebaca -r c63b6ace20f6 www/davical/PLIST
--- a/www/davical/PLIST Thu Dec 12 11:50:51 2019 +0000
+++ b/www/davical/PLIST Thu Dec 12 12:13:11 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2019/05/10 12:25:04 hauke Exp $
+@comment $NetBSD: PLIST,v 1.11.4.1 2019/12/12 12:13:11 bsiegert Exp $
 share/davical/dba/appuser_permissions.txt
 share/davical/dba/base-data.sql
 share/davical/dba/better_perms.sql
@@ -111,6 +111,7 @@
 share/davical/inc/caldav-client-v2.php
 share/davical/inc/caldav-client.php
 share/davical/inc/check_UTF8.php
+share/davical/inc/csrf_tokens.php
 share/davical/inc/davical_configuration_missing.php
 share/davical/inc/drivers_imap_pam.php
 share/davical/inc/drivers_ldap.php
diff -r b033d94ebaca -r c63b6ace20f6 www/davical/distinfo
--- a/www/davical/distinfo      Thu Dec 12 11:50:51 2019 +0000
+++ b/www/davical/distinfo      Thu Dec 12 12:13:11 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.15 2019/05/10 12:25:04 hauke Exp $
+$NetBSD: distinfo,v 1.15.4.1 2019/12/12 12:13:11 bsiegert Exp $
 
-SHA1 (davical-1.1.8.tar.gz) = b42da3733fa9d92f3e43529e4b19428707c0f4a2
-RMD160 (davical-1.1.8.tar.gz) = 620e2b16220a859cca6f751c10f847dcca30f997
-SHA512 (davical-1.1.8.tar.gz) = 86987599e4e3af5b1995ad25e589a83bb1634f5c740691b9f6d7deb7dc9970019a86ffb4e0a51e91061b11ed44046a78d873ba874a78eab0700f33f70a04cd6a
-Size (davical-1.1.8.tar.gz) = 1837037 bytes
+SHA1 (davical-1.1.9.2.tar.gz) = 0c86bd7755dfc14be3a1ca37cade8c5f72cf76af
+RMD160 (davical-1.1.9.2.tar.gz) = af68c13afc349c8f5fefd9e19ebe6fcd781b9050
+SHA512 (davical-1.1.9.2.tar.gz) = 272ab408ac4304a30c620adf17e1848980bc839222b0d6cf969c312cf8e0d189d09f07f6b5314b146d56bc4f16b4af8e0e1c8fed7d80e8c0bf7c779c5e6e32b1
+Size (davical-1.1.9.2.tar.gz) = 1839626 bytes
 SHA1 (patch-aa) = a2a8be1a131cd47c6541c0a0793a00a33ba3a9f2
 SHA1 (patch-ab) = 7ae06c595f54d3a959db481d303978b29ebbd899
 SHA1 (patch-ac) = 357abb2ad470121f3f30d19a4602692c77661872
Home | Main Index | Thread Index | Old Index