From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Oct 21 08:50:02 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47E251065683 for ; Tue, 21 Oct 2008 08:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 23DEF8FC1E for ; Tue, 21 Oct 2008 08:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id m9L8o1xL032384 for ; Tue, 21 Oct 2008 08:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id m9L8o1wo032383; Tue, 21 Oct 2008 08:50:01 GMT (envelope-from gnats) Resent-Date: Tue, 21 Oct 2008 08:50:01 GMT Resent-Message-Id: <200810210850.m9L8o1wo032383@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Arjan van Leeuwen" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 896AA106566B for ; Tue, 21 Oct 2008 08:46:06 +0000 (UTC) (envelope-from freebsd-maintainer@opera.com) Received: from mail.opera.com (mail.opera.com [213.236.208.66]) by mx1.freebsd.org (Postfix) with ESMTP id F3AE38FC22 for ; Tue, 21 Oct 2008 08:46:05 +0000 (UTC) (envelope-from freebsd-maintainer@opera.com) Received: from arjanl.oslo.osa (sgw-oslo.opera.com [213.236.208.47]) by mail.opera.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id m9L8k3Lk009658 for ; Tue, 21 Oct 2008 08:46:03 GMT Message-Id: <1224578885.95598@arjanl.oslo.osa> Date: Tue, 21 Oct 2008 10:48:05 +0200 From: "Arjan van Leeuwen" To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.9 Cc: Subject: ports/128264: Update www/opera and www/opera-linuxplugins to version 9.61 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2008 08:50:02 -0000 >Number: 128264 >Category: ports >Synopsis: Update www/opera and www/opera-linuxplugins to version 9.61 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Oct 21 08:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Arjan van Leeuwen >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Opera Software ASA >Environment: System: FreeBSD 7.1-PRERELEASE #1: Sun Sep 14 14:24:18 CEST 2008 root@arjanl.oslo.osa:/usr/obj/usr/src/sys/GENERIC >Description: These patches update Opera (www/opera) and www/opera-linuxplugins to version 9.61. Includes VuXML entry for security issues. Changelog: http://www.opera.com/docs/changelogs/freebsd/961/ >How-To-Repeat: >Fix: --- opera.diff begins here --- diff -urN /usr/ports/www/opera/Makefile opera/Makefile --- /usr/ports/www/opera/Makefile 2008-10-16 12:25:06.000000000 +0200 +++ opera/Makefile 2008-10-21 10:29:52.158009231 +0200 @@ -7,7 +7,6 @@ PORTNAME= opera PORTVERSION= ${OPERA_VER}.${OPERA_DATE} -PORTREVISION= 1 CATEGORIES= www ipv6 MASTER_SITES= ftp://ftp.opera.com/pub/opera/unix/freebsd/${OPERA_VER:S/.//}${OPERA_MINVER}/en/${OPERA_ARCH}/${OPERA_LIB}/ \ ftp://opera.inode.at/unix/freebsd/${OPERA_VER:S/.//}${OPERA_MINVER}/en/${OPERA_ARCH}/${OPERA_LIB}/ \ @@ -30,11 +29,11 @@ MAINTAINER= freebsd-maintainer@opera.com COMMENT= Blazingly fast, full-featured, standards-compliant browser, devel version -OPERA_VER= 9.60 +OPERA_VER= 9.61 OPERA_MINVER= OPERA_REL= final -OPERA_DATE= 20081004 -OPERA_BUILD= 2444 +OPERA_DATE= 20081017 +OPERA_BUILD= 2456 OPERA_LIB= shared DATADIR= ${PREFIX}/share/${PORTNAME}${PKGNAMESUFFIX} diff -urN /usr/ports/www/opera/distinfo opera/distinfo --- /usr/ports/www/opera/distinfo 2008-10-10 11:44:06.000000000 +0200 +++ opera/distinfo 2008-10-21 10:28:04.609011244 +0200 @@ -1,15 +1,15 @@ -MD5 (opera-9.60-freebsd5-shared-qt3.i386.tar.bz2) = b8d37a4d95a77900eda9e6394b2edb6d -SHA256 (opera-9.60-freebsd5-shared-qt3.i386.tar.bz2) = ff5a9f022f6dbab5faabd1195c0af5edd091218377b93698ee1c0c88562a6d04 -SIZE (opera-9.60-freebsd5-shared-qt3.i386.tar.bz2) = 7342693 -MD5 (opera-9.60-freebsd6-shared-qt3.i386.tar.bz2) = cf6c7ab724bb0f9566fb2ab1e988fe7c -SHA256 (opera-9.60-freebsd6-shared-qt3.i386.tar.bz2) = b6d2647f7033c86dadcad653798d1110895e50634156aa64587d77dad41a693c -SIZE (opera-9.60-freebsd6-shared-qt3.i386.tar.bz2) = 7345388 -MD5 (opera-9.60-freebsd6-shared-qt3.amd64.tar.bz2) = fab27a28c6a0b42c1a35eef8afdc94d1 -SHA256 (opera-9.60-freebsd6-shared-qt3.amd64.tar.bz2) = a212df4699b36831d6bb28fa2d74abfdd6875c0e40c8c8f976a78b2c4bef3efc -SIZE (opera-9.60-freebsd6-shared-qt3.amd64.tar.bz2) = 7854123 -MD5 (opera-9.60-freebsd7-shared-qt3.i386.tar.bz2) = c20655b94b84ac870b948587bb9e2629 -SHA256 (opera-9.60-freebsd7-shared-qt3.i386.tar.bz2) = 6377421417eb94e61192bddb559772bb4962df6b0fe736e69c5a805bf958d329 -SIZE (opera-9.60-freebsd7-shared-qt3.i386.tar.bz2) = 7216117 -MD5 (opera-9.60-freebsd7-shared-qt3.amd64.tar.bz2) = 79cc3b332e66b6d198559f8421a2a193 -SHA256 (opera-9.60-freebsd7-shared-qt3.amd64.tar.bz2) = 2e66e9a5ff1079e5a1b878a08925dd2a0db24036e739af7da0210c854e8cf4eb -SIZE (opera-9.60-freebsd7-shared-qt3.amd64.tar.bz2) = 7743771 +MD5 (opera-9.61-freebsd5-shared-qt3.i386.tar.bz2) = 7d7428eb90de613f4c4e419d3b8df40d +SHA256 (opera-9.61-freebsd5-shared-qt3.i386.tar.bz2) = bc4b94ac23812dd3e0a2a5c18413feac32cbf407e9072a23d5bca5e598bd43f9 +SIZE (opera-9.61-freebsd5-shared-qt3.i386.tar.bz2) = 7485931 +MD5 (opera-9.61-freebsd6-shared-qt3.i386.tar.bz2) = 0f3c092cb174d6aedbaf3de08afcafda +SHA256 (opera-9.61-freebsd6-shared-qt3.i386.tar.bz2) = 6120a699262a1f5af15b1678e0a504a31bf70e5d2d53e9584a7f42c4f12537db +SIZE (opera-9.61-freebsd6-shared-qt3.i386.tar.bz2) = 7488263 +MD5 (opera-9.61-freebsd6-shared-qt3.amd64.tar.bz2) = 31c64464f49ce52e40b78436eb7f79f3 +SHA256 (opera-9.61-freebsd6-shared-qt3.amd64.tar.bz2) = 09fcc8932e69d118578706cb1a87abbdcab1ba1c78f173d20b5bfc43cf6a0843 +SIZE (opera-9.61-freebsd6-shared-qt3.amd64.tar.bz2) = 7993195 +MD5 (opera-9.61-freebsd7-shared-qt3.i386.tar.bz2) = c26771feb9da16545adb7c65d399252e +SHA256 (opera-9.61-freebsd7-shared-qt3.i386.tar.bz2) = 0c0dee77598aa87c00206bfd13796624528d80122f871dba7795f6a2239f6e55 +SIZE (opera-9.61-freebsd7-shared-qt3.i386.tar.bz2) = 7355208 +MD5 (opera-9.61-freebsd7-shared-qt3.amd64.tar.bz2) = 2af9f45ad5516b65de2d0a1d12af4dff +SHA256 (opera-9.61-freebsd7-shared-qt3.amd64.tar.bz2) = 314f0a065d9bc4380019578089f250e3776b05e6865bf21faa2259655f5dcc22 +SIZE (opera-9.61-freebsd7-shared-qt3.amd64.tar.bz2) = 7886963 diff -urN /usr/ports/www/opera/files/operapluginwrapper opera/files/operapluginwrapper --- /usr/ports/www/opera/files/operapluginwrapper 2008-10-16 12:25:06.000000000 +0200 +++ opera/files/operapluginwrapper 2008-10-21 10:30:38.127396123 +0200 @@ -1,18 +1,19 @@ #!/bin/sh if [ -n "$4" ]; then -ELFTYPE=`brandelf $4` + ELFTYPE=`brandelf $4` elif [ -n "$3" ]; then -ELFTYPE=`brandelf $3` + ELFTYPE=`brandelf $3` fi WRAPPER="freebsd" + case "${ELFTYPE}" in -*SVR4*|*Linux*) -if [ -x "$0.linux" ]; then -WRAPPER="linux" -fi -;; + *SVR4*|*Linux*) + if [ -x "$0.linux" ]; then + WRAPPER="linux" + fi + ;; esac exec $0.$WRAPPER $@ diff -urN /usr/ports/www/opera/pkg-plist opera/pkg-plist --- /usr/ports/www/opera/pkg-plist 2008-10-10 11:44:06.000000000 +0200 +++ opera/pkg-plist 2008-10-21 10:33:36.616135334 +0200 @@ -83,6 +83,18 @@ %%DATADIR%%/ini/standard_keyboard.ini %%DATADIR%%/svg-sa.dat %%DATADIR%%/search.ini +%%DATADIR%%/locale/et/eesti.lng +%%DATADIR%%/locale/et/license.txt +%%DATADIR%%/locale/et/search.ini +%%DATADIR%%/locale/et/opera6.adr +%%DATADIR%%/locale/te/opera6.adr +%%DATADIR%%/locale/te/license.txt +%%DATADIR%%/locale/te/search.ini +%%DATADIR%%/locale/te/telugu.lng +%%DATADIR%%/locale/ta/tamil.lng +%%DATADIR%%/locale/ta/opera6.adr +%%DATADIR%%/locale/ta/search.ini +%%DATADIR%%/locale/ta/license.txt %%DATADIR%%/locale/nl/search.ini %%DATADIR%%/locale/nl/nederlands.lng %%DATADIR%%/locale/nl/opera6.adr @@ -241,6 +253,8 @@ @dirrm %%DATADIR%%/locale/zh-cn @dirrm %%DATADIR%%/locale/uk @dirrm %%DATADIR%%/locale/tr +@dirrm %%DATADIR%%/locale/te +@dirrm %%DATADIR%%/locale/ta @dirrm %%DATADIR%%/locale/sv @dirrm %%DATADIR%%/locale/ru @dirrm %%DATADIR%%/locale/pt-BR @@ -263,6 +277,7 @@ @dirrm %%DATADIR%%/locale/fr-CA @dirrm %%DATADIR%%/locale/fr @dirrm %%DATADIR%%/locale/fi +@dirrm %%DATADIR%%/locale/et @dirrm %%DATADIR%%/locale/es-LA @dirrm %%DATADIR%%/locale/es-ES @dirrm %%DATADIR%%/locale/en-GB --- opera.diff ends here --- --- opera-linuxplugins.diff begins here --- diff -urN /usr/ports/www/opera-linuxplugins/Makefile opera-linuxplugins/Makefile --- /usr/ports/www/opera-linuxplugins/Makefile 2008-10-10 11:44:54.000000000 +0200 +++ opera-linuxplugins/Makefile 2008-10-21 10:37:03.851423338 +0200 @@ -29,13 +29,13 @@ MAINTAINER= freebsd-maintainer@opera.com COMMENT= Linux plugin support for the native Opera browser -RUN_DEPENDS= ${LOCALBASE}/share/opera/bin/operapluginwrapper:${PORTSDIR}/www/opera +RUN_DEPENDS= ${PREFIX}/share/opera/bin/operapluginwrapper:${PORTSDIR}/www/opera -OPERA_VER= 9.60 +OPERA_VER= 9.61 OPERA_MINVER= OPERA_REL= final -OPERA_DATE= 20081004 -OPERA_BUILD= 2444 +OPERA_DATE= 20081017 +OPERA_BUILD= 2456 USE_BZIP2= yes USE_LINUX= yes diff -urN /usr/ports/www/opera-linuxplugins/distinfo opera-linuxplugins/distinfo --- /usr/ports/www/opera-linuxplugins/distinfo 2008-10-10 11:44:54.000000000 +0200 +++ opera-linuxplugins/distinfo 2008-10-21 10:36:27.504895498 +0200 @@ -1,3 +1,3 @@ -MD5 (opera-9.60.gcc3-shared-qt3.i386.tar.bz2) = 2020395b8422e881e77928b586519bf8 -SHA256 (opera-9.60.gcc3-shared-qt3.i386.tar.bz2) = c45586665b317bb1dcc590b891df371d602db2d044da55f2f623388a35bbd2b5 -SIZE (opera-9.60.gcc3-shared-qt3.i386.tar.bz2) = 7165845 +MD5 (opera-9.61.gcc3-shared-qt3.i386.tar.bz2) = 12cb3ce5ad031c38ede4385e1a298d89 +SHA256 (opera-9.61.gcc3-shared-qt3.i386.tar.bz2) = 15163faab9d9eb9c5000c944f5d81a003ec7a43927f2d02c7f145fadd870a9e6 +SIZE (opera-9.61.gcc3-shared-qt3.i386.tar.bz2) = 7301358 --- opera-linuxplugins.diff ends here --- --- vuln.xml.diff begins here --- --- /usr/ports/security/vuxml/vuln.xml 2008-10-20 18:19:08.000000000 +0200 +++ vuln.xml 2008-10-21 10:44:19.711655016 +0200 @@ -34,6 +34,53 @@ --> + + opera -- multiple vulnerabilities + + + opera + 9.61.20081017 + + + + +

Opera reports:

+
+

Certain constructs are not escaped correctly by Opera's + History Search results. These can be used to inject scripts + into the page, which can then be used to look through the user's + browsing history, including the contents of the pages they have + visited. These may contain sensitive information.

+
+
+

If a link that uses a JavaScript URL triggers Opera's Fast + Forward feature, when the user activates Fast Forward, the + script should run on the current page. When a page is held in a + frame, the script is incorrectly executed on the outermost page, + not the page where the URL was located. This can be used to + execute scripts in the context of an unrelated frame, which + allows cross-site scripting.

+
+
+

When Opera is previewing a news feed, some scripts are not + correctly blocked. These scripts are able to subscribe the user + to any feed URL that the attacker chooses, and can also view + the contents of any feeds that the user is subscribed to. + These may contain sensitive information.

+
+ + + + http://www.opera.com/support/search/view/903/ + http://www.opera.com/support/search/view/904/ + http://www.opera.com/support/search/view/905/ + + + 2008-10-17 + 2008-10-21 + + + libxine -- denial of service vulnerability --- vuln.xml.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: